In an age of hacking and whistleblowers, the public disclosure of sensitive defence information can be just one keystroke away. This had been underlined by the sudden leakage of over 22,000 pages of technical specs for the Scorpene submarines being inducted by the Indian Navy. This has and will continue to happen. The question is what New Delhi should be doing to prevent and ameliorate such developments.
At present how this technical report became public is unclear. Defence minister Manohar Parrikar has spoken of “hacking”. Other reports speak of an ex-French navy officer stealing the report in 2011 and it being circulated, presumably for a price, among various governments and companies since.
India should be concerned for the following reasons.
One, the contents of the report will undermine India’s maritime security. The six Scorpenes — one which began sea trials in May and the five others still under construction — were supposed to provide a cutting-edge to India’s ageing submarine fleet. Particularly damaging would be information on the submarines’ navigation and sonar systems as well as its acoustic profile. These tell an enemy how both to avoid being found by and how to find a Scorpene. And, in submarine warfare, the endgame begins with detection.
Two, it will put a hole in the country’s Indian Ocean strategy. Chinese submarine activity in the Indian Ocean has increased dramatically the past few years. They seem largely interested in collecting hydrological information, as this sort of data is essential for future and more permanent undersea naval activity — which presumably is Beijing’s ultimate goal. The Scorpene was supposed to be the Indian counter for the next two decades. This will now be in question. India may be required to retrofit more advanced sonar and navigation in the present hulls — adding to an already expensive $3.5 billion purchase.
Three, the Scorpene incident should be just another reminder of India’s need to re-look at its own cyber security and defence production norms.
One vulnerability is the fact India continues to import pretty much all of its military needs — including combat rifles and specialised clothing. The multiplicity of players this introduces means the likelihood of leaks and hacks increases.
Two is that, despite the claims of the defence ministry and other government agencies, India remains a laggard in terms of securing its more sensitive systems. Cyber security remains a policy domain fragmented among over a dozen agencies. Recommendations for a cyber security command remain on paper. The Narendra Modi government has appointed a cyber security czar but he lacks the authority to enforce his decisions.
It took a group of private United States and Canadian academics and programmers to inform New Delhi in 2010 that a China-based hacking group, Shadow Network, had broken into the systems of three Indian Air Force bases and an Assam-based mountain artillery brigade. It is an open secret that foreign intelligence agencies and defence firms are reluctant to share sensitive technology with India because they believe the computer systems of its State-owned defence companies are wholly compromised by the Chinese. It is not as if India does not have world-class cyber security capabilities — but these lie in its private companies and largely ignored by New Delhi.
The only silver lining in the Scorpene disclosures is that submarines everywhere are increasingly vulnerable. A number of studies have pointed that advances in acoustic tracking, satellite reconnaissance and new forms of detection — for example, using lasers and big data analysis — mean that the days when the watery depths veiled the movements of a submarine are almost at an end.
The Scorpene was already on a rising curve of vulnerability, but it would still be preferable that its top secret guidebook were not floating around the world.