Red Team: How to Succeed By Thinking Like the Enemy

Introduction

In Red Team, CFR Senior Fellow Micah Zenko provides an in-depth investigation into the work of red teams, revealing the best practices, most common pitfalls, and most effective applications of these modern-day devil’s advocates.

Summary

Red Team: How to Succeed by Thinking Like the Enemy reveals how red teams comprised of professional skeptics and saboteurs can help organizations identify vulnerabilities, challenge assumptions, and anticipate threats. Author Micah Zenko reveals how disasters like the 2014 cyber theft of over twenty million U.S. government personnel records—one of the largest data breaches in history—could have been avoided through the use of red teams.

Red Team is the first book to examine the work of these modern-day devil’s advocates across a broad range of fields, including the military, security, intelligence, and business sectors. Drawing on seventeen little-known case studies, Zenko delves into the history of red teams and lays out their six best practices. He explains how organizations have benefitted from or misused red teaming, and what happens when their findings are ignored. In a final section, Zenko provides recommendations for the practice of red teaming in government that can also be tailored to private sector needs. 

The book’s case studies include: the Federal Aviation Administration (FAA) red team that covertly tested airport security before 9/11 and warned about vulnerabilities that could easily be exploited by terrorists, but whose troubling findings were ignored by FAA leadership;

  • benevolent “white hat” hackers who revealed that Verizon femtocells (essentially miniature cell towers used to improve reception in buildings) could easily be used to clone or steal data from phones without the knowledge of users;
  • the Central Intelligence Agency (CIA) Red Cell that then director George Tenet formed days after 9/11, and which continues to conduct alternative analysis today, to “tell me things that others don’t, and make seniors [officials] feel uncomfortable”;
  • the multiple independent analyses conducted to estimate the probability that Osama bin Laden was living in a compound in Pakistan, and the simulations that prepared the Navy SEALs for a range of contingencies prior to their successful 2011 raid; and
  • red teamers who run business war games in advance of major decisions in order to analyze competitors’ strategies and break rigid thought structures of their own executives.
 

This book is suitable for the following types of undergraduate and graduate courses:

  • U.S. Foreign Policy
  • Security Studies/Homeland Security
  • Business Strategy

Discussion Questions

Courses on U.S. Foreign Policy:

  1. What do you consider the most costly or highly consequential foreign policy decision that policymakers are grappling with? If you were a government official tasked with red teaming the decision, what liberating structure would you apply and why? 
  2. If the U.S. military were planning a war game to anticipate adversaries and the threats they will pose ten years from now, which two red teaming best practices should receive the most attention from the blue and red teams and why?
  3. Which red team best practice do you think is the most difficult for either the U.S. Department of State, U.S. Department of Defense, or Central Intelligence Agency to uphold and why? What recommendations would you give to leadership and red teamers to address this difficulty?

Courses on Security Studies/Homeland Security:

  1. What do you consider the most high risk national security threat that policymakers are grappling with? If you were a government official tasked with red teaming the threat, what red teaming technique would you apply and why?
  2. Which of the three types of red teaming—simulations, vulnerability probes, and alternative analyses—do you think should be applied to the threat of homegrown violent extremism?

Courses on Business Strategy:

  1. If you are a CEO of a company tasked with deciding whether or not to launch a new product, what liberating structure would you apply to anticipate challenges and why? 
  2. Describe a scenario in which you would conduct a business war game and, as a red teamer, the steps you would take to ensure that best practices are met.
  3. What are some of the common challenges faced by penetration testers in improving cyber or physical security?

Essay Questions

Courses on U.S. Foreign Policy (focus reading on chapters 1-3, 6):

  1. What are some common weaknesses in policymaking, both in decisions and implementation?
  2. Given the current global environment, what are three foreign policy issues, threats, or strategies that would benefit from red teaming?
  3. What lessons can be drawn from failures to use or misapplications of red teams, such as the FAA covert airport testing before 9/11, the Millennium Challenge 2002 war game, or the bombing of the Al Shifa pharmaceutical factory?
  4. What lessons can be drawn from successful red teaming, such as the CIA Red Cell’s alternative analyses before the bin Laden raid or the NYPD tabletop exercise after the Mumbai terrorist attacks?
  5. What are some organizational constraints that would make it difficult to use red teaming or implement a red team’s findings?
  6. What are the best practices of red teaming?

Courses on Security Studies/Homeland Security (focus reading on chapters 1, 6 and either 2 (military), 3 (intelligence), or 4 (homeland security)):

  1. What lessons can be drawn from the use of red teaming in the case of the:
    1. FAA cover airport testing before 9/11? (homeland security)
    2. hack of Verizon’s femtocell? (cybersecurity)
    3. CIA Red Cell’s alternative analysis ahead of the raid of bin Laden’s compound? (national security)
    4. Millennium Challenge 2002 war game? (military studies)
  2. For hierarchical institutions, what are organizational constraints that might make it difficult to meaningfully apply red teaming or implement a red team’s findings?
  3. What are the best practices of red teaming?

