How to Think Like the Enemy

Breakfast discussion with Micah Zenko

One of the most valuable tools in the struggle to understand our adversaries - be they military foes or commercial competitors - is the ability to predict what actions they might take against us. This is the job of so-called "red team" thinking, a term coined during the Cold War by war-gamers at RAND Corporation who tried to work out the military strategies of the "red" Soviets. As Micah Zenko, a security expert at the Council on Foreign Relations told a LAWAC breakfast on Dec 8th, red teaming requires independent thinkers who can look outside the box - be it tracking terrorists like the San Bernardino killers, predicting corporate take-overs or seeking out vulnerabilities in our computer systems that can be targeted by hackers.

"You cannot grade your own homework," said Zenko adding that this applies to any organization - the military, the intelligence community or the corporate world. "You are least likely to see blind spots in your strengths, strategy and plans," he said. "You have to recognize that there are things that you need to care about that you don't know about," he said adding that we all face cognitive biases that mitigate against self-questioning.

Zenko outlined three different types of red teaming. First, there are "simulations" where, for example, the NYPD might think through possible terrorist acts and assesses how they'll respond. After the Mumbai "active shooter" attacks in 2008 in which 10 Pakistani militants killed 164 people over three days at various sites around the city, the NYPD immediately convened a mock exercise to deal with a similar attack in New York - and discovered they had far too few heavy weapons and people trained to use such weapons to confront a similar attak. So they have rectified this by training several hundred narcotics cops in the use of automatic rifles in case they are ever needed.

Second are "vulnerability probes", such as the covert testing Homeland Security does on TSA airline screeners. Zenko cited a recent report that in the last year at six different airports, 67 of 70 attempts that were made to smuggle banned weapons and explosives past screeners by undercover officers were successful. Even when the people smuggling the weapons or explosives were untrained in any methods of concealment, the TSA still failed to pick them up.

The third type of red teaming is "alternative analysis" where outside help is brought in to an organization for out-of-the-box thinking and issue solving. Zenko said this is frequently used in "business war gaming," when a company might be preparing to mount a takeover of another company, but needs one voice at the table to tell them if they are offering to pay too much or are not going to benefit from the deal in the way they want. "We've learned, example after example, that people immersed in any sort of plan or any sort of strategic decision cannot conceive of it from an alternative perspective." He says "they fall in love with the plan and they have difficulty challenging each other."

Implementing recommendations from red teaming can be a challenge - with efforts sometimes going nowhere. The single most important thing, says Zenko, is that "the boss must buy in." Zenko talked about an analysis of the Obamacare website by the independent consulting firm, McKinsey. Before the October 2013 launch of the website, a powerpoint presentation was given by McKinsey outlining many potential issues with the site and recommendations to fix them. "But someone just put the report in a drawer....The result was fairly disastrous," said Zenko. "If you're not willing to have a senior leader care, someone who can do something with the bad information, there's really no point in doing the exercises."

Zenko talked about the "Millennium Challenge" naval exercise in 2002 that was created to determine "how successful the United States future force....would be at defeating Persian Gulf adversaries" using a theoretical adversary that looked a lot like Iraq or Iran. An aircraft carrier battle group was to sail into the Persian Gulf to deter the enemy. A Marine Lieutenant General, Paul Van Riper, led the role of the opposition force in the exercise, and at the very start he fired large numbers of cruise missiles and sent hundreds of speedboats each packed with explosives to swarm the US fleet - within a very short time he had sunk 17 ships, including the carrier, and for the multi-day exercise to be completed the navy had to "refloat" all the ships it had lost, invalidating the whole point of the exercise in Van Riper's view. The rest of the exercise was structured so the US force would have to win.

Another red teaming missed opportunity was with the FAA. After the Lockerbie bombing of Pan Am 103 in 1988 which killed 270 people, the FAA stood up a red team to think of all the ways a terrorist could take down an airline. The team would dress as airport staff and smuggle explosives through security and they never once were detected. The "bags had very clear explosives - almost comically they would be painted orange with roadrunner sticks of dynamite and a clock...the whole point was to be caught," said Zenko, "and they never got caught." Zenko said the team warned everybody that there was a huge deficiency in airline security. They talked to their bosses, their House Representatives, went to Congress, and frustrated that they weren't being listened to went to the press - just two months before 9/11. At one point they demonstrated to a TV news team how easy it was to get guns and explosives past screeners at Boston airport - the very same terminal from where one of the planes left during the 9/11 attacks. "It wasn't a system design failure, it was a system designed to fail," said Zenko.

One group that has learned the importance of red teaming is the US special operations community. After the disastrous 1980 "Operation Eagle Claw" in which special operators flying in helicopters crashed in the desert as they were on their way to try to rescue the US hostages in the embassy in Teheran, the special forces' leadership realized the importance of "questioning everything". Delta Force and Navy SEAL teams learned to train for every eventuality, to look for all types of things that could go wrong and devise a response to each one. This proved its worth in the 2011 raid on the house in Abbottabad, Pakistan, where intelligence suggested - but did not know for sure - that Osama bin Laden was hiding. Three separate red teams were told to review the intelligence and give their own estimates of the likelihood of bin Laden being in the compound - the estimates varied from 85% to as low as 45%. Later President Obama would famously say, as Zenko recounts, "it was a coin flip - it was 50/50 that Bin Laden was there." Had he not been there, the administration could at least have shown that it had done all it could to evaluate the evidence from an objective viewpoint. Secondly, the Navy Seals had their own red team approach, setting up a replica of the compound in the US and training for everything that might go wrong in the operation, from the possibility they would be discovered by the Pakistani military, to the potential loss of a helicopter. "They had actually trained for that, so when the rotor of one helicopter hit a wall and crashed, they had two more helicopters waiting in a dry wadi nearby who could come in to get all the SEALS out," said Zenko.

One of the best-know red teams is the CIA's much-talked about "Red Cell" unit, which was first put together immediately after 9/11 on the orders of then-Director George Tenet. A group of 12 people with diverse backgrounds work on their own and regularly investigate and write three-page memos probing big issues. "The view from bin Laden's cave" was one memo topic. "Red cell projects by design are out-of-the-box hypothetical wild speculative thinking," he said, "it challenges senior leader thinking and to this very day it's one of the most valuable places to work in the CIA." Zenko said he's interviewed four Directors of the CIA, Secretary of Defense Robert Gates, National Security Advisers for Bush and Obama and "every single person reads every CIA red cell memo," he said.

As for the type of terrorist attack that occurred in San Bernardino, where two Islamic extremists shot dead 14 people, Zenko said there is no simple answer. "The hardest thing is predicting intelligence for people who don't have a large and obvious public signature." What can be done is to look for patterns, find commonalities from other attacks, and then watch suspect individuals closely. But this runs up against the resources problem, because quickly there are more potential threats than the security agencies can keep eyes on. "To monitor one couple 24/7, it takes something like 20 agents." And so police agencies around the company also have to red team the response to an attack as it is going on, following the example of the NYPD's simulation exercises. In San Bernardino's case law enforcement acted quickly to find and ultimately neutralize the two terrorists, who clearly intended to carry out more attacks with their large stash of ammunition and pipe bombs. Lesson learned.

1.625;} .full{margin: 0px 0px 18px 0px;text-align:center;} .recap img {padding-right:0px;}