A company hired to design software for British submarine manufacturers outsourced the work to programmers in Belarus and Russia. This is surprising given the longstanding enmity between Moscow and London. According to UK Ministry of Defence documents seen by The Telegraph, the company subsequently tried to conceal potential security breaches.
The Telegraph reports that the company, a digital consulting firm named WM Reply, was contracted in 2020 to build a staff intranet for Rolls Royce Submarines. The nuclear engineers at Rolls Royce, who design submarines specifically for the Royal Navy, used this intranet for secure communication, as it was isolated from the wider internet.
Given the sensitive nature of the work conducted by Rolls Royce Submarines, UK Ministry of Defence regulations stipulate that the intranet should only be designed by personnel based in the UK with appropriate security clearances.
Contrarily, WM Reply outsourced most of the work to coders in Belarus and one individual working remotely from Tomsk in Siberia, Russia. By late 2020, WM Reply staff were concerned about using contractors based in the UK’s adversarial nations.
A transcript of a conference call submitted to UK Ministry of Defence investigators revealed that the company chose not to inform Rolls Royce about the outsourcing arrangement to avoid risking a £500,000 contract cancellation. One employee suggested providing the Belarusian coders with the names of “deceased individuals in the UK,” while another proposed having a single UK-based developer compile all the code developed in Belarus and Russia to make it appear as if the entire software was created in the UK.
Eventually, Rolls Royce was informed that some foreign coders would be used, but the company was not told that these coders would be based in Russia or Belarus, according to documents submitted to the UK Ministry of Defence.
Rolls Royce began investigating the matter in 2021, and a Ministry of Defence investigation was launched the following year, as the UK supported Ukraine’s military in its conflict with Russia.
Since then, Rolls Royce has severed ties with WM Reply, a spokesperson for the submarine manufacturer told The Telegraph.
“There was no risk of any data, classified or otherwise, being accessed or provided to individuals without security clearance,” a Rolls Royce spokesperson stated. “This matter has been thoroughly investigated by Rolls Royce. As they have stated, there was no compromise of system integrity at any point,” added a UK Ministry of Defence spokesperson.
However, defense analysts told The Telegraph that the coders might have gained access to the contact details of Rolls Royce employees, making them vulnerable to extortion or cyberattacks. “WM Reply’s decision to outsource the work potentially exposed us to threats against our national security,” former Defence Secretary Ben Wallace told the newspaper.
