Mission IT Security

Mission IT Security

Simon Kohl studies Applied Computer Science at Lufthansa Systems. One of his practical phases led him to the CERT of the Lufthansa Group – the Computer Emergency Response Team. It fights invisible enemies such as hackers, malware and computer viruses. Simon tells us about his impressions and experiences in this interview.

Why did you decide to study Applied Computer Science at Lufthansa Systems?

I chose Applied Computer Science because I feel most comfortable with technology-related tasks and have always been fascinated by computers. Lufthansa Systems offered this course and worked together with the Cooperative State University close to my hometown. As a major employer, Lufthansa Systems offers a versatile environment in which you can get to know many technologies and specialist areas.


During one of your practical phases you were able to take a look into the IT security of the Lufthansa Group. What exactly is it about?

Practically, all larger companies have an IT security department. A central area is often a CERT, or Computer Emergency Response Team. This team consists of experts in the field of IT security and I definitely wanted to work in such an IT security department during my dual studies.


What exactly are the tasks of the IT security employees?

The tasks of the CERT staff require skills in several areas, including thinking and working like an attacker. This is necessary for so-called penetration tests which are used, for example, by software development teams. The CERT employees act like attackers and try to gain “unauthorized” access to systems with which they can steal data or exploit the systems for their own purposes. If a possibility is discovered the CERT includes it in a report that helps the department to remedy the gaps as quickly as possible. In addition, the CERT also includes current topics on the IT security of the group where the expert opinion of the employees is in demand.


That sounds interesting. Can you tell us more about the CERT?

The cooperation with other organizations is very interesting. Our CERT is in contact with CERTs from other companies and government organizations, for example in CERT alliances such as “FIRST” or “Aviation ISAC”. They share information about current threats and other topics in order to stay one step ahead of attackers – because they also share information about vulnerabilities in corporate networks. This cooperation helps the employees to keep up with the latest threats to the IT of the Lufthansa Group.


Which digital attacks are particularly critical?

One of the biggest factors is the individual employee, as simple as that sounds. Attackers send fake e-mails or pretend to be confidants to obtain passwords and data. Every employee is an important part of IT security and everyone must be aware of this. The human being is often the easiest method to start an attack, both in companies and in private life.

Something more technical are so-called zero-day exploits. These are programs that exploit bugs in software that are not yet publicly known so there is hardly any defense against them. The work of all CERTs is time-critical here. If such a zero-day exploit is discovered during an attack, it is very quickly worthless for the attackers since the attack method can be investigated by the attacked and defensive measures can be taken with this knowledge. The communication between the CERTs also helps other companies to prevent dangerous and novel attacks.



Do you have any tips on what Lufthansa employees can pay attention to in their daily work regarding IT security?

Anyone who leaves their computer should lock it in any case. A few seconds can be enough to infect an unattended computer. In addition, passwords should be unique so that a stolen password for example does not directly affect all services. When sending e-mails, you should always make sure that the sender is authentic especially if the e-mail contains links or attachments. If in doubt it is better to call the sender again or forward the e-mail to the CERT for investigation. The danger of fake e-mails is often underestimated but most malware comes from e-mails.


What impressions do you particularly remember?

I have noticed that the threats can be real and very close. Clicks on links in seemingly harmless e-mails or insecure code in our software offer attack surfaces that attackers try to use again and again. The world of IT security, especially in the defense against new attacks, is very fast moving, so there is always something new to know and learn.


Can you imagine working as an IT security specialist after your studies?

Absolutely. I wanted to get an insight into the work of IT security during my studies because a lot of things are not really what they seem to be from the outside. And I was not disappointed, and therefore IT security is an exciting topic that I want to continue to deal with in the future.