From: redteam@all.net
Reply-to: redteam@all.net
Organization: Red Team Mailing List
Subject: RedTeam Mailing List 1999-01-18
<pre>---------------------------------------------
Date: 18 Jan 99 08:01:44 MST
Subject: RedTeam and Tiger Team

Dear Mr. Fraser,

My definitions of the Red Team and Tiger Team differ from yours.  In my
experience, Red Teams are teams assembled from within one's own organization. 
They are specifically tasked to take the enemy's viewpoint and attack/stress
the friendly system.  This applies not just to network vulnerability but to
other activities as well.  There were Red Teams assembled to look at specific
systems and at doctrinal publications.

A Tiger Team is a group of personnel assembled for a defined period to
accomplish a critical task or project.  In my work in Army Acquisition and
Intelligence, I've served on "Tiger Teams" to work a specific problem or
manage a critical system, especially if there is a critical period ahead in
the acquisition cycle.  A Tiger Team might be assembled to get a system
through a particularly difficult operational test and evaluation, for example.
 Or a "Tiger Team" might be assembled to write a critical doctrinal manual on
a new and important topic, say Information Operations.

Heretofore, I have not heard of teams that attack the enemy referred to as
either a Red Team or Tiger Team.  Attacking the enemy or suporting that attack
is the business of the entire military organization.  So, one specifically
named Red Team or Tiger Team doesn't go off to war, the whole unit does.

Best regards,

Hugh Blanchard
---------------------------------------------
From: "Skroch, Michael" <mjskroc@sandia.gov>
Subject: RE: RedTeam Mailing List 1999-01-16
Date: Mon, 18 Jan 1999 08:22:19 -0700

Bruce Fraser <BFraser@ottawa.com> wrote:

> Subject: Red Teaming ... [terminology]

I think the terminology goes beyond just computer network attack type
problems.  The color designation seems to come from participative military
exercises.
...

I have found that there is much variation in the definition of "red teaming"
depending on with whom you are talking.  I think this is because the red
teaming community is fairly fractured at this time.  Because of the many
definitions, how one defines the colors of each team may also be different.

To us, there are two main phases to red teaming.  First there is a red team
vulnerability assessment, which is primarily a research or paper-study
effort.  This is different from a pure VA job in that it is performed with a
"red team mind set."  The second phase is a red team demonstration which is
an active investigation or exercise designed to validate and refine those
issues uncovered in the first phase, demonstrate them to a customer, and
uncover issues which might only be apparent in an exercise real/near-real
operational environment.

One definition the US DOD uses for red teaming is: 

An independent and threat-based effort by an interdisciplinary, simulated
opposing force which, after proper safeguards are established uses both
active and passive capabilities on a formal, time-bounded tasking to expose
and exploit information assurance vulnerabilities of friendly forces as a
means to improve the readiness of DoD components. (A Management Process for
a Defense-wide Information Assurance Program (DIAP),November 1997.)

...
Given that earlier definition, and from my experience, colors often used
are:

	Red Team = Simulated bad guys, attacks the blue team

	Blue Team = Operators, defenders, good guys, defend own systems
	from red team, possibly counter attack red

In addition there may be other colored-named teams such as the following.
The colors here are really not important; however, the functions they
provide are important.

	White Team = referee team, oversees the exercise/demonstration,
	decides last-minute issues, interprets rules of the game, gives
	out points or flags for performance on the exercise, helps to
	ensure that the exercise itself does not compromise security. 

	Green Team = group that sets up or designers the blue team's
	systems.  This team may or may not be the same as the blue team. 
	In real life this team is usually not the blue team.  Usually
	the green team are the designers/engineers/policy makers and the
	blue team are operators. 

Mike
---------------------------------------------