Editor’s note: This is a companion piece to the previous post and was first published on Red Team Journal in June 2003.
A fine line often separates a dynamic red team from a prescripted and predictable red team. Note that the following principles apply not only to red teaming, but to wargames, exercises, and studies in general.
- Integrity: Integrity comes first; without it, any red teaming effort is a loss. This applies both to the red team itself and to the team’s sponsor: the team, for example, must be willing to be surprised, and the sponsor must give the team the freedom to be surprised. Integrity is closely aligned with intellectual courage.
- Foresight: A good red team anticipates the problems-after-next. It seeks to understand how the adversary might adapt and respond to BLUE actions. Critical here is the ability to view the interactions between RED and BLUE as part of a larger, interconnected system of issues and problems.
- Realism: A realistic red team understands how things work in the real world. Above all, this requires the right kind of people–people who understand the adversary’s culture, values, and history; people who have direct, first-hand experience in the problems of interest; and people who aren’t afraid to cut across the grain.
- Persistence: Good red teaming requires a persistent mandate. This encourages a long-range perspective, allows the red team to learn from its successes and mistakes, and promotes accountability. A one-off red team tends to provide one-off insights.
- Relevance; A good red team eschews ivory-tower pretension, addresses timely issues in a timely manner, yields practical insights, and does so in a way that connects these insights to real-world practitioners.
- Method: Good red teaming is more than simply brainstorming doomsday scenarios. Method enforces clear and consistent thinking, helps a team identify what it doesn’t know, and provides a reliable means of capturing and communicating insights.
- Self-awareness: A good red team red teams itself. It promotes internal humility, curiosity, and skepticism.
- Order: A good red team starts at the level of ideas and strategies and then proceeds to the details. The sooner a red team turns to issues of technology, tactics, and money, the sooner it forecloses alternative and potentially innovative strategies.
- Responsiveness: A good red team learns from both itself and the adversary. This requires explicit and responsive feedback loops. The value of responsiveness is relative to the responsiveness of the adversary.
- Discretion: “Don’t give good ideas to the bad guys.”