2023/50 Weekly Update from the “City ISAC I4C+” Highlights:** Holiday Season Break until Friday 5 January 2024 ** / [TLP:RED] Guidance – Local In-Office Solutions for Disaster Recovery are Helpful / Wishing NO CALLS over the Holiday Season / Data Cleansing is also Malware Cleansing / Have you Stockpiled what you might need?

von oschwabean Veröffentlicht am

2023/50 Weekly Update from the “City ISAC I4C+” Highlights: ** Holiday Season Break until Friday 5 January 2024 ** /  [TLP:RED] Guidance – Local In-Office Solutions for Disaster Recovery are Helpful / Wishing NO CALLS over the Holiday Season / Data Cleansing is also Malware Cleansing / Have you Stockpiled what you might need?

[TLP:WHITE]

** For Back Issues see https://isac4cities.eu/blog **

Weekly [TLP:RED]

Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.

  • Weekly [TLP:RED] for Publicly Elected Officials: Yes, you must officially report some cyber incidents within certain timeframes – but you can ask for an extension – the later the better!
  • Weekly [TLP:RED] for Essential Services Managers: Make sure you have access to data backups of your key transactions; plus a local in-office solution you can use for Disaster Recovery.
  • Weekly [TLP:RED] for IT Leaders: Gigs for staff in other administrations are very helpful for learning different ways of doing things.
Summary

** Holiday Season Break until Friday 5 January 2024 **

Hi everyone and hope you are well – four cities joined on Friday morning and since we could not find any specific Christmas filters in the Google Meet visual effects, we settled again for the Panama hat and sunglasses. Considering only one city had snow on the ground maybe a fitting protest against grey, cold and wet weather in other cities – hey, the most common wish for Christmas was snow (and no calls from the office). Remember one of our members had THE call come on 28 December… knock on wood that the bad boys and girls will take some time off during Christmas.

No real recent incidents to discuss (fortunately) and ended up reflecting on how expensive the disposal of old IT kit can be (i.e., removing / shredding hard disks from PCs, laptops, printers, etc.) and that old kit can often only be sourced from EBay. One member mentioning that they hardly throw away anything and prefer to leave it powered on and off the network for as long as possible as a “hot standby” and / or replacement parts warehouse… stuff gets thrown away quickly, but can be excruciatingly difficult and expensive to re-purchase when needed. One member struggling to dispose of hard-drives because vendors charge by the kg and not the unit, so they refuse to sign off unit for unit as being disposed of properly. If anyone wants to start a business, buy a truck and shredder – then travel Europe doing local disposals that IT leaders can watch…. Seriously.

We also discussed some recent breaches of other cities where they are now unable to pay salaries or social benefits, and in some cases even have their complete financial accounting systems disabled. No fun for those impacted just before Christmas I think… Remember to stay able to run these sort of processes manually!

Interesting note on the Digital Cleanup 2024 in Estonia – “Waste Management”? “The next Digital Cleanup Day in Estonia will take place 26 January 2024 https://digikoristuspaev.telia.ee/en”. Worth taking a look at – definitely good practice, although we heard that not that much is actually achieved – but we keep trying! Reducing needed storage capacity is never a bad idea, and who knows how many malware infected files we get rid of in the process?

2023, like the years before, was, for us all, yet another year of trying to do more with less. The below post is a nice one to illustrate the impossible challenges we sometimes face, although my wife immediate said it was possible if you use an organ instead of a piano! From the Facebook group “Classical Music Daily” and recently posted by Robert Komaniecki.

By the way, a stockpile of “stuff” you might need for manual service delivery over the Holiday Season might be helpful – most shops will be closed and most colleagues will avoid answering the phone?

Please remember we are now taking a break and reconvening Friday 5 January 2024.

