“We research every aspect of information security”
Helmholtz has a new member. We spoke to Michael Backes, the director of the Helmholtz Center for Information Security, about computer viruses, autonomous driving, patient data—and how to attract employees from Silicon Valley to the state of Saarland in southwestern Germany.
What research areas does the Helmholtz Center for Information Security address?
We research every aspect of information security. In comparison to the other Helmholtz Centers, our research area is rather narrow. But the benefit of this is that we can really cover every aspect of the subject. One important area we look at is the safety of autonomous systems, and autonomous driving and robotics figure largely here. Data protection and confidential processing of data are another important topic. One area we are currently looking at very closely is the security of medical data and appropriate ways of processing it. But we also do a lot of work with respect to detecting and warding off attacks.
Are you referring to the typical game of “cat and mouse” between computer viruses and anti-virus programs?
That’s exactly what we would like to move away from—the principle of virus scanners that detect and provide protection against a list of known attacks. It’s much better to design the systems in such a way that they make general attacks impossible. That’s the type of thing we work on. And when you get to the point where human lives are at stake—as is the case with autonomous driving, for example—the software has to be reliable enough to ensure safety.
What exactly are data protection and data processing about?
That’s one of the Center’s key focal points. The question is, how can we process data in a highly efficient way so it yields meaningful information without impacting the rights of individuals? This is incredibly important in the medical context in particular. If, for example, thousands of people provide their data during studies, we naturally have to ensure that it isn’t used to reveal who has what illness.
What do you think are the greatest threats in the field of cybersecurity?
There are many of them. One major area is industrial espionage, which involves numerous coordinated attacks that aim to steal a company’s trade secrets. Another key area is attacks directed at democratic processes, which are increasing all the time. They include attacks against systems as well as disinformation and fake news. The focus here is on detecting false information and assessing the credibility of information. We carry out research in this area as well.
And how do you do that?
There are a number of possible ways. For example, you can base your work on existing facts. In that case, you need a database of the information, which enables you to make comparisons. It’s more difficult to recognize disinformation based on specific patterns. When millions of bots repeat something over and over, this creates recognizable patterns. But what you actually need to understand is whether a piece of information is an original version or a duplicate. It ultimately comes down to semantic recognition. And this is one of the many versions that are used here.
Apart from basic financial support, what advantages will the Center gain from its integration into Helmholtz?
I already mentioned our research in the healthcare field. We naturally benefit from our cooperation with the Helmholtz Centers in this area because, for example, it lets us work with real, concrete data and cases.
Are any specific research projects underway yet?
Yes, we sat down with the researchers from the German Center for Neurodegenerative Diseases (DZNE) and asked ourselves, what are the biggest issues in the field of data management and data security? And we have already established our own virtual center, the Helmholtz Medical Security and Privacy Research Center, as a result of this discussion. The idea here is that we can work with real case studies and volumes of data in order to evaluate and validate our applications and methods. We then work together to develop concepts, methods, algorithms, and tools that the DZNE can use to carry out its research projects and studies securely and perhaps more efficiently as well.
You are a native of Saarland, and it’s likely that pursuing a career elsewhere—including abroad—would have been an option for you as well. So why did you stay in Saarland?
Saarland is an incredibly beautiful German state with an extremely high quality of life and a relatively low cost of living. But that’s not enough on its own, of course. The information technology we have in Saarland was and is fantastic. It has always been among the best in Europe, and over the last twelve years, Saarland has had the only cluster of excellence in the field of information technology.
What do you attribute that to?
It has evolved from a strong tradition in the field. Saarland University was one of the first to establish information technology as a dedicated subject separate from mathematics. And this was backed up by outstanding appointments. The best people in the world—including from the US—came to Saarland. And they showed immense foresight in how they established structures here. This was also the reason that I accepted the position at Saarbrücken 15 years ago. It wasn’t because this is my home—although that was a nice bonus—but rather because globally it was the place to be.
Research in the field of cybersecurity is very focused on applications. Are there any spin-offs and outcomes from this?
We’ve always had spin-offs in mind as well, though they have never been our primary focus. But that’s set to change dramatically with our integration into Helmholtz. We are currently planning to found our own spin-off campus together with the state of Saarland. But there are some applications you may be using already without even knowing it. For example, parts of our analysis software are used to examine all the apps in the Google Play store for security issues around the clock.
The people who work for you definitely wouldn’t have any problem finding jobs that paid better in the business sector. What can you offer them?
There is no way we can compete with those kinds of salaries. The people for whom that is a priority don’t end up working here, and we don’t want them to, either. We are seen as an extremely prestigious institution at the international level, so we have a high profile in the community. The working conditions here are unique—there’s a strong focus on cooperation and flat hierarchies. Plus, there’s the fact that Saarland is a fantastic place to live. In Silicon Valley, you pay half your salary for a one-bedroom apartment, and it takes an hour to drive to work. Here, you can rent a really spacious home right around the corner for a quarter of your salary. But the key factor is that our Center is probably the best place in the world when it comes to interest-driven research in this field that offers scientists fulfilling careers.
The Helmholtz Center for Information Security (CISPA)
The Center for IT-Security, Privacy, and Accountability (CISPA) was founded in Saarbrücken in 2011 with project financing from the German Federal Government and was converted into the CISPA – Helmholtz-Zentrum i.G. GmbH at the end of 2017. Pursuant to a September 2018 resolution by the Assembly of Members of the Helmholtz Association, it was then incorporated into the research organization on January 1, 2019. Some 200 outstanding researchers now work there, and the Center is expected to have up to 800 employees when it is running at full capacity by 2026 or so.