Periodic Reporting for period 2 - GEIGER (Geiger Cybersecurity Counter)
Periodo di rendicontazione: 2021-06-01 al 2022-11-30
The GEIGER Horizon 2020 innovation project has developed a so-called ‘Geiger Counter’ for cybersecurity. This indicator helps SMEs & MEs (MSEs) become aware of their cybersecurity-related risks. Explanations are provided to the risk assessment with recommendations concerning data protection, data privacy, and cybersecurity. Trained ´Cybersecurity Defenders´ (CSDs) offer assistance to the MSE in implementing the recommendations, thus reducing the risks. GEIGER can dynamically show the status of existing cyber threats and it can be used from the web or installed locally on a smartphone. Small businesses can react immediately and take simple measures to significantly lower their risk level, for example, from red to green (see the middle part of Figure 1). The ‘GEIGER indicator’ is connected to a ‘GEIGER Cloud’ and linked to a ‘GEIGER Toolbox’. The ´GEIGER Framework´ serves as an ‘Information Sharing and Analysis Center’ (ISAC) platform connecting small businesses, related associations, and ‘Cybersecurity Emergency Response Teams’ and ‘Cybersecurity Incident Response Teams’ (CERTs & CSIRTs). The project has also built an ecosystem of competent individuals and organisations that offer their support to small businesses by collaborating with schools and partners to develop a standardised learning program, the ‘Certified Cybersecurity Defenders’ (CCSDs). GEIGER has been piloted in Switzerland, the Netherlands and Romania. In Switzerland, apprentices qualify as ‘Educated Cybersecurity Defenders’ at their vocational school, those wanting to be examined as CCSDs In the Netherlands, the training programs targeted accountants. In Romania, small business and start-up owners were addressed. As part of the certification, the trainees learned about cyberattacks against small businesses. They got insights about how a company can protect itself – among other things with the help of GEIGER. The CSDs will pass on their awareness of cyber risks and the knowledge of possible countermeasures to the company in or with which they work.
GEIGER Framework
All the components of the GEIGER platform have been successfully completed and integrated. In the last project months, we have continued to improve security and performance. Components such as the GEIGER Indicator, the Cloud and the Toolbox, incorporated data structures that allow them to simplify the GEIGER user journeys and the development interfaces were improved to be able to interconnect more tools in the future and thus increase the capabilities/extendibility of the GEIGER platform.
GEIGER Educational Ecosystem
The GEIGER curriculum that aims at technical and topical interoperability was fully developed. It includes three learning levels and six threat-based categories, in addition to two further categories on GEIGER-specific usage and communication about GEIGER and cybersecurity, which is also the base for the educational data exchange within the GEIGER toolbox. For this, syllabi were developed for three different target groups of the use cases Several self-regulated and synchronous learning materials adapted for the use case-specific target groups were developed and have been partially integrated into the toolbox. These materials were then tested during the GEIGER ‘Use Cases’. An online-based community platform was developed that serves as an exchange network for CSDs and Education Providers and in relation with to communities with external members . The online platform further serves as a lean access structure to a broad set of learning features and common learning materials, with a special focus on game-based learning. Proof of concept for a feasible certification and assessment scheme for GEIGER Certified Security Defenders was achieved and was implemented within the use cases based on the respective target-group specific certification schemes of the individual use cases.
Dissemination & Exploitation
Dissemination, standardisation and exploitation aimed at supporting the development of a solution for small businesses to improve their level of cybersecurity, data protection, and privacy, and bringing it to the awareness of the target market, thus contributing to the reduction of economic damage caused by harmful cyber-attacks, privacy incidents and data protection breaches, and to paving the way for a trustworthy EU digital environment benefitting all economic and social actors. To reach this impact, WP5 adopted a multidimensional strategy for its dissemination, standardisation, and exploitation activities. The core of it was to 1) build communities around the solutions to cybersecurity challenges that micro and small enterprises (MSEs) experience, and encourage a low-threshold adoption of the tools to address of these challenges; 2) harmonise the GEIGER technical framework and an education programme with third parties through standardisation; 3) contribute to the policy development with recommendations and dialogue; and to 4) establish a spin-off to assure the full exploitation of the project results.
All the components of the GEIGER platform have been successfully completed and integrated. In the last project months, we have continued to improve security and performance. Components such as the GEIGER Indicator, the Cloud and the Toolbox, incorporated data structures that allow them to simplify the GEIGER user journeys and the development interfaces were improved to be able to interconnect more tools in the future and thus increase the capabilities/extendibility of the GEIGER platform.
