We are pleased to post the first in a series of articles by Michael J. Skroch of Sandia Labs on the modeling and simulation of red teaming. Michael is a founding member of the red teaming community and is well known within the community as a proponent of better red teaming methods and practices. He has written this article specifically for Red Team Journal and its readers. We believe the article is likely to become a standard reference in the field. You may download it as a PDF here.
{ 8 comments }
Chris Flaherty 12.17.09 at 1:05 pm
This paper is an important start in marking-out the research boundaries between live and modelling and simulation (M&S) Red Teaming. In my experience, however, I ask the question – if the M&S was build from a ‘Scripted Agency’ perspective then many of the ‘narrative’ questions outlined in table 1 (p.5), may in fact resolve? This is the approach we have been taking at the University of New South Wales, with work on decision support tools for counter terrorism analysis in complex 3D environs. A ‘Scripted Agency’ approach also resolves the questions (p.6) outlined, namely:
(1) YES (together) to the Q: When should you use a red team and Red Team M&S together or separately?
(2) YES to Q: Is a live red team required to set up Red Team M&S?
As these provide the baseline data to construct a ‘Scripted Agency’ narrative.
Michael Skroch 12.19.09 at 3:43 pm
Chris: My response to your comment depends on what you mean by “scripted Agency” perspective. Perhaps you can expand on that. Until then, I’ll assume that you are referring to CONOPS or TTPs that are fairly ridged in determining how a response is executed.
In that case, we’ve found with Dante that defined CONOPS make simulation of constructive M&S engagements much easier to set up and simulate. They define the basis of a “behavior” for a response or attack that can be modified with statistical variation or effects from interdependencies of a complex simulation. My point here is that outcome is not deterministic because of a well defined CONOP, it is more likely to result in a simulation that can undergo verification and validation. Therefore I wouldn’t think that strict CONOPS/TTPs would determine outcome sufficient to answer, a priori, many of the questions that were posed.
With regard to your answers of two questions, I am not so certain that the answer is YES to either or both of these. Particularly, the second question–our objective should be to embody some red teaming methodology into a M&S tool to allow an analyst to set up the engagement and explore outcomes. I believe that can be done now for a narrow set of problems (physical). Dante is used this way now in some cases; however, one could claim the analysts understand basic red team tactics. So, I am not ready to make a strong claim here.
Chris Flaherty 12.21.09 at 4:13 am
Michael, the work I was referring to is microsimulation modelling techniques. This is where, the behaviour and interactions of each individual participant is directly simulated – based on scripts developed from historical events. The more usual approach is a “stochastic” (random) approximation of average behaviour. A “Scripted Agent” are software objects driven by scripts —to model the individuals involved. From that point of view, the table set out on page 5, is actually setting out the perimeter s or framework to identify the sub-categories behaviours of a software object driven by scripts, which approximates the behaviour of a red teamer. However, this is only an approximation, which needs to be moderated with subsequent analysis, or a ‘play-through’ of events in order to re-introduce real world or live complexity.
Michael Skroch 12.23.09 at 3:27 pm
Chris: Thanks for the clarification. I think we’re on the same page. Here’s a discussion in response…
The work we’ve been doing in Dante/Umbra uses microsimulation modeling by your definition. Exactly how the behaviors are scripted depends on the approach taken, and there are many of them and increasing research in the field. We tend to call “scripted behavior” as that which is programmed in a traditional sense with various inputs and outputs. The result is fairly deterministic for the individual but results in emergent behavior in the large due to system complexities. On top of that, things are not deterministic completely because the data you refer to “from historical events” often has a stochastic component. It’s just that the stochastic issues are of finer grained detail than a roll of a dice that determines who wins a particular interaction.
In Umbra/Dante we’re simulating individual movements, casting rays and launching bullets or objects, determining intersections, determining if a noise from someone behind you can be heard by another, calculating third/forth power estimates of EM signals given terrain interaction, calculating ability to move on various terrain, hearing the crack of a gunshot and being able to locate that direction, having a limited cone of vision that is swept as one looks about, changing posture, speed, seeking cover, etc. I assume this is microsimulation by your definition. We consider the fidelity of simulation as a continuum from a very rough dice-roll interaction to that which we cannot yet achieve. This seems an important parameter in understanding if a particular simulation can provide viable answers to questions being asked in a red team engagement.
I appreciate the observation that table 5 “is actually setting out the perimeter s or framework to identify the sub-categories behaviours of a software object driven by scripts, which approximates the behaviour of a red teamer.” That was my intent by other words. We need a set of measures that will help us understand and compare red team simulations and know if a sufficient level of fidelity exists to provide viable results.
Chris Flaherty 12.26.09 at 3:13 am
Michael, this is the same approach that we have been taking, and that “scripted behaviour”, is the same as “scripted agency”. The reason why we have been using this phrase is because the micro-modelling developed is built up from single individual software objects, which are provided with a ‘narrative’ which outlines their behaviour during a scenario-run. The research work is divided into two groups essentially, with DR Tony Green (UNSW), and PROF Ian Piper (UOW) developing the mathematical underpinnings. Whereas the work I lead on are the human factors issues, as a sociologist. This is the reason why I exclusively write about operational and tactical concepts such as 3D tactics, and other article posted here on this web site – Interposing Tactics, is because these analyses provide the ‘narrative’ concepts that are built into the “scripted behaviour” for a particular software agency. The corollary issue, is that in the Information Operations space, my work focuses on the deception, and information deprivation issues that are found in complex urban terrorist scenarios such as the 2007 Haymarket attack scenario (London), and the 2005 London underground attacks, which we have written about extensively. The method proposed to answer the ‘Haymarket problem’, providing a methodology with the following characteristics:
i) Random or chaotic interdiction;
ii) Successful identification of an opponent’s approaches along lines of least resistance (where a terrorist force could effectively be ambushed at its own game); and
iii) A concept of operations based on non-deterministic randomised or dynamic defence.
Finally, 3D tactics has been merged with ‘Command and Influence’ (CI) ideas as to how to achieve superior battlefield command.
Rich 02.22.10 at 7:49 pm
Has anyone given any thoughts to the research recently released called “Ecology of Human Warfare” that would allow for much deeper Red Team M&S than many think currently possible.
Michael Skroch 02.25.10 at 5:16 pm
Rich: Perhaps you can expand on the idea a bit more. Googling the phrase “Ecology of Human Warfare” references an apparent article in Nature while no quotes comes up with war’s impact on nature. Sounds like the latter is the point you wish to make–simulation of complex behaviors?
Rich 03.17.10 at 2:10 am
The release of the research in Nature I think caused people in the COIN/Red Team side to ignor it–but in fact they identified 15 characteristics of insurgencies (11) to be exact that validated the theory of “open source warfare”. I think looking at their modeling maybe worth the effort.
They have with their six year long quantative analysis model the ability to do the following:
1. Ground-level decision support:
EXAMPLE: I have identified key nodes or centers of gravity of a specific cell…if take those nodesout what is the over all 2nd or 3rd degree of effects on that cell. Does the cell stop all activities or
does it as the model says splitter and the en reform with an even stronger cell? What might be the psychological impact on 1) the cell and 2) other cells.
2. Understanding the insurgent ecosystem:
EXAMPLE: Insurgent systems are difficult to understand, with many different moving parts, evolution and feedback loops (OODA). We can use the model of the insurgent ecosystem to trail
different strategies to see how the insurgency responds.
EXAMPLE: Any “model” that can help us understand the enemy’s communications structures, decision making process and group dynamics can, if given to the right people be a true “game-changer”…
3. Scenario Analysis:
EXAMPLE: Does picking off the “low hanging fruit” of let’s say the Haqqani network…help or hurt…I always struggled with this question…do we hit the guy emplacing the IEDs or be patient, watch him, and follow the trail? In the meantime, he is emplacing IEDs that are killing US
soldiers?
EXAMPLE: Information is transmitted using both global signals (media) and local networks. The local networks are formed through the coalescence and fragmentation process that results from
the group dynamics within the insurgency. We can seed the systems with different informants or pieces of false intelligence and then watch how this information spreads through the system. We
can also try different strategies for rumor transmission within the model – e.g. is it better to have one large group of spies/agents, or multiple smaller cells within the larger population. Which organizational strategy would be more effective at transmitting information?
4. Future event planning:
EXAMPLE:…..how can I use/leverage this type of model to help drive say tribal engagements to isolate single cells or multiple cells that were identified by the model?
EXAMPLE: For a peacekeeping scenario, where you have two opposing groups and one peacekeeping force. What is the best organizational structure for reducing violence? Do you split your forces up into many small groups or is it more effective to instead have a few very strong
groups?
This is where our model is very valuable – it is the only current peer reviewed, tested, and validated modeling technique that can link effect with cause in a testable and quantitative way.
Comments on this entry are closed.