2023/44 Weekly Update from the “City ISAC I4C+” Highlights: [TLP:RED] Guidance – Data storage is also malware storage / Our security tools are the basis for threat actor tools / Never do agile / Hot Standbys are Critical / Wayback Machine – Your data is out there!
[TLP:WHITE]
** For Back Issues see https://isac4cities.eu/blog **
Weekly [TLP:RED] – Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
- Weekly [TLP:RED] for Publicly Elected Officials: EU Funded projects are great – but make sure your Head of IT signs them off as well.
- Weekly [TLP:RED] for Essential Services Managers: Never accept stand-alone “agile” projects from vendors – you can embed agile “tasks” into waterfall projects though.
- Weekly [TLP:RED] for IT Leaders: Always order more than you truly need and connect it to the network as “hot” standbys for when other kit fails.
Summary
Hi everyone and hope you are well – three cities and one region joining this morning with at least one heading off to the Smart City Expo World Congress in Barcelona which is the world’s biggest and most influential event on urban innovation. (see https://www.smartcityexpo.com/). Conference season obviously upon us and maybe a good follow-up to our own conference and before that when members attended the event where members of the Commission for Economic Policy (ECON) of the European Committee of the Regions (CoR) gathered in Wismar, Germany, on 18-19 October, to discuss how better connectivity, technologies and skills can help prevent digital divides and accelerate the digital transition (see https://cor.europa.eu/en/news/Pages/ECON-in-Wismar-18-oct-2023.aspx). With all the time pressures in our daily lives, it remains important to at least take a little facetime with colleagues to build those networks of relationships we need.
One member just had national elections complete and showed us how video captures are made using mobile phones at every counting station – interesting to see how this effort is made, whereby the videos are then stored on a central server for a relatively long time. This then got us to reflecting on data retention policies and the perennial challenge of enforcing these (if we have them!). One member mentioned having over 20TB of data stored for their region and estimating that probably a lot of it was redundant due to multiple versions etc. Storage costs don´t get less either of course, and from a cyber perspective one member shared the story of trying to retrieve older data from a server that was no longer online – it was connected to the network in a dedicated new segment and then virus checked first fortunately – the checks resulted in our known Christmas tree of alerts since a lot of malware decided to try and come back to life. Storage should be subject to review / cleansing every 6 years or so, you should have a clearly defined and enforced data retention period and always bring old data online very carefully – there is a high probability that it is infected. This is also true for backups of course – many persistent threat actors have embedded malware in backups for later activation since they know that in the case of a malware attack, organisations will rely on bringing their backups to life…
The backup stories then brought us to the Wayback Machine (see https://archive.org/web/) where we explored old website versions of various organisations. There is more stored on the web than you can really imagine and remember that we do not typically see the deep and dark web either (plus all those websites in languages we do not understand of course).
The Wayback Machine then got us reflecting on the origins of malware – did you know that it basically emerges out of the tools we develop to monitor / manage our networks? The more effort we make to develop tools to do this – the easier it is for threat actors to attack us – a vicious circle we unfortunately did not manage to come up with an innovative solution to resolve. Just the simple insight that if you are connected to the web, others WILL breach you and you therefore need cyber defence strategies that are designed for this.
Wishing a safe week and do drop us a note with some insights if you attend an interesting conference.
Cheers
Oliver
UPDATES
In the News: Public administrations remain a prominent target and the incident at the Finnish municipality of Rautavaara with only 1400 citizens demonstrates nicely that any weak point in our defences will be abused. The report states “The municipal manager indicated that they won’t pay the ransom.” which will depend heavily on the specific systems that are no longer available of course – remember that there is a significant difference between what is said officially and what really happens.
City ISAC Services (Member Funded): We are finalising our list of services and pricing model for 2024 – look out for the release shortly. A main theme will be managing cyber risks for you in a NIS2 compliant and best practice / bench learning manner.
Project “DAVID” (Member Funded): In a bit of a quandary here since we should be in the middle of the transition to Project “MEET” (which keeps delaying) and that again is the basis for a major survey / membership campaign effort that we have prepared – hopefully not “Waiting for Godot”…
Project “MEET” (EU Funded / Beneficiary): The Commission seems to have fallen silent on some contractual issues and we are chasing as best we can to finally get this launched.
Project “VAUBAN”: Discussions happening around the pros/cons of the Larissa versus Bank Robbery format. For next year we are currently planning to have a member bring forward a scenario / exercise they have had good experience with this year.
Project “Regions4Cyber”: Currently vetting the survey questions with a major region – as soon as that is done, we are ready to release.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/