(MENAFN) A British digital consultancy firm, WM Reply, engaged in a significant security breach by outsourcing the development of crucial software for Rolls-Royce Submarines to programmers in Belarus and Russia, according to a report by The Telegraph. The software, intended for use on a secure intranet system for Rolls-Royce’s nuclear submarine engineers, was meant to ensure secure internal communication without the risks associated with internet connectivity.

WM Reply was contracted in 2020 to create a staff intranet for Rolls-Royce Submarines, a division responsible for designing submarines exclusively for the Royal Navy. The project was subject to stringent British Defense Ministry regulations, which mandate that sensitive infrastructure be developed solely by UK-based personnel with appropriate security clearances. Contrary to these guidelines, WM Reply outsourced a significant portion of the project to developers based in Belarus and a coder working remotely from Tomsk in Siberia.

Concerns about the security implications of using contractors from countries perceived as adversaries began to emerge within WM Reply by late 2020. Internal communications obtained by Defense Ministry investigators revealed that the firm decided against informing Rolls-Royce of the outsourcing, fearing it might jeopardize the £500,000 (USD640,000) contract.

In an effort to obscure the breach, WM Reply employees discussed strategies to cover up the involvement of the foreign programmers. Suggestions included providing the Belarusian developers with fictitious British identities or consolidating the code produced abroad through a British developer to create the illusion that the software development had been conducted entirely within the UK.

The incident highlights serious concerns about the integrity of security protocols in the development of sensitive defense infrastructure and the potential risks posed by outsourcing critical components of national security projects.

MENAFN04082024000045015687ID1108514934