Red Team
   HOME

TheInfoList



OR:

A red team or team red are a group that plays the role of an enemy or competitor to provide security feedback from that perspective. Red teams are used in many fields, especially in
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
,
airport security Airport security includes the techniques and methods used in an attempt to protect passengers, staff, aircraft, and airport property from malicious harm, crime, terrorism, and other threats. Aviation security is a combination of measures and hum ...
,
law enforcement Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules Rule or ruling may refer to: Education ...
, the
military A military, also known collectively as armed forces, is a heavily armed, highly organized force primarily intended for warfare. It is typically authorized and maintained by a sovereign state, with its members identifiable by their distinct ...
and
intelligence agencies An intelligence agency is a government agency responsible for the collection, analysis, and exploitation of information in support of law enforcement, national security, military, public safety, and foreign policy objectives. Means of informatio ...
.


Overview

In military wargaming, the
opposing force An opposing force (alternatively enemy force, abbreviated OPFOR) is a military unit tasked with representing an enemy, usually for training purposes in war game scenarios. The related concept of aggressor squadron is used by some air forces. T ...
(or
OPFOR An opposing force (alternatively enemy force, abbreviated OPFOR) is a military unit tasked with representing an enemy, usually for training purposes in war game scenarios. The related concept of aggressor squadron is used by some air forces. ...
) in a simulated conflict may be referred to as a red cell; this is an interchangeable term for red team. The key theme is that the adversary (red team) leverages tactics, techniques, and equipment as appropriate to emulate the desired actor. The red team challenges operational planning by playing the role of a mindful adversary. In United States wargaming simulations, the U.S. force is always the blue team, whereas the opposing force is always the red team. When applied to intelligence work, red-teaming is sometimes called alternative analysis.


Cybersecurity

In
cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...
, a
penetration test A penetration test, colloquially known as a pen test or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. T ...
involves ethical hackers trying to break into a computer system, with no element of surprise. The blue team (defending team) is aware of the penetration test and is ready to mount a defense. A red team goes a step further, and adds physical penetration, social engineering, and an element of surprise. The blue team is given no advance warning of a red team, and will treat it as a real intrusion. A red-team assessment is similar to a penetration test, but is more targeted. The goal is to test the organization's detection and response capabilities. The red team will try to get in and access sensitive information in any way possible, as quietly as possible. Companies including Microsoft perform regular exercises in which both red and blue teams are used. A purple team can oversee both teams and can provide rapid information responses during the test. Purple teaming does not require a separate team and it is just the red and blue teams in close communication.


United States Government


Army

In the
US Army The United States Army (USA) is the land service branch of the United States Armed Forces. It is one of the eight U.S. uniformed services, and is designated as the Army of the United States in the U.S. Constitution.Article II, section 2, cla ...
, ''red-teaming'' is defined as a "structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities ''in the context of the operational environment and from our partners' and adversaries' perspectives.''"


Directed Studies Office

Red teams were used in the
United States Armed Forces The United States Armed Forces are the military forces of the United States. The armed forces consists of six service branches: the Army, Marine Corps, Navy, Air Force, Space Force, and Coast Guard. The president of the United States is the ...
much more frequently after a 2003 Defense Science Review Board recommended them to help prevent the shortcomings that led to the
September 11 attacks The September 11 attacks, commonly known as 9/11, were four coordinated suicide terrorist attacks carried out by al-Qaeda against the United States on Tuesday, September 11, 2001. That morning, nineteen terrorists hijacked four commercia ...
. The
U.S. Army The United States Army (USA) is the land service branch of the United States Armed Forces. It is one of the eight U.S. uniformed services, and is designated as the Army of the United States in the U.S. Constitution.Article II, section 2, cl ...
created the Army Directed Studies Office in 2004. This was the first service-level red team, and until 2011 was the largest in the
Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philipp ...
(DoD).


University of Foreign Military and Cultural Studies (UFMCS)

The University of Foreign Military and Cultural Studies provides courses for red team members and leaders. Most resident courses are conducted on
Fort Leavenworth Fort Leavenworth () is a United States Army installation located in Leavenworth County, Kansas, in the city of Leavenworth, Kansas, Leavenworth. Built in 1827, it is the second oldest active United States Army post west of Washington, D.C., an ...
and target students from
U.S. Army Command and General Staff College The United States Army Command and General Staff College (CGSC or, obsolete, USACGSC) at Fort Leavenworth, Kansas, is a graduate school for United States Army and sister service officers, interagency representatives, and international military ...
(CGSC) or equivalent intermediate and senior level school. Courses include topics such as critical thinking, groupthink mitigation, cultural empathy and self-reflection.


