After a successful pilot run in November 2020, the National Crime Agency (NCA) and the Cyber Resilience Centre (CRC) have gone to market looking for a supplier to further develop the Police CyberAlarm in the UK. The system works by monitoring internet traffic and gathering evidence of suspicious activity in its network, which is then sent to the Cyber Crime police units for further investigation. This national initiative aims to be the first line of surveillance against hackers and fraudsters for small and medium businesses (SMEs) in the UK.
The high sums spent on cybersecurity by big corporations are increasingly seen as necessary, however, SMEs cannot afford to spend much on their fight against cybercrime. This is where the problem starts. According to the Cyber Security Breaches Survey 2020, 68% of UK SMEs reported having cybersecurity breaches or attacks in that year. On average, cyber-attacks cost UK SMEs circa £3,000 per company, and a combined amount of over £7bn annually across the whole economy.
Chasing cyber criminals can be as difficult as looking for a needle in a haystack. The process of pressing charges against cyber-attackers and gathering the necessary online evidence to indict someone can be challenging. With all these barriers to successful prosecution in mind, CyberAlarm works by controlling network traffic from companies that decide to install the system. It will then be able to collect and feed live information to the police cyber-crime units on suspicious traffic, generating reports and detecting vulnerabilities for its users.
The first version of Police CyberAlarm was developed by pervade Software Ltd and was live since 2019. However, there were several logging issues identified in the tool, which prompted the National Police Chiefs’ Council (NPCC) to secure funds and find another supplier to improve the system. Police CyberAlarm is a monitoring system and does not interfere with any of the traffic on internet gateways. Therefore, SMEs and other interested organisations are still advised to keep using commercial cyber-protection software, but they should use CyberAlarm as an extra layer of security. The system will mostly serve as an evidence gathering tool between cyber-attacks against its users and police forces, facilitating data gathering so cyber criminals can be caught.
By generating enough adoption in the local network, the police hope to increase its understanding on cybercrime incident trends on a local, regional and national level. The data collected may also add to some side benefits to cyber policing, such as helping shape new public policies on the matter and staying ahead of threats by identifying patterns of attack. SMEs are not the only ones encouraged to join the scheme. Schools, charities, universities or any other organisation willing to share data with the police also have access to the system.
The Police CyberAlarm tender has a value of up to £1.5m for its further development, with the contract being managed through the Mint Commercial Services LLP in a partnership with the NCA. According to the NPCC, key features of CyberAlarm’s old version will not be changed, which includes ingesting and categorising firewall logs, analyse correlations of network breaches and scanning the vulnerability of external IP addresses.
The new supplier, however, is expected to add new functionality to the tool, such as Intrusion Detection and Intrusion Prevention systems (IDS/IPS) logs, email, Instant Messaging (IM) SPAM logs from central collection and IV log analysis. Furthermore, the awarded supplier will then commit to a four years’ contract with law enforcement agencies to provide support to the future system. Interested companies have until the 15th April 2021 to express interest and participate on the procurement process.