2024/19 Weekly Update from the MCE SIG “City ISAC I4C+” Highlights: Webinar “Accelerating NIS2 Compliance with Benchmarking and AI Support” – 15:00-16:30 CET – Monday, 3rd June 2024 (Now with Direct Link / Keeping all software updated is not feasible / If we cannot prevent the breach, how do we defend? / [TLP:RED] Tabletop Red Team Attack Plan Development to be launched / “No Plan Survives First Contact With the Enemy”
** NO CALL NEXT WEEK FRIDAY JUNE 7th **
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials: Solicit the establishment of an Internet Exchange Points (IXPs) as the foundation for a high-performance and cyber resilient digital platform.
- Weekly [TLP:RED] for Essential Services Managers: The more (subjectively) confident your citizens are regarding the cyber security of your services, the more likely it is they will adopt them. Be proactive to market cybersecurity!
- Weekly [TLP:RED] for IT Leaders: All software should have a valid SOG-IS certificate and tenders should mandate it.
| Summary |
Hi everyone and hope you are well – four cities joining from Belgium, Estonia, Ireland, and Italy on Friday morning and initially lots of discussions about the upcoming EU elections, digital voting, voting starting with 16 years age etc. Remember we have friends at the US Elections Infrastructure Information Sharing & Analysis Center (https://www.cisecurity.org/ei-isac) who are happy to help with any questions / thoughts you might have in this space. We also learned that cutting holes in election ballots can have value!
We then discussed the common challenge of keeping software on PCs/laptops updated (especially if you do not control this via an approved products list and internal software centre. One solution used is https://www.scappman.com/, although this is not the cheapest (one member paying >€100k/year in fact) and while providing a degree of baseline security does not relieve us of a lot of manual work. Indeed, the context has become so complicated that any update to underlying software (.Net or Java for example) is bound to lead to many “unplanned” outages as we know. We all have 1000s of applications on our estates. Since we cannot be sure of what will happen when we make such updates, being prepared for the outages becomes the key theme of course – a simple tip; do updates early in the week and never on Fridays… Which also reminded us that many vulnerabilities reported by security monitoring tools are triggered by out-of-date software that we do not have the time, knowledge, resources to keep updated in the first place.
The above then also led to a brief conversation on how to deal with business applications on mobile devices and that many of us seem to accept that staff will use private devices for business (and vice-versa), that this is not preventable for many reasons, and that we need to stay flexible. In the end, we need to assume that threat actors are already inside our systems and if not, they will easily breach any defences we have – with this mindset, cyber security becomes a different ballgame – probably worth a conversation.
Finally, we discussed some questions from ENISA about the tabletop we have been invited to shape for a multi-ISAC community and we will be setting up a separate series of conversations to design the Red Team attack plan – we will be reaching out to individual local and regional representatives accordingly. This will need to be [TLP:RED] exercise of course, but we will share as much as possible.
On planning, AI suggested the following image for the concept of “No Plan Survives First Contact With the Enemy” attributed to Prussian Field Marshal Helmuth von Moltke the Elder (see https://quoteinvestigator.com/2021/05/04/no-plan/) – with the cyber context considered.
Cheers
Oliver
Insights from Chatbots
I was curious about the opinion of Bing Chat about why it is important for public administrations to avoid developing IT solutions not supported by IT. The AI responded as per below:
“It’s crucial for public administrations to ensure that their IT solutions are supported by robust IT support for several reasons:
1. **Operation Digitalisation**: Digital transformation allows for the consolidation of various digital processes, which in turn facilitates better communication and collaboration within the organization. This is essential for public administrations to remain relevant and accessible to citizens¹.
2. **Innovation and Agility**: The rapid development of technology necessitates a culture of innovation within public administrations. Adopting new technologies can help organizations become more agile and responsive to changing public demands¹.
3. **Collaboration Across Departments**: Digital transformation can foster increased unity and collaboration across different departments, which is vital for streamlined and efficient public service delivery¹.
4. **Efficiency**: IT systems streamline administrative tasks, making government processes more efficient. IT support helps troubleshoot issues promptly, minimizing downtime and ensuring productivity³.
5. **Governance**: Proper IT governance ensures that ICT is used effectively to support public services, government administration, and democratic processes⁴.
Without IT support, public administrations risk developing solutions that may not be sustainable, secure, or efficient, leading to increased costs and reduced service quality for citizens. It’s about creating a digital ecosystem that is both innovative and reliable, ensuring that public services can meet the needs of the community effectively.
Source: Conversation with Copilot, 29/05/2024
(1) Public Sector Digital Transformation: 5 Benefits for Your … – GovNet. https://blog.govnet.co.uk/technology/essential-benefits-of-digital-transformation-in-the-public-sector.
(2) IT Support for the Public Sector | ROCK. https://www.rock.co.uk/insights/it-support-public-sector/.
