Red Teaming: A Tool for Continuous Improvement

Every system needs a checkup from time to time to ensure it is running smoothly and according to its specification. Some systems even require a ‘stress test’ to ensure that they perform according to design criteria under extreme conditions.  This testing is particularly important when we consider security deployments but whereas a vehicle or computer systems can be stress tested in laboratory conditions, the only way we can effectively test the performance of our security teams is in real world conditions.

RedTeam

Red Teaming refers to the testing of the security deployment’s performance to assess is preparedness, vulnerabilities and limitations.  Only those tasked with executing the test, together with the senior management levels of the security operation are aware of the test plans, dates, times and those performing the test and therefore it provides maximum impact and sometimes dramatic findings.
We spend vast resources in training the security deployment, in equipping it with the latest technology and in writing and testing Standard Operating Procedures that define how we expect our staff to react to a suspicion or threat that arises during routine operation.  However our teams work in the field day after day and can become complacent to the normal state of affairs where the threats that they have been trained to identify do not materialize.  Indeed security staff can and often do have a lifelong career as operatives without seeing the worst case scenarios for which they have been trained.

By creating a simulated threat for the security teams, testing and recording the way that they react to the threat, and then analyzing, learning and improving methods according to their performance, we are able to keep the security team alert, and also make sure that our people, technology and procedures are always working to their best of their ability and in an optimized efficient manner.

The purposes of red team exercise are:

  • To gain the adversary’s perspective of a target by changing our mindset from protector to attacker.
  • To go through the thought process and appreciate the limitations of the attacker which will assist us in our threat probability analysis
  • To understand the level of professionalism needed to perform reconnaissance (information gathering) and to utilize that understanding to enhance the protection plan.
  • To help identify the “soft” points in the security of any site by putting ourselves in the adversary’s shoes.

The benefits of a red team exercise are numerous, and go far beyond the basic testing of operational readiness.  Security operatives will start to become more proactive in their tasks and red teaming has been shown to inspire a “predatory feeling” in the teams thereby sharpening their skills and helping maintain their situational awareness.  The lessons learned from a red team exercise serve as a tool for continuous improvement and allow an organization to test the suitability and accuracy of Standard Operating Procedures.

For management focus, red teaming is also one of the few ways of demonstrating a Return on Investment in security personnel, equipment or technology. By using a testing and measurement system for the performance of a security deployment before/after an investment, it is possible to see a measurable improvement and so justify expenses and budgets to senior management. Similarly, management involvement in red teaming exercises provides a way of testing for Business Continuity, or how an organization responds and recovers from a simulated threat.

Red team exercises are highly focused to test specific elements of the security operation.  Typical exercises check the response of the security deployment to:

  • Preventing an adversary from entering a secured facility.
  • Preventing the insertion of an I.E.D. or weapons (as simulated threat objects) into a secured facility.
  • Prevent an adversary from collecting information prior to an attack.
  • An I.E.D. being thrown or placed in the relevant secured zones.

Red Team Exercise Safety
Because a red team exercise is not known to the security operatives in the field, the threat that faces them can often appear to be very real and extreme precautions must be taken to prevent any reaction from the security team that could endanger their lives or those of the public or could reveal classified information.  It is the responsibility of the manager of the exercise to plan for all eventualities and ensure the safety of the security teams and the general public.

Measuring Success
There are two ways of measuring the outcome of the exercise:

  1. Success/Fail:  Did the adversary successfully carry out the simulated attack?
  2. Quantitative measure: Grades are given according to a number of criteria such as how well the security team carried out its tasks, the strengths/weaknesses of the procedures followed and how well the security teams’ were trained. The grade is calculated according to a pre-established formula that results in an empiric value that can be tracked over time as exercises are repeated.  Therefore the trends in improvement (or worsening!) of the teams’ performance can be measured.

Note that a team could successfully prevent the simulated attack but get a very low quantitative score!

Summary
Red teaming exercises are suitable for all types of security including transportation, VIP protection, aviation, critical infrastructure and border controls.  The exercises form an invaluable and critical part of the management of a security operation and a security manager must know how to plan, execute and analyze a Red Team exercise.  Only by constant testing, learning and improvement can the security teams alertness be maintained and skills be honed.

Red Teaming forms an intrinsic part of the Security Management and Close Protection courses which are being held in April and May in Israel.  We hope you will come and join us to learn more and extend and practice these skills. Its not too late to sign up for our next course in April…. there are a few places still available.