Saturday, September 27, 2014

ɹƎ∀p ┴Ǝ∀WINפ: The Case for Broader Application of Red Teaming within Homeland Security

Colonel A. Bentley Nettles 2010 thesis at the Naval Postgraduate School in Monterey, California provides a framework for educating all Department of Homeland Security (DHS) leaders on red team fundamentals by focusing on implementing decision support red teams as part of its force structure, implementing joint enterprise red teams between security agencies and partners, and implementing red team integration into DHS technology approval processes.

Colonel Nettles describes red teaming as intentionally creating a virus within an organization to protect, nurture, and develop an antidote for strategic surprises. Broader application of red teams creates antibodies within security infrastructure when supported by leadership. Colonel Nettles argues that red teams do this by applying creative thinking, challenging organizations assumptions, providing alternative analysis to organization plans, and providing decision makers with alternative perspectives on the current operating environment.

Colonel Nettles states that the overall goal of red teaming is to challenge one’s own assumptions in order to better understand the adversary’s perspectives and to identify one’s own vulnerabilities. Red teaming is a peer review process of a concept or proposed course of action used to look for unexpected scenarios or to identify unexpected consequences to a particular approach. Red teaming enables the United States to examine how enemies view the United States to better understand how the enemies evaluate strengths and weaknesses.

The “function” of a red team is the provision of an independent capability to fully explore alternatives in plans, operations, concepts, organizations, and capabilities in the context of the operational environment and from the perspectives of partners, adversaries, and others. The “outputs” of a red team are alternative perspectives from a trained team, an anthropological tool kit for cultural considerations of adversaries and coalition partners, a platform for communication and negotiation for internal critical analysis without being disruptive, a theoretical analysis of complex situations, and insight into how adversaries and stakeholders think.

At the strategic level, an effective red team assists decision making by pinpointing key decision points for the team, identifying planning shortfalls, highlighting differences between plans and doctrine, and identifying unintended effects of future courses of action.

Colonel Nettles uses a case study approach to defend his advocacy of red teams to support DHS mission to prevent terrorism, manage borders, enforce immigration laws, safeguard cyberspace, and ensure resilience to disasters. The case study focuses on one aspect of Transportation Security Administration (TSA) responsibilities, commercial airline security, which refers to procedures as well as infrastructure designed to avoid security problems aboard aircraft. The airport checkpoints themselves are just a few layers of the security approach used by TSA to secure the traveling public and the aerial transportation system. The case study asks why the layers of security implemented by TSA failed to stop the terrorist from boarding. Colonel Nettles visualizes 20 layers of security in Figure 2. 

The case study focuses on Umar Farouk Abdulmutallab, the “Christmas day bomber”, in which Umar successfully boarded a plane from Amsterdam destined to Detroit on Christmas day in 2009 with an explosive device hidden on his body, which failed to detonate properly on final descent to Detroit. Colonel Nettles argues that there was so much information and intelligence available to the United States indicating Umar’s impending attack and that the government failed to connect, integrate, and understand the information it had, signifying systemic failure brought about from human error. Despite TSA’s 20 layers of security efforts, Umar broke through the defense.

Colonel Nettles asserts that utilizing Red Team concepts to create a decision support system would assess the implied assumptions in the TSA security system. A decision support Red Team would address how to shift the approach to aviation security from a defensive one to an offensive one and how to identify terrorist groups likely to try to smuggle explosives aboard transportation systems.

The present TSA Red Team program was created in response to the 1988 bombing of Pan Am Flight 103. The program is assigned to conduct covert airport security penetration testing for identifying localized and systemic vulnerabilities. Colonel Nettles argues that the program is insufficient and focus needs to be shifted to challenge assumptions made in developing new security initiatives by involving a Red Team in the concept development of new security approaches and technologies.

Colonel Nettles provides three primary conclusions:
1. Failure of imagination remains a factor within homeland security institutions five years after it was identified as an issue by the 9/11 commission.
2. Bureaucracies are not facilitators of creative original thought thus the culture of the government works against out of the box thinking, which is a necessary component to fighting terrorism.
3. Five years after the 9/11 Commission, the United States still needs to redefine homeland security approaches into a flexible, adaptive system.

Where do Red Teams fit into this? Colonel Nettles provides the following recommendations:
1. Homeland security leaders need to be trained to ask the following four questions of projects that are presented to them in a structured manner through the framework offered by Red Teams:
a. What if…? This question is useful in anticipating what the enemy may do.
b. What are the objectives of…? Answering this question forces staff to consider other perspectives.
c. What are we missing…? Answering this question helps identify gaps and vulnerabilities within agency operations, plans, and conceptual designs; in addition to identifying disconnects between agencies that need to be filled to avoid exploitation.
d. What is working and what isn’t? This is a pre-requisite to creating a learning organization.
2. Implement decision support Red Teams as part of organizational structure utilized by DHS agency heads and divisions within the organizations in order to develop an independent capability for alternatively analyzing issues.
3. Implement joint enterprise Red Teams between its own agencies and facilitate joint enterprise Red Teams between DHS and other security agencies, entities, and partners.
4. Implement Red Team integration into technology approval processes. The RAND corporation determined that terrorists respond to defensive technologies by altering operational practices, making technological substitutes, avoiding the defensive technology, or attacking the defensive technology. Red Teaming is a means of penetration testing.

The stated goal of the research was to determine if more effective, broader utilization of decision support red teams and concepts from red teaming can positively affect decision making within DHS to foster a learning organization. The case study highlights where red teaming could theoretically be useful in the development of concepts, plans, and strategic initiatives in pursuit of homeland security. The recommendations from the study rely on evidence from challenges posed to decision making with DHS and symptoms of defective decision making.

Before considering if decision support red teams should be proliferated throughout security organizations as recommended in the article, more evidence indicating that the output of red teaming increases the effectiveness of organizations in the domain under study is needed. 



  1. Ricardo, with a lack of evidence into the effectiveness of Red Teaming, would you propose a different methodology towards answering Nettles conclusion that the government needs to be more open towards out of the box thinking?

  2. Harrison,

    Techniques outside the alternative/challenge analysis umbrella that facilitate out of the box thinking include structured role playing and multi-criteria intelligence matrices. We also have nominal group technique.