2025/30 Weekly Update from the EU ISAC for Cities & Regions: Partner Search / Please circulate – “DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE– Uptake of innovative cybersecurity solutions for SMEs” / MCE eIDAS webinar 20. November 2025 from 17:00 to 18:00 CET / Tuscany & Brittany Region invite to webinar on AI on 26 November / Barista suggests two level risk taxonomy for EU public administrations

2025/30 Weekly Update from the EU ISAC for Cities & Regions: Partner Search / Please circulate – “DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE– Uptake of innovative cybersecurity solutions for SMEs” / MCE eIDAS webinar 20. November 2025 from 17:00 to 18:00 CET / Tuscany & Brittany Region invite to webinar on AI on 26 November / Barista suggests two level risk taxonomy for EU public administrations

** For Back Issues see https://isac4cities.eu/blog **

The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.

Discussion Summary

Hi everyone, friends from Belgium, Bulgaria, Ireland, and Italy joining this week for a lively conversation across a spectrum of topics again.

One thing we discussed was https://en.wikipedia.org/wiki/Jaguar_Land_Rover_cyberattack and how (micro-segmentation) or, even better, (almost) isolated networks themselves can truly help protect our organisations. Ok, air-gaps are even better, but let us not throw out the baby with the bathwater.

We then also shared the struggle we have had trying to meet the requirements of a specific national FSTP funding call – it is focused on SMEs and not all public administrations are SMEs, plus not all public administrations outsource their SOC/SIEM to an SME. #sigh… so – we are now exploring the submission of a proposal under “DIGITAL-ECCC-2025-DEPLOY-CYBER-09-UPTAKE– Uptake of innovative cybersecurity solutions for SMEs” (see https://cybersecurity-centre.europa.eu/document/download/4da440fa-b5dd-474b-b6a9-df1cbdba67d2_en?filename=DEP%209%20Call%20document%20v7.pdf). The focus is “Cybersecurity Support for SMEs through AI: European SMEs are often under-resourced and vulnerable to cyberattacks. This action provides AI-enabled, user-friendly cybersecurity tools tailored to their needs, helping them manage cyber risks, report incidents, and strengthen their overall cyber resilience”. The primary objective addressed is “Availability of innovative tools and services that support SMEs in reporting incidents and in assisting with recovery if possible, and in exchanging with competent authorities (i.e. cooperation with Cyber Hubs, CSIRTs (including in relation to the CSIRT Network) and/or ISACs, for e.g. highly critical and other critical sectors entities)”. The basic proposal is creating a shared MISP based on the input of CTI from SOCs serving public administrations, applying an AI solution against this MISP with new models (this is our “Barista”) and identifying / sharing insights into NIS2 related vulnerabilities. While we need to develop the relevant integrations and AI models, the basic solution set is already available in the market. The project also builds on similar projects in other NIS2 sectors. For this purpose we are looking for two partners that are SMEs (Small and Medium-sized Enterprise, therefore – Micro, small, and medium-sized enterprises are defined as enterprises that employ fewer than 250 persons and have an annual turnover not exceeding EUR 50 million, and/or an annual balance sheet total not exceeding EUR 43 million. 1. A SOC that operates a SOC/SIEM for a public administration, and 2. An AI-development company that is able to configure existing (open source) AI-solutions for use with SOC/SIEM data captured in a MISP. We will have at least two pilot cities and have already identified two other partners to cover infrastructure/solutions and benchmarking. We now need the data input (SME SOC/SIEM) and data analysis (SME AI designer). Our proposal is due end of March 2026 and we need to select partners by the end of 2025 latest please. Please do circulate in your networks and ask anyone interested to contact me directly.

At the MCE annual conference in Issy-Les-Moulineaux the relevance of the eIDAS (*) EU regulation was discussed. MCE proposed to establish a new Special Interest Group- SIG (**) dedicated to eIDAS and we encouraged participation in that SIG. MCE therefore invites you to join a webinar about eIDAS which will take place on 20. November 2025 from 17:00 to 18:00 CET. All members of MCE. Also the participants to the conference as non member local governments are welcome to the webinar. The email invite will be forwarded to all shortly. We will explain what eIDAS is all about and why it is relevant for EU Local Governments (***).

Finally, maybe of interest, since NIS2 requires a robust cyber risk management approach, we asked our resident AI Barista “what might be a reasonable two level risk taxonomy for an EU public administration?”. A risk taxonomy is the structure for this risk management.

