- This topic has 3 replies, 2 voices, and was last updated 5 years, 11 months ago by Joe (G. This post has been viewed 18 timesW. This post has been viewed 18 timesN. This post has been viewed 18 timesS. This post has been viewed 18 times). This post has been viewed 18 times
April 24, 2014 at 6:48 am #76921
A search of the MVT Forums for “Red Teams” revealed only a passing reference by G.W.N.S who has made many useful posts.
So I thought I’d provide some links and resources for those interested in, but possibly unfamiliar with, this aspect of both FreeFor and OpFor preparation.
“A red team is an independent group that challenges an organization to improve its effectiveness. The United States intelligence community (military and civilian) has red teams that explore alternative futures and write articles as if they were despotic world leaders.” [Irony much?]
CURRENT ONLINE JOURNALS
PRIMERS & GUIDES
Red Teaming A Short Introduction (1.0) June 2009
http://redteamjournal.com/papers/A Short Introduction to Red Teaming (1dot0).pdf
The Role and Status of DoD Red Teaming Activities September 2003
FBI Academy Library Subject Bibliography – Red Teaming
UK Ministry of Defence Red Teaming Guide 2nd Edition January 2013
University of Foreign Military and Cultural Studies Red Team Handbook April 2012
“RULES” – Some Useful Principles & Concepts
And while we are on alternative thinking techniques…
Edward de Bono’s ‘Six Thinking Hats’ is also a useful technique to view/think about things from alternative perspectives.
April 24, 2014 at 5:08 pm #76922
Thank you for posting those, Freeman. I’m working on standing up a Red Team through the Culper Institute. Interested?
April 26, 2014 at 5:09 am #76923
You’re welcome. Glad to help where I can to share the load. PM me details about what you require.
May 11, 2014 at 9:33 pm #76924Joe (G.W.N.S.)Moderator
My biggest criticism of Red Teams is that they have devolved into cyber and academic programs, with little in the way of physical testing. Sure within the military there is the various OPFOR type training centers, but even these could really provide a bigger black-eye than they do.
Having cyber penetration specialists test the virtual network security is very important, however if someone can physically bypass this onsite just how secure is it?
Just as having a physical security specialist do a walk through is also important, but it still doesn’t truly test a organizations fixed or mobile security.
The current missing ingredient is the physical breaching of an organizations defenses, it is only with this kind of test do we see the real scope of their true security.
The problem is most organizations want a check in the box more than they want an effective program.
This is really highlighted when their security is breached by a physical test, finger pointing and the blame game reaches monumental levels. This is particularly evident in government bureaucracies, instead of using it as the learning opportunity to make effective change, they take it as a personal attack.
So for the most part they present the image of a hard target, but there is only an illusion of security!
If ego is left out of the equation there is room for great improvement, otherwise it is wasted effort.
See this Thread Physical Penetration Attacks.
- You must be logged in to reply to this topic.