War-gaming and Red-teaming - Alternate Approaches to Threat Assessment

In defence planning, threat assessment is a multi-dimensional process, which includes both passive and interactive approaches to understanding how a particular threat group is likely to evolve.

One tried and successful approach begins with the process of “Red Teaming”. In Red Teaming, an especially skilled team of intelligence staff builds its own plans to assail a piece of critical infrastructure, a military objective or a vital asset. The team executes the full military planning process, basing their plans upon information that is likely to be available to the enemy, and the resources to which the threat group is likely to have access.

Critical to the success of the team is the depth of its knowledge of the tactics, techniques and procedures used by the enemy. They must “be” the aggressor, by understanding intimately how and when he will deploy his forces to achieve his mission. Such a process results in the development of a series of “Threat Courses of Action”, a number of which will be fleshed out to provide fully developed threat profiles. Once both the Red and Blue teams have developed their strategies, the battle is then “war-gamed”. The exercise allows both sides the ability to project how they will act and react as the battle unfolds.

Using the natural competitive spirit between the planning teams, the activity provides a sense of the worst and most likely case options for the development of threat. Such approaches are certainly not failure proof but they do offer a more reliable approach to developing a realistic threat profile.

Such an approach can also work in a corporate environment, for both man-made and natural threats. The parallels are clear in the case of deliberate or man-made threat. Less clear perhaps but just as relevant can be the application of the technique to analyzing threats from natural disasters, accidents or infrastructure and utility failures.

Suitably qualified disaster specialists are assembled to build a sequence of the event using. They build a realistic picture of the onset of the disaster and are able to describe the impacts on the broader environment as well as on the specific critical assets of the business.

Once the threat assessment is complete, the prioritization of assets completed in the Business Impact Analysis is reviewed and compared to the courses of action developed through the threat assessment. Adjustment to the BIA and the prioritization of assets is likely to occur as it becomes apparent that the exploitation of particular threat profiles changes the significance if the assets. Once complete, a vulnerability assessment assists in defining the risk posed by particular events.