18 October 2015

Think Like the Enemy, Urges Zenko in New Book on Red Teams

http://www.cfr.org/defense-strategy/think-like-enemy-urges-zenko-new-book-red-teams/p37120

October 15, 2015 

With the U.S. government still dealing with the fallout from the cyber theft of over twenty million personnel records in 2014—one of the largest data breaches in history—a new book from Council on Foreign Relations (CFR) Senior Fellow Micah Zenko reveals how red teams might have helped avoid such a disaster.

Red teaming is a practice that employs professional skeptics and saboteurs to help organizations identify vulnerabilities, challenge assumptions, and anticipate threats. Red Team: How to Succeed by Thinking Like the Enemy is the first book to examine the work of these modern-day devil’s advocates across a broad range of fields, including the military, intelligence, and business sectors.

Zenko was one of the first civilians to attend the U.S. Army’s University of Foreign Military and Cultural Studies, otherwise known as “Red Team University.” Drawing on seventeen little-known case studies and over two hundred interviews with professional red teamers, he delves into the history of red teams and lays out their six best practices. He explains how organizations have benefited from or abused red teaming, and what happened when others altogether ignored their red teams’ findings.

Zenko argues that policymakers, business leaders, military officers, and intelligence analysts can all gain from employing red teams. “An astonishing number of senior leaders are systemically incapable of identifying their organization’s most glaring and dangerous shortcomings,” he observes.

The book also chronicles situations where red teams succeeded and others where they could have prevented catastrophic failures. The book’s case studies include the stories of
the Federal Aviation Administration (FAA) red team that covertly tested airport security before 9/11 and warned about vulnerabilities that could easily be exploited by terrorists, but whose troubling findings were ignored by FAA leadership;
benevolent “white hat” hackers who revealed that Verizon femtocells (essentially miniature cell towers used to improve reception in buildings) could be easily used to clone or steal data from users’ phones without their knowledge;
the Central Intelligence Agency (CIA) Red Cell that George Tenet, then director of the agency, formed days after 9/11 to “tell me things that others don’t, and make seniors [officials] feel uncomfortable,” which conducts alternative analysis to this day;
the multiple independent analyses conducted to estimate the probability that Osama bin Laden was living in a compound in Pakistan, and the simulations that prepared the Navy SEALs for a range of contingencies prior to their successful 2011 raid; and
red teamers who run business war games in advance of major decisions in order to analyze competitors’ strategies and break executives out of rigid thought structures.


No comments: