2025/1 Weekly Update from the MCE SIG NEW: Welcome to 2025 / “Red” Alert on returning to work? / Attack Simulations can be easy and powerful / Is “Gartner says…” the way to go? / No Christmas Presents – We must have been naughty in 2024 ☹ / ISAC Baseline Project continues
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
| Weekly [TLP:RED] |
Please contact us directly for more information – these are summaries only and the “key” is in the actual stories shared privately. The stories are based on personal sensitive knowledge shared by peers in personal conversations under Chatham House Rules. This “stuff” may look obvious (?) – the magic lies between the lines and only becomes visible in a personal conversation.
This week´s thoughts are based on the scope of essential services your public administration subscribes to, operates, and manages, including what IT systems support their delivery.
- Weekly [TLP:RED] for Publicly Elected Officials (Repeat # 13): Yes, you must officially report some cyber incidents within certain timeframes – but you can ask for an extension – the later the better!
- Weekly [TLP:RED] for Essential Services Managers (Repeat # 13): Make sure you have access to data backups of your key transactions; plus a local in-office solution you can use for Disaster Recovery.
- Weekly [TLP:RED] for IT Leaders (Repeat # 13): Gigs for staff in other administrations are very helpful for learning different ways of doing things.
| Summary |
Hi everyone, I hope you are doing well and 2025 has started without too many surprises for you (see https://isac4cities.eu/welcome-to-2025-may-it-bring-you-much-happiness-good-health-and-success-in-your-endeavors for our welcome message. We find returning to work after the Holiday Break is always a little challenging since it is typically a very good break and we come back all rested etc…. Reality strikes quickly and if we do not have our “shields” up things can get tough – personally I made the mistake of coming back to professional life without putting on my armour – sort of like entering a battlefield in t-shirt, shorts and flip-flops – BAD idea… I´ve recovered by now and am back in my full armour, shields are up, torpedo tubes loaded and phasers activated… “Red Alert” 😊 Any yes, some major cloud providers decided to run updates while I was off resulting in diverse solutions suffering “melt downs”… Hey ho… Image of a Star Wars rebel fighter… more effective attitude for returning from vacation I think!
Colleagues from Belgium, Croatia, Italy, and Spain joining this first Friday call for 2025 and a busy catch-up on what we have been up to during the Holiday Break 😊 Fortunately, no-one suffered any major cyber-issues, although in one country there was a case where the third-party supplier of digital signature capability was breached and customer lists exfiltrated – sounds like some great data to design a targeted phishing campaign with! On a positive side, one colleague was able to negotiate a 95% license cost reduction on some software on 22 December – yet again proof that buying licenses at the very last moment in a year can really save money!
We then had a fascinating walk-through of an attack simulation for the Turla Snake Malware with AttackIQ recently completed by a colleague – very low effort needed it seems. Of course they failed miserably, however the reports were able to pinpoint exactly what security measures needed to be enhanced which is goodness. Important to note as well, is that the simulation had their SOC SIEM light up like a Christmas tree, so if you do decide to do these sorts of things, make sure you warn your colleagues. The colleague runs these sorts of simulations a few times a month and then uses the results to incrementally improve their security position.
Another colleague then shared how they were in the middle of a SOC SIEM solution discovery and that they are getting great value from creating and using their own use cases versus using those provided by the various solution providers they are working with. Clear learning point never to use the scenarios suggested by a vendor since these are often designed to be very successful / convincing – use your own context, your own knowledge to design what is relevant for you – may not replace all the suggested use cases but makes sure you are including those that are specific to you. Ah yes, I don´t forget that just because Gartner advocates something, it is worth the praise – as with any such assessment companies their business model is not really what you would expect, and their views not always scientifically driven. “Gartner says…” is NOT the best strategy…
Remember in our last update in 2024 we suggested some Christmas presents for your ISAC and suggested reserving some 2025 budget for contracting our services (see https://isac4cities.eu/services-offered, i.e., a tabletop, dark web monitoring or outsourcing your risk management), joining the ISAC Baseline project (see https://isac4cities.eu/public-administration-isac-baseline), joining our hosting organisation Major Cities Europe (see https://majorcities.eu/) or auditing the cyber security of your supply chain? Unfortunately, there were no presents under the Christmas Tree and hence I suspect we must have been naughty in 2024 – we´ll try harder in 2025!
