Officials in France and India have launched investigations of a massive data breach involving thousands of documents belonging to defense industry contractor DCNS, which was scheduled to deliver six Scorpene-class submarines to the Indian navy later this year.
Hackers stole more than 22,000 pages of documents that included detailed technical information on the vessels. They turned them over en masse to The Australian, which published some of the leaked information.
DCNS acknowledged it was aware of the press coverage of the leak about the Indian Scorpene submarine project, and said French authorities were investigating the case.
The investigation will determine the exact nature of the leaked documents, potential damages to DCNS customers, and responsibility for the leak, the company said.
Indian government officials took up the incident with the director general of armament of the French government. They asked for an investigation and for the findings to be shared with the Indian government.
The Indian government also is conducting an internal investigation to rule out any security compromise. However, the leak appears to have taken place outside of India, according to defense officials.
The evidence so far has led some to suspect a link to state-sponsored activity or even organized crime, noted Pierluigi Paganini, chief information security officer at Bit4id.
“A government could be interested in leaking online such precious data only to interfere with commercial relationships between the DCNS and other governments,” he said. “It could be interested, for example, to benefit a company linked to it.”
The Kalvari, the first submarine built in India, reflects a deal between DCNS and Mazagon Dock Shipbuilders to build six vessels in Mumbai.
DCNS also won the largest-ever contract awarded in Australian history, for an advanced fleet of vessels. Australia selected DCNS as the preferred international partner for the design of 12 future submarines for the Royal Australian Navy, the company announced this spring. The leakage of the India Scorpene data has created some unease over whether Australia should take delivery of those vessels.
The Australian government chose DCNS for its ability to meet all of its requirements — among them, superior sensors and stealth characteristics, as well as range and endurance similar to Collins class vessels.
NATO’s main cyber-responsibility is to defend its own networks, noted Press Officer Daniele Riggio. Individual allies are responsible for protecting their own networks.
The Scorpene cyberattacks follow a series of attacks launched late last year against several contractors who were in the running for the Australian submarine contract. Several reports linked China and possibly Russian hackers to those incidents, which targeted contractors in Germany and Japan, as well as France’s DCNS.
Torben Beckmann, spokesman for Thyssenkrupp Industrial Solutions, confirmed that the company was one of three contractors in contention for the submarine contract, but he declined to comment on the reported data hack.
1,510 total views, 2 views today