Catch the recent “Politics, Power, and Preventative Action” podcast interview with RTJ founder Mark Mateski.

The Red Teamer’s Go-To Move #3: See the System

For Go-To Move #3, we turn to topic of systems thinking and briefly unpack the ability to “See the System.” Rare indeed is the case in which the red teamer’s target is not a system. Much more common are cases in which the red teamer’s target is the whole system or even a system of systems. As a result, red teamers must understand how to approach systems.
      Let’s begin by defining a system. Donella Meadows offers a solid definition in her book Thinking in Systems: “A set of elements or parts that is coherently organized and interconnected in a pattern or structure that produces a characteristic set of behaviors, often characterized as its “function” or “purpose.”1
      A system, then, is a set of interrelated elements which yield systemic behaviors. As a result, when analyzing a system of interest you must, at a minimum, identify

  • the elements within the system of interest,
  • the relationships and interfaces between and among these elements,
  • the systems upstream from the system of interest,
  • the systems downstream from the system of interest, and
  • the relationships and interfaces between and among these systems.

      Within the systems engineering community, it is common to describe the system of interest using views and viewpoints, as defined by ISO 42010. Short of that, red teamers should at least sketch the system of interest and its internal and external interfaces informally using whatever method they choose.2
      Focusing solely on the system of interest as a whole without analyzing its internal systemic behavior and ignoring its upstream and downstream relationships will cause the red teamer to oversimplify the system of interest. Unless the red teamer can trust the adversary to do the same, this creates a fundamental mismatch between the red team (RED) and the real-world adversary (RWA). The RWA in this case will run circles around RED and, by extension, RED’s customer, BLUE. It is our experience that most RWAs naturally tend to think in terms of systems, so oversimplify at your own risk.
      In practice, this dynamic can generate conceptual tension between the customer’s desired scope and the RWA’s field of view. The miserly customer will tend to resist the red team’s efforts to include upstream and downstream interfaces within the scope of the effort. After all, this involves more work and typically raises the cost of the engagement. In these cases, the red team engagement manager should educate the customer in the basics of systems thinking and underscore the risks that attend this limiting distortion. If the customer still resists, the red team should document both this distortion and its resulting implications for the subsequent analysis.

  1. Thinking is Systems, 2008, p. 188. []
  2. We discuss both approaches in our two-day “Becoming Odysseus” course and practice sketching example systems. []