Red Teaming the Terrorist Threat to Preempt the Next Waves of Catastrophic Terrorism

Similar documents
Capabilities for Using Chemical, Biological, How Serious is the WMD Terrorism Threat?: Terrorist Motivations and. Radiological, and Nuclear Weapons

COE-DAT Course Catalog. Introduction

Terrorism, Asymmetric Warfare, and Weapons of Mass Destruction

Power Projection: - Where We Were - Where We Are - Where We Need To Be

MCWP Counterintelligence. U.S. Marine Corps. 5 September 2000 PCN

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

International Specialist Training Course for States & Other Stakeholders

Introduction to Homeland Security. The Intelligence Community (IC) Director of National Intelligence (DNI) National Intelligence Coord.

Combating Terrorism: Prevention, Protection & Response

Making the World Safer: reducing the threat of weapons of mass destruction

Preventing Weapons of Mass Destruction Proliferation

Training and Evaluation Outline Report

Threats to Peace and Prosperity

STATEMENT BEFORE THE U.S. HOUSE OF REPRESENTATIVES

Global Terrorism. Traditional Motives: Primary Goal: Popular Methods: Traditional Targets: Recent Developments: Biological & Chemical terrorism

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE-4. Subject: National Strategy to Combat Weapons of Mass Destruction

Challenges of a New Capability-Based Defense Strategy: Transforming US Strategic Forces. J.D. Crouch II March 5, 2003

Hostile Interventions Against Iraq Try, try, try again then succeed and the trouble

Planning Terrorism Counteraction ANTITERRORISM

ALABAMA DEPARTMENT OF HOMELAND SECURITY ADMINISTRATIVE CODE CHAPTER 375-X-2 DUTIES AND RESPONSIBILITIES OF ASSISTANT DIRECTORS TABLE OF CONTENTS

TESTING AND EVALUATION OF EMERGING SYSTEMS IN NONTRADITIONAL WARFARE (NTW)

NATO MEASURES ON ISSUES RELATING TO THE LINKAGE BETWEEN THE FIGHT AGAINST TERRORISM AND THE PROLIFERATION OF WEAPONS OF MASS DESTRUCTION

Radiological Terrorism: Introduction

Department of Defense DIRECTIVE. SUBJECT: Electronic Warfare (EW) and Command and Control Warfare (C2W) Countermeasures

Navy Expeditionary Combat Command Executing Navy s Maritime Strategy

M.Khaliq Division of Nuclear Security

DSMA NOTICE 01. Military Operations, Plans & Capabilities

31 OCTOBER 2010 (U) Explosives Discovered in Packages on Cargo Aircraft Bound for the Homeland

University of Pittsburgh

IntelCenter. al-qaeda Attack/Messaging Statistics v1.0 PUBLIC RELEASE VERSION. 22 August :32:38 EST / 23:32:38 GMT

Statement by. Brigadier General Otis G. Mannon (USAF) Deputy Director, Special Operations, J-3. Joint Staff. Before the 109 th Congress

The Global War on Terrorism

CHAPTER 8. Key Issue Four: why has terrorism increased?

SSUSH23 Assess the political, economic, and technological changes during the Reagan, George H.W. Bush, Clinton, George W.

(U) Terrorist Attack Planning Cycle A Homeland Case Study

1 Nuclear Weapons. Chapter 1 Issues in the International Community. Part I Security Environment Surrounding Japan

UNCLASSIFIED FY 2009 RDT&E,N BUDGET ITEM JUSTIFICATION SHEET DATE: February 2008 Exhibit R-2

WHAT IS JOPPA? INPUTS: Policy, Doctrine, Strategy JFC Mission, Intent, and Objectives Commander s Estimate

SEPTEMBER 11 ATTACKS


UNCLASSIFIED FY 2008/2009 RDT&E,N BUDGET ITEM JUSTIFICATION SHEET DATE: February 2007 Exhibit R-2

Drug Enforcement Administration Foreign-deployed Advisory Support Team DEA FAST NDIA SO/LIC Symposium Richard Dobrich Section Chief

STATEMENT OF DR. STEPHEN YOUNGER DIRECTOR, DEFENSE THREAT REDUCTION AGENCY BEFORE THE SENATE ARMED SERVICES COMMITTEE

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 31 R-1 Line #27

UNCLASSIFIED. UNCLASSIFIED Army Page 1 of 7 R-1 Line #9

Chapter 17: Foreign Policy and National Defense Section 2

Hazard Risk Assessment Terrorism

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

UNCLASSIFIED R-1 ITEM NOMENCLATURE. FY 2014 FY 2014 OCO ## Total FY 2015 FY 2016 FY 2017 FY 2018

9. Guidance to the NATO Military Authorities from the Defence Planning Committee 1967

I N T E R P O L Bioterrorism Prevention Programme. Adrian Baciu Coordinator Bioterrorism Prevention Program

Department of Defense DIRECTIVE

National Security Agency

FOR OFFICIAL USE ONLY U.S. Department of Homeland Security Washington, DC 20528

SACT s remarks to UN ambassadors and military advisors from NATO countries. New York City, 18 Apr 2018

Monday Warm-Up 9/12 What do you know about September 11, 2001?

150-MC-0006 Validate the Protection Warfighting Function Staff (Battalion through Corps) Status: Approved

Combating Terrorist Networks. Rebecca Goolsby, Ph.D. ONR/ Constella Group June 2003

Nuclear Bio Terrorism. Eli Dabich BP22

Revising the National Strategy for Homeland Security

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 5 R-1 Line #199

CRS Report for Congress Received through the CRS Web

BY ORDER OF THE SECRETARY OF THE AIR FORCE AIR FORCE POLICY DIRECTIVE FEBRUARY Operations

Reduce loss of lives and property MANN ASSOCIATES NIG LTD PRESENTS: &

UNCLASSIFIED. UNCLASSIFIED Air Force Page 1 of 7 R-1 Line #198

Statement of. Michael P. Downing Assistant Commanding Officer Counter-Terrorism/Criminal Intelligence Bureau Los Angeles Police Department.

UNCLASSIFIED. R-1 ITEM NOMENCLATURE PE F: Requirements Analysis and Maturation. FY 2011 Total Estimate. FY 2011 OCO Estimate

BIODEFENSE FOR THE 21 ST CENTURY

Intelligence Analysis for Homeland Security RPAD 557/CEHC 557

Osaka Municipal Government

TECHNICAL SUPPORT WORKING GROUP. Perry Pederson Infrastructure Protection Subgroup

City of Torrance Police Department

William Tobey September 18, 2017

HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 19

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

MARITIME SECURITY & MARITIME COUNTER-TERRORISM

Presentation to the Advanced Planning Briefing for Industry. Dr. Dale Klein

Chemical warfare threat continues to evolve

Activity: Persian Gulf War. Warm Up: What do you already know about the Persian Gulf War? Who was involved? When did it occur?

NATIONAL DEFENSE UNIVERSITY NATIONAL WAR COLLEGE. The Strategic Implications of Sensitive Site Exploitation

UNCLASSIFIED. UNCLASSIFIED Navy Page 1 of 6 R-1 Line #162

National Special Security Events

Physical Protection of Nuclear Installations After 11 September 2001

The Security War. AAPA Security Meeting Jul 18, Jay Grant, Director Port Security Council

Subj: CHEMICAL, BIOLOGICAL, RADIOLOGICAL, AND NUCLEAR DEFENSE REQUIREMENTS SUPPORTING OPERATIONAL FLEET READINESS

Detect, Deny, Disrupt, Degrade and Evade Lethal Threats. Advanced Survivability Suite Solutions for Mission Success

Department of Defense DIRECTIVE

Entering the New Frontier

San Francisco Bay Area

Asset Management and Risk Control Forum

UNCLASSIFIED. Unclassified

5 th Annual EOD/IED & Countermine Symposium

Training and Evaluation Outline Report

WHICH KIND OF STEM PIONEER ARE YOU?

