Indian Defence Review

Classification of Information – The Official Secrets Act (OSA) 1923

While enough has been said about the vintage and incongruity of the Official Secrets Act 1923, some observations merit mention. The Act was brought into force in India in 1889, post the Mutiny of 1857. As with many other Acts enacted during that period, (IPC, Army Act), these legislations had been drafted by the British to deal with the ongoing ‘Home Rule Movement’ in Ireland. The OSA, 1889, has only been superficially amended in 1904, 1923 and 1967. The reluctance to replace these Acts with more contemporary legislations is driven more by the convenience of ‘selective application’ they offer to the political and bureaucratic establishment rather than mere organisational inertia.

In fact, the Right to Information Act of 2005, which enables any citizen to obtain information from official records, is contradictory to Clause 6 of the OSC, which stipulated that information obtained from any government office is to be considered ‘official’ and will be governed by the OSA. Certain court verdicts have further added to the confusion and in some cases, reduced the power of the Act. In the State vs Ifilikhar Gilani case of 2002, the court ruled that ‘a document marked Secret, will remain Secret, despite being publically available. In another case, (State vs Santana Saikia) the Delhi High Court reduced the power of the Act by its ruling that “publication of a document merely labelled Secret shall not render the accused liable under law.”

In addition to these incongruities of the OSA, the Act does not address contemporary issues such as marking a document ‘Cleared for Internet Transmission’ or stipulating restrictions on it storage on a Networked System. Such instructions, even if issued as official memos, neither have any legal jurisdiction nor pan organisational applicability.

Therefore, there is an urgent need to replace the present Official Secrets Act, 1923, with an unambiguous, comprehensive and contemporary legislation which is understood by all and is universal in its implementation.

Content and Tactical Significance of Published Information

There is no doubt that, as mentioned by a number of analysts, the Scorpene leak is ‘no small matter’. The fact that the leak originated from France and only a few of the 22,000 odd pages have been published until now is also of little solace. This is the kind of information for which nations allocate substantial resources, at times, wait for years and yet not be sure of its authenticity and correctness. The fact that this is now available to all is a matter of deep concern. We ought to be perturbed about our vulnerabilities; our vulnerabilities in term of information securities. The horse has bolted and we are looking at reducing the impact of our loss. Loss it sure is.

Having said that, we now need to examine the extent to which the leaked information impacts our platform capabilities. We must then analyse measures to reduce the impact of the leak.

Impact on Operational Capabilities

Of the claimed 22,000 pages ‘stolen’ and now available with The Australian, only a minuscule few have been published to date. While it would be statistically incorrect to presume that the published pages are a true sample of the 22,000 odd leaked pages, it may however be prudent to make certain generic assumptions and analyse what is currently available, rather than wait for more pages to be published, which hopefully does not happen!

Prima facia, the leak, its volume and timing, is more to embarrass DCNS and hurt its commercial interests, rather than part of a deliberate military espionage. The content being generic and predominantly indicative has limited tactical significance to an adversary. Certain other inferences drawn from the content are enumerated below.

•  Documents Leaked. Based on the time of the leak (2011) and volume of the leaked documents, it is assumed that most of the leaked pages are part of the Exploitation Documents which may have been prepared by DCNS to impart training to the Indian crew and maintenance teams.

The Scorpene leak should, therefore, be viewed as a wake-up call about our information security vulnerabilities rather than as a national security disaster…

•  Vintage of Data Leaked. Since the leaked data is of pre-2011 vintage, all platform-related information (stealth, radiated noise, sensor performance) would be generic or at best a ‘mathematical estimation’. No class or platform-specific data was even available at that stage.

•  Passive Sensors. As brought out by a senior veteran submariner, submarines are passive predators and rely mainly on their passive sensors to detect, classify and attack targets. Knowing the operational parameters and capabilities of these passive sensors is of little significance to the adversaries as there is very little they can tactically do to degrade their performance.

