2025/24 Weekly Update from the EU ISAC for Cities & Regions: Looking for Opportunity to conduct End-To-End Smart City Service Security Assessment / Threat vector software upgrades? / Invitation to Participate (and circulate) in ENISA’s NIS360 Sector Survey / Is AI a “fashion” to avoid? / How to stop a business led IT project… / Cyber Conference on Cruise Ship!
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
Discussion Summary
Hi everyone, friends from Croatia, Estonia and Ireland, Italy joining today. Starting off with the usual banter on being ready to retire when we look at how many uninformed decisions are being made by elected leadership, although we are all not really ready to “give up” 😊
One colleague then shared how their whole company asset login had been taken down by unexpected consequences of an IAM upgrade (yes – IT changes remain the largetst source of “unplanned” IT outages). Interesting in this case was that in internal communications it was explicitly mentioned that the incident was NOT related to a cyber attack – we did wonder though what a threat actor could learn from it and whether this threat vector might be a strong one in the background?
We also discussed progress on installing our MISP/AI solution in the local network of one of our colleagues, and interesting enough they raised the point that in their administration, whenever someone wants to use AI, decision makers challenge it asking whether it really is needed? AI definitely on the radar, but very cautious and hence the importance of our pilot approach to learn more about the art of the possible and trying to protect our cities from “fashion IT”.
We then shared thoughts on how to “regain control” of business led projects and one colleague shared how they leverage purchasing processes / IT security & data protection regulation / internal audit for achieving this – sometimes we need to master the art of “stopping” something… On the internal audit side one colleague mentioned that an assessment of the project complexity can lead to internal audit being mandated to help out and we looked at a simple tool for evaluating this.
Before I forget, one colleague pointed us to a rather interesting cyber conference that occurs on a cruise ship https://cruisecon.com/ – cool idea!
Cheers,
Oliver
| In the News |
- Major Cities of Europe, in collaboration with the City of Issy-les-Moulineaux, is pleased to announce the joint 2025 conference under the theme of “Piloting Disruptive Innovation in Cities and Regions”, which will be hosted at the UGC Congress Centre from October 9 to 10. Integrated into the Greater Paris Metropolis, Issy-les-Moulineaux is one of the most innovative cities in France and has long been recognized as a leader in digital innovation, circular economy, and environmental footprint reduction. The event is co-organized with Issy Media, the public company responsible for communication and innovation in Issy-les-Moulineaux. The conference will be conducted in English and French, with simultaneous translation available. See www.majorcities.eu for more details.
- EU ISACs Summit, 10–11 November 2025, Athens: ENISA is pleased to announce the 2025 edition of the EU ISACs Summit, which will take place on 10 November (afternoon) – 11 November (full day) at ENISA premises in Athens. As in previous years, we plan to dedicate the first day to hearing updates and future plans, and the second day to a more interactive session or exercise. With plenty of time ahead, we would love to hear your ideas and suggestions for the agenda. Please share your input with us by 19 September.
Looking for Opportunity to conduct End-To-End Smart City Service Security Assessment
As part of some exploratory work, we are looking for an opportunity to conduct an end-to-end security assessment of an active Smart City Service. At this stage we would apply for national NCC FSTP grants via a trusted SME and in partnership with the administration. Some details below and please reach out to me if you are interested in learning more – need someone on your side that can help evaluate the service please.
The outcome would be something similar to the below template where:
1. All IT assets supporting the service are identified,
2. The security of the assets is assessed (using https://www.cisecurity.org/controls/v8-1),
3. Actions to improve the end-to-end security are identified (item and Defence in Depth level) and prioritised, and
4. the (anonymised) results / recommendations are validated with other members of our community.
The IT assets are then held in our ISAC MISP and threat intelligence for these assets monitored / managed there. Data security provided via permissions management and an MoU would of course also be needed.
In a further stage we could look at how to leverage AI to help in identifying actionable items / manage these to closure.
We would then also look to map the results into control frameworks that you use locally/regionally/nationally, and of course NIS2/CIS18 etc.
We aspire to use the experience to build a robust pilot and, if benefits are visible, to identify local/regional/national/EU funding sources to grow.
The benefit for participants is (a) the additional resources we provide (b) improving the security of Smart City projects, and (c) the opportunity to learn how others are tackling specific IT asset (and end-to-end) security.
