Red Team
Encyclopedia
A red team is a group of penetration test
ers that assess the security of an organization, which is often unaware of the existence of the team or the exact assignment. Red teams provide a more realistic picture of the security readiness than exercises, role playing, or announced assessments. Red team may trigger active controls and countermeasures in effect within a given operational environment.
In wargaming
, the opposing force
(or OPFOR) in a simulated military conflict may be referred to as a red team and may also engage in red team activity, which is used to reveal weaknesses in military readiness. The key theme is that the aggressor is composed of various threat actors, equipment, and techniques that are at least partially unknown by the defenders.
Some of the benefits of red team activities are that it challenges preconceived notions by demonstration; they also serve to elucidate the true problem state that planners are attempting to mitigate. Additionally, a more accurate understanding can be gained about how sensitive information is externalized, as well as highlight exploitable patterns and instances of undue bias with regard to controls and planning.
“structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives.” (TRADOC News Service, July 13, 2005)
The Army Red Team Leaders Course is conducted by the University of Foreign Military and Cultural Studies (UFMCS) at Fort Leavenworth
. The target students are graduates of the U.S. Army CGSC or equivalent intermediate and senior level school (Major through Colonel, and Chief Warrant Officer 3/4/5 with MEL IV qualification or equivalent).
The Red Team Leader’s Course (RTLC) is graduate-level education of 720 Academic Hours (18 weeks) designed to effectively anticipate change, reduce uncertainty, and improve operational decisions. The typical academic day is 8 hours and the typical reading load is 250 pages per night.
The University of Foreign Military and Cultural Studies was formed as an outgrowth of recommendations from the Army Chief of Staff's Actionable Intelligence Task Force. UFMCS, as an element of the TRADOC (DCSINT) Intelligence Support Activity, or TRISA, located at Fort Leavenworth, KS, is an Army directed education, research and training initiative for Army organizations and other joint and government agencies designed to provide a Red Teaming capability.
A UFMCS-trained Red Team is educated to look at problems from the perspectives of the adversary and our multinational partners, with the goal of identifying alternative strategies. The Red Team provides commanders with critical decision-making expertise during planning and operations. The team’s responsibilities are broad—from challenging planning assumptions to conducting independent analysis to examining courses of action to identifying vulnerabilities.
Red Team Leaders are expert in:
U.S. Joint Forces Commands' Joint Enabling Capabilities Command
Two operational positions associated with red teaming existed at the United States Joint Forces Command formerly called Blue Red Planners within the Standing Joint Force Headquarters (SJFHQs). These two positions, filled by Robert Yingling and John Boggs, now called Red Team Leaders (RTLs) were designed to provide the Joint Task Force Plans and Operations Groups with insight into the adversary’s political and military objectives and potential course of action (COA) in response to real or perceived Blue action. RTLs are the leads of a RT Cell composed of operationally oriented experts that analyze Blue conditions-driven COA from an adversary-based perspective. The RT Cell also anticipates potential adversary responses to counter Blue COA and end-state objectives. The RT also identifies critical Blue vulnerabilities and potential operational miscues. The RT cell also assists in war gaming, COA development early in the Joint Operations Planning Process (JOPP). RTLs, in collaboration with the Combatant Commander's staff and Centers of Excellence, provide in-depth knowledge of the local political landscape, of the adversary’s history, military doctrine, training, political and military alliances and partnerships, and strategic and operational objectives. The RTLs will postulate the adversary’s desired end-state, and also, postulate what the adversary may surmise Blue’s desired end-state or objectives to be. Finally, the RTLs help identify, validate, and/or re-scope potential critical nodes identified through systems developed understanding of the operational environment.
and the National Nuclear Security Administration
employ red teaming, sometimes with dramatic findings.
over Lockerbie, Scotland. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after September 11, 2001 and resumed in 2003.
The FAA use of red teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US
.
Other examples include:
Penetration test
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders...
ers that assess the security of an organization, which is often unaware of the existence of the team or the exact assignment. Red teams provide a more realistic picture of the security readiness than exercises, role playing, or announced assessments. Red team may trigger active controls and countermeasures in effect within a given operational environment.
In wargaming
Military simulation
Military simulations, also known informally as war games, are simulations in which theories of warfare can be tested and refined without the need for actual hostilities. Many professional contemporary analysts object to the term wargames as this is generally taken to be referring to the civilian...
