“Red Team Journal still serves as the best open-source repository for helpful hints and emerging practices in the field.”
— MIcah Zenko, Red Team (2015)
Review of Red Team:  How to Succeed by Thinking Like the Enemy

Review of Red Team: How to Succeed by Thinking Like the Enemy

The work reviewed is Red Team (Micah Zenko, Red Team: How to Succeed by Thinking Like the Enemy. New York: Basic Books, 2015. 336 Pages.) by Dr. Micah Zenko, a Senior Fellow with the Council on Foreign Relations. Zenko has an impressive pedigree via years spent in Washington D.C with Harvard University’s Kennedy School of Government and the Brookings Institution and his expertise related to American drone use, counterterrorism, and related national security foci. This important book represents a five year effort that includes over 200 interviews with red teamers, the immersion of the author in red teaming courses and exercises, an analysis of over 150 pertinent documents, and the direct support of multiple research associates. This significant research endeavor—supported by foundation and other resources—easily had a project budget well into the hundreds of thousands of dollars. The time, intellectual effort, and monies allocated to the project were well spent, for the work is likely to become a significant milestone for the discipline. Red teaming is now poised to be widely introduced to mainstream American business and current affairs readership.       

Micah Zenko’s book  Red Team .

Micah Zenko’s book Red Team.

The introductory chapter begins with a discussion of the position of the Promotor Fidei (Promoter of the Faith)—more universally known as the Advocatus Diaboli (Devil’s Advocate)—utilized by the Catholic Church over the course of numerous centuries to challenge nominees for sainthood. ((Red Team, pp. ix–xii.)) It then goes on to cover red team thinking related to Al Kibar, the location of a Syrian nuclear facility bombed by the Israelis in 2007. (Ibid., pp. xii–xv.) after which it discusses organizational constraints and biases related to red teaming. ((Ibid., pp. xv–xx.)) How red teams function—via simulations, vulnerability probes, and alternative analyses—is then touched upon ((Ibid., pp. xxi–xxiv.)) as well as red team success and failure. ((Ibid., pp. xxiv–xxvi.)) The final section of the introduction ((Ibid., pp. xxvi–xxxii.)) outlines the rest of the work with a brief sketch of what the book’s following chapters will focus upon.       

Chapter 1 of the work provides an overview of best practices in red teaming: (a) "The Boss Must Buy In"; (b) "Outside and Objective, While Inside and Aware"; (c) "Fearless Skeptics with Finesse"; (d) "Have a Big Bag of Tricks"; (e) "Be Willing to Hear Bad News and Act on It"; and (f) "Red Team Just Enough, But No More." ((Ibid., pp. 1–22 and reiterated on pp. 235–236.)) Furthermore, though unnumbered, “ ... to be flexible in the approaches or techniques applied” was considered the overarching best practice. ((Ibid., p. 1 and p. 23.)) The work then provides 17 mini-case studies spanning military, intelligence community, homeland security, and private sector red teaming in chapters 2 through 6. Each of these chapters typically begins with an introduction into a type of red teaming application, discusses a number of case studies, and then provides a short concluding summary, as follows:

Military (chapter 2)

  • U.S. Army Combined Arms Center (CAC), University of Foreign Military and Cultural Studies (UFMCS)—"Red Team University";

  • U.S. Marine Corps Red Teaming;

  • Millennium Challenge 2002;

  • Israel Defense Force’s red team;

  • UK Ministry of Defence’s Development, Concepts and Doctrine Centre (DCDC) red team;

  • NATO Allied Command Transformation AltA cell;

Intelligence Community (chapter 3)

  • Team B Soviet National Intelligence Estimate (NIE) Review (1976);

  • Al Shifa, Sudan Pharmaceutical Bombing (1998);

  • CIA Red Cell (Post-9/11);

  • Osama bin Laden’s Compound, Pakistan Raid (2011);

Homeland Security (chapter 4)

  • FAA Red Team (Pre-9/11);

  • DHS MANPADS Vulnerability Assessments, pp. 127;

  • NYPD Tabletop Exercises;

  • Information Design Assurance Red Team (IDART);

Private Sector (chapter 5)

  • White Hackers—Cyber Penetration Tests;

  • iSec Partners Hacking Verizon (via Femtocells);

  • Physical Penetration Tests.

      The concluding chapter of the book, chapter 6, reads very much like an after-action assessment, here blanketed by an introduction containing interesting facts and impressions and ending with some thoughts on the future of red teaming bundled with the reiterated best practices (from pp. 1–22.). The lessons learned begin with red teaming being analyzed from an applied perspective. From such a perspective, red teaming is said to always achieve one of two possible outcomes: either “ ... it delivers some new finding or insight that otherwise could not have been self-generated within the walls of the targeted institution” (Ibid., pp. 212-213.) or “ ... when red teaming fails to have a demonstrable impact on a targeted institution, it reveals something about the though processes and values of that institution.” (Ibid., p. 213.) This chapter then goes on to highlight five misimpressions and misuses of red teaming: (1) Ad hoc devil’s advocate; (2) mistaking red team findings for policy; (3) freelance red teaming; (4) shooting the messenger; and (5) red teams should inform, not decide. (Ibid, pp. 216–228.) Five recommendations for U.S. government red teams are then provided: (1) red team the biggest decisions; 2) compile US government red team efforts; (3) expand red team instruction; (4) review military red team instruction efforts; and (5) make red teaming meaningful, not a rubber stamp. ((Ibid., pp. 229–233.)) Acknowledgements, notes, and an index round out the final sections of the work.       

Besides the 17 mini-case studies highlighted in this work that focus on the organizations and applications of red teaming, the individuals that have left a mark on it due to their pioneering efforts and years of study and application are spotlighted. Of these many dedicated individuals, I was personally gratified that the early exploits of Dr. Stephen Sloan and his wife Dr. Roberta Sloan, beginning in the mid-1970s, were discussed related to their pioneering efforts in terrorist simulation. Seeing an account of Lt.Gen. Paul Van Riper’s exploits during Millennium Challenge 2002 was also satisfying as was seeing Dr. Mark Mateski, RTJ’s founder, singled out for his ongoing contribution to red teaming via this journal, his past work with IDART, and his present Watermark Institute activities. The historical 1970s Team B section, related to the Soviet strategic threat, the NIE, and the politicization of the analytical process also made for fascinating reading. From one perspective it raises larger questions related to compromising analytical neutrality for the needs of the strategic policy of a future presidential administration, though this is outside the scope of the work. It does reinforce, however, the reality that red teaming almost never exists in a sterile environment devoid of some form of local or higher level of politics existing. For this reviewer—given my associations—the most valuable aspect of the work dealt with the recommendations related to U.S. governmental red teaming efforts. These represent reasonable and studied policy inputs and should not be taken lightly. Of the five suggestions, two of them—compile U.S. government red team efforts and review military red team instruction efforts—should be given priority before attempting to implement the other three that have been provided.       

The only demerit related to the work, and a very minor one at that, is related to the Devil’s Advocate discussion. Upon a reading of the work, the origins of this Vatican position is given as the 13th century. (Ibid., p. x, p. xi, p. 26.) However, the book jacket lists this as the 11th century and the press release list it as the 16th century. This faux pas, however, did not take place on the author’s watch and squarely falls on marketing’s non-attention to detail. Some concerns could also be raised about the occasional use of anecdotal information but this is essentially a non-issue. The author has had far more access to the entire red teaming community than the majority of red teaming professionals themselves due to his ability to cross between application boundaries (for example, military, intelligence, homeland security, and corporate). Given the secretive (literally U.S. classified) and proprietary (non-disclosure statement as in “you will be sued by our lawyers”) nature of many of these activities, his ability to even gain anecdotal information at times is an amazing feat in itself.       

In summation, the publication of Red Team by Dr. Micah Zenko is an impressive accomplishment. It has allowed for a glimpse of the entire red teaming universe to be provided to the reader in one work. As a reviewer, and someone who knows something about this discipline, I admittedly found myself learning quite a bit about red teaming applications with which I have not been associated in the past. What Dr. Peter Perla’s book The Art of Wargaming (U.S. Naval Institute Press, 1990.) did 25 years ago to help mainstream an understanding of military wargaming, we can only hope Dr. Zenko’s new work will now do for the red teaming community.

A Belated Review of Stanley McChrystal’s Team of Teams

A Belated Review of Stanley McChrystal’s Team of Teams

10 Barriers to Good Red Teaming (2003)

10 Barriers to Good Red Teaming (2003)