Courses on Business Strategy (focus reading on chapters 1, 5-6):

  1. What are some constraints of corporate culture that make it difficult to meaningfully apply red teaming or implement a red team’s findings?
  2. Which business practices or decisions not covered in the book could benefit from red teaming?
  3. What are the best practices of red teaming?
  4. What lessons can be drawn from business war gamers Ken Sawka, Benjamin Gilad, and Mark Chussil?

Supplementary Materials

Courses on U.S. Foreign Policy:

Central Intelligence Agency, “A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis,” March 2009, publicly released May 4, 2009.

Dunning, David, Self-Insight: Roadblocks and Detours on the Path to Knowing Thyself, New York, NY: Psychology Press, 2005.

Lanau, Martin, “On the Concept of a Self-Correcting Organization,” Public Administration Review, 33(6), November-December 1973, pp. 533-542.

Murray, Williamson, “Thoughts on Red Teaming,” Defense Adaptive Red Team, 2003.

Tolbert, William, The Power of Balance: Transforming Self, Society, and Scientific Inquiry (London, UK: Sage Publications, 1991).

Tversky, Amos and Daniel Kahneman, “Judgement under Uncertainty: Heuristics and Biases,” Science, 185(4157), September 27, 1974, pp. 1124-1131.

University of Foreign Military and Cultural Studies, The Applied Critical Thinking Handbook, version 7.0, January 2015.

Courses on Security Studies/Homeland Security:

Central Intelligence Agency, “A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis,” March 2009, publicly released May 4, 2009.

Detert, James R. and Linda K. Trevino, “Speaking Up to Higher-Ups: How Supervisors and Skip-Level Leaders Influence Employee Voice,” Organization Science, 21(1), 2008 pp. 249-270.

Dunning, David, Self-Insight: Roadblocks and Detours on the Path to Knowing Thyself, New York, NY: Psychology Press, 2005.

Lanau, Martin, “On the Concept of a Self-Correcting Organization,” Public Administration Review, 33(6), November-December 1973, pp. 533-542.

Murray, Williamson, “Thoughts on Red Teaming,” Defense Adaptive Red Team, 2003.

Sloan, Stephen, Simulating Terrorism, Oklahoma, OK: University of Oklahoma Press, 1981. For an updated version of this book, see, Sloan and Robert J. Bunker, Red Teams and Counterterrorism Training, Oklahoma, OK: University of Oklahoma Press, 2011.

Tolbert, William, The Power of Balance: Transforming Self, Society, and Scientific Inquiry,London, UK: Sage Publications, 1991.

Tversky, Amos and Daniel Kahneman, “Judgement under Uncertainty: Heuristics and Biases,” Science, 185(4157), September 27, 1974, pp. 1124-1131.

University of Foreign Military and Cultural Studies, The Applied Critical Thinking Handbook, version 7.0, January 2015.

Courses on Business Strategy:

Detert, James R. and Linda K. Trevino, “Speaking Up to Higher-Ups: How Supervisors and Skip-Level Leaders Influence Employee Voice,” Organization Science, 21(1), 2008, pp. 249-270.

Dunning, David, Self-Insight: Roadblocks and Detours on the Path to Knowing Thyself, New York, NY: Psychology Press, 2005.

Gilad, Benjamin, Business War Games: How Large, Small, and New Companies Can Vastly Improve Their Strategies and Outmaneuver the Competition, Pompton Plains, NJ: Career Press, 2008.

Janis, Irving, Victims of Groupthink: A psychological study of foreign-policy decisions and fiascoes, Boston, MA: Houghton Mifflin Company, 1972.

Lanau, Martin and Donald Chisholm, “The Arrogance of Optimism: Notes on Failure-Avoidance Management,” Journal of Contingencies and Crisis Management, 3(2), June 1995, pp. 67-80.

Murray, Williamson, “Thoughts on Red Teaming,” Defense Adaptive Red Team, 2003.

Tolbert, William, The Power of Balance: Transforming Self, Society, and Scientific Inquiry, London, UK: Sage Publications, 1991.

Tversky, Amos and Daniel Kahneman, “Judgement under Uncertainty: Heuristics and Biases,” Science, 185(4157), September 27, 1974, pp. 1124-1131.

University of Foreign Military and Cultural Studies, The Applied Critical Thinking Handbook, version 7.0, January 2015.

Valukas, Anton R., Report to Board of Directors of General Motors Company Regarding Ignition Switch Recalls, Jenner&Block, May 29, 2014.