•  Active Transmitters. Active transmissions from a submarine, both acoustic and electronic, are infrequent, deliberate, controlled and much later in the encounter; when it no longer beneficial for the submarine to conceal its presence. They are used only in the final stages of the encounter when the submarine commander decides to shed its cloak of secrecy and go for the kill. So being aware of the parameters of the active sensors does not in any significant manner, tilt the balance in the favour of the enemy platform.

•  Navigation System. The radar used for surface navigation is normally a commercial radar and therefore negates platform-emitter correlation. Operating parameters of other navigation equipment would pertain to their individual ‘stand-alone’ configuration, based on Factory Acceptance Tests. For example, the accuracy of the individual gyro may now be known; but the accuracy of the navigation complex of the submarine, of which the gyro is one component, would only be known after sea trials.

•  Communication Systems. Submarines are almost always only in the listening mode for shore-to-ship communication. When ship-to-shore communication is unavoidable, high speed, encrypted, burst transmissions are made using buoyant antenna. The operationalisation of own satellite tilts the entire communication and the data link paradigm in our favour. Therefore, knowing the parameters of the communication suite, does not in any way increase the vulnerability of the submarine.

•  ESM System. ESM is a passive sensor which detects and identifies enemy EW transmissions. By knowing our ESM capabilities, all an enemy platform can do is stop transmission in that particular spectrum, thereby degrading its own war-fighting capabilities.

•  Depth, Range and Endurance. Diving depths, operating range and endurance of all commercially available submarines, can easily be obtained from open literature. Operating depths are predominantly determined by the type of steel used, design philosophy, single or double hull and certain other design parameters. Most submarines the world over, operate in a similar depth envelop. Also, the safety margin between normal operating and crushing depths is so wide that submarine commanders are known to have taken submarines during combat, to depths well beyond normal operating depths and lived to tell the story! So most submarines operate in ‘depths in excess of 250 to 300 metres’. Endurance is a function of the fuel carried and most modern conventional submarines have endurance between 45 to 60 days. There is, therefore, very little tactical advantage of knowing the exact values of these. Generic diving depth, range and endurance data available in the open domain is adequate for tactical purposes.

•  Weapon Parameters. The Indian Navy is yet to decide the heavy weight torpedo the Scorpene will carry. Details of the torpedo, if available in the leaked documents, are irrelevant. As far as the Exocet missile is concerned, it is a widely exported missile and used world over, including by the Pakistan Navy. There is very little that is not known about the weapon operating envelope. The parameters pertaining to the seeker radar are ‘customer modifiable’ and are therefore dynamic.

•  Combat System. The Combat System is programmable ‘calculator’ and an integrator of various sensors. In simple terms, its output is a statistical estimation of the target course, speed and range, based on which, it recommends the course the ‘chosen’ weapon must run to impact the target. The programme is in the form of the source code which is proprietary and belongs to DCNS. It, therefore, is of commercial rather than tactical significance. The system accuracy, being a statistical estimation, dependent entirely on the attack geometry, sensor accuracy, hydrological conditions and the duration for which the algorithm has run. So knowing its performance under ‘standard testing conditions’ (which is a design and contractual parameter) does not in any manner help the adversary tactically. The actual capability of the Combat System, which is in fact a system of systems, will only be established after the Indian Navy conducts numerous environmental trials and firings; many more than what is stipulated in the acceptance protocols. Only the analysis of this trial data will define the true ‘capability of the combat system’.

•  Frequency Discreet of the Submarine Radiated Noise. The most important and tactically significant data of a submarine is the information pertaining to the various ‘energy fields’ it produces while operating. These fields are unique to each platform and are referred to as its signature. The submarine therefore has an acoustic (noise) signature, an infra-red (heat) signature, a magnetic (metal) signature and an electromagnetic signature. Of these, the acoustic field is of tactical significance. All these signatures are platform-specific information and will be determined only during the yet-to-be conducted, signature trials of the submarine. This information is a closely guarded secret, known to a very few even within the Navy. Therefore, what is available in the leaked documents are not submarine signatures, but certain ‘mathematical estimates’, of a few ‘frequency discreet’, of radiated noise, duly downgraded so as to fulfil contractual guarantee.

