Britain's nuclear submarine software built by Belarusian engineers
Britain's nuclear submarine software was partially developed by engineers in Belarus and Russia, raising security concerns. An investigation revealed outsourcing risks, prompting calls for better scrutiny of defense supply chains.
Read original article
Britain's nuclear submarine software has been developed with contributions from engineers in Belarus and Russia, raising significant national security concerns. The Ministry of Defence (MoD) discovered that the software, which should have been created by UK-based staff with security clearance, was partially outsourced to developers in Siberia and Minsk. This breach could potentially expose the locations of British submarines and other defense capabilities. An investigation revealed that the firm responsible for the outsourcing, WM Reply, initially concealed the involvement of foreign developers and even discussed using fake names to disguise their identities.
Concerns about the security implications were raised by WM Reply staff as early as 2020, but management downplayed the risks, fearing that informing Rolls-Royce, which oversees the submarine fleet, could jeopardize the project. The MoD was alerted in 2022, leading to further investigations. Experts have warned that access to sensitive data could lead to blackmail or targeted attacks, with former defense secretary Ben Wallace emphasizing the vulnerability created by such outsourcing practices. Rolls-Royce stated that no sensitive data was compromised and that they ceased working with WM Reply after the allegations surfaced. The incident highlights the risks associated with outsourcing critical defense work to countries with potential adversarial ties, prompting calls for greater scrutiny of supply chains in national security contexts.
Related
Microsoft admits no guarantee of sovereignty for UK policing data
Microsoft admits inability to guarantee UK policing data sovereignty on its public cloud, potentially breaching UK data protection laws. Concerns persist despite company's efforts to address issues, impacting all UK government users.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
UK cyber-boss slams China's bug-hoarding laws
The UK's NCSC CEO criticized China's cyber laws, citing concerns over cyber activities. AWS denied business issues in China. Japan found remnants of a supernova. India succeeded in telecom manufacturing incentives. Mt Gox repaid investors. Singapore intervened in Grab's acquisition. Australia ordered a tech review. Various alliances and deals occurred in the Asia-Pacific region, reflecting cybersecurity, tech advancements, and regulations.
The Illicit Flow of Technology to Russia Goes ThroughThis Hong Kong Address
Since the Ukraine war began, Russia has acquired nearly $4 billion in U.S. chips through Hong Kong shell companies, circumventing sanctions and maintaining a steady influx of critical technology for military use.
Code of Practice for Software Vendors: call for views
The UK government is seeking industry feedback on a draft Code of Practice for Software Vendors to enhance software resilience and security, part of the £2.6 billion National Cyber Strategy.
3 comments> WM Reply are … specialising in Microsoft 365
And it’s a £500k contract, which doesn’t get you very far in corporate intranet land.
But of course it presents a security risk, since the intranet usually is the gateway to people or project information.
And I am truly puzzled by how they knew it wasn’t appropriate to hire subcontractors in Belarus and Russia, but talked themselves into making it ok. Even suggesting to put names of dead people in the reports.
Doesn’t undermine all the security concerns though.
Can I get a second opinion on this, please?
Related
Microsoft admits no guarantee of sovereignty for UK policing data
Microsoft admits inability to guarantee UK policing data sovereignty on its public cloud, potentially breaching UK data protection laws. Concerns persist despite company's efforts to address issues, impacting all UK government users.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
UK cyber-boss slams China's bug-hoarding laws
The UK's NCSC CEO criticized China's cyber laws, citing concerns over cyber activities. AWS denied business issues in China. Japan found remnants of a supernova. India succeeded in telecom manufacturing incentives. Mt Gox repaid investors. Singapore intervened in Grab's acquisition. Australia ordered a tech review. Various alliances and deals occurred in the Asia-Pacific region, reflecting cybersecurity, tech advancements, and regulations.
The Illicit Flow of Technology to Russia Goes ThroughThis Hong Kong Address
Since the Ukraine war began, Russia has acquired nearly $4 billion in U.S. chips through Hong Kong shell companies, circumventing sanctions and maintaining a steady influx of critical technology for military use.
Code of Practice for Software Vendors: call for views
The UK government is seeking industry feedback on a draft Code of Practice for Software Vendors to enhance software resilience and security, part of the £2.6 billion National Cyber Strategy.