Jan Kallberg, Ph.D. – Claims, Ideas, and Concepts




We tend to see vulnerabilities and concerns about cyber threats to critical infrastructure from our own viewpoint. But an adversary will assess where and how a cyberattack according to their strategy. I am not convinced attacks on critical infrastructure, in general, have the payoff that an adversary seeks. An adversary has limited capabilities and needs to prioritize cyber targets. Trying to see what options, opportunities, and directions an adversary might take requires we change our point of view to the adversary’s outlook. One of my primary concerns is pinpointed cyber-attacks disrupting and delaying the movement of U.S. forces to theater (fort-to-port).

A transportation delay to ports of entry will also give more time for the adversary to attack the sealift at sea and the units from the port of debarkation to the operational area. The distance from Hamburg and Amsterdam to Eastern Poland is equal to the distance between New York City and Chicago. Any delay for the U.S. forces leaving the continental United States and heading to a European theater gives more time for the adversary to disrupt transportation within Europe through a mix of cyber, special forces, and standoff weaponry. An adversary that is convinced before a conflict that it can significantly delay the arrival of U.S. units from the continental U.S. to a theater will do a different assessment of the risks of a fait accompli attack. The adversary would likely use cyber to achieve the intended delay of U.S. forces moving towards ports of embarkation.

The Joint Operating Environment 2035 predicts that for the foreseeable future, U.S. national interests will face challenges from both persistent disorders and states contesting international norms. One of these outfalls could be “accompli” attacks from near-peer and peer states to exploit disorder, challenge international norms, and enjoy a quick advance with a limited resistance that cannot be realistically reversed. The rapid attack could establish territorial gains requiring a large-scale land war to liberate—with the imminent threat of an escalation to nuclear war—and the potentially massive cost in life, pain, and devastation to reverse the attacker’s gains could be used to get negotiation leverage for the attacker in a final peace settlement. The attacker could also escalate the conflict once its territorial objectives are reached by declaring that a counteroffensive by the North Atlantic Treaty Organization (NATO) could face a tactical nuclear response, practically denying the Alliance the option to free the occupied territory with conventional military means.

Kallberg, Jan E., Stephen S. Hamilton, and Matthew G. Sherburne. “Electronic Warfare in the Suwalki Gap: Facing the Russian “Accompli Attack”.” National Defense University Press (2020) (download) and related regarding the Fort-to-Port concept where cyber is used to delay units in the continental U.S. to theater; Kallberg, Jan. “After a cyberattack, the waiting is the hardest part.” Fifth domain (2019) (link).


The Second Amendment protection includes cyber arms mainly for two reason – the hacking tools are of military grade and considered to be arms. The Founding Fathers saw the Second Amendment, and gun rights, as a foundation for a self-defense militia of able citizens equipped with arms of military value. Therefore, digital gun rights becomes evident. The legal framework that protects specific guns by the Second Amendment will also apply to a range of cyber tools.

In the future, the United States government can seek to limit the ownership of cyber weapons. The question is whether the Second Amendment to the United States Constitution gives a right to bear and own military-grade cyber weapons. The dual-use nature of cyber arms undermines the government’s argument on this point. Kallberg, Jan. “The Second Amendment and Cyber Weapons: Constitutional Relevance of Digital Gun Rights.” IEEE Technology and Society Magazine 38, no. 2 (2019): 71-77.


Reaching Cyber Space Superiority is Simplest to Execute by Accelerating the Engagement beyond the Adversary’s Comprehension – and through the Comprehension Barrier to enter the Zero Domain – an uncontested Battle Space.

