We are currently experiencing network problems with the desktop version of Police Oracle. We hope to have these resolved as soon as possible.

Enhanced version of Police CyberAlarm tool launched

First piloted in the East Midlands in 2020, the tool is now being used in almost all force areas across England and Wales as well as PSNI.

Funded by the Home Office, the free tool can be used by individuals and businesses to help them block malicious ransomware and identify weak spots in computer systems. Data is then used to create regular reports on potential malicious activity as well as threat trends that have been spotted across the member network.

Vulnerability scanning can also be added – providing regular reports of all known vulnerabilities.

The metadata (logs) collected helps members to better protect themselves, but it is also used by regional and force cyber teams to help them build an understanding of the scale and nature of threats facing the public.

National Policing lead for the Police CyberAlarm, DCI Phil Donnelly told Police Oracle: “The focus is that it increases your intelligence and your understanding of cyber threats, but also where CyberAlarm came from was as an intelligence tool for policing to understand what the cyber threat landscape is.

“What we’re looking at is not just offences, but an attempt at what we call suspicious activity.

“It’s just like in the real world, someone walking down the street and trying car doors. We can stop someone who is trying the car doors before they get to the one that’s open.”  

The CyberAlarm tool is locally focussed and sits alongside other software including firewalls and anti-virus but does not replace them. To date, it has identified over a billion potential suspicious events.

DCI Donnelly explained: “A group may do the phishing attack, they may do the brute force attacks – so they’re getting into your system. Then they’ll do one of two things; either do the criminality themselves, steal the data or deploy the ransomware – or they may just sell that – inform other groups which organisations they have compromised and tell them what they need to do […] There’s a supply chain within this criminality now.”

He suggested that typically there were lo­w levels of reporting cybercrime, which could be due to a number of reasons including people reporting the resulting fraud instead of the malicious activity itself, businesses focussing on recovery rather than reporting, as well as the fact that people don’t report attempts that have been blocked by firewalls for example.

“In the real world if somebody tried to get in your front door you would ring the police up,” he said.

Currently there are around 1,000 members with CyberAlarm and approximately 1,000 suspicious incidents per member each hour. The tool is based on a commercial product which allows the data to be analysed and presented on a usable dashboard within 90 seconds  

Evidential copies of the data are kept, but so far have not been through any court cases.

Originally, the tool focussed on firewall data – taking the logs which are generated and filtering them to find those with suspicious activity. That would then be analysed to identify things like attack patterns and types of attack. The information already exists but with the help of the tool, it is made readable.

The tool does not look at the content of the traffic – only the logs which are produced.  

Today’s enhanced version has three new capabilities; anti-spam, anti-virus and IPS and IDS (Intrusion protection/detection systems). In a similar way, it will analyse the logs that the system receives.

Commissioner of City of London Police, and National Policing Lead for Cyber and Economic Crime, Angela McLaren said: “Due to the success of Police CyberAlarm, we have been able to secure extra funding from the Home Office to improve the system through additional functionality.

“We see alerts everyday of potential vulnerability or suspicious activity via Police CyberAlarm to its members. It is a key tool in an organisation’s cyber resilience toolkit and the additional functionality will enable policing to help businesses better protect themselves.”

Leave a Comment
View Comments 1
In Other News
Consumers group calls for return of Online Safety Bill
Safeguarding experts condemn putting online safety Bill on hold
The impact of online abuse and harassment
Police Scotland diverts resources from digital as officers leave
South West Regional Cyber Crime Unit on managing cryptocurrency
Pilot scheme between force and bank uses proceeds of crime to fight fraud
More News