Provision of information held by Northumbria Police made under the Freedom of Information Act 2000 (the 'Act')
As you may be aware the purpose of the Act is to allow a general right of access to information held at the time of a request, by a Public Authority (including the Police), subject to certain limitations and exemptions.
You asked:
- Standard Firewall (Network) - Firewall service protects your corporate Network from unauthorised access and other Internet security threats
- Anti-virus Software Application - Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
- Microsoft Enterprise Agreement - is a volume licensing package offered by Microsoft.
The information I require is around the procurement side and we do not require any specifics (serial numbers, models, location) that could bring threat/harm to the organisation.
For each of the different types of cyber security services can you please provide me with:
- Who is the existing supplier for this contract?
- What does the organisation annual spend for each of contract?
- What is the description of the services provided for each contract? Please do not just state firewall.
- Primary Brand (ONLY APPLIES TO CONTRACT 1&2)
- What is the expiry date of each contract?
- What is the start date of each contract?
- What is the contract duration of contract?
- The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.
- Number of Licenses (ONLY APPLIES TO CONTRACT 3)
In Response:
Following receipt of your request, searches were conducted with the ICT Department of Northumbria Police. I can confirm that the information you have requested is held, in part, by Northumbria Police.
I am able to disclose the located information to you as follows.
Firewalls
1-9. No information held. The Force does not have a support contract in place for Firewalls – it has internal resources trained and available to perform this role.
Anti-Virus Software Application
1. SCC.
2. Annual £28,566.87.
3. Client & server endpoint protection including:
Virus & Spyware Protection.
Proactive Threat Protection.
Network Host Exploit mitigation.
4. A response to this point will not be disclosed and by withholding we shall rely on the below exemptions.
S24 (1) National Security
S31 (1) Law Enforcement
Sections 24, and 31 are prejudice based qualified exemptions and there is a requirement to articulate the harm that would be caused in its disclosure as well as carrying out a public interest test.
Harm
To disclose information to the public at large as to what we have in place to protect police systems would show criminals what the capacity, tactical abilities and capabilities of the force are, allowing them to target specific areas of the UK to conduct their criminal/terrorist activities. Any information identifying firewalls utilised could be used to the advantage of terrorists or criminal organisations. Information that undermines the operational integrity of these activities will adversely affect public safety and have a negative impact on both national security and law enforcement.
Factors favouring disclosure - Section 24
The public are entitled to know what public funds are spent on and what security measures are in place, and by confirming what is in place would lead to a better-informed public.
Factors against disclosure - Section 24
By disclosing this information would make those security measures less effective. This would lead to the compromise of ongoing or future operations to protect the security or infra-structure of the UK and increase the risk of harm to the public, ie a cyber-criminal could use such information to attack a particular police force. The information is sensitive in nature if it would highlight vulnerabilities. For instance, if it is known that a particular piece of software has weaknesses and a force was to disclose they use this then those weaknesses could be exploited. A cyber-attack could negatively affect the infrastructure of policing. By affecting the infrastructure of policing the nation’s security will be more vulnerable to terrorism.
Factors favouring disclosure - Section 31
This would enable the public to have a better understanding of the effectiveness of the police and about how the police protect systems used. It would greatly assist in the quality and accuracy of public debate, which could otherwise be steeped in rumour and speculation. Where public funds are being spent, there is a public interest in accountability and justifying the use of public money.
Factors against disclosure- Section 31
The release of this type of information would better inform a criminal on how to cyber-attack the police. If a force was hacked and this lead to their IT systems not working efficiently then a negative impact would occur on the prevention or detection of crime. Cyber-crime can lead to forces being unable to carry out their objectives. Northumbria Police would not want to provide information that could lead to criminals being better informed on the vulnerabilities, or perceived vulnerabilities a force has.
Balance Test
The security of the country is of paramount importance and the Police service will not divulge any information if to do so would place the safety of an individual at risk, undermine National Security or compromise law enforcement.
