Earlier "today" ( Thursday 9th June ) I had the pleasure of listening to a
free "Red Teaming 101 Webinar" by Mark Mateski of the Red Team Journal. ( The
next event is on the 7th of July, and is listed here: http://redteamjournal.com/events/ )
This was an enjoyable high-level webex seminar about the idea of red teaming in
general, very much on the "contrarian perspective" being a useful and
under-used tool by organisations, and a quick run through of the overall
concepts.
This inspired me to finally get down this idea that I've been ruminating on
for a while. This piece is a drastically modified version of the article
"Serious Wargames Needs Serious 'scout team' Wargamers" that appeared in issue
289 of The Nugget, "The Journal of Wargames Developments". Wargames
Developments is a "loose association of like-minded wargamers dedicated to the
continued development of wargames of any type whatsoever".
That original piece was in reply to Tim Price's piece in the previous issue:
"Red Teaming, Black Games and Failure in our Wargames", lamenting the lack of
diversity in professional wargaming meaning that the play of the "red team" was
unhelpful. However I was inspired to modify my article, and publish it in a
wider context, due to the Red Team Journal blog post "Operational Code Analysis
for the Real-World Red Team, Part I" (
http://redteamjournal.com/2016/04/operational-code-analysis-for-the-real-world-red-team-part-i/
). When announcing that piece via Twiiter, the author Mark Mateski quoted his
article "Know thy enemy? Good luck with that! ( Yes, I'm exaggerating, but only
a bit. )".
In the article Mark enumerates a very useful list of 37 questions to ask
yourself, or your on-hand experts, about the opponent you are modelling in
order to create a model of their "operational code", the operational code being
that opponents way of working, of thinking, of fighting. That way you can
simulate that operational code within your red team exercise, and effectively
emulate the opposition.
Which brings us back to the original article by Tim Price. In this article
Tim highlighted the lack of an effective opposition within the serious games
he'd been involved with, where the people playing the opponent clearly were
thinking and acting in the usual way for their standing, culture, and the
situation - which considering that this was a military simulation was usually
in a similar way to the organisation they were attacking. While it might win
the game this approach isn't very useful when trying to understand the enemy,
which is the point of playing the wargame / simulation in the first place. Tim
Price pointed to the use of experienced amateur wargamers as a solution to
this, players who've spent a great deal of time looking for winning strategies
outside of the "rules", players who have little regard for any artificial
constraints to victory.
However I put forward that Tim is correct only up to a point, and
considering his experience this wasn't a decision I made lightly. Partly
serious wargamers are ideally suited to this situation, people who are used to
adversarial situations and everything that goes with them, from the importance
of a reserve force to the necessity and value of logistics. Those serious
wargamers are who you want, as Tim said, "they are programmed to seek winning
strategies" However I think Tim omitted an equally valuable characteristic of
the right kind of wargamer, which the members of Wargames Developments brings
to mind... the wargamers needed must be more interested in understanding the
game, they must be most interested in solving the puzzle the game represents,
than in winning the game. For those wargamers representing the opponent, for
those wargamers playing the red team, their overall aim needs to be to
determine how to win this kind of game, rather than winning this particular
incidence of it. They need to be a true OPFOR, the aim is not to win this game
but to win all games against this opponent, and ideally to understand how this
particular type of game can be won.
Now I'm only on the periphery of serious gaming, it's one of the career
options I'm currently considering, but I was initially astounded that imitating
the opponent isn't seen as best practice, and a diverse set of players and
experts seen as a way to achieve that. To me it seems obviously non-sensical
that putting forward the imitation of the enemy as the main pre-requisite is
seen as some kind of underground or iconoclastic point of view. But then,
taking a step back to consider the situation for a moment, there has been a
similar discussion going on for some time in my field, the world of Penetration
Testing. Penetration Testers are hired to attack a company's systems to look
for security vulnerabilities, with the aim of illustrating and describing those
security vulnerabilities before they're exploited by genuine attackers. However
it's becoming increasingly clear that penetration testers tend to illustrate
the security issues that penetration testers would exploit, those issues that
are more intriguing to investigate or more exciting to describe, whereas a
criminal hacker will pick on easy targets to make money; the opponents
penetration testers are meant to be representing don't have time to play with
puzzles, they are not looking for stories to tell - they have a job to do and
money to make.
( If you're interested, this slide deck from a recent presentation at the
RSA Conference is a good summary of the arguments:
http://www.rsaconference.com/writable/presentations/file_upload/asd-w02-intelligent-application-security-rsa.pdf
)
So if Serious Gaming doesn't get this, and neither does Penetration
Testing... neither industry being notably short of smart people... does anyone
have what I believe is the right point of view? In my experience the best
example came from one of my other interests, American Football. To
over-simplify there are two sets of players on a team: Offense - who play when
you have the ball, and Defense - who play when the opponents have the ball.
Team rosters are huge, partly due to how common injuries are in the game,
therefore there are definitely "starters" on Offense and Defense, backed up by
"second string" and "third string" players. Due to the wide variety of styles
of play in the sport, the starters need to practice against the specific
playing style of the opponent they'll face that week, and this is where the
"scout team" comes in. The scout team consists of the second and third string
players on your team imitating the style and plays of that week's upcoming
opponent, for the benefit of the starters. As well as their ability to play the
sport overall, scout team players are graded on their ability to imitate
opponents, and this is what serious gaming needs.
I should stress, this is where players willing to be a "scout team" are
required, rather than those with knowledge of all possible opponents or combat
environments. And it is these "scout team" players that serious games need.
They need open-minded wargamers who are more interested in winning the game
than winning the battle the game represents, understanding the difference
between the two is crucial.
Overall, it is those rare players capable of and willing to emulate an
opponent that serious wargaming needs to make up a "scout team", which to me is
taking the profession much more seriously that merely winning or losing
whatever battle is being played. So while my angle was different to Tim
Price's, my conclusion was the same... serious wargames need serious hobby
wargamers.
Back to Mark Mateski's piece on operational code. As I say, there's a
comprehensive set of questions in that article, but after that Mark appears to
hit something of a block. He suggests a couple of techniques for helping the
red team work under that operational code, but these are quite general and
designed to suit every situation.
Sticking to the imagined scenario of my original piece, looking at serious
games, expected to be an exercise of a few days, and military in nature and
therefore directly confrontational, I see two useful ways to turn the answers
from Mark's 37 questions directly into something a red team can use:
Firstly - "trait cards". Each of Mark Mateski's questions should
elicit several statements on the operational code of the opponent that the red
team is looking to emulate, anything from "use deception whenever possible" to
"prefer indirect over direct fire" or "sacrifice soldiers rather than ground"
and so on. Eachanswer to those 37 questions should be distilled into a trait
and written on a card, and assigned a number of points by the red team in
conjunction with the experts being used to provide information on the
operational code of the opponent. Whenever the red team carries out an action
during the engagement, and I'm thinking of a wargame with something of a
turn-based structure when actions are put forward by player teams and resolved
by a combination of the wargame's system and its umpires, the red team can play
appropriate trait cards in order to score points. Therefore the more
successfully the red team emulates the opponent by following the cards, the
more points they'll score.
This is a version of the idea from roleplaying games of "XP", or experience
points, that I referred to in my original tweet displayed above. Expereince
points are awarded by the person running the game, usually a GamesMaster ( GM
), in return for completing objectives, but most importantly in this context,
they are also awarded for successful roleplaying, for a player acting in the
same way that the character they are playing as would act. These trait cards
would formalise that role-play aspect, and enable to red teamers to judge what
kind of action they should take to emulate the opponent.
Secondly - a CARVER matrix based on the perceived operational code
of the opponent. A CARVER matrix, to quote directly from Wikipedia, "was
developed by the United States special operations forces during the Vietnam
War. CARVER is an acronym that stands for Criticality, Accessibility,
Recuperability, Vulnerability, Effect and Recognizability and is a system to
identify and rank specific targets so that attack resources can be efficiently
used. CARVER was developed in WWII by the OSS for the French field agents as a
simple, uniformly and somewhat quantifiable means of selecting targets for
possible interdiction. CARVER can be used from an offensive (what to attack) or
defensive (what to protect) perspective." This matrix could show the value, to
the red team, of destroying different assets being operated by the blue team.
Therefore the red team can now prioritise goals through the CARVER matrix, and
choose which actions to use to reach those goals through which trait cards they
can play.
This method is relatively simple, and stops the red team trying to win the
game... it's now intuitive for them to act with a single objective in mind:
accumulating points. This gives the red team a method to turn the answers to
Mateski's 37 questions into actions, and gives the blue team in the wargame a
version of the opponent that is in some way following the real world opponent's
operational code.
As with all attempts at gamifying a process in order to improve adherence to
it, there will be a gap between the actual operational code of the opponent and
how that is portrayed by the red team in the wargame. Turning a vague statement
that the enemy will employ deception whenever possible depending on available
time and resources into a card stating "employ deception in an attack, score
five points" means assigning complex decisions a value on a linear scale, but I
think what you would lose in complexity you gain in focus.
And if the trait card points or CARVER matrix turn out to be wildly
incorrect, to the extent that the red team aren't emulating the opponent in the
wargame, then just change the values. Red teamers, especially the leaders, and
especially if they have ready access to experts on how the opponent being
emulated thinks, should be able to spot when the numerical model has too great
a gap from the perceived operational code of the opponent, or the actual
operational code of the opponent, to be useful; and therefore they will
modified the scoring on the cards and in the matrix.
Unfortunately I've yet to have an opportunity to practice this idea, but I
see this as the way to turn the perception of an operational code into an
actionable set of ideas that a red team can use during an exercise, and
therefore this will effectively guide the red team into achieving their true
aim: emulating the opponent. Also it gives wargamers, acting as a red team, a
way to naturally and intuitively play a wargame in a way that is of use to the
blue team, while naturally and intuitively using their desire to win.
And one last thought, considering the expected competitive nature of red
teamers... have two red teams in play, neither knows the constituents or
deliberations of the other team, just what actions they've taken and how many
points they've scored.
