A few quick observations from Black Hat as the conference winds down and is succeeded by Def Con.
Mikko Hypponen, chief research officer of F-Secure, shared some thoughts on the distinctive features of cyberwar. Fifth Domain has covered Hypponen's observations, and they're worth some reflection. What distinguishes cyberwar from kinetic war is, he thinks, the fundamentally difficult nature of attribution in cyberspace. "Cyber weapons are cheap, effective, and they are deniable," Hypponen said. False flag operations are common, and attribution is usually hedged about with reservations. There may even be doubt as to whether a cyberattack has even taken place. A missile launch is an unambiguous event, but it's often unclear if an incident in cyberspace is an attack or an accident.
This problem is closely linked to another: the difficulty of establishing deterrence in cyberspace. For deterrence to work, the adversaries must have some relatively realistic appreciation of what the opposition can do, what its capabilities are. That's one reason for the Cold War traditions of military parades in Red Square, or news footage of tests on the Pacific Missile Range. Cyber capabilities are inherently more difficult to assess. You may not even know that a particular kind of attack is possible, let alone that the opposition is capable of delivering it. "We have no idea" what offensive capabilities other nations have, Hypponen said. "So what kind of deterrence do these tools build? Nothing." (As Dr. Strangelove put it, back in the heyday of nuclear deterrence, "deterrence is the art of producing fear in the mind of the enemy," but "the whole point of the doomsday machine is lost if you keep it a secret.")
Turning to specific nation-states, Hypponen singled out North Korea for particular mention in dispatches. Making all due allowance for the difficulties of attribution mentioned above, Pyongyang does things no other government attempts, like engaging in hacking for financial gain. Part of what explains North Korea's high level of activity and relative recklessness, Hypponen argues, is that the country has very little to lose, and that makes it a different kind of threat actor.
We'll have more notes from Las Vegas early next week.