| Weekly Update from the “City ISAC I4C+” Highlights: External Auditors remove Roadblocks / International Computer Days – Use Them / No Security without Physical Security / Do we have a Cyber INsecurity Pandemic (“CIP”)? / Essential Services need to be available OFFLINE [TLP:WHITE] Hi everyone and hope you are well – two cities and one region stopped by on Friday morning. Started by congratulating one of our colleagues on completing ISO Auditor qualifications and then wondering what goes on in the heads of auditors… At least most of us can separate between an internal audit function that acts as an “advisor” to improve things, and external auditors that “certify” (and can really build pressure to get things done) – nothing as effective as external auditors to remove roadblocks… We then stumbled across International Computer Days – see Top 10 Cyber Security Awareness Days Worldwide – SOCRadar® Cyber Intelligence Inc. Maybe something to pencil into your diaries as recurring communication efforts internally – we were a little cynical and reflected on printing Hallmark Cards for these, but why not use the opportunity? – Data Privacy Week (January 24 – 28) – Safe Internet Day (February 8) – National Clean Out Your Computer Day (February 14) – World Backup Day (March 31) – Identity Management Day (April 12) – World Password Day (May 5) – National Cybersecurity Awareness Month (October) – National Internet Day (October 29) – International Fraud Awareness Week (November 13 – 19) – Computer Security Day (November 30) After some reflections on how important physical access security, electrical power capability and air-conditioning are in our worlds, we reminded ourselves that no matter how good the cyber security tools we deploy, if people prop open data centre doors, electrical power is cut and / or air-conditioning fails, these advanced tools have no value – fix the basics needs to be part of our daily routines since we definitely cannot rely on others to meet our needs unfortunately. For one member, “Group Property” is probably the biggest threat to cyber security #sigh… The above then got us to the infrastructure needed in disaster response rooms and the reminder that the lower the technology level the better – take a look at how the military, police and fire-service organise themselves – a lot to learn about what it takes to manage communications in disaster situations (and a major cyber breach is a disaster situation!). Final thought was reflecting on the cyber security situation overall actually being a “Cyber INsecurity Pandemic” and that for public administrations the priority must be to ensure operational availability of services to citizens WHEN the electronic services go down (and they will at some point). The more electronic and networked the world becomes, the easier it in fact becomes to “take them down”… Well prepared administrations are able to deliver their services OFFLINE (well, at least provide a basic level of them)… |
| UPDATES In the News: Sevilla in Spain in the news this time – https://www.europapress.es/andalucia/sevilla-00357/noticia-investigan-nuevo-hackeo-ayuntamiento-sevilla-caida-sistema-informatico-20230905142054.html. City ISAC Services (Member Funded): We have been invited to join a Regional Cybergovernance Working Group being set up by one of our regional members – the aim will be to explore the gap between EU cyber legislation and “reality” to then begin working on closing that – close link to the NIS2+ activity within Project “David”. Project “DAVID” (Member Funded): The MOU with one of the Big 5 advisory firms is nearing completion and will trigger a 3-4 months project looking in-depth at NIS2+ and defence-in-depth frameworks. Project “MEET” (EU Funded / Beneficiary): We should be finalizing the grant agreement shortly and have engaged the support of marketing experts via our friends at CS-AWARE (https://cs-aware.com/) to help with our “1000 new cities in 9 months” campaign coming up. Project “VAUBAN”: If you are interested you can find a video of our Larissa Tabletop Exercise at https://www.youtube.com/watch?v=OC_-DqyQ9C4 (Start at minute 50, end at 2 hrs and 48 minutes). Repeating this with a German association of public administrations in Leipzig end of November – always fun, effective, thought-provoking and beneficial. We are happy to repeat for you if you like. |
Please remember you can reach the whole group via city-isac-i4c-tlpwhite@majorcities.eu. A dedicated group for those cities signing the NDAs is available separately.
Also note our LinkedIn organisational page at https://www.linkedin.com/company/eu-city-information-sharing-and-analysis-center-isac/ and our discussion group at https://www.linkedin.com/groups/12773643/. Do follow us / join.
Join our weekly Friday morning coffee chats from 9am-10am CET – feel free to come in your pyjamas. Let me know if you are missing an invite and I will send.
Thank you for the support, your City ISAC I4C+ Team.
Cheers and ever onwards
Oliver
Innovating our Future… Together
Chair City ISAC I4C+ / Dr. Oliver Schwabe. Email: oliver.schwabe@isac4cities.eu Mobile: +49 (0) 1709053671. Web: https://i4c.isacs.eu/ & https://www.majorcities.eu/isac-for-cities-plus/