FOR IMMEDIATE RELEASE
December 18, 2006
ALBