Red Teaming as a Security Assessment Tool

Securi ty as a business priori ty is changing. Many organizations today regard securi ty as a vital resource for the success and sustainabili ty of their business communities. The bottom line action item that this increased priori ty brings to governments and private organizations alike is the need to continuously evaluate and test securi ty systems with the objective of finding potential vulnerabilities. This form of testing is usually referred to as Red Teaming, a concept borrowed from the Cold War when American troops would simulate a Russian (the "Reds") attack as a way of evaluating their lines of defense.

Unfortunately, most red teaming services offered to clients today fail to provide a complete picture of the threat being posed to the protected environment. This is a serious flaw that makes the effort more cosmetic than realistically useful. It is not enough to describe vulnerabilities while ignoring the critical element of plausible Aggressors' Methods of Operation (AMO). The difference between vulnerabili ty and an AMO is that vulnerabili ty describes the end result of the AMO; while the AMO describes the complete method by which an aggressor operates.

In fact, if you consider the entire criminal or terrorist process requisite to achieving a flawless execution of a criminal or terrorist event, you may discover that your protected environment is not so vulnerable, after all. A terrorist or criminal needs to mark his target, conduct surveillance, gather intelligence, tool up, train, rehearse, execute and finally run away. As an example, one might reflect on the vulnerabili ty of a train to a terrorist attack. You may say to yourself: "that's easy … it simply involves taking a bomb and putting it on the train". However, terrorists need to factor in many other steps and elements before actually going ahead and executing their plan, which could be years in the making. They will insure that their plan is infallible and free of any contingencies and in order to do so they will ask themselves some of the following questions:

  • How will we conduct surveillance on the target?
  • When conducting surveillance, what will be our cover story?
  • How will we obtain the explosives or tools?
  • Where will we hide the explosives?
  • How would we gain access to the country?
  • How do we make certain the bomb works?
  • How do we prevent knowledge of our plan leaking to law enforcement authorities?
  • And many, many more…

Red Teaming services must mirror this terrorist approach and related modus operandi in order to provide a client with a complete set of AMOs that are directly applicable to their specific protected environment, and will thus serve as building blocks to an efficient and realistic securi ty framework.

 

<< Return to Newsletters | Print this page
 
© 2008 Chameleon Associates
SWG -Web Services