October 15, 2015—With the U.S. government still dealing with the fallout from the cyber theft of over twenty million personnel records in 2014—one of the largest data breaches in history—a new book from Council on Foreign Relations (CFR) Senior Fellow Micah Zenko reveals how red teams might have helped avoid such a disaster.
Red teaming is a practice that employs professional skeptics and saboteurs to help organizations identify vulnerabilities, challenge assumptions, and anticipate threats. Red Team: How to Succeed by Thinking Like the Enemy is the first book to examine the work of these modern-day devil’s advocates across a broad range of fields, including the military, intelligence, and business sectors.
Zenko was one of the first civilians to attend the U.S. Army’s University of Foreign Military and Cultural Studies, otherwise known as “Red Team University.” Drawing on seventeen little-known case studies and over two hundred interviews with professional red teamers, he delves into the history of red teams and lays out their six best practices. He explains how organizations have benefited from or abused red teaming, and what happened when others altogether ignored their red teams’ findings.
Zenko argues that policymakers, business leaders, military officers, and intelligence analysts can all gain from employing red teams. “An astonishing number of senior leaders are systemically incapable of identifying their organization’s most glaring and dangerous shortcomings,” he observes.
The book also chronicles situations where red teams succeeded and others where they could have prevented catastrophic failures. The book’s case studies include the stories of
- the Federal Aviation Administration (FAA) red team that covertly tested airport security before 9/11 and warned about vulnerabilities that could easily be exploited by terrorists, but whose troubling findings were ignored by FAA leadership;
- benevolent “white hat” hackers who revealed that Verizon femtocells (essentially miniature cell towers used to improve reception in buildings) could be easily used to clone or steal data from users’ phones without their knowledge;
- the Central Intelligence Agency (CIA) Red Cell that George Tenet, then director of the agency, formed days after 9/11 to “tell me things that others don’t, and make seniors [officials] feel uncomfortable,” which conducts alternative analysis to this day;
- the multiple independent analyses conducted to estimate the probability that Osama bin Laden was living in a compound in Pakistan, and the simulations that prepared the Navy SEALs for a range of contingencies prior to their successful 2011 raid; and
- red teamers who run business war games in advance of major decisions in order to analyze competitors’ strategies and break executives out of rigid thought structures.
Zenko writes the CFR blog, Politics, Power, and Preventive Action.
Praise for Red Team
“Complacency, groupthink, inertia, tunnel vision. These are the most common after-the-fact explanations of big failures in politics, government, war, and business. In these pages Micah Zenko offers a lucid analysis backed by many fun-to-read examples of common mistakes as well as a useful compendium of best practices. Red Team is must-read for decision makers everywhere.” —Moises Naim, distinguished fellow at the Carnegie Endowment and author of The End of Power
“Everyone has heard the clichés about ‘playing devil’s advocate’ or ‘avoiding groupthink.’ Red Team is an impressively clear, convincing, and practical-minded study of how organizations can put in-house contrarians to the most valuable use.” —James Fallows, correspondent for the Atlantic
“In today’s complex world, decision makers need smart, sophisticated, and insightful options. Red Team shows policymakers and CEOs alike that the way to make the best use of your organizational talent is to break down your organization.” —Jami Miscik, former deputy director for intelligence at the CIA and president and vice chairman of Kissinger Associates, Inc.
“This is the book the red teaming community has long required to grow and reach a new generation of red teamers. It captures the domain’s founding experiences and stories, previously available only anecdotally to a small network of insiders. By writing this book, Micah Zenko has done a great service to both the current and future red teaming community.” —Mark Mateski, director of the Watermark Institute and the institute’s vice president of red teaming and strategic analysis