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

TMGMT In Class

DoD CBRN Defense Doctrine, Training, Leadership, and Education (DTL&E) Strategic Plan

GAO WARFIGHTER SUPPORT. Actions Needed to Improve Visibility and Coordination of DOD s Counter- Improvised Explosive Device Efforts

Nuclear/Radiological Outreach

Transcription:

Red Teaming the Terrorist Threat to Preempt the Next Waves of Catastrophic Terrorism Dr. Joshua Sinai ANSER Tel: 703/416-3578 joshua.sinai@anser.org 14 th Annual NDIA SO/LIC Symposium & Exhibition 12 February 2003

Sept. 11 Attacks Represented Pearl Harbor for CbT Community Numerous I&W indicators were present prior to 9/11 In al Qaida training manual, missions include: Blasting and destroying the embassies and attacking vital economic centers WTC Freeing the brothers who are captured by the enemy September 12 sentencing date for African embassy bombings Al Qaida MO - If you don t succeed, try again 1993 bombing of the World Trade Center December 1994 GIS hijacking of Air France aircraft USS Cole bombing preceded by a failed attack against the USS Sullivan Al Qaida operatives trained to fly commercial airplanes Iraqi Salman Pak training camp, south of Baghdad U.S. flight schools

Red Team Can Create Incubation- Period Observables High-impact &CBRN/Cyber terrorist attacks usually require longer incubation periods than Low Impact attacks February 1993 World Trade Center bombing plot began in October 1992 (5 months) March 1995 Aum Shinrikyo sarin gas attack was preceded by a series of attempts to kill adversaries using various gas spraying devices in 1994 (1 year+) April 1995 Oklahoma City bombing plot began 6 months earlier in Fall 1994 October 2000 USS Cole attack reportedly planned for 8 months September 2001 WTC/Pentagon attacks preceded by 2-year incubation period RT Objective: create pre-incident attack observables during the incubation that can be identified and monitored

Identifying CLI Incubatory Phases Identifying CLI preparation for an attack is more difficult because of the short time frame involved, generally 3-5 days or less Palestinian suicide bombers ETA attacks Al Qaida attacks against foreigners in Saudi Arabia or Pakistan Even with CLI, always anticipate new types of attacks and new profiles of operatives In the case of suicide bombers, the use of women, teenagers, dyeing one s hair blonde, university students, fathers, using ambulances for transportation

Pre-Incident Terrorist Activities vs. Govt. Response Government Response Enough Operational Intelligence to Preempt or Prevent Attack Tracking Warning Indications Preempt Preempt Preempt Multidisciplinary collection and analysis to track CLI/CHI/CBRN warfare proclivity Tactical Response Measures Group Formation Plan Develop Execute Terrorist Activities Intention + Capability = Threat Threat + Indications (observables/activities) = Warning/Tracking/Preemption

Traditional Red Teams The traditional Red Teaming process grew out of the Military Services readiness and evaluation programs, where a unit s readiness, capability and campaign plan (the Blue Team ) is tested against an Opposing Force (OPFOR) (the Red Team ). The Red Team projects itself imaginatively into the terrorists minds to devise adversary strategies, operations and tactics The Blue Team tries to design countermeasures

Blue Buy-in of Red Teaming Forming a Red Team requires the Blue Team planners acceptance of Red as a valid, valueadding group Two basic requirements facilitate the Blue Team s buy-in : First, officials need to make clear that Red Teaming is the product of their own initiative Second, Red Team members must have credibility, which is the product of their expertise and experience

Alternative Names for Red Teaming War Games Scenarios (alternative) Best case, most likely, intermediary, worst case etc. Simulations Tabletop Exercises Tiger Teams (Navy concept) Peer Review Also, red teaming proposals A pilot chair-flying a mission before execution

Requirements for Effective Red Teaming Peter Probst In Red Team models, assess vulnerabilities by using databases that terrorists would use, not necessarily RT members expert knowledge of what might be U.S. vulnerabilities, because what we consider vital, terrorists may not. Red Team members need to understand how a terrorist group goes about deciding on what is important for them to target and what they perceive to be important criteria for measuring the desired impact of an attack.

