Font Size:
Speech:
Date Responded 26 February 2020

Provision of information held by Northumbria Police made under the Freedom of Information Act 2000 (the 'Act')

As you may be aware the purpose of the Act is to allow a general right of access to information held at the time of a request, by a Public Authority (including the Police), subject to certain limitations and exemptions.

You asked:

  1. Standard Firewall (Network) - Firewall service protects your corporate Network from unauthorised access and other Internet security threats
  2. Anti-virus Software Application - Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.
  3. Microsoft Enterprise Agreement - is a volume licensing package offered by Microsoft.

The information I require is around the procurement side and we do not require any specifics (serial numbers, models, location) that could bring threat/harm to the organisation.

For each of the different types of cyber security services can you please provide me with:

  1. Who is the existing supplier for this contract?
  2. What does the organisation annual spend for each of contract?
  3. What is the description of the services provided for each contract? Please do not just state firewall.
  4. Primary Brand (ONLY APPLIES TO CONTRACT 1&2)
  5. What is the expiry date of each contract?
  6. What is the start date of each contract?
  7. What is the contract duration of contract?
  8. The responsible contract officer for each of the contracts above? Full name, job title, contact number and direct email address.
  9. Number of Licenses (ONLY APPLIES TO CONTRACT 3)

In Response:

Following receipt of your request, searches were conducted with the ICT Department of Northumbria Police. I can confirm that the information you have requested is held, in part, by Northumbria Police.

I am able to disclose the located information to you as follows.

Firewalls

1-9. No information held.  The Force does not have a support contract in place for Firewalls – it has internal resources trained and available to perform this role.

Anti-Virus Software Application

1. SCC.

2. Annual £28,566.87.

3. Client & server endpoint protection including:

Virus & Spyware Protection.

Proactive Threat Protection.

Network Host Exploit mitigation.

4. A response to this point will not be disclosed and by withholding we shall rely on the below exemptions.

S24 (1) National Security

S31 (1) Law Enforcement

Sections 24, and 31 are prejudice based qualified exemptions and there is a requirement to articulate the harm that would be caused in its disclosure as well as carrying out a public interest test.

Harm

To disclose information to the public at large as to what we have in place to protect police systems would show criminals what the capacity, tactical abilities and capabilities of the force are, allowing them to target specific areas of the UK to conduct their criminal/terrorist activities.  Any information identifying firewalls utilised could be used to the advantage of terrorists or criminal organisations.  Information that undermines the operational integrity of these activities will adversely affect public safety and have a negative impact on both national security and law enforcement.

Factors favouring disclosure - Section 24

The public are entitled to know what public funds are spent on and what security measures are in place, and by confirming what is in place would lead to a better-informed public.

Factors against disclosure - Section 24

By disclosing this information would make those security measures less effective.  This would lead to the compromise of ongoing or future operations to protect the security or infra-structure of the UK and increase the risk of harm to the public, ie a cyber-criminal could use such information to attack a particular police force.  The information is sensitive in nature if it would highlight vulnerabilities.  For instance, if it is known that a particular piece of software has weaknesses and a force was to disclose they use this then those weaknesses could be exploited.  A cyber-attack could negatively affect the infrastructure of policing.  By affecting the infrastructure of policing the nation’s security will be more vulnerable to terrorism.

Factors favouring disclosure - Section 31

This would enable the public to have a better understanding of the effectiveness of the police and about how the police protect systems used.  It would greatly assist in the quality and accuracy of public debate, which could otherwise be steeped in rumour and speculation.  Where public funds are being spent, there is a public interest in accountability and justifying the use of public money.

Factors against disclosure- Section 31

The release of this type of information would better inform a criminal on how to cyber-attack the police.  If a force was hacked and this lead to their IT systems not working efficiently then a negative impact would occur on the prevention or detection of crime.  Cyber-crime can lead to forces being unable to carry out their objectives.  Northumbria Police would not want to provide information that could lead to criminals being better informed on the vulnerabilities, or perceived vulnerabilities a force has.

