Saturday, September 29, 2018

Adaptive Red Teaming: Protecting Across the Spectrum

Authors: John P. Sullivan and Adam Elkus
Publication: Red Team Journal
Date: July 2010

In a 2010 article in the Red Team Journal, John Sullivan and Adam Elkus outline their view on a style of red teaming they refer to as Adaptive and Analytic red teaming.

The authors first discuss the foundations of red teaming. They cite Schelling, who believes that red teaming is an approach to combat the “poverty of expectations” where “the danger is not that we shall read the signals and indicators with too little skill; the danger is in a poverty of expectations – a routine obsession with a few dangers that may be familiar rather than likely.”
Adaptive red teaming, the authors say, “involves an iterative range of analytical and physical approaches to understanding an adversary.” The authors suggest that these new methods for red teaming are valuable for conducting analysis on counterterrorism, counterinsurgency, and counterviolence. The authors furthermore state that analytic red teaming is an approach to thinking in an adversarial manner, in this case a terrorist or opposing force (OPFOR). The idea behind analytic red teaming is to get an “enhanced understanding of the groups particular driving factors strategic goals, leadership and decision-making dynamics and processes, operational capabilities and rationales, organizational dynamics and behaviors, adaptive capacities, etc. and their corollary and derivative operations.” Put simply, the goal is to understand the specified adversary’s “mindset” (ideology, strategic agenda, leadership) and the adversary operational behaviors (capabilities, modus operandi, targeting preferences).

The premise for the article rests on the idea that there is a larger spectrum of threats through which to use red teaming than just Islamic terrorism, which has drawn a majority of the focus of military, intelligence, and law enforcement organizations. Sullivan and Elkus believe that there are a variety of threats that are potential risks to public safety. While the authors mention some specific examples, they use the title “black blocs” as a catch-all concept for such anarchic or potentially violent groups. To protect against such groups, Sullivan and Elkus argue new the concepts kill chain, order of battle, and Design can enhance analytic red teaming in practice.

The authors describe the kill chain model as “the process of assembling weapons and personnel in place, conducting reconnaissance and dry runs, and then carrying out the act itself.” Sullivan and Elkus argue that by following the adversary’s necessary courses of action and tools required through a series of decision trees, with branches of tasks and subtasks, kill chain can produce data (of trends and potential) that can be used to test the adversary’s capabilities. The authors use an example of a black bloc to highlight the use of kill chain. The authors suggest that kill chain is an additional method that can highlight indicators of attack and vulnerabilities in an adversary’s command and control, by applying different network types.

Order of battle is a method used by the military to “displays the enemy’s organization and disposition” and denote “different types of units, equipment, and axes of advance…to predict the behavior of these units.” Sullivan and Elkus believe that “ORBAT analysis can be used to give teeth to analysis of the kill chain.” ORBAT’s feed into the kill chain, giving more information about the adversary’s cell to cell capabilities. An example of ORBAT used is in free-playing tactical decision-making games which theoretically tests how a unit can adapt to real-time tactical scenarios when there is “no right answer.” An example of such games in the real world is the training that Army units go through at the National Training Center.

Design is a method that was developed by the Army School of Advanced Military Studies to “frame a problem creatively prior to solving it.” Design frames the operational environment, frames the problem, and provides an operational approach to push the problem to an acceptable resolution.  The process occurs concurrently with the planning of the operation at hand. The authors believe this process can be used to challenge assumptions on longer-term issues that are more strategic in nature, like risk management and risk analysis. The authors suggest that Design can aid in better defensive measures against threats like Al-Qaeda and terrorism, writ-large. They cite the examples of the German Red Army and Irish Republican Army as examples.

In conclusion, the authors argue that by extending red team analysis with new methods, we “can help diagnose threats, vulnerability and risk, and point the way toward a better means of providing security and addressing emerging threats.” These methods can be used to prevent terrorist attacks or be used to refine prevention and deterrence activities.

Critique: The authors have a firm knowledge of alternative methods that could be used to enhance red team analysis. If I am not mistaken, the idea of the kill chain and ORBAT has, in a way, been incorporated into targeting analysis which is a key intelligence activity in the war against terror. Arguably, these methods have been effective. Otherwise it’s hard to see how these forms of analysis have been used inside the intelligence, military, and law enforcement arenas. Kill chain is a logical and practical method that has a lot of utility in all areas. ORBAT is only practiced by the military. ORBAT, and by extension IPB, is a specialized practice and is unlikely to be used outside military settings. Intelligence operations likely incorporate such thinking but in an unstructured way. Based on the article, I see no utility to Design that isn’t already served by the previous two methodologies.

Link to article:


  1. The authors discuss a larger spectrum of threats than just Islamic terrorism but use Islamic terrorism as an example in applying their methodologies, specifically for design. Do you think design would be better for long term issues from state actors where the threat is not a military/violent in nature?

    1. Based on the description provided by the authors, Design does not present any coherent structure. In my opinion, that makes it ill-suited to approaching problems. I think writ-large, the point the authors are trying to get at is that risk analysis and management is often not a significant consideration. To be honest, I believe that by applying kill chain to defensive measures (by flipping the roles in the "red team") you could provide Design with ideas that are produced through a kill chain analysis. Based on the description, I think Design probably requires some analytic outputs that it can use to guide further discussions on those longer-term issues.

  2. It seems like a "red team" is the group of people who employ a bunch of methodologies in an effort to be more prepared. "Red teaming", then is a blanket term for whatever combination of practices they choose to use. After reviewing these articles, I don't think red team really means anything unique. Were you able to identify anything that qualifies exclusively as "red team"?

    1. Jillian, I believe that you have hit the old school practice of "red teaming" on the head. As practiced with groups of individuals, the method can include any number of modifiers that allow the "red teamers" to develop their analysis. The authors don't discuss what makes or qualifies as a "red team" itself. The discussion of who makes up the "red team" is probably a useful discussion overall.

    2. The authors' explanation of red-teaming describes it as a combination of not just any methodology, but methodologies concerning the adversary. Are IPB and design (ultimately segment of the IPB process) necessary steps in red-teaming?

    3. I wouldn't say they are necessary per say but are methodologies that can enhance the red teaming process if used. ORBAT analysis is a component part of conducting IPB. The authors even mention IPB when discussing ORBAT.