2026/2 Weekly Update from the EU ISAC for Cities & Regions: No Call Next Week / Short Term Benefits more important that TCO / OpenSSAM Trending Terms for the Day / Opportunity for (shared) supplier cyber controls remediation? / Feb 20th short vendor presentation CyberDesk /
** For Back Issues see https://isac4cities.eu/blog **
The City ISAC (I4C+) is an Information and Analysis Centre whose members are IT and cyber security decision makers exchanging knowledge to improve their cities and collective cyber resilience. I4C+ is a Special Interest Group (SIG) hosted by Major Cities Europe (MCE). Dr. Oliver Schwabe is a member of MCE and in his function Chair of the ISAC for Cities Plus (I4C+). He is the person in charge of this effort on behalf of MCE and the responsible contact person. I4C+ is recognized by the European Agency for Cybersecurity ENISA. See https://isac4cities.eu/.
** No call next week Friday 23 Jan 2025 **
Discussion Summary
Hi everyone, friends from Belgium, Bulgaria, and Italy joining! No-one seemed to have had a major cyber challenge recently, although one colleague seems to be facing 1/3 IT budget cost reductions this year (while keeping all services running of course) -> typical situation of being asked to do more with less, while (uninformed) leadership “ignores” major cost increases for cloud solutions over time – in this specific case the “free” nature of the first year licenses seems to be blending common sense…. #sigh. This was in parallel to discussing leadership understanding of a value proposition that says “IF we invest x in building an on-prem solution for something, then we will save 5x (or more) in total cost of ownership over a few years -> no “short term” benefit, but major longer term benefit….
We also spent some time discussing a call last Tuesday with a national cyber association where we discussed our MISP / AI based funding proposal. Lots of conversation around the “value” we can create and actually ended up identifying remediation of supplier cyber controls vulnerabilities as a key theOne colleague tackles this (among others) with the following blurb in a tender “The tenderer is responsible for the security of the software and any required middleware software. Therefore, the tenderer must be able to continuously update its software, third-party middleware, and operating systems. Any software module that contains security vulnerabilities must be replaced with a newer version. The tenderer shall ensure that the proposed software is not dependent on outdated underlying software. All necessary updates and patching are an integral part of the basic price of the contract. Software is considered outdated when the publisher no longer provides support in the form of updates.” In the end, seems we ended up with a stronger focus on controls against vulnerabilities plus the ensuing risk management processes (i.e. applying https://www.cisecurity.org/controls/v8 or national NIS2 legislation) – does not seem to be a use case for MISPs and we will investigate other solutions that might be more suitable for this sort of thinking. The CTI sharing approach / concept via MISPs remains relevant of course.
Note that on our call on Friday Feb 20th, we are inviting https://www.cyberdesk.app/ from 9:30am to 10:00am to introduce themselves and jointly reflect whether their thinking might be of use to us. “CyberDesk helps you to adaptively control who can take what actions on what data. Manage the access security of your human and non-human identities without disrupting your business.” This will be the first of a series of solution provider introductions to drive our learning forward. If we find the conversation interesting, we may also want to look at setting up a wider knowledge-sharing webinar on the topic.
OpenSSAM trending terms for today below – interesting to see “HIPAA Compliance” standing out -> if you are unsure what this is, you can always ask Barista on our webpage 😊
Cheers
Oliver
| ISAC Services (Member Funded) |
We have published our services at Services Offered – EU ISAC for Cities (isac4cities.eu). Please do review and consider reaching out to include such in your activities and budgets.
Note that emerging new services are related to managing the MISP platform (and onboarding) plus Barista.
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe.
Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/