Daily Cyber Forecast
Our GPT Barista is publishing an (almost) daily cyber forecast to our LinkedIn page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/. Follow!
Invitation to Participate (and circulate) in ENISA’s NIS360 Sector Survey
Over the past few months, our ENISA friends have been working on developing the NIS360 surveys — and they are happy to share that they are now ready to launch!
We would appreciate it if you could share the survey dedicated to public administrations with the members of ISAC4Cities.
The goal of the survey is to assess the cybersecurity maturity and criticality of sectors classified as essential or important under NIS2.
The input collected will directly inform the upcoming ENISA NIS360 Report, which will provide a comprehensive overview and comparison of sectors, highlighting where each sector stands. Through NIS360 surveys, ENISA aims to collect data on an annual basis to support companies and competent authorities in prioritising resources and strengthening cybersecurity practices over time.
You can access the survey via the following link: https://enablor.dk/auth/register/survey/8419079683a240e88266e257bf391b00?lang=en&enisa=true
We kindly invite you to complete the survey by September 15.
You can also find last year’s NIS360 report here: https://www.enisa.europa.eu/publications/enisa-nis360-2024. However, this year, we aim to gather input from a broader range of entities in order to develop the most accurate and comprehensive picture of the sector possible.
If you have any questions, need further information, or are interested in continuing the dialogue and contributing your expertise to support our work, please do not hesitate to contact the ENISA team at NIS360@enisa.europa.eu <mailto:NIS360@enisa.europa.eu> .
Weekly [TLP:RED]
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation. Full list at https://isac4cities.eu/tlpred.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials (Repeat # 36): Overestimating project costs funds critical daily work.
- Weekly [TLP:RED] for Essential Services Managers (Repeat # 36): An imperfect “citizen” solution is better for mental health that an imperfect “supplier” solution.
- Weekly [TLP:RED] for IT Leaders (Repeat # 36): Patch network devices with 24-hour delay to see effect in other organisations first.
Ask Barista (GPT)
We have now launched a Barista pilot where colleagues get access to a custom designed ChatGPT app called “Barista” – I asked Barista who it is and it replied: “I’m Barista, your cybersecurity analyst assistant. I’m here to help security operations centre (SOC) teams, blue team defenders, and incident responders with things like: Log analysis (from Splunk, Sentinel, ELK, etc.), Writing detection rules (Sigma, KQL, SPL), Mapping alerts to MITRE ATT&CK, Remediation guidance (NIST, CIS, OWASP best practices), Threat hunting, system hardening, and incident response support, Automating security processes in hybrid and cloud environments”. IF you would like to learn more, please contact me.
I4C+ MISP
We are discussing moving the current I4C+ MISP ( using https://www.misp-project.org/index.html) into the test network of a member to set the stage for a Mistral AI or Robotic Process Automation (RPA) pilot. The NDA remains a headache; however we think this can be resolved if we focus on secure containers and transferring only data from CTI providers via a future partner like https://mindflow.io/. We will probably want to move Barista there as well. Many moving pieces that may finally be coming together – contact me is you would like to be involved.
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.
| ISAC Baseline (IBAS) Project |
The IBAS project continues and remember this sits on the Enablor platform serving a wider community. Enablor is currently supporting 3931 organisations with 4158 users and 10978 logins last year – a thriving community!
The ISAC benchmark platform offers a unique opportunity for public administrations to benchmark themselves against not only regulative requirements but also other local governments around Europe. Benchmarking data from European municipalities are now available in the ISAC Baseline Program providing participants with insight into how similar organizations perform and comply with legislation. Assessing the organization’s security level gives insight data on compliance with both legislation as well as automated mappings to security frameworks such as ISO 27001-2, CIS 18 and NIST CSF. The enablor platform can be used within your own organization and is a shortcut to collaborating with similar European organizations. If you are a region, you can also “sponsor” membership for your cities to create regional bench-learning groups. If you are a nation, then you can sponsor membership for your regions and cities as well of course.
Key value proposition? In the many discussions leading up to the launch, we see that the key value of participating is (a) access to a massive amount of detailed “real stories” on successful implementations across the NIS2 spectrum, and (b) significantly reduced efforts for reporting. If needed, we can also provide administrative support for transferring existing data into the enablor platform.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/