Barista replied that “for an EU public administration, a reasonable two-level risk taxonomy should balance broad strategic categories with specific, actionable risk types. Here’s a practical approach:

Level 1: Risk Domains

(Broad categories reflecting the main sources or areas of risk)

1. Strategic Risks
   1. Risks related to high-level objectives, policy, and governance (e.g., failure to achieve EU policy goals, geopolitical instability, regulatory non-compliance).
2. Operational Risks
   1. Risks arising from internal processes, systems, or human factors (e.g., IT failures, supply chain disruptions, staff shortages).
3. Compliance & Legal Risks
   1. Risks of violating laws, regulations, or ethical standards (e.g., GDPR breaches, procurement fraud, corruption).
4. Financial Risks
   1. Risks impacting budget, funding, or economic stability (e.g., budget overruns, fraud, economic downturns).
5. Cyber & Information Security Risks
   1. Risks related to data protection, IT security, and digital resilience (e.g., cyberattacks, data leaks, ransomware).
6. Reputational Risks
   1. Risks to public trust or organizational image (e.g., scandals, miscommunication, negative media coverage).
7. External/Environmental Risks
   1. Risks from external events or natural factors (e.g., climate change, pandemics, energy crises).

---

Level 2: Risk Types

(Specific, actionable risks under each domain)

Domain	Example Risk Types
Strategic	Policy implementation failure, geopolitical shifts, stakeholder misalignment
Operational	IT system outages, process inefficiencies, third-party vendor failures
Compliance & Legal	GDPR violations, procurement fraud, conflicts of interest
Financial	Budget deficits, embezzlement, economic sanctions
Cyber & Info Security	Phishing attacks, insider threats, critical infrastructure sabotage
Reputational	Social media crises, whistleblower leaks, public perception of incompetence
External/Environmental	Climate-related disruptions, pandemics, energy supply shocks

Cheers, 

Oliver

In the News

• Tuscany & Brittany Region invite to webinar on AI on 26 November – details will follow shortly. Objectives are: Explainable Security and Explainable AI (focusing on capabilities and limits) – to provide accessible, non-technical insights into AI risks and opportunities in cybersecurity, with a focus on practical experiences and best practices to improve the cyber posture of Regional and Local authorities. 
• EU ISACs Summit, 10–11 November 2025, Athens: ENISA is pleased to announce the 2025 edition of the EU ISACs Summit, which will take place on 10 November (afternoon) – 11 November (full day) at ENISA premises in Athens. As in previous years, we plan to dedicate the first day to hearing updates and future plans, and the second day to a more interactive session or exercise. With plenty of time ahead, we would love to hear your ideas and suggestions for the agenda. Please share your input with us by 19 September.
• The North European Cyber Days: ECSO is proud to announce a new major event designed for the European Cybersecurity Community: The North European Cyber Days, taking place on 4, 5 & 6 November 2025 at the Oslo Science Park, Norway. This high-level event will bring together key stakeholders from across cybersecurity, artificial intelligence (AI), and critical sectors to explore shared challenges, foster cross-border collaboration, and unlock new opportunities for investment, innovation, and resilience in Europe’s digital landscape.
• INVITATION to the 2025 European TLD ISAC Conference: Our friends at TLD ISAC are delighted to invite you to their 2025 edition of the European TLD ISAC Conference, which will take place on 20 November in Brussels. Under the overarching theme “Ensuring cyber resilience amidst shifting threats and geopolitical realities”, we will hear voices from across the political, policy, technical and operational spheres. Attendees will gain insights into how European stakeholders view and deal with the challenges arising from the unpredictable geopolitical situation and why collaboration is more important than ever. In our tech-focused sessions, speaker will dive into attack simulation and response strategies, intel sharing and monitoring practices, malware detection and vulnerability management approaches. As this is an invitation-only event, we encourage you to register early to receive the latest updates. If you are interested in joining, please contact me for registration details.
• EE-ISAC 26th Plenary: Celebrating 10 years of cybersecurity collaboration! 29 October 2025 | Brussels, Belgium. We are excited to announce that the EE-ISAC will host its 26th Plenary on October 29, 2025, in Brussels. This event will be especially significant as it marks EE-ISAC’s 10th anniversary – a full decade of empowering the European energy sector with collective cybersecurity knowledge, trusted partnerships, and strategic resilience. This is a face-to-face event and by invitation only. If you are interested in joining, please contact me for registration details.

ISAC Services (Member Funded)

We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.

Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.

Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.

Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/.  Do follow us / join.

Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.

Thank you for the support, your City ISAC I4C+ Team.

Cheers and ever onwards

Oliver

Innovating our Future… Together

Chair City ISAC I4C+ / Dr. Oliver Schwabe.

Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/