2025/14 Weekly Update from the EU ISAC for Cities & Regions: Apply for FSTP funding by NCCs / Hide your CTI / Can AI Replace Human Intelligence ? / Developing a conversational AI solution “Barista” to support our Friday Caffè Corretto conversations – contribute training questions! / ISAC Baseline (IBAS) Project continues – join us!
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials (Repeat # 26): Offerings for NIS2 compliance audits are exploding and you will fail. Become CIS18 compliant first.
- Weekly [TLP:RED] for Essential Services Managers (Repeat # 26): Need to delay a digital project – ask for the results of the penetration test.
- Weekly [TLP:RED] for IT Leaders (Repeat # 26): When your mayor recommends a supplier, add them to the bottom of your shortlist.
| Summary |
Hi everyone, friends from Bulgaria, Croatia and Ireland joining this Friday morning along with our friends from ENISA.
Key topic of the day was how National NCCs (see https://cybersecurity-centre.europa.eu/nccs_en) are often offering FSTP programmes that we might be able to leverage for funding activities. Make sure to ask your NCC whether such programmes are being offered – the qualification threshold is typically quite low. Happy to support from a central perspective as well if you like – just reach out.
We then discussed how one national ISAC was working to gather malicious IPs across the country and then consolidate the input for next generation firewall providers. There is an intent to create a national reporting platform and while first efforts appear promising, the challenge of resourcing does remain (in the end a human decision on whether to submit for blocking or not is wanted) -> maybe a suitable topic for an FSTP project?
We also reflected on what creates leadership accountability for NIS2 deployment in public administrations. Personally, I think we need to focus on the leadership accountability for the strategic roadmaps of the administrations and ensure cyber threats are integrated into the relevant risk management plan – IMHO fines will not work in the public sector.
By the way – look at “Can AI Replace Human Intelligence Amid Federal Cybersecurity Budget Cuts?” See an interesting article by Alan R. Shark at https://statetechmagazine.com/article/2025/04/can-ai-replace-human-intelligence-amid-federal-cybersecurity-budget-cuts. With all these discussions, I have yet to see a proper scientific study that compares the effectiveness of a 100% AI solution to a “normal” security process in an organisation – sort of like taking one organisation, having a 100% AI solution implemented in parallel, and then comparing the results with the normal security processes. Additionally, I do not think we can avoid AI driven solutions becoming the dominant approach and therefore the question becomes how we do quality assurance and control the decisions made (indeed if we allow the AI to make decisions).
Also interesting perhaps the article “Addressing AI security risks – Strategies for secure solutions” by Samuel Marchal, Cybersecurity engineering & automation research team leader at VTT available HERE.
Previous week we did have a short call with a colleague and learned that a new CTI approach was being deployed in their country administrations whereby the main inputs were coming from national security organisations across the EU plus being based on the concept to ensure that while attacks are monitored, mitigations occur in a way that make sure the threat actor is not aware of them (i.e., inside the network). Another interesting conversation was around the challenges in public administrations of delegating decision rights to AI – actually not feasible within existing legislative structures (i.e., building permits or tendering requirements).
Finally, one of our members is launching a project to build a conversational AI solution to support our Friday Caffè Corretto conversations. The project is in stealth mode with a working title of “Barista” and aims to provide a Caffè Corretto conversation partner. Very early days yet, however if you are interested in contributing questions to drive the AI training please do reach out! Based on one the discussion we had in the previous week, Barista discussed why some cyber intrusion detection systems do not block ports being attacked. Barista informally suggested that “…there are good reasons to keep them open. It avoids disrupting regular users, lets the IPS deal with just the bad traffic, reduces problems from false alarms, helps gather intel on attackers, and prevents messing up complex networks. Basically, it’s a more targeted and less disruptive way to handle threats.” CoPilot then thought that “Overall, the statement conveys a pragmatic, efficient strategy for threat management, underscoring why a blanket approach like shutting down ports might not always be the best solution.” Your thoughts?
Cheers,
Oliver
PS Before I forget check out Vulnerability-Lookup which facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles. https://github.com/vulnerability-lookup/vulnerability-lookup.
| In the News |
- The ECSO Award Finals 2025 are just around the corner – and this time, we’re heading to The Hague on 21–22 May at the vibrant HSD Campus (Wilhelmina van Pruisenweg 104, 2595 AN Den Haag). In this event, some of the most promising European start-ups and scale-ups in cybersecurity will compete for the ECSO Startup Award, selected by a jury of investors from the ECSO INvest4Cyber community, and the ECSO CISO Choice Award, selected by a jury composed of European CISOs from the ECSO CISO Community. See https://forms.office.com/pages/responsepage.aspx?id=zu7aB_B3YkqIL6ekzlAgVNsi2W5t8T9LroJPdH6BJnxUQUQ0UkhCMVQ4Q0dLQVpHMFlTQTRKRlg3Qy4u&utm_source=ECSO+Award+Finals+20…+(Mass+Mailing+created+on+2025-04-10)+%5b3%5d&utm_medium=Email&route=shorturl.
- Major Cities of Europe, in collaboration with the City of Issy-les-Moulineaux, is pleased to announce the joint 2025 conference under the theme of “Piloting Disruptive Innovation in Cities and Regions”, which will be hosted at the UGC Congress Centre from October 9 to 10. Integrated into the Greater Paris Metropolis, Issy-les-Moulineaux is one of the most innovative cities in France and has long been recognized as a leader in digital innovation, circular economy, and environmental footprint reduction. The event is co-organized with Issy Media, the public company responsible for communication and innovation in Issy-les-Moulineaux. The conference will be conducted in English and French, with simultaneous translation available. See www.majorcities.eu for more details.
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
| ISAC Baseline (IBAS) Project |
The IBAS project continues and remember this sits on the Enablor platform serving a wider community. Enablor is currently supporting 3931 organisations with 4158 users and 10978 logins last year – a thriving community!
The ISAC benchmark platform offers a unique opportunity for public administrations to benchmark themselves against not only regulative requirements but also other local governments around Europe. Benchmarking data from European municipalities are now available in the ISAC Baseline Program providing participants with insight into how similar organizations perform and comply with legislation. Assessing the organization’s security level gives insight data on compliance with both legislation as well as automated mappings to security frameworks such as ISO 27001-2, CIS 18 and NIST CSF. The enablor platform can be used within your own organization and is a shortcut to collaborating with similar European organizations. If you are a region, you can also “sponsor” membership for your cities to create regional bench-learning groups. If you are a nation, then you can sponsor membership for your regions and cities as well of course.
Key value proposition? In the many discussions leading up to the launch, we see that the key value of participating is (a) access to a massive amount of detailed “real stories” on successful implementations across the NIS2 spectrum, and (b) significantly reduced efforts for reporting. If needed, we can also provide administrative support for transferring existing data into the enablor platform.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/