It is questionable and even unlikely that cyber supremacy could be reached by overwhelming capabilities manifested by stacking more technical capacity and adding attack vectors. The alternative is to use time as the vehicle to supremacy by accelerating the engagements’ velocity beyond the enemy’s ability to target and precisely execute and comprehend the events as they unfold. The space created beyond the adversary’s comprehension is called the Zero Domain. Military strategists traditionally see the battle space as land, sea, air, space, and cyber domains. When fighting a battle beyond the adversary’s comprehension, the conflict occurs in the Zero Domain, not in a traditional warfighting domain. See Kallberg, Jan. “Supremacy by Accelerated Warfare through the Comprehension Barrier and Beyond: Reaching the Zero Domain and Cyberspace Singularity.” Cyber Defense Review vol.3 issue 3 (Fall 2018) (download).


The unfitness of traditional military thinking in cyber is a result of not addressing the unique tenets of cyber – lack of object permance, limited measurement of effectiveness, the rapid execution, and the anonymity.

Comprehensive theories of conflict in the cyber world have not yet been developed, but the utilization of traditional military strategy and operational concepts in lieu of existing strategies in this realm can mislead, resulting in spurious assessments and unfavorable outcomes. Four tenets of the cyber world present profound challenges for the application of traditional military strategies in cyber conflicts. The cyber-world is characterized by the following: 1) a lack of object permanence, which undermines the concept of maneuver; 2) limited or absent measurement of effectiveness in offensive cyber; 3) conflicts that are executed at computational speed, thus removing the time window for meaningful strategic leadership; and 4) anonymity, which makes the parties to the conflict unknown. As a result, the use of traditional military thinking and path-dependent behavior in cyber is likely to lead to incorrect conclusions regarding strategic achievements and abilities in the pre-conflict stage, and increase the risk of strategic failure during conflict and provide an opportunity for an adversary’s strategic surprise. Kallberg, Jan, and Thomas S. Cook. 2017. The unfitness of traditional military thinking in cyber. IEEE Access (download).


The Red Queen's race, Improving Data Quality, Dr. Hauke Bartsch ...

This article challenges the common perception that cyberattacks are per default bad and dangerous, and instead argues that cyberattacks carry information vital for the refinement and evolution of the targeted state. The targeted state use the information from the attacks  to consolidate its cyberdefense posture. Since the dawn of the common Internet, the fear of cyberattacks has been the focal point for the cybersecurity discourse. Cyberattacks carry the seeds for technological development and evolution that drive the ability to go from prey to predator in future cyberwar.

The militarized and contested Internet with a multitude of state-sponsored cyberattacks can generate an evolutionary process when the targeted nation is strengthened by the abundance of information it receives from the attacks. When the targeted nation restrains from retaliating against the attacking adversarial state its systems are perfected, meanwhile, the attacking state is denied the feedback needed to stay current and pose a long-term threat. The targeted nation has increased its potential to go from prey to predator, when the accrued knowledge far exceeds the attacker, and the game has changed. The targeted nation can then strike back far superior on the initial attacker compared to the initial attacker’s first moves. In contrast to the Red Queen hypothesis, our Restrained Red Queen model illustrates the adaptive advantage of a targeted nation that decides to selectively counterstrike its aggressor. The reticent targeted nation has benefited from restraining to counter-strike and increases its own survivability by embracing the initial attacks
as information that can be converted to superiority over time. This article was written with Dr. Rosemary Burk. Burk, Rosemary A., and Jan Kallberg. “Bring on the Cyber Attacks–The increased predatory power of the restrained red queen in a nation-state cyber conflict.” The Cyber Defense Review 1, no. 2 (2016): 61-72 (download).


Humanitarian cyber operations following the responsibility to protect doctrine in international law allows democracies to utilize cyber operations to trespass the national Sovereignty of a rogue state based on the obligation to protect the victims of the regime. Humanitarian cyber operations can act as a deterrent against atrocities, and if it happens, collect evidence for future international prosecution. This avenue to legally penetrate any authoritarian repressive regimes’ networks is a positive development as it increase the ability to protect other humans.

