„If you want to be successful in Germany in IT security, you cannot ignore ruhrvalley.“

Interview with Professor Dr. Christian Dietrich, Endowed Professorship secunet Networks AG

Since his master’s degree in computer science Professor Dr. Christian Dietrich has been analysing Malware commonly known as computer viruses. Since 2017 he has held the professorship endowed by secunet Security Networks AG at the Institute for Internet Security of the Westphalian University of Applied Sciences in Gelsenkirchen. In the interview with ruhrvalley Management Office (MMO) he talks about Internet security and about working in the transdisciplinary research and innovation network ruhrvalley.

Picture of Professor Dr. Christian Dietrich

ruhrvalley MMO: Please give us a brief outline of the path that brought you to ruhrvalley.

Dietrich: After successfully completing my master’s degree in computer science, I felt particularly attracted by the analysis of malware, or computer viruses. As I worked on my dissertation in Professor Dr. Felix Freiling’s group, I concentrated on the analysis of malware and developed methods to recognise botnets. After obtaining my doctorate, I worked as a threat intelligence analyst for the American start-up CrowdStrike analysing malware in the context of targeted attacks, or advanced persistent threads and espionage cases. CrowdStrike is currently a leader in the analysis and attribution of targeted attacks. As always, malware analysis is an important topic of research for me, also in my role as professor at the Institute for Internet Security. I am interested in new trends, such as malware the targets the Internet of Things (IoT), and in the special challenges that analysis poses.

ruhrvalley MMO: Why is Internet security becoming more and more important (to you)?

Dietrich: Solving cybercrimes is becoming more and more important because of the growing digitalisation in society. Among the latest occurrences were the weeks-long IT shutdown of Giessen University, the attacks against the municipality in Frankfurt or against the Court of Appeals in Berlin, and these show our vulnerability to sophisticated malware. The connection of critical infrastructure, especially in the context of the energy transition, will create great potential for attacks. The importance of digital-forensic analysis of malware is growing, especially for purposes of attribution.

ruhrvalley MMO: What makes ruhrvalley so especial for your work?

Dietrich: If you want to be successful in Germany in IT security, you cannot ignore ruhrvalley. The Westphalian University of Applied Sciences has had a master programme specialising in Internet security for the last 10 years, and together with the Ruhr University Bochum, has established itself in the area if education and IT security topics. We cannot forget the numerous start-ups, which started as spin-offs from the universities, and are responsible for a blooming IT security economy. In the area of malware analysis, the Ruhr region has to important players to show: VMRay GmbH and G Data Cyberdefense AG. The interconnection of the university landscape in ruhrvalley is a factor that also stands out.

ruhrvalley MMO: Currently, where do you see the biggest challenges in the area of Internet security and, in your opinion, how can these be solved?

Dietrich: Malware is playing the main role in more and more areas, as seen from the attackers’ perspective. Whether ransom demands, espionage or sabotage, the attackers always use sophisticated malware to achieve their targets. The growth potential of the Internet of Things will not go unnoticed for malware. So-called IoT malware has proved its relevance, at least since 2016, when the Mirai botnet caused extensive failures to internet and telecommunications providers. Growing digitalisation and interconnection of the IoT will make this are more and more attractive for malware-based attacks. That is the reason why I have made malware analysis, and more specifically, IoT malware analysis, one of the core areas of my research. Targeted attacks in politics or the private economy are also very interesting and, in my opinion, deserve to become topics of research.

Unlike the flexibility of an American start-up, it always strikes me that beside the actual challenge, the German bureaucracy and the lack of support for applied research present enormous obstacles. Complex grant applications, waiting times of a year or more for application reviews, too much competition and the bureaucratic payment terms limit the activities of motivated researchers, companies and users. In this respect, we need more US spirit in Germany.