Balance Test

The security of the country is of paramount importance and the Police service will not divulge any information if to do so would place the safety of an individual at risk, undermine National Security or compromise law enforcement.

Whilst there is a public interest in the transparency of policing operations and providing assurance that the police service is appropriately and effectively engaging with the threat posed by various groups or individuals, there is a very strong public interest in safeguarding the integrity of police systems, investigations and operations in the highly sensitive areas such as extremism, crime prevention, public disorder and terrorism prevention.

As much as there is public interest in knowing that policing activity is appropriate and balanced this will only be overridden in exceptional circumstances.  The areas of police interest discussed above are sensitive issues that reveal security systems and therefore it is our opinion that for these issues the balancing test for disclosure is not made out.

5. 30/06/2020.

6. 01/07/2021.

7. Annual Renewal.

8. Paul Smith - Infrastructure Services Manager - Tel: 0191 4373139 - Email: smith.6920@northumbria.pnn.police.uk

9. N/A.

Microsoft Enterprise Agreement

1. CDW.

2. £1,200,204.48.

3. Official Microsoft part numbers and descriptions are below.

4. Microsoft.

5. 30/06/2020.

6. 01/07/2019.

7. Annual.

8. Roy Hails - Application Services Manager – Tel: 0191 4373188 – Email: hails.9104@northumbria.pnn.police.uk

9.

Item Description

Qty

Part Number

 

   

SQLSvrEntCore ALNG SubsVL MVL 2Lic CoreLic

60

7JQ-00663

CISSteStdCore ALNG SubsVL MVL 2Lic CoreLic

784

9GA-00312

CISSteDCCore ALNG SubsVL MVL 2Lic CoreLic

754

9GS-00134

 

   

M365 E3 ShrdSvr ALNG SubsVL MVL PerUsr

2600

AAA-10756

 

   

WinE5perUsrStepUpFromE3perUsr ALNG SubsVL MVL

2600

AAA-22324

EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr

2600

CE6-00004

O365ATP ShrdSvr ALNG SubsVL MVL PerUsr

2600

KF5-00002

 

   

O365E3 ShrdSvr ALNG SubsVL MVL PerUsr

1

AAA-10842

WINVDAE3 ALNG SubsVL MVL PerUsr

1

7F4-00002

EntMobandSecE3Full ShrdSvr ALNG SubsVL MVL PerUsr

1

AAA-10732

WinVDAE5StpFrmWinVDAE3 Alng MonthlySub Addon

1

AAA-51085

EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr

1

CE6-00004

O365ATP ShrdSvr ALNG SubsVL MVL PerUsr

1

KF5-00002

 

   

WinE3perUser ALNG SubsVL MVL PerUsr

2600

AAA-10787

EntCAL ALNG LicSAPk MVL UsrCAL wSrvcs

2600

76A-00028

EntCALSrvcsforEnt ALNG SubsVL MVL PerUsr

2600

6PV-00007

IdentityMgrCAL ALNG LicSAPk MVL UsrCAL

1

NK7-00065

SfBSvr ALNG LicSAPk MVL

4

5HU-00215

SfBSvrPlusCAL ALNG LicSAPk MVL UsrCAL

1

YEG-00397

SharePointSvr ALNG LicSAPk MVL

13

H04-00232

ExchgSvrEnt ALNG LicSAPk MVL

5

395-02412

VSEntSubMSDN ALNG LicSAPk MVL

1

MX3-00115

SysCtrSrvcMgrCltML ALNG LicSAPk MVL PerUsr

70

3ND-00525

SysCtrOpsMgrCltML ALNG LicSAPk MVL PerUsr

1

9TX-00003

SysCtrOrchestratorSvr ALNG LicSAPk MVL PerUsr

1

3ZK-00194

Prjct ALNG LicSAPk MVL  (licensed by device)

1

076-01776

VisioStd ALNG LicSAPk MVL (licenced by device)

