Red team

A red team is a group that helps organizations to improve themselves by providing opposition to the point of view of the organization that they are helping. They are often effective in helping organizations overcome cultural bias and broaden their problem solving capabilities.

Private business, especially those heavily invested as government contractors/defense contractors such as IBM and SAIC, and US government agencies such as the CIA, have long used Red Teams. Red Teams in the United States armed forces were used much more frequently after a 2003 Defense Science Review Board recommended them to help prevent the shortcomings that led up to the attacks of September 11, 2001. The U.S. Army then stood up a service-level Red Team, the Army Directed Studies Office, in 2004. This was the first service-level Red Team and until 2011 was the largest in the Department of Defense (DoD).[1]


In wargaming, the opposing force (or OPFOR) in a simulated military conflict may be referred to as a red cell (a very narrow form of Red Teaming) and may also engage in red team activity. The key theme is that the aggressor is composed of various threat actors, equipment and techniques that are at least partially unknown by the defenders. The red cell challenges the operations planning by playing the role of a thinking enemy. In United States war-gaming simulations, the U.S. force is always the Blue Team and the opposing force is always the Red Team.

When applied to intelligence work, red-teaming is sometimes called alternative analysis.[2]

When used in a computer security context, a red team is a group of white-hat hackers that attack an organization's digital infrastructure as an attacker would in order to test the organization's defenses (often known as "penetration testing").[3] Companies including Microsoft[4] perform regular exercises under which both red and blue teams are utilized.

The use of cyber red teams provides "real-world attack simulations designed to assess and significantly improve the effectiveness of an entire information security programme".[5] The United States Department of Defense (DoD) uses cyber red teams to conduct adversarial assessments on their own networks.[6] These red teams are certified by the National Security Agency and accredited by the United States Strategic Command.[6] This certification and accreditation allows these red teams to conduct the adversarial assessments on DoD operational networks, testing implemented security controls and identifying vulnerabilities of information systems. These cyber red teams are the "core of the cyber OPFOR".[7]

Benefits include challenges to preconceived notions and clarifying the problem state that planners are attempting to mitigate. More accurate understanding can be developed of how sensitive information is externalized and of exploitable patterns and instances of bias.

United States Government


In the US Army, red teaming is defined as a "structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners' and adversaries' perspectives."[8]

University of Foreign Military and Cultural Studies (UFMCS)

The University of Foreign Military and Cultural Studies provides five resident courses: Red Team Leader (18 wks), Stop-Gap Red Team Leader (9 wks), Red Team Member (6 wks), Critical Thinking for Red Team Practitioner (2 wks) and Red Team Mobile Training (2–28 days). Most resident courses are conducted on Fort Leavenworth and target students from U.S. Army Command and General Staff College (CGSC) or equivalent intermediate and senior level school. (Students must be capable of graduate level education, have completed appropriate PME for grade, and demonstrated tactical and technical proficiency in MOS. Required military grade is E-8 through E-9, W-4 through W-5, O-3 through O-6. Required civilian grade is GS 7-15.[9]

The UFMCS Red Team Leader’s Course (RTLC) is a graduate-level education of 732 academic hours (18 weeks). The course scope includes the four UFMCS pillars: Introspection and Self-Reflection; Groupthink Mitigation (GTM); Fostering Cultural Empathy, and Applied Critical Thinking (ACT). Introspection and self-reflection includes: Personality Dimensions, Introspective Life-Changing Event presentation and daily journaling. Groupthink mitigation (GTM) includes: Understanding Groupthink causes and techniques to mitigate. Fostering cultural empathy includes: Understanding culture from the perspective of an anthropologist, to include cultural meaning, economics, social structure, religion, politics and globalization. Applied Critical Thinking (ACT) includes: How we think, cognitive biases, intuition, complexity and systems thinking, and argument deconstruction. The course includes case studies, country studies and methods.[10]

The University of Foreign Military and Cultural Studies was formed as an outgrowth of recommendations from the Army Chief of Staff's Actionable Intelligence Task Force. UFMCS, as an element of the TRADOC (DCSINT) Intelligence Support Activity, or TRISA, located at Fort Leavenworth. TRADOC is an Army-directed education, research, and training initiative for Army organizations and other joint and government agencies designed to provide a Red Teaming capability.

