A Royal Navy contractor tried to save money by having communications software for nuclear engineers designed in Belarus
A firm hired to design software for a British submarine builder outsourced the job to programmers in Belarus and Russia, The Telegraph reported on Friday. According to British Defense Ministry documents seen by the newspaper, the company then tried to cover up this potential security breach.
The company, a digital consultancy firm called WM Reply, was hired in 2020 to build a staff intranet for Rolls-Royce Submarines, The Telegraph reported. Rolls-Royce’s nuclear engineers – who design submarines solely for the Royal Navy – would use this intranet to communicate while at work without the security risk of being connected to the wider internet.
Given the sensitive nature of Rolls-Royce Submarines’ work, British Defense Ministry rules stipulated that the intranet be designed only by UK-based staff with security clearances. Instead, WM Reply outsourced much of the work to coders in Belarus and one who worked remotely from Tomsk in Siberia.
By late 2020, staff at WM Reply were concerned about using contractors based in an adversary of the UK. Transcripts of a conference call handed to Defense Ministry investigators revealed that the company opted not to tell Rolls Royce about the outsourcing, lest the contract – worth £500,000 ($640,000) – be canceled.
One employee on the call suggested giving the Belarusian coders the names of “dead people in the UK,” while another recommended having one British developer compile all the code created in Belarus and Russia, to make it seem as if the entirety of the software was built in the UK.
Eventually, Rolls Royce was told that some foreign coders would be used, but the company was not informed that these coders would be based in Russia or Belarus, documents handed to the Defense Ministry alleged.
Rolls Royce began investigating the case in 2021, and a probe was launched at the Defense Ministry the following year, by which time the UK was propping up the Ukrainian military in its conflict with Russia. Rolls Royce has since cut ties with WM Reply, a spokesperson for the submarine manufacturer told The Telegraph, adding that “at no point was there any risk of data, classified or otherwise, being accessed or made available to non-security cleared individuals.”
“This matter was fully investigated by Rolls-Royce. As they have said, at no point was the integrity of the system compromised,” a ministry spokesperson commented.
However, defense analysts told the newspaper that the coders could potentially have gained access to the contact details of Rolls Royce employees, leaving them exposed to blackmail or cyberattacks.
WM Reply’s outsourcing decision “potentially left us vulnerable to the undermining of our national security,” former Defense Secretary Ben Wallace told the newspaper.