Wishing you a good Holiday Season and enjoyable start to 2024

Cheers

Oliver

In the News
  • Important Italian cloud provider of SaaS service for local Authorities hacked – a city near to Prato (that recently moved some back-office service to PAdigitale cloud provider is in trouble. They announced employees that will be impossible to pay the salaries – see https://www.lanazione.it/massa-carrara/cronaca/attacco-hacker-alla-pa-digitale-in-tilt-anche-il-portale-del-comune-1d0448e1.  
  • Over 70 German communities hacked and deadline for updating driver licenses postponed – see  https://www.wz.de/nrw/fuehrerscheinumtausch-frist-nach-cyberangriff-verlaengert_aid-103211753.
  • Service provider for Italian cities offline – employee salaries in some cities no longer payable / financial transactions not possible – see https://www.padigitale.it/ for the provider message.
  • Vilnius District Municipality impacted by ransomware “On 01 December, Lithuania’s National Cyber Security Center (NKSC) announced that a threat actor was able to successfully encrypt data belonging to the Vilnius District Municipality. This led to some disruption in the delivery of the municipalities services, and expected delay in some payments made via social benefits due to the restoration of the accounting system. However, a full restoration is underway with the municipalities’ website up and running and a thorough process ongoing to rid the network of infection.” See https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGwJJTdbQkXVpgWwwmpqdcJKbzh?projector=1&messagePartId=0.2
  • FBI explains how companies can delay SEC cyber incident disclosures: From The Record (12.08.2023) Jonathan Greig “The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). The document is a follow up to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, strategy and governance with the commission on an annual basis. Companies have to report issues to the SEC in 8-K filings within four business days unless the U.S. attorney general determines that disclosure would threaten national security or public safety. The FBI will be responsible for collecting delay request forms and passing the viable ones on to the Justice Department. The rules take effect on December 18, but smaller companies will have an extra 180 days to comply. The FBI worked with the Department of Justice to create the guidance document for victims about how companies can “request disclosure delays for national security or public safety reasons.” The bureau recommends “all publicly traded companies establish a relationship with the cyber squad at their local FBI field office” and “strongly encourages companies to contact the FBI soon after a cyber incident is discovered. This early outreach allows the FBI to familiarize itself with the facts and circumstances of an incident before the company makes a materiality determination.” In a summary, the bureau explained that a “material cybersecurity incident” is defined as one in which “there is substantial likelihood that a reasonable shareholder would consider it important” when making an investment decision. To request a delay, companies must email the FBI information about when the incident occurred and when the organization determined it was material. A failure to provide the exact date, time and time zone for the materiality determination “will cause your delay-referral request to be denied,” the FBI warned.” See https://therecord.media/sec-cyber-incident-reporting-rules-fbi-delay-guidance?utm_campaign=DAM&utm_medium=email&_hsmi=286044071&_hsenc=p2ANqtz-_o2y7OIWE6cHgu1p8QXP7xQXLjZntM99Jipw9Fc2BdZ4AYC4I-_c9f_Dhg7RrbDvJ4CRO3KDyWDkBEbHX7ykABELUvlXB7izs6Na9sV9pf9oiS_kw&utm_content=286044071&utm_source=hs_email.
City ISAC Services (Member Funded)

Currently finalising the details around services to be provided in 2024. There is an emerging clear distinction between those that will be available to any local administration in the EU, and those that will be reserved for participants in member funded projects such as DAVID or VAUBAN, and or membership in our hosting organisation Major Cities Europe.

Project “DAVID” (Member Funded)

No specific updates this week. Moving forward into 2024 we see this project merging into project “VAUBAN” (see below) and helping multiple (trans-) regional private collaboration groups emerge. Face-to-face engagement will grow, while the enablement of more meaningful conversations that focus on sharing private sensitive knowledge will take priority (already happening in our Friday calls of course). “Small is beautiful” see https://en.wikipedia.org/wiki/Small_Is_Beautiful.

Project “VAUBAN”

Considering that a major ransomware breach is only a question of time, we are now beginning to shape the key training scenario as a situation where all core systems are encrypted (i.e., ERP, collaboration, websites etc.) and that we need to reduce the recovery time from 6-9 months to 9-12 weeks. To achieve this, we need to prepare to recruit and use additional “fingers and thumbs” that have ideally gained some training in being seconded to working for another administration. Standing up the needed digital collaboration infrastructure is also not easy (assuming you do not go for free public services like Google and Whatsapp?). We will be seeing lots of activity here beginning next year and 2024 may well be the year that VAUBAN really took off.

Project “Regions4Cyber”

The pilot survey and approach have been finalised. Due to the upcoming holiday season, the launch of the survey is being postponed until January when colleagues are expected to be coming back to work. Important to note is that the emphasis is very much on using the survey to have meaningful local language conversations with the right colleagues versus trying to get unqualified answers from the uninitiated in languages they do not really feel comfortable in!

 

Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.

Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/.  Do follow us / join.

Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.

Thank you for the support, your City ISAC I4C+ Team.

Cheers and ever onwards

Oliver

Innovating our Future… Together

Chair City ISAC I4C+ / Dr. Oliver Schwabe.

Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/  

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert