14th June 2022
“Police CyberAlarm is a free tool to help members understand and monitor malicious cyber activity. This service is made up of two parts: monitoring and vulnerability scanning. Police CyberAlarm acts as a “CCTV camera” monitoring the traffic seen by a member’s connection to the internet. It will detect and provide regular reports of suspected malicious activity, enabling organisations to minimise their vulnerabilities. The data collected by the system does not contain any content of the traffic. The system is designed to protect personal data, trade secrets and intellectual property.” Reproduced with permission from https://www.cyberalarm.police.uk/
The Police CyberAlarm system is the subject of publication of perceived security flaws by an independent security researcher. In response to this publication, the Corporation of the City of London (acting in its capacity as Police Authority for the City of London Police) has engaged the services of Bytes Software Services Limited (‘Bytes’) to act as an independent security company to investigate the discoveries that were published. This Statement allows the Corporation of the City of London (acting in its capacity as Police Authority for the City of London Police) to identify the approach and responses which have been taken in relation to this, and to address any concerns that may be raised about the security of the Police CyberAlarm system.
Bytes’ portfolio includes information and technical security audit and advisory services. This includes but is not limited to risk management, penetration testing, digital forensics, threat intelligence, investigative and incident management services. Bytes’ Digital Forensics, Threat Intelligence, and Incident Management (DFIM) team undertook an investigation into the independent security researcher’s discoveries. The investigation consisted of interviews of the relevant parties, review of independent security reports and creation of independent test models. All activities were undertaken to enable the DFIM team to form an independent response.
The discoveries of the DFIM team were as follows:
Bytes Software Services Ltd
+44 (0) 1372 418500