2024/3 Weekly Update from the “City ISAC I4C+” Highlights: “Golden Ticket” Virtual 2024 VAUBAN Tabletop Exercise on Tuesday 19 March 2024 from 2 pm to 4 pm CET / Free Malware Analysis at Cuckoo in Estonia / AI generated cyber threats are top Global Risk / Need for Banking Compliance can drive IT Budgets
** For Back Issues see https://isac4cities.eu/blog **
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
- Weekly [TLP:RED] for Publicly Elected Officials: The Head of IT should be on your leadership team.
- Weekly [TLP:RED] for Essential Services Managers: Regularly review your application landscape and security concerns with IT – usually IT struggles to maintain a robust overview of the applications and this gets you on the radar screen.
- Weekly [TLP:RED] for IT Leaders: Third-party compliance needs (i.e. to banks) include minimum IT standards that can be leveraged for prioritizing cyber investments.
| Summary |
Hi everyone and hope you are well – three cities joining this week and some moaning on the budgets for 2024 already being spent on “must haves”, well actually the “top” must haves, and the perennial challenge of finding funding for anything that is not urgently critical. We realised this is a challenge we all face though – even if something critical is broken does not mean we will get the funding needed to repair it. We know the solution is building that “coalition of the willing” that includes our essential service managers and elected officials, however that again needs time which is also a rare resource. Some good examples shared of how colleagues are resolving this, at least partially, and the solution lies in the “operated” services (versus “managed” or “subscribed”) -> we can do a lot more ourselves, with no budgets, than we usually think.
Then we explored the “amazing disappearing email” where we see emails appear and then disappear from our inboxes by themselves. Of course, it is our email filtering systems that is doing this, but the problem remains the potentially malignant email becoming available in the first place right? Should not happen, just like we should automatically be detecting delayed (attachment) file opens (or at least closing the process automatically if not completed within minimum time). These may be “configuration” opportunities that do not always need IT asset ownership. A colleague then showed us how they use the Estonian government service https://cuckoo.cert.ee/ for malware analysis of files and URLs – great tool / very easy to use / give it a try!
Other topics included how our offline copies of old software nowadays light the Christmas Tree of our security trees, zero touch mobile QR code malware and the importance of avoiding “VIP” privileges (but of course having a dedicated policy group for them).
Also, speaking with the CISO of a commercial company this week, we reflected on how he annually signs for their IT/security compliance with their bank´s IT/security requirements – for him these sorts of critical third-party requirements are always a key driver of IT investment budgets. We are seeing third party requirements becoming quite an effective lever for this – especially when it comes to financial and compliance related services. In this specific case, SWIFT provider requirements include minimum patching standards on related infrastructure.
On the AI front, the deepfake/deepvoice threat seems to be coming more relevant all the time and effective defensive measures mainly centred on raising cyber awareness among staff that this may well happen. The phone call from mayor asking for access rights etc. may seem authentic, but is it? This may seem far-fetched for many of us, however just like threat actors are continuously probing all our IT infrastructure for weaknesses and automating breach attempts, we will be seeing more and more of this new threat vector – train your staff to follow process and feel comfortable in refusing to by-pass it for anyone.
Maybe also of interest is the “Global Risks Report 2024” (https://www.weforum.org/agenda/2024/01/global-risk-report-2024-risks-are-growing-but-theres-hope/) that sees the threat from cyber among the top 5 threats this year – whereby AI generated mis-/dis-information is also there (and that is becoming a more and more significant threat vector in its own right).
Cheers
Oliver
| In the News |
- Calvia town hall suffers a ransomware cyberattack https://www.majorcadailybulletin.com/news/local/2024/01/14/120375/mallorca-crime-calvia-town-hall-suffers-cyberattack.html.
| City ISAC Services (Member Funded) |
The agreement with our hosting organisation Major Cities Europe is now being finalised. Key themes remain benchmarking NIS2/CIS Controls as the basis for robust risk management through Defence-In-Depth solutions and enabled through awareness building.
| Project “DAVID” (Member Funded) |
Continuing to plan a virtual open space event to roughly outline the possible cooperation requirements for municipalities in the event of a security incident. In a subsequent step, the catalogue of requirements would have to be developed and the requirements for such services would have to be defined through administrative assistance or inter-municipal cooperation processes. The virtual event would then be followed up by an in-person workshop, so that ideally by the end of 2024 not only the requirements have been defined and the implementation clarified, but also a “light” exercise has taken place to test the concept. This effort will be led by a local administration with the support of a third-party public-private-partnership IT service/infrastructure provider.
| Project “VAUBAN” |
Pleased to announce the EU City ISAC I4C+ and Major Cities Europe present the 2024 VAUBAN interactive cyber simulation “The Battle for the Golden Ticket”. Draft text below and do pencil this into your diary.
“The EU City ISAC I4C+, hosted by Major Cities Europe, will be holding the virtual version of its 2024 VAUBAN Tabletop Exercise on Tuesday 19 March 2024 from 2 pm to 4 pm CET.
The “Golden Ticket” gives administrator level access to all key IT systems of an organisation (including infrastructure). A person with the “Golden Ticket” can “turn off” any IT asset, and / or prevent anyone from accessing them. A threat actor with a “Golden Ticket” is a nightmare to any organisation.
Guided by two local administrations and supported by cyber experts and white hackers, we will jointly and interactively go through the story of the frantic fight of the Blue Team of a regional administration to prevent the confirmed initial breach of a professional Red Team from reaching the “Golden Ticket” (elevated privileges on all core systems) and the harrowing experience of local administrations faced by the potential shutdown of core financial services. At the end, participants will also explore how peer collaboration might have made this scenario less threatening, how principles of asymmetric warfare can help us identify pragmatic preventative actions, and why advances in Artificial Intelligence are making “Goliath” even more powerful…
Registration is open to any individuals interested in cyber security for local administrations. The event should be of particular interest to elected public officials, managers of essential services for regional and local administrations, as well as IT (Security) leaders.
Key learning points will include understanding how easy such a breach can happen, how damaging such a breach can be, and how we can prepare for when this happens – because it is not “whether” this will happen, but “when”, and those least prepared are usually the first to be impacted.”
| Project “Regions4Cyber” |
No updates. Remember we are exploring the possible cooperation requirements for municipalities in the event of a security incident, to then in a subsequent step, find the most suitable approach for requesting these will be defined through administrative assistance or inter-municipal cooperation processes. This is currently focused on Germany and in German language, however preparations are also being made for “twinning” the effort into other EU nations / regions.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/