Red team

A red team is an independent group that seeks to challenge an organization in order to improve its effectiveness. Sandia National Labs uses red teams that attempt malicious entry in both the physical and cyber world. The United States intelligence community (military and civilian) has red teams that speculate about alternative futures and write articles as if they were despotic world leaders. There is sparingly little in formal doctrine or publications about Red Teaming in the military.^[1]

Private business such as IBM and SAIC, and government agencies like the CIA and Sandia National Labs, have long used Red Teams. Red Teams in the United States military were used much more frequently after a 2003 Defense Science Review Board recommended increasing the use of Red Teams to help prevent the shortcomings that led up to 9/11. In response to the 2003 report, the Army stood up its service-level Red Team, the Army Directed Studies Office, in 2004. This was the first service level Red Team and until 2011 was the largest Red Team in the DoD.^[2]

One type of Red Teaming can take the form of penetration testers that assess the security of an organization, which is often unaware of the existence of the team or the exact assignment. This type of Red Team provides a more realistic picture of the security readiness than exercises, role playing, or announced assessments. Red team may trigger active controls and countermeasures in effect within a given operational environment.

In wargaming, the opposing force (or OPFOR) in a simulated military conflict may be referred to as a red cell (this is a very narrow form of Red Teaming) and may also engage in red team activity, which is used to reveal weaknesses in military readiness. The key theme is that the aggressor is composed of various threat actors, equipment, and techniques that are at least partially unknown by the defenders. The red cell challenges the operations planning by playing the role of a thinking enemy.

Some of the benefits of red team activities are that it challenges preconceived notions by demonstration; they also serve to elucidate the true problem state that planners are attempting to mitigate. Additionally, a more accurate understanding can be gained about how sensitive information is externalized, as well as highlight exploitable patterns and instances of undue bias with regard to controls and planning.

United States Army

In the US Army, red teaming is defined as: “structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives.” (TRADOC News Service, July 13, 2005) ^[3]

The Army Red Team Leaders Course is conducted by the University of Foreign Military and Cultural Studies (UFMCS) at Fort Leavenworth. The target students are graduates of the U.S. Army CGSC or equivalent intermediate and senior level school (Major through Colonel, and Chief Warrant Officer 3/4/5 with MEL IV qualification or equivalent).

The Red Team Leader’s Course (RTLC) is a graduate-level education of 720 Academic Hours (18 weeks) designed to effectively anticipate change, reduce uncertainty, and improve operational decisions. The typical academic day is 8 hours and the typical reading load is 250 pages per night.^{[citation needed]}

The University of Foreign Military and Cultural Studies was formed as an outgrowth of recommendations from the Army Chief of Staff's Actionable Intelligence Task Force. UFMCS, as an element of the TRADOC (DCSINT) Intelligence Support Activity, or TRISA, located at Fort Leavenworth, KS, is an Army directed education, research and training initiative for Army organizations and other joint and government agencies designed to provide a Red Teaming capability.

A UFMCS-trained Red Team is educated to look at problems from the perspectives of the adversary and our multinational partners, with the goal of identifying alternative strategies. The Red Team provides commanders with critical decision-making expertise during planning and operations. The team’s responsibilities are broad—from challenging planning assumptions to conducting independent analysis to examining courses of action to identifying vulnerabilities.

Red Team Leaders are experts in:

1. Analyzing complex systems and problems from different perspectives to aid in decision making, using models of theory.
2. An analysis of the concepts, theories, insights, tools and methodologies of cultural and military anthropology to predict other’s perceptions of our strengths and vulnerabilities.
3. Applying critical and creative thinking in the context of the operational environment to fully explore alternatives to plans, operations, concepts, organizations, and capabilities.
4. Applying advanced analytical skills and techniques at tactical level through strategic level and develop products supporting command decision making and operational execution.

U.S. Joint Forces Commands' Joint Enabling Capabilities Command (Now US Transportation Command's JECC)

Two operational positions associated with red teaming existed at the United States Joint Forces Command formerly called Blue Red Planners within the Standing Joint Force Headquarters (SJFHQs). These two positions, filled by Robert Yingling, a retired US Army Officer and John Boggs, a retired US Air Force Officer, now called Red Team Leaders (RTLs) were designed to provide the Joint Task Force Plans and Operations Groups with insight into the adversary’s political and military objectives and potential course of action (COA) in response to real or perceived Blue action. RTLs are the leads of a RT Cell composed of operationally oriented experts that analyze Blue conditions-driven COA from an adversary-based perspective. The RT Cell also anticipates potential adversary responses to counter Blue COA and end-state objectives. The RT also identifies critical Blue vulnerabilities and potential operational miscues. The RT cell also assists in war gaming, COA development early in the Joint Operations Planning Process (JOPP). RTLs, in collaboration with the Combatant Commander's staff and Centers of Excellence, provide in-depth knowledge of the local political landscape, of the adversary’s history, military doctrine, training, political and military alliances and partnerships, and strategic and operational objectives. The RTLs will postulate the adversary’s desired end-state, and also, postulate what the adversary may surmise Blue’s desired end-state or objectives to be. Finally, the RTLs help identify, validate, and/or re-scope potential critical nodes identified through systems developed understanding of the operational environment.

