2025/25 Weekly Update from the EU ISAC for Cities & Regions: Pilot offer for supported Barista / MISP Team solution / Make PROPOSALS sustainable / Vett your connectees properly / Assessment List for Trustworthy AI (ALTAI) / Looking for Opportunity to conduct End-To-End Smart City Service Security Assessment
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
Discussion Summary
Hi everyone, friends from Bulgaria, Germany, and Ireland joining this week – thank you also for those dropping me a line they cannot make it.
One colleague deeply involved in preparing an EU funding proposal for a modern large university campus project (the IT infrastructure and security side of things). Working closely with their DigiHub (https://european-digital-innovation-hubs.ec.europa.eu/home) which is actually an interesting funding path next to the NCC FSTP calls we have pointed to previously and are pursuing for the project to install the Barista/MISP solution in the network of a local administration. Very interesting in this respect is how unclear the ongoing support of that solution will be – definitely something to design into a proposal of course since the sustainability of a solution is often more complicated and costly than building it.
Another colleague continuing to struggle with a large project leading to decommissioning a mainframe solution – this is all about lifting and shifting a large number of complicated processes to a new environment, whereby the digital side of those processes is barely understood anymore – they were implemented decades ago, continuously re-configured and most knowledge (especially regarding interfaces is gone) -> maybe ask some threat actors to map this work out?
We then discussed how another colleague is engaged in auditing the vetting process of new vendors needing connection to organisational networks – while managing the devices / users actually connecting to our networks is a huge challenge, we might wish to start by controlling initial / renewed access? It is not only about asset management and knowing what devices are connecting to your network – you also need to know WHO is using them and WHY! This maps into an effort we made last year on support vendor cyber security assessment for our members – a perennial issue.
Finally, if you are exploring AI solutions you might want to take a close look at https://altai.insight-centre.org/. This is an Assessment List for Trustworthy AI (ALTAI). ALTAI was developed by the High-Level Expert Group on Artificial Intelligence set up by the European Commission to help assess whether the AI system that is being developed, deployed, procured or used, complies with the seven requirements of Trustworthy AI, as specified in our Ethics Guidelines for Trustworthy AI. Basic hygiene when working with AI.
One final point we did not get around to discussing unfortunately was an emerging OPEN pilot for a Barista Team solution using Mistral AI (a secure, collaborative, AI-powered workspace – includes Google Drive and Sharepoint connections) in coordination with our ISAC MISP where we would offer an administration / enablement service to cover the below areas based on a small monthly subscription fee -> please contact me if you are a public administration interested in learning more OR an organisation interesting in sponsoring our scale-up. This would be hosted with Mistral (https://mistral.ai/) directly (versus the other efforts to get it hosted in the network of a local administration mentioned previously / above).
1. Onboarding & Training (Personalized Onboarding: Guide new users through account setup, feature walkthroughs, and best practices. Live Training Sessions: Host workshops or webinars on advanced features, such as AI tools, integrations, or automation. Resource Libraries: Curate and share tutorials, FAQs, and cheat sheets for self-paced learning.)
2. Account & Access Management (User Provisioning: Create, modify, or deactivate user accounts as needed. Role Assignment: Assign roles (e.g., admin, member, guest) and customize permissions to ensure users have appropriate access. Single Sign-On (SSO) Support: Assist with SSO setup and troubleshooting for seamless login experiences.)
3. Customization & Configuration (Workspace Setup: Design and organize channels, folders, and integrations tailored to team workflows. AI Agent Configuration: Set up and customize AI assistants for specific tasks (e.g., customer support, data analysis). Branding: Apply organizational branding (logos, colors, templates) to the platform interface.)
4. Security & Compliance (Data Protection: Enforce security policies, such as password requirements, two-factor authentication (2FA), and data encryption. Compliance Monitoring: Ensure the platform adheres to industry regulations (e.g., GDPR, HIPAA) and internal policies. Audit Logs: Monitor and review user activity for suspicious behavior or policy violations.)
5. Integration & Workflow Automation (Third-Party Integrations: Connect tools like Google Workspace, Microsoft 365, Slack, or CRM systems to streamline workflows. Automated Workflows: Build and deploy automation rules (e.g., auto-responses, task assignments, notifications) to reduce manual tasks. API Support: Assist developers or power users in leveraging the Le Chat API for custom solutions.)
