Security as a business priority is changing. Many organizations today regard security as a vital resource for the success and sustainability of their business communities. The bottom line action item that this increased priority brings to governments and private organizations alike is the need to continuously evaluate and test security systems with the objective of finding potential vulnerabilities. This form of testing is usually referred to as Red Teaming, a concept borrowed from the Cold War when American troops would simulate a Russian (the “Reds”) attack as a way of evaluating their lines of defense.
Unfortunately, most red teaming services offered to clients today fail to provide a complete picture of the threat being posed to the protected environment. This is a serious flaw that makes the effort more cosmetic than realistically useful. It is not enough to describe vulnerabilities while ignoring the critical element of plausible Aggressors’ Methods of Operation (AMO). The difference between vulnerability and an AMO is that vulnerability describes the end result of the AMO; while the AMO describes the complete method by which an aggressor operates.
In fact, if you consider the entire criminal or terrorist process requisite to achieving a flawless execution of a criminal or terrorist event, you may discover that your protected environment is not so vulnerable, after all. A terrorist or criminal needs to mark his target, conduct surveillance, gather intelligence, tool up, train, rehearse, execute and finally run away. As an example, one might reflect on the vulnerability of a train to a terrorist attack. You may say to yourself: “that’s easy … it simply involves taking a bomb and putting it on the train”. However, terrorists need to factor in many other steps and elements before actually going ahead and executing their plan, which could be years in the making. They will insure that their plan is infallible and free of any contingencies and in order to do so they will ask themselves some of the following questions:
- How will we conduct surveillance on the target?
- When conducting surveillance, what will be our cover story?
- How will we obtain the explosives or tools?
- Where will we hide the explosives?
- How would we gain access to the country?
- How do we make certain the bomb works?
- How do we prevent knowledge of our plan leaking to law enforcement authorities?
- And many, many more…
Red Teaming services must mirror this terrorist approach and related modus operandi in order to provide a client with a complete set of AMOs that are directly applicable to their specific protected environment, and will thus serve as building blocks to an efficient and realistic security framework.