Russian and Belarusian Developers Linked to British Submarine Software, Prompting MoD Investigation

The software used in British submarines includes components developed in Russia and Belarus, contravening UK Ministry of Defence (MoD) regulations, according to The Telegraph. The report reveals that part of the development work on the software, which was intended to be completed by UK-based engineers, was outsourced to developers in Siberia and Minsk.

The MoD has identified this as a significant security risk and has launched an investigation. The investigation uncovered that Rolls-Royce Submarines, which manages the UK’s nuclear submarine fleet, subcontracted the upgrade of its staff intranet to WM Reply, a digital consultancy firm. WM Reply, in turn, employed developers from Belarus, including one who worked from home in Tomsk, Siberia. Concerns have been raised that this outsourcing could compromise the UK’s defence capabilities, as a previous project was also subcontracted to developers in Minsk.

Documents reveal that WM Reply employees raised security concerns in the summer of 2020 about using Belarusian developers. Reportedly, concerns were ignored about the company employing overseas developers. To hide the true identities of Russian and Belarusian developers, the company allegedly used fake names, even considering using the names of deceased British citizens. It was not until spring 2021, when the issue was reported directly to Rolls-Royce, that an investigation was initiated. The matter was subsequently referred to the MoD in summer 2022, leading to further investigation.

Experts warn that if personal information about individuals with access to classified details of the British submarine fleet fell into the wrong hands, it could pose a serious national security threat, including risks of blackmail or targeted attacks.

Rolls-Royce has stated that all subcontracted work, including software development, underwent rigorous security testing before being introduced into their network. The company asserts that no sensitive information was accessible to non-security-cleared individuals. WM Reply has denied that its actions jeopardized national security.