The leak this week of sensitive technical data on India’s French-designed Scorpene-class submarines has sent ripples across Asia. India and France have launched investigations and both have implied that the source of the leak was at the other end.
The leak was initially blamed on a “hack” and concerns were raised about whether this information would give China an advantage in any future regional confrontation. It has also set off a fresh round of handwringing in Australia over the government’s recent decision to acquire a variant of the submarine design, which represents the country’s largest ever defense project. All major parties involved, including the Indian and Australian governments as well as the French manufacturer, have downplayed the impact of the leak. But the incident has served to highlight the outsize role that a handful of European defense companies play in Asian security matters, and hints at future risks.
The leak itself comprised of 22,400 pages of the Scorpene’s technical manual, detailing a range of specifications, including the frequencies used by the submarines to gather intelligence, the level of noise they generate, and their range. This is useful information for any adversary and will be of great interest to both China and Pakistan, which have both been involved in wars with India in the past.
As the DCNS Scorpene design is used by both India and Malaysia, and is related to the future Australian Shortfin Barracuda submarines, any security concerns around the leak have ramifications across the region. Moreover, the greater concern for Australia is not the specific details of this leak, but whether it indicates broader information security vulnerabilities.
As it stands, the risk posed by the leak is worrying, but not critical. The leaked information represents the most important details an adversary requires to find and identify a submarine. But it dates from 2011 and therefore does not reflect the current specifications of India’s submarines’ systems, let alone Australia’s future ones. This is concerning, but far less so than if information systems had been compromised.
Despite initially being described as a hack, The Australian newspaper reports that a former French naval officer who was employed as a subcontractor to DCNS at the time may have been the source of the leak. DCNS has suggested that it has been the victim of “economic warfare” rather than targeted for military purposes. Certainly, it would be unlikely that a state-backed actor would provide details of their exploits to a major news outlet. If the motives were military in nature, they would have kept the information, and the fact that they had acquired it, to themselves.
The economic sabotage charge is also curious in the context of the surprise selection of DCNS to build Australia’s next submarine. If the motive of the leak was economic gain, why would the data not be sold to DCNS’ rivals? Clearly neither the German- nor the Japanese-backed bids had access to the information. There are a number of factors that play into a defense acquisition of the size of the future Australian submarine project, but at least publicly, the decision centered on the French option’s performance characteristics. These included stealth capabilities, noise levels, and its “pump-jet” propulsion technology—precisely the sort of information that this leak would have provided to DCNS’ competitors, meaning they either didn’t have it or didn’t understand its importance.
If this leak had been the result of a cyber attack, the implications would have been much greater. The leak may only pertain to one platform, but it has security implications for three major Indo-Pacific nations. DCNS designs, supports, and builds major fleet units for several major navies in the region. In addition to two Scorpene submarines, it provides Malaysia with patrol vessels while Singapore and Taiwan utilize variants of its FL-300 frigate. In fact, European defense firms are a prominent feature of naval operations in the region. Australia’s other recent major naval acquisitions—three Hobart-class Air-Warfare Destroyers (AWD) and two Canberra-class Landing Helicopter Docks (LHDs)—were sourced from Navantia in Spain. Australia’s current submarines, the Collins-class, were based on a Swedish design similar to two operated by Singapore. More recently, Singapore acquired two ThyssenKrupp Marine Systems (TKMS) submarines, similar to the design that was in competition with DCNS for the Australian future sub. Variants of that TKMS predecessor design, the 209, are in service in the Indian, Indonesian, and South Korean navies.
Some of these platforms are dated, and there are numerous and increasing domestically built naval platforms in operation in these countries as well. But submarine technical information is particularly sensitive and European defense industry plays a disproportionately large role in the region. A compromise of any one of these European companies would have implications for some of the region’s most significant naval forces, all of which have the potential to face China in a naval confrontation, should a tensions escalate to that level.
While access to the original documents may not yet be widely available, in this day and age of cyber espionage it is only a matter of time until China and its partners get such access. It is likely that they would have eventually acquired this data, but this leak will save them significant effort.
China has a well-established track record of stealing sensitive information, for both military and economic purposes. As Europe’s defense firms continue to supply critical capabilities to China’s potential adversaries they will increasingly become targets of such espionage. While the Scorpene incident does not appear to be the result of a Chinese cyber intrusion, the possibility that it may have been caused panic across the region. As China faces a number of European-sourced naval designs, it is only a matter of time until European firms face a concerted effort to access their sensitive technical data.
John Watts is a nonresident senior fellow at the Atlantic Council’s Brent Scowcroft Center on International Security.