Military cyber capacity, built to be a part of military operations, can be utilized for humanitarian operations utilizing the legal framework of responsibility to protect. The responsibility to protect doctrine will allow concerned states to interfere in the domestic affairs of foreign nations that jeopardize the welfare of its citizenry, and the humanitarian operations are not considered acts of war. In principle, cyber can be utilized to protect humanity in the same way as military transportation ships can transport aid to a humanitarian catastrophe. “Humanitarian Cyber Operations: Rapid Response to Crimes against Humanity Utilizing Offensive Cyber Ability.” IEEE Technology and Society Magazine 35, no. 3 (2016): 81-85 (link).


The utility of strategic cyber operations is contingent on the institutional stability of the targeted society. A larger cyberwar campaign that does not destabilize the targeted society is a failed campaign. If an adversarial society is unaffected by a cyber conflict, the conflict itself has not reached a decisive outcome, and results in a tit-for-tat game or stalemate.

This framework will change the way nations view cyber. It is no longer an enabler for joint operations, but instead a strategic option to confront adversarial societies. The current alternative to strategic cyberwar theory is to unsystematically attack the adversary with cyber-attacks where exploitation opportunities occur, which is likely to degrade parts of the information infrastructure but will not attain any strategic goals. If an adversarial society is unaffected by a cyber conflict, the conflict itself has not reached a decisive outcome and results in a tit-for-tat game or stalemate. The decisive outcomes must lead to policy change as part or full submission to foreign will by the targeted society. The decisive cyber outcome is either reached by removing military capacity through cyber attacks or destabilization of the targeted society. The removal of military capacity is likely temporary, followed by software coding to close these limited vulnerabilities, compared to a societal destabilization that jeopardizes the regime. In strategic cyberwar theory, attacking the adversarial nation’s institutional framework will result in destabilization. If a nation is destabilized, it can be subdued to foreign will, and the ability for the current regime to execute their strategy evaporates due to loss of internal authority. The theory’s predictive power is strongest when applied to target theocracies, authoritarian regimes, and dysfunctional experimental democracies, and their common tenet of weak institutions. “Strategic Cyberwar Theory – A Foundation for Designing Decisive Strategic Cyber Operations” in The Cyber Defense Review Vol. 1, No. 1 (SPRING 2016), pp. 113-128 (16 pages) (download).


In earlier studies of cyberwar, the focus was on disruptions in a technical or military capacity and the damage was contained in the technology system. In these scenarios, the factual long-term damage is limited. For an adversary seeking to affect U.S. policy, current vulnerabilities in our industrial control systems are an inviting opportunity. Their targeting could have significant long-term political and societal impacts—fear, uncertainty, and public pressure on political leadership if environmental damage occurs. The effects of COVID-19 validates the impacts of environmental targeting for rogue actors.

I and Dr. Rosemary Burk introduced the concept of environmental damage as a result of a cyberattack leading to societal instability and loss of the government legitimacy, control, and the citizenry’s confidence in the public enterprise. The adversary’s targeting could have significant societal impacts—fear, uncertainty, and public pressure on political leadership if environmental damage occurs. We have seen in 2020 during COVID-19 that threats to our near environment (pandemic, contaminated water, pollution, toxic releases) create significant uproar and challenges for government. It is natural. All humans want to be safe.  Attacking industrial control systems to damage the environment is a grave act of war. However, as long as attribution is unknown and there is no punitive mechanism in place, the prohibitions against such acts in international law are at the attacker’s discretion to recognize. Today, there are limited options, if any, to enforce accountability for cyberattacks through international law. In earlier studies of cyberwar, the focus was on disruptions in a technical or military capacity and the resilience to operate in a degraded environment. Kallberg, Jan, and Rosemary A. Burk. “Failed Cyberdefense: The Environmental Consequences of Hostile Acts.” (Download) Military Review 94, no. 3 (2014): 22 and Kallberg, Jan, Rosemary A. Burk, (Download), a chapter in “Conflict and Cooperation in Cyberspace-The Challenge to National Security in Cyberspace” edited by P. A. Yannakogeorgos, and A. B. Lowther.


The developing countries weak cyber security measures is an opportunity for offensive cyber operations through proxies without their consent.

