Lessons from Scorpene leaks

The dramatic revelation by The Australian that it had obtained access to over 22,400 pages of sensitive data pertaining to the French designed Scorpene class submarine currently being built in India is now a week old. In the intervening period the initial turbulence created by this WikiLeaks like data-dump is progressively acquiring certain contours.

First, it seems that the documents were part of a complex theft mounted by a former employee of DCNS — the French military corporate — and hence the initial hacking assumption is not longer valid. Furthermore, the Australian has confirmed that the computer disk was received by an Australian defence expert a couple of years ago in a routine manner and he in turn decided to ‘leak’ the document when he realized the gravity of what he had stumbled upon.

The fact that Australia had just awarded a $50 billion contract to the French company in a fiercely fought bidding war that pitted a German and Japanese company against DCNS points to corporate rivalry, as also the vulnerability of data security in relation to critical military documentation.

The sequence of events begins in DCNS, Paris, from where the data moved to South East Asia (Malaysia acquired the Scorpene in 2009) and then a disgruntled employee is alleged to have stolen the document from where it was inadvertently sent to Australia. There is a Robert Ludlum-Tom Clancy kind of element alluded to in the reportage and this is best illustrated in this account by The Australian correspondent: “In the back room of Cafe Loco, in the Melbourne suburb of Elsternwick, the man arrives, sits down and pulls out a data disk from his pocket. He orders a hamburger then slips the disk into his laptop. He says he has something to show me, but not give to me.

Why are you doing this I ask? He replies: ‘In the wake of the recent future submarine decision (in Australia) this matter went from one of a very serious breach for both France and India to a matter of national security significance to Australia and the US.’ 

The reporter continues: “In other words, he wants Australia to know that its future submarine partner, France, has already lost control of secret data on India’s new submarines. His hope is that this will spur the Turnbull government and DCNS to step up security to ensure Australia’s $50 billion submarine project does not suffer the same fate.  He says he is a whistleblower and maintains that revealing to the world, via The Australian, that this classified data exists in a dangerously uncontrolled form is worthwhile because it will serve Australia’s interests even if it causes an international furor.”

The furore has begun in earnest manner. Over the last week, Indian Defence Minister Manohar Parrikar has ordered a detailed inquiry into the documents that have been disclosed and the degree to which they pertain to and hence compromise the Indian Scorpene. 

The Malaysian and Chilean navies will be very concerned for they already operate the Scorpene. Brazil, a potential buyer, will hit the pause button and questions are being asked about the competence of DCNS in being able to handle classified information and related documents in a foolproof, zero-error manner that does not permit any breach of security.

It is understood that DCNS plans to move the Supreme Court of New South Wales in Australia to prevent the Australian from releasing more documents that may adversely impact the Indian submarine building programme.

The DCNS legal team has stated that “publication of this highly valuable document causes a direct harm to DCNS and its customer in terms of spread of sensitive and restricted information, image and reputation”.

Now that the Scorpene-related information available with The Australian has been assessed as being ‘highly valuable’ and can ‘harm’ the customer (India), the critical question for South Block is to what degree does this compromise the credibility of the Indian Scorpene submarine building programme? 

The first boat, the Kalvari is to be commissioned by end 2016 and the other five will follow in a phased manner.

Many views have been expressed in the media — mass and social — over the last week by Indian analysts and experts with some subscribing to the ‘sitting-duck’ conclusion (meaning that the kind of technical data released makes the Kalvari vulnerable to detection by the adversary), to the other end of the spectrum that dismisses the current turbulence and anxiety as a ‘storm in a teacup’ that will soon fade away.

To my mind, either kind of certitude may be misplaced and it would be prudent to wait for the Indian Navy’s specialists to review the stolen documents, now being selectively leaked and make an informed recommendation about the damage done to the Indian Scorpene.

However there is another issue that has come onto the national security radar post the Scorpene leak of the last week. This pertains to the nature of the techno-commercial and legal/ contractual protocols specific to India that will ensure data-cum-information security between a military hardware supplier and the buyer. 

In this case DCNS is very concerned about how the Australian scoop will impact its global image while all the navies that have the Scorpene or are in the process of acquiring the platform will be examining options that balance operational compulsions with fiscal compensation.

In the Indian case, the current focus on ‘Make in India’ poses an additional challenge. Given the relatively slim design capabilities in India, the current focus is on long-term collaboration with foreign entities who will enable not only the manufacture in India effort, but also contribute to R&D-cum-design competence. In this context, the underwater domain is among the most secretive and technologically complex.

If India is to enhance its credibility as a reasonably empowered and hence autonomous actor in the regional strategic environment, reducing its reliance on foreign military suppliers is imperative. A rigorous national plan is called for that is multi-disciplinary and multi-sectoral meaning that it must encompass state enterprises, the private sector, academia and the diaspora. This plan must first irrigate an uneven and often arid eco-system which, in turn, will nurture the appropriate human resource and techno-industrial infrastructure.

In this endeavour, the flow of information in a secure manner is an important determinant and the Scorpene document theft-cum-leak experience must lead to the right inferences and policy correctives — not knee-jerk reactions that will seal all classified information in safe but inaccessible silos!

The author is Director, Society for Policy Studies, New Delhi