•  Acoustic Signature of the Submarines. While it is the radiated noise levels that determine the range at which the enemy sensors will detect the submarine, the ‘acoustic signature’ is what helps the enemy identify the specific platform. Therefore, mere knowledge of a few frequencies or frequency band of the radiated noise, does not in any manner help the enemy detect the submarine earlier. Once detected, the radiated noise spectrum is analysed and compared to the acoustic signature, if available in the library of the enemy platform. If there is a match, then the identity of the submarine is established. Therefore, the basic challenge still remains for the enemy i.e. to first detect the submarine‘s radiated noise. The subsequent identification is only to confirm the type or class.

•  Inherent Range Advantage of Submarines. Because of the inherent quietness of a submarine, it will detect the enemy warship much earlier; the range advantage being in the order of ‘several times’. It, therefore, would have either attacked or evaded the ship, as per the submarine’s mission profile, well before entering the detection range of the warship’s sensors.

Containing the Impact of the Information Leak

While the steps, material or tactical, which the Indian Navy would take to negate or minimise the impact of the leak, are beyond the purview of this analysis, the three major indigenous developments which would enable this, are enumerated below.

•  Indigenous Weapons. As per reports, an indigenous heavy weight torpedo for launch from submarines, is under development and should commence trials soon. We already have other alternatives to the present tube-launched missile, the Exocet. Induction of these would render the leaked information of weapons redundant.

•  Indigenous AIP System. AIP systems are a game-changer in conventional submarines. They not only drastically modify the radiated noise parameters, but also impact the operational profile, speed, range and endurance. The last two boats of Project 75 are to be fitted with an AIP system and the same would be subsequently retrofitted in all boats. In addition to the system being offered by DCNS, as per open literature, an indigenous AIP system has already been developed and is ready for trials. The advantages of fitting the indigenous system on all six boats need no emphasis.

•  Dedicated Military Satellite. Operationalisation of the dedicated naval satellite, coupled with the existing VLF station, would render the leaked communication suite and data link related info, redundant.

Conclusion

The Scorpene project was intrinsically on a rising curve of vulnerability. It was vulnerable because of certain systemic lacuna. The major lacunae that need to be addressed are the absence of an ‘Integrated Cyber Security Organisation’, non-availability of a comprehensive ‘Standard for Generation of Documentation for Defence Systems and Platforms’, review the decision to outsource generation of exploitation document to the collaborator (instead consider utilising own veteran community) and a grossly deficient, outdated and incongruent legislature in the form of the Official Secrets Act, 1923. These vulnerabilities are in fact, intrinsically present in most of our defence project. These needed to be addressed yesterday!

Analysts feel that the ‘Made in India’ impetus to submarine design and construction would render information security more robust. While it most certainly will reduce the probability of an information leak in the future, it should not be considered as the panacea to the problem of information Security.

There can be no two views on the need to indigenously design and build conventional submarines in India. With the launch of the Arihant, the capability to do so has been amply demonstrated. However, this alone is not likely to address the issue of data and information security.

Therefore, there is an urgent need to catch the bull by the horn; identify and address the real causes of our vulnerabilities. To assume ‘Make in India’ is the panacea to all problems, would be foolhardy and over-simplifying the otherwise challenging task of protecting our security information.

The genre of the information leaked, as can be gleaned by the few pages published indicates that the information pertains to the ‘as designed’ capabilities of the platform, as was known in 2011, rather than the ‘as built’ and ‘as achieved ‘capabilities, which are yet to be established in the likely operating environment . The fact that Scorpene is a late 1990’s design of a widely exported submarine further reduces the ‘novelty’ factor as far as the tactical significance of the information leak is concerned. While the commercial impact of the leak may be damaging to DCNS, its tactical significance to our adversaries, is limited.

Therefore, in conclusion, what emerges is that while the Indian Navy ought to be perturbed that such a major lacunae in its information security weakness has been exploited, it need not be paranoid of the operational fallout of the leak. The Scorpene leak should, therefore, be viewed as a wake-up call about our information security vulnerabilities rather than as a national security disaster.