The growth of the African Internet and services related to the Internet has been rapid over the last decade. Following this market expansion, a variety of service providers have started to provide access. A fast-growing market put pressure on the providers to deliver services first and only then seek to secure the networks, which is natural in an emerging business landscape. The massive buildup of IT infrastructure with limited security in place in an opportunity for potential adversaries that seek to attack vital interests through proxies to avoid attribution and repercussions. I wrote about the issue in African Security Review. See Kallberg, Jan, and Steven Rowlen. “African nations as proxies in covert cyber operations.” African Security Review 23, no. 3 (2014): 307-311.

The entry of state-actors transform the Internet to a contested space with far more well-financed threats and strategic-systematic approaches. A few nation states have started leveraging the Internet for geopolitical state gains. Using the development of the battle tank as an analogy, the authors explore the Internet’s militarization. The technology used is old, but the ideas are revolutionary.

Militarizing the Internet didn’t require new technology or networking capabilities; rather, it required rethinking how the Internet application layer could be used for political or military gains. A state actor seeking an advantage over another state might attack the core industrial backbone of a targeted country in the hopes of creating havoc in the transportation and communication infrastructure. For the traditional threat, cybercriminals, this would be a pointless operation, which is why we now must quickly change how we view, design, create and maintain information security and protect our assets connected to cyberspace. A militarized Internet and the potential for intelligence and economic espionage, which could destabilize adversarial states, radically change the fundamentals for cyberspace security. State actors could exploit weaknesses in national infrastructures and information systems as well as exploit the public’s heavy reliance on the Internet. See Kallberg, Jan, and Bhavani Thuraisingham. “State Actors’ Offensive Cyberoperations: The Disruptive Power of Systematic Cyberattacks.” IT Professional 15, no. 3 (2013): 32-35.


The effectiveness and utility of strategic cyber campaigns are dependent on the institutional stability of the targeted society.

I started to think along these lines in 2010 and by 2012 I wrote a white paper for AFOSR that was invited to a full proposal. Not every nation is alike. The institutional stability determines when a strategic cyber campaign will have a direct impact on regime stability – and be strategically successful. It can be flipped – e contrario – if the strategic campaign does not challenge the stability it will not have a decisive impact. In 2012 I started writing on my Strategic Cyberwar Theory (SCWT), which culminated in the publishing of “Strategic Cyberwar Theory – A Foundation for Designing Decisive Strategic Cyber Operations” in The Cyber Defense Review Vol. 1, No. 1 (SPRING 2016), pp. 113-128 (16 pages) (download). This also means that in a regional cyber conflict, the societal stability gives one party an advantage over the other. Published as Kallberg, Jan. “Assessing India’s Cyber Resilience: Institutional Stability Matters.” Strategic Analysis 40, no. 1 (2016): 1-5.

Security certifications of hardware will fail if there is no mutual trust between the parties and a control over the production to ensure compliance.

The Common Criteria for Information Technology Security Evaluation aims to become a global standard for IT security certification. However, it faces challenges owing to its rigid framework, rapid technology changes, and the increased militarization of cyberspace. see Kallberg, Jan. “The common criteria meets realpolitik: Trust, alliances, and potential betrayal.” IEEE Security & Privacy 10, no. 4 (2012): 50-53.


For an adversary that seeks to avoid a direct confrontation the covert way to destroy satellites and spaceborne assets is to cyber attack and move space junk, that responds to radio signals and have residual fuel, into orbits that will collide with targeted assets. When collission occur the space terrain will be polluted by debris and an area denial emerges.

Cyber attacks in outer space is a topic that has surfaced and gained traction lately (2017-2018). As an indication, satellites travel at approximate 18 000 miles an hour so the impact of a collision is massive and a targeted asset is vaporized, creating a cloud of hyper-velocity fragments. My initial ideas and the first concept were published in “Designer Satellite Collisions from Covert Cyber War” in Strategic Studies Quarterly, Vol. 6, No. 1 (SPRING 2012), pp. 124-136 (13 pages) (download).