The Center for Advanced Red Teaming

Affiliated Faculty

Victor Asal

Professor

[email protected]

Brian Nussbaum

Assistant Professor

[email protected]

Eric Stern

Professor

[email protected]

Advisory Board

Ana Aslanishvili
Red Team Lead, Facebook

Amaury T. Cooper
Deputy Director, Global Security, Global Communities

Dr. Scott Crino
Co-Founder and CEO, Red Six Solutions LLC

Michael G. Deal Jr.
Intelligence Community Government Contractor, Red Team Lead Analyst

Mark French
Director, University of Foreign Military and Cultural Studies, United States Army Combined Arms Center

Lt. Col William Johnson
Deputy Director, School of Advanced Warfighting

Dr. Kathleen Kiernan
CEO and Founder, Kiernan Group Holdings

Dr. Mark Mateski
Founder, Red Team Journal

Brian McDermott
Red Team Analyst & Facilitator

Jason Pinegar
Director, Red Team Index Division, Transportation Security Administration

Chad Treboniak
Owner, Critical Ops LLC

Fall 2022 Interns

Thomas Augeri

Erik Chung

Tyler Flood

Ethan Fowler

Eric Marsden

Julia Marshall

Dierdre Occhino

Lami Olowoniyi

Chris Scarazzini

Elyssa Monet Thomas

Sophie Vieni

CART is committed to providing user-friendly, open-access resources for the Red Teaming community. Included below are resources produced by CART, as well as resources produced by other organizations. Please check back often as new resources will be added periodically.

A collaborative effort between CART and the wider Red Teaming community to distill a set of best practices that can help improve the conduct of Red Teaming.

As a collaborative effort, CART wants the Red Teaming community to have input into this process. We, therefore, encourage members of the Red Teaming community to submit their feedback. This can be used to suggest modifications to a listed best practice or its wording, to supply additional evidence for or against a listed best practice, and – hopefully – to recommend additional best practice candidates for CART researchers to analyze. 

The best practices listed here, together with their ratings, are thus always provisional and will be updated as new evidence comes to our attention. What is posted at any point in time represents the best information currently available to the CART team.

For each best practice candidate, CART researchers have conducted an analysis to determine:

1. What, if any, empirical support there is for the best practice.
2. The degree of consensus among Red Teaming experts on the best practice.

These two factors are then assessed together to determine the relative “strength” of the claimed best practice, according to the key below. Each best practice also lists the number of sources that mention the best practice, as well as the Red Teaming contexts in which the best practice is likely to be applicable.

Subscribe to our Newsletter

Thank you for your interest in the Center for Advanced Red Teaming (CART) and "The Red Siren" our Quarterly Newsletter.

The newsletter is designed to be a compact, interesting resource for the Red Teaming community. Most issues of the newsletter will feature the latest news about CART, recent additions to CART’s ongoing compilation of Red Teaming Best Practices, an opinion piece from a leading Red Teaming practitioner or expert, and a catalog of broader developments and publications associated with Red Teaming.

Launched in November 2019, CART has undertaken a number of projects and activities designed to advance the art and science of Red Teaming in support of both the public and private sectors. In addition to the projects introduced below, CART has also supported private sector threat assessments through Red Teaming, conducted Red Team training simulations for the National Defense University, and piloted the use of Red Teaming as a teaching / training tool for homeland security students.

For more information, please contact Douglas Clifford at [email protected].

Validating Adaptive Behavior Models of Adversaries for Risk Assessment (VABMARA) Framework

Funder: Department of Homeland Security, Science & Technology Directorate through the Center for Accelerating Operational Efficiency at Arizona State University.

Questions:

• Year 1: How do the presence and knowledge of Computed Tomography (CT) screening capabilities influence adversary decision-making in an aviation environment?
• Year 2: Do organizational structure and operations influence the selection of hard vs. soft targets by adversar­ial organizations?
• Year 3: Which security infrastructures serve to visually deter a potential adversary from moving through a passenger screening environment?

Approach:

• Year 1: Distributed Red Teaming exercise involving 178 novice and expert red teamers focused on the develop­ment of attack plans and subsequent modifications due to experimental injects about CT screening capabilities. Results triangulated across multiple methods, including historical case studies, utility decision models, and game theoretic counterterrorism models.
• Year 2: Distributed Red Teaming exercise involving 200 novice red teamers assigned organizational profiles, assessing variation in target preferences, and ultimate selection of specific hard vs. soft targets.
• Year 3: Two phases, including a nationally-representative conjoint experiment of 2,000 participants testing perceived deterrence cues based on simulated security infrastructure at passenger screening environments in aviation, intercity passenger rail, and cruise POEs. Second phase incorporates results from Phase 1 in a distrib­uted Red Teaming exercise focused on attack planning through passenger screening.

Innovation: First attempt to assess whether Red Teaming results could be empirically similar to those from his­torical case studies and thus validate advanced decision models. Also developed DESSRT, or Distributed Empirical Structure Scalable Red Teaming, which allows implementation of tactical Red Teaming at scale.

Outputs/Outcomes: Results from Year 1 find that Red Teaming can validate models of adaptive adversary behavior, especially for questions or environments where historical data is limited. Results also show that novices and ex­perts also exhibit Red Teaming similarities, allowing for the expansion of Red Team role players within the security environment for generalizable results. Finally, the availability of CT scanning equipment and information led to some changes in adversary tactics, specifically in security evasion and weapon package selection. Additional results from other years are underway.

Employing Red Teaming for Countering International Proliferation (CIP Kit)

Funder: Export Control and Border Security program, Department of State

Questions: Can Red Teaming be used by foreign partners to self-identify key vul­nerabilities in export control and licensing operations related to origination and transshipment of proliferation-sensitive technologies?

Approach: Developed a self-administered Red Teaming “kit”, allowing partner nations to develop design, execute, and analyze their own red-teaming opera­tions with Customs and licensing personnel. Kit translated into three languages (Ukrainian, Georgian, and Azeri), and pilot tested with stakeholders.

Innovation: First “Red Teaming in a box” kit for foreign partners within a coun­terproliferation context.

Outputs/Outcomes: Kit developed, and delivery via international engagements with key foreign partners is currently underway.

Red Teaming the Post-COVID-19 Biological Weapons (BW) Threat Landscape (2021)

Funder: Department of Defense, Defense Threat Reduction Agency

Questions: How might COVID-19 impact the strategic decision making of states that currently do not possess a robust BW program? Which decision elements might precipitate changes in strategic BW decisions by state leaders?

Approach: An asynchronous, immersive Red Team simulation focused on 30 se­lected countries not known to currently be pursuing offensive BW. Each country was evaluated by 8 experts and 2 naïve participants who role-played the country leaders, split equally between gov/non-gov and between country and technical expertise. Both initial assessments, as well as counterfactual prompts, were used to assess the strategic direction and characteristics of possible BW programs.

Innovation: Asynchronous Strategic Dynamics Red Teaming - a distributed, low-resource tool to simulate multiple red perspectives and provide preliminary threat assessment and early warning of strategic change in WMD postures.

Outputs/Outcomes: An overall threat ranking of potential future pursuers of BW that enumerated pre- to post-COVID changes and yielded insights into the deci­sion making underlying these choices.

Experimental Red Teaming to Support Integration of Information in Joint Operations (2021)

Funder: Strategic Multilayer Assessment program of the Department of Defense

Questions: The project explored a dozen different hypotheses regarding the na­ture of disinformation and the optimal response to disinformation.

Approach: Six scenario-based Red Team experiments using 223 U.S.-based proxy participants from similar cultural backgrounds to actual adversary target popu­lations (Taiwan for the Asian context and several Southeast European countries for the European region). These experiments collected data on several measures of messaging effectiveness to investigate a dozen insights regarding the com­petitive information environment with respect to Great Power Competitors.

Innovation: Exposing the hypotheses generated by experts to realistic simula­tions involving disinterested participants at scale.

