New Delhi: In the immediate aftermath of the Scorpene submarine data leak scandal, the Indian navy jumped into damage-control mode.
The first statement put out was defensive and, as it turns out, more than a little inaccurate. “The documents that have been posted on the website by an Australian news agency have been examined and do not pose any security compromise as the vital parameters have been blacked out,” the navy’s first statement said.
According to multiple defence and national security analysts The Wire spoke with however, there are two major problems with the navy’s initial response.
The first is that – as The Australian journalist Cameron Stewart has pointed out repeatedly over the last two days – all of the blacked out details and redactions were done by the Australian media organisation in order to avoid publishing potentially classified information. The leaked data itself does contain the “vital parameters” that navy’s statement refers to and can in all likelihood be viewed by anyone with access to the leaked documents. Or in other words, India’s naval security hasn’t been protected because crucial information such as radiated noise frequencies has been blacked out in the publicly released documents.
Secondly, out of the over 22,000 documents leaked only a small portion of the papers have been made public. “The high level committee set up by the navy and the Ministry of Defence first had to ascertain which documents were leaked and get access to those documents which only happened yesterday afternoon. It was impossible to declare confidently that national security had not been compromised just by looking at The Australian’s story and three PDFs they uploaded,” said one person familiar with the working of the high-level committee.
What exactly are some of the “vital parameters”, found in the data leaks, the Indian navy could be worried about? In earlier comments to The Wire, Vice-Admiral A.K Singh (retired) pointed out the “damage may not be great… as long as the frequency of the submarine’s radiated noise” remained a secret. The logic here is that if these frequencies were to leak, it would allow enemy forces to use “different sonar buoys to locate and identify the submarine, which otherwise has a noise level that is below the noise of the sea”.
However, as the newly released documents put out by The Australian yesterday show, the frequencies of many of the Scorpene submarine’s capabilities have been leaked and have been redacted by The Australian and not the leaker herself/himself.
The screenshot above from some of the newly put out documents details some of the submarine’s fundamental interception capabilities, including the frequency band in which it operates and what bands and conditions it is optimised for.
Another screenshot, shown below, was taken from the original documents uploaded by The Australian two days. The section in the screenshot details the radiated noise levels that Singh says the navy could potentially be worried about. Specifically it points to the noise levels at submerged speeds and while snorting.
“Again, what is crucial to note here that many of these details, including radiated noise levels, are not blacked out in the original leaked documents. If this is a detail that is not accessible to any potential customer of DCNS, then it could be very worrying. The navy’s initial response seems very bull-headed. Hopefully things will become more clear in the next two days,” said a former naval officer and defence analyst, who declined to be identified.
Two days after the leaks, the defence community is still undecided on whether the Scorpene submarine data leaks represent a disaster to India’s national security and submarine fleet or whether it is more of a valuable wake-up call to the way the data confidentiality and cybersecurity have become integral parts of military contracts.
“We know a few things. We know the leaked documents don’t have deployment information or anything of that sort. A large part of the leak’s consequences depends on whether the documents are operating and technical manuals that come with any product and thus could be obtained without engaging in industrial espionage. Another debate is on how much of the information has changed since the submarine was finally built,” a senior defence analyst who is studying the legal liability fallout from the Scorpene data leaks told The Wire.
Yet another production headache
Another victim of the Scorpene data leaks will likely be Prime Minister Modi and defence minister Manohar Parikkar’s indigenous defence production push. French company DCNS, which is the designer and builder of the Scorpene submarines, has also submitted what is perhaps the first 100% foreign direct proposal for the development a particular submarine technology (air independent propulsion). According to people with direct knowledge of the matter, DCNS officials were actually scheduled to come to New Delhi next week to push forward this proposal, which so far has been stalled by the Foreign Investment Promotion Board and defence ministry officials over potential conflict of internet issues.
“A team from DCNS was scheduled to meet Parikkar next week over their new propulsion proposal which is already being used in the Scorpene-class submarines that have been commissioned. It will be a wonder if the proposal goes through right now, although it is the first major 100% FDI proposal on the table for the Modi government and since the new defence procurement policy was announced. A bittersweet ending for sure,” said a senior defence analyst.
More broadly, however, defence contracts will now likely have to include mechanisms which can deal with data theft (which has emerged as the cause behind the Scorpene leak now) and consequent leaking of specifications. As a number of commentators have pointed out, if India wishes to cancel the Scorpene submarine contract, it can do so under a nondisclosure clause but will most likely not have the means to pursue penal action. Additionally, if the data was stolen from DCNS (as Reuters reported late last night) and not accidentally or purposefully leaked, India could face legal action over the cancellation of a contract; which would add to the government’s growing list of corporate legal battles.
The 2005 defence procurement policy will certainly have to be updated, according to industry think-tanks The Wire spoke with, to deal with the digital age of information leaks and corporate espionage to best protect India’s interests.