2024/20 Weekly Update from the MCE SIG “City ISAC I4C+” Highlights: No call next week / Good threat intelligence needs robust logging / Red Team for Multi-ISAC Tabletop convening / 10% Discount for MCE members on Enablor Benchmarking Platform / ENISA NIS360 survey pending
** NO CALL NEXT WEEK **
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials: Don´t move critical infrastructure services to the cloud.
- Weekly [TLP:RED] for Essential Services Managers: Ensure all logging services for database services that are related to versioning of data are enabled.
- Weekly [TLP:RED] for IT Leaders: Ensure all possible logging is turned on and all relevant log data continuously provided by third parties.
| Summary |
Hi everyone and hope you are well – three cities joining from Belgium, Bulgaria, and Estonia on Friday morning and initially lots of discussions about why we chose what backgrounds in our web conferences – have a think about it since it reveals a lot about personalities 😊
One colleague then shared their experiences with https://flare.io/ which they are piloting. We looked at real notifications being received and how amazingly rich the data being provided is – a simple example was the notification about a company account being used where the credentials had been broadcast on the dark web, and how quickly / easily the responsible user could be identified, and their security situation remediated. This story will probably become the baseline for the multi-ISAC tabletop we will be holding, and we will shortly convene the Red Team to plan it through (let me know if you would like to join). Just love it when someone takes us on a tour of their live systems and explains how they operate them in practice!
We then shared notes about how many and what sort of IT staff we have. We agreed that there should be dedicated resources for log analysis and that it probably makes sense to separate these analysts organisationally from the normal IT team – this would really help drive observability. We can only observe what we can monitor of course, and we all have significant issues with the degree of coverage (often due to technical debt, but also often due to organisational fragmentation). At the same time, when you take a close look, it becomes concerning how few logs are being captured in the first place, and then how little they are being evaluated – certainly an area for generative AI to step up to the plate in my opinion. Robust threat intelligence needs robust logging to provide the right data correlations!
Also perhaps of interest is that we have been asked to become a key stakeholder in the second edition of the ENISA NIS 360 survey. “In 2023, ENISA developed the NIS 360 methodology to do an assessment of NIS sectors on an annual basis, to understand better their overall maturity, criticality and to identify areas for improvement. The first edition covered 10 NIS sub-sectors. The policy framework in the finance sector is the most mature, while the telecoms, digital infrastructure, trust and finance sectors are scoring the highest in risk management.” See https://www.enisa.europa.eu/news/shaping-cybersecurity-policy-towards-a-trusted-and-secure-europe. More information to follow. This gives us a clear opportunity to help shape the NIS3+ space from the perspective of public administrations. I asked CoPilot to generate us an image and this is what it came up with:
Cheers
Oliver
Insights from Chatbots
I was curious about the opinion of Bing Chat about why it is important for public administrations to share information about cyber security incidents and risks with all members of your organisation? The AI responded as per below:
“Sharing information about cybersecurity incidents and risks within public administrations is crucial for several reasons:
– **Early Warning and Real-time Assistance**: By sharing information, organizations can provide early warnings to each other and offer real-time assistance during incidents, which can help mitigate the impact of cyberattacks⁴.
– **Enhanced Cyber Resilience**: Rapid sharing of critical information about attacks and vulnerabilities can greatly decrease the scope and magnitude of cyber events, enhancing the overall resilience of the nation’s cybersecurity infrastructure³.
– **Improved Security Posture**: Information sharing can improve an organization’s cybersecurity posture through a better understanding of the number and impact of incidents, identification of malicious actors, and tracing of funds obtained by cyber threat hackers⁴.
– **Cultural Change**: A change in culture within institutions is necessary where information security (IS) must be integrated into all processes and projects. Sharing information helps in building a security culture where employees are aware of their roles in the information security management system (ISMS)¹.
– **Knowledge and Behavior Change**: Information sharing contributes to an organization’s cyber threat awareness and understanding of how a threat operates, which can lead to better defense strategies and a change in behavior towards cybersecurity practices⁵.
In essence, information sharing is a key component in building a collaborative defense against cyber threats, ensuring that all members of an organization are informed and prepared to act in the face of potential cybersecurity challenges.
