Weekly Update from the “City ISAC I4C+” Highlights: [TLP:RED] Guidance – Reactive Armour can help / If you are letting users install stuff from the Internet – just resign / Robust Project Management Processes are critical / Future Data is fragmented / “Cyber” is exciting – create a buzz
[TLP:WHITE]
Weekly [TLP:RED] – Please contact us directly for more information – these are summaries only and the “key” is in the actual stories. They are based on honest comments by peers in private conversations and they would probably never acknowledge the statement officially:
- Weekly [TLP:RED] for Publicly Elected Officials: When a cyber incident occurs, immediately have a “scribe” shadowing you to capture all communications and other evidence that will be needed in the future. Ex-police officers are good at this for example.
- Weekly [TLP:RED] for Essential Services Managers: Talk to the IT Help Desk, make sure they have a list of “super users” of your systems and treats them as “VIPs” when they call (or make sure they are considered as your official delegates).
- Weekly [TLP:RED] for IT Leaders: IT service outages due to cyber incidents are usually the best “sellers” for improved budgets. It can make sense to choose a “reactive armour” strategy in some spaces – let “contained” breaches occur…
Summary
Hi everyone and hope you are well – three cities and one region stopped by on Friday morning, and I guess our conversation was more of a coaching/mentoring activity for one colleague who now has the “privilege” of being CIO in a medium sized city. The role is not an easy one to say the least, especially if we see experienced staff leaving due to other major re-organisations or better offers from the commercial sector. Some key insights were around the importance of getting highly experience personal assistants in place and using entry-level staff as “special project” managers (reporting directly to the CIO). We cannot quality check every project either – but having a robust project/portfolio management process in place really helps (this can be outsourced by the way). Also make sure to get people in the habit of copying you on everything in emails – you don´t have to study the emails but having “evidence” archived for what is happening is usually helpful when things go wrong.
One interesting topic I had not really thought about either was that the SaaS/cloud momentum is also leading to major data fragmentation – remember how we used to try to consolidate data (ideally based on a unified data model)? Well, this consolidation is being reversed massively as services scatter across multiple cloud-based providers – sounds cheap initially but then of course the question of (terribly expensive) interfaces emerges.
Finally, we reflected on the importance of making our projects a lot more “exciting” to attract the attention of stakeholders (and resources) – “Cyber” is an excellent driver of excitement and we should really make a lot more effort to “market” and “sell” our activities – try getting some PR professionals involved?
Overall, a relatively quiet week for most of us from an incident perspective fortunately.
Cheers
Oliver
UPDATES
In the News:
- As per OSINT reports circulated, many higher education institutions impacted this week and main threat vector appears to be around insecure passwords and self-downloaded/installed software. As local administrations we should be reminded that if staff in general can, at will, download and install software from the internet, we might as well stop budgeting for cyber security – this hole is too big to patch….
City ISAC Services (Member Funded): Progressing on shaping a first support engagement for one of our local administration members in the space of Dark Web Monitoring. The Dark Web monitoring effort / approach is based on understanding the following key information for monitoring: number of employees, number of domains, number of IP addresses, number of email accounts, number of phone numbers, and number of physical locations. Contact me if you would also like to run a pilot in your organisation.
Project “DAVID” (Member Funded): Still awaiting the kick-off of project “MEET”, while the project with one of the Big 5 has been delayed by a few weeks due to resourcing issues on their side – considering we don´t have to pay for their services, I think it is ok to be patient.
Project “MEET” (EU Funded / Beneficiary): No updates from the coordinator on signing of the financial grant with the commission.
EU Council of ISACs (EU-CI): An interesting development in that there are multiple role changes in the cyber security space in the Commission and we have been invited to meet with the new role owners in Brussels to discuss better ways forward. Another slow grinding process, however, if we stay persistent, I am sure we can amplify the voice of local public administrations there.
Project “VAUBAN”: No updates. Remember if you would like us to run a tabletop exercise in your administration, we are happy to support.
Project “Regions4Cyber”: The regional perspective for local administrations is of course quite a different one than for cities (and accepted that some cities also assume regional tasks). In the regional space “healthcare” has become a special area of focus because we do see a lot of attacks/breaches in that space and the local administrations often play major roles in providing infrastructure. Watch out for our regional survey coming out to appreciate the sort of questions you might need to be asking on a regional level.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/
This email and any attachments are confidential to the intended recipient(s) and may also be privileged. If you are not the intended recipient, please delete it from your system and notify the sender. You should not copy it or use it for any purpose nor disclose or distribute its contents to any other person. The data contained in, or attached to, this email, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact +49 (0) 1709053671 if you need assistance.
To unsubscribe please send an email to info@isac4cities.eu