Belarusian developers worked on software for British submarines
The software was to be developed by British employees with access to classified information. But they decided to partially outsource the work to programmers from Minsk and Siberia.
The British Ministry of Defense… pic.twitter.com/L7QqGroDJq
— NEXTA (@nexta_tv) August 4, 2024
The British military’s nuclear submarine fleet faced a significant security breach when portions of its software were outsourced to engineers in Belarus and Russia, violating Ministry of Defence (MoD) security protocols. The software, designed for the staff intranet of submarine engineers, was supposed to be developed by UK-based staff with proper security clearance. Experts warn that code created by foreign engineers could potentially be exploited to compromise the UK’s naval capabilities.
"Britain’s nuclear submarine software built by Belarusian engineers – Fears that coding work outsourced to Russia and its allies could pose national security threat" https://t.co/dWk3rR7nmf
— Enno Lenze (@ennolenze) August 3, 2024
The involvement of developers from countries like Belarus and Russia raises the risk of malicious code being embedded in the software. The MoD launched an investigation into the breach, which concluded in February 2023. The inquiry revealed that the digital consultancy responsible for outsourcing the work, WM Reply, initially kept the involvement of foreign developers secret.
They even discussed disguising the origin of the workers by using fake names of deceased British individuals. Rolls-Royce Submarines, responsible for powering the UK’s nuclear submarine fleet, subcontracted the intranet upgrade to WM Reply.
A contractor working for Rolls-Royce Submarines, the nuclear propulsion division of the engine company, subbed out development of a new staff intranet system for RRS to Russia and Belarus. Staggering.https://t.co/B72aWlaq3J
— Gareth Corfield (@GazTheJourno) August 4, 2024
Documents submitted to the MoD’s inquiry showed that WM Reply used developers based in Belarus, with one working from home in Tomsk, Siberia.
Nuclear submarine security breach exposed
The intranet system contained personal details of employees and the organizational structure of those working on the submarine fleet. Concerns about the security implications of using Belarusian staff were raised by WM Reply employees in the summer of 2020.
However, superiors advised there was no need to “panic,” fearing the project might be canceled if Rolls-Royce learned of the outsourcing. Dr. Marion Messmer, a senior research fellow at Chatham House, stated that allowing Belarusian and Russian developers to work on this project posed a “national security risk.” She highlighted the danger of rogue actors accessing personal data of those engaged in the UK’s submarine fleet, which could lead to blackmail or targeted attacks.
Rolls-Royce stated that there was never any risk of classified data being accessed by non-security cleared individuals. They ceased all business with WM Reply upon discovering the breach and conducted full IT security checks on all coding before its integration into their network. The MoD emphasized that Rolls-Royce had fully investigated the matter and assured that the integrity of the system was never compromised.
However, this incident underscores the importance of stringent security protocols and transparent communications in handling sensitive defense-related projects.
