Red Teams: Toward radical innovation



Similar documents
Five barriers to innovation: Key questions and answers

Reputation management: Building trust among virtual strangers

A full spectrum of analytics you can get yourself

Advanced Threat Protection with Dell SecureWorks Security Services

Understanding & Improving Hypervisor Security

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Optimizing Network Vulnerability

Achieving customer loyalty with customer analytics

Information Security Organizations trends are becoming increasingly reliant upon information technology in

Web application security: automated scanning versus manual penetration testing.

Attack Intelligence: Why It Matters

Cyber Adversary Characterization. Know thy enemy!

IBM Social Media Analytics

IBM Cognos Insight. Independently explore, visualize, model and share insights without IT assistance. Highlights. IBM Software Business Analytics

Transformation. Fueling Supply Chain. Predictive analytics energizes dynamic networks. By Can A. Dogan, Frode Huse Gjendem, and Jade Rodysill

Things To Do After You ve Been Hacked

Ten Rules of Effective ATM Cash Management

University of Ontario Institute of Technology

Cloud Computing on a Smarter Planet. Smarter Computing

Combating a new generation of cybercriminal with in-depth security monitoring

The 5 Cybersecurity Concerns You Can t Overlook

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Leveraging Network and Vulnerability metrics Using RedSeal

How To Change A Business Model

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

The IBM data governance blueprint: Leveraging best practices and proven technologies

Competitive Intelligence for B2B Companies

Beyond the Hype: Advanced Persistent Threats

Big Data and Data Analytics

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

The Impact of Computer Engineering 1. The Impact of Computer Engineering Oakland University Andrew Nassif 11/21/2015

Gaining the upper hand in today s cyber security battle

IBM Social Media Analytics

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

White Paper February How IBM Cognos 8 Business Intelligence meets the needs of financial and business analysts

Change Management in Higher Education: Using Model and Design Thinking to Develop Ideas that Work for your Institution

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Global Oil & Gas Suite

How To Create An Insight Analysis For Cyber Security

The Value of Automated Penetration Testing White Paper

BIGFIX. BigFix and configuration management database solutions

IBM QRadar Security Intelligence April 2013

Making the Internet Business-Ready

Consumer Goods and Services

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

The case for Centralized Customer Decisioning

RETHINKING CYBER SECURITY

Seven Practical Steps to Delivering More Secure Software. January 2011

IBM Software Cloud service delivery and management

Roadmap for Transforming Intel s Business with Advanced Analytics

IBM Global Services. IBM Relocation Services: Your single source for moving or upgrading critical IT resources safely and economically.

How To Manage Threat Intelligence On A Microsoft Microsoft Iphone Or Ipad Or Ipa Device

Transform Your Bank in Measurable Steps

A BETTER SOLUTION FOR MAINTAINING HEALTHCARE DATA SECURITY IN THE CLOUD

White Paper. Information Security -- Network Assessment

Cisco Security Optimization Service

Why Your SIEM Isn t Adding Value And Why It May Not Be The Tool s Fault. Best Practices Whitepaper June 18, 2014

How To Use Social Media To Improve Your Business

A Modern Framework for Network Security in the Federal Government

The State of Insurance Fraud Technology. A study of insurer use, strategies and plans for anti-fraud technology

IBM Analytical Decision Management

Calculating value during uncertainty: Getting real with real options

Cloud computing insights from 110 implementation projects

IBM WebSphere Business Monitor, Version 6.1

Leveraging a Maturity Model to Achieve Proactive Compliance

Making confident decisions with the full spectrum of analysis capabilities

How To Do Both

IBM Managed Security Services Vulnerability Scanning:

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Cybersecurity The role of Internal Audit

Integrated Finance, Risk, and Profitability Management for Insurance

Network Instruments white paper

Understanding SCADA System Security Vulnerabilities

The Business Case for Security Information Management

The Internet of Things

Unleashing the power of innovation

Penetration Testing Service. By Comsec Information Security Consulting

Car Cybersecurity: What do the automakers really think? 2015 Survey of Automakers and Suppliers Conducted by Ponemon Institute

Accenture Technology Consulting. Clearing the Path for Business Growth

Managing the Unpredictable Human Element of Cybersecurity

Cyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity

WHITE PAPER Big Data Analytics. How Big Data Fights Back Against APTs and Malware

Strategies for assessing cloud security

Transcription:

