This week, French shipbuilding firm DCNS has confirmed a “serious” data leak from their organisation, and that national authorities have launched investigations.
Over twenty thousand documents detailing combat capability of the French organisation’s Scorpene-class submarines have been leaked, causing fears over the security of multibillion dollar contracts; namely with India and Australia, but also Malaysia, Chile and Brazil who also operate this vessel. The documents leaked contained highly classified information relating to the new six submarines being built for the Indian Navy – a contract worth £2.6bn – and were leaked online, to be then made public by the Australian media. The Australian newspaper reported that the data had seemingly passed through several hands, as it is reported the leak may have happened as long ago as 2011.
With Indian and French national authorities both launching investigations, this data leak now threatens the relationship between DCNS and the Australian government, who have this year ordered a new fleet of Scorpene submarines for their navy in a contract worth £28.8bn – the largest ever defence contract won by a French company.
The Scorpene submarine is widely considered to be one of the most advance of its kind, with reported ability to be able to evade detection under water, however, leaked data is reported to document its technical and combat capabilities, including its sonar powers. It is yet to be clarified if the data leak is the result of an insider, or an outside cyber hacking; and whether the leak originated in France or India.
What we can learn as a result of this data leak, is that it is crucial for organisations who are producing Intellectual Property (IP) to keep this valuable data protected at all times. Using a solution such as a data classification tool helps to build a security culture within the organisation, which ensures users are aware of the importance of keeping their documents and IP classified and protected at all times, no matter how sensitive, or not, it may seem at the time of creation. The addition of a reporting infrastructure in this instance would have provided the organisation with vital knowledge to review activity as far back as 2011 to be able to quickly identify the source of the leak, something they are currently struggling to successfully identify and confirm.