The Scorpene scorcher

Leaked sensitive data on submarines exposes vulnerability of defence projects in the face of cybercrime

  • Scorpene submarine INS Kalvari escorted by tugboats as it arrives at Mazagaon Docks Ltd, a ship building yard,Image Credit: Reuters
  • An employee works on the propeller of a Scorpene submarine at the industrial site of the naval defence companyImage Credit: Reuters
Gulf News

Dubai: India’s plans to have an improved stealth capability in maritime surveillance and combat are quite in keeping with the current geopolitics in South Asia. With China’s growing presence in the Indian Ocean waters, one can understand New Delhi’s urgency to have increased muscle-power in maritime security and strategic depths. The $3.5 billion (Dh12.87 billion) contract sealed with French shipbuilder Direction des Constructions Navales Services (DCNS) in 2011 to build six Scorpene-class submarines was very much in keeping with the Indian Navy’s needs to have greater fire-power close to its shores and beyond, particularly in view of its ageing submarine fleet comprising 13 Soviet-era vessels.

However, even as sea trials were being conducted for INS Kalvari, the first of these six Scorpene-class submarines, vital and sensitive data regarding the stealth and combat capabilities of these state-of-the-art naval vessels were leaked into public domain last month, much to the chagrin of the Indian Navy and the political establishment in the country, as well as the French company DCNS. The six attack submarines equipped with Exocet SM39 anti-ship missiles were set to be commissioned by Indian Navy in different phases by 2020. While Indian authorities have insisted that the project will still go ahead, there has been confirmation from both the Indian Navy and Defence Ministry that no new orders will be handed to DCNS. In fact, New Delhi’s plans to ask DCNS to build three more Scorpene-class submarines have been scratched forthwith.

While India’s Defence Minister, Manohar Parrikar, was initially almost dismissive about the entire episode, terming it as nothing more than an incident of “hacking”, India’s Navy Chief, Admiral Sunil Lanba, admitted the seriousness of the situation in no uncertain terms. “Leak of information related to Scorpene submarine is a matter of serious concern,” Admiral Lanba said. The gravitas of the entire episode was quite palpable as Indian Prime Minister Narendra Modi held separate talks with French President Francois Hollande on the sidelines of the two-day G20 summit in Hangzhou, China, on Monday, to discuss the fallout of the Scorpene leak.

The Australian newspaper, claiming it had access to sensitive technical details of the submarines being built by DCNS at India’s Mazgaon Docks in Maharashtra, released last month what it said were redacted versions of reams of classified information on one of India’s most coveted defence projects in recent years.

Interestingly, the $3.5 billion contract for building six submarines for the Indian Navy dwarfs in comparison to the $38 billion contract that DCNS has signed with the Australian government for modernisation of its fleet – a deal that has reportedly caused much heartburn among industry rivals of DCNS. According to a section of defence analysts, the leaked information on the Indian subs has been released in public domain in a manner so that DCNS’s business ethics, adherence to service protocol and capability to handle sensitive data stand maligned. “There is India, Australia and other prospects, and other countries could raise legitimate questions over DCNS. Its part of the tools in economic war,” a DCNS official told Reuters.

Apart from multi-billion dollar deals with Indian and Australian navies, DCNS also had contracts going with Chile, Brazil and Russia for fleet modernisation. The future of all those deals now faces serious questions.

When news about the leakage of sensitive data on the Scorpene-class submarines being built in India by DCNS first broke, officials at the French company tried to brush it aside, saying unlike the contract it had with the Australian Navy, where DCNS was both the builder and controller of technical data, in India’s case, the technical data was being handled by a local company – hinting that the leak must have happened at the Indian end.

However, the Australian newspaper has refuted DCNS’s contention, saying that the technical data for the Scorpene-class submarines being built in India were actually written in France in 2011 and was suspected to have been removed from France by a former officer of the French Navy who happened to be a DCNS subcontractor. This clearly shows a serious breach of security and service protocol at the French shipbuilder.

In view of the leaked data, some of the critical operational aspects of the submarines may be modified by Indian Navy once these vessels are commissioned into service. Moreover, according to C. Uday Bhaskar, a retired Commodore of the Indian Navy, the information that has so far surfaced in the media “isn’t a disaster” really. “Much of the acoustics and electro-magnetic and thermal characteristics are established only after a submarine is fully operational and ordnance-capable,” Uday Bhaskar told Gulf News from New Delhi. “However, the area that may have been compromised is the propeller/propulsion data of the submarines,” he added.

Be that as it may, this incident raises critical questions on the vulnerability of technology and cybersecurity in the face of a rapidly-morphing realm of cybercrime. The challenge is all the more critical when it involves high-stakes defence projects such as the Scorpene-class submarines. The leak has once again highlighted the need for stricter adherence to secrecy clauses and greater compliance with security norms by all stakeholders, particularly when the issue at hand is something as sensitive and non-negotiable as a nation’s defence forces and equipment.