French shipbuilder DCNS suffers major data leak

The French shipbuilder DCNS had suffered a massive data leak this week. First reported by The Australian, a 22,400-page document enclosing confidential information about the Scorpene-class submarine, which is in use by India, Malaysia, and Chile, found its way into unauthorized circles.

The leaked document outlined information on the detectability parameters of India’s Scorpenes; the noise levels of the submarines at various speeds; diving depths, range and endurance; propeller noise; and even the specifications of the torpedo launch system and combat management system.

The potential ramifications of this leak could be significant. Australia, which is a key U.S. ally in the Pacific Ocean, selected DCNS to design and develop its navy’s next-generation submarines. Although the Australian submarines will be derived from the Barracuda-class, a larger design (that is used as a nuclear-powered attack submarine in France), DCNS’s evident security problems will be a major issue of concern.

Cameron Stewart on The Australian discussed that the situation may prompt the U.S. to be reluctant to release its submarine combat management system. Lockheed Martin was among the competitors seeking to join the Australian submarine contract. The U.S. may not permit DCNS to access the technology, which would complicate the program for Australia, which would need to raise its integration capacity, or seek a non-U.S. vendor for the combat management system (as well as other subsystems).

For its part, DCNS is in damage control mode. At the time of The Australian’s report, DCNS suggested that that the leak did not occur from its end, but potentially India. In a statement, the company said:

Multiple and independent controls exist within DCNS to prevent unauthorised access to data and all data movements are encrypted and recorded. In the case of India, where a DCNS design is built by a local company, DCNS is the provider and not the controller of technical data.

In the case of Australia, and unlike India, DCNS is both the provider and in-country controller of technical data for the full chain of transmission and usage over the life of the submarines.

However, according to The Australian, the report was produced in 2011, and it may have taken from France by a retired French Navy officer.

Today, DCNS is arguing that the leak amounted to “economic warfare.” (Reuters). Noting that the industry has gotten more competitive, a DCNS spokesperson stated that “all means can be used” against the company and its interests.

Comment and Analysis

The leaked document will be valuable to a number of actors. First, DCNS’s competition will have a good idea of the company’s offering for most prospective customers, especially in the developing world. This could translate into tangible changes in German, Russian and Chinese submarine designs. Second, India’s rivals may find some value in knowing some of the classified specifications and performance parameters of India’s Scorpene submarines. That said, India’s submarines will use a domestically developed and produced air-independent propulsion (AIP) system, which will translate into a variance between the document and the Indian Navy’s ships.

At a broader level, DCNS’s principal challenge will be to restore the trust and confidence of its customers. This is an obvious statement, but the ramifications of this leak should not be underestimated. First, DCNS’s core prospective customer base, especially for short and medium-term, centers on NATO (and key U.S. allies in general). The company is competing for submarine contracts in Poland and Norway. It had also prequalified to compete for the Royal Canadian Navy’s surface warship tender. NATO powers operate under the ambit of wider strategic defence and security objectives, which in turn preclude defence vendors that pose even the slightest of possible risks. An interesting case could be found in the pressure exerted on Turkey to abandon its talks for the HQ-9 long-range surface-to-air missile (SAM) system from China.

The shipbuilding market in Western Europe is also flush with competition. From established builders such as ThyssenKrupp Marine Systems (TKMS) in Germany and Navantia in Spain to cost-competitive market entrants such as STM in Turkey, DCNS could face a serious uphill climb in restoring its market influence.

DCNS’s prospects outside of NATO may not be impacted as severely. The Middle East and North Africa (MENA) market is not privy to the same level sensitive technology as NATO. Some countries, such as Egypt, are cost-sensitive and depend on flexible financing arrangements in order to fund big-ticket acquisitions. However, there is little to stop newer entrants from Turkey, South Korea, and even India from competing against DCNS in these markets. Just recently DCNS lost out on a contract to upgrade the Pakistan Navy’s three Agosta 90B submarines (i.e. a submarine designed and built by DCNS) to STM Turkey.

More broadly, the risk of leaks from cyber crime and espionage could figure more prominently in American and Western European security circles over the coming months. With commercial offsets and technology transfers playing a major role in driving current and near-term arms acquisitions, especially from the West to the East, some will point to the security risks posed by such transactions. It will be interesting to see if these events translate into a longer list (produced by the U.S. and Western Europe) of blacklisted or risk-prone private as well as public-sector vendors (particularly in Asia).