Whilst there is a public interest in the transparency of policing operations and providing assurance that the police service is appropriately and effectively engaging with the threat posed by various groups or individuals, there is a very strong public interest in safeguarding the integrity of police systems, investigations and operations in the highly sensitive areas such as extremism, crime prevention, public disorder and terrorism prevention.
As much as there is public interest in knowing that policing activity is appropriate and balanced this will only be overridden in exceptional circumstances. The areas of police interest discussed above are sensitive issues that reveal security systems and therefore it is our opinion that for these issues the balancing test for disclosure is not made out.
5. 30/06/2020.
6. 01/07/2021.
7. Annual Renewal.
8. Paul Smith - Infrastructure Services Manager - Tel: 0191 4373139 - Email: smith.6920@northumbria.pnn.police.uk
9. N/A.
Microsoft Enterprise Agreement
1. CDW.
2. £1,200,204.48.
3. Official Microsoft part numbers and descriptions are below.
4. Microsoft.
5. 30/06/2020.
6. 01/07/2019.
7. Annual.
8. Roy Hails - Application Services Manager – Tel: 0191 4373188 – Email: hails.9104@northumbria.pnn.police.uk
9.
|
Item Description |
Qty |
Part Number |
|
|
||
|
SQLSvrEntCore ALNG SubsVL MVL 2Lic CoreLic |
60 |
7JQ-00663 |
|
CISSteStdCore ALNG SubsVL MVL 2Lic CoreLic |
784 |
9GA-00312 |
|
CISSteDCCore ALNG SubsVL MVL 2Lic CoreLic |
754 |
9GS-00134 |
|
|
||
|
M365 E3 ShrdSvr ALNG SubsVL MVL PerUsr |
2600 |
AAA-10756 |
|
|
||
|
WinE5perUsrStepUpFromE3perUsr ALNG SubsVL MVL |
2600 |
AAA-22324 |
|
EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr |
2600 |
CE6-00004 |
|
O365ATP ShrdSvr ALNG SubsVL MVL PerUsr |
2600 |
KF5-00002 |
|
|
||
|
O365E3 ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
AAA-10842 |
|
WINVDAE3 ALNG SubsVL MVL PerUsr |
1 |
7F4-00002 |
|
EntMobandSecE3Full ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
AAA-10732 |
|
WinVDAE5StpFrmWinVDAE3 Alng MonthlySub Addon |
1 |
AAA-51085 |
|
EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr |
1 |
CE6-00004 |
|
O365ATP ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
KF5-00002 |
|
|
||
|
WinE3perUser ALNG SubsVL MVL PerUsr |
2600 |
AAA-10787 |
|
EntCAL ALNG LicSAPk MVL UsrCAL wSrvcs |
2600 |
76A-00028 |
|
EntCALSrvcsforEnt ALNG SubsVL MVL PerUsr |
2600 |
6PV-00007 |
|
IdentityMgrCAL ALNG LicSAPk MVL UsrCAL |
1 |
NK7-00065 |
|
SfBSvr ALNG LicSAPk MVL |
4 |
5HU-00215 |
|
SfBSvrPlusCAL ALNG LicSAPk MVL UsrCAL |
1 |
YEG-00397 |
|
SharePointSvr ALNG LicSAPk MVL |
13 |
H04-00232 |
|
ExchgSvrEnt ALNG LicSAPk MVL |
5 |
395-02412 |
|
VSEntSubMSDN ALNG LicSAPk MVL |
1 |
MX3-00115 |
|
SysCtrSrvcMgrCltML ALNG LicSAPk MVL PerUsr |
70 |
3ND-00525 |
|
SysCtrOpsMgrCltML ALNG LicSAPk MVL PerUsr |
1 |
9TX-00003 |
|
SysCtrOrchestratorSvr ALNG LicSAPk MVL PerUsr |
1 |
3ZK-00194 |
|
Prjct ALNG LicSAPk MVL (licensed by device) |
1 |
076-01776 |
|
VisioStd ALNG LicSAPk MVL (licenced by device) |
1 |
D86-01175 |
|
O365E3w/oProPlusAddOn ShrdSvr ALNG SubsVL MVL AddOn touserECAL |
1 |
6V5-00002 |
|
ECALBridgeO365 ALNG SubsVL MVL PerUsr |
1 |
AAA-12426 |
|
O365E5 ShrdSvr Step up from O365PE3 PerUsr |
1 |
SY9-00006 |
|
ProjOnlnProf ShrdSvr ALNG SubsVL MVL Promo PerUsr |
50 |
7LS-00006 |
|
VisioOnlnP2 ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
N9U-00002 |
Following receipt of your request, searches were conducted with the ICT Department of Northumbria Police. I can confirm that the information you have requested is held, in part, by Northumbria Police.
