2025/31 Weekly Update from the EU ISAC for Cities & Regions: DEP proposal evolving – “MISP of MISPs” on the way / Open a flower shop – PA CISOs might quickly replaced by AI / Conference and Webinar Season upon us!
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
Discussion Summary
Hi everyone, friends from Bulgaria, Croatia, and Italy, plus a guest from the Rail-ISAC joining this week for a lively conversation across a spectrum of topics again, although the focus lay on aligning around the DEP proposal we are slowly pulling together – high level concept below and see also previous post at https://isac4cities.eu/2025-30-weekly-update-from-the-eu-isac-for-cities-regions-partner-search-please-circulate-digital-eccc-2025-deploy-cyber-09-uptake-uptake-of-innovative-cybersecurity-solutions-fo. Currently we are working to get a “MISP of MISPs” setup with https://www.x-isac.org/ and then to connect the MISPs of two colleagues into that. The AI component will be largely a transfer of Barista to https://mistral.ai/, while we are looking for a suitable EU based alternative for Google Drive. Also continuing to look for a robust SME in the AI design space – kissing a lot of frogs as usual unfortunately! Progressing well overall and planning to create the first proposal abstract shortly. If you are a public administration interested in joining our pilot and ensuing proposal please do reach out.
Ah yes, in regards to the above the following guidance can also be helpful in understanding the approaches working for information sharing agreements: https://github.com/MISP/misp-compliance/blob/master/setting-up-ISACs/guidelines_to_set-up_an_ISAC.md, https://www.misp-project.org/compliance/GDPR/, and https://x-isac.org/assets/images/guidelines_to_set-up_an_ISAC.pdf – it is all no higher math. Key benefit does seem to be the opportunity to massively reduce information gathering efforts – each of us is re-inventing the wheel every day it seems. We also discussed the potential important of local language versions just to realise that with current AI capabilities this is straight-forward and without too much additional efforts.
I was also reflecting on the journey we have covered to get here. I4C+ started in 2021, and in 2022/2023 we ran the internal project “David” focused on Defence in Depth, followed by the internal project “Vabaun” that designed and delivered tabletop exercises virtually and at various conferences during 2022-2024. Multiple separate services also evolved (i.e. supplier cyber assurance audits) and in 2025 we then developed our Barista AI. In parallel, we participated in various EU proposal, supported the establishment of several national ISACs, and also evolved our benchmarking capability with the support of external partners. We think we now have a much better idea of what offering would truly be beneficial and it ends up being this “MISP of MISPs” with AI supported information gathering, anonymisation, normalisation and analysis -> this can all allow you to re-purpose existing headcount to perhaps more valuable tasks (don´t tell anyone though since that headcount may be removed otherwise).
In a parallel note, one colleague shared how their department was facing some major staffing cuts as their council continues to believe that AI can significantly reduce staffing. While I do not disagree in principle, the typical approach of reducing staff BEFORE implementing the new solution seems to be the strategy of choice #sigh…. Maybe there is a business opportunity for an AI driven CISO avatar? I asked our Barista AI “could the CISO role be replaced by AI?” and Barista replied:
“The idea of AI replacing the Chief Information Security Officer (CISO) role is a hot topic, especially as AI capabilities advance. Here’s a balanced perspective:
What AI Can Do
- Automate Routine Tasks: AI excels at monitoring networks, detecting anomalies, and responding to common threats—tasks that currently consume much of a security team’s time.
- Data Analysis: AI can process vast amounts of security data faster than humans, identifying patterns and potential breaches.
- Threat Intelligence: AI can aggregate and analyze global threat data, providing real-time insights.
What AI Can’t Do (Yet)
- Strategic Leadership: The CISO role is not just technical; it involves aligning security with business goals, managing risk, and communicating with executives and boards.
- Ethical Judgment: AI lacks the ability to make nuanced ethical decisions, especially in complex or ambiguous situations.
- Human Relationships: Building trust, negotiating with stakeholders, and leading teams require emotional intelligence and experience.
The Likely Future
- AI as a Partner: AI will augment the CISO’s role, handling more operational tasks and providing deeper insights, but the strategic and leadership aspects will remain human-led.
- Evolution, Not Replacement: The CISO role may evolve to focus more on strategy, governance, and oversight, with AI managing the technical execution.
In summary: AI is unlikely to fully replace the CISO in the foreseeable future, but it will transform how the role operates.”
Personally, I actually do see a growing change that the management role of CISO will disappear in public administrations – non-IT/security tasks will simply be assumed by other leaders (using AI on the side to ask for guidance) and the actual “doing” will be outsourced to third party providers – time to set up that flower shop? Methinks it would not harm to plan ☹Not saying I feel comfortable with this though!
Cheers,
Oliver
| In the News |
- Tuscany & Brittany Region invite to webinar on AI on 26 November – the webinar on “AI & Cybersecurity in regional and Local Authorities“, taking place on the 26th of November from 09:30 to 11:00. This session is a part of the Cyber Resilient Regions Community (CRR) initiative co-organized by ECSO with the Tuscany Region, Major Cities of Europe, and EU City ISAC I4C+. To register, please find the event page here. The session aims to provide clear, non-technical insights into the risks and opportunities of AI in cybersecurity, highlighting practical experiences and best practices to help Regional and Local authorities strengthen their cyber resilience. This webinar is open to all – regional authorities, companies, start-ups (technical teams/decision makers / topic-based – cyber enthusiasts).
- EU ISACs Summit, 10–11 November 2025, Athens: ENISA is pleased to announce the 2025 edition of the EU ISACs Summit, which will take place on 10 November (afternoon) – 11 November (full day) at ENISA premises in Athens. As in previous years, we plan to dedicate the first day to hearing updates and future plans, and the second day to a more interactive session or exercise. With plenty of time ahead, we would love to hear your ideas and suggestions for the agenda. Please share your input with us by 19 September.
- The North European Cyber Days: ECSO is proud to announce a new major event designed for the European Cybersecurity Community: The North European Cyber Days, taking place on 4, 5 & 6 November 2025 at the Oslo Science Park, Norway. This high-level event will bring together key stakeholders from across cybersecurity, artificial intelligence (AI), and critical sectors to explore shared challenges, foster cross-border collaboration, and unlock new opportunities for investment, innovation, and resilience in Europe’s digital landscape.
- INVITATION to the 2025 European TLD ISAC Conference: Our friends at TLD ISAC are delighted to invite you to their 2025 edition of the European TLD ISAC Conference, which will take place on 20 November in Brussels. Under the overarching theme “Ensuring cyber resilience amidst shifting threats and geopolitical realities”, we will hear voices from across the political, policy, technical and operational spheres. Attendees will gain insights into how European stakeholders view and deal with the challenges arising from the unpredictable geopolitical situation and why collaboration is more important than ever. In our tech-focused sessions, speaker will dive into attack simulation and response strategies, intel sharing and monitoring practices, malware detection and vulnerability management approaches. As this is an invitation-only event, we encourage you to register early to receive the latest updates. If you are interested in joining, please contact me for registration details.
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/