Red Teams: Toward radical innovation July 2005 Executive summary Red Teams assume the role of the outsider to challenge assumptions, look for unexpected alternatives and find the vulnerabilities of a new idea or approach. By consciously working to assume another perspective and out-do the standard team, they provide one means to getting out-of-the-box views and insights. This Executive Technology Report is based on a personal essay by Peter Andrews, Consulting Faculty Member at the IBM Advanced Business Institute in Palisades, New York. Disaster can force you to imagine the unimaginable. Unfortunately, the price is high, which is why Red Teams have come into vogue. While some Red Teams are merely review panels, the more ambitious ones are all about challenging assumptions, finding vulnerabilities and actively finding unconventional means to get a jump on mainstream (or Blue) planning teams. One key element is assuming an adversarial posture, taking the perspective of the enemy or competitor. The U.S. military has been using Red Teams to test their planning for over 30 years (and longer, by other names). They have received new attention as a critical tool for fighting terrorism, but for businesses, they can help provide competitive advantage, especially as a means to expand exploration of innovations. The key benefits of a Red Team are: Identifying significant vulnerabilities Discovering new uses for innovations Challenging taboos and assumptions Providing a minority report on a new concept or idea Revealing the consequences of different perspectives; in particular, the perspectives of those with different goals and risk profiles. Red Teams can work at different levels strategic, operational and tactical. They can goad a Blue Team to be more creative. They can help to anticipate and explain irrational actions and choices by adversaries. In addition, they can help to identify, train and tap talent for the organization, talent that is vital in a fast-changing environment. The success of a Red Team depends on its composition, its support from management, its relationship with the Blue Team, the goals, the available information and the rules of the game: ibm.com/bcs Executive technology report 1

Composition Putting together an effective Red Team is as much an art as a science. There is a need to include experts, but there also must be room for people who ask naïve questions. Red Team members need to be able to inhabit the roles of adversaries and risk delivering bad news, but they also must stay on good terms with all parties. They need to understand the mindset and cultures of both their own organizations and the real-world adversaries. They need to be capable of detailed critical analysis, but they also need to be imaginative and iconoclastic. Most of all, they need to have the capability to communicate surprising concepts in clear, compelling language. Management support The Red Team must have the authority and standing to get a fair hearing for its ideas and concepts. For most organizations, this means someone high up in management, but generally not the direct manager of the Blue Team. In addition to enabling a fair hearing, the management must also provide material support, proper staffing and access to information/experts. And, they must provide continuity and stability or the Red Team may find itself blocked and ignored. Relationship with Blue Team The Red Team must have the trust of the Blue Team. Without trust, the Blue Team will hide key data and be reluctant to incorporate the views and insights of the Red Team. At the same time, the Red Team must not be co-opted by the Blue Team. It must maintain a level of independence and a willingness to make unpopular statements. Goals Ultimately, the required deliverables of the Red Team must be defined and there must be some measures of success. This does not mean that the Red Team cannot cross boundaries and provide more than was agreed to, but there must be a level of accountability. The Red Team needs to know what is promised and deliver on those promises. Available information There are times when the information the Red Team has available is restricted. It makes good sense that a Blue Team, creating a computer security system, would not need to reveal every aspect to a Red Team that is assuming the roles of black hat hackers (those people who would attempt to compromise system security without authorization). On the other hand, providing the Red Team with an open book on innovation plans makes sense. In fact, regularly meeting with and working with the Blue Team can benefit both teams, especially if a healthy competition develops. A sure sign that things are working well is if the Blue Team begins to incorporate and anticipate Red Team approaches as it pursues its own work. Rules of the game Given the competitive nature of the teams, the rules of engagement must be clear with regard to information, judgment of success, what comprises proof and when/how opinions and insights are offered. In addition, the ibm.com/bcs Executive technology report 2