A UFMCS-trained Red Teamer has proven effective in units and organizations from brigades to the Joint Staff. UFMCS curriculum is designed to improve critical thinking by teaching them how to ask better questions and challenge their assumptions they hold sacrosanct. The Red Teamer provides commanders with critical decision-making expertise during planning and operations. The team’s responsibilities are broad—from challenging planning assumptions to conducting independent analysis to examining courses of action to identifying vulnerabilities.

Joint Enabling Capabilities Command (now US Transportation Command's JECC)

Two operational positions associated with red teaming existed at the United States Joint Forces Command, formerly called Blue Red Planners within the Standing Joint Force Headquarters (SJFHQs). These two positions, now called Red Team Leaders (RTLs), were designed to provide the Joint Task Force Plans and Operations Groups with insight into the adversary's political and military objectives and potential course of action (COA) in response to real or perceived Blue action. RTLs are the leads of an RT Cell composed of operationally oriented experts that analyze Blue conditiondriven COA from an adversary-based perspective. The RT Cell anticipates potential adversary responses, identifies critical Blue vulnerabilities and potential operational miscues and assists in war gaming, COA development early in the Joint Operations Planning Process (JOPP). RTLs, in collaboration with the Combatant Commander's staff and Centers of Excellence, provide in-depth knowledge of the local political landscape, of the adversary’s history, military doctrine, training, political and military alliances and partnerships and strategic and operational objectives. RTLs postulate the adversary's desired end-state, and what the adversary may surmise Blue’s desired end-state or objectives to be. Finally, the RTLs help identify, validate and/or re-scope potential critical nodes.

United States Marine Corps

The Marine Corps Red Team concept commenced in March 2011 when the Commandant of the Marine Corps (CMC) General James F. Amos drafted a white paper titled, Red Teaming in the Marine Corps. In this document, General Amos discusses how the Red Team concept needs to challenge the process of planning and making decisions by applying critical thinking from the tactical to strategic level. He also tasked senior leadership in the Marine Corps to transition the Red Team concept from paper into reality. This meant establishing the personnel requirements at the following Marine organizations: Marine Expeditionary Force (MEF), Marine Expeditionary Brigade (MEB), CMC Strategic Initiatives Group (SIG), Marine Corps University (MCU), and the MAGTF Staff Training Program (MSTP).

In June 2013, the Marine Corps staffed the Red Team billets outlined in the draft white paper. In the Marine Corps, all Marines designated to fill red team positions have to complete either the six-week or nine-week Red Team training courses provided by the University of Foreign Military and Cultural Studies (UFMCS). MCU was tasked to have a core of qualified Red Team instructors to develop curriculum, red team methodologies, red team doctrine, and teach at the Marine Corps resident Professional Military Education (PME) institutions.[11]

The Marine Corps had to provide a Marine officer to be part of the UFMCS instructor staff. LtCol Will Rasgorshek was the first Marine qualified as a Red Team instructor at UFMCS teaching the various red team courses offered at UFMCS. LtCol Brian McDermott was one of the first Red Team instructors at MCU, and to this date the only Marine Red Team instructor not assigned to UFMCS to qualify in teaching the UFMCS Red Team curriculum.

The MCU Red Team develops curriculum, teach and support major academic planning exercises at the following resident MCU institutions: Senior SNCO Academy, Expeditionary Warfare School, Marine Corps Command and Staff College, Marine Corps War College, and the School of Advanced Warfighting. In addition, the MCU Red Team supports the USMC Command and Staff blended seminar, the Marine Corps annual Title X war-game, and other war-games as directed by Marine Corps Combat Development Command.

