Word Notes 6.29.21
Ep 56 | 6.29.21

red teaming (noun)


Rick Howard: The word is: red teaming.

Rick Howard: Spelled: red as in opposition, and teaming as in group activity.

Rick Howard: Definition: The practice of emulating known adversary behavior against an organization's actual defensive posture.

Rick Howard: Example sentence: In computer security, the red team assumes the role of the adversary group, trying to penetrate the blue team's digital infrastructure.

Rick Howard: Origin and context: The Roman Catholic church may have invented the concept in 1587 when Pope Sixtus the 5th assigned the job of devil's advocate during the beatification process of St. Lawrence Justinian. The Advocatus Diaboli was to be the opposing force, the red team, to make sure that according to Ellen Lloyd of Ancient Pages, "No person received the honors of sainthood recklessly and too fast. Every potential weakness or objection to the saints' canonization was raised and evaluated in order to ensure that not only those who were truly worthy would be raised to the dignity of the altars." 

Rick Howard: The origin of the red team and blue team names to indicate adversary and good guy activity respectably isn't a random choice. We have the Prussian Army to thank for that. According to Peter Attia over at Media, "In the early 19th century, the Prussian army adopted war games to train its officers. One group of officers developed the battle plan and another group assumed the role of the opposition using a tabletop game called Kriegsspiel, literally "war game" in German, resembling the popular board game Risk, blue game pieces stood in for the home team, the Prussian army since most Prussian soldiers wore blue uniforms. Red blocks represented the enemy forces, the red team, and the name of stuck ever since."  

Rick Howard: Red teaming hit the digital age in the form of penetration testing in the 1960s and 1970s, just as mainframe computers started to become useful for government in the commercial space. In 1971, the U.S. Air Force contracted James Anderson to run Tiger Teams against their MULTICS operating systems that precursor to UNIX. His 1972 after action report described a methodology to penetrate and compromise those systems, which is fundamentally the basis for all penetration testing even today. In the early 2000s, the idea of a combined red team, blue team exercise, or purple team exercise, became popular to test defenses against known adversary attack campaigns in an intrusion kill chain kind of way. This had the added benefits of exercising incident response teams and accelerating the training of newbie and mid-tier analysts in the SOC.

Rick Howard: Nerd reference: At maybe the first cybersecurity conference ever, hosted by the System Development Corporation in California in 1965, 15,000 mainframe operators from around the world discussed all the ways in which these new machines could be penetrated by unsavory people. By the late 1960s and the early 1970s elite computer operators were passing around a paper authored by Dr. Willis Ware and others called the Willis paper, that according to William Hunt at the College of William and Mary,  "...the paper showed how spies could actively penetrate computers, steal or copy electric files, and subvert the devices that normally guard top secret information.

Rick Howard: "The study touched off more than a decade of quiet activity by these elite groups of computer scientists, working for the U.S. government who tried to break in to sensitive computers. 

Rick Howard: They succeeded in every attempt."

Rick Howard: Word Notes is written by Nyla Gennaoui. Executive produced by Peter Kilpe, and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.