Журнальный клуб Интелрос » Joint Force Quarterly » №84, 2016
Red Team: How to Succeed by Thinking Like the Enemy
By Micah Zenko
Basic Books, 2015
338 pp. $16.00
Reviewed by Matthew Cancian
Cyber warfare, asymmetric threats, emerging challenges to conventional hegemony—a myriad of threats face American policymakers in the 21stcentury. In Red Team: How to Succeed by Thinking Like the Enemy, Micah Zenko, a senior fellow at the Council on Foreign Relations, proposes “red-teaming” as an effective antidote to the cognitive biases that plague decisionmakers in any organization. Overall, Zenko does an excellent job portraying the value of having a cell of critical, outside-the-box thinkers to challenge orthodoxy in variegated contexts, and specifically recommends how to design red-team engagements to overcome the organizational inertia and blind spots that they are meant to combat. The book is a worthy read for national security analysts of every stripe who are working to keep America safe in the face of the complexities of the 21st century.
First, however, there is a small problem of definitions. Zenko uses the term red-teaming to mean a “structured process that seeks to better understand the interests, intentions, and capabilities of an institution—or a potential competitor—through simulations, vulnerability probes, and alternative analysis.” This is slightly different from the most common definition, which defines red-teaming as a subset of alternative analysis that aims to view “a problem from an adversary or competitor’s perspective.” People with a military background remember friendly forces being depicted in blue and the enemy in red; hence, “turning the map around” and thinking like the enemy denote “red-teaming.” It is not a point against Zenko, but readers need to keep in mind that he uses the term in a more expansive way than normal.
Zenko catalogues the use of red-teaming in a variety of security contexts, ranging from the Central Intelligence Agency’s analysis of Syria’s Al-Kibar nuclear research site to physical penetration tests of government buildings. The research is exhaustive, based on over 200 interviews with government officials, business leaders, and maverick thinkers. The diversity of red teams and the analyses of their successes and failures are enough to make this book a valuable addition to any policymaker’s reading list.
The exact reasons why red-teaming through a special cell of maverick thinkers is needed, however, are not explicated as much as one might wish. Why can an entire organization not be made up of critical thinkers? Recent editions of military journals are replete with calls for “agile,” “adaptive,” “critical,” or “strategic” thinkers (or all four at the same time, as then–Chairman of the Joint Chiefs of Staff General Martin Dempsey called for in 2013). Zenko effectively argues that it is impossible for any large organization to be staffed entirely by mavericks; the “existing guidance, practices, and culture of an institution are essential to its functioning effectively.” Otherwise, the institution would have to constantly reinvent every process. I agree with Zenko on this point, but by not devoting enough space to the necessity of alternative analysis, he opens himself to critics who favor fostering a broad culture of critical thinking (or whatever the term du jour is) over red-team cells.
Zenko extracts general principles that make for successful red teams. First, “The Boss Must Buy In.” Red teams do no good if they are used as cover for a decision that has already been made, or if the red team is forced on decisionmakers who have no intention of listening to the given recommendations. Second, red teams should be “Outside and Objective, While Inside and Aware,” which means that the team is not poisoned by group think, but is sensitive to organizational concerns in how it presents its analysis. This ties in to the third principle: that red-teamers should be “Fearless Skeptics with Finesse.”
“Have a Big Bag of Tricks,” the fourth principle, might seem to be most relevant to the cyber security realm, where red-teamers might be imagined to be computer geniuses who need state-of-the-art hacks in order to defeat computer systems. In fact, Zenko emphasizes that the best red-teamers in cyber security go through great pains to use only simple techniques that could realistically be employed by an adversary. This could be applied in other contexts more relevant to defense; it was, after all, the simple techniques of communicating by runner and suicide boats that defeated the “Blue Team” in the infamous Millennium Challenge 2002 experiment that Zenko uses as one of his teaching points.
In another principle, Zenko counsels that organizational leaders should “Be Willing to Hear Bad News and Act on It,” which was unfortunately not the case when the Federal Aviation Administration red team warned of critical security shortcomings before 9/11. Finally, Zenko argues that one should “Red Team Just Enough, But No More.” Red-teaming is not an end unto itself; it should serve to enhance decisions.
By showing the effectiveness of alternative analysis cells in diverse contexts, Zenko succeeds in convincing readers of the need for red-teaming in a variety of contexts. One unresolved tension throughout the book, however, is whether the ability to red-team effectively is an innate quality or whether it is something that can be taught to anyone. Zenko alternatively lauds the University of Foreign Military and Cultural Studies at Fort Leavenworth for teaching critical thinking, then describes the red-teamers he meets as born mavericks or quotes them stating that their brand of outside-the-box thinking is innate. By the end of the book, readers might still remain puzzled by this ambiguity.
Overall, Zenko has assembled a remarkable host of evidence and makes a strong case for the utility of alternative analysis cells, or red teams, in a variety of national security contexts. Readers of this journal would do well to read his book and think about how the techniques that Zenko details would benefit their organization. JFQ