, the opposing force
Opposing force
An opposing force or enemy force is a military unit tasked with representing an enemy, usually for training purposes in war game scenarios...
(or OPFOR) in a simulated military conflict may be referred to as a red team and may also engage in red team activity, which is used to reveal weaknesses in military readiness. The key theme is that the aggressor is composed of various threat actors, equipment, and techniques that are at least partially unknown by the defenders.
Some of the benefits of red team activities are that it challenges preconceived notions by demonstration; they also serve to elucidate the true problem state that planners are attempting to mitigate. Additionally, a more accurate understanding can be gained about how sensitive information is externalized, as well as highlight exploitable patterns and instances of undue bias with regard to controls and planning.
United States Army
In the US Army, red teaming is defined as:“structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners’ and adversaries’ perspectives.” (TRADOC News Service, July 13, 2005)
The Army Red Team Leaders Course is conducted by the University of Foreign Military and Cultural Studies (UFMCS) at Fort Leavenworth
Fort Leavenworth
Fort Leavenworth is a United States Army facility located in Leavenworth County, Kansas, immediately north of the city of Leavenworth in the upper northeast portion of the state. It is the oldest active United States Army post west of Washington, D.C. and has been in operation for over 180 years...
. The target students are graduates of the U.S. Army CGSC or equivalent intermediate and senior level school (Major through Colonel, and Chief Warrant Officer 3/4/5 with MEL IV qualification or equivalent).
The Red Team Leader’s Course (RTLC) is graduate-level education of 720 Academic Hours (18 weeks) designed to effectively anticipate change, reduce uncertainty, and improve operational decisions. The typical academic day is 8 hours and the typical reading load is 250 pages per night.
The University of Foreign Military and Cultural Studies was formed as an outgrowth of recommendations from the Army Chief of Staff's Actionable Intelligence Task Force. UFMCS, as an element of the TRADOC (DCSINT) Intelligence Support Activity, or TRISA, located at Fort Leavenworth, KS, is an Army directed education, research and training initiative for Army organizations and other joint and government agencies designed to provide a Red Teaming capability.
A UFMCS-trained Red Team is educated to look at problems from the perspectives of the adversary and our multinational partners, with the goal of identifying alternative strategies. The Red Team provides commanders with critical decision-making expertise during planning and operations. The team’s responsibilities are broad—from challenging planning assumptions to conducting independent analysis to examining courses of action to identifying vulnerabilities.
Red Team Leaders are expert in:
- Analyzing complex systems and problems from different perspectives to aid in decision making using models of theory.
- An analysis of the concepts, theories, insights, tools and methodologies of cultural and military anthropology to predict other’s perceptions of our strengths and vulnerabilities.
- Applying critical and creative thinking in the context of the operational environment to fully explore alternatives to plans, operations, concepts, organizations, and capabilities.
- Applying advanced analytical skills and techniques at tactical level through strategic level and develop products supporting command decision making and operational execution.
U.S. Joint Forces Commands' Joint Enabling Capabilities CommandJoint Enabling Capabilities CommandThe U.S. Joint Forces Command now U.S. Transportation Command Joint Enabling Capabilities Command employs and manages USTRANSCOM Joint Enabling Capabilities for Global Response Force execution and emerging operational requirements...
(Now US Transportation Command's JECC)
Two operational positions associated with red teaming existed at the United States Joint Forces Command formerly called Blue Red Planners within the Standing Joint Force Headquarters (SJFHQs). These two positions, filled by Robert Yingling and John Boggs, now called Red Team Leaders (RTLs) were designed to provide the Joint Task Force Plans and Operations Groups with insight into the adversary’s political and military objectives and potential course of action (COA) in response to real or perceived Blue action. RTLs are the leads of a RT Cell composed of operationally oriented experts that analyze Blue conditions-driven COA from an adversary-based perspective. The RT Cell also anticipates potential adversary responses to counter Blue COA and end-state objectives. The RT also identifies critical Blue vulnerabilities and potential operational miscues. The RT cell also assists in war gaming, COA development early in the Joint Operations Planning Process (JOPP). RTLs, in collaboration with the Combatant Commander's staff and Centers of Excellence, provide in-depth knowledge of the local political landscape, of the adversary’s history, military doctrine, training, political and military alliances and partnerships, and strategic and operational objectives. The RTLs will postulate the adversary’s desired end-state, and also, postulate what the adversary may surmise Blue’s desired end-state or objectives to be. Finally, the RTLs help identify, validate, and/or re-scope potential critical nodes identified through systems developed understanding of the operational environment.United States Government
Red teaming is normally associated with assessing vulnerabilities and limitations of systems or structures. Various watchdog agencies such as the Government Accountability OfficeGovernment Accountability Office
The Government Accountability Office is the audit, evaluation, and investigative arm of the United States Congress. It is located in the legislative branch of the United States government.-History:...
and the National Nuclear Security Administration
National Nuclear Security Administration
The United States National Nuclear Security Administration is part of the United States Department of Energy. It works to improve national security through the military application of nuclear energy...
employ red teaming, sometimes with dramatic findings.