1

D86-01175

O365E3w/oProPlusAddOn ShrdSvr ALNG SubsVL MVL AddOn touserECAL

1

6V5-00002

ECALBridgeO365 ALNG SubsVL MVL PerUsr

1

AAA-12426

O365E5 ShrdSvr  Step up from  O365PE3 PerUsr

1

SY9-00006

ProjOnlnProf ShrdSvr ALNG SubsVL MVL Promo PerUsr

50

7LS-00006

VisioOnlnP2 ShrdSvr ALNG SubsVL MVL PerUsr

1

N9U-00002



 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Following receipt of your request, searches were conducted with the ICT Department of Northumbria Police. I can confirm that the information you have requested is held, in part, by Northumbria Police.

I am able to disclose the located information to you as follows.

Firewalls

1-9. No information held.  The Force does not have a support contract in place for Firewalls – it has internal resources trained and available to perform this role.

Anti-Virus Software Application

  1. SCC.
  2. Annual £28,566.87.
  3. Client & server endpoint protection including:

Virus & Spyware Protection.

Proactive Threat Protection.

Network Host Exploit mitigation.

4  A response to this point will not be disclosed and by withholding we shall rely on the below exemptions.

S24 (1) National Security

S31 (1) Law Enforcement

Sections 24, and 31 are prejudice based qualified exemptions and there is a requirement to articulate the harm that would be caused in its disclosure as well as carrying out a public interest test.

Harm

To disclose information to the public at large as to what we have in place to protect police systems would show criminals what the capacity, tactical abilities and capabilities of the force are, allowing them to target specific areas of the UK to conduct their criminal/terrorist activities.  Any information identifying firewalls utilised could be used to the advantage of terrorists or criminal organisations.  Information that undermines the operational integrity of these activities will adversely affect public safety and have a negative impact on both national security and law enforcement.

Factors favouring disclosure - Section 24

The public are entitled to know what public funds are spent on and what security measures are in place, and by confirming what is in place would lead to a better-informed public.

Factors against disclosure - Section 24

By disclosing this information would make those security measures less effective.  This would lead to the compromise of ongoing or future operations to protect the security or infra-structure of the UK and increase the risk of harm to the public, ie a cyber-criminal could use such information to attack a particular police force.  The information is sensitive in nature if it would highlight vulnerabilities.  For instance, if it is known that a particular piece of software has weaknesses and a force was to disclose they use this then those weaknesses could be exploited.  A cyber-attack could negatively affect the infrastructure of policing.  By affecting the infrastructure of policing the nation’s security will be more vulnerable to terrorism.

Factors favouring disclosure - Section 31

This would enable the public to have a better understanding of the effectiveness of the police and about how the police protect systems used.  It would greatly assist in the quality and accuracy of public debate, which could otherwise be steeped in rumour and speculation.  Where public funds are being spent, there is a public interest in accountability and justifying the use of public money.

Factors against disclosure- Section 31

The release of this type of information would better inform a criminal on how to cyber-attack the police.  If a force was hacked and this lead to their IT systems not working efficiently then a negative impact would occur on the prevention or detection of crime.  Cyber-crime can lead to forces being unable to carry out their objectives.  Northumbria Police would not want to provide information that could lead to criminals being better informed on the vulnerabilities, or perceived vulnerabilities a force has.

Balance Test

The security of the country is of paramount importance and the Police service will not divulge any information if to do so would place the safety of an individual at risk, undermine National Security or compromise law enforcement.

Whilst there is a public interest in the transparency of policing operations and providing assurance that the police service is appropriately and effectively engaging with the threat posed by various groups or individuals, there is a very strong public interest in safeguarding the integrity of police systems, investigations and operations in the highly sensitive areas such as extremism, crime prevention, public disorder and terrorism prevention.

As much as there is public interest in knowing that policing activity is appropriate and balanced this will only be overridden in exceptional circumstances.  The areas of police interest discussed above are sensitive issues that reveal security systems and therefore it is our opinion that for these issues the balancing test for disclosure is not made out.