Red Team Methodologies Must think 3-5 moves ahead of the opponent Action/reaction/rereaction/counteraction/counter-counter action/etc. A continuing process focusing on the entire plot rather than a single component in an attack

Three Levels of I&W Observables Terrorist Group/I&W Observables Federal Government Observables Strategic - Group motivations Group is expanding - Hostile intent - Capabilities upgraded - Activities in safe haven - Previous attacks Operational -Group s modus operandi (MO) - Types of likely attacks & targeting - Conducting specialized recruitment & training - High noise level Tactical - Plots & conspiracies - Uncover weapons acquisition - Disappearances of operatives -Heightened operational security - Actual attacks State & Local Government Observables - Warnings from federal agencies - CIP vulnerabilities - Group interest in attacking high value targets - Radical subcultures present - Reported presence of cell operatives in city - Reported surveillance of targets - Reported suspicious activities

Red Team Organization Control Group Analysis Cel Trusted Agents in Blue HQ Operation Cell and Observers Operation Cell and Observers Leadership/C2 Logistics Operations Leadership/C2 Logistics Operations

Red Teaming Attack Scenarios Conventional Low Impact Conventional High Impact Chemical Biological Radiological Nuclear Cyber New/Other

Generic Terrorist Attack Timeline Political Intelligence Military U.S. and Allied Information / Public Diplomacy Commercial / Public Security Economic/Financial Law Enforcement Observables and Indicators & Warning (I&W) Template Scenario: / Actor: STRATEGY PLANNING TACTICS WEAPONIZATION RECRUITMENT LOGISTICS PREPARATION Terrorist Attack Cycle (TAC) EXECUTION

Response Framework POLICY RESPONSE Political/Diplomatic Informational Intelligence Law Enforcement FEDERAL PRIVATE COMMERCIAL LOCAL STATE OPERATIONAL RESPONSE Political/Diplomatic Informational Economic/Financial Law Enforcement PRIVATE COMMERCIAL LOCAL STATE FEDERAL INTELLIGENCE RESPONSE Human Intelligence ELINT Imagery MASINT PRIVATE COMMERCIAL LOCAL STATE FEDERAL Economic Intelligence (Covert Action) Open Source Military Military

Analysis Template Concept Observables and I&W Template Scenario: CLI Observables and I&W Template Scenario: CHI Group Group. Plan Plan Develop Execute Observables and I&W Template Scenario: Chemical Group Plan Develop Execute Observables and I&W Template Scenario: Biological Group Plan Develop Execute Observables and I&W Template Scenario: Nuclear Group Plan Develop Execute Observables and I&W Template Scenario: Cyber Group Plan Develop Execute Observables and I&W Template Scenario:??? Develop Execute Group Plan Develop Execute

Intel-Ops-Policy Linkages Conventiona l Low Conventiona Impact (CLI) l High Chemical Biological Impact Unconventio (CHI) nal Cyber Nuclear Warfare??? Group Observables. Plan and Develop I&W Execute Template Scenario: Group Observables Plan and Develop I&W CLI Execute Template Scenario: Group Observables Plan and Develop I&W CHI Execute Template Scenario: Group Observables Plan and Develop I&W Chemical Template Scenario: Group Observables Plan and Develop I&W Biological Template Scenario: Group Observables Plan and Develop I&W Nuclear Template Scenario: Group Observables Plan and Develop I&W Cyber Template Scenario:??? Develop Execute Develop Execute Develop Execute Develop Execute Policy Policy Response Response (Federal) (Federal) Political Political Diplomatic Diplomatic Intelligence Intelligence Military Military Operational Operational Response Response (Federal) (Federal) Political Political Diplomatic Diplomatic Intelligence Intelligence Military Military Intel Intel Response Response (Federal) (Federal) Political Political Diplomatic Diplomatic Intelligence Intelligence Military Military