Source: Conversation with Copilot, 10/06/2024
(1) INSA paper highlights importance of information sharing across sectors …. https://industrialcyber.co/threat-landscape/insa-paper-highlights-importance-of-information-sharing-across-sectors-in-defending-us-cyberinfrastructure/.
(2) Information Sharing | Cybersecurity and Infrastructure Security … – CISA. https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing.
(3) Information Security Awareness in Public Administrations. https://www.intechopen.com/chapters/59667.
(4) Cyber-threat intelligence information sharing guide – GOV.UK. https://www.gov.uk/government/publications/cyber-threat-intelligence-information-sharing/cyber-threat-intelligence-information-sharing-guide .
(5) Cyber Security Information Sharing: An Overview of Regulatory … – ENISA. https://www.enisa.europa.eu/publications/cybersecurity-information-sharing/@@download/fullReport.”
| In the News |
- Unauthorized AI is eating your company data, thanks to your employees https://www.csoonline.com/article/2138447/unauthorized-ai-is-eating-your-company-data-thanks-to-your-employees.html?utm_campaign=DAM&utm_medium=email&_hsenc=p2ANqtz-_kbWU8-JmYHTbYFnizE9YccW_TOQprcJWibrduLYrDaFyGOeUsfT5Em0p_7c4pgJ0RpfoFwB0To0cfKcw_YCe0QwxrQrwFAHZLwFJ4qpv09itg5hE&_hsmi=310478457&utm_content=310478457&utm_source=hs_email
- Lockbit lists Spanish municipality of San Lorenzo de El Escorial https://x.com/TMRansomMonitor/status/1796420829401784825
| City ISAC Services (Member Funded) |
We have published our services at https://isac4cities.eu/services-offered and are now proceeding to establish collaboration agreements with third parties we have been working with for a while. These will include joint marketing and enablement plans. Please do review and consider reaching out to include such in your activities and budgets.
One key service is about “Resourcing Operations” and related to “(Joint) Benchmarking Compliance (CIS18 & GDPR): With expert partners, we gather the needed information and provide assessments of security compliance and digitalization with a focus on EU GDPR and CIS18 Controls (the “Esperanto” of cyber controls). The results are collected in a dedicated secure and EU-based platform, which has been developed for efficient collection and processing of data into Benchmarks.” In this respect we have just launched our partnership with I-Trust and invite all administrations to join the Enablor benchmarking database. Contact us for pricing details – MCE members receive a 10% discount.
I-Trust is an official CIS Controls Supporter and provides a wide range of best practice recommendations for Cyber Security. Enablor is a community solution based on experiences from more than 1,500 local administrations where the platform is used to strengthen (cyber) security along with the increasing digitalisation of organisations. Community in this context means that content is targeted to the sector, that benchmarking and sharing experiences helps organisations to work with security requirements in a targeted way. Perhaps most importantly, the system solves a lot of the resource-intensive tasks so that organisations can work purposefully – convenience is a key word. See https://i-trust.dk/en/. Attached also a short presentation from the webinar last week.
Please see https://www.linkedin.com/posts/i-trust_cybersecurity-itrustenablor-isac-activity-7206972972002193408-ME9H/?utm_source=share&utm_medium=member_ios for a quick update on this.
| Project “VAUBAN” – 2024 Multi-ISAC Tabletop |
You might remember that our City ISAC is a founding member of the EU Council of ISACs where we have many EU ISAC members from sectors like health, energy, finance, water, energy etc. As part of the work with the EU Council of ISACs we are also building out our relationship with ENISA. ENISA is planning a face-to-face Multi-ISAC event in October and we, the City ISAC, may have an opportunity to run a 120 minute tabletop with many ISACs in the room plus a wide range of ENISA representatives. The preliminary discussions have gone well, and we now have a 120-minute time slot in the morning of the second day. The tabletop will address all ISACs in the room and be based on a public administration being breached and asking for the support of the community to help tackle the challenge. The exercise will address all NIS2 domains and offer the ISACs a chance to jointly help.
After discussing with the ENISA, it is clear that we need to help them understand that public administrations OPERATE, SUBSCRIBE TO and MANAGE public services across ALL NIS2 domains besides delivering “normal” government services. At the same time, they protect the society we live in and thus are much more complex organisations than straight forward service providers in other domains.
In a next step, we will convene the RED TEAM planning activity – if you are interested in joining please let me know.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/