A red team or team red are a group that plays the role of an enemy or competitor to provide security feedback from that perspective. Red teams are used in many fields, especially in cybersecurity, airport security, the military and intelligence agencies.
In military wargaming, the opposing force (or OPFOR) in a simulated conflict may be referred to as a red cell; this is an interchangeable term for red team. The key theme is that the adversary (red team) leverages tactics, techniques, and equipment as appropriate to emulate the desired actor. The red team challenges operational planning by playing the role of a mindful adversary. In United States wargaming simulations, the U.S. force is always the blue team, whereas the opposing force is always the red team.
When applied to intelligence work, red-teaming is sometimes called alternative analysis.
In cybersecurity, a penetration test involves ethical hackers trying to break into a computer system, with no element of surprise. The blue team (defending team) is aware of the penetration test and is ready to mount a defense.
A red team goes a step further, and adds physical penetration, social engineering, and an element of surprise. The blue team is given no advance warning of a red team, and will treat it as a real intrusion.
A red-team assessment is similar to a penetration test, but is more targeted. The goal is to test the organization's detection and response capabilities. The red team will try to get in and access sensitive information in any way possible, as quietly as possible.
Companies including Microsoft perform regular exercises in which both red and blue teams are used.
A purple team can oversee both teams and can provide rapid information responses during the test. Purple teaming does not require a separate team and it is just the red and blue teams in close communication.
In the US Army, red-teaming is defined as a "structured, iterative process executed by trained, educated and practiced team members that provides commanders an independent capability to continuously challenge plans, operations, concepts, organizations and capabilities in the context of the operational environment and from our partners' and adversaries' perspectives."
Red teams were used in the United States armed forces much more frequently after a 2003 Defense Science Review Board recommended them to help prevent the shortcomings that led to the September 11 attacks. The U.S. Army created the Army Directed Studies Office in 2004. This was the first service-level red team, and until 2011 was the largest in the Department of Defense (DoD).
The University of Foreign Military and Cultural Studies provides courses for red team members and leaders. Most resident courses are conducted on Fort Leavenworth and target students from U.S. Army Command and General Staff College (CGSC) or equivalent intermediate and senior level school.
Courses include topics such as critical thinking, groupthink mitigation, cultural empathy and self-reflection.
The Marine Corps red-team concept commenced in March 2011 when the Commandant of the Marine Corps (CMC) General James F. Amos drafted a white paper titled, Red Teaming in the Marine Corps. In this document, Amos discussed how the concept of the red team needs to challenge the process of planning and making decisions by applying critical thinking from the tactical to strategic level. He also tasked senior leadership in the Marine Corps to transition the red-teaming from a paper concept into real practice. This meant establishing the personnel requirements at the following Marine organizations: Marine Expeditionary Force (MEF), Marine Expeditionary Brigade (MEB), CMC Strategic Initiatives Group (SIG), Marine Corps University (MCU), and MAGTF Staff Training Program (MSTP).
In June 2013, the Marine Corps staffed the red-team billets outlined in the draft white paper. In the Marine Corps, all Marines designated to fill red-team positions have to complete either the six-week or nine-week red-team training courses provided by the University of Foreign Military and Cultural Studies (UFMCS). MCU was tasked to have a core of qualified red-team instructors to develop red-teaming curriculum, methodologies, and doctrine, and to teach at the Marine Corps resident Professional Military Education (PME) institutions.
The Marine Corps had to provide a Marine officer to be part of the UFMCS instructor staff. LtCol Will Rasgorshek was the first Marine qualified as a red-team instructor at UFMCS teaching the various red-team courses offered at UFMCS. LtCol Brian McDermott was one of the first red-team instructors at MCU.
The MCU Red Team develops curriculum, teaches, and supports major academic planning exercises at the following resident MCU institutions: Senior SNCO Academy, Expeditionary Warfare School, Marine Corps Command and Staff College, Marine Corps War College, and School of Advanced Warfighting. In addition, the MCU Red Team supports the USMC Command and Staff blended seminar, the Marine Corps annual Title X wargame, and other wargames as directed by Marine Corps Combat Development Command.
In the summer of 2015, the USMC Military Occupational Specialty Manual stated that any Marine who successfully completed the UFMCS Red Team 6- or 9-week course would be authorized the additional military occupational specialty (AMOS) of 0506. In December 2015, the Marines codified the red-team concept into doctrine by incorporating red-team training and readiness requirements developed by the initial red team members at MCU, MSTP, and SIG. The five requirements currently reside in NAVMC 3500.108A, chapter 3: "Marine Air Ground Task Force Planner Training and Readiness Manual".
The mission of Marine Corps red teams is to "provide the Commander an independent capability that offers critical reviews and alternative perspectives that challenge prevailing notions, rigorously test current Tactics, Techniques and Procedures, and counter group think in order to enhance organizational effectiveness."
The United States Department of Defense (DoD) uses cyber red teams to conduct adversarial assessments on their own networks. These red teams are certified by the National Security Agency and accredited by the United States Strategic Command. This certification and accreditation allows these red teams to conduct adversarial assessments on DoD operational networks, testing implemented security controls and identifying vulnerabilities of information systems. These cyber red teams are the "core of the cyber OPFOR".
The FAA has been implementing red teams since Pan Am Flight 103 over Lockerbie, Scotland. Red teams conduct tests at about 100 US airports annually. Tests were on hiatus after September 11, 2001 and resumed in 2003 under the Transportation Security Administration, who assumed the FAA's aviation security role after 9/11.
The FAA use of red-teaming revealed severe weaknesses in security at Logan International Airport in Boston, where two of the four hijacked 9/11 flights originated. Some former FAA investigators who participated on these teams feel that the FAA deliberately ignored the results of the tests and that this resulted in part in the 9/11 terrorist attack on the US.
The Transportation Security Administration has used red-teaming in the past. An analysis of some red-team operations discovered that undercover agents were able to fool Transportation Security Officers and bring deadly weapons through security at some major airports at least 70% of the time.
This article incorporates public domain material from the United States Army document: "Army Approves Plan to Create School for Red Teaming". This article incorporates public domain material from the United States Army document: "University of Foreign Military and Cultural Studies".