“It is urgent that we break free of this arms race”

Professor Michael Backes is the founding director and CEO of the CISPA–Helmholtz Center (i.G.) Credits: Peter Kerkrath / CISPA–Helmholtz Center (i.G.)

Professor Backes, a few days ago your research center organized the Summer of Cybersecurity event in the Congress Hall. Why are researchers so committed to engaging with the public?
At some point we came to the conclusion that we could not effectively serve the interests of citizens by holding smaller events. Members of the public kept coming to us with similar questions. Therefore, we came up with the idea to create a large-scale event, which would have workshops on everyday IT security that could really be attended by the broad public, but would also offer the possibility to address individual questions.

A few weeks ago, CISPA researchers reported a security hole that affects a manufacturer’s computer processors from the entire last decade. Is CISPA the new watchdog in terms of cybersecurity?

When we find such vulnerabilities, we immediately inform the manufacturer about them. We can thereby contribute directly to the security of products that are widely used. We have already succeeded in doing similar things often in the past, and we assume that with the growing size of the Helmholtz Center, we will be able to make correspondingly greater contributions to security.

At the same time, the Federal Office for the Protection of the Constitution warned about attacks on public television broadcasters. Can your research center also defend against such attacks in the future?

No, we still have a long way to go before the systems are really secure. Currently, the attackers are often a step ahead regarding deployed systems, so that warnings about attacks that are already underway are the best we can do. Even a good early-warning system would be a significant step forward.

What are the key challenges for the coming years?

Currently, researchers and manufacturers are in an arms race with attackers. Researchers, developers, and legislators are reacting to events on a case-by-case basis; they are driven by the exigencies and risks of current technologies and make suggestions as to how security holes can be addressed. It is urgent that we break free of this arms race. Instead, we must understand root causes, and research precise foundations for secure systems.

How does your center approach these challenges?

We consider them comprehensively and holistically. Doing this requires a critical mass of researchers, which we will have at CISPA in the future. Only in this way can we have the capability to cover the entire spectum from theoretical to empirical research on cybersecurity and the protection of privacy.

Arne Schönbohm, President of the Federal Office for Information Security, has called for the digitalization of business and society to be considered in this regard as well. How do the economy and society play into the research agenda of CISPA?

A clear goal of our research is knowledge and technology tansfer in science, the economy, and society. Our results should lead to businesses and start-ups. At the same time, we will try, as with the Summer of Cybersecurity or when providing notices about security vulnerabilities, to offer as much direct added value for society as possible. Furthermore, there are a great many research areas where the public stands directly in focus, for example on questions of intuitively usable security technologies.

Attack targets nowadays include entire countries. Is there a national solution for cybersecurity?

No. There is no universal solution for cybersecurity problems. One can minimize risks and limit the opportunities for attacks. However, in general that also limits convenience or functionality, so the user community tends to circumvent the limits in insecure ways. Moreover, I must make this very clear: at present, if an organization devotes a lot of time and money to an attack, it will usually be successful.

The research community has been working internationally for a very long time. How can the political and economic spheres benefit from this?

The internationality very clearly helps us to think outside the box. As an example, the requirements for privacy and data protection vary considerably in different countries. For that reason, we have for example drawn conclusions in Germany that would not apply everywhere. In addition, diversity and creativity help us in day-to-day collaboration; there are no limits on the ideas and solutions that can be discovered by working together. In the minds of researchers, there are no national boundaries in their daily work, just as there are none in the problems they are working on. That can in many cases apply directly to industry and collaboration in Europe as well.

This interview was conducted by Gordon Bolduan and published in the magazine “OPUS”.