Friday, April 10, 2009

Red Teaming for Law Enforcement

Red Teaming for Law Enforcement
By Michael K. Meehan, Captain, Seattle Police Department

Michael Meehan posits that, just as the military and private industry use red-teaming techniques to discover abilities, vulnerabilities, and limitations; the law enforcement community can do the same in order to reduce threats and improve responses to issues of homeland security. The author states that red teaming refers to a variety of exercises, but the “most basic level of red teaming is to conduct peer review of plans and policies to detect vulnerabilities or perhaps to simply offer alternative views of scenarios.” Meehan also lists a variety of definitions given by other experts and organizations including the DHS Exercise and Evaluation Program which states that red teaming is, a “group of subject matter experts with various appropriate disciplinary backgrounds, that provides an independent peer review of plans and processes, acts as a devil’s advocate, and knowledgably role-plays the enemy using a controlled, realistic, interactive process during operations planning, training, and exercising."

The role of the red team is to “evaluate a target or tactic, but not the likelihood that a particular target will be attacked. Red team members are strategists who identify what to attack and domain experts who identify how to attack.” They are adaptive to the strategies of the blue team, allowing the blue team to engage in both prevention- and protection-related activities.

The role of the blue team is to “think about how surprise attacks might occur, identify indicators and warnings of those attacks, collect intelligence on those indicators, and adopt defenses against the most likely possibilities or at least provide early warning.”

Meehan describes two very common types of red teaming – analytical red teaming and physical red teaming. Analytical red teaming “provides a potential adversary’s view of threats, vulnerabilities, and countermeasures. Without testing the physical limitations of antiterrorism measures, analytical red teaming can challenge prevailing views, prevent surprise, allocate resources, and expand the bounds of imagination. Analytical red teaming can occur as part of a discussion-based exercise or as a standalone activity.”
Physical red teaming involves the physical portrayal of an actual adversary executing the tactics and strategies carried out by enemies.

  • Offers an element of surprise
  • Tests the fusion of policy, operations, and intelligence
  • Highlights deviations from doctrine
  • Improves blue team capabilities through practice
  • Improves information sharing

  • Preparation needed to plan scenarios
  • Interpretation , distribution, reception of lessons learned can vary

How to:
  1. Determine the objectives or desired results
  2. Communicate with government and private partners
  3. Determine the scale and type of exercise, the type of scenario, the method of evaluation, and the documentation plan
  4. Develop the scenario
  5. Identify and train the appropriate participants
  6. Conduct and evaluate the exercise
  7. Prepare thorough documentation
  8. Evaluate the performance
  9. Develop the improvement plan
  10. Make required and desired improvements
  11. Exercise again

1 comment:

  1. Is there a benefit to maintaining cohesiveness of the red team if the methodology is repeated? Should new team members be involved?