I am able to disclose the located information to you as follows.
Firewalls
1-9. No information held. The Force does not have a support contract in place for Firewalls – it has internal resources trained and available to perform this role.
Anti-Virus Software Application
- SCC.
- Annual £28,566.87.
- Client & server endpoint protection including:
Virus & Spyware Protection.
Proactive Threat Protection.
Network Host Exploit mitigation.
4 A response to this point will not be disclosed and by withholding we shall rely on the below exemptions.
S24 (1) National Security
S31 (1) Law Enforcement
Sections 24, and 31 are prejudice based qualified exemptions and there is a requirement to articulate the harm that would be caused in its disclosure as well as carrying out a public interest test.
Harm
To disclose information to the public at large as to what we have in place to protect police systems would show criminals what the capacity, tactical abilities and capabilities of the force are, allowing them to target specific areas of the UK to conduct their criminal/terrorist activities. Any information identifying firewalls utilised could be used to the advantage of terrorists or criminal organisations. Information that undermines the operational integrity of these activities will adversely affect public safety and have a negative impact on both national security and law enforcement.
Factors favouring disclosure - Section 24
The public are entitled to know what public funds are spent on and what security measures are in place, and by confirming what is in place would lead to a better-informed public.
Factors against disclosure - Section 24
By disclosing this information would make those security measures less effective. This would lead to the compromise of ongoing or future operations to protect the security or infra-structure of the UK and increase the risk of harm to the public, ie a cyber-criminal could use such information to attack a particular police force. The information is sensitive in nature if it would highlight vulnerabilities. For instance, if it is known that a particular piece of software has weaknesses and a force was to disclose they use this then those weaknesses could be exploited. A cyber-attack could negatively affect the infrastructure of policing. By affecting the infrastructure of policing the nation’s security will be more vulnerable to terrorism.
Factors favouring disclosure - Section 31
This would enable the public to have a better understanding of the effectiveness of the police and about how the police protect systems used. It would greatly assist in the quality and accuracy of public debate, which could otherwise be steeped in rumour and speculation. Where public funds are being spent, there is a public interest in accountability and justifying the use of public money.
Factors against disclosure- Section 31
The release of this type of information would better inform a criminal on how to cyber-attack the police. If a force was hacked and this lead to their IT systems not working efficiently then a negative impact would occur on the prevention or detection of crime. Cyber-crime can lead to forces being unable to carry out their objectives. Northumbria Police would not want to provide information that could lead to criminals being better informed on the vulnerabilities, or perceived vulnerabilities a force has.
Balance Test
The security of the country is of paramount importance and the Police service will not divulge any information if to do so would place the safety of an individual at risk, undermine National Security or compromise law enforcement.
Whilst there is a public interest in the transparency of policing operations and providing assurance that the police service is appropriately and effectively engaging with the threat posed by various groups or individuals, there is a very strong public interest in safeguarding the integrity of police systems, investigations and operations in the highly sensitive areas such as extremism, crime prevention, public disorder and terrorism prevention.
As much as there is public interest in knowing that policing activity is appropriate and balanced this will only be overridden in exceptional circumstances. The areas of police interest discussed above are sensitive issues that reveal security systems and therefore it is our opinion that for these issues the balancing test for disclosure is not made out.
5 30/06/2020.
6 01/07/2021.
