French submarine builder DCNS springs leak: India investigates

The French are said to be going ballistic


India is investigating a security breach affecting its French-built Scorpene-class submarines after more than 22,000 pages covering its secret capabilities were leaked.

First reported in The Australian, the documents offer details on the designs of the submarines, which were put together by French company DCNS.

Based on the Scorpene design, and dubbed the Kalvari class, the first diesel-electric boat is due to enter service by the end of this year.

The Australian posted redacted excerpts from the leaked documents on its site, and reported it had seen thousands of pages offering details of the Scorpene’s underwater sensors, above-water sensors, its combat management system, its torpedo launch system and specifications, and its communications and navigation systems.

According to Reuters, Indian Defence Minister Manohar Parrikar told reporters: “I understand there has been a case of hacking. We will find out what has happened.”

India bought six submarines from DCNS back in 2005, costing roughly US $3.5bn in total. DCNS outbid Germany’s ThyssenKrupp, as well as a Japanese government-supported bid by a Mitsubishi and Kawasaki joint venture, to win the Australian contract.

According to Reuters, a DCNS spokesperson said the company wouldn’t immediately authenticate the documents but additionally did not “rule out that the leak was part of an ‘economic war’ waged by the competitors it beat in the contest for the Australian contract.”

Devastating impact

Excerpts of the documents which were posted on The Australian’s website contained critically sensitive information on the submarine, a political source with “decades of experience in the global arms industry” told Reuters.

Including technical manuals and models of the boat’s antennas, the leak exposes the new submarines' secrets in an unforgivable way: “If it’s 22,400 pages, it’s a major stuff-up, it’s a huge deal. It allows them to understand everything about the submarines. What speeds it can do; how noisy it is; what speeds the mast can be raised at… all of that is just devastating,” said Reuters’ source.

The set-back to the Indian Navy comes while its existing fleet of 13 subs – only half of which are operational at any time, according to Reuters – are trying to contest China's maritime presence in the Indian Ocean.

A statement from the Indian Navy confirmed that the available information about the leak “is being examined at Integrated Headquarters, Ministry of Defence (Navy) and an analysis is being carried out by the concerned specialists.”

The Navy added: “It appears that the source of leak is from overseas and not in India.”

The Australian noted that DCNS won a bid to design 12 vessels for Australia’s new submarine fleet back in April, and the leak threatens the stealth advantages for the new submarines being designed for Oz.

DCNS has not responded to The Register's requests for comment by the time of publication. ®

Similar topics


Other stories you might like

  • Indian government signals changes to infosec rules after industry consultation
    Reports suggest SMBs will get more time, but core elements including six-hour reporting requirement remain

    Indian media is reporting that the government has consulted with industry about its controversial infosec reporting rules, possibly resulting in concessions that slightly ease requirements for some businesses.

    The rules, introduced on April 29 with no warning and a sixty-day compliance deadline, require organizations operating in India to report 22 different types of information security incidents within six hours of detection, maintain extensive logs of their own and customers' activities and provide that info to authorities as required, and use only network time protocol (NTP) servers provided by Indian authorities or synced to those servers.

    The rules generated swift and widespread opposition on grounds that they were loosely worded, imposed enormous compliance burdens, made India less attractive to foreign tech companies, and would harm privacy. The requirement to report even trivial incidents within six hours was criticized as likely delivering a deluge of reports that would contribute little to the stated goal of securing intelligence with which to defend the nation. The Internet Society warned that insistence on using Indian NTP servers would create an unhelpful reliance on that infrastructure.

    Continue reading
  • Another VPN quits India, as government proposes social media censorship powers
    New Delhi now fighting criticism of eroding free speech and privacy with two proposed regulations

    India's tech-related policies continue to create controversy, with fresh objections raised to a pair of proposed regulation packages.

    One of those regulations is the infosec reporting and logging requirements introduced by India's Computer Emergency Response Team (CERT-In) in late April. That package requires VPN, cloud, and numerous other IT services providers to collect customers' personal information and log their activity, then surrender that info to Indian authorities on demand. One VPN provider, ExpressVPN, last week quit India on grounds that its local servers are designed not to record any logs so compliance would be impossible. ExpressVPN will soon route customers' traffic outside India.

    On Tuesday, another VPN – Surfshark – announced it would do likewise.

    Continue reading
  • Indian government issues confidential infosec guidance to staff – who leak it
    Bans VPNs, Dropbox, and more

    India's government last week issued confidential information security guidelines that calls on the 30 million plus workers it employs to adopt better work practices – and as if to prove a point, the document quickly leaked on a government website.

    The document, and the measures it contains, suggest infosec could be somewhat loose across India's government sector.

    "The increasing adoption and use of ICT has increased the attack surface and threat perception to government, due to lack of proper cyber security practices followed on the ground," the document opens.

    Continue reading

Biting the hand that feeds IT © 1998–2022