Thursday, April 8, 2010

Green Team Summary of Findings: Red Teaming (4 out of 5 stars)

Note: This post represents the synthesis of the thoughts, procedures and experiences of others as represented in the 16 articles read in advance (see previous posts) and the discussion among the students and instructor during the Advanced Analytic Techniques class at Mercyhurst College on 8 April 2010 regarding Red Teaming specifically. This technique was evaluated based on its overall validity, simplicity, flexibility and its ability to effectively use unstructured data.

Description

Red Teaming is an interactive process conducted during crisis action planning to assess planning decisions, assumptions, processes, and products from the perspective of friendly, enemy, and outside organizations. Red Teaming has also been described as the "capability-based analytical or physical manifestation of an adversary, which serves as an opposing force."

Red Teams evaluate a target or tactic, but not the likelihood that a particular target will be attacked. Successful red teaming offers a hedge against surprise and inexperience and a guard against complacency. Effective red teaming can define the threshold of detection, suspicion, and action.

Red Teaming is the only type of alternative analysis method that is mandated by congress. SEC. 1017 of the Intelligence Reform and Terroism Prevention Act of 2004 states that "Not later than 180 days after the effective date of this Act, the Director of National Intelligence shall establish a process and assign an individual or entity the responsibility for ensuring that, as appropriate, elements of the intelligence community conduct alternative analysis (commonly referred to as ‘‘red-team analysis’’) of the information and conclusions in intelligence products." (Source: http://www.nctc.gov/docs/pl108_458.pdf )


How to:

1) Determine the objective or desired result
2) Communicate with government, private partners, or other stakeholders in the process
3) Determine the scale or type of exercise and develop the scenario
4) Create a Red team composed of Subject Matter Experts, external to the Blue team’s sources.
5) Preparation by the Red Team. Team members should immerse themselves in learning everything they can about what has gone before in the crisis at hand and what the enemy and other adversaries are thinking. (Perhaps by creating a checklist of the information that the team needs to know.)
6) Meeting between the Red Team and Blue planners to explain critical points of the Red Team’s purpose, in order to alleviate friction.
7) Conduct and evaluate the exercise
8) Prepare documentation
9) Evaluate the performance
10) Develop the improvement plan
11) Make required and desired improvements
12) Exercise again


Tips for Success:
  • At least three people serve on each team
  • Team members must have no significant prior connection with the company that is presenting.
  • Devote the necessary time and attention to the process.
  • Red team members should be given at least a week to read the materials to be used in the presentation and do a bit of personal research.

Strengths and Weaknesses

Strengths
  • Lets Players consider the system as a whole
  • Reduce Risk
  • Avoid Predictable Patterns
  • Preclude mirror-imaging
  • Perturb the organization
  • Overcome bias
  • Improve adaptability and flexibility
  • Yields a closely synchronized planning staff
  • Reveal overlooked planning opportunities
  • Provides confidence to the Blue team
  • Provides an independent capability to evaluate concepts, plans, and operations from multiple different perspectives
  • Provides and understanding of the opposition through their eyes

Weaknesses
  • If not everyone agrees on the value of the exercise, it can become ineffective
  • The process may lose its independence and be “captured” by the bureaucracy
  • Could be too removed from the decision-making process and become marginalized
  • The process may destroy the integrity of the process and lose the confidence of decision-makers by “leaking” its findings to outsiders
  • There must be trust of the blue team for success of the exercise
  • It is only a simulation and is not always an accurate representation of the enemies decision making
  • The process is only effective if there is a true understanding of the opponent
  • The process does not account for independent thinking of the opposition
  • It can take time and effort to step back and view the system like an outsider, or even an insider who intends to harm

Personal Application of Technique

The class was divided into groups: Red Team/Blue Team and two referees. Red Team (offense) had 8 members and Blue Team had 4 members. Red had 1 safety card and Blue had 2 which would protect the members if they were within arms length; the way to determine who was "out." The simulation was over when either the Red Team captured the VIP or the Blue Team defended at the end of the alloted time. There were rules on specific ways to move; 90 degree angles, straight lines, and a minimum of 5 steps and max of 10. The main portion of the application was spent planning each players movement because all movements had to be written down before the simulation began. At the end of ten minutes, both teams met to engage in the simulation. Both teams moved at the same time and enacted the plans. After the simulation (Red Team captured the VIP within four moves) all groups met to discuss what both sides could have done differently and what either team was more likely to do.


No comments:

Post a Comment