Outputs/Outcomes: Several counterintuitive results were obtained regarding the best way to respond to disinformation. The project demonstrated how the use of an integrated human simulation approach (experiments plus table-top exercises) can both validate insights provided by experts and reveal new dynam­ics in complex systems.

 “The Storm After the Flood” (2021)

End User: Mad Scientist Initiative of the U.S. Army Futures Command

Questions: How might weaponized information evolve when used against the U.S.?

Approach: A live, virtual wargame across three rounds, consisting of six govern­ment and academic experts playing various high-level U.S. government roles as the Blue Team, as well as over 250 attendees acting as a “Pink Team”, deciding on the adversary’s next moves by selecting from a range of prepared audiovisual “injects”. The scenario began with U.S. military forces stepping in to assist after a major flood in Southeast Asia and led to an adversary initiating a complex, multi-modal and multi-system information operation against the United States over three rounds of play.

Outputs/Outcomes: The wargame was well received, with over 93% of attend­ees viewing the exercise as useful and several important insights arising regard­ing how to defend against weaponized information.

Red Teaming Great Power Competition in the CENTCOM AOR (2020)

End User: Strategic Multilayer Assessment program of the Department of Defense

Question: How might Great Power Competition and regional dynamics change following the targeted killing of Qassem Soleimani?

Approach: Multi-round simulation, with the PRC, Iran, and Russia as Red teams, the United States as the Blue team, and Saudi Arabia, Israel and the EU as Green (or allied) teams. Four simulation sessions were conducted (three expert ses­sions and one student session), collecting a variety of strategic information, including: strategic objectives, assumptions, and risk proclivities; shorter-term “operational” objectives, overt and covert actions; and a post exercise strategic assessment.

Innovation: Developed Strategic Dynamics Red Teaming (SDRT), a wargaming technique that varies Red team players across multiple simulations, while keep­ing Blue and Green teams constant.

Outputs/Outcomes: Beyond merely narrative output, the multiple simulations involved allow for sophisticated analysis, and demonstrated that SDRT is capa­ble of rapid, low-cost explorations of complex strategic dynamics in an AOR.

News

2021

Red-Teaming the Post-Covid-19 Biological Weapon Threat Landscape. Global BioDefense.

2020

CEHC Red Team Exercise Studies Threat of Biological Warfare. UAlbany News Center.

UAlbany Red Team Exercise Studies Threat of Biological Warfare. Homeland Security Today.

CAOE researchers use strategic dynamic red teaming to study the post COVID-19 biological weapons threat landscape. CAOE.

Insights from the Mad Scientist Weaponized Information Series of Virtual Events. TRADOC (October 19, 2020).

CART Co-Hosting Wargaming Exercises to Prepare for “The Storm after the Flood” - Weaponized Information: The storm after the flood. U.S. Army.

CEHC to Launch Center for Advanced Red Teaming (CART) This Semester. UAlbany News Center.

Red Teaming Great Power Competition in the USCENTCOM AOR. NSI.

2019

UAlbany Launching Nation's First Red Teaming Center. WAMC.

University at Albany Launches Nation’s First Center for Advanced Red Teaming. Homeland Security Today.

UAlbany College of Emergency Preparedness, Homeland Security and Cybersecurity to Launch Nation’s First Center for Advanced Red Teaming. NewsWise.

Presentations

Beyond Pen-Testing: Tips for Red Teaming the Cyber-Physical Adversary. A recording from the Cyber Salon Series - The Center for Cyber Strategy and Policy (CCSP) by Dr. Gary Ackerman on February 18, 2021.

Validating A New Validation Approach: Comparing Risk Models, Human Simulation And Ground Truth In Adversary Tactical Choice. Presented by Dr. Gary Ackerman and Anna Wetzel at the Society for Risk Analysis (SRA) 2021 Annual Meeting on Risk Science and the Policy Interface, Decision Analysis and Risk,  on December 7, 2021.

Extension of Red Teaming Into Strategic Risk Analysis. Presented by Dr. Brandon Behlendorf and Douglas Clifford at the Society for Risk Analysis (SRA) 2021 Annual Meeting on Risk Science and the Policy Interface, Decision Analysis and Risk, on December 7, 2021.

Targeting Adaptation and the 'Stickiness' of Initial Selection: a Simulation Approach. Presented by Dr. Brandon Behlendorf at the Society for Risk Analysis (SRA) 2021 Annual Meeting on Risk Science and the Policy Interface, Decision Analysis and Risk, on December 7, 2021.

Operational Implications: Modeling, Validation and Red Teaming. Presented by Dr. Gary Ackerman and Dr. Jun Zhuang at the Society for Risk Analysis (SRA) 2021 Annual Meeting on Risk Science and the Policy Interface, Decision Analysis and Risk, on December 7, 2021.

Validating adaptive behavior models of adversaries for risk assessment (VABMARA). Presented by Dr. Gary Ackerman, Dr. Brandon Behlendorf, and Douglas Clifford at the Society for Risk Analysis (SRA) 2021 Annual Meeting on Risk Science and the Policy Interface, Decision Analysis and Risk, on December 7, 2021.

Simulations to Assess the Post-COVID-19 Strategic Biological Weapons Risk Landscape. Presented by Jenna LaTourette and Hayley Peterson at the Society for Risk Analysis (SRA) 2021 Annual Meeting on Risk Science and the Policy Interface, Security and Defense, on December 7, 2021.

Spotlight Webinar: Red Teaming the Post-COVID-19 Biological Weapon Threat Landscape. Presented for the Center for the Study of Weapons of Mass Destruction by Dr. Gary Ackerman and Ted Plasse on August 3, 2021.

MadSci Weaponized Information: Lessons Learned from Vignette Wargame. A recording from the Mad Scientist: Weaponized Information Virtual Conference by Dr. Gary Ackerman and Douglas Clifford on July 21, 2020.

SMA CENTCOM Panel Discussion- Black Swan Scenarios. An audio recording from the SMA CENTCOM Speaker Series on Black Swan Scenarios by Dr. Gary Ackerman on March 27, 2020.

Publications

Gary A. Ackerman, and Douglas Clifford. “Red Teaming and Crisis Preparedness.” Oxford Research Encyclopedia of Politics (2021).

Gary A. Ackerman, Brandon Behlendorf, Douglas Clifford, Hayley Peterson, Jenna LaTourette and Anna Wetzel. "Red Teaming the Post-COVID-19 Biological Weapons Threat Landscape, Final Project Report" (Center for Advanced Red Teaming: Albany, New York, 2021).

Gary A. Ackerman, Douglas Clifford, Anna Wetzel, Jenna LaTourette and Hayley Peterson. “Experimental Red Teaming to Support Integration of Information in Joint Operations.” Prepared for the Strategic Multilayer Assessment, Office of the Secretary of Defense Joint Staff J-39 (University at Albany, SUNY: Albany, NY, 2021).

Gary A. Ackerman and Hayley Peterson. "Red Teaming the Post-COVID-19 Biological Weapons Threat Landscape, Project Overview and Preliminary Report." (Center for Advanced Red Teaming: Albany, New York, 2021).

Gary A. Ackerman, Brandon Behlendorf, Jun Zhuang, Kyle Hunt, Douglas Clifford, Anna Wetzel, Hayley Peterson and Jenna LaTourette. “Validating Adaptive Behavior Models of Adversaries for Risk Assessment (VABMARA) Framework Report.” Prepared for the Center for Accelerating Operational Efficiency, a Department of Homeland Security Center of Excellence (University at Albany, SUNY: Albany, NY, 2020).

Gary A. Ackerman, Anna Wetzel, Douglas Clifford, Hayley Peterson, and Jenna LaTourette. “Red Teaming Great Power Competition in the CENTCOM AOR.” Prepared for the Strategic Multilayer Assessment, Office of the Secretary of Defense Joint Staff J-39  (Center for Advanced Red Teaming: Albany, New York, 2020).