ɹƎ∀p ┴Ǝ∀WINפ: The Case for Broader Application of Red Teaming within Homeland Security

Summary:

Colonel A. Bentley Nettles 2010 thesis at the Naval Postgraduate School in Monterey, California provides a framework for educating all Department of Homeland Security (DHS) leaders on red team fundamentals by focusing on implementing decision support red teams as part of its force structure, implementing joint enterprise red teams between security agencies and partners, and implementing red team integration into DHS technology approval processes.

Colonel Nettles describes red teaming as intentionally creating a virus within an organization to protect, nurture, and develop an antidote for strategic surprises. Broader application of red teams creates antibodies within security infrastructure when supported by leadership. Colonel Nettles argues that red teams do this by applying creative thinking, challenging organizations assumptions, providing alternative analysis to organization plans, and providing decision makers with alternative perspectives on the current operating environment.

Colonel Nettles states that the overall goal of red teaming is to challenge one’s own assumptions in order to better understand the adversary’s perspectives and to identify one’s own vulnerabilities. Red teaming is a peer review process of a concept or proposed course of action used to look for unexpected scenarios or to identify unexpected consequences to a particular approach. Red teaming enables the United States to examine how enemies view the United States to better understand how the enemies evaluate strengths and weaknesses.

The “function” of a red team is the provision of an independent capability to fully explore alternatives in plans, operations, concepts, organizations, and capabilities in the context of the operational environment and from the perspectives of partners, adversaries, and others. The “outputs” of a red team are alternative perspectives from a trained team, an anthropological tool kit for cultural considerations of adversaries and coalition partners, a platform for communication and negotiation for internal critical analysis without being disruptive, a theoretical analysis of complex situations, and insight into how adversaries and stakeholders think.

At the strategic level, an effective red team assists decision making by pinpointing key decision points for the team, identifying planning shortfalls, highlighting differences between plans and doctrine, and identifying unintended effects of future courses of action.

Colonel Nettles uses a case study approach to defend his advocacy of red teams to support DHS mission to prevent terrorism, manage borders, enforce immigration laws, safeguard cyberspace, and ensure resilience to disasters. The case study focuses on one aspect of Transportation Security Administration (TSA) responsibilities, commercial airline security, which refers to procedures as well as infrastructure designed to avoid security problems aboard aircraft. The airport checkpoints themselves are just a few layers of the security approach used by TSA to secure the traveling public and the aerial transportation system. The case study asks why the layers of security implemented by TSA failed to stop the terrorist from boarding. Colonel Nettles visualizes 20 layers of security in Figure 2. 

Source: http://tinyurl.com/mx9mqbw

The case study focuses on Umar Farouk Abdulmutallab, the “Christmas day bomber”, in which Umar successfully boarded a plane from Amsterdam destined to Detroit on Christmas day in 2009 with an explosive device hidden on his body, which failed to detonate properly on final descent to Detroit. Colonel Nettles argues that there was so much information and intelligence available to the United States indicating Umar’s impending attack and that the government failed to connect, integrate, and understand the information it had, signifying systemic failure brought about from human error. Despite TSA’s 20 layers of security efforts, Umar broke through the defense.

Colonel Nettles asserts that utilizing Red Team concepts to create a decision support system would assess the implied assumptions in the TSA security system. A decision support Red Team would address how to shift the approach to aviation security from a defensive one to an offensive one and how to identify terrorist groups likely to try to smuggle explosives aboard transportation systems.

The present TSA Red Team program was created in response to the 1988 bombing of Pan Am Flight 103. The program is assigned to conduct covert airport security penetration testing for identifying localized and systemic vulnerabilities. Colonel Nettles argues that the program is insufficient and focus needs to be shifted to challenge assumptions made in developing new security initiatives by involving a Red Team in the concept development of new security approaches and technologies.

Colonel Nettles provides three primary conclusions:

1. Failure of imagination remains a factor within homeland security institutions five years after it was identified as an issue by the 9/11 commission.

2. Bureaucracies are not facilitators of creative original thought thus the culture of the government works against out of the box thinking, which is a necessary component to fighting terrorism.

3. Five years after the 9/11 Commission, the United States still needs to redefine homeland security approaches into a flexible, adaptive system.

Where do Red Teams fit into this? Colonel Nettles provides the following recommendations:

1. Homeland security leaders need to be trained to ask the following four questions of projects that are presented to them in a structured manner through the framework offered by Red Teams:

a. What if…? This question is useful in anticipating what the enemy may do.

b. What are the objectives of…? Answering this question forces staff to consider other perspectives.

c. What are we missing…? Answering this question helps identify gaps and vulnerabilities within agency operations, plans, and conceptual designs; in addition to identifying disconnects between agencies that need to be filled to avoid exploitation.

d. What is working and what isn’t? This is a pre-requisite to creating a learning organization.

