 |
 |
 |
 |
| |
|||||
|
|
|
Home > News & Events > MITRE Publications > The MITRE Digest > | |||||||||||||||||||
| Defense-Information Assurance Red Team June 2000
But this same advanced communications technology can be the military’s Achilles’ heel. In part this is due to the DOD’s necessary reliance on the Internet and the public telephone switch systems, which are the critical backbone of the DOD. Recognizing the importance of this activity, the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence/Information Assurance requested MITRE's assistance to develop a uniform Red Team methodology. Lead Information Security Engineer Julie Connolly described the process: "We began by visiting various government and commercial organizations with Red Team experience to better understand their perspectives and threat environment. Using the information we gained, and building on our own Red Team experience, we drew up the Defense-Information Assurance Red Team Methodology (D-IART). Also, a CD containing a Multimedia Red Team overview and tutorial was created. The D-IART methodology offers clear guidance on how to conduct Red Team activities to ensure that all actions are done in a consistent, sensible, and non-destructive manner. As you might imagine, putting the D-IART together took time and determination. The result has been well received by the user community."
The DOD began using information assurance Red Teams several years ago.They have been very effective in improving the DOD’s information assurance posture and in highlighting areas needing improvement. However, to assess DOD-wide information assurance readiness, a consistent approach for conducting and assessing Red Team activities across the DOD was needed. MITRE answered the need with a methodology that is flexible, easy to understand, and draws upon Red Team expertise within government and industry. The methodology also helps to ensure that all Red Team activities have consistency of purpose, a commonality of structure, and produce meaningful and comparable results. The methodology guides those responsible for Red Team activities through the specific steps required to organize, tailor, and conduct their activities, and to aid in after-action analysis. It provides clear, step-by-step guidance through the pre-planning, planning, attack, and post-attack phases of a Red Team activity and includes a checklist of the steps for each phase. Clearly described are the roles and responsibilities of the participants in the four phases. This includes the personnel leading and making up the Red Team, the personnel making up the BlueTeam (the defenders), and the personnel making up the WhiteTeam (the referees). The methodology’s flexibility allows for easy adaptation for activities ranging from small stand-alone systems to joint, multinational exercises. It is also applicable when the goal of the activity is to emphasize training, and when demonstrating the existence of vulnerabilities in the targeted systems. The Red Team methodology can be applied to environments ranging from narrowly focused, highly limited exercises, to large-scale, joint activities. The methodology is also flexible enough to handle Red Team attacks of various depths of penetration and associated complexities. Attacks of significant impact demonstrate clearly the potential harm a real attacker could inflict. In other environments, adverse impacts on the operations of the defender system may require that the depth of attack be severely limited. Controlling the potential harm that may result from a Red Team activity is a major component of the methodology. This includes providing guidance to ensure that the appropriate legal approval is obtained prior to initiating attacks, clearly defining the rules of engagement for the Red, Blue, and White team members, and clearly delineating the circumstances for emergency containment and halting of the activity. To maximize the lessons learned from Red Team activities, the results must be quantified and used as a basis of comparison. To help achieve this goal, the methodology provides guidance with regard to data gathering and metrics. In short, the Red Team methodology provides guidance for maximizing the benefits of a Red Team activity, and at the same time provides guidance to help avoid some of the pitfalls and traps that can occur if precautions are not taken. Attacks on the DOD and the national information Infrastructure have been growing for over a decade
Page last updated: October 15, 2000 | Top of page |
Solutions That Make a Difference.® |
|
|
The
nature of war is changing. More and more the Department of Defense (DOD)
is employing computers, networks, global telecommunication systems, and
satellites to support it in performing its diverse national security missions.
Today, the DOD has more than 2 million computers, 10,000 local area networks,
and 100 long-distance networks. This technology helps to identify and
track enemy targets, pay soldiers, and manage supplies. The technology
also acts as a critical force multiplier by helping to ensure that appropriate
military resources are used exactly when and where required. 
The
DOD is actively pursuing solutions to defeat growing threats to its lines
of communications. One of the best ways to prepare for the cyber threat
is through the use of an information assurance Red Team, which is an independent,
interdisciplinary, simulated enemy force. After proper safeguards are
established, the team uses active and passive techniques to expose and
exploit information assurance vulnerabilities of friendly forces. The
results are used as a means to improve those forces' readiness. 
Good
reasons to use a Red Team: