British submarine software outsourced to Russia, Belarus

Experts warn code could be exploited to target the UK's naval capabilities

British submarine software outsourced to Russia, Belarus

A major security lapse involving the development of software for Britain's nuclear submarine fleet has sparked calls for a sweeping review of the country's defence supply chain.

The Telegraph has revealed that portions of the software were designed by engineers in Russia and Belarus, violating strict Ministry of Defence (MoD) security protocols.

The software, intended for the internal network of Rolls-Royce Submarines - the company responsible for powering the UK's nuclear submarine fleet - was supposed to be created exclusively by UK-based, security-cleared personnel.

However, a significant portion of the work was outsourced to developers in Minsk, Belarus, and even Tomsk, Siberia.

This has raised serious concerns about the potential compromise of highly sensitive information, including the location of Britain's nuclear submarines.

Experts warn that the code developed by Russian and Belarusian engineers could be exploited by hostile states to target the UK's naval capabilities.

The MoD has launched a full-scale investigation into the matter, treating it as a serious threat to national security.

Internal documents reveal that the digital consultancy firm contracted for the project, WM Reply, was aware of the significant security risks involved in outsourcing to Belarus, a close ally of Russia.

Despite these concerns, the company opted to conceal the involvement of foreign developers from Rolls-Royce, fearing the loss of the lucrative contract.

A transcript of a company meeting, obtained by the MoD, exposes a culture of complacency for security protocols. Employees discussed desperate measures to cover up the outsourcing, including using fake names of deceased British people for the Belarusian developers.

Rolls-Royce Submarines has insisted that its network is secure and that all software undergoes rigorous testing.

"We can categorically state that at no point was there any risk of data, classified or otherwise, being accessed or made available to non-security cleared individuals," a company spokesperson told The Telegraph.

"It is not possible for non-security cleared individuals to access any sensitive data via our company intranet. All our suppliers comply with strict security requirements.

"Once we were made aware of these allegations that clearly breached these requirements, and following a rigorous internal investigation that concluded in 2021, Rolls-Royce Submarines ceased working with WM Reply. We have not awarded them any further contracts."

A spokesperson for WM Reply rejected allegations that its actions could have threatened national security.

"WM Reply regularly reviews its delivery processes and procedures, respects the needs and processes of its customers and enjoys transparent and long-standing relationships with those customers," they said.

Experts have now called for a comprehensive review of security protocols, and increased oversight of defence contracts.

Admiral Lord West, former head of the Royal Navy, urged an immediate review of defence supply chains.

"This is a world where software can make such a difference. We have to have mechanisms where we can absolutely be certain that no one has broken into the supply chain, even at the lowest level, and that there is no one who hasn't got the clearance to do the work," he said.

Opposition leaders are also demanding a thorough investigation and measures to prevent similar incidents in the future.

Former defence secretary Ben Wallace called for punitive action against subcontractors who violate security protocols.

"There doesn't seem to be a clear enough policy of penalties or punitive action should you not comply," he said.

"If a company realised they would be stuck off working from government contracts or named and shamed, I suspect they wouldn't do it."