Use of Russian software on UK nuclear submarines prompts calls for defence review

Ministers have been urged to conduct an urgent review of defence supply chains following revelations by The Telegraph about the UK’s nuclear-powered submarine fleet.

The Telegraph has revealed that British engineers working on nuclear-powered submarines are using software designed in Russia and Belarus.

The software was to be created by workers from the UK with appropriate security clearances, but some of the work was outsourced to developers from Siberia and Minsk, the capital of Belarus.

There are concerns that further defence capabilities may have been jeopardised as it emerged that the previous project was also outsourced to developers from Minsk.

Experts have warned that Britain’s national security could be put at risk if the personal data of those with secret knowledge of Britain’s nuclear-powered submarine fleet falls into the wrong hands, leaving them vulnerable to blackmail or targeted attacks.

According to The Telegraph, the Ministry of Defence (MoD) has deemed the security breach a serious threat to UK defence and has launched an investigation.

The investigation found that the company, which outsourced intranet work for nuclear submarine engineering workers in Russia and Belarus, initially kept it a secret and considered concealing the workers’ whereabouts by giving them false names of deceased Britons.

Admiral Lord West, a former head of the Royal Navy, said he was “shocked” to read about the “extraordinary” revelations and called on the Ministry of Defence to review supply chains to ensure they are secure.

“That whole area is an area that worries me more and more. If you go back in time, there wasn’t the same reliance on coding and software and things like that,” he said.

Lord West, who was First Sea Lord from 2002 to 2006, added that now that everything is so dependent on software it could be “very dangerous”.

“This is a world where software can make such a huge difference. We need to have mechanisms in place where we can be absolutely certain that no one has hacked into the supply chain, even at the lowest level, and that there is no one who is not authorized to do this job,” he said.

“I think the MoD certainly needs to look at this very, very carefully and make sure that (their supply chains) are absolutely secure. They need to be absolutely sure that every supplier is secure and has signed up to the Official Secrets Act.”

The Telegraph has revealed that Rolls-Royce Submarines, the company that designs and operates the UK’s fleet of nuclear-powered submarines on behalf of the Royal Navy, was looking to upgrade its crew intranet and outsourced the task to digital consultancy WM Reply.

WM Reply then enlisted the help of programmers from Belarus – Russia’s closest ally – one of whom worked out of a home in Tomsk, Siberia, according to documents filed as part of the Defense Ministry investigation.

The intranet system contained personal details of all Rolls-Royce Submarines employees, as well as an organisational structure of those employed on the UK submarine fleet.

Ben Wallace, a former defence secretary, said there should be “punitive action” against subcontractors who breach contract terms.

“There doesn’t seem to be a clear enough policy on penalties or retaliatory action for noncompliance,” he said. “If the company realized it was going to be cut from government contracts or be named and shamed, I suspect it wouldn’t do it.”

Tom Tugendhat, a former security minister who is running for Conservative Party leadership, said securing supply chains was important to “strengthen our resilience and protect our national security” and added that the government “must protect the skills, jobs and capabilities of the defence sector” in the UK.

A Rolls-Royce spokesman said: “We can categorically state that at no time was there a risk that data, classified or otherwise, was made available to individuals who did not have security clearances. It is not possible for individuals who do not have security clearances to access any confidential data via our company intranet.

“All of our suppliers adhere to strict safety requirements. As soon as we became aware of these allegations, which clearly violated those requirements, and following a rigorous internal investigation that concluded in 2021, Rolls-Royce Submarines ceased its relationship with WM Reply. We did not award them any further contracts.”

A WM Reply spokesman denied claims that the organisation’s activities could threaten national security.

“WM Reply regularly reviews its delivery processes and procedures, respects the needs and procedures of its customers, and enjoys transparent and long-term relationships with those customers,” they said.

Broaden your horizons with award-winning British journalism. Try The Telegraph free for 3 months with unlimited access to our award-winning website, exclusive app, money-saving offers and more.