Join us 2 March for our next Red Teaming 101 Webinar.

A Call for a Red Teaming Surge

Interest in red teaming tends to grow following a major disaster or surprise. The Sept. 11 attacks, for example, triggered a surge in red teaming activity.1 Almost overnight, a professional red team became the sine qua non of a good counterterrorist or security program. Interest jumped again as U.S. forces in Iraq confronted a largely unexpected but seemingly predictable insurgency.
      In both cases, the market responded. While few dedicated red teamers practiced the trade full-time prior to 2001, dozens if not hundreds of experts and practitioners emerged within the next few years. On the whole, the effects of the surge appear to have been positive. New insights and techniques refreshed the red teaming community, and awareness of red teaming no doubt prompted some decision makers to consider their decisions from new perspectives. 2
      It’s now time for another surge, albeit one of a different kind.
      The surge I am calling for is broader, more responsive, more proactive, and less political. It builds on what we have learned and stretches our practice in new directions before the next disaster or surprise arrives.
      We must broaden the practice of red teaming on two counts. First, red teaming should not be limited to narrow conceptions of national and homeland security. The obvious case is the economy. In today’s environment, a single ill-considered economic initiative could significantly undermine our long-term security, yet I suspect that very few decision makers in Washington have sought to expose their economic proposals to unbiased, systematic, and sophisticated red teaming. This probably holds true of most decisions in the 15 executive departments, with the exception of those that deal with traditional national security issues.
      Further, it’s not simply the government’s concern. Industry players across all sectors should red team their major business strategies, both from the perspective of their competitors and from the perspective of the broader economic environment. Could the insurance industry, for instance, have benefited from more or better red teaming four or five years ago? What about the auto, oil, or mortgage industries? In each case the answer is almost certainly yes.
      Second, red teamers must broaden their toolkits to include all approaches and techniques that aid contrarian analysis.3 My sense is that many analysts and decision makers settle for the first tool or approach that works (especially if they developed it themselves). This may be fine when the problem at hand is well-understood, but few problems are sufficiently well-understood to justify complacency. Fortunately, broadening the topical scope of red teaming to include non-traditional fields should help; each of these fields will reveal new tools that red teamers can adapt and apply across domains.
      We must also seek to increase the responsiveness of red teaming. When a decision loop is measured in seconds, minutes, or hours, the pace of events will overtake all but the most streamlined red teaming techniques. The solution here is at least twofold: the community should enhance its toolkit in this area, and it should seek to train decision makers and analysts to think better in crisis situations.
      One way to increase the responsiveness of red teaming indirectly is to use it to help enhance a decision maker’s foresight. Simply put, a proactive red team can buy time. Even though a crisis may unfold quickly, a good red team will prepare decision makers by playing out scenarios and alternative strategies in advance. The U.S. Navy’s interwar gaming program is perhaps the best example. The interwar case is important because it emphasizes the usefulness of anticipating how an opponent (RED) might act, and it underscores the value of actively developing and testing friendly (BLUE) strategies in a competitive setting.
      Finally, red teamers should do their best to develop and facilitate ground rules that encourage participants to challenge political, cultural, and organizational biases. These biases are perhaps most apparent on the national stage, although they exist in nearly every organization at every level. Though they may serve other functions, strong biases foreclose open, constructive debate. Good ideas will either be overlooked until the tone changes or they will be pushed aside entirely. Honest, well-structured red teaming can help, although the culture in which the team operates must be at least minimally receptive. When it is not, the red team should consider addressing the harmful biases and attitudes directly.
      Whether you run a corporation or a country, the stakes are high, and business as usual is no longer good enough. More than ever, you need to know what your competitors and opponents are thinking. You need to overcome your organization’s biases and generate creative, resourceful strategies that work. You need to anticipate the next crisis, prevent it if possible, and respond swiftly and effectively if not.
      And we, the red teaming community, must surge to meet your need.

  1. I informally watched the search engines before and after the attacks. The number of companies offering red teaming services clearly increased from late 2001 through, say, 2004. Based on my very rough survey, I believe the number has actually started to decline. []
  2. That said, the effect of red teaming is admittedly difficult to measure. First, a variety of factors–from good red teaming to sheer good luck–can contribute to positive outcomes. Second, most military and security red teams address sensitive vulnerabilities and are rightly inaccessible to open-source, after-action review. Finally, even the best red teams are susceptible to some degree of hindsight bias when assessing how much their effort contributed to an effort. []
  3. This is one of the major goals of Red Team Journal. []