United States Government

Red teaming is normally associated with assessing vulnerabilities and limitations of systems or structures. Various watchdog agencies such as the Government Accountability Office and the National Nuclear Security Administration employ red teaming, sometimes with dramatic findings.

• In exercises and war games, red teaming refers to the work performed to provide an adversarial perspective, especially when this perspective includes plausible tactics, techniques, and procedures (TTP) as well as realistic policy and doctrine.

U.S. Marine Corps

The mission of Marine Corps Red Teams is to "provide the Commander an independent capability that offers critical reviews and alternative perspectives that challenge prevailing notions, rigorously test current Tactics, Techniques and Procedures, and counter group think in order to enhance organizational effectiveness."^{[citation needed]}

US FAA

The FAA has been implementing red teams since the Pan Am Flight 103 over Lockerbie, Scotland. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after September 11, 2001 and resumed in 2003.^[4]

The FAA use of red teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US.

Other examples

• Billy Mitchell – a passionate early advocate of air power – demonstrated the obsolescence of battleships in bombings against the captured World War I German battleship Ostfriesland and the U.S. pre-dreadnought battleship Alabama.
• Rear Admiral Harry E. Yarnell demonstrated in 1932 the effectiveness of an attack on Pearl Harbor almost exactly showing how the tactics of the Japanese would destroy the fleet in harbor nine years later. Although the umpires ruled the exercise a total success, the umpire's report on the overall exercises makes no mention of the stunning effectiveness of the simulated attack. Their conclusion to what became known as Fleet Problem XIII was surprisingly quite the opposite:

It is doubtful if air attacks can be launched against Oahu in the face of strong defensive aviation without subjecting the attacking carriers to the danger of material damage and consequent great losses in the attack air force." ^[5]

Intelligence work

When applied to intelligence work, red-teaming is sometimes called alternative analysis.^[6]

Hacking

When used in a hacking context, a red team is a group of white-hat hackers that attack an organization's digital infrastructure as an attacker would in order to test the organization's defenses (often known as "penetration testing").^[7]

See also

• Black hat hacking
• Computer hacking
• Eligible Receiver 97
• Exploit (computer security)
• Grey hat
• Hacker (computer security)
• Hacker ethic
• IT risk
• Metasploit
• Penetration test
• Red Cell
• Systematic political science
• Vulnerability (computing)
• White hat (computer security)
• Wireless & RFID Identity Theft

References

1. LtCol Brendan S. Mulvaney Marine Corps Gazette July 2012. "Strengthened Through the Challenge". 
2. LtCol Brendan S. Mulvaney Marine Corps Gazette July 2012. "Strengthened Through the Challenge". 
3. "TRADOC News Service". Tradoc.army.mil. Retrieved 2011-07-19. 
4. Deborah Sherman (30 March 2007). "Test devices make it by DIA security". Denver Post. 
5. "Real Architect of Pearl Harbor, The – page 3 – Wings of Gold". ^{[dead link]}
6. Dr. Mark Matesk (June 2009). "Red Teaming: A Short Introduction (1.0)". http://redteamjournal.com/resources/. Retrieved 2011-07-19. 
7. Ragan, Steve (12 Nov 2012). "Thinking Like an Attacker: How Red Teams Hack Your Site to Save It". Slashdot. Retrieved 10 Apr 2013.  More than one of |author= and |last= specified (help)

• http://www.tradoc.army.mil/pao/tnsarchives/July05/070205.htm

External links

• Don't Box in the Red Team- Armed Forces Journal Article
• FAA Red Team leader Bogdan Dzakovic's report to the 911 commission
• GAO Red Team reveals Nuclear material can easily be smuggled into the United States years after 911 attack.
• Proactive Risk
• Lares Red Team
• Sandia Red Team.
• Red Team Final Report.^{[dead link]}
• Officers With PhDs Advising War Effort
• Red Team U. creates critical thinkers
• Red Team Journal
• Reflections from a Red Team Leader – From Military Review
• Red Teaming: A Short Introduction – Mark Mateski – June 2009
• Defense Science Board – Task Force on The Role and Status of DoD Red Teaming Activities
• – A GUIDE TO RED TEAMING – DCDC GUIDANCE NOTE – United Kingdom
• Defining and Categorizing Red Team

 This article incorporates public domain material from the United States Army document "Army approves plan to create school for Red Teaming".
 This article incorporates public domain material from the United States Army document "University of Foreign Military and Cultural Studies".