Saturday, April 11, 2009

Red Teaming Revisited

Homeland Security Weekly

This article takes a look at Red Teaming from the perspective of countering terrorism. According to Homeland Security Weekly, "It takes a thief to catch a thief. This is the Red Team Philosophy." There is a fine line, however, between creating a realistic scenario of value to the Intelligence Community (IC) and writing science fiction. The first step is employing people who are "detached" from the security environment of the target. This will ensure that the Red Team identifies true gaps in security, and not just easy fixes. Furthermore, the Red Team must recognize that terrorists are not simply crazy killers, but rational thinkers who plan, recon, train, and have the ability to successfully execute complicated operations. The article highlights 8 steps that the Red Team must analyze to successfully emulate a terrorist attack:

1. Target identification.

2. Intelligence acquisition (open source and social engineering).

3. Target surveillance to confirm or refute the intelligence.

4. Assessment of target attack plan.

5. Assessment of resource and tooling acquisition.

6. Rehearsal or training of the attack, including traveling to an unfamiliar environment and blending in with the target's surroundings.

7. The execution and its desired impact.

8. Planning and testing of the escape route.

The Red Team should always remember that terrorists will usually look for minimal exposure and contact with security; "the optimal attack is the one with the fewest obstacles." By making the Red Team assessment as realistic as possible, it will provide the most use in mitigating future threats. Furthermore, Red Teaming is not a one time exercise, but should be constantly applied to assess threats. "Red team assessments should serve as the starting point for implementing new or refining existing security practices. As practices are refined, additional red teaming evaluations should be utilized to continue this process and to address new threats or methodologies. Red teaming should be a continuing process with fresh eyes brought to bear on each evaluation (new eyes, new creative solutions)."

1 comment:

  1. How important is the initial tasking of the red team? Is there a strategic advantage for the red team to have select data/tasking requirements withheld?