A company hired to design software for British submarine manufacturers outsourced the work to programmers in Belarus and Russia. This is surprising given the longstanding enmity between Moscow and London. According to UK Ministry of Defence documents seen by The Telegraph, the company subsequently tried to conceal potential security breaches.
The Telegraph reports that the company, a digital consulting firm named WM Reply, was contracted in 2020 to build a staff intranet for Rolls Royce Submarines. The nuclear engineers at Rolls Royce, who design submarines specifically for the Royal Navy, used this intranet for secure communication, as it was isolated from the wider internet.
Given the sensitive nature of the work conducted by Rolls Royce Submarines, UK Ministry of Defence regulations stipulate that the intranet should only be designed by personnel based in the UK with appropriate security clearances.
Contrarily, WM Reply outsourced most of the work to coders in Belarus and one individual working remotely from Tomsk in Siberia, Russia. By late 2020, WM Reply staff were concerned about using contractors based in the UK’s adversarial nations.
A transcript of a conference call submitted to UK Ministry of Defence investigators revealed that the company chose not to inform Rolls Royce about the outsourcing arrangement to avoid risking a £500,000 contract cancellation. One employee suggested providing the Belarusian coders with the names of “deceased individuals in the UK,” while another proposed having a single UK-based developer compile all the code developed in Belarus and Russia to make it appear as if the entire software was created in the UK.
Eventually, Rolls Royce was informed that some foreign coders would be used, but the company was not told that these coders would be based in Russia or Belarus, according to documents submitted to the UK Ministry of Defence.
Rolls Royce began investigating the matter in 2021, and a Ministry of Defence investigation was launched the following year, as the UK supported Ukraine’s military in its conflict with Russia.
Since then, Rolls Royce has severed ties with WM Reply, a spokesperson for the submarine manufacturer told The Telegraph.
“There was no risk of any data, classified or otherwise, being accessed or provided to individuals without security clearance,” a Rolls Royce spokesperson stated. “This matter has been thoroughly investigated by Rolls Royce. As they have stated, there was no compromise of system integrity at any point,” added a UK Ministry of Defence spokesperson.
However, defense analysts told The Telegraph that the coders might have gained access to the contact details of Rolls Royce employees, making them vulnerable to extortion or cyberattacks. “WM Reply’s decision to outsource the work potentially exposed us to threats against our national security,” former Defence Secretary Ben Wallace told the newspaper.
- WM Reply, contracted by Rolls Royce Submarines to design a secure intranet, outsourced work to Belarusian and Russian programmers, despite UK Ministry of Defence regulations prohibiting such practices due to security risks.
- The firm concealed this arrangement to avoid losing a £500,000 contract.
- Although Rolls Royce was informed of foreign involvement, they were not made aware of the coders' specific locations.
- Investigations followed, and WM Reply was eventually cut off by Rolls Royce amid concerns over national security.
Outsourcing to Belarus and Russia
Concealed Arrangement
Rolls Royce Not Fully Informed
Security Concerns and Cut-Off
