The software for British nuclear submarines comes from Belarus.
Software used by British nuclear submarine crews has origins partly in Belarus, causing alarm at the UK Ministry of Defence. One expert warns of a “risk to national security”.
According to a newspaper report, software used in British nuclear submarines contains elements developed in Belarus. The computer program was supposed to have been created by UK personnel with security clearance, but the Telegraph reports that it was outsourced to developers in Minsk, including one from Tomsk, Russia. The UK Ministry of Defence has deemed this a violation of guidelines and a significant security risk.
The paper claims to have an internal ministry investigation revealing that Rolls-Royce Submarines commissioned WM Reply, a consulting firm, to modernise the intranet used by the submarine’s engineers a few years ago. WM Reply then outsourced the work to developers in Minsk. There are concerns that state actors in Belarus and Russia could exploit the code to track the locations of British submarines. In addition, other defence capabilities may be at risk as a previous project was also outsourced to Minsk.
The investigation also suggests that WM Reply discussed hiding the origin of the software developers. In the summer of 2020, employees raised security concerns, but they were ignored. It was only when the issue was escalated to Rolls-Royce in the spring of 2021 that an investigation was launched. The incident was then referred to the UK Ministry of Defence in the summer of 2022, leading to a further investigation.
Former UK Defence Secretary Ben Wallace told the paper that the incident “leaves us potentially vulnerable to undermining our national security”. He added: “Countries like China and Russia are constantly targeting the supply chains of our defence companies. This is not a new phenomenon.”
Marion Messmer, a scientist at the Chatham House think tank, described the incident as a “clear risk to national security.” If malicious actors were to gain access to the personal data of employees of Britain’s submarine fleet, there could be a risk of “blackmail or targeted attacks,” she told the Telegraph.
A Rolls-Royce spokesman said all work carried out by subcontractors undergoes rigorous security checks before it is put into operation. The company also said no sensitive information was accessible to anyone who had not gone through security clearance. The company has also ended its collaboration with WM Reply. WM Reply denied to the Telegraph that its actions posed a risk to national security.
The investigation found that Rolls-Royce Submarines commissioned WM Reply to update the submarine’s engineers’ intranet several years ago. The firm then outsourced the work to developers based in Minsk, Belarus, raising concerns that sensitive information could be accessible to state actors in these countries.
Despite Rolls-Royce claiming that all work carried out by subcontractors undergoes strict safety checks, the incident involving WM Reply and its Minsk-based developers has been deemed a significant risk to national security by UK authorities.