The Australians uncovered it.
The French are investigating it.
The Japanese may have been responsible for it.
The Chinese and Pakistanis — the Chinese more likely — may have already got their hands on it.
And India is still looking for answers.
That's the story in short, of the massive data leak that occurred at the French submarine maker — DCNS — that brought into public domain all the sensitive technical details of the Scorpène submarines, which may have neutralised the operational significance of the fleet even before its actual deployment by the Indian Navy. All this without firing a single missile.
That's the power of information in today's digital age.
The Americans may have invented the information warfare, but it is the Chinese who have mastered it. And India is still getting it's act together even as its computer networks — government, military and commercial — are being regularly hacked. The gravity of the challenge is evident in this: In 2010, the government suspected a massive Chinese espionage operation targeting the computers of the Prime Minister's Office, including the infection of the national security advisor's personal laptop.
It doesn't matter where the leak originates — as in this case at the DCNS office in France — and where the stolen information is trafficked — Southeast Asia or Australia in this case. Both ends are in any case masked to maintain a deniability. What matters is who benefits from the data breaches — that's the Chinese and the Pakistanis, as they get access to a mine of information on the Scorpène fleet (espionage for statecraft) and the Japanese defence companies who are now vying with the European companies to get submarine contracts worldwide, after Tokyo reversed its military export ban (commercial espionage).
Ultimately, India is at a loss by being a pawn in the larger game.
We need to cut our losses. Hopefully the government learnt of these data leaks before the Australian media revelations. It's too late in the day to cancel the contract with the DCNS since re-launching another tender for acquiring the submarines will be tedious and protracted. We can't afford that kind of delay — not when our submarine fleet is aging and dwindling. But we need to hold DCNS accountable for the data breach and work with it to plug the exposed vulnerabilities in the Scorpène fleet. There's no need to blacklist the company, but tell it firmly that it is effectively out of the Indian defence market and any future contracts until it ensures that such a thing doesn't happen again.
We need to learn from this data leak and account for the recurrence of such a problem again in the future. So we should ensure the strictest standards of confidentiality in new defence contracts, including the six submarines for which we will soon award a contract. We also need to build in monetary penalties for data breaches in the contract to incentivise the defence companies for implementing better data-protection policies.
The Scorpène data leak is damaging but its not the end of the world for the Indian Navy. Let's learn from it and move on.