2. Implement decision support Red Teams as part of organizational structure utilized by DHS agency heads and divisions within the organizations in order to develop an independent capability for alternatively analyzing issues.

3. Implement joint enterprise Red Teams between its own agencies and facilitate joint enterprise Red Teams between DHS and other security agencies, entities, and partners.

4. Implement Red Team integration into technology approval processes. The RAND corporation determined that terrorists respond to defensive technologies by altering operational practices, making technological substitutes, avoiding the defensive technology, or attacking the defensive technology. Red Teaming is a means of penetration testing.

Critique:

The stated goal of the research was to determine if more effective, broader utilization of decision support red teams and concepts from red teaming can positively affect decision making within DHS to foster a learning organization. The case study highlights where red teaming could theoretically be useful in the development of concepts, plans, and strategic initiatives in pursuit of homeland security. The recommendations from the study rely on evidence from challenges posed to decision making with DHS and symptoms of defective decision making.

Before considering if decision support red teams should be proliferated throughout security organizations as recommended in the article, more evidence indicating that the output of red teaming increases the effectiveness of organizations in the domain under study is needed. 

Source: 

The President has no clothes: the case for broader application of Red Teaming within Homeland Security

Red Dawn: The emergence of a red teaming capability in the Canadian Forces

Summary:

From his research, Mather Lauder defines red teaming as "an organizational process support activity undertaken by a flexible, adaptable, independent, and expert team that aims to create a collaborative learning relationship by challenging assumptions, concepts, plans, operations, organizations, 

and capabilities through the eyes of adversaries in the context of a complex security 

environment."  Red teaming consists of two main teams, a red and a blue team.  The blue team plays the role of the parent organization and attempts to stop or hinder the red team, the adversary, from achieving their goals.

Red teaming can be traced back to 2,200 BC China where generals and statesmen played a Wei-chi, a board game where the players attempted to capture the most space on the board.  The outcomes of these games influenced the development of early Chinese military tactics.  Officers of the German Fifth Panzer Army used similar techniques, using live reports from the battlefield to develop strategies.  Red teaming is not just a military and national security methodology, but also used by the private sector.  For example, IBM uses "highly specialized" employees to adapt the roles of their competitors to help test the organizations assumptions and help identify unexpected outcomes, alternative approaches, and vulnerabilities within the companies current strategies.

Lauder identifies that red teaming can be used in all three strategic levels where the military often uses it more at the operational and strategic levels.  Red teaming helps the organization "mitigate complacency, group-think, and mirror imaging."  Besides these important gains, it helps the players of the scenario become more familiar with not only the adversary, the competitor or the hostile force, but also with the capabilities and the vulnerabilities of their own organization.  The blue team, in order to succeed, must analyze their adversary to determine their capabilities, as well as themselves to identify vulnerabilities to determine likely courses of action by the red team.

Lauder identifies that there have been very few studies identifying the effectiveness and efficacy of the red team methodology.  Most of the research at the time (2009) was on best practices of red teaming and highly descriptive on how to apply the approach to certain industries or in certain situations.  Lauder proposes six questions for further study,

• What are the qualities and characteristics of good and effective red teamers and 

how are red teamers selected?

• What type of training is required for red teamers?

• Is there a particular red team composition that is more effective than others?

• What kind of learning environment is most effective? 

• Does the role of the red team differ in certain environments (i.e. does the role differ 

across settings and levels)?

• What type of interaction is necessary (between red and blue) to encourage 

learning?

From his research and analysis, Lauder believes the most important piece of the red teaming methodology is having expertly trained red team members.  They must understand the the tactics, methods, and ideology of the adversary they are portraying.  Just like the role playing methodology, they must see and act as the role ( in this case, group or organization) in order for the blue team to learn from this scenario.  

Critique:

I found Lauder's article to be very informative about the red teaming methodology.  While this research was conducted for the Canadian Armed Forces, he does an excellent job of pulling in research on the private sector and combining that information with how the military and national security professionals use the methodology.  

My concern with this research is his concluding statement where Lauder recommends the adaptation of red teaming into all levels of the military after stating that there is little to no evidence of the effectiveness of red teaming.  He event states that there is some evidence that points towards red teaming actually creating a learning barrier due to the concentration on short-term gain by the participants during the exercise.  Recommending a methodology because it sounds logical is, in my opinion, wrong, especially when the author is recommending a military adopt it where lives may be at stake.   

Source:

Lauder, Mathew. (2009).  Red dawn: The emergence of a red teaming capability in the Canadian Forces.  Canadian Army Journal. Vol. 12.1.  

Red Teaming for Law Enforcement

Summary

In this article, Capt. Michael Meehan presents the process of, the benefits of, and the limitations of conducting a red teaming exercise. Meehan states that red teams can be used in national security, the business world, or in law enforcement, and that its effectiveness is dependent on its execution.

