Summary of Findings: Red Teaming (2 out of 5 Stars)

 Note: This post represents the synthesis of the thoughts, procedures and experiences of others as represented in the articles read in advance (see previous posts) and the discussion among the students and instructor during the Advanced Analytic Techniques class at Mercyhurst University, in October 2018 regarding Red Teaming as an Analytic Method, specifically. This technique was evaluated based on its overall validity, simplicity, flexibility and its ability to effectively use unstructured data.

Description: Red teaming is an analytic method that designates an independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view. While there are a variety of approaches, common execution practices include identifying threats, tactics, techniques, procedures, tools, and personnel at the adversary’s disposal. These elements allow you to recognize the red team’s capabilities and likely courses of action. As a result, you are ideally more equipped to respond to adversarial threats and other possible outcomes.

Strengths:

•Challenges plans, ideas, programs, and assumptions

•Addresses alternative or emerging outcomes

•Identifies vulnerabilities

•Reduces risk

•Diagnoses threats

Weaknesses:

•Heavily reliant on effective leadership and adequate team interaction

•Susceptible to groupthink

•Not applicable to situations where enemy and task isn’t clearly defined

How-To:
There are several variants of Red Team methodology, the processes of which differ from one another.  Below is the most concrete process of red-teaming that we came up with in class:

1. Identify the Red Team Capabilities

1. Tactics, Techniques, Procedures
2. Behavior
3. Personnel
4. Tools
1. Based on capabilities, assign independent group to ASSUME THE ROLE OF RED TEAM
2. Design situations to employ the red team in order to identify vulnerabilities, diagnose threats, and address potential outcomes

Application of Technique:

Students in the class were given scenario in which a the president of Mercyhurst University had decided on a date to surprise the student body with a celebration on campus called “Hurst Day”. The date was intended to be kept secret to maintain the surprise, yet for planning purposes the president had to share the date with select few faculty members (i.e., campus dining and res life directors). The students were then tasked to assume the role of an adversarial group that wants to find the date and leak it to the student body before the surprise. This group has collections skills including elicitation, lock-picking, geocaching, surveillance, open-source, etc. After given time to think and collaborate on possible ways this group is likely to attempt to find the date, the students determined the Top 5 that were most likely to be used by this group.

For Further Information:

1. Defense Science Board Task Force (2003): The Role and Status of DoD Red Teaming Activities.
2. Red Teams (blog and podcast)
3. Red Team Journal
4. Red Teaming Guide