7 Annual Renewal.
8 Paul Smith - Infrastructure Services Manager - Tel: 0191 4373139 - Email: smith.6920@northumbria.pnn.police.uk
9 N/A.
Microsoft Enterprise Agreement
- CDW.
- £1,200,204.48.
- Official Microsoft part numbers and descriptions are below.
- Microsoft.
- 30/06/2020.
- 01/07/2019.
- Annual.
- Roy Hails - Application Services Manager – Tel: 0191 4373188 – Email: hails.9104@northumbria.pnn.police.uk
|
Item Description |
Qty |
Part Number |
|
|
||
|
SQLSvrEntCore ALNG SubsVL MVL 2Lic CoreLic |
60 |
7JQ-00663 |
|
CISSteStdCore ALNG SubsVL MVL 2Lic CoreLic |
784 |
9GA-00312 |
|
CISSteDCCore ALNG SubsVL MVL 2Lic CoreLic |
754 |
9GS-00134 |
|
|
||
|
M365 E3 ShrdSvr ALNG SubsVL MVL PerUsr |
2600 |
AAA-10756 |
|
|
||
|
WinE5perUsrStepUpFromE3perUsr ALNG SubsVL MVL |
2600 |
AAA-22324 |
|
EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr |
2600 |
CE6-00004 |
|
O365ATP ShrdSvr ALNG SubsVL MVL PerUsr |
2600 |
KF5-00002 |
|
|
||
|
O365E3 ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
AAA-10842 |
|
WINVDAE3 ALNG SubsVL MVL PerUsr |
1 |
7F4-00002 |
|
EntMobandSecE3Full ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
AAA-10732 |
|
WinVDAE5StpFrmWinVDAE3 Alng MonthlySub Addon |
1 |
AAA-51085 |
|
EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr |
1 |
CE6-00004 |
|
O365ATP ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
KF5-00002 |
|
|
||
|
WinE3perUser ALNG SubsVL MVL PerUsr |
2600 |
AAA-10787 |
|
EntCAL ALNG LicSAPk MVL UsrCAL wSrvcs |
2600 |
76A-00028 |
|
EntCALSrvcsforEnt ALNG SubsVL MVL PerUsr |
2600 |
6PV-00007 |
|
IdentityMgrCAL ALNG LicSAPk MVL UsrCAL |
1 |
NK7-00065 |
|
SfBSvr ALNG LicSAPk MVL |
4 |
5HU-00215 |
|
SfBSvrPlusCAL ALNG LicSAPk MVL UsrCAL |
1 |
YEG-00397 |
|
SharePointSvr ALNG LicSAPk MVL |
13 |
H04-00232 |
|
ExchgSvrEnt ALNG LicSAPk MVL |
5 |
395-02412 |
|
VSEntSubMSDN ALNG LicSAPk MVL |
1 |
MX3-00115 |
|
SysCtrSrvcMgrCltML ALNG LicSAPk MVL PerUsr |
70 |
3ND-00525 |
|
SysCtrOpsMgrCltML ALNG LicSAPk MVL PerUsr |
1 |
9TX-00003 |
|
SysCtrOrchestratorSvr ALNG LicSAPk MVL PerUsr |
1 |
3ZK-00194 |
|
Prjct ALNG LicSAPk MVL (licensed by device) |
1 |
076-01776 |
|
VisioStd ALNG LicSAPk MVL (licenced by device) |
1 |
D86-01175 |
|
O365E3w/oProPlusAddOn ShrdSvr ALNG SubsVL MVL AddOn touserECAL |
1 |
6V5-00002 |
|
ECALBridgeO365 ALNG SubsVL MVL PerUsr |
1 |
AAA-12426 |
|
O365E5 ShrdSvr Step up from O365PE3 PerUsr |
1 |
SY9-00006 |
|
ProjOnlnProf ShrdSvr ALNG SubsVL MVL Promo PerUsr |
50 |
7LS-00006 |
|
VisioOnlnP2 ShrdSvr ALNG SubsVL MVL PerUsr |
1 |
N9U-00002 |