Tool Kits to Red Team Future Terrorism Critical Infrastructure Protection Groups Motivation (M) to Attack US? Financial / Support Presence in US? C2 and Ops Presence in US? Capability Trophy Targets? Human Targets? Economic Targets? National Security Target? Threat Score Air? Road / Bridge / Tunnel? Rail? Maritime? Key CYBER Nodes? Combined Threat Potential against Transport Targets M x C x (SUM T) 0% T*H 0% T * H 0% T*H 0% T*H 0% T*H 0% 0% 0% 0% 0% 0% 0% 0% Al Qaeda 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 80% 80% 75% 75% 100% 100% 50% 50% 81% Aryan Nation 50% 100% 100% 100% 50% 100% 50% 50% 31% 0% 0% 100% 31% 100% 31% 50% 16% 50% 16% 19% FARC 50% 75% 75% 75% 50% 100% 100% 100% 33% 50% 16% 50% 16% 50% 16% 50% 16% 10% 3% 14% IRA 0% 100% 50% 75% 100% 100% 100% 100% 0% 25% 0% 50% 0% 100% 0% 100% 0% 10% 0% 0% Hizballah 75% 100% 100% 100% 50% 50% 25% 25% 28% 100% 28% 100% 28% 25% 7% 25% 7% 25% 7% 15% Trophy Targets Prioritization Specific Target Trophy Targets? 0% 50% Human Targets? 0% 53% Economic Targets? 0% 48% National Security Ta 0% 44% Target Attractivenes Air? 0% T*H Road / Bridge / Tunn 0% T * H Rail? 0% T*H Maritime? 0% T*H Key CYBER Nodes? Combined Threat Potential against Specific Transport Targets Vunerability (Acce Security, Hardness, Recoverable, Replaceab 0% T*H Raw Score 0% Golden Gate Bridge 75% 38% 50% 26% 30% 14% 0% 0% 20% #### 14% #### 17% 0% 0% 25% 4% 0% 0% 137% 50% 69% JFK Airport Terminal 100% 50% 75% 39% 20% 10% 10% 4% 26% #### 14% 0% 0% 0% 0% 0% 0% 0% 0% 75% 40% 30% Carnival Cruise Vessel 50% 25% 100% 53% 75% 36% 5% 2% 29% 0% 0% 0% 0% 0% 0% #### 14% 0% 0% 82% 75% 62% Union Station 70% 35% 30% 16% 25% 12% 10% 4% 17% 0% 0% 0% 0% #### 15% 0% 0% 0% 0% 49% 90% 44% Bay Bridge 50% 25% 50% 26% 50% 24% 10% 4% 20% 0% 0% #### 0% 0% 0% #### 14% 0% 0% 57% 100% 57% Threat x SUM H Rough

Difficulties and Constraints Cultural Need to mesh contrasting organizational cultural orientations between Red Team and government bureaucracy Operational Easier said than done Need to obtain buy in for Red Team activities from affected government agencies Need to coordinate Red Team activities with affected government agencies Issue of need to know, who will be read into the exercise, etc. Political Policy makers don t always have the required range of response options recommended by a Red Team Some Red Team recommendations may be too controversial Safety Cooperation of security officers may be required for some aspects of the exercises

Summary Benefits of Red Teaming Broaden spectrum of intelligence I&W analytical processes to strengthen preemptive capabilities Provides for policy, operational and intelligence fusion Generate government-wide Red Teaming expertise to expand reservoir of experts who are recycled back to their parent agencies

Conclusion Think Like the Enemy - always anticipate and prepare to counteract new types of attacks and targeting because terrorists seek to exploit new vulnerabilities and inflict maximum damage Past trends do not necessarily reveal future attack patterns Red Team Out of the Box Threat/ Assessments Focus on multi-dimensional, not uni-dimensional, baskets of potential threats

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback