The genre of the information leaked, as can be gleaned by the few pages published indicates that the information pertains to the ‘as designed’ capabilities of the platform, as was known in 2011, rather than the ‘as built’ and ‘as achieved ‘capabilities, which are yet to be established, in our likely operating environment . The fact that Scorpene is a late 1990’s design of a widely exported submarine further reduces the ‘novelty’ factor as far as the tactical significance is concerned. While the commercial impact of the leak may be damaging to DCNS, its tactical significance to our adversaries, is limited.
The Scorpene class of submarines were first considered in 1998 as the follow-on for the four in-service SSK submarines…
A large volume of data and information pertaining to the yet-to-be operationalised Scorpene submarine of the Indian Navy is now available in the public domain. What is currently known is that the 22,000-odd pages of ‘Classified Data’ pertaining to the submarine were leaked in 2011, probably from a source external to India. Now, five years later, ‘The Australian’, a newspaper belonging to the Rupert Murdoch group, has claimed it is in possession of these 22,000 pages of ‘ten types of secret information’ which, as per them, compromises the Indian programme. The Australian, over the last three weeks, published a few pages and indicated that it would continue the process. An Australian court, however, has now granted temporary injunction against the further publication of documents.
The few pages published, marked ‘Restricted Scorpene India’, are of 2011 vintage and provide details of the submarine. While some may argue that the information is predominantly generic, certain details published do fall in the category of ‘sensitive’. The fact, that the newspaper redacted some of the data and that an Australian court, has granted temporary injunction against further publication, provides only temporary solace. Our concern is firstly the number of eyes and hands these 22,000 pages have passed through in the last five years, will never be known. Secondly, our analysis of the impact, is currently based only the few pages ‘published’ by The Australian. The fact that the published information is dated, considered generic and may have already be available to the discerning, is no guarantee that the remaining pages, yet to be published, can, similarly be considered benign.
Investigation of the source of leak and the legal redressal available to the government would certainly be undertaken by the appropriate agencies and, is therefore, beyond the purview of this article. What is being attempted is to, firstly undertake an analysis to identify the issues to be addressed at the macro level, so as to reduce the probability of re-occurrence of such information leaks. Secondly, we need to evaluate the content and assess the tactical significance of the leaked information. Reactions such as ‘these submarines are now sitting ducks’ and the crew is now ‘doomed to die’, need to be dispelled, before they cloud the decision making process at the highest level.
Exploitation Documents are primarily generated for the crew and maintenance teams, to operate and maintain the systems and the platform…
As a prelude, it may be prudent to put in perspective the background and current status of Project 75, the Scorpene project, as is available in the public domain.
The Scorpene class of submarines were first considered in 1998 as the follow-on for the four in-service SSK submarines. The contract for building six of these at Mazagon Dock Ltd (MDL), Mumbai, under Project 75 was signed in 2005, and construction commenced in 2009. The combat system package though finalised then, was contracted for only in 2012. The primary weapon, the torpedo, is yet to be selected. While there has been a delay of four years in the delivery of the first submarine, the delivery schedule of subsequent platforms has been compressed to one every six months. This, coupled with the fact that there is a delay in finalising the followons under Project 75 (I), the facilities at MDL in the interim, may be utilised to build an additional three Scorpene class submarines.
The Scorpene design is of the late 1990’s vintage and a follow-on of the Agosta 90 B, operated by Pakistan. India and Pakistan both, were justifiably worried when DCNS offered the Scorpene to India. Similarly, in light of the current leak, Australia is now worried about security compromise of its short-fin Barracuda Class submarines. The justification given by DCNS to the three navies is that the three classes of submarines are quite different from each other. This, at best, is only partially true. The DNA of the three classes cannot be substantially different. While customisation of weapon and sensor packages, vintage of the equipment and propulsion technologies does provide improvements, these are predominantly incremental and rarely transformational especially in terms of overall platform performance and stealth characteristics. However, retro fitment of an Air Independent Propulsion (AIP) is a game-changer in terms of operating profile and radiated noise parameters.
Cyber Security Organisation and Protocols
In today’s age of data digitisation and instant connectivity, public disclosure of sensitive information is just a click away. Hacking, whistle-blowing and information leaks are here to stay. It is a matter of ‘when’ rather than ‘if’ such a leak would occur. We can, at best, can reduce the probability of occurrence and increase the cost to the adversaries to obtain the information. We, therefore, need to acquire world class cyber security capabilities. This capability needs to be acquired and deployed enterprise-wide, at the appropriate scale and speed. For this, the current multiplicity of organisations and ‘silos of knowledge’ would have to be replaced by an umbrella Cyber Security Organisation. Such an organisation would need to be supported with adequate resources and manned with multi-disciplinary professionals. Its mandate must include constant scanning of the environment to detect potential threats and develop protocols which are then applied universally across defence acquisition projects; foreign or indigenous.
The Scorpene is a ‘Build in India’ project, with substantial involvement of the design teams of MDL and the Indian Navy…
The need of such an Integrated Cyber Security Command, though conceptualised by military planners, has not found favour with the bureaucratic and political decision makers. Therefore, the Scorpene leaks must not be seen as a one of kind ‘security incident’ which needs ‘fixing’, but a ‘vulnerability gap’ which exists and will be exploited again, not only in acquisition projects, but across the entire spectrum of defence preparedness. This vulnerability needs to be addressed immediately and comprehensively. The irony is that, as a nation, we have world class cyber security capability in the private sector, which remains untapped and ignored by the government.
