top of page

Red Teaming - The story

Red Teaming History


Red teaming is a concept that has undergone a transformation over time, with influence in several different areas such as the military, cyber security and business. But where does the concept of red teaming come from and how has it developed into what we know today? I will delve into the history of red teaming, examine the creation and influence of the pioneering Red Cell, and explain how this tradition evolved into what we know today as the black team.



Red Teaming Origin

The term "red teaming" originates from military exercises, where "red" and "blue" have been symbols for enemy and friendly forces. Simulating enemy actions to test one's own tactics, strategies and defenses has been an integral part of military exercises for many years. During the Cold War, red teaming was widely used both within NATO and the Warsaw Pact, to improve the understanding of the opponent's tactics and strategies.

In recent times, the red teaming concept has found application in several areas, especially in cyber security. Here, a red team typically consists of security experts who try to hack into a system to identify and fix weaknesses. Red teaming has also found its place in business, where it is used to test and improve business strategies, identify weaknesses in business plans and challenge assumptions underlying decision-making.



Red Cell: Richard Marcinko's Revolutionary Concept

A key moment in red teaming development was the creation of the "Red Cell" in 1984. The Red Cell was established by Richard Marcinko, the first leader of SEAL Team Six, at the behest of Vice Admiral James "Ace" Lyons, who was then Deputy Chief of Naval Operations.

The Red Cell, a unique unit within the US Defense Force, was tasked with evaluating and improving the security of US military installations. With a team of hand-picked Navy SEALs, Red Cell carried out simulated attacks on US bases, ships and other installations, both domestically and abroad. The purpose was to find and highlight vulnerabilities so that they could be fixed. In this process, they revealed serious security gaps which underlined the need to strengthen defense measures.

But Red Cell also created controversy. Marcinko's aggressive approach and methods led to a series of conflicts with the military leadership. But despite the opposition, Red Cell's concept of adversary-based testing was incorporated into many security procedures.



From Red Cell to Black Team

The modern "black team" concept has its roots in Red Cell's work. While red teams assume the role of potential enemies to primarily identify weaknesses within the cyber domain, black teams take a more intense and realistic approach and focus primarily on the physical and human domain.


In black team assessments, the team is typically independent of the organization they are testing and has no access to internal knowledge of the systems. They use all available methods – social engineering, physical infiltration, silent breaching and deception – to find weaknesses. They work under the same lack of information as real attackers would, which makes their tests more realistic.


Black team assessments originate from the thinking and methodology used by Red Cell. Both concepts are based on the idea of using realistic, hostile teams to test one's defenses and challenge one's assumptions.


Conclusion

Red teaming has undergone significant evolution since its origins in military exercises. Red Cell's contribution to this field is enormous and has shaped our understanding of security and defense in many areas. As we now move toward concepts like black team assessments, it is important to remember the lessons we learned from Red Cell and the value of challenging our own assumptions and testing our defenses. By doing this, we can make our organizations more secure and robust against the challenges of the future.



1 view0 comments

Recent Posts

See All

Comments


bottom of page