- In exercises and war games, red teaming refers to the work performed to provide an adversarial perspective, especially when this perspective includes plausible tactics, techniques, and procedures (TTP) as well as realistic policy and doctrine.
Important cases
The FAA has been implementing red teams since the Pan Am Flight 103Pan Am Flight 103
Pan Am Flight 103 was Pan American World Airways' third daily scheduled transatlantic flight from London Heathrow Airport to New York's John F. Kennedy International Airport...
over Lockerbie, Scotland. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after September 11, 2001 and resumed in 2003.
The FAA use of red teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US
September 11, 2001 attacks
The September 11 attacks The September 11 attacks The September 11 attacks (also referred to as September 11, September 11th or 9/119/11 is pronounced "nine eleven". The slash is not part of the pronunciation...
.
Other examples include:
- Billy Mitchell - a passionate early advocate of air power - demonstrated the obsolescence of battleships in bombings against the captured World War I German battleship OstfrieslandSMS OstfrieslandSMS Ostfriesland "SMS" stands for "Seiner Majestät Schiff" was the second vessel of the of battleships of the German Imperial Navy. Named for the region of East Frisia, Ostfrieslands keel was laid in October 1908 at the Kaiserliche Werft dockyard in Wilhelmshaven...
and the U.S. pre-dreadnought battleshipPre-dreadnoughtPre-dreadnought battleship is the general term for all of the types of sea-going battleships built between the mid-1890s and 1905. Pre-dreadnoughts replaced the ironclad warships of the 1870s and 1880s...
AlabamaUSS Alabama (BB-8)USS Alabama was an pre-dreadnought style battleship in the United States Navy. She was the second ship to carry her name.Alabama was laid down on 1 December 1896 at Philadelphia, Pennsylvania, by the William Cramp and Sons Ship and Engine Building Company. She was launched on 18 May 1898...
. - Rear Admiral Harry E. YarnellHarry E. YarnellAdmiral Harry Ervin Yarnell was an American naval officer whose career spanned 51 years and three wars, from the Spanish-American War through World War II.-Early life and Naval career:...
demonstrated in 1932 the effectiveness of an attack on Pearl Harbor almost exactly showing how the tactics of the Japanese would destroy the fleet in harbor nine years later. Although the umpires ruled the exercise a total success, the umpire's report on the overall exercises makes no mention of the stunning effectiveness of the simulated attack. Their conclusion to what became known as Fleet Problem XIII was surprisingly quite the opposite:
-
- It is doubtful if air attacks can be launched against Oahu in the face of strong defensive aviation without subjecting the attacking carriers to the danger of material damage and consequent great losses in the attack air force."
Intelligence work
When applied to intelligence work, red-teaming is sometimes called alternative analysis.See also
External links
- http://www.9-11commission.gov/hearings/hearing2/witness_dzakovic.htmFAA Red Team leader Bogdan DzakovicBogdan DzakovicBogdan Dzakovic is a 14-year veteran of the Security Division of the Federal Aviation Administration in the United States. He started off his FAA career as a field agent and Federal Air Marshal, then served as a Team Leader in the Air Marshal program...
's report to the 911 commission] - GAO Red Team reveals Nuclear material can easily be smuggled into the United States years after 911 attack.
- Proactive Risk
- Lares Red Team
- Sandia Red Team.
- Red Team Final Report.
- Officers With PhDs Advising War Effort
- Red Team U. creates critical thinkers
- Red Team Journal
- Reflections from a Red Team Leader - From Military Review
- Red Teaming: A Short Introduction - Mark Mateski - June 2009
- Defense Science Board - Task Force on The Role and Status of DoD Red Teaming Activities
- - A GUIDE TO RED TEAMING - DCDC GUIDANCE NOTE - United Kingdom