Summary of Findings (White Team): Red Teaming (4 out of 5 Stars)

Note: This post represents the synthesis of the thoughts, procedures and experiences of others as represented in the 16 articles read in advance of (see previous posts) and the discussion among the students and instructor during the Advanced Analytic Techniques class at Mercyhurst College on 8 April 2010 regarding Red Teaming specifically. This technique was evaluated based on its overall validity, simplicity, flexibility and its ability to effectively use unstructured data.

Description:

Red Teaming is a broad range technique that covers both methods and modifiers depending on its utility and depth. Congress mandates the use of Red Teaming in National Security fields as referenced in the Intelligence Reform and Terrorism Prevention Act of 2004 SEC 1017, "Not later than 180 days after the effective date of this Act, the Director of National Intelligence shall establish a process and assign an individual or entity the responsibility for ensuring that, as appropriate, elements of the intelligence community conduct alternative analysis (commonly referred to as ‘‘red-team analysis’’) of the information and conclusions in intelligence products." (http://www.nctc.gov/docs/pl108_458.pdf) However, its use extends to law enforcement and competitive intelligence fields as well.

Based on current research and articles, there is no universal definition. It can cover ideas as simple as playing devil's advocate, and as complex as a full scale war simulations conducted at the National Training Center at Fort Irwin Military Reservation for the United States Military.

Strengths:

• Applicable to National Security, Law Enforcement, and Business sectors.
• Reduces risk by a means of internal auditing
• Precludes mirror-imaging
• Mitigates surprise
• Avoids predictable patterns
• Helps overcome bias
• Improves adaptability and flexibility
• Helps players view system as a whole,as well as individual components
• Identifies decision maker choices for strategic players
• Helps prevent bad investments- time, effort, money, resources
• Improves the quality of questions asked about particular situations
• Provides "awareness training" and improves safeguards of a system, particularly in an IT or computer networking situation
• Challenges taboos and assumptions
• Revealing the consequences of different perspectives; in-particular the perspectives of those with different goals and risk profiles

Strength is dependent upon the team compiled; composition, goals, management support, relationship with Blue Team, rules of engagement, and available information.

Weaknesses:

• There is not one agreed upon definition
• Full extent of an opponent's actions may not be considered
• Red team may not take their responsibilities seriously
• Could lose its independence and be “captured” by the bureaucracy
• Red Teamers may not be allowed to act outside of Blue Team norms
• Suggestions of Red Team may not be incorporated into the organizational structure without proper follow-up
• Members of the Red Team may not be able to access the same knowledge as the real attackers
• Red Team may not accurately represent real opponent's decision making process

How To:

• Determine the objective or desired result.
• Communicate with stake holders involved in the exercise including management / decision makers on the scope, scale and type of exercise.
• Based on the exercise, create a Red team composed of Subject Matter Experts, external to the Blue team’s sources.
• Preparation by the Red Team. Team members should learn everything they can about what has gone before in the crisis at hand, the blue team's plan and what the enemy and other adversaries may be thinking. (Perhaps by creating a checklist of the information that the team needs to know.)
• Meeting between the Red Team and Blue planners to explain critical points of the Red Team’s purpose, in order to alleviate friction.
• Red team creats a plan / Course of Action (CoA).
• An exercise / simulation is conducted (Ex: A War Game).
• Exercise is evaluated and improvements identified.
• The required and desired improvements are incorporated.
• Exercise and evaluate again till the desired objective is reached.

Application:

Our class played a game with 4 players comprising the Blue Team, 8 players comprising the Red Team, and 2 referees to enforce the rules. It was similar to "Capture the Flag" in that the Blue Team's goal was to defend an object and the Red Team's goal was to capture the object. We conducted the exercise within the confines of our department's building. The rules of the game were as follows: both teams must remain within the building; before the game began, both teams were required to create a plan of attack and could not deviate from that plan once play began; the teams could divide their members and start from any of the four entrances to the building; once play began, each player on each team must move at least 5 steps but no more than 10 steps (a step is defined a heel-to-toe); players must move in straight lines or at 90 degree angles; if two players come within arms' length of each other they are both eliminated, unless they reveal a safety card which protects the owner from elimination one time only.

Here is how the game played out: the Blue Team, having only four members, took their position surrounding the object and worked their way outwards trying to cover each entrance to the building, but that strategy proved ineffective given the Red Team's strategy to overwhelm one entrance and use the other three as decoys. Therefore, the Blue Team only had one player to defend against five Red Team players. Obviously, once the Red Team eliminated the lone Blue Team defender, they easily won the game.

In our debrief, it was obvious that the Red Team would be victorious given their advantage in the amount of players they had. It was possible for the Blue Team to prolong the game, but eventually they would be overwhelmed by the Red Team. However, an interesting aspect came up: just because the Red Team won, does that mean that they do not need to alter their strategy for the future? It's a question that we believe should be asked when performing Red Teaming exercises.

Hypergame Analysis, Part 1

In situations of competition and conflict, no single player can dictate the outcome. What occurs depends on the strategy each player pursues. In turn, the strategy each player pursues depends on the strategy each player believes his or her opponent will pursue, and so on. Analysts often use game theory to model such situations.

In 1977, Peter Bennett introduced hypergame analysis, an elegant and useful extension to game theory. Unlike standard game theoretic models, Bennett’s concept permits players to perceive different games. This feature better approximates real-world conditions and, in particular, allows analysts to model situations involving manipulation, stratagem, and deception more directly.

