Periodic Reporting for period 1 - GEIGER (Geiger Cybersecurity Counter)
Reporting period: 2020-06-01 to 2021-05-31
The overall objective of GEIGER is to contribute to a transparent Europe in which security, privacy, and data protection are a commodity that safeguards MSEs from undetected problems or imminent attacks, thus protecting the European economy from damage. To reach this objective, we develop a zero-knowledge incident database that unlocks risks and incident sensing in MSEs. We realise an indicator that easily allows anybody to understand their own risk and compare it with others. This indicator, supported by an open toolbox, makes the experience and intuitive tools available for immediate and effective risk reduction. A low-threshold and easy-to-join educational ecosystem is being established to reach and even attract attention from endangered and unprotected MSEs.
The main technological achievements are the definition of the GEIGER Framework architecture, a minimally viable version of the GEIGER Indicator, early versions of the GEIGER Toolbox and GEIGER Cloud data repository, preliminary specifications of APIs for communication with the GEIGER Toolbox and Cloud, and adaptations of tools to be integrated into the GEIGER Toolbox.
The educational work has resulted in a competence grid specifying learning objectives at different competence levels (level 0, i.e. everyday knowledge, to level 4, i.e. expert knowledge) and related to learning scenarios. The educational curriculum (GEIGER Cybersecurity Curriculum) is interoperable thanks to its specification based on xAPI (around 200 statements), supporting the communication between the GEIGER Framework and educational tools. In terms of educational tools, prototypes of gamified learning features have been developed and tested. In terms of community-building, the education provider community has been outlined.
Regarding dissemination, we have established awareness and interest of GEIGER in ‘multiplier’ organisations, including existing networks of Education Providers, CERTs/CSIRTs, and MSE associations. For early exploitation planning, MSEs have been involved in shaping and testing a compelling value proposition of the GEIGER solution.
GEIGER also builds a standardised learning programme 'Certified Security Defeners' and a community of competent individuals and organisations that offer help to MSEs by collaborating with schools, professions, and startup hubs. The GEIGER Cybersecurity Curriculum for MSEs focuses on previously neglected – non-IT – target groups and guides pertinent policies, significantly impacting the large target group of non-IT professionals working in MSEs. Discussions in this regard with, for example, ENISA have been undertaken to exploit the curriculum. Related to technology, the 'GEIGER Framework' is taking privacy awareness to the next level and contributing to ‘privacy-by-design. The GEIGER Education Ecosystem will include the automated training recommendations for individual learners, and a set of training sequences in this regard.
GEIGER creates impact by enabling MSEs and building capacity for these MSEs in security, privacy, and data protection. With the holistic definition support of the relevant ecosystem, the GEIGER project contributes to strengthening security, privacy, and data protection as a shared responsibility. The GEIGER solution will help to reduce economic damage caused by cyber-attacks and to pave the way for a trustworthy EU digital environment.
The next project phase will increase the maturity level of GEIGER by piloting it in Switzerland, the Netherlands and Romania.