(3) IT GOVERNANCE IN PUBLIC ADMINISTRATION. https://www.nispa.org/files/conferences/2021/e-proceedings/system_files/papers/IT_GOVERNANCE_IN_PUBLIC_ADMINISTRATION.pdf.
(4) Tech Savvy: Advancing GovTech Reforms in Public Administration. https://openknowledge.worldbank.org/server/api/core/bitstreams/741ce1b4-b24c-5297-ad29-a9a556c7fc9a/content.
(5) en.wikipedia.org. https://en.wikipedia.org/wiki/Public_administration.”
| In the News |
- Dutch cloud solutions provider AddComm hit by ransomware https://www.addcomm.nl/addcomm-geraakt-door-ransomware/
- Matadero de Gijon hit by ransomware attack https://x.com/H4ckManac/status/1792795799706874086
- City department of transportation in Świebodzin listed by Play https://x.com/TMRansomMonitor/status/1793159370613907766
- Seine-et-Marne hit by major cyber attack https://www.bfmtv.com/paris/seine-et-marne-la-ville-de-dammartin-en-goele-victime-d-une-cyberattaque-majeure_AN-202405280581.html
| City ISAC Services (Member Funded) |
We have published our services at https://isac4cities.eu/services-offered and are now proceeding to establish collaboration agreements with third parties we have been working with for a while. These will include joint marketing and enablement plans. Please do review and consider reaching out to include such in your activities and budgets.
One key service is about “Creating Intelligence” and related to “(Joint) Cyber Awareness Building II – Tabletop Exercise: This is a three-hour cyber awareness building event at your location for stakeholders across your organisation. The exercise is suited for a wide variety of roles and results in a greater common awareness of what the cyber threat means and how best to protect ourselves against it.” We have conducted similar exercises during the MCE annual conferences in the past three years and also, last year, at a regional IT conference in Germany. At these events the audiences were quite diverse and we recommend a similar setup for your organisation. Contact us for pricing details.
We now also have a date/time for our webinar on “Accelerating NIS2 Compliance with Benchmarking and AI Support” – See https://isac4cities.eu/webinar-on-accelerating-nis2-compliance-with-benchmarking-and-ai-support-1500-1630-cet-monday-3rd-june-2024.
15:00-16:30 CET – Monday, 3rd June 2024
To join the event click HERE.
Language of the webinar: English
This webinar is organised by the EU City ISAC I4C+ and Major Cities Europe in association with the Danish cyber benchmarking company i-Trust, the US based institute Fusion Learning Partners and the ECSO Cyber Resilient Regions Community.
The webinar focuses on helping local and regional public administrations to accelerate their journey to NIS2 compliance with the help of generally available AI solutions such as Microsoft Co-Pilot in combination with expert assessment questions that also allow for benchmarking across local and regional public administrations across the European Union.
The webinar will be an open debate building on a presentation of the Enablor benchmarking platform from i-Trust and how it is used in practice by a public administration on its path to NIS2 compliance, a demonstration of how Microsoft Co-Pilot can be used to effectively explore the assessment questions and an open panel discussion with the presenters and the audience.
The webinar will help public administrations master the growing challenge of achieving NIS2 compliance through benchmarking, simple AI, and peer-to-peer knowledge sharing.
The webinar is intended to inform publicly elected officials, essential service, and IT managers.
Programme
15:00 – 15:05 Welcoming remarks by the EU City ISAC I4C+
15:05 – 15:15 Enablor Platform Presentation (Klaus Kristensen / Kristian Asmussen – i-trust)
15:15 – 15:20 Q&A
15:20 – 15:30 The Enablor experience of the Municipality of Aabenraa, Region of Southern Denmark, Denmark (Thomas Majholt – Aabenraa)
15:30 – 15:35 Q&A
15:35 – 15:45 Using AI to accelerate NIS2 Compliance (Dr. Alan Shark – Fusion Learning Partners. Author of “AI – A Primer for State and Local Governments”)
15:45 – 15:50 Q&A
15:50 – 16:20 Panel discussion moderated by Dr. Oliver Schwabe (EU City ISAC I4C+)
16:20 – 16:30 Conclusions and next steps
| Project “VAUBAN” – 2024 Multi-ISAC Tabletop |
You might remember that our City ISAC is a founding member of the EU Council of ISACs where we have many EU ISAC members from sectors like health, energy, finance, water, energy etc. As part of the work with the EU Council of ISACs we are also building out our relationship with ENISA. ENISA is planning a face-to-face Multi-ISAC event in October and we, the City ISAC, may have an opportunity to run a 120 minute tabletop with many ISACs in the room plus a wide range of ENISA representatives. The preliminary discussions have gone well, and we now have a 120-minute time slot in the morning of the second day. The tabletop will address all ISACs in the room and be based on a public administration being breached and asking for the support of the community to help tackle the challenge. The exercise will address all NIS2 domains and offer the ISACs a chance to jointly help. Stay tuned!
| Project “Regions4Cyber” |
No updates.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/