2024/1 Weekly Update from the “City ISAC I4C+” Highlights: From Disaster Recovery to Source Switching / Transnational Help in Flooding / “Golden Ticket” Focus for VAUBAN 2024 / Conversation has Transformative Power

2024/1 Weekly Update from the “City ISAC I4C+” Highlights:  From Disaster Recovery to Source Switching / Transnational Help in Flooding / “Golden Ticket” Focus for VAUBAN 2024 / Conversation has Transformative Power

[TLP:WHITE]

** For Back Issues see https://isac4cities.eu/blog **

Weekly [TLP:RED]

Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.

• Weekly [TLP:RED] for Publicly Elected Officials: Make sure you have a back-up mobile phone with an up-to-date contact list.
• Weekly [TLP:RED] for Essential Services Managers: Test disaster recovery of IT services yourself regularly by switching operations to the back-up solution (and back) and working off that – six months here, six months there.
• Weekly [TLP:RED] for IT Leaders: Put 24×7 remote monitoring capability of all servers / firewalls supporting essential services in place, regardless of whether operated / subscribed / outsources.

Summary

Hi everyone and hope you are well – one city and one region joined on Friday morning to kick-off the New Year for us. Some quiet conversations around the impact of the recent storms across our members (i.e., data centres flooding, or physical security compromised due to building damage), and reflections on how, in disaster situations, alternative communication media (i.e., shortwave radio networks). Also, some interesting stories on how local administrations across member nations help each other in disaster situations like the French mobile dam that was driven to a German city to help contain some of the flooding threats.

We then used the opportunity to discuss how we might shape our VAUBAN tabletop simulation for 2024 and there are some exciting ideas emerging. Key insights were that the Larissa format (see https://www.youtube.com/watch?v=OC_-DqyQ9C4) works best while the Bank Robbery story can be well integrated to highlight the threat actor activity. We will work on merging the two, testing it out virtually before the summer, and then, hopefully, running it face-to-face at the next annual conference of Major Cities Europe. The merged version will explore the story of how threat actors can “steal” the “Golden Ticket” for gaining wide-ranging access control privileges in the IT services supporting the delivery of our essential services. Stay tuned as the story evolves, especially since this year we will see local administrations leading the exercise.

Note that generally speaking a Golden Ticket attack is a type of cyber attack that targets the access control privileges of a Windows environment where Active Directory (AD) is in use. In this attack, adversaries use Kerberos tickets to take over the key distribution service of a legitimate user. The attack exploits weaknesses in the Kerberos identity authentication protocol, which is used to access the AD, allowing an attacker to bypass normal authentication. The attack is named after the Golden Ticket in the book and movie Charlie and the Chocolate Factory, which allows unlimited access to the chocolate factory. See https://www.crowdstrike.com/cybersecurity-101/golden-ticket-attack/ for a good high-level overview.

The following paragraphs are from the newsletter of David Gurteen (see https://conversational-leadership.net/gurteen-knowledge-letter/) and repeated here since they serve as a reminder of how we are trying to shape our community:

“The Enlightenment era of the 17th and 18th centuries revolutionized the world through the power of conversation. The coffeehouses of London served as hubs where lively debates took place, challenging established norms. Salons in Paris, spearheaded by influential women, also served as important centers of intellectual discourse amongst luminaries like Voltaire and Diderot, informing Enlightenment values of reason and progress.

These dialogues were instrumental in democratizing knowledge, shifting focus from tradition to reason and empirical evidence, thus making information accessible beyond the elite. This led to monumental shifts, influencing revolutions and the birth of modern democracies.

In today’s increasingly divided world, engaging in meaningful dialogue is more crucial than ever. Such conversations bridge divides, foster understanding, and drive collective action toward global challenges like climate change, political and military conflict, and technological disruption.

This new era of Enlightenment requires us to embrace empathy, open-mindedness, and a willingness to question our beliefs. By reviving the Enlightenment’s spirit of inquiry and dialogue, we can address the complexities of our world and co-create a better future.

This is a call to reignite the transformative power of conversation, not just to understand the world better but to actively improve it. Get in touch if you would like to explore how to get involved.”

Wishing you all the best for 2024!

Cheers

Oliver

In the News

• City of Fouesnant and its region of 10k citizens massively impacted – see https://www.ouest-france.fr/societe/cyberattaque/la-ville-de-fouesnant-victime-dune-cyberattaque-635a754c-a987-11ee-ad44-c03d56c454d6.  

City ISAC Services (Member Funded)

The list of services has been finalised and we are currently clarifying the legal formalities with our hosting organisation Major Cities Europe to ensure robust delivery for members. Key themes remain benchmarking NIS2/CIS Controls as the basis for robust risk management through Defence-In-Depth solutions and enabled through awareness building.

Project “DAVID” (Member Funded)

Pending first conversations with a group of German cities,  we see this project merging into project “VAUBAN” (see below) and helping multiple (trans-) regional private collaboration groups emerge. Face-to-face engagement will grow, while the enablement of more meaningful conversations that focus on sharing private sensitive knowledge will take priority (already happening in our Friday calls of course). “Small is beautiful” see https://en.wikipedia.org/wiki/Small_Is_Beautiful.

Project “VAUBAN”

No specific updates other than the “Golden Ticket” scenario emerging as described above.

Project “Regions4Cyber”

No specific updates with some key conversations planned next week to accelerate this into 2024.

Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.

Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/.  Do follow us / join.

Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.

Thank you for the support, your City ISAC I4C+ Team.

Cheers and ever onwards

Oliver

Innovating our Future… Together

Chair City ISAC I4C+ / Dr. Oliver Schwabe.

Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/