2024/2 Weekly Update from the “City ISAC I4C+” Highlights: Copy your peers / Bing Chat highlights elections when it comes to cyber / Feel like Don Quixote? Work in the dark to serve the light / How to enable the official request for collaborative peer services
** For Back Issues see https://isac4cities.eu/blog **
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
- Weekly [TLP:RED] for Publicly Elected Officials: Innovation is “bleeding edge” – if you don´t want to bleed in public, don´t innovate – JOIN projects of others.
- Weekly [TLP:RED] for Essential Services Managers: Copy the processes of your peers to ease transferring your processes to them in the event of a breach.
- Weekly [TLP:RED] for IT Leaders: Buy the same software and hardware as your peers to ease supporting each other in the event of a breach.
| Summary |
Hi everyone and hope you are well – our regular crew pulled off to other duties on Friday morning so unfortunately no time for personal conversations. Getting budget buyoffs for 2024 was apparently of higher priority for some – rightly so of course!
So instead of a peer-to-peer conversation, I chatted with Bing Chat and asked whether public officials should care about cyber security – an interesting answer:
“Yes, cyber security is important for publicly elected officials. In today’s digital age, cyber attacks can be a serious threat to the security of sensitive information and data. Publicly elected officials are often privy to confidential information that could be used to harm individuals or the country as a whole. Therefore, it is important for them to take necessary measures to protect their digital assets and information from cyber attacks. The Council on Foreign Relations recommends that government officials and nongovernmental organizations that support elections should adopt measures to protect election systems from online threats, deter cyber interference with such systems, and reassure citizens their right to vote is defended². The European Union Agency for Network and Information Security (ENISA) also emphasizes the importance of cybersecurity in safeguarding the whole election lifecycle¹.
Source: Conversation with Bing, 14/01/2024
(1) Transforming Election Cybersecurity – Council on Foreign Relations. https://www.cfr.org/report/transforming-election-cybersecurity.
(2) ELECTION CYBERSECURITY: CHALLENGES AND OPPORTUNITIES – ENISA. https://www.enisa.europa.eu/publications/enisa-position-papers-and-opinions/election-cybersecurity-challenges-and-opportunities.
(3) Election Technology Best Practices – eac.gov. https://www.eac.gov/sites/default/files/electionofficials/security/Best_Practices_for_Election_Technology_508.pdf.
(4) Cybersecurity in Elections | International IDEA. https://www.idea.int/publications/catalogue/cybersecurity-in-elections.
(5) undefined. https://www.enisa.europa.”
For us particularly interesting perhaps is the highlighting of “elections” considering that we have EU elections coming up this year. The relevant is also highlighted by our “big sister”, the US Multistate ISAC (https://www.cisecurity.org/ms-isac) is “twinned” with the US Elections ISAC (https://www.cisecurity.org/ei-isac) – a resource definitely worth exploring!
On a lighter note, you will of course recognize the image below – a recent oil on canvas by my father reflecting on this own personal story and a timely reminder of how challenging it is to follow our personal ideals (the “true” artist”) versus executing the ideals of others (the “contract” artist). Reflect for a moment – do you sometimes feel you are fighting windmills? If so, then maybe think about working more in the dark to serve the citizens – the moment we focus on “outcome” versus “process” this becomes easier. In practice this means accepting the “real way of work” in our context (which can of course be quite political for example) and using that to further the final output – focus on impact versus how you get there.
Cheers
Oliver
| In the News |
- A cyberattack targets Albanian Parliament’s data system, halting its work https://www.myplainview.com/news/world/article/a-cyberattack-blocks-albania-s-parliament-18574559.php.
| City ISAC Services (Member Funded) |
No changes – the list of services has been finalised and we are currently clarifying the legal formalities with our hosting organisation Major Cities Europe to ensure robust delivery for members. Key themes remain benchmarking NIS2/CIS Controls as the basis for robust risk management through Defence-In-Depth solutions and enabled through awareness building.
| Project “DAVID” (Member Funded) |
No specific updates.
| Project “VAUBAN” |
Pencil in Tuesday 19 March from 2 pm to 4 pm CET for our 2024 VAUBAN interactive cyber simulation “The Battle for the Golden Ticket”. Details will follow soon!
| Project “Regions4Cyber” |
As preparations for a wider roll-out continue, we are in parallel working with a handful of regional and local administrations (plus their third-party IT service provider) to roughly outline the possible cooperation requirements for municipalities in the event of a security incident. In a subsequent step, the most suitable approach for requesting these will be defined through administrative assistance or inter-municipal cooperation processes. This is currently focused on Germany and in German language, however preparations are also being made for “twinning” the effort into other EU nations / regions.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/