Red Teaming as a Security Assessment Tool

red-teamSecurity as a business priority is changing. Many organizations today regard security as a vital resource for the success and sustainability of their business communities. The bottom line action item that this increased priority brings to governments and private organizations alike is the need to continuously evaluate and test security systems with the objective of finding potential vulnerabilities. This form of testing is usually referred to as Red Teaming, a concept borrowed from the Cold War when American troops would simulate a Russian (the “Reds”) attack as a way of evaluating their lines of defense.

Unfortunately, most red teaming services offered to clients today fail to provide a complete picture of the threat being posed to the protected environment. This is a serious flaw that makes the effort more cosmetic than realistically useful. It is not enough to describe vulnerabilities while ignoring the critical element of plausible Aggressors’ Methods of Operation (AMO). The difference between vulnerability and an AMO is that vulnerability describes the end result of the AMO; while the AMO describes the complete method by which an aggressor operates.

In fact, if you consider the entire criminal or terrorist process requisite to achieving a flawless execution of a criminal or terrorist event, you may discover that your protected environment is not so vulnerable, after all. A terrorist or criminal needs to mark his target, conduct surveillance, gather intelligence, tool up, train, rehearse, execute and finally run away. As an example, one might reflect on the vulnerability of a train to a terrorist attack. You may say to yourself: “that’s easy … it simply involves taking a bomb and putting it on the train”. However, terrorists need to factor in many other steps and elements before actually going ahead and executing their plan, which could be years in the making. They will insure that their plan is infallible and free of any contingencies and in order to do so they will ask themselves some of the following questions:

  • How will we conduct surveillance on the target?
  • When conducting surveillance, what will be our cover story?
  • How will we obtain the explosives or tools?
  • Where will we hide the explosives?
  • How would we gain access to the country?
  • How do we make certain the bomb works?
  • How do we prevent knowledge of our plan leaking to law enforcement authorities?
  • And many, many more…

Red Teaming services must mirror this terrorist approach and related modus operandi in order to provide a client with a complete set of AMOs that are directly applicable to their specific protected environment, and will thus serve as building blocks to an efficient and realistic security framework.


  1. Lt. Rich Kropp on January 29, 2010 at 9:36 am

    I am with the Sacramento County Sheriff’s Dept. In addition to our “normal” operations, we have a Security Program at a NCI site (dam) in our area. Chameleon did some initial training for our new program personnel a couple years ago. I believe you are on point in this article, and would like to explore performing this type of evaluation of our program. Like a number of agencies, we are freaking broke, but, I would like to see what something like this would cost us to put together.
    Please let me know.
    Lt. Rich Kropp
    Asst Commander, Security Services Division
    Sacramento County Sheriff’s Dept.

  2. J L Eberhart on January 31, 2010 at 2:31 pm

    I have 18 years US Military, 11 Years civilian Law Enforcement, and 11 Years civilian corporate environment. Chameleon Associates is ‘Absolutely’ correct in the position, overview, and potential threat analysis that exists in a ‘Global’ environment. The potential is there, not only for the corporation, but also for the individuals within the corporation and/or associated with the corporation. The ‘Dynamic’ contains numerous metrics that must be addressed when outlining the Goal(s), Objective(s), and Strategy. There are numerous variables that must be taken into consideration when providing this type of service. It’s alot more then just window dressing. Outstanding!

Leave a Comment

17 − four =