The ISAC Baseline Project (“IBAS”) with three of our ISAC members who have taken the “leap of faith” to launch this effort will soon convene for some basic training and discussion how to capture benefits both individually and as a group. See https://isac4cities.eu/public-administration-isac-baseline for an overview of this effort. The members represent three countries, and it will be fascinating to watch as we accelerate the path to cyber resilience and NIS2 compliance through bench learning.
Additionally, please note that for 2025 we are considering the following activities:
- (Maybe) May 2025 Virtual tabletop – re-run the ENISA Multi-ISAC tabletop
- October 2025 Face-to-face tabletop at the MCE annual conference – re-run the ENISA Multi-ISAC tabletop
- (open) Research differences between national implementations of NIS2 (subject to funding)
- (open) Joint Webinars with ECSO & Region Tuscany
- (open) Webinar for ENISA to present their 2025 360 NIS2 survey
- (open) Webinar with ENISA to discuss how we can input to NIS3 and onwards
- (open) Webinar with ECCC to discuss how we can input to the future funding programs
- (open) Webinar with examples of AI use in cyber in public administrations
Cheers,
Oliver
Insights from AI
I was involved in quality checking AI outputs recently and to be frank, the results of AI queries could have been better. I therefore asked CoPilot “why is it important to regularly check the accuracy of AI results?” The AI responded:
“AI can be incredibly powerful, but it’s not infallible. Here are a few reasons why regularly checking the accuracy of AI results is important:
Error Detection: AI models, like any software, can make mistakes. Regularly checking for errors ensures that these mistakes are identified and corrected promptly.
Bias Mitigation: AI models can sometimes inherit biases present in the training data. Regular accuracy checks help identify and address these biases to ensure fairness and equity.
Model Degradation: Over time, the performance of an AI model can degrade due to changes in the environment or data. Regular monitoring helps maintain the model’s reliability and relevance.
Compliance and Ethics: Ensuring the accuracy of AI results is crucial for compliance with regulations and ethical standards, especially in sensitive applications like healthcare or finance.
Trust Building: Regular accuracy checks build trust with users and stakeholders, demonstrating a commitment to quality and reliability.”
| In the News |
- No specific updates
| City ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
| ISAC Baseline (IBAS) Project |
ISAC Baseline (IBAS) Project – Benchmark Data Now Available
Benchmark data is now available on the ISAC platform and see https://isac4cities.eu/public-administration-isac-baseline for more details on this opportunity.
The ISAC benchmark platform offers a unique opportunity for public administrations to benchmark themselves against not only regulative requirements but also other local governments around Europe.
Benchmarking data from European municipalities are now available in the ISAC Baseline Program providing participants with insight into how similar organizations perform and comply with legislation.
Assessing the organization’s security level gives insight data on compliance with both legislation as well as automated mappings to security frameworks such as ISO 27001-2, CIS 18 and NIST CSF.
When entering the ISAC platform, the European benchmark is already available – and as the organizations own data is entered is will see its own effort compared with alike units:
The enablor platform can be used within your own organization and is a shortcut to collaborating with similar European organizations.
We now have three cities from three different EU member states participating as the “launch team”, whereby the Danish project (which has been ongoing for several years) will of course be mentoring this new community as it develops.
If you are a region, you can also “sponsor” membership for your cities to create regional benchlearning groups. If you are a nation, then you can sponsor membership for your regions and cities as well of course.
Key value proposition? In the many discussions leading up to the launch, we see that the key value of participating is (a) access to a massive amount of detailed “real stories” on successful implementations across the NIS2 spectrum, and (b) significantly reduced efforts for reporting.
If needed, we can also provide administrative support for transferring existing data into the enablor platform.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671