The Signature of the Drone: When Cybersecurity Becomes Counter-Warfare
There is a particular kind of career arc that reveals something about the texture of an era. Mikko Hyppönen – Finnish cybersecurity researcher, conference keynote fixture, owner of a distinctive teal suit and blonde ponytail – has spent thirty-five years fighting malware. Now he fights drones.
The shift is worth sitting with. Not because it represents a departure from his expertise, but because it illuminates a continuity that most observers miss. The same logic that once governed the detection of computer viruses now governs the detection of unmanned aerial vehicles. The signature – that forensic fingerprint of malicious code – has migrated from software to radio frequency. The battlefield has expanded from the screen to the sky.
The Tetris Problem
At Black Hat in Las Vegas in 2025, Hyppönen offered an analogy that deserves attention. He called cybersecurity work cybersecurity Tetris. When a line is completed – when a threat is neutralized – it vanishes. The successes disappear. The failures pile up.
The challenge we face as cybersecurity people is that our work is invisible. When you do your job perfectly, the end result is that nothing happens.
Mikko Hyppönen
This is the phenomenology of defensive work. It produces absence rather than presence. The artifact of success is the non-event. For anyone building systems that protect rather than produce, this observation carries weight. It describes a labor that resists visibility, that cannot easily be photographed or celebrated, that exists primarily as prevention.
And yet Hyppönen's work has been anything but invisible. He was among the first to analyze the ILOVEYOU virus in 2000 – a wormable piece of malware that arrived as a love letter and infected over ten million Windows computers worldwide. He has analyzed thousands of different kinds of malware since the late 1980s, when the term itself was still far from everyday parlance. Back then, the vocabulary was "virus" and "trojan." The internet was something few people had access to. Some viruses spread via floppy disk.
What Changed
The malware landscape has transformed completely. As Hyppönen puts it: The age of viruses is firmly behind us.
No one develops malware as a hobby anymore. Self-replicating code is practically a guarantee of detection. The exceptions – WannaCry in 2017, NotPetya later that year – were state-sponsored operations, not hobbyist experiments. Today, malware is almost exclusively the domain of cybercriminals, government-backed spies, and mercenary spyware makers who develop exploits for surveillance and espionage.
The cybersecurity industry, meanwhile, has professionalized dramatically. It is now estimated to be worth $250 billion. Defenders went from giving away software for free to building paid services and products. An iPhone, Hyppönen argues, is now an extremely secure device. When the tools to hack it cost six figures or even millions of dollars, only highly resourced actors – governments, primarily – can afford them. For consumers, this represents a genuine victory.
But the cybersecurity aspects of drone warfare remain almost uncharted territory.
The Border, Two Hours Away
Hyppönen lives approximately two hours from Finland's border with Russia. His two grandfathers fought the Russians. He serves in the Finnish military reserves.
I can't tell you what I do, but I can tell you that they don't give me a rifle because I'm much more destructive with a keyboard.
Mikko Hyppönen
The war in Ukraine has made the stakes visceral. The majority of deaths in that conflict have reportedly come from unmanned aerial attacks. Drones are not a theoretical concern for someone living within striking distance of an increasingly hostile neighbor.
In mid-2025, Hyppönen became chief research officer at Sensofusion, a Helsinki-based company developing anti-drone systems for law enforcement agencies and the military. The pivot might seem dramatic – from fighting code to fighting machines. But the underlying logic is remarkably consistent.
The Signature Migrates
To fight malware, cybersecurity companies developed mechanisms called signatures – patterns that identify what is malicious and what is not. Detection, then blocking. The same principle applies to drones.
We detect the protocol from there and build up signatures for detecting unknown drones.
Mikko Hyppönen
Defenses involve building systems that can locate and jam radio drones by recognizing the frequencies used to control them. If the protocol and frequencies are detected, cyberattacks against the drone become possible. The system can be made to malfunction. The drone can be crashed.
