2024/36 Weekly Update from the MCE SIG “City ISAC I4C+” Highlights: Upcoming webinar: Collaborate, Share and develop your security with ISAC Baseline on Tuesday 5 November 2 pm – 3 pm CET / News on “NIS2 compliance eats up IT budgets despite doubts” / Cyber open 9-5? / Role of LGMAs in Cyber?
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials (Repeat # 5): A major Cyber Incident will occur – I just have to make sure the Crisis Response Team convenes immediately.
- Weekly [TLP:RED] for Essential Services Managers (Repeat # 5): A major Cyber Incident will occur – I just have to make sure I can provide my services without IT (Business Continuity Management).
- Weekly [TLP:RED] for IT Leaders (Repeat # 5): We are heroes when it comes to getting old kit back running… not making the effort and letting it fail is the fastest route to new kit.
| Summary |
Hi everyone, I hope you are doing well. Quiet session on Friday morning with only two cities / regions joining from Ireland. Main thing we chatted about was what is “good enough” to achieve goals (usually a lot less than we think) and how NIS2 is coming along at a national level – especially the national level classification of what critical services are is quite interesting – indeed there seem to be a lot of dynamics trying to minimize this! It is of course clear that any service classified as critical will need to become NIS2 compliant and that will legally mandate significant investments – obvious that any organisations will try to reduce this impact.
We also shared thoughts on the critical role of Local Government Associations in driving cyber resilience and reminded ourselves that many national cyber efforts are indeed sort of “special interest groups” of such associations – makes sense and something we are considering in the funding proposal we are creating currently.
One interesting story from a colleague was how central national cyber resources were only available 9-5… We sighed and decided not to go down that rabbit hole… FIX THE BASICS PLEASE!!!
Other discussions ongoing during the week were:
- Possible collaboration with a major US based philanthropical organisation that is, among others, helping public administrations become more cyber resilient through various activities they fund.
- A possible webinar in collaboration with our friends at ECSO (https://ecs-org.eu/) on “Hiring and managing cybersecurity teams as a local and regional administration”.
- Exploring a joint project with a major EU region to formulate a legally robust agreement between ecosystem stakeholders to help each other in the event of a major cyber incident. This is something that was clearly raised as a priority at the ENISA Multi-ISAC summit in Athens recently – although a huge amount of informal support is always offered, “legalising” this would accelerate things.
- An interview with CyAN (https://cybersecurityadvisors.network/) to be socialised via their YouTube channel etc – see https://www.youtube.com/watch?v=W-7edx7Le6Y as an example – focus there is “Linux Malware and Security”. Subject and interview partners to be confirmed.
So, just a small update this week and have a great weekend!
Cheers,
Oliver
Insights from AI
Local Government Management associations play a critical role in raising cyber resilience. I asked CoPilot “what is the role of local government management associations in cyber security? The AI responded as per below:
“Local government management associations play a crucial role in enhancing cybersecurity for local governments1. Here are some key ways they contribute:
Providing Expert Guidance: Associations like the Local Government Association (LGA) offer frameworks and resources to help local governments improve their cybersecurity posture2 For example, the LGA Cyber 360 Framework provides expert guidance and feedback to senior leadership and management2
Promoting Best Practices: These associations encourage the adoption of best practices and standards in cybersecurity2. They share insights and case studies from other local governments to help identify vulnerabilities and implement effective countermeasures3
Facilitating Collaboration: By fostering a collaborative environment, associations enable local governments to share resources, knowledge, and experiences4. This collective approach helps in building a stronger defense against cyber threats4
Raising Awareness: They conduct training sessions, workshops, and seminars to raise awareness about cybersecurity issues among local government employees1. This helps in creating a culture of cybersecurity awareness and continuous improvement2
Advocating for Cybersecurity: Associations often work with national cybersecurity authorities to advocate for policies and regulations that support stronger cybersecurity measures2. They ensure that local governments have the necessary support and resources to defend against cyber-attacks2
By playing these roles, local government management associations help local governments become more resilient and better prepared to handle cyber threats.
1 icma.org
| In the News |
- Join Our upcoming Webinar on Benchlearning: Learn how ISAC Baseline can help your city enhance its cybersecurity and collaborate in a community of peers across Europe. Register for our webinar on November 5th and see how compliance work with NIS2 requirements is effectively supported by Benchmarking and a Solution Library with shared security practices using the Benchlearning principle. Registration is here: https://events.teams.microsoft.com/event/a826eed1-27ff-4804-ad3f-d1bfe0803de5@ab59e806-3337-45df-8257-2bc61793098b
- Lessons learned from the Ferrara City Hall ransomware attack https://www.theinnovationgroup.it/le-lezioni-apprese-dallattacco-ransomware-al-comune-di-ferrara/?lang=it
- NIS2 compliance eats up IT budgets despite doubts https://www.csoonline.com/article/3596485/nis2-compliance-eats-up-it-budgets-despite-doubts.html?utm_campaign=DAM&utm_medium=email&_hsenc=p2ANqtz-__BnWBxEGHGuqSbJEC2mssKNFfxDD_7l3LqMihHS-I5kh4yF9NEL5Yc0qYl7jgsQXXFz8aNDd-11RYCuU06tIVdKMon43sL9ANWO_KvvW846XIuT4&_hsmi=331958244&utm_content=331958244&utm_source=hs_email
- Building cyber-resilient cities in an increasingly digital world https://www.smartcitiesworld.net/data-privacy-and-security/building-cyber-resilient-cities-in-an-increasingly-digital-world?utm_source=newsletter&utm_medium=email&utm_campaign=Daily%20Newsletter
| City ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
| Project “IBAS” – DIGITAL-ECCC-2024-DEPLOY-CYBER-07-CYBERSEC-02 |
We are currently beginning to prepare a proposal for DIGITAL-ECCC-2024-DEPLOY-CYBER-07-CYBERSEC-02 “Support for Implementation of EU Legislation on Cybersecurity and National Cybersecurity Strategies (2024)” that will be due for submission on January 21st, 2025.
The focus will probably be supporting NIS2 deployment by raising local / regional NCAF maturity through replicating / localising the ISAC Baseline Cooperation model currently implemented by our friends at I-Trust. If any local / regional public administrations or Local Government Management associations are interested, please contact me – I expect that we will be able to deploy to a maximum of 3 EU member states.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/