In hypergame terms, a situation in which both players correctly perceive the same game is designated a level-zero hypergame. A situation in which both players believe they are playing the same game while at least one player misperceives the game is designated a level-one hypergame. A situation in which at least one player perceives the other player’s (assumed) misperceptions is designated a level-two hypergame.

Example:
A scammer offers a great deal to a mark on the street: “My friend’s business has failed,” says the scammer, “and I’ve got a van full of DVD players I need to sell quickly at a great price.” The mark hesitates. Maybe they’re stolen, he thinks. He decides to take a look anyway. The scammer opens the back of a van containing stacks of boxes. He opens one to reveal an off-brand but slick-looking portable DVD player. “This is yours for $20,” he tells the mark, who weighs the opportunity. The stuff’s obviously boxed, the mark tells himself; maybe it’s not stolen after all. He ignores his initial misgivings, hands over a twenty, and walks away with a mint-in-the box DVD player, or so he believes. When he gets to his car, he eagerly opens the box and discovers a brick. He drives back to the scene of the crime, but the scammer is gone. This situation is easily described using the hypergame framework. The mark assumes the two are playing the same game. In this game, the scammer’s options are {(sell a stolen player) (sell a legitimate player)} while the mark’s options are {(buy a player) (walk away)}. The mark’s challenge, then, is to decide whether the players are stolen. If the mark doesn’t care either way, then the choice is easy: buy a player. The scammer is playing a different game. For the sake of this example, let’s assume the scammer keeps a couple of real DVD players handy in case he suspects the mark might blow the con. In the scammer’s game, then, the mark’s options are {(buy a player) (walk away) (blow the con)} and the con’s options are {(sell a broken player) (sell a working player)}. If all goes well for the scammer, the mark never suspects (1) the scammer is playing a different game and (2) the scammer is playing a higher-order game–that is, the scammer is not only playing a different game but is aware of the mark’s misperceptions. This yields an advantage to the scammer. As long as the mark doesn’t suspect that most of the boxes contain bricks, he believes his choice is simply an ethical one: should I buy possibly stolen merchandise ? The concept of higher perspectives is sometimes referred to as expectation.5 Expectation is arguably as critical to the hypergame approach as is the more basic concept of different games.

Weaknesses: Hypergames of level three and higher are possible but challenging because they require increasingly convoluted mental recursions (I think he thinks I think he thinks, and so on). Hypergame analysis as described in the existing literature can be fairly complex. It is not something an interested analyst or red teamer will typically pick up in a day. When it is used, it is usually delegated to a specialist, who must then translate the outcome back into terms a decision maker can absorb.

Strengths: As the example illustrates, the player who correctly perceives a level-two hypergame enjoys a clear decision advantage over a player who believes the two sides are playing the same game. This situation does not necessarily arise by chance, and a clever player will aim to create and exploit such conditions. As a result, the benefit of hypergame modeling to a red teamer or decision maker rests not strictly in describing a situation but also in modeling a situation explicitly in order to gain a position of advantage.
Awareness of the hypergame construct encourages a player to avoid granting his or her opponent a position of advantage.

Conclusions: In any game-like contest, a player should always remember to ask “what do I perceive, and what does my opponent perceive?” To be avoided, for example, are states in which you, a player, believe you and your opponent are playing the same game when your opponent is actually playing a level-two hypergame. To be sought are states in which these roles are reversed.

Red-teaming: Improve Your Chances Of Winning The Business

In this article, Dr. Earl R. Smith II talks about using Red Teaming practices to increase a company's chances of winning bids / businesses.

Dr. Smith, a consultant and advisor to many corporate houses argues for the use of red teaming techniques to evaluate and modify a proposal so that the chances of winning the business are higher. He however, does not provide any examples of where this has actually succeeded in this article.

Red Teaming a Proposal the Dr Smith Way:

Putting together a Red Team:

Each red-team is tailor-made for the company, the client and the RFP.

According to Dr. Smith - the only reliable way to make sure the proposal is well focused and provides what the client (whose business is sought) requires is to have it reviewed by a truly objective panel which views it through the eyes of the client. This he says is the core of the process.

Scheduling the Red Team evaluation:

For a red team to effectively contribute and to allow for maximum benefit to the proposal team, Dr. Smith suggests that the red teaming should be scheduled far ahead of the due date of the proposal.

Evaluating the proposal:

The red team evaluates the proposal as if they are being asked to award the business; looking for weaknesses and strengths and checking to make sure threshold questions are addressed.

If the proposal has serious problems or if they think it is off base, they will question and respond in a way the client normally would.

Improving the proposal:

But unlike a client; they are on board to help improve the chances of winning. So after the evaluation, they also provide a critique which helps the team improve the proposal, value proposition, presentation and therefore the chances of winning the business.

Some Guidelines for Forming and Running a Red Team Review:

• Because of their experience, members of red-teams emulate the process and mindset of the clients that the company is going to present to.
• At least three people serve on each team.
• They are knowledgeable in the company's space.
• Team members must have no significant prior connection with the company that is presenting.
• They must be willing and able to commit the necessary time and attention to the process.
• Red team members are given at least a week to read the materials to be used in the presentation and do a bit of personal research.
• Team members must be committed to helping improve the chances of getting the business.

Comments:

The focus of this article seems to be more on providing information on red teaming techniques for prospective clients. Hence it provides a rather broad overview of red teaming. Though the author does mention a couple of examples of proposals that failed because they did not go through a red team evaluation, he does not mention any examples where red teaming has either helped improve or win a bid. The article could have been more compelling if it had had such examples.