Skip to main content

Geiger Cybersecurity Counter

Periodic Reporting for period 1 - GEIGER (Geiger Cybersecurity Counter)

Reporting period: 2020-06-01 to 2021-05-31

Micro and small enterprises (MSEs) are increasingly 'going digital'. This also increases the likelihood of incidents due to negligence or malicious attacks. This challenge has also been amplified with the covid-19 pandemic that has boosted digitalisation and, at the same time, led to a stiff increase in cybercrime. It's crucial that these small businesses are aware of their risks related to data protection, privacy, and cybersecurity and get help in reducing them. There are plenty of solutions available, but they don't match the needs of small businesses that have little or no expertise in digital technologies or resources to invest in costly and complicated solutions. GEIGER aims to close this gap.

The overall objective of GEIGER is to contribute to a transparent Europe in which security, privacy, and data protection are a commodity that safeguards MSEs from undetected problems or imminent attacks, thus protecting the European economy from damage. To reach this objective, we develop a zero-knowledge incident database that unlocks risks and incident sensing in MSEs. We realise an indicator that easily allows anybody to understand their own risk and compare it with others. This indicator, supported by an open toolbox, makes the experience and intuitive tools available for immediate and effective risk reduction. A low-threshold and easy-to-join educational ecosystem is being established to reach and even attract attention from endangered and unprotected MSEs.
Our main achievements are elicited requirements from the use case countries and organisations, the specification of the GEIGER Framework including the GEIGER Indicator, GEIGER Toolbox, the GEIGER Cloud as well as information sharing components, and the definition of education, governance, and compliance requirements. Requirements engineering has also been supported with a public one-week requirements elicitation workshop, ‘RE CARES’ held in conjunction with the 28th IEEE International Requirements Engineering Conference. Scientific results related to the requirements engineering have been published with peer-reviewed publications.

The main technological achievements are the definition of the GEIGER Framework architecture, a minimally viable version of the GEIGER Indicator, early versions of the GEIGER Toolbox and GEIGER Cloud data repository, preliminary specifications of APIs for communication with the GEIGER Toolbox and Cloud, and adaptations of tools to be integrated into the GEIGER Toolbox.

The educational work has resulted in a competence grid specifying learning objectives at different competence levels (level 0, i.e. everyday knowledge, to level 4, i.e. expert knowledge) and related to learning scenarios. The educational curriculum (GEIGER Cybersecurity Curriculum) is interoperable thanks to its specification based on xAPI (around 200 statements), supporting the communication between the GEIGER Framework and educational tools. In terms of educational tools, prototypes of gamified learning features have been developed and tested. In terms of community-building, the education provider community has been outlined.

Regarding dissemination, we have established awareness and interest of GEIGER in ‘multiplier’ organisations, including existing networks of Education Providers, CERTs/CSIRTs, and MSE associations. For early exploitation planning, MSEs have been involved in shaping and testing a compelling value proposition of the GEIGER solution.
GEIGER develops the GEIGER Indicator, a 'Geiger Counter' for cybersecurity, which dynamically shows the level of current cyber risks for the company, and allows the user to take simple measures to lower the risk exposure significantly. This indicator will help MSEs become aware of their risks by not only consider device-related aspects but also incorporating data on the competence levels of people working in an MSE when calculating the risk score. Explanations are provided to the risk assessment with recommendations concerning data protection, data privacy, and cybersecurity. The GEIGER Indicator is part of the larger GEIGER Framework that serves as an ‘Information Sharing and Analysis Centre’ (ISAC) platform connecting small businesses, related associations, and CERTs&CSIRTs.

GEIGER also builds a standardised learning programme 'Certified Security Defeners' and a community of competent individuals and organisations that offer help to MSEs by collaborating with schools, professions, and startup hubs. The GEIGER Cybersecurity Curriculum for MSEs focuses on previously neglected – non-IT – target groups and guides pertinent policies, significantly impacting the large target group of non-IT professionals working in MSEs. Discussions in this regard with, for example, ENISA have been undertaken to exploit the curriculum. Related to technology, the 'GEIGER Framework' is taking privacy awareness to the next level and contributing to ‘privacy-by-design. The GEIGER Education Ecosystem will include the automated training recommendations for individual learners, and a set of training sequences in this regard.

GEIGER creates impact by enabling MSEs and building capacity for these MSEs in security, privacy, and data protection. With the holistic definition support of the relevant ecosystem, the GEIGER project contributes to strengthening security, privacy, and data protection as a shared responsibility. The GEIGER solution will help to reduce economic damage caused by cyber-attacks and to pave the way for a trustworthy EU digital environment.

The next project phase will increase the maturity level of GEIGER by piloting it in Switzerland, the Netherlands and Romania.
Use Case Workshop Coiffure Loredana