5  30/06/2020.

6  01/07/2021.

7  Annual Renewal.

8  Paul Smith - Infrastructure Services Manager - Tel: 0191 4373139 - Email: smith.6920@northumbria.pnn.police.uk

9  N/A.

Microsoft Enterprise Agreement

  1. CDW.
  2. £1,200,204.48.
  3. Official Microsoft part numbers and descriptions are below.
  4. Microsoft.
  5. 30/06/2020.
  6. 01/07/2019.
  7. Annual.
  8. Roy Hails - Application Services Manager – Tel: 0191 4373188 – Email: hails.9104@northumbria.pnn.police.uk

Item Description

Qty

Part Number

 

   

SQLSvrEntCore ALNG SubsVL MVL 2Lic CoreLic

60

7JQ-00663

CISSteStdCore ALNG SubsVL MVL 2Lic CoreLic

784

9GA-00312

CISSteDCCore ALNG SubsVL MVL 2Lic CoreLic

754

9GS-00134

 

   

M365 E3 ShrdSvr ALNG SubsVL MVL PerUsr

2600

AAA-10756

 

   

WinE5perUsrStepUpFromE3perUsr ALNG SubsVL MVL

2600

AAA-22324

EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr

2600

CE6-00004

O365ATP ShrdSvr ALNG SubsVL MVL PerUsr

2600

KF5-00002

 

   

O365E3 ShrdSvr ALNG SubsVL MVL PerUsr

1

AAA-10842

WINVDAE3 ALNG SubsVL MVL PerUsr

1

7F4-00002

EntMobandSecE3Full ShrdSvr ALNG SubsVL MVL PerUsr

1

AAA-10732

WinVDAE5StpFrmWinVDAE3 Alng MonthlySub Addon

1

AAA-51085

EntMobandSecE5Full ShrdSvr ALNG SU MVL EntMobandSecE3Full PerUsr

1

CE6-00004

O365ATP ShrdSvr ALNG SubsVL MVL PerUsr

1

KF5-00002

 

   

WinE3perUser ALNG SubsVL MVL PerUsr

2600

AAA-10787

EntCAL ALNG LicSAPk MVL UsrCAL wSrvcs

2600

76A-00028

EntCALSrvcsforEnt ALNG SubsVL MVL PerUsr

2600

6PV-00007

IdentityMgrCAL ALNG LicSAPk MVL UsrCAL

1

NK7-00065

SfBSvr ALNG LicSAPk MVL

4

5HU-00215

SfBSvrPlusCAL ALNG LicSAPk MVL UsrCAL

1

YEG-00397

SharePointSvr ALNG LicSAPk MVL

13

H04-00232

ExchgSvrEnt ALNG LicSAPk MVL

5

395-02412

VSEntSubMSDN ALNG LicSAPk MVL

1

MX3-00115

SysCtrSrvcMgrCltML ALNG LicSAPk MVL PerUsr

70

3ND-00525

SysCtrOpsMgrCltML ALNG LicSAPk MVL PerUsr

1

9TX-00003

SysCtrOrchestratorSvr ALNG LicSAPk MVL PerUsr

1

3ZK-00194

Prjct ALNG LicSAPk MVL  (licensed by device)

1

076-01776

VisioStd ALNG LicSAPk MVL (licenced by device)

1

D86-01175

O365E3w/oProPlusAddOn ShrdSvr ALNG SubsVL MVL AddOn touserECAL

1

6V5-00002

ECALBridgeO365 ALNG SubsVL MVL PerUsr

1

AAA-12426

O365E5 ShrdSvr  Step up from  O365PE3 PerUsr

1

SY9-00006

ProjOnlnProf ShrdSvr ALNG SubsVL MVL Promo PerUsr

50

7LS-00006

VisioOnlnP2 ShrdSvr ALNG SubsVL MVL PerUsr

1

N9U-00002

 

back to top