In the summer of 2015, the USMC Military Occupational Specialty Manual stated that any Marine who successfully completed the UFMCS Red Team 6- or 9-week course would be authorized the additional military occupational specialty (AMOS) of 0506. In December 2015, the Marines codified the Red Team concept into doctrine by incorporating Red Team Training and Readiness requirements developed by the initial Red Team members at MCU, MSTP, and the SIG. The five requirements currently reside in NAVMC 3500.108A: Marine Air Ground Task Force Planner Training and Readiness Manual. [12]

The mission of Marine Corps Red Teams is to "provide the Commander an independent capability that offers critical reviews and alternative perspectives that challenge prevailing notions, rigorously test current Tactics, Techniques and Procedures, and counter group think in order to enhance organizational effectiveness."[13]

Federal Aviation Administration

The FAA has been implementing red teams since Pan Am Flight 103 over Lockerbie, Scotland. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after September 11, 2001 and resumed in 2003 under the Transportation Security Administration, who assumed the FAA's aviation security role after 9/11.[14]

The FAA use of red teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US.[15]

Transportation Security Administration

The Transportation Security Administration has used red teaming in the past. An analysis of some red-team operations discovered that undercover agents were able to fool Transportation Security Officers and bring deadly weapons through security at some major airports at least 70% of the time.[16]

Elsewhere in government

Red teaming is normally associated with assessing vulnerabilities and limitations of systems or structures. Various watchdog agencies such as the Government Accountability Office and the National Nuclear Security Administration employ red teaming. Red teaming refers to the work performed to provide an adversarial perspective, especially when this perspective includes plausible tactics, techniques, and procedures (TTP) as well as realistic policy and doctrine.

See also


  1. Mulvaney, Brendan S. (July 2012). "Strengthened Through the Challenge" (PDF). Marine Corps Gazette. Retrieved October 23, 2017 via
  2. Mateski, Mark (June 2009). "Red Teaming: A Short Introduction (1.0)" (PDF). Retrieved 2011-07-19.
  3. Ragan, Steve (12 Nov 2012). "Thinking Like an Attacker: How Red Teams Hack Your Site to Save It". Slashdot. Slashdot Media. Archived from the original on 2013-03-02. Retrieved 10 Apr 2013.
  4. "Microsoft Enterprise Cloud Red Teaming" (PDF).
  5. Fenton, Mike (2016). "Restoring executive confidence: Red Team operations". Network Security. 2016 (11): 5–7. doi:10.1016/S1353-4858(16)30103-9.
  6. "Chairman of the Joint Chiefs of Staff Manual 5610.03" (PDF). Archived from the original (PDF) on 2016-12-01. Retrieved 25 Feb 2017.
  7. "Cybersecurity" (PDF). Operational Test & Evaluation Office of the Secretary of Defense. Retrieved 26 February 2017.
  8. "TRADOC News Service". Archived from the original on 2011-06-17. Retrieved 2011-07-19.
  9. "UFMCS Course Enrollment".
  10. "University of Foreign Military and Cultural Studies Courses". Retrieved October 23, 2017.
  11. Amos, James F. "Red Teaming In the Marine Corps" (Draft White Letter)|format= requires |url= (help).
  12. "3: Marine Air Ground Task Force Planner Training and Readiness Manual Change 3" (PDF). NAVMC 3500.108A. 23 December 2015.
  13. Broderick, Brian (July 2012). "Does the Marine Corps Need Red Teams?: Accepting Contrarian Viewpoints". Marine Corps Gazette. Marine Corps Association via
  14. Sherman, Deborah (30 March 2007). "Test devices make it by DIA security". Denver Post.
  15. "National Commission on Terrorist Attacks Upon the United States". University of North Texas. Retrieved 2015-10-13.

 This article incorporates public domain material from the United States Army document "Army approves plan to create school for Red Teaming".  This article incorporates public domain material from the United States Army document "University of Foreign Military and Cultural Studies".

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.