2025/11 Weekly Update from the EU ISAC for Cities & Regions: Collaboration launched with Health ISAC and Governikus / Exploring open-source network analysers / Spring cleaning tips from Aviation ISAC / Our requirements for a “SOC of SOCs”? / I-Trust Enablor selected for ENISA NIS360 initiative / ECSO publishes EU NIS2 Disposition Overview

von oschwabean Veröffentlicht am

2025/11 Weekly Update from the EU ISAC for Cities & Regions: Collaboration launched with Health ISAC and Governikus / Exploring open-source network analysers / Spring cleaning tips from Aviation ISAC / Our requirements for a “SOC of SOCs”?/ I-Trust Enablor selected for ENISA NIS360 initiative / ECSO publishes EU NIS2 Disposition Overview

** For Back Issues see https://isac4cities.eu/blog **

The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.

Weekly [TLP:RED]

Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.

This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.

  • Weekly [TLP:RED] for Publicly Elected Officials (Repeat # 23): Let your CEO/CIO decide whether to go “off-grid” in the case of a cyber incident – this makes them responsible for it.
  • Weekly [TLP:RED] for Essential Services Managers (Repeat # 23): NIS2 may declare your services as critical – make sure IT and leadership prioritise investment accordingly.
  • Weekly [TLP:RED] for IT Leaders (Repeat # 23): When you are managing a breach, many third-party individuals will visit your facilities – you should have a way of informally verifying their identities through official channels.
Summary

Hi everyone, friends from Belgium, Bulgaria, Croatia, Estonia, Ireland and Italy joining this Friday morning.

We started off discussing the Heathrow power incident and then moved to sharing stories on data centre power supplies, UPSs, generator backups etc – power for IT solutions is a science for itself and “Heathrow” is potentially everywhere!

We then swapped stories on what seems to have been a wave of phishing and malware activities in various cities and regions – keeping us busy, and it would have been nice to share specifics in the community to perhaps accelerate implementing relevant controls. This pro-active sharing (or rather lack of) has been a perennial challenge – seems we all want information from each other, yet we struggle to share it for various reasons (often forgetting in the heat of incident control for example).

One colleague then shared how in their national ISAC they are exploring a network sniffing solution across the community with a focus on NIS2 critical services (as nationally determined). While the benefits are clear, the large number of physical devices that might be needed pose a significant challenge and the resulting man-in-the-middle security requires significant e-identity etc activities of course. Additionally, securing the devices from unauthorised access is also no small effort. Another colleague then shared Zeek (https://docs.zeek.org/en/current/about.html#what-is-zeek) as an open source network analysis solution they are using in their administration to achieve good enough comparable results at significantly lower cost – maybe worth exploring in your worlds as well (seems to be a reasonable alternative to solutions like Darktrace as well. Trend Vision Deep Discovery also seems to be a relatively robust solution. All these of course do not help if the servers are hosted in clouds (with regional/national hosting).

We then discussed a conversation I had with our new partner Governikus with whom we are discussing the provisioning of cyber resources for the community (i.e., in the form of a SOC or expert resources on demand). We agreed that while we all need our own SOCs/SEAMs, there could be a benefit in a central capability providing services like:

(a) share information on current attacks as potential early warnings,

(b) provide analyst resources in the deep dive investigations after an incident has been resolved,

(c) provide a central normalised CVE/blacklist against normalised individual CMDB entries – normalisation of terminology is of course a huge challenge, or

(d) manual evaluations of notifications to understand how relevant / severe they truly are (wrong decisions here can lead to significant “unplanned” outages in our networks of course).

There is also a question on how we can enable comparative threat assessments against CMDBs – may less an early warning that an “emergent risk radar” (see https://thecroforum.org/wp-content/uploads/2024/08/ERI-Risk-Radar_2024.pdf for a good report on this). We agreed to invite our new partner for an internal presentation of their services and a discussion of what specific services we might be able to gain benefits from. We would also need to understand their commercial interests (they are 100% owned by a city / region).

One colleague then shared how they are benefitting from information updates from https://www.orangecyberdefense.com/ – they will check to see whether we might be able to get access to evaluate as a further information channel for us all.

So…. spring has started and hope you can make time to enjoy the more pleasant weather! Here some thoughts from the Aviation ISAC on your cyber spring cleaning.

Cheers, 

Oliver

In the News
  • The European Union Agency for Cybersecurity (ENISA) has selected I-Trust’s enablor platform for their NIS360 initiative addressing cybersecurity in public and private organizations in the EU. The NIS360 is an ENISA initiative that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and an in-depth analysis of each sector. The enablor platform is used in several projects to support the development of organizations’ cyber security. In the NIS360 initiative, ENISA wants to take advantage of the platform’s capabilities to reach many organizations and use its advanced facilities for effective communication. See https://www.linkedin.com/posts/i-trust_nis360-cybersecurity-itrustenablor-activity-7307759428622024705-zL8-?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAABAZYBM-mP-pfL-PLekLErH2keukJLfjI.
  • ECSO has published an interesting report on NIS2 disposition across Europe – see https://ecs-org.eu/activities/nis2-directive-transposition-tracker/.
  • We are now collaborating directly with the European Health ISAC – see https://health-isac.org/
  • We are now launching a collaboration with a German based expert solution provider for digital services for public administrations – see https://www.governikus.de/en/  
  • Major Cities of Europe, in collaboration with the City of Issy-les-Moulineaux, is pleased to announce the joint 2025 conference under the theme of “Piloting Disruptive Innovation in Cities and Regions”, which will be hosted at the UGC Congress Centre from October 9 to 10. Integrated into the Greater Paris Metropolis, Issy-les-Moulineaux is one of the most innovative cities in France and has long been recognized as a leader in digital innovation, circular economy, and environmental footprint reduction. The event is co-organized with Issy Media, the public company responsible for communication and innovation in Issy-les-Moulineaux. The conference will be conducted in English and French, with simultaneous translation available. See www.majorcities.eu for more details.
ISAC Services (Member Funded)

We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.

ISAC Baseline (IBAS) Project

The IBAS project continues and remember this sits on the Enablor platform serving a wider community. Enablor is currently supporting 3931 organisations with 4158 users and 10978 logins last year – a thriving community!

The ISAC benchmark platform offers a unique opportunity for public administrations to benchmark themselves against not only regulative requirements but also other local governments around Europe. Benchmarking data from European municipalities are now available in the ISAC Baseline Program providing participants with insight into how similar organizations perform and comply with legislation. Assessing the organization’s security level gives insight data on compliance with both legislation as well as automated mappings to security frameworks such as ISO 27001-2, CIS 18 and NIST CSF. The enablor platform can be used within your own organization and is a shortcut to collaborating with similar European organizations. If you are a region, you can also “sponsor” membership for your cities to create regional bench-learning groups. If you are a nation, then you can sponsor membership for your regions and cities as well of course.

Key value proposition? In the many discussions leading up to the launch, we see that the key value of participating is (a) access to a massive amount of detailed “real stories” on successful implementations across the NIS2 spectrum, and (b) significantly reduced efforts for reporting. If needed, we can also provide administrative support for transferring existing data into the enablor platform.

 

Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.

Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/.  Do follow us / join.

Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.

Thank you for the support, your City ISAC I4C+ Team.

Cheers and ever onwards

Oliver

Innovating our Future… Together

Chair City ISAC I4C+ / Dr. Oliver Schwabe.

Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/  

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert