“Simple things are often the most difficult.” This apparent paradox neatly describes the challenges facing computer systems and online applications developers. Haya Schulmann has confirmed it time and again in her research – and not only since becoming professor of cyber security in Goethe University’s Faculty of Computer Science and Mathematics three years ago. “Many people are impressed by complex IT systems with a lot of functions and options,” Schulmann says, even though the trick actually lies in reducing the complexity to the minimum. On the one hand, the systems have to fulfill their purpose – whether that be online gaming, managing a hospital or the EDP for a savings bank. On the other, the way they are programmed should be as simple as possible. Schulmann continues: “The more complex a system’s design, the easier it is for hackers to attack it, and the harder it is to detect and deflect attacks quickly.”
Schulmann has had a passionate interest in computer science and cyber security since her schooldays. “I had my first computer science classes as a teenager at school. From the very beginning I was fascinated by computers and algorithms,” she recalls. There was never any doubt that she would study computer science. Parallel to her Bachelor’s and Master’s degrees at Bar-Ilan University near Tel Aviv, Schulmann worked as a software developer in industry. Her research into the safety of IT systems and networks began during her doctorate.
Much more than programming
“The diverse and dynamic field of computer science fascinated me right from the beginning,” Schulmann says enthusiastically, emphasizing the fact that IT is so much more than mere programming. At its core, it is about analyzing complex questions and systems, modelling data and processes, and solving problems by applying algorithms. To Schulmann, computer science is the central scientific discipline because of its capability to address questions from any conceivable discipline or field. “What makes this even more exciting is the fact that the systems are continually evolving,” she stresses, adding that, “the same is true of the methods used in computer science. Whereas 20 years ago, people thought machine learning would be practicable only in the rarest of cases, today it has become one of the main methods in computing.” Quantum computers could develop in exactly the same way, she adds, explaining that while these are today still widely seen as exotic with little options for use, in ten or twenty years’ time, they could be just as important to computer science as machine learning is today.
Even “just” designing IT systems can prove very challenging, Schulmann says. “It gets even trickier when hackers and cybercriminals enter the fray – that is, people who are looking specifically for vulnerabilities in running IT systems, which they can exploit for their own ends.” Making a system secure involves ensuring that it contains as few faults and vulnerabilities as possible. It is equally important, however, to prepare a defense strategy right at the start, put oneself in the enemy’s shoes and ask: what could my enemies do to get round my strategy? Schulmann compares the pursuit of cyber security to a game of chess: “To win, you have to think as many moves ahead as possible and anticipate all possible developments. This way of ‘thinking like a hacker’ is the most important ability for those wanting to be successful in IT security.”
Schulmann’s chair now has more than a dozen researchers and a large number of students tackling the challenges of cyber security. They measure the Internet’s vulnerability, devise tools to help design security solutions, find weaknesses in standards and systems and help remedy them, and also elaborate new approaches and procedures.
Publishing and practice
To Schulmann it is pivotal that all this activity culminates not just in scientific publications at top-flight conferences, but that the results also be applied in practice. To that end, the team cooperates closely with leading international network and IT providers – even the U.S. president refers to works by Schulmann in his internet security strategy. To sensitize the public to the topics of cyber security, digitalization and innovation, Schulmann regularly writes guest articles for well-known newspapers. She is also a board member of the National Research Center for Applied Cybersecurity ATHENE, where she oversees three research areas. A research center of the Fraunhofer-Gesellschaft, ATHENE is Europe’s largest research center for applied cyber security. Its members include Goethe University Frankfurt and TU Darmstadt, among others.
At the same time, Schulmann enjoys her teaching activities at Goethe University, where her enthusiasm is matched by that of her students. “These young people really appreciate coming into contact with so much material that’s relevant to actual practice,” she says, adding that lectures and seminars also offer opportunities to get to know gifted students who might one day join her working group. In the medium term she would like to see cyber security be more than just a topic within computer science, but one with its own separate Master’s degree.
Stefanie Hense