The IQ sample – a recording of a drone's radio frequencies – functions like a malware signature. It is a forensic artifact, a fingerprint, a way of distinguishing threat from background noise. The conceptual architecture is identical. Only the medium has changed.
We're on the side of humans against machines, which sounds a little bit like science fiction, but that's very concretely what we do.
Mikko Hyppönen
What This Means for Europe
For policymakers, public sector technologists, and governance scholars, Hyppönen's trajectory offers a diagnostic lens. The skills developed over decades of fighting digital threats are now being applied to kinetic ones. The expertise is transferable. The threat landscape is converging.
This has implications for how Europe thinks about defense technology, dual-use research, and the relationship between cybersecurity and physical security. The same researchers who once protected networks may now protect airspace. The same detection logic that identified malicious code may now identify hostile drones.
Finland, with its long border with Russia and its deep cybersecurity expertise, is positioned at the intersection of these concerns. Helsinki-based companies like Sensofusion represent a particular kind of European response: technically sophisticated, defense-oriented, and rooted in decades of accumulated knowledge about adversarial systems.
The question is whether this expertise can scale – whether the lessons learned from fighting malware can be systematized and applied to the emerging challenges of autonomous warfare. The signature, after all, is only useful if the system can recognize it in time.
The Invisible Work Continues
There is something poignant about Hyppönen's observation that cybersecurity work is invisible. The same will likely be true of counter-drone work. When the system functions perfectly, nothing happens. The drone does not reach its target. The attack does not occur. The success is an absence.
But the absence is not nothing. It is the result of decades of accumulated expertise, of signatures built and protocols detected, of systems designed to recognize threats before they materialize. The artifact remembers what the discourse forgets.
For those building the systems that will shape European security in the coming decades, this is the work: making the invisible visible, or at least making it count. The question of how to defend against autonomous threats – whether digital or kinetic – is not merely technical. It is cultural, political, and deeply human.
That conversation is happening now, in Helsinki and Berlin and Vienna. On May 19, Human x AI Europe brings together the founders, investors, policymakers, and builders working on exactly these questions. The signature of the moment is being written. The question is who will read it.
Frequently Asked Questions
Q: Who is Mikko Hyppönen and why is his career shift significant?
A: Mikko Hyppönen is a Finnish cybersecurity researcher with over 35 years of experience fighting malware, including being among the first to analyze the ILOVEYOU virus in 2000. His shift to counter-drone technology at Sensofusion in mid-2025 demonstrates how cybersecurity expertise is now being applied to physical defense systems.
Q: How does anti-drone technology relate to traditional cybersecurity?
A: Both fields rely on signature-based detection. Just as cybersecurity uses signatures to identify malware, anti-drone systems use IQ samples – recordings of radio frequencies – to detect and identify hostile drones. The same detection-and-blocking logic applies to both domains.
Q: What is Sensofusion and what does it do?
A: Sensofusion is a Helsinki-based company that develops anti-drone systems for law enforcement agencies and the military. The company builds systems that locate and jam drones by recognizing the radio frequencies used to control them.
Q: Why is Finland particularly relevant to counter-drone technology development?
A: Finland shares a border with Russia approximately two hours from where Hyppönen lives. The war in Ukraine, where the majority of deaths have reportedly come from unmanned aerial attacks, has made drone defense an urgent concern for countries near Russia.
Q: What does "cybersecurity Tetris" mean?
A: Hyppönen coined this term to describe how defensive cybersecurity work is invisible – when threats are successfully neutralized, they disappear like completed Tetris lines. Successes vanish while failures accumulate, making the value of defensive work difficult to demonstrate.
Q: How large is the cybersecurity industry today?
A: The cybersecurity industry is estimated to be worth $250 billion. This professionalization has made consumer devices like iPhones extremely secure, with exploits now costing six figures or millions of dollars – effectively limiting their use to highly resourced actors like governments.