Friday, September 26, 2014

Red Teaming for Law Enforcement

Summary

In this article, Capt. Michael Meehan presents the process of, the benefits of, and the limitations of conducting a red teaming exercise. Meehan states that red teams can be used in national security, the business world, or in law enforcement, and that its effectiveness is dependent on its execution.

At its most basic level, Meehan describes red teaming as a peer review of plans and polices to detect vulnerabilities that an adversary might possess. He also states that red teams are to evaluate a target or tactic of an adversary, not the likelihood that the target will be attacked. Through the exercise, red teams are to determine what to attack and how through the exercise.

Meehan presents to two types of red teaming
  • Analytical

a.      The team portrays an adversary, but there is no field play
b.      Participants analyze potential attack plans to identify indicators of an attack
c.       Participants then assess whether their current plans would successfully repel an attack by the adversary
  •      Physical

a.      Participants portray actual adversarial moves
b.      Participants embody the adversary and act accordingly
c.       As the red team acts out a plot, a blue team interacts accordingly to counter the attack as they see fit

Meehan continues by listing the potential benefits and impediments of performing a red team exercise:
  •  Benefits

o   Offers a remedy for group complacency
o   Red teams can highlight the deviations from doctrine and reveal unexamined opportunities for an adversary
o   It determines how well an organization understands its own plans and policies
  • Impediments

o   Quality of the exercise is dependent  the scenario construction, the quality of group members, and the conditions the exercise is performed under
o   Is dependent on group members interpretation of lessons learned
o   Failure results when members do not take the exercise seriously
o   An over-scripted exercise limits creativity and removes the realism of the scenario

To close the article, Meehan states that a limitation of red teaming is that an exercise cannot produce every possible outcome; however, that should not be a deterrent from performing a red team exercise.  Red team provides the opportunity for realistic training that will not only expand participants’ knowledge of their adversaries, but of also themselves.

Critique:
Meehan makes a great case for using red teaming in one's respective organization; however, he does not touch on how to properly administer a red teaming exercise. No guidelines were presented with regards to time frame, number of team members, or how to administer the scenario. It is likely that Meehan has had success leading red team exercises, but no specifics were shared on how to replicate his success. Additionally, Meehan did not go into specifics on the interactions between red and blue teams during the course of exercises. 

Finally, Meehan states, "[red teaming] is also not well suited to developing solutions to problems so much as for raising issues and exploring potential responses," which raises a few questions as to whether red teaming is an effective analysis tool. From this article, I gather that red teaming alone cannot support analysis, as it does not produce an estimate on the likelihood of events occurring. For red teaming to be useful, team members must utilize additional methodologies to assess the likelihood of the potential attacks generated during the exercise. 

Source:

Meehan, Michael. (2007). Red teaming for law enforcement. The Police Chief Magazine, 71(2).


1 comment:

  1. John,
    What other methodologies could be used to assess the likelihood of a potential attack generated in the exercise? In addition, do you think red teaming would be more of a modifier than a methodology?

    ReplyDelete