The Telegraph: Britain’s nuclear submarine software built by Belarusian and Russian engineers
Britain’s nuclear submarine engineers use software that was designed in Russia and Belarus.
The Telegraph reported on this.
The software should have been created by UK-based staff with security clearance, but its design was partially outsourced to developers in Siberia and Minsk.
There are fears that the code built by the Russian and Belarussian developers could be exploited to reveal the location of Britain’s submarines.
The inquiry discovered that the firm that outsourced the work – on a staff intranet for nuclear submarine engineers – to Russia and Belarus initially kept it secret and discussed whether it could disguise where the workers were based.
As well as the UK’s submarine fleet, there are fears that further defense capabilities could have been compromised because it has emerged that a previous project was also outsourced to developers in Minsk.
Rolls-Royce Submarines, which powers the UK’s nuclear submarine fleet on behalf of the Royal Navy, wanted to upgrade its staff intranet and had subcontracted the work to WM Reply, a digital consultancy firm.
WM Reply then used developers based in Belarus – Russia’s closest ally – one of whom was actually working from home in Tomsk, Siberia, according to documents submitted to the MoD’s inquiry.
The intranet system included personal details of all Rolls-Royce Submarines employees as well as the organisational structure of those working on the UK’s submarine fleet.
In the summer of 2020, staff at WM Reply began to sound the alarm over the security implications of using Belarusian staff for the project and suggested that Rolls-Royce should be informed.
By November, a team meeting – a transcript of which was provided to MoD investigators – revealed the serious concerns of some staff members.
But they were told by superiors there had not been no need to “panic” and that Rolls-Royce should’ve not been informed as there had been a risk it might cancel the project if it had found out.
Rolls-Royce said it had carried out full IT security checks on any coding before it was introduced to its network. The company is understood to be confident that WM Reply employees and their subcontractors did not have access to information on secure servers.