6. Content & Knowledge Management (Content Curation: Organize and maintain shared knowledge bases, templates, and best practice documents. Version Control: Manage document versions and ensure users access the most up-to-date resources. Search Optimization: Tag and categorize content to improve discoverability.)
7. Support & Troubleshooting (Help Desk: Provide first-line support for technical issues, login problems, or feature questions. Feedback Loop: Collect user feedback to identify pain points and advocate for platform improvements. Escalation Path: Serve as a liaison between users and Le Chat’s support team for unresolved issues.)
8. Performance & Analytics (Usage Reports: Generate and share insights on platform adoption, active users, and feature usage. Custom Dashboards: Create visualizations to track team productivity, project progress, or customer interactions. Feedback Analysis: Use sentiment analysis or surveys to gauge user satisfaction and identify areas for improvement.)
9. Community & Engagement (User Groups: Foster communities of practice where users can share tips, ask questions, and collaborate. Recognition Programs: Highlight power users or innovative use cases to encourage engagement. Event Coordination: Organize virtual or in-person events (e.g., AMAs, hackathons) to boost collaboration.)
10. Policy & Governance (Usage Policies: Develop and communicate guidelines for appropriate platform use (e.g., communication standards, data sharing). Change Management: Communicate updates, new features, or policy changes to users proactively. Ethical AI Use: Educate users on responsible AI practices and monitor for misuse.)
11. Innovation & Pilot Programs (Beta Testing: Coordinate user groups to test new features or integrations before full rollout. Use Case Development: Work with teams to identify and implement creative solutions for unique challenges. Roadmap Input: Gather user input to shape the future direction of the platform’s features and services.)
12. Crisis & Continuity Management (Backup & Recovery: Ensure critical data is backed up and recoverable in case of outages or errors. Communication Plans: Develop protocols for platform-related announcements or emergencies.)
Cheers,
Oliver
| In the News |
- Major Cities of Europe, in collaboration with the City of Issy-les-Moulineaux, is pleased to announce the joint 2025 conference under the theme of “Piloting Disruptive Innovation in Cities and Regions”, which will be hosted at the UGC Congress Centre from October 9 to 10. Integrated into the Greater Paris Metropolis, Issy-les-Moulineaux is one of the most innovative cities in France and has long been recognized as a leader in digital innovation, circular economy, and environmental footprint reduction. The event is co-organized with Issy Media, the public company responsible for communication and innovation in Issy-les-Moulineaux. The conference will be conducted in English and French, with simultaneous translation available. See www.majorcities.eu for more details.
- EU ISACs Summit, 10–11 November 2025, Athens: ENISA is pleased to announce the 2025 edition of the EU ISACs Summit, which will take place on 10 November (afternoon) – 11 November (full day) at ENISA premises in Athens. As in previous years, we plan to dedicate the first day to hearing updates and future plans, and the second day to a more interactive session or exercise. With plenty of time ahead, we would love to hear your ideas and suggestions for the agenda. Please share your input with us by 19 September.
Looking for Opportunity to conduct End-To-End Smart City Service Security Assessment
As part of some exploratory work, we are looking for an opportunity to conduct an end-to-end security assessment of an active Smart City Service. At this stage we would apply for national NCC FSTP grants via a trusted SME and in partnership with the administration. Some details below and please reach out to me if you are interested in learning more – need someone on your side that can help evaluate the service please.
The outcome would be something similar to the below template where:
1. All IT assets supporting the service are identified,
2. The security of the assets is assessed (using https://www.cisecurity.org/controls/v8-1),
3. Actions to improve the end-to-end security are identified (item and Defence in Depth level) and prioritised, and
4. the (anonymised) results / recommendations are validated with other members of our community.
The IT assets are then held in our ISAC MISP and threat intelligence for these assets monitored / managed there. Data security provided via permissions management and an MoU would of course also be needed.
In a further stage we could look at how to leverage AI to help in identifying actionable items / manage these to closure.
We would then also look to map the results into control frameworks that you use locally/regionally/nationally, and of course NIS2/CIS18 etc.
We aspire to use the experience to build a robust pilot and, if benefits are visible, to identify local/regional/national/EU funding sources to grow.
The benefit for participants is (a) the additional resources we provide (b) improving the security of Smart City projects, and (c) the opportunity to learn how others are tackling specific IT asset (and end-to-end) security.
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/