
Registering with Police CyberAlarm is a requirement of the cyber threat cover included in the DfE’s risk protection arrangement (RPA). Many schools are unsure how to set up their IT systems to accommodate the CyberAlarm tool.
What is Police CyberAlarm?
Police CyberAlarm is a free tool which helps users understand and monitor malicious cyber activity. This service consists of two parts; monitoring and vulnerability scanning.
The monitoring element of the Police CyberAlarm is a virtual server that will securely collect, analyse and feed data back to the Police CyberAlarm server. The data sent only includes metadata (logs) from internet-facing gateways and devices such as external firewalls.
Many schools, including RM Broadband customers, use cloud-based firewalls such as Fortinet. This can cause problems because the onsite data collector may not function as intended. Despite this, it is perfectly possible to register for and benefit from the protection of the RPA.
Meeting the Police CyberAlarm registration criteria for RPA
Installation of the collector is not mandatory in order to sign up to Police CyberAlarm. According to our communications with the DfE, they know the situation with cloud-based firewalls. They have NOT mandated installation of the collector for RPA eligibility.
Page 109 of the RPA Membership Rules states:
All Members must register with Police CyberAlarm: Registering will connect Members with their local police cyber protect team and in the majority of cases, a cyber-alarm software tool can be installed for free to monitor cyber activity. Where installed the tool will record traffic on the network without risk to personal data.
The important words here are “in the majority of cases a cyber alarm software tool can be installed”. Installing the monitoring tool is not essential.
In the same way that a smoke alarm will not put out a fire, the monitoring tool itself provides a school with no protection from a cyber attack. It merely monitors activity and sends data to the Police Cyber Alarm server to build a picture of what is happening.
We have published blog pieces on the other elements of the RPA cyber protection. They cover: