“Red Team Journal still serves as the best open-source repository for helpful hints and emerging practices in the field.”
— MIcah Zenko, Red Team (2015)
National Security in Three Diagrams and Six Takeaways

National Security in Three Diagrams and Six Takeaways

Given the array of serious national and homeland security problems we currently face, we thought it might be time to revisit our 1999 scenario “Axis 2001” or our 2010 commentary “Red Team Journal, Thirteen Years On.” After re-reading both, however, we realized we have little new to add to either post; they’re as timely today as they were then. Instead, we offer a summary in three diagrams and six takeaways.       

Diagram one captures our inclination to throw money and technology at the problem.

A Venn diagram in which small “strategy” and larger “tech” are subsumed within “money.”

A Venn diagram in which small “strategy” and larger “tech” are subsumed within “money.”

Diagram two illustrates a better way, where money and technology are subordinate to strategy.

A Venn diagram in which small “money” and slightly larger overlapping “tech” are subsumed within “strategy.”

A Venn diagram in which small “money” and slightly larger overlapping “tech” are subsumed within “strategy.”

Diagram three underscores a self-imposed trap: past choices dictate that (a lack of) money is now a bigger part of the problem

We spent, and spent, and spent, but the world is no safer, and our relative ability to spend our way out of problems is dwindling.       

A Venn diagram in which small “tech” and a very large overlapping “money” nearly fill the “strategy circle.

A Venn diagram in which small “tech” and a very large overlapping “money” nearly fill the “strategy circle.

What can we do? There’s no easy answer, but we do advocate more pattern red teaming to complement our tendency to red team the points. (Pause and think of how many points we've probably red teamed since 2001, and how we continue to miss the patterns.) Here, then, are the takeaways:

Money isn't the answer, but it's now part of the problem.

  • Point strategies yield a false sense of security but often cost more and yield less than pattern strategies.

  • Adversaries with fewer resources but more perceptive pattern strategies continue to give us a run for our money.

  • Point red teaming leads to point strategies.

  • Pattern red teaming encourages pattern strategies.

  • To beat these sorts of adversaries, we need better pattern strategies.

Reciprocity and Degenerate Strategies

Reciprocity and Degenerate Strategies

Why Red Teamers Should Care About ISO 42010 (IEEE 1471)

Why Red Teamers Should Care About ISO 42010 (IEEE 1471)