Marine Corps

The Marine Corps red-team concept commenced in March 2011 when the Commandant of the Marine Corps (CMC) General
James F. Amos James F. "Jim" Amos (born November 12, 1946) is a retired United States Marine Corps four-star general who served as the 35th Commandant of the Marine Corps. As a naval aviator, Amos commanded the 3rd Marine Aircraft Wing during the Iraq War i ...
drafted a white paper titled, ''Red Teaming in the Marine Corps''. In this document, Amos discussed how the concept of the red team needs to challenge the process of planning and making decisions by applying critical thinking from the tactical to strategic level. He also tasked senior leadership in the Marine Corps to transition the red-teaming from a paper concept into real practice. This meant establishing the personnel requirements at the following Marine organizations: Marine Expeditionary Force (MEF), Marine Expeditionary Brigade (MEB), CMC Strategic Initiatives Group (SIG), Marine Corps University (MCU), and MAGTF Staff Training Program (MSTP). In June 2013, the Marine Corps staffed the red-team billets outlined in the draft white paper. In the Marine Corps, all Marines designated to fill red-team positions have to complete either the six-week or nine-week red-team training courses provided by the University of Foreign Military and Cultural Studies (UFMCS). MCU was tasked to have a core of qualified red-team instructors to develop red-teaming curriculum, methodologies, and doctrine, and to teach at the Marine Corps resident Professional Military Education (PME) institutions. The Marine Corps had to provide a Marine officer to be part of the UFMCS instructor staff. LtCol Will Rasgorshek was the first Marine qualified as a red-team instructor at UFMCS teaching the various red-team courses offered at UFMCS. LtCol Brian McDermott was one of the first red-team instructors at MCU. The MCU Red Team develops curriculum, teaches, and supports major academic planning exercises at the following resident MCU institutions: Senior SNCO Academy, Expeditionary Warfare School, Marine Corps Command and Staff College, Marine Corps War College, and
School of Advanced Warfighting The School of Advanced Warfighting (SAW) in the United States Marine Corps is an Advanced Intermediate Level School (A-ILS) that produces officers qualified to fill high-impact service and joint planning billets. The curriculum features nume ...
. In addition, the MCU Red Team supports the USMC Command and Staff blended seminar, the Marine Corps annual Title X wargame, and other wargames as directed by Marine Corps Combat Development Command. In the summer of 2015, the USMC Military Occupational Specialty Manual stated that any Marine who successfully completed the UFMCS Red Team 6- or 9-week course would be authorized the additional military occupational specialty (AMOS) of 0506. In December 2015, the Marines codified the red-team concept into doctrine by incorporating red-team training and readiness requirements developed by the initial red team members at MCU, MSTP, and SIG. The five requirements currently reside in ''NAVMC 3500.108A'', chapter 3: "Marine Air Ground Task Force Planner Training and Readiness Manual". The mission of Marine Corps red teams is to "provide the Commander an independent capability that offers critical reviews and alternative perspectives that challenge prevailing notions, rigorously test current Tactics, Techniques and Procedures, and counter group think in order to enhance organizational effectiveness."


Department of Defense

The
United States Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secu ...
(DoD) uses cyber red teams to conduct adversarial assessments on their own networks. These red teams are certified by the
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
and accredited by the
United States Strategic Command United States Strategic Command (USSTRATCOM) is one of the eleven unified combatant commands in the United States Department of Defense. Headquartered at Offutt Air Force Base, Nebraska, USSTRATCOM is responsible for Strategic_nuclear_weapon, ...
. This certification and accreditation allows these red teams to conduct adversarial assessments on DoD operational networks, testing implemented security controls and identifying vulnerabilities of information systems. These cyber red teams are the "core of the cyber
OPFOR An opposing force (alternatively enemy force, abbreviated OPFOR) is a military unit tasked with representing an enemy, usually for training purposes in war game scenarios. The related concept of aggressor squadron is used by some air forces. ...
".


Federal Aviation Administration

The
FAA The Federal Aviation Administration (FAA) is the largest transportation agency of the U.S. government and regulates all aspects of civil aviation in the country as well as over surrounding international waters. Its powers include air traffic m ...
has been implementing red teams since
Pan Am Flight 103 Pan Am Flight 103 was a regularly scheduled Pan Am transatlantic flight from Frankfurt to Detroit via a stopover in London and another in New York City. The transatlantic leg of the route was operated by ''Clipper Maid of the Seas'', a Boeing ...
over
Lockerbie Lockerbie (, gd, Locarbaidh) is a small town in Dumfries and Galloway, south-western Scotland. It is about from Glasgow, and from the border with England. The United Kingdom Census 2001, 2001 Census recorded its population as 4,009. The town ...
,
Scotland Scotland (, ) is a country that is part of the United Kingdom. Covering the northern third of the island of Great Britain, mainland Scotland has a border with England to the southeast and is otherwise surrounded by the Atlantic Ocean to the ...
. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after
September 11, 2001 The September 11 attacks, commonly known as 9/11, were four coordinated suicide terrorist attacks carried out by al-Qaeda against the United States on Tuesday, September 11, 2001. That morning, nineteen terrorists hijacked four commerc ...
and resumed in 2003 under the
Transportation Security Administration The Transportation Security Administration (TSA) is an agency of the United States Department of Homeland Security (DHS) that has authority over the security of transportation systems within, and connecting to the United States. It was created ...
, who assumed the FAA's aviation security role after 9/11. The FAA use of red-teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US.


Transportation Security Administration

The
Transportation Security Administration The Transportation Security Administration (TSA) is an agency of the United States Department of Homeland Security (DHS) that has authority over the security of transportation systems within, and connecting to the United States. It was created ...
has used red-teaming in the past. An analysis of some red-team operations discovered that undercover agents were able to fool
Transportation Security Officers The Transportation Security Administration (TSA) is an agency of the United States Department of Homeland Security (DHS) that has authority over the security of transportation systems within, and connecting to the United States. It was created ...
and bring deadly weapons through security at some major airports at least 70% of the time.http://abclocal.go.com/ktrk/story?section=news/local&id=7848683


See also


References


External links

{{columns-list, colwidth=30em, 1=
UK Military Red Teaming Handbook v.3

Red Team Handbook v9.0

"Don't Box in the Red Team"
''Armed Forces Journal''

's report to the 911 commission]
GAO Red Team reveals Nuclear material can easily be smuggled into the United States years after 911 attack

Red Team Final Report



"Reflections from a Red Team Leader"
from ''Military Review''
Defense Science Board – Task Force on the Role and Status of DoD Red Teaming Activities

A Guide to Red Teaming
DCDC, UK
Defining and Categorizing a Red Team
Military doctrines