Red Teams, Blue Teams, Tiger Teams Too…
A red team is an exercise in non-conventional thinking. Has your organization tested its assumptions, plans, and future products yet? “Red teaming is not forecasting; red teaming is the art of challenging assumptions and exploring the possible.”
The below are excerpts from The Role and Status of DoD Red Teaming Activities:
Red teams and red teaming processes have long been used as tools by the management of both government and commercial enterprises. Their purpose is to reduce an enterprise’s risks and increase its opportunities.
Red teams come in many varieties and there are different views about what constitutes a red team. We take an expanded view and include a diversity of activities that, while differing in some ways, share a fundamental feature.
Red teams are established by an enterprise to challenge aspects of that very enterprise’s plans, programs, assumptions, etc. It is this aspect of deliberate challenge that distinguishes red teaming from other management tools although the boundary is not a sharp one. …
In general, red team challenges can help hedge against surprise, particularly catastrophic surprises. It does this by providing a
- Wider and deeper understanding of potential adversary options and behavior that can expose potential vulnerabilities in our strategies, postures, plans, programs, and concepts. This role (to explore technically feasible and responsive threats) has become increasingly important as a complement to the more traditional intelligence-based threat projections (capabilities-based versus threat-based planning).
- Hedge against the social comfort of “the accepted assumptions and the accepted solutions”. This includes hedge against bias and conflict of interest.
- Hedge against inexperience (a not uncommon situation in DoD and other Government Agencies where leadership tenures tend to be short).
Areas where red teams can and do play an important role within DoD include:
- Concept development and experimentation (not just an OPFOR for the experiment but continuous challenge by red teams throughout the concept development process)
- Security of complex networks and systems
- Activities where there is not much opportunity to try things out (for example, nuclear weapons stockpile issues)
The red team itself is only one element in a red teaming process. The process can be explicit or ad hoc. Elements of the process include the following: who the red team reports to; how it interacts with the management of the enterprise and with “blue” (the owner of the activity it is challenging), and how the enterprise considers and uses its products.
We identify three types of red teams. Our expanded notion of red teams includes teams established to serve as:
- Surrogate adversaries and competitors of the enterprise,
- Devil’s advocates,
- Sources of judgment independent of the enterprise’s “normal” processes (often from team members with experience from positions at higher levels in industry or government).
And an example of a historical “red Team” activity:
Cuban Missile Crisis (1962). On the first day of the crisis, October 16, President Kennedy organized the “Ex Comm” (the Executive Committee of the National Security Council) to help advise him on the situation, and U.S. responses to the unfolding crisis. His choice of those in the Ex Comm (especially his brother and the Attorney General, Robert Kennedy) was a deliberate move to provide alternatives for courses of action and act as a counterbalance for the strong military response, originally being advocated.
Here’s a Red Team Testing Methodology.
Here’s the Red Team Journal.
Here’s how it might apply to open source software development, Your Open Source Management Approach: Red Team or Blue Team?