Community Building

Mansfeld-Südharz, Germany - November 2, 2025

Turning fire-brigade drills into block-party habits: a field manual from rural Saxony-Anhalt

The most important cyber-security conversation in this county last week happened in a candle-lit pub cellar that used to shelter anti-aircraft spotters during the 1944 air raids. No slides, no laptops, just a retired chemical-plant foreman explaining to a room of bakers, librarians and riding-instructors why the same reflex that once checked for phosphorus leaks now needs to check for phishing links. The gathering was billed as a “digital-resilience round-table,” but it felt more like a parish council discussing a suspicious smell: everyone had smelled something, no one wanted to be the alarmist, and the only way to solve it was to agree on a common nose. That agreement, formalised the next morning as the county’s first Digital-Resilience Charter, is the smallest unit of the Alliance’s society programme—an attempt to treat cyber hygiene not as an IT upgrade but as civic infrastructure, as ordinary as waste separation or speed limits.

The programme starts with the simplest of observations: resilience is already a local sport. When the Mulde river bursts its banks, neighbours fill sandbags without asking who owns the riverbank; when a snowstorm blacks out power, farmers reroute milk tankers before the grid operator finishes its press release. The only reason the same muscles fail during a ransomware incident is that the trigger is invisible and the language sounds foreign. So the Alliance designed a translation layer that swaps packets for parcels, malware for mould, botnets for burglary. The metaphor is stretched deliberately thin—people understand burglary—so that when we describe multi-factor authentication as “a second lock on the front door,” no one feels patronised and no one needs a certification to participate. The first test came in September, when a fake voicemail claiming to be from the local tax office hit 400 mailboxes. Within forty-five minutes, three different grandmothers had walked into the citizen office holding printed copies of the message, asking if “this is the burglary we talked about.” The office had not issued an alert yet; the community had self-alerted, which is exactly the feedback loop the programme is designed to create.

To keep the loop running without turning citizens into unpaid sysadmins, the Alliance borrows the civil-protection playbook. Each town receives a “digital-storm card,” a laminated A4 sheet that fits into the same plastic sleeve as the civil-defence flood map. One side shows the 24-hour incident hotline; the other side lists three colour levels—green for hoaxes, amber for data theft, red for infrastructure control loss—and the single action expected at each level: green means forward the message, amber means unplug the red cable at the back of the router, red means call the shared SOC and await the volunteer rapid-response team. The card is distributed by the same volunteers who hand out smoke-detector batteries every spring, so cyber hygiene piggybacks on trust that already exists. No software is installed, no password is requested; the only artefact is a fridge magnet with the same hotline number. After six months, 62 % of households in the pilot town of Zerbst can correctly recite the three colours, a recall rate higher than the national average for the emergency phone number, proving that simplicity beats sophistication when attention is the scarce resource.

The magnet is only the gateway drug. The deeper layer is a volunteer corps modelled on the volunteer fire brigade that still protects every village in the county. Interested residents—retirees, students, IT staff from nearby factories—receive twenty hours of training spread over five evenings, covering basic forensics, evidence preservation and the legal boundary between observation and vigilantism. Graduates are not asked to penetrate systems; they are asked to observe and to witness. If a neighbour’s screen suddenly displays a Bitcoin ransom note, the volunteer’s job is to photograph the screen, pull the power cord and file a timestamped report through a simple web form that feeds the shared SOC. The report is automatically tagged with the neighbour’s consent, so the SOC can initiate remote triage without violating GDPR. In its first quarter the corps filed 312 reports, of which 47 revealed genuine infections that were remediated before lateral movement occurred. The volunteers received no payment beyond a community barbecue and a thank-you pin shaped like a pixelated shield, yet the retention rate after twelve months is 94 %, higher than most corporate security-awareness programmes that pay participants in gift cards.

"Resilience becomes folk knowledge when it travels like a sourdough recipe rather than a software licence."

Cultural sustainability is baked into the same formula. Every quarter, the Alliance hosts a “digital flea market” in the Bauhaus-style lobby of the Dessau theatre, where residents bring deprecated smartphones, dusty routers or mysterious USB sticks they found in the parking lot. A technician dismantles the device on stage while a moderator explains what a flash chip is, why it retains data even without power, and how to render it useless with a household drill. The event feels like a cross between antique roadshow and therapy session: people leave not only with empty hands but with the cathartic certainty that the past cannot spy on them. The last flea market collected 487 devices in three hours; the shredded material was smelted into a 120-kilogram aluminium ingot that now sits outside the county library engraved with the words “Past Secured.” Visitors touch it instinctively, turning an abstract concept into cold metal—an artefact of resilience more persuasive than any slide deck.

Even sceptics are folded into the fabric rather than lectured into submission. The county’s hunting association initially dismissed cyber exercises as “city games” until we proposed a joint drill: during the annual driven hunt, volunteers would simulate a ransomware attack on the radio relays used to coordinate beaters. The hunters’ pride in their analogue discipline made them perfect adversaries; they agreed to participate only if they could keep their radios but add a layer of encrypted backup. The drill ended with the hunters successfully switching to the backup channel while the SOC traced the mock intrusion, and the club president now opens every meeting with a five-minute “digital weather report” downloaded from the Alliance dashboard. The moral is not that hunters became geeks; it is that resilience travelled along an existing social bond rather than forcing a new one.

Measurement is deliberately low-tech. Instead of phishing-simulation click rates, we track community rituals: how many storm cards are visible on kitchen fridges, how many volunteers show up for barbecue, how many schools request the flea-market roadshow. The target for 2027 is modest—80 % of households recall the three colour levels, 500 active volunteers, 20 towns hosting flea markets—but the metric is continuity, not perfection. If the aluminium ingot needs to be recast every year because new devices keep arriving, that is success; if the drill is cancelled because no one can find a mutually free evening, that is failure. The goal is to normalise cyber hygiene until it feels like brushing teeth: you do not boast about it, you just notice when someone else has bad breath.

The long-term vision is to export the ritual, not the software. Next spring we will publish a “community-resilience canvas” under Creative Commons: a single PDF that any parish, island or city district can print, annotate and return to us for peer review. The canvas contains no proprietary tooling; it is simply a sequence of social prompts—who hands out the cards, who hosts the barbecue, who keeps the spare magnet stock—because those are the parts that scale. If a Lithuanian village downloads the canvas and never contacts us again, we still count the experiment as victory: resilience has become folk knowledge, passed along like a recipe for sourdough rather than a subscription to a platform. When that happens, the cyber equivalent of the neighbourhood watch will no longer need a brand name; it will simply be how communities behave when they smell smoke, digital or otherwise.

The Cyber Resilience Alliance is a public-private partnership established 2025, led by CypSec, Validato and the County of Mansfeld-Südharz. The Alliance operates a sovereign private-cloud security stack, a shared SOC and an cyber academy, aiming to make Mansfeld-Südharz the reference site for rural cyber resilience by 2030.

Media Contact: Daria Fediay, Chief Executive Officer at CypSec - daria.fediay@cypsec.de.