2025/8 Weekly Update from the EU ISAC for Cities & Regions: Space ISAC looking for contacts / National NIS2 implementations not well mapped into Directive / Is Russia still a threat actor? The US seems to be changing its position / Top free penetration tools / What is your current alert level?
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials (Repeat # 20): Provide third parties with space in your offices to increase availability and response speeds.
- Weekly [TLP:RED] for Essential Services Managers (Repeat # 20): Report movers & leavers asap to HR and in parallel to IT to ensure access rights are removed as quickly as possible. Remove them yourselves for legacy systems if possible.
- Weekly [TLP:RED] for IT Leaders (Repeat # 20): Make sure you have personal liability insurance for your role.
| Summary |
Hi everyone, colleagues from Belgium, Bulgaria, and Italy joining this Friday morning.
Before I forget, the Space ISAC has reached out with a request for support. They have a lengthy set of global partners (CNES (France), Greek Ministry of Digital Defence, BSI (Germany), JAXA (Japan), Italy Space Agency (in progress), ESA (in progress), and others). As they grow, Space ISAC is standing up a Space ISAC UK cell of their Watch Center for information sharing. Does anyone have members entities or companies in the UK that are part of their information sharing community? If so, would you be willing to speak with them about lessons learned or best practices? Please contact me.
We started off by the colleague from Italy sharing their experiences from the recent DDOS attack their administrations suffered from (see https://www.agenzianova.com/en/news/ancora-attacchi-hacker-filorussi-contro-obiettivi-italiani-colpiti-i-siti-di-giornalisti-magistrati-e-dia). What started off with a notification from the National Security Authorities triggered wider activities to block non-Italian originating Ips to then realise the main threat actor activity was coming from an Italian VPN provider. The websites could be restored to operation relatively quickly and the police continue the relevant investigations. As usual a major nuisance, but not actually disrupting services offered.
We then took a look at some of the local legislation approaches to NIS2 and found that most nations are providing localised help like the “CyberFundamentals Toolbox” in Belgium (https://atwork.safeonweb.be/cyberfundamentals-toolbox). We suspect the overlap with NIS2 legislation may not be very high but need to take a closer look. In this respect the experience with enablor, where Croatian and Lithuanian national legislation has been mapped, is quite interesting since the overlaps range only between 50-60% -> national legislation is more detailed than the NIS2 regulation of course, however the mapping is untransparent. We also discussed how the required minimum maturity levels might be met and did explore the enablor solution set to understand how we might get relevant answers, i.e., what solutions are being used to meet what specific requirements and by whom with what experiences?
One thing we did not discuss and is worth reflecting on is the changes at the US Cyber Defence Agency CISA (Home Page | CISA) which is being impacted not only by the Federal layoff programs. CoPilot suggested “The Trump administration has initiated significant changes at the Cybersecurity and Infrastructure Security Agency (CISA). One of the most notable actions is the large-scale layoffs, with around 130 employees already dismissed and more expected. These cuts have raised concerns about the agency’s ability to respond to cyber threats effectively. Additionally, the administration is focusing on reducing the federal workforce and reallocating resources, which has led to uncertainty about CISA’s future direction and capabilities. The changes have sparked debates within the cybersecurity community about the potential impact on national security and the agency’s overall effectiveness.” Due to our reliance on intelligence from CISA (cyber is not affected by geography) there is a subtle and more important change as well, in that (as CoPilot points out) “The stance on Russia as a cyber threat actor has shifted under the Trump administration. While historically, the US has considered Russia a significant cyber threat, recent actions and statements suggest a change in this perspective. The Trump administration has publicly and privately signaled that it does not believe Russia represents a cyber threat against US national security or critical infrastructure. This marks a departure from longstanding intelligence assessments and has raised concerns among experts about potential vulnerabilities.” For the EU this may well mean that less intelligence on Russian threat actors is available and there may as well be a cascade impact on the sort of notifications being provided by US based security vendors. All of this plays into some of our thinking about partnering with EU based cyber organisations AND making sure they are generating their own intelligence for us.
On a final note, take a look at the alert level definitions provided by the US Multi-State ISAC (see https://www.cisecurity.org/cybersecurity-threats/alert-level) and reflect on whether you can share such on your public websites to sensitive users for the state of cyber threats. Something like this could become a standard part of your web presences plus adding some recommendations for users?
Source: https://www.cisecurity.org/cybersecurity-threats/alert-level
Cheers,
Oliver
Insights from AI
I asked CoPilot “what are the top free penetration testing tools?” The AI responded:
“Here are some of the top free penetration testing tools you can use:
Metasploit Framework: A powerful tool for developing and executing exploit code against a remote target machine.
Nmap (Network Mapper): A versatile tool for network discovery and security auditing.
Wireshark: A network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
Burp Suite Community Edition: A comprehensive platform for web application security testing.
OWASP ZAP (Zed Attack Proxy): An open-source tool for finding vulnerabilities in web applications.
Nikto: A web server scanner that performs comprehensive tests against web servers for multiple items.
SQLmap: An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws.
Aircrack-ng: A suite of tools for assessing WiFi network security.
You can find more detailed information about these tools here (https://softwarecosmos.com/best-free-penetration-testing-tools/). . Happy testing!”
| In the News |
- Successful DDOS on Italian Administrations “More pro-Russian hacker attacks against Italian targets: websites of journalists, magistrates and DIA hit” https://www.agenzianova.com/en/news/ancora-attacchi-hacker-filorussi-contro-obiettivi-italiani-colpiti-i-siti-di-giornalisti-magistrati-e-dia/.
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
| ISAC Baseline (IBAS) Project |
To support the ongoing IBAS project the ISAC Baseline platform was updated with the Croatian law for NIS2 as well as the Lithuanian law. The requirements of the laws are mapped to the CIS18 and ISO 2700x standards. The legal requirements are also mapped to the ISAC Baseline questionnaires so that the ISAC Baseline platform is an effective collaboration forum for ISAC members. Further updates with national laws and standards such as NIST CSF are forthcoming.
IBAS is now running with participating cities and regions from Croatia, Ireland and Lithuania was completed on 20 February. This included basic navigation and data entry to arrive at first individual and comparative results against the benchmark data. See https://isac4cities.eu/public-administration-isac-baseline for more details on this opportunity.
The ISAC benchmark platform offers a unique opportunity for public administrations to benchmark themselves against not only regulative requirements but also other local governments around Europe. Benchmarking data from European municipalities are now available in the ISAC Baseline Program providing participants with insight into how similar organizations perform and comply with legislation. Assessing the organization’s security level gives insight data on compliance with both legislation as well as automated mappings to security frameworks such as ISO 27001-2, CIS 18 and NIST CSF. The enablor platform can be used within your own organization and is a shortcut to collaborating with similar European organizations. If you are a region, you can also “sponsor” membership for your cities to create regional bench-learning groups. If you are a nation, then you can sponsor membership for your regions and cities as well of course.
Key value proposition? In the many discussions leading up to the launch, we see that the key value of participating is (a) access to a massive amount of detailed “real stories” on successful implementations across the NIS2 spectrum, and (b) significantly reduced efforts for reporting. If needed, we can also provide administrative support for transferring existing data into the enablor platform.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/