consequences especially with regard to rewards and career advancement must be stated up front. Creative Red Teams will look at a variety of aspects that affect success in the real world culture, technologies, needs, rewards, laws, market research, risk factors and available resources. Their biggest payoffs will probably come from identifying assumptions and digging into the roles of adversaries. Unexamined assumptions are usually the biggest culprits in narrowing investigation and leading to tunnel vision: things that could never happen, logical chains that can t be circumvented, values, taboos, false definitions and rules, to name a few. By researching the adversaries perhaps including people who are not even on the radar screen motivations, connections, different contexts, different values and risk factors can be explored in new ways. In fact, the best Red Teams are able to inhabit the roles of adversaries in ways that approach good acting. Getting out of the box isn t easy. The U.S. Department of Defense, in a review of Red Team experience, has identified many ways that a team can go wrong. They found instances where the Red Team did not take their assignments seriously, where they were captured by the Blue Team, where they become marginalized with no real impact, where they did not get enough inside information to be credible and where teams violated trust by leaking information. There were some teams that did not have quality memberships and others that failed in their objective to step into the shoes of adversaries. In addition, Red Teams require commitment and real investments, most notably of talent. However, the Red Team can come up with insights that provide genuine competitive advantage or could even disrupt the marketplace. For those who are in a relatively stable environment and those who do not have a means to take radical ideas and turn them into action, Red Teams are not a good use of resources. But in an age of hypercompetitiveness, with regular changes in technologies, laws, sourcing options, the social/political environment and access to talent and resources, Red Teams are beginning to take their place as an essential tool for many businesses. ibm.com/bcs Executive technology report 3

Technology to watch Black hat hacking Penetration testing Red and Blue Teams Security cracking Simulation Visualization Related Web sites of interest Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics. Defense Science Board Task Force on The Role and Status of DoD Red Teaming Activities. September 2003. http://www.acq.osd.mil/dsb/reports/redteam.pdf Whitley, John and Judy Moore. Red Teaming and the Hypothesizer Concept. Advanced Concepts Group, Sandia National Laboratories. http://www.sandia.gov/acg/docs/sand_reports/sand20034260predteaminghypothe sizerconcept.pdf Jane s Information Group, press release. Jane s Consultancy to use its Red Teaming service to Assess U.S. Terrorism Threat. July 26, 2002. http://www.janes.com/press/pc020726_1.shtml Carrison, Dan and Rod Walsh. Red Teams/Tiger Teams. The CEO Refresher. 2003. http://www.refresher.com/!cwtiger.html Eckert, Toby. U.S. red teams think like terrorists to test security. Copley News Service. SignOnSanDiego.com. August 20, 2002. http://www.signonsandiego.com/news/nation/terror/20020820-9999_1n20redteam.html Shinn, James J. and Jan M. Lodal. Red-Teaming the Data Gap. Lodal & Company, Council on Foreign Relations. April 20, 2002. http://www.cfr.org/pub4548/james_j_shinn_jan_m_lodal/redteaming_the_data_gap.p hp About this publication Executive Technology Report is a monthly publication intended as a heads-up on emerging technologies and business ideas. All the technological initiatives covered in Executive Technology Report have been extensively analyzed using a proprietary IBM methodology. This involves not only rating the technologies based on their functions and maturity, but also doing quantitative analysis of the social, user and business ibm.com/bcs Executive technology report 4

factors that are just as important to its ultimate adoption. From these data, the timing and importance of emerging technologies are determined. Barriers to adoption and hidden value are often revealed, and what is learned is viewed within the context of five technical themes that are driving change: KnowlEdge Management: Capturing a company's collective expertise wherever it resides databases, on paper, in people's minds and distributing it to where it can yield big payoffs Pervasive Computing: Combining communications technologies and an array of computing devices (including PDAs, laptops, pagers and servers) to allow users continual access to the data, communications and information services Realtime: "A sense of ultracompressed time and foreshortened horizons, [a result of technology] compressing to zero the time it takes to get and use information, to learn, to make decisions, to initiate action, to deploy resources, to innovate" (Regis McKenna, Real Time, Harvard Business School Publishing, 1997.) Ease-of-Use: Using user-centric design to make the experience with IT intuitive, less painful and possibly fun Deep Computing: Using unprecedented processing power, advanced software and sophisticated algorithms to solve problems and derive knowledge from vast amounts of data This analysis is used to form the explanations, projections and discussions in each Executive Technology Report issue so that you not only find out what technologies are emerging, but how and why they'll make a difference to your business. If you would like to explore how IBM can help you take advantage of these new concepts and ideas, please contact us at insights@us.ibm.com. To browse through other resources for business executives, please visit ibm.com/services Executive Technology Report is written by Peter Andrews, Consulting Faculty, IBM Advanced Business Institute, and is published as a service of IBM Corporation. Visit ibm.com/abi Copyright 1999-2005 IBM Corporation. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates. G510-6190-00 ibm.com/bcs Executive technology report 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information