Documentation of a Weapon Platform
Documentation of any weapon platform including submarines is normally categorised into Design, Contractual, Exploitation (User or Operating & Maintenance documents), Trials and Combat Exploitation documents. In fact, the above is also the broad sequence in which documents are generated. Of these, the Exploitation Documents are voluminous, frequently referred to and most widely distributed. Their content, scope and classification, therefore, need to be deliberated upon, customised and standardised in the early stages of the project and must thereafter form part of the contract. The Trial Documents are generated much later in the project life. Since the results of trials are extremely sensitive, they are appropriately classified and have limited circulation. The Combat Exploitation Documents are an amalgamation of information from various documents and evolved over a period of time. Since they discuss operational strengths and limitations, these, along with the Trial Documents, are by far, the most secretive documents, with extremely limited accessibility.
To understand the documentation philosophy, it may be prudent to illustrate the treatment to say, radiated noise parameters, across various documents. Based on design parameters and certain mathematical models, the designers would arrive at a broad band of radiated noise figures during a particular operational profile, say the dived transit of the submarine. These would be contained in the design documents and also available in open literature, for purposes of marketing. Once the contract is finalised, the vendor would water-down these radiated noise claims as these values now need to be demonstrated as guaranteed performance during trials. The Exploitation Documents must, therefore, mention the radiated noise parameters in the most generic terms, preferably as mentioned in open literature for submarines of similar class and vintage. Next, when the radiated noise trials are conducted, as part of advanced sea trial, the actual radiated noise figures would emerge. These, in all probability, would be substantially lower than the figures guaranteed in the contract. These figures would then be recorded in the Trial Documents. Finally, based on these trial inputs and other operating parameters and considerations, the Combat Exploitation Document would, for example, recommend the machinery operating regime of the submarine during dived transit. Therefore, the value of the same parameter, radiated noise in this case, will have different values in different documents. Documents containing values of ‘tactical significance’ will have the highest security classification and least circulation.
The fact that the leak originated from France and only a few of the 22,000 odd pages have been published until now is also of little solace…
Indigenous and Comprehensive Standard for Defence Documentation
The broad framework for documentation as well as the scope, content and format for each of these documents, should ideally be standardised, across the three services, in the form of a ‘Joint Specification for Generation of Documentation for Defence Systems and Platforms’. These specifications form the basis for generation of all categories of documents, by all Original Equipment Manufacturers (OEM), indigenous or foreign, across the defence services. No such joint specifications exist in the Indian context. Each service follows its own standards and in fact, there is limited standardisation even within each service. Further, in most cases, standards being used are ‘legacy specifications’ which have, at best, been only superficially updated. In nearly all cases, these do not holistically address issues such as format of e–documents, cyber security, precautions against data theft, hacking and phishing. In case of foreign vendors, documents supplied are often based on their own standards, further diluted for export purposes.
In the absence of such a formalised, comprehensive and technically ‘au fait’ specifications, it is likely that the contract for Scorpene submarines, with DCNS or other vendors/OEMs may not have addressed all aspects of documentation. Aspects which may have had insufficient focus or no mention in the contract, are the content and scope of each type of document, guidelines for assigning security classification, control of data and information, wetting of group of authors, premises (DCNS or MDL) where documents are to be generated, security protocols (physical and informational) and aspects of cyber security.
Outsourcing Generation of Exploitation Documents to Foreign Collaborator
Exploitation documents are primarily generated for the crew and maintenance teams, to operate and maintain the systems and the platform. These documents are a synthesis of data and information of individual components and equipment, which constitute the ‘system’ or ‘system of systems’. The process of generating exploitation documents is an involved and multi-disciplinary activity, undertaken by a ‘group of authors’ who have experience of operating and maintaining similar platforms, possess good writing and language skills and understand the operating and maintenance philosophy of the client navy. Subsequently, this group becomes the core group to undertake other downstream activities such as preparing training aids and simulators, designing and imparting training, preparing spare parts list and drawing maintenance schedules.
The Scorpene is a ‘Build in India’ project, with substantial involvement of the design teams of MDL and the Indian Navy. As it finally transpired, DCNS hired retired French naval personnel to generate these documents. It is now known that some of these personnel were the source of the leak.
The Indian Navy has nearly 50 years of experience in operating, maintaining and refitting four classes of submarines including a nuclear submarine. We are probably the only Navy which operates submarines of both, Eastern and Western origin. We have designed albeit with limited assistance from a collaborator and built a nuclear submarine. English is our first language. Yet the decision makers felt that retired French submariners are better equipped, more competent, trustworthy and possess better professional acumen than our own retired submarine fraternity to undertake this ‘sensitive task’ at, positively, an exorbitant fee. We could have considered generating exploitation documents utilising our own veteran fraternity. As a quality assurance measure, this indigenous group could have been assisted by a consultant from DCNS. This group could then have formed the core team to undertake other down-stream operationalising tasks mentioned above. This approach would not only have contributed towards our indigenisation effort, but would have also substantially reduced the information security vulnerabilities.