GEIGER Educational Ecosystem
The GEIGER curriculum that aims at technical and topical interoperability was fully developed. It includes three learning levels and six threat-based categories, in addition to two further categories on GEIGER-specific usage and communication about GEIGER and cybersecurity, which is also the base for the educational data exchange within the GEIGER toolbox. For this, syllabi were developed for three different target groups of the use cases Several self-regulated and synchronous learning materials adapted for the use case-specific target groups were developed and have been partially integrated into the toolbox. These materials were then tested during the GEIGER ‘Use Cases’. An online-based community platform was developed that serves as an exchange network for CSDs and Education Providers and in relation with to communities with external members . The online platform further serves as a lean access structure to a broad set of learning features and common learning materials, with a special focus on game-based learning. Proof of concept for a feasible certification and assessment scheme for GEIGER Certified Security Defenders was achieved and was implemented within the use cases based on the respective target-group specific certification schemes of the individual use cases.
Dissemination & Exploitation
Dissemination, standardisation and exploitation aimed at supporting the development of a solution for small businesses to improve their level of cybersecurity, data protection, and privacy, and bringing it to the awareness of the target market, thus contributing to the reduction of economic damage caused by harmful cyber-attacks, privacy incidents and data protection breaches, and to paving the way for a trustworthy EU digital environment benefitting all economic and social actors. To reach this impact, WP5 adopted a multidimensional strategy for its dissemination, standardisation, and exploitation activities. The core of it was to 1) build communities around the solutions to cybersecurity challenges that micro and small enterprises (MSEs) experience, and encourage a low-threshold adoption of the tools to address of these challenges; 2) harmonise the GEIGER technical framework and an education programme with third parties through standardisation; 3) contribute to the policy development with recommendations and dialogue; and to 4) establish a spin-off to assure the full exploitation of the project results.
MSEs Capacity-Building in Security, Privacy, and Data Protection
GEIGER laid the foundations to make MSEs better protected and become active players in the Digital Single Market, including implementing the Network and Information Security (NIS) directive3 and the application of GDPR by focussing on the ‘human factor’ with the help of the GEIGER tool. Furthermore, through the various educational features and tools, the GEIGER user community is enabled to become active users of the protection of their infrastructure and not just consumers of a product that promises to protect them.
Shared Responsibility of Security, Privacy, and Data Protection
GEIGER has contributed strengthening security, privacy, and personal data protection as shared responsibility along with all layers in the digital economy, including MSEs. The specified GEIGER ecosystem is grounded on the results of comprehensive elicitation with diverse stakeholders. Improving the situation of SMEs & MEs concerning the protection against cyber-threats and compliance with GDPR allows them better to integrate the business processes into the overall digital economy even if their goods and/or services are not directly IT-related.
Trustworthy EU Digital Environment
GEIGER contributed to pave the way for a trustworthy EU digital environment benefitting all economic and social actors. GEIGER significantly reduces the risk that owners and members of MSEs entering the digital era have due to their lack of cybersecurity knowledge. The GEIGER ecosystem, which takes a shared responsibility approach for protecting MSEs in any domain. Responsibility is shared among MSE associations, trained individuals, educators, certifiers, tool vendors, CERTs/CSIRTs, third-party data sources, and security experts. Thus, diverse economic and social actors contribute to and benefit from a trustworthy EU digital environment.
Diffusion of Security and Data Privacy Knowledge
GEIGER contributed to the diffusion of security and data privacy knowledge within the European industry incl. MSEs. The project team described cybersecurity educator and learner profiles and, in collaboration with the education work, derived requirements for the GEIGER Education Ecosystem for spreading security and privacy knowledge applicable for MSEs in the European industry.
GEIGER laid the foundations to make MSEs better protected and become active players in the Digital Single Market, including implementing the Network and Information Security (NIS) directive3 and the application of GDPR by focussing on the ‘human factor’ with the help of the GEIGER tool. Furthermore, through the various educational features and tools, the GEIGER user community is enabled to become active users of the protection of their infrastructure and not just consumers of a product that promises to protect them.
Shared Responsibility of Security, Privacy, and Data Protection
GEIGER has contributed strengthening security, privacy, and personal data protection as shared responsibility along with all layers in the digital economy, including MSEs. The specified GEIGER ecosystem is grounded on the results of comprehensive elicitation with diverse stakeholders. Improving the situation of SMEs & MEs concerning the protection against cyber-threats and compliance with GDPR allows them better to integrate the business processes into the overall digital economy even if their goods and/or services are not directly IT-related.
Trustworthy EU Digital Environment
GEIGER contributed to pave the way for a trustworthy EU digital environment benefitting all economic and social actors. GEIGER significantly reduces the risk that owners and members of MSEs entering the digital era have due to their lack of cybersecurity knowledge. The GEIGER ecosystem, which takes a shared responsibility approach for protecting MSEs in any domain. Responsibility is shared among MSE associations, trained individuals, educators, certifiers, tool vendors, CERTs/CSIRTs, third-party data sources, and security experts. Thus, diverse economic and social actors contribute to and benefit from a trustworthy EU digital environment.
Diffusion of Security and Data Privacy Knowledge
GEIGER contributed to the diffusion of security and data privacy knowledge within the European industry incl. MSEs. The project team described cybersecurity educator and learner profiles and, in collaboration with the education work, derived requirements for the GEIGER Education Ecosystem for spreading security and privacy knowledge applicable for MSEs in the European industry.