2024/5 Weekly Update from the MCE SIG “City ISAC I4C+” Highlights: VAUBAN Virtual Tabletop Monday April 8th 2pm-4pm CET (Invite Attached) / Don´t host Third Parties / National Cyber Security can Fund / Cyber Security attracts Young Colleagues
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
- Weekly [TLP:RED] for Publicly Elected Officials: Cyber startups are popular but only a cheap enhancement if they themselves are secure – validate.
- Weekly [TLP:RED] for Essential Services Managers: Discover where USB ports are being used to read/write data and find alternatives – they are the open backdoor for breaches. This includes USB drives, cameras etc.
- Weekly [TLP:RED] for IT Leaders: Ensure all laptops connect at least monthly directly to the network for 24 hours to receive updates. The longer devices are remote, the greater the chance of an update divergence leading to growing security concerns.
| Summary |
Hi everyone and hope you are well – three cities joining again this week and you missed a wonderful story about third parties trying to get their own VPN connected servers into the local network of an administration to circumvent regional administration limitations on third party connectivity – needless to say that the third parties really had no clue about the security implications and indeed their own solution could not spell the word “security”… It is a wonderful example of how third parties will ignore cyber responsibilities in the interest of doing business in any way possible. NEVER let third parties connect directly into your systems of course – take a look at solutions like https://www.1eq.com/products_eqube-mi that can help understand the solution path.
The above is also typical for many digital projects that are run without appropriate internal IT support – “anything goes” to get the “pilots” running and direct Internet connectivity is not atypical – be it through radio or GSM or anything available and of course pilots do not need security. Putting security in place retroactively is definitely no small feat and would it not be nice so have such solution “designed for security” from day one? Pardon me, I forget that that pilots do not need security…
The above then got us into stories how a national security administration is installing routers into the networks serving critical services to ensure security monitoring – in our opinion a good cause and the interesting challenge is then of course understanding the end-to-end networks that enable those services in the first place. Probably only my own organisation struggles with this? It is though perhaps also an interesting way to fund the discovery of those networks and then their appropriate remediation – national security funding is relatively accessible in today´s world as we know.
Finally, we shared how one member pro-actively solicits “cyber champions” within the organisation to spread awareness of security principles. Young colleagues are often attracted to this since cyber is a world of excitement in their eyes – try it out and offer sharing some of your typical reports, plus access to some of the network monitoring / forensic tools – you might be surprised about how quickly you can get a little support! Baby Yoda also has some insights 😊
Cheers
Oliver
| In the News |
Nothing specific caught our attention this week.
| City ISAC Services (Member Funded) |
The agreement with our hosting organisation Major Cities Europe has been finalised. Key themes are benchmarking NIS2/CIS Controls as the basis for robust risk management through Defence-In-Depth solutions and enabled through awareness building. As soon as final formal steps are completed we can move forward with a formal offering to members.
Since our EU funded MEET project appears to be indefinitely stalled unfortunately, we are moving forward with our friends at https://cs-aware.com/ on creating a funding proposal under a Horizon Innovation Action call. The focus will be on enabling the (resourced) piloting of innovative cyber solutions in local and regional administrations. If we are a local or regional administration, please contact me to learn more about the opportunities involved.
| Project “DAVID” (Member Funded) |
No updates. Continuing to plan a virtual open space event to roughly outline the possible cooperation requirements for municipalities in the event of a security incident. In a subsequent step, the catalogue of requirements would have to be developed and the requirements for such services would have to be defined through administrative assistance or inter-municipal cooperation processes. The virtual event would then be followed up by an in-person workshop, so that ideally by the end of 2024 not only the requirements have been defined and the implementation clarified, but also a “light” exercise has taken place to test the concept. This effort will be led by a local administration with the support of a third-party public-private-partnership IT service/infrastructure provider.
| Project “VAUBAN” |
** Change in Date – Monday April 8th 2pm-4pm CET **
Pleased to announce the EU City ISAC I4C+ and Major Cities Europe present the 2024 VAUBAN interactive cyber simulation “The Battle for the Golden Ticket”. Draft text below and meeting invite attached.
“The Battle for the Golden Ticket”
The EU City ISAC I4C+, hosted by Major Cities Europe, will be holding the virtual version of its 2024 VAUBAN Tabletop Exercise on Monday 8 April 2024 from 2 pm to 4 pm CET.
The “Golden Ticket” gives administrator level access to all key IT systems of an organisation (including infrastructure). A person with the “Golden Ticket” can “turn off” any IT asset, and / or prevent anyone from accessing them. A threat actor with a “Golden Ticket” is a nightmare to any organisation.
Guided by two local administrations and supported by cyber experts and white hackers, we will jointly and interactively go through the story of the frantic fight of the Blue Team of a regional administration to prevent the confirmed initial breach of a professional Red Team from reaching the “Golden Ticket” (elevated privileges on all core systems) and the harrowing experience of local administrations faced by the potential shutdown of core financial services. At the end, participants will also explore how peer collaboration might have made this scenario less threatening, how principles of asymmetric warfare can help us identify pragmatic preventative actions, and why advances in Artificial Intelligence are making “Goliath” even more powerful…
The agenda of the event (120′) is:
1. Introduction (10′).
2. Act 1: The Alert – Notification of the potential breach and the decision whether to go offline or not (20′).
3. Act 2: The Shut-Down – How to go offline and what essential services are impacted (20′).
4. Act 3: The Crisis – How to maintain impacted essential services offline (20′).
5. Act 4: The Recovery – Managing the challenges of returning to online services (20′).
6. Lessons Learned and How Peer Collaboration can help (20′).
7. Wrap-Up (10′)
Registration is open to any individuals interested in cyber security for local administrations. The event should be of particular interest to elected public officials, managers of essential services for regional and local administrations, as well as IT (Security) leaders.
Key learning points will include understanding how easy such a breach can happen, how damaging such a breach can be, and how we can prepare for when this happens – because it is not “whether” this will happen, but “when”, and those least prepared are usually the first to be impacted.
| Project “Regions4Cyber” |
No updates. Remember we are exploring the possible cooperation requirements for municipalities in the event of a security incident, to then in a subsequent step, find the most suitable approach for requesting these will be defined through administrative assistance or inter-municipal cooperation processes. This is currently focused on Germany and in German language, however preparations are also being made for “twinning” the effort into other EU nations / regions.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/