2025/27 Weekly Update from the EU ISAC for Cities & Regions: Barista AI assessment of FortiGate 600F firewall and Cisco C9500-16X-A core switches secure configuration / GC confirms DPF: US data transfers remain secure for the time being / Risk solutions being explored to support NIS2 / 25 public administration entities respond to ENISA NIS360 survey – thank you!

von oschwabean Veröffentlicht am

2025/27 Weekly Update from the EU ISAC for Cities & Regions: Barista AI assessment of FortiGate 600F firewall and Cisco C9500-16X-A core switches secure configuration / GC confirms DPF: US data transfers remain secure for the time being / Risk solutions being explored to support NIS2 / 25 public administration entities respond to ENISA NIS360 survey – thank you!

** For Back Issues see https://isac4cities.eu/blog **

The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.

Discussion Summary

Hi everyone, friends from Belgium, Bulgaria, Estonia, and Italy joining this week to news like “Finland’s Defence Ministry website crashes following DoS attack” (see https://yle.fi/a/74-20184805) and  “Yle: Russian hacker group targets Finnish government in cyberattacks” (see https://www.helsinkitimes.fi/finland/finland-news/domestic/28002-yle-russian-hacker-group-targets-finnish-government-in-cyberattacks.html) which then led us to the perennial reflections on how to assess impact of cyber incidents on public administrations which is then the basis for introducing the robust risk management practices that NIS2 asks for. Some solutions colleagues are currently looking at including https://corestreamgrc.com/, https://corporater.com/, https://kordon.app/, https://maiky.io/, or https://www.zengrc.com/. Note that in the end we need to look at solutions that can provide (and maintain over time) mapping to multiple standards – the technology of all these providers is quite similar.

Regarding the risk management thoughts above we also discussed that in the end we need to be able to focus on not only what is relevant, but also what is feasible in practice. None of us have all the resources to remediate all the key threats. AI is definitely not the solution since the actual patching / upgrading etc of assets will remain a manual task by default and requires extensive knowledge of our specific contexts.

ENISA sends us their thanks for helping to solicit input of public administrations to the 2025 NIS360 survey. Since the responses were anonymous, we do not know which members responded, however I am sure we made our contribution! Our support makes a real difference it seems, and we may be invited to join the emergent NIS360 Expert Advisory Council. Note that the deadline for completing the NIS360 survey has been extended until 30 September 2025. This extension will give everyone a bit more time to contribute, and we kindly encourage those who haven’t yet participated to do so. Link to survey: https://enablor.dk/auth/register/survey/8419079683a240e88266e257bf391b00?lang=en&enisa=true

Also of importance is that “GC confirms DPF: US data transfers remain secure for the time being”. See GC confirms DPF: US data transfers remain secure – for now. Remember though that this may be treated in difference in practice and that behaviours of nation state actors may change quickly. Best “Go EU!”.

There was also an “Alleged violation at the Municipality of Florence: access and data for sale on the Dark Web” (see https://www.redhotcyber.com/post/presunta-violazione-al-comune-di-firenze-accesso-e-dati-in-vendita-nel-dark-web/) that we explored a little with colleagues from the region.

We also continued our Barista discussion from last time (“Whether he thought an example Defence in Depth solution set consisting of … was effective and whether he thought there were any gaps…” see https://isac4cities.eu/2025-26-weekly-update-from-the-eu-isac-for-cities-regions-no-friday-calls-12-19-sep-barista-ai-assessment-of-regional-defence-in-depth-solution-suite-draft-enisa-threat-landscape-2025) using more detailed information about the firewall and core switches of the participating public administration. We asked Barista (via https://chat.mistral.ai/chat/) “If I am a public administration in Europe and have a FortiGate 600F firewall and Cisco C9500-16X-A core switches, what configuration of both solutions is optimal to protect against threat actors?”. Barista suggested the below. Key challenge may be that not all infrastructure supporting critical services / infrastructure is behind the firewall/core switches? This is where we are trying to fund some discovery work in an administration to look at what I would call “waifs and strays” that sit outside our defence in depth architecture.

“For a European public administration using a FortiGate 600F firewall and Cisco C9500-16X-A core switches, the following configurations are recommended to optimize protection against threat actors:

FortiGate 600F Configuration

  • Enable Unified Threat Protection (UTP): Ensure your FortiGate 600F is licensed for FortiGuard UTP, which includes intrusion prevention (IPS), advanced malware protection, application control, URL/DNS filtering, and antispam services. This provides comprehensive, AI/ML-powered threat detection and mitigation at scale, including zero-day protection and SSL inspection without performance degradation.
  • Deploy Zero Trust Network Access (ZTNA): Use FortiGate’s built-in ZTNA to control and verify user access to applications, reducing lateral movement risks by granting access only to validated users.
  • Leverage AI/ML Security Fabric: Integrate the FortiGate 600F into the Fortinet Security Fabric for automated, fabric-wide threat intelligence sharing and response, enhancing visibility and reducing response times.
  • Regular Updates: Keep firmware and FortiGuard services up to date to ensure protection against the latest threats.

Cisco C9500-16X-A Configuration

  • Enable MACsec Encryption: Use MACsec on all switch ports to encrypt traffic at the data link layer, preventing eavesdropping and man-in-the-middle attacks.
  • Implement Access Control Lists (ACLs): Configure ACLs to restrict traffic between VLANs and network segments, limiting exposure to threats and enforcing least-privilege access.
  • Network Segmentation: Utilize VLANs and VRFs to segment traffic, isolating sensitive data and reducing the attack surface.
  • Cisco TrustSec: Deploy TrustSec for identity-based access control, ensuring only authorized devices and users can access specific network resources.
  • Regular Firmware Updates: Keep the switch firmware updated to patch vulnerabilities and maintain compatibility with the latest security features.

Additional Best Practices

  • Centralized Monitoring: Use FortiAnalyzer or Cisco DNA Center for centralized logging, monitoring, and automated threat response.
  • Redundancy and High Availability: Configure both devices for high availability (e.g., FortiGate HA cluster, Cisco StackWise Virtual) to ensure continuous operation during failures or attacks.

By combining these configurations, your network will be well-protected against a wide range of threat actors, from malware and ransomware to insider threats and advanced persistent threats (APTs).”

Ah yes, our colleague Alan Shark has published a great new conversation called “Season 5: Episode 12: Policy, AI, and Cybersecurity – Inseparable” available at https://blubrry.com/1469918/148658394/season-5-episode-12-policy-ai-and-cybersecurity-inseparable/. Well worth listening in!

Cheers, 

Oliver

In the News
  • Major Cities of Europe, in collaboration with the City of Issy-les-Moulineaux, is pleased to announce the joint 2025 conference under the theme of “Piloting Disruptive Innovation in Cities and Regions”, which will be hosted at the UGC Congress Centre from October 9 to 10. Integrated into the Greater Paris Metropolis, Issy-les-Moulineaux is one of the most innovative cities in France and has long been recognized as a leader in digital innovation, circular economy, and environmental footprint reduction. The event is co-organized with Issy Media, the public company responsible for communication and innovation in Issy-les-Moulineaux. The conference will be conducted in English and French, with simultaneous translation available. See www.majorcities.eu for more details.
  • EU ISACs Summit, 10–11 November 2025, Athens: ENISA is pleased to announce the 2025 edition of the EU ISACs Summit, which will take place on 10 November (afternoon) – 11 November (full day) at ENISA premises in Athens. As in previous years, we plan to dedicate the first day to hearing updates and future plans, and the second day to a more interactive session or exercise. With plenty of time ahead, we would love to hear your ideas and suggestions for the agenda. Please share your input with us by 19 September.
  • The North European Cyber Days: ECSO is proud to announce a new major event designed for the European Cybersecurity Community: The North European Cyber Days, taking place on 4, 5 & 6 November 2025 at the Oslo Science Park, Norway. This high-level event will bring together key stakeholders from across cybersecurity, artificial intelligence (AI), and critical sectors to explore shared challenges, foster cross-border collaboration, and unlock new opportunities for investment, innovation, and resilience in Europe’s digital landscape.
  • INVITATION to the 2025 European TLD ISAC Conference: Our friends at TLD ISAC are delighted to invite you to their 2025 edition of the European TLD ISAC Conference, which will take place on 20 November in Brussels. Under the overarching theme “Ensuring cyber resilience amidst shifting threats and geopolitical realities”, we will hear voices from across the political, policy, technical and operational spheres. Attendees will gain insights into how European stakeholders view and deal with the challenges arising from the unpredictable geopolitical situation and why collaboration is more important than ever. In our tech-focused sessions, speaker will dive into attack simulation and response strategies, intel sharing and monitoring practices, malware detection and vulnerability management approaches. As this is an invitation-only event, we encourage you to register early to receive the latest updates. If you are interested in joining, please contact me for registration details.
  • EE-ISAC 26th Plenary: Celebrating 10 years of cybersecurity collaboration! 29 October 2025 | Brussels, Belgium. We are excited to announce that the EE-ISAC will host its 26th Plenary on October 29, 2025, in Brussels. This event will be especially significant as it marks EE-ISAC’s 10th anniversary – a full decade of empowering the European energy sector with collective cybersecurity knowledge, trusted partnerships, and strategic resilience. This is a face-to-face event and by invitation only. If you are interested in joining, please contact me for registration details.
  • Health-ISAC is hosting their annual European Summit in Rome, Italy, from October 13th to 17th. All ISACs in the EU-CI to invited to join. Each ISAC representative can attend the conference and all social activities at the rate of our member fee (200USD for September). All other costs pertaining to travel, accommodation, VISA etc. are to be borne by the participants themselves. The full agenda and details can be found here: https://web.cvent.com/event/c0d19f09-cf39-4fbd-9019-055b19bc45a3/summary.
  • Aviation-ISAC is hosting their Summit in Zurich, Switzerland, from October 14th to 17th, 2025. I would like to warmly invite all ISACs in the European Council of ISACs community to attend. Each ISAC representative is welcome to participate in the conference and all social activities. A registration rate is available and can be consulted directly on the event page. Please note that all other costs related to travel, accommodation, visa, etc., will be the responsibility of the participants. You can find the full agenda, logistics, and registration details here: https://www.a-isac.com/summit

Looking for Opportunity to conduct End-To-End Smart City Service Security Assessment

As part of some exploratory work, we are looking for an opportunity to conduct an end-to-end security assessment of an active Smart City Service. At this stage we would apply for national NCC FSTP grants via a trusted SME and in partnership with the administration. Some details below and please reach out to me if you are interested in learning more – need someone on your side that can help evaluate the service please.

The outcome would be something similar to the below template where:

1. All IT assets supporting the service are identified,

2. The security of the assets is assessed (using https://www.cisecurity.org/controls/v8-1),

3. Actions to improve the end-to-end security are identified (item and Defence in Depth level) and prioritised, and

4. the (anonymised) results / recommendations are validated with other members of our community.

The IT assets are then held in our ISAC MISP and threat intelligence for these assets monitored / managed there. Data security provided via permissions management and an MoU would of course also be needed.

In a further stage we could look at how to leverage AI to help in identifying actionable items / manage these to closure.

We would then also look to map the results into control frameworks that you use locally/regionally/nationally, and of course NIS2/CIS18 etc.

We aspire to use the experience to build a robust pilot and, if benefits are visible, to identify local/regional/national/EU funding sources to grow.

The benefit for participants is (a) the additional resources we provide (b) improving the security of Smart City projects, and (c) the opportunity to learn how others are tackling specific IT asset (and end-to-end) security.

ISAC Services (Member Funded)

We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.

Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.

 

Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.

Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/.  Do follow us / join.

Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.

Thank you for the support, your City ISAC I4C+ Team.

Cheers and ever onwards

Oliver

Innovating our Future… Together

Chair City ISAC I4C+ / Dr. Oliver Schwabe.

Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/  

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert