Supply chain companies that are considering publicising their support for the Dreadnought Programme through their external communications channels – including websites, news releases and social media – are reminded that such activity can carry national security risks for suppliers and their employees.
Disclosing details about specific association with the Dreadnought Programme and the products they provide for it (based on the nature of their individual business) could expose suppliers and employees to hostile activity and security threats.
In the interests of safety and security, suppliers and employees are urged to follow the relevant guidance below from the Submarine Delivery Agency, BAE Systems and Rolls-Royce Security Aspect Letter (SAL), which each supplier has signed up to as part of its contract:
11. External Release of Information. External communications are to avoid divulging any information[1] that has value to a Hostile Threat Actor (HTA)[2] or commercial competitor. This includes seemingly benign information that, were it to be aggregated with other openly available information, would be exploitable by such people, groups, or organisations. Any exceptions to this requirement must be proposed by the undersigned, accompanied by a risk assessment demonstrating how the associated benefits of publishing the information outweigh the risks. Under no circumstances is this to include information classified OFFICIAL-SENSITIVE or above.
12. The threat of social engineering and subversion via social media is high. Releasing information that associates staff with the Dreadnought/Astute/SSNR Programmes is to be strongly discouraged.
[1] Including - but not limited to – Dreadnought/Astute & SSNR information and BAES site infrastructure.
[2] Such as Foreign Intelligence Services, criminals, extremist groups, activist and hackers.
In summary, any programme information or association with the Dreadnought Programme to be posted in the public domain must be approved in advance by the Security and Communications teams for the contracting authority (prime) i.e. BAE Systems/ Rolls-Royce and the Dreadnought Alliance's Security and Communications teams.
