The Scorpene data leak is a body-blow for the Indian navy. Already suffering from a critical shortage of submarines to protect its littoral-seas, the navy must now deal with allegations that its principal submarine project, a venture being pursued in partnership with the French company DCNS, has been badly compromised. In a damning disclosure, The Australian reported that it had seen crucial files that revealed critical data about India’s Scorpene program, with equipment and operational specifications outlined in such minute detail that India’s future submarine operations could be severely jeopardized. Stung by the revelations, the navy has ordered an inquiry, but is struggling to come to terms with the leak’s operational implications.
In order to get to the bottom of this embarrassing expose, it is important to answer three sets of crucial questions:
What was the source of the leak? Was this a case of cyber theft?
As news broke of the revelations, Indian officials rushed into damage control mode. The navy immediately released a statement saying the leak appeared to have originated from outside India. Defense Minister Manohar Parrikar contended that the leak looked like a case of hacking. His suggestion that this wasn’t a physical breach of security but the handiwork of cyber criminals seemed to resonate with Malcolm Turnbull, the Australian prime minister, who also hinted that the system had been infiltrated by hackers. It all seemed conveniently aimed at shifting the onus of responsibility onto unknown cyber spies with the mysterious ability to pierce well guarded computer networks.
There is something to suggest that this may not have been a case of hacking at all. Firstly, the documents released are nearly all scanned copies of a printed manuscript, which appears to be an operational manual. It is reasonable to assume that if hackers were involved, the original PDF documents would have been made public. Naval sources point out that when submarine specifications are prepared, every piece of equipment and sensors are evaluated by specialists who prepare separate files with the necessary specifications. It is only later that the individual documents are collated and printed as a consolidated manual. If hackers had accessed company computers, experts aver, they are likely to have revealed individual PDF documents.
Instead, printed manuals have been scanned and copied on a data disc by an insider who then seems to have either smuggled it out physically or illegally transmitted its contents to an outside agency with the intention of making a specific revelation.
The Indian navy may be right in suggesting that the leak did not originate in India, because details of DCNS’s submarine projects with Chile and Malaysia have also been released. If an Indian source had stolen the data, he/she would have not had access to files pertaining to these countries. The report in The Australian states that the data on the Scorpene was written in France for India in 2011 and is suspected to have been removed from France in that same year by a former French Navy officer who was at that time a DCNS subcontractor. Given these facts, the possibility of an opportunistic leak cannot be discounted. It is possible that the information was available on a data disc since 2011, and was obtained from its source for a price to further a particular strategic objective.
What are the implications of the leak? Have Scorpene submarine signatures been revealed?
There is no denying that the revealed information is of an extremely sensitive nature. The leaked data is said to include details of the Scorpene’s stealth capabilities, frequencies for intelligence gathering, the noise levels of the submarines at various speeds, the diving depths, range and endurance, magnetic radiations, specifications of the torpedo system, propeller noise specifications and radiated noise levels, etc. Not only would this information be useful for an adversary in developing tactics to combat the Scorpene, it also appears to nullify stealth and secrecy — the holy grail of submarine operations.
Despite their seemingly grave nature, however, the revelations do not compromise the Scorpene in a way that negates its prospects for future exploitation. Navies usually have a data bank of the vital characteristics of rival submarine forces. This is based on the understanding of equipment and sensors that those platforms are known to possess and their general operating characteristics. This information, however, does not readily translate into a submarine’s unique underwater signature. The signature of a submarine is a combination of all its acoustic and magnetic emissions, which can be studied and documented only during sea-trails. While the revelation of the Scorpene’s operating characteristics is damaging for combat operations, it does not prevent the submarines from being tactically exploited.
This is not to say the Indian navy will not be adversely affected by the leak. The revelations are significant and could impact India’s undersea operations direly. But they are unlikely to put the Scorpene class out of service.
Who does this disclosure really target?
This is the most important part of the investigations. It appears that the revelations are part of a corporate espionage war between DCNS and its rival corporations. The company’s spokesperson alluded to it in a media briefing yesterday when she stated that “competition was getting tougher and tougher, and all means were being used… all tools in economic warfare.”
Australia’s recent award of its submarine contract to DCNS has created severe heartburn in Japan and Germany, where competing firms had been vying for Canberra’s $50 billion contract of the replacement for the Collins class submarine. It isn’t surprising that the nature of the leak seems intended at discrediting the French company.
A particularly revealing clue is a screenshot of icons of PDF documents of important submarine sensors, which is part of the released documents. It suggests that the insider was acting on instructions that would show him/her as having accessed not just scanned copies of the manuals but also the original PDF versions of individual files. The fact, however, that the material put out does not contain any PDF files implies that the source may have had no cyber access to the original material, except being able to view it on a computer screen. This debunks the hacking theory, showing that despite their inability to infiltrate company servers, the conspirators planned on creating the illusion that inadequate systems security at DCNS compromised sensitive operational data.
Even the security classification, annotated in red with the stamp “Restricted Scorpene India” on the revealed documents, appears intended at indicting DCNS. Clearly, the culprits were keen to show the French company in poor light, implicating it for failing to protect sensitive data.
Only the investigation will reveal if there was a real corporate war at play. What seems clear is that India has been a collateral victim in a deeper economic and strategic conspiracy. The challenge for the Indian navy will be dispel the impression that its premier submarine project has been rendered worthless.
This commentary was first published by the Observer Research Foundation. It is reprinted here with permission.
Abhijit Singh is Senior Fellow and Head of Maritime Policy at the Observer Research Foundation, New Delhi.