Julian Lewis, Conservative MP for New Forest East, raised concerns on 30th August 2024 regarding the outsourcing of IT development work by a commercial subcontractor to coders based in Belarus, particularly in relation to the Ministry of Defence’s policies on security and procurement.

This followed reports that IT software used by British nuclear submarine engineers had been outsourced to Belarusian developers, some of whom were working from Russia.

In response on 6th September 2024, Maria Eagle, Minister of State for Defence, confirmed that both the Ministry of Defence (MOD) and Rolls-Royce Submarines (RRS) had conducted an investigation into the matter.

She explained, “Both the Ministry of Defence (MOD) and Rolls-Royce Submarines (RRS) investigated a subcontractor’s outsourcing of development work for a RRS intranet page; this IT system is separate to the RRS classified systems.”

Eagle assured that the investigation found “no evidence that Belarusian nationals had access to sensitive information and concluded that no change to MOD procurement policy was required.”

The incident, which took place before Russia’s full-scale invasion of Ukraine, had raised concerns about the potential security implications of using Belarusian developers for a project related to the UK’s nuclear submarine fleet. Although there were initial alarms within the subcontracted company, Rolls-Royce later confirmed that the developers did not have access to sensitive or classified information.

Eagle stated that “Defence took steps to ensure and confirm that there had been no compromise of classified information.” No formal sanctions were imposed, as the investigation concluded that there had been no breach of security protocols. Eagle also reiterated that “the safety and security of the United Kingdom’s nuclear submarines and the Deterrent, including the Service personnel who operate it, remain our highest priority.”

Despite the findings, the case has highlighted the importance of ensuring robust security practices in defence procurement, especially concerning the outsourcing of IT development work.

Eagle assured that “our security processes are under constant review to ensure best practice,” confirming that there were no immediate changes required to MOD procurement procedures.

Avatar photo
George has a degree in Cyber Security from Glasgow Caledonian University and has a keen interest in naval and cyber security matters and has appeared on national radio and television to discuss current events. George is on Twitter at @geoallison
Subscribe
Notify of
guest

11 Comments
oldest
newest
Inline Feedbacks
View all comments

Daniele Mandelli
Daniele Mandelli (@guest_852114)
21 days ago

I asked ABC about this many weeks ago.
All clear, nothing to see here.

Supportive Bloke
Supportive Bloke (@guest_852115)
21 days ago

Anything that gives away anything gives a toehold into figuring other things out. Just a list of user and real names is highly valuable. Most people recycle passwords or used the same core password with variants. If you have unhindered access to the back end of a system you have this. Then you can deduce from working patterns and IP addresses whom works in which group where etc Once you have bulk data and can think it is surprising what you can deduce. You can then cross correlate that with social media and the dreaded LinkedIn and you then have… Read more »

Barry Larking
Barry Larking (@guest_852138)
21 days ago

You lost them SP. You are completely correct as far as I understand intelligence gathering.

Conan Doyle demonstrated how facts and information can be derived for the most seemingly trivial details more than a century ago.

Vitali Druzhinin
Vitali Druzhinin (@guest_852346)
21 days ago
Reply to  Barry Larking

Excellent comparison of our Western security services to the deductive reasoning and analysis of the insurmountable private detective depicted by the excelsior aristocratic personalities like Sir Conan Doyle or Lady Agatha Christie.God bless our King Charles III and my family Druzhinin GOLIK ZAGURSKY THOMAS GARCIA and illumine us for action.

Jonathan
Jonathan (@guest_852269)
21 days ago

Indeed, this system may not directly link to a system with secret or top secret information..but as you stated if it collects user names and passwords that would be official data and that can be used to profile users…a list of past passwords that Bob the engineer used for this system creates a security risk for other systems..

Last edited 21 days ago by Jonathan
Barry Larking
Barry Larking (@guest_852137)
21 days ago

I would be concerned if the work carried out had been on a soft drinks dispenser.

Utterly bonkers.

ChariotRider
ChariotRider (@guest_852154)
21 days ago

Hmm, careful guys. When it comes to software and data it doesn’t take much to go from storm in a tea cup to s**t storm…

CR

Jack
Jack (@guest_852177)
21 days ago

No evidence Belarusian nationals ? OK, but what about people of other nationalities ? I’m always suspicious of politicians and their weasel words.

Jonathan
Jonathan (@guest_852272)
21 days ago

The problem with the west is that it cannot seem to get its head around the fact there are states which are our enemies ( not competitors..enemies) and these enemies are undertaking all elements of political warfare against us at all times and that includes subverting every possible system they can…china, Russia, Iran and any nation linked to these as allies should not have access to any possible systems that could be used as part of political warfare..that includes any and all software, hardware, social media etc..personally I think we should even be looking closely at any consumer produces with… Read more »

Last edited 21 days ago by Jonathan
Rob
Rob (@guest_852302)
21 days ago

Well it’s funny there a great many contractors in the UK who could do all this and a lot more but they are being persecuted by HMRC and IR35. My consultancy of 17 years has gone belly up directly because of this.

Vitali Druzhinin
Vitali Druzhinin (@guest_852345)
21 days ago

National security services of the rising British Empire must be tight- lipped on where the C-130 Globetrotters would delivery and geo- position such sensitive military Intelligence cargo ad the most advanced USMC boats and what their specific targets and missions are to be. Improving the NHS in Great Britain is paramount but never at the expense of the deployment schedule of advanced military technology during the time of raging wars in Ukraine and EU. God bless our King Charles III and illumine His Majesty to bring things to order in the English Parliament concerning DoD cuts or financial support.We pray… Read more »