At its most basic level, Meehan describes red teaming as a peer review of plans and polices to detect vulnerabilities that an adversary might possess. He also states that red teams are to evaluate a target or tactic of an adversary, not the likelihood that the target will be attacked. Through the exercise, red teams are to determine what to attack and how through the exercise.

Meehan presents to two types of red teaming

• Analytical

a.      The team portrays an adversary, but there is no field play

b.      Participants analyze potential attack plans to identify indicators of an attack

c.       Participants then assess whether their current plans would successfully repel an attack by the adversary

•      Physical

a.      Participants portray actual adversarial moves

b.      Participants embody the adversary and act accordingly

c.       As the red team acts out a plot, a blue team interacts accordingly to counter the attack as they see fit

Meehan continues by listing the potential benefits and impediments of performing a red team exercise:

•  Benefits

o   Offers a remedy for group complacency

o   Red teams can highlight the deviations from doctrine and reveal unexamined opportunities for an adversary

o   It determines how well an organization understands its own plans and policies

• Impediments

o   Quality of the exercise is dependent  the scenario construction, the quality of group members, and the conditions the exercise is performed under

o   Is dependent on group members interpretation of lessons learned

o   Failure results when members do not take the exercise seriously

o   An over-scripted exercise limits creativity and removes the realism of the scenario

To close the article, Meehan states that a limitation of red teaming is that an exercise cannot produce every possible outcome; however, that should not be a deterrent from performing a red team exercise.  Red team provides the opportunity for realistic training that will not only expand participants’ knowledge of their adversaries, but of also themselves.

Critique:

Meehan makes a great case for using red teaming in one's respective organization; however, he does not touch on how to properly administer a red teaming exercise. No guidelines were presented with regards to time frame, number of team members, or how to administer the scenario. It is likely that Meehan has had success leading red team exercises, but no specifics were shared on how to replicate his success. Additionally, Meehan did not go into specifics on the interactions between red and blue teams during the course of exercises. 

Finally, Meehan states, "[red teaming] is also not well suited to developing solutions to problems so much as for raising issues and exploring potential responses," which raises a few questions as to whether red teaming is an effective analysis tool. From this article, I gather that red teaming alone cannot support analysis, as it does not produce an estimate on the likelihood of events occurring. For red teaming to be useful, team members must utilize additional methodologies to assess the likelihood of the potential attacks generated during the exercise. 

Source:

Meehan, Michael. (2007). Red teaming for law enforcement. The Police Chief Magazine, 71(2).

Don’t box in the red team

Don’t box in the red team

Lt. Col. Brendan S. Mulvaney

Summary:

Lt. Col. Brendan S. Mulvaney’s 2012 article concludes that red teams should assist professionals, not replace them. Red teams help military organizations by challenging their policies, training exercises and operations. Teams may also focus on physical intrusions, projections, or emulations and help explain points of view from enemies, partners, and allies.

According to Mulvaney, red teaming is in danger because it is unhelpfully described as a tool best used to understand an operating environment and its human terrain. Mulvaney believes this understanding could cause termination of red teams. Instead, red teams need to challenge blue teams and serve commanders.

Mulvaney’s two reasons why red teams will no longer remain the operating leaders are as follows:

Until the military makes operating-environment red teaming a full time academic and experiential expertise, officers and members cannot become skillful in a specific area to provide expert-level advice on cultural issues. If a member does not have expert knowledge, then the tools in the Red Team Handbook will not be able to describe the operating-environment. In addition, the tools presented in the Red Team Handbook are only analytic tools, therefore, organizations should teach the experts these tools. Analytic tools that prove to be effective in helping members will “inevitably be incorporated into the organization’s intelligence and planning functions at some point in the not-too-distant future.”

Even though more and more people are using analytic techniques to face problems, groupthink and other standardized processes still lead to complications. Therefore, red teams need to move beyond the operating-environment and provide “alternative analysis and independent review of their organizations.” For example, NATO is using Alta (alternative analysis) to emphasize the review process of red teaming.

Although, red teamers are able to determine logic flows, errors, and uncover biases, these skills do not make them cultural experts, or qualify them as a shadow staff. Instead, red teams should provide insight to tactics, techniques, and procedures. They can interact with other red teams across agencies and organizations to evaluate plans and policies and learn new trends in the service. In addition, Mulvaney notes, “red teams need to work within the staff primaries and with the chief of staff to provide the commander the opportunity to hear the alternative and him to decide whether to explore it.” Red teams need to focus on challenging organizations and providing alternative options for commanders to hear.

Critique:

While Mulvaney does a notable job explaining red teams and how they should be functioning within organizations, I wish he further explored the concept and interaction of blue teams. Subsequently, I do agree that organizations should make red teaming a full time academic and experiential expertise. Learning to interact with different organizations while providing additional analytic processes is extremely important to the intelligence community as a whole.

Source:

Mulvaney, B. S. (2012, November). Don’t box in the red team. Armed Forces Journal, 150(4), 22–33. http://www.armedforcesjournal.com/dont-box-in-the-red-team/