Red team

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A red team is a group that plays the role of an enemy or competitor, and provides security feedback from that perspective. Red teams are used in many fields, especially in cybersecurity, airport security, the military, and intelligence agencies.

Overview[edit]

In military wargaming, the opposing force (or OPFOR) in a simulated conflict may be referred to as a red cell, this is an interchangeable term for red team. The key theme is that the adversary (red team) leverages tactics, techniques, and equipment as appropriate to emulate the desired actor. The red team challenges operational planning by playing the role of a mindful adversary. In United States wargaming simulations, the U.S. force is always the blue team, and the opposing force is always the red team.

When applied to intelligence work, red-teaming is sometimes called alternative analysis.[1]

Cybersecurity[edit]

In cybersecurity, a penetration test involves ethical hackers trying to break into a computer system, with no element of surprise. The blue team (defending team) is aware of the penetration test and is ready to mount a defense.[2]

A red team goes a step further, and adds physical penetration, social engineering, and an element of surprise. The blue team is given no advance warning of a red team, and will treat it as a real intrusion.[2]

A red-team assessment is similar to a penetration test, but is more targeted. The goal is to test the organization's detection and response capabilities.[3] The red team will try to get in and access sensitive information in any way possible, as quietly as possible.[4]

Companies including Microsoft[5] perform regular exercises in which both red and blue teams are used.

United States Government[edit]

Army[edit]

In the US Army, red-teaming is defined as a "structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners' and adversaries' perspectives."[6]

Directed Studies Office[edit]

Red teams were used in the United States armed forces much more frequently after a 2003 Defense Science Review Board recommended them to help prevent the shortcomings that led to the September 11 attacks. The U.S. Army created the Army Directed Studies Office in 2004. This was the first service-level red team, and until 2011 was the largest in the Department of Defense (DoD).[7]

University of Foreign Military and Cultural Studies (UFMCS)[edit]

The University of Foreign Military and Cultural Studies provides courses for red team members and leaders. Most resident courses are conducted on Fort Leavenworth and target students from U.S. Army Command and General Staff College (CGSC) or equivalent intermediate and senior level school.[8]

Courses include topics such as critical thinking, groupthink mitigation, cultural empathy and self-reflection.[9]

Marine Corps[edit]

The Marine Corps red-team concept commenced in March 2011 when the Commandant of the Marine Corps (CMC) General James F. Amos drafted a white paper titled, Red Teaming in the Marine Corps. In this document, Amos discussed how the concept of the red team needs to challenge the process of planning and making decisions by applying critical thinking from the tactical to strategic level. He also tasked senior leadership in the Marine Corps to transition the red-teaming from a paper concept into real practice. This meant establishing the personnel requirements at the following Marine organizations: Marine Expeditionary Force (MEF), Marine Expeditionary Brigade (MEB), CMC Strategic Initiatives Group (SIG), Marine Corps University (MCU), and MAGTF Staff Training Program (MSTP).

In June 2013, the Marine Corps staffed the red-team billets outlined in the draft white paper. In the Marine Corps, all Marines designated to fill red-team positions have to complete either the six-week or nine-week red-team training courses provided by the University of Foreign Military and Cultural Studies (UFMCS). MCU was tasked to have a core of qualified red-team instructors to develop red-teaming curriculum, methodologies, and doctrine, and to teach at the Marine Corps resident Professional Military Education (PME) institutions.[10]

The Marine Corps had to provide a Marine officer to be part of the UFMCS instructor staff. LtCol Will Rasgorshek was the first Marine qualified as a red-team instructor at UFMCS teaching the various red-team courses offered at UFMCS. LtCol Brian McDermott was one of the first red-team instructors at MCU.

The MCU Red Team develops curriculum, teaches, and supports major academic planning exercises at the following resident MCU institutions: Senior SNCO Academy, Expeditionary Warfare School, Marine Corps Command and Staff College, Marine Corps War College, and School of Advanced Warfighting. In addition, the MCU Red Team supports the USMC Command and Staff blended seminar, the Marine Corps annual Title X wargame, and other wargames as directed by Marine Corps Combat Development Command.

In the summer of 2015, the USMC Military Occupational Specialty Manual stated that any Marine who successfully completed the UFMCS Red Team 6- or 9-week course would be authorized the additional military occupational specialty (AMOS) of 0506. In December 2015, the Marines codified the red-team concept into doctrine by incorporating red-team training and readiness requirements developed by the initial red team members at MCU, MSTP, and SIG. The five requirements currently reside in NAVMC 3500.108A, chapter 3: "Marine Air Ground Task Force Planner Training and Readiness Manual".[11]

The mission of Marine Corps red teams is to "provide the Commander an independent capability that offers critical reviews and alternative perspectives that challenge prevailing notions, rigorously test current Tactics, Techniques and Procedures, and counter group think in order to enhance organizational effectiveness."[12]

Department of Defense[edit]

The United States Department of Defense (DoD) uses cyber red teams to conduct adversarial assessments on their own networks.[13] These red teams are certified by the National Security Agency and accredited by the United States Strategic Command.[13] This certification and accreditation allows these red teams to conduct adversarial assessments on DoD operational networks, testing implemented security controls and identifying vulnerabilities of information systems. These cyber red teams are the "core of the cyber OPFOR".[14]

Federal Aviation Administration[edit]

The FAA has been implementing red teams since Pan Am Flight 103 over Lockerbie, Scotland. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after September 11, 2001 and resumed in 2003 under the Transportation Security Administration, who assumed the FAA's aviation security role after 9/11.[15]

The FAA use of red-teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US.[16]

Transportation Security Administration[edit]

The Transportation Security Administration has used red-teaming in the past. An analysis of some red-team operations discovered that undercover agents were able to fool Transportation Security Officers and bring deadly weapons through security at some major airports at least 70% of the time.[17]

See also[edit]

References[edit]

  1. ^ Mateski, Mark (June 2009). "Red Teaming: A Short Introduction (1.0)" (PDF). RedTeamJournal.com. Retrieved 2011-07-19.
  2. ^ a b "Penetration Testing Versus Red Teaming: Clearing the Confusion". Security Intelligence. Retrieved 2020-12-23.
  3. ^ Fenton, Mike (2016). "Restoring executive confidence: Red Team operations". Network Security. 2016 (11): 5–7. doi:10.1016/S1353-4858(16)30103-9.
  4. ^ Ragan, Steve (12 November 2012). "Thinking Like an Attacker: How Red Teams Hack Your Site to Save It". Slashdot. Archived from the original on 2013-03-02. Retrieved 10 April 2013.
  5. ^ "Microsoft Enterprise Cloud Red Teaming" (PDF). Microsoft.com.
  6. ^ "TRADOC News Service". Tradoc.army.mil. Archived from the original on 2011-06-17. Retrieved 2011-07-19.
  7. ^ Mulvaney, Brendan S. (July 2012). "Strengthened Through the Challenge" (PDF). Marine Corps Gazette. Marine Corps Association. Retrieved October 23, 2017 – via HQMC.Marines.mil.
  8. ^ "UFMCS Course Enrollment".
  9. ^ "University of Foreign Military and Cultural Studies Courses". army.mil. Retrieved October 23, 2017.
  10. ^ Amos, James F. (March 2011). "Red Teaming in the Marine Corps".
  11. ^ "3: Marine Air Ground Task Force Planner Training and Readiness Manual Change 3" (PDF). NAVMC 3500.108A. 23 December 2015 – via Marines.mil.
  12. ^ Broderick, Brian (July 2012). "Does the Marine Corps Need Red Teams? Accepting Contrarian Viewpoints". Marine Corps Gazette. Marine Corps Association – via MCA-Marines.org.
  13. ^ a b "Chairman of the Joint Chiefs of Staff Manual 5610.03" (PDF). Archived from the original (PDF) on 2016-12-01. Retrieved 25 February 2017.
  14. ^ "Cybersecurity" (PDF). Operational Test & Evaluation Office of the Secretary of Defense. Retrieved 26 February 2017.
  15. ^ Sherman, Deborah (30 March 2007). "Test devices make it by DIA security". Denver Post.
  16. ^ "National Commission on Terrorist Attacks Upon the United States". govinfo.library.unt.edu. University of North Texas. Retrieved 2015-10-13.
  17. ^ http://abclocal.go.com/ktrk/story?section=news/local&id=7848683

Public Domain This article incorporates public domain material from the United States Army document: "Army Approves Plan to Create School for Red Teaming". Public Domain This article incorporates public domain material from the United States Army document: "University of Foreign Military and Cultural Studies".

External links[edit]