2025/33 Weekly Update from the EU ISAC for Cities & Regions: Pilot for DEP proposal developing first platform services / Reflections from EU ISACs meeting in Athens / Visitor passes to Cyber Europe 2026 -> Cyber Europe 2028 focus on Public Administrations? / Working groups on cyber TCO etc?
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
Discussion Summary
Hi everyone, friends from Belgium, Ireland and Italy joined.
The pilot for the DEP proposal (see https://isac4cities.eu/2025-31-weekly-update-from-the-eu-isac-for-cities-regions-dep-proposal-evolving-misp-of-misps-on-the-way-open-a-flower-shop-pa-cisos-might-quickly-replac) continues evolving and we looked at the MISP instance set up by one of our member cities – interesting to see things in action and how the contents are updated automatically to their TrendVision platform every few minutes (updates to the MISP currently being made manually) – so the concept seems to be working and now waiting for our instance at https://www.circl.lu/services/misp-malware-information-sharing-platform/ to be set up. The colleagues attending then agreed to tr and set up the same software (https://www.misp-project.org/) to then connect it to that central instance. In the first phase pilots will be able to PULL CTI, in the second phase they will PUSH CTI (meeting whatever legal boundaries they are subject to), in a third phase we would look at using Mistral AI to automate a variety of processes. Let me know if you are interested in joining – looks like there is some momentum building. Note the many interesting community already hosted there https://www.misp-project.org/communities/.
We also shared some reflections on the ISAC conference we attended in Athens at the beginning of the week. ISACs attending:
- Financial Services (Global) – Very Mature, 100s of members
- Maritime (EU Port Authorities) – Young, maybe a dozen members
- Aviation (Global) – Very Mature, 100s of members
- Banks (EU / Ireland) – A strange one, Irish central bank and various Irish organisations
- Automotive (Global) – Very Mature, 100s of members
- Retail & Hospitality (Global) – Very Mature, 100s of members
- Top Level Domain TLD (EU) – Young, maybe a dozen members
- Health (Global) – Very Mature, 100s of members
- Energy (EU) – Young, maybe a dozen members
- Space (EU) – Young, maybe a dozen members
The first day was mainly presentations by ENISA on various activities – clear is they are looking for / need input from ISAC members who are the final targets of any directives/policies/procedures etc. Lots of good information we will pass on once we receive.
The second day was most interesting. Started with an introduction to Cyber Europe 2026 planning (see https://www.enisa.europa.eu/publications/cyber-europe-2024-after-action-report for the report on the 2024 event). We have an opportunity to get visitor passes for this exercise and perhaps also get Cyber Europe 2028 focused on public administrations.
In parallel, I was in renewed conversations with a colleague at the Financial Services ISAC about putting together a cross-sector playbook – more once I hear from him. This follows up on the Phalanx simulation I ran at last year´s event.
What we think we noticed was that the successful ISACs deliver a portfolio of (ongoing) services to their members and are member funded. They provide more than discussion rounds, and this is why I think our efforts to create a joint MISP that public administrations can connect into make a lot of sense
There were many excellent side discussions as usual, and we also met one of the heads of DG Connect who was actively interested in having a discussion with us. I am also having many discussions with the other ISACs around the future of the EU Council of ISACs – ENISA extremely interested in having a strong partner there. As mentioned above ENISA very interested in direct contacts with the members of ISACs and driving the ISAC efforts overall – as usual no budgets available on their side though.
Overall, I think it was valuable for us to be there – the relationship with ENISA is definitely an important one for us and ENISA does reach out to us for comment on relevant publications/research nowadays.
Interesting as well is that while in the last years ENISA worked to create products for ISACs, i.e. MISP, file storage, collaboration tools, they are not being adopted by the ISACs – the ISACs are developing their own solutions instead – ENISA is therefore triggering individual ISACs in certain directions which are of value.
Below the “standard” picture of participants of an ENISA event in Athens 😊
On a further interesting note, one colleague who unfortunately cannot participate in our Friday call, suggested we jointly explore topics such as (a) cyber total cost of ownership model could be introduced in public tenders, (b) a European salary benchmarking system, and (c) a mandatory “Cyber Safe EU” certification could be introduced for all digital assets purchased by public administrations. These are all excellent topics for a small working group to generate a small piece of work we could discuss with ENISA. Anyone interested?
Cheers,
Oliver
| In the News |
- Tuscany & Brittany Region invite to webinar on AI on 26 November – the webinar on “AI & Cybersecurity in regional and Local Authorities“, taking place on the 26th of November from 09:30 to 11:00. This session is a part of the Cyber Resilient Regions Community (CRR) initiative co-organized by ECSO with the Tuscany Region, Major Cities of Europe, and EU City ISAC I4C+. To register, please find the event page here. The session aims to provide clear, non-technical insights into the risks and opportunities of AI in cybersecurity, highlighting practical experiences and best practices to help Regional and Local authorities strengthen their cyber resilience. This webinar is open to all – regional authorities, companies, start-ups (technical teams/decision makers / topic-based – cyber enthusiasts).
- INVITATION to the 2025 European TLD ISAC Conference: Our friends at TLD ISAC are delighted to invite you to their 2025 edition of the European TLD ISAC Conference, which will take place on 20 November in Brussels. Under the overarching theme “Ensuring cyber resilience amidst shifting threats and geopolitical realities”, we will hear voices from across the political, policy, technical and operational spheres. Attendees will gain insights into how European stakeholders view and deal with the challenges arising from the unpredictable geopolitical situation and why collaboration is more important than ever. In our tech-focused sessions, speaker will dive into attack simulation and response strategies, intel sharing and monitoring practices, malware detection and vulnerability management approaches. As this is an invitation-only event, we encourage you to register early to receive the latest updates. If you are interested in joining, please contact me for registration details.
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/