This research attempts to develop a human factors understanding of red team assessment strategies in computer and information security. Red teaming is an advanced form of assessment that can be used to identify weaknesses in a variety of security systems. The purpose of this research is to identify and define the various dimensions of red team effectiveness with the aim of improving red team performance. A study of a red team was conducted in collaboration with Sandia National Laboratories Information Design Assurance Red Team (IDART). The design of the study included semi-structured individual interviews and focus groups with red team members and observation of red team practices. The analysis yielded various dimensions of red team effectiveness from the customer, management, individual, and team member perspectives.
Get full access to this article
View all access options for this article.
References
1.
BrannickM. T.PrinceC. (1997). Overview of team performance measurement. In BrannickM. T.SalasE.PrinceC. (Eds.), Team Performance Assessment and Measurement (pp. 3–16). Mahwah, NJ: Lawrence Erlbaum Associates.
2.
Cannon-BowersJ. A.SalasE. (1998). Team performance and training in complex environments: Recent findings from applied research. Current Directions in Psychological Science, 7(3), 83–87.
3.
CarayonP.DugganR.KraemerS. (2003). A model of red team performance. In ZinkK. J. (Ed.), Seventh International Symposium on Human Factors in Organizational Design and Management. Aachen, Germany.
CohenS. G.BaileyD. E. (1997). What makes teams work: Group effectiveness research from the shop floor to the executive suite. Journal of Management, 23(3), 239–290.
6.
Computer Science and Telecommunications Board-National Research Council (2002). Cybersecurity Today and Tomorrow: Pay Now or Pay Later. Washington, DC: National Academy Press.
7.
Defense Science Board Task Force (2003). The role and status of DoD red teaming activities. Washington, D.C.: Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics.
8.
FousheeH. C.LauberJ.BaetgeM.AcombD. (1986). Crew factors in flight operations: III. The operational significance of exposure to short-haul air transport operations (NASA Technical Memorandum 88322). Sunnyvale, CA: National Aeronautics and Space Administration-Ames Research Center.
9.
KewleyD. L.BouchardJ. F. (2000). DARPA Information Assurance program dynamic defense experiment summary, Proceedings of the 2000 IEEE Workshop on Information Assurance and Security (pp. 117–122). United States Military Academy, West Point, NW.
10.
LynnG. S.ReillyR. R. (2000). Measuring team performance. Research-Technology Management, 43(2), 48–56.
11.
McCloskeyM. J.StanardT. (1999). A red team analysis of the electronic battlefield: A cognitive approach to understanding how hackers work in groups, Proceedings of the Human Factors and Ergonomics Society 43rd Annual Meeting (pp. 179–183): Human Factors and Ergonomics Society.
12.
MorganB. B.GlickmanA. S.WoodardE. A.BlaiwesA. S.SalasE. (1986). Measurement of team behaviors in a Navy environment (Tech. Rep. No TR-86-014). Orlando, FL: Naval Training Center.
13.
PalP.AtighetchiM.WebberF.SchantzR.JonesC. (2003). Reflections on evaluating survivability: The APOD experiments, The 2nd IEEE International Symposium on Network Computing and Applications (NCA-03). Royal Sonesta Hotel, Cambridge, MA.
14.
PalmerC. C. (2001). Ethical hacking. IBM Systems Journal, 40(3), 769–780.
15.
ParisC. R.SalasE.Cannon-BowersJ. A. (2000). Teamwork in multi-person systems: A review and analysis. Ergonomics, 43(8), 1052–1075.
16.
SalasE.Cannon-BowersJ. A. (1997). Methods, tools, and strategies for team training. In QuinonesM. A.EhrensteinA. (Eds.), Training for a Rapidly Changing Workforce: Applications of Psychological Research (pp. 249–279). Washington, D.C.: American Psychological Association.
17.
SchudelG.WoodB. (2000a). Modeling behavior of the cyber-terrorist, Conference Proceedings: Research on Mitigating the Insider Threat to Information Systems-#2. Santa Monica, California: Rand.
18.
SchudelG.WoodB. (2000b). Adversary work factor as a metric for information assurance, Proceedings from the New Paradigms in Security Workshop. Ballycotton, County Cork, Ireland: Association of Computer Machinery.
19.
TinnelL. S.SaydjariO. S.FarrellD. (2002). Cyberwar strategy and tactics: An analysis of cyber goals, strategies, tactics, and techniques, Proceedings of the 2002 IEEE: Workshop on Information Assurance. United States Military Academy, West Point, NY.
20.
WoodB. J.DugganR. (1999). Red teaming of advanced information assurance concepts, DISCEX2000 DARPA Information Survivability Conference (pp. SAND99–2590C). Hilton Head, South Carolina.
21.
WoodB.BouchardJ. F. (2001). Red team work factor as a security measurement, Proceedings of the Workshop on Information Security Scoring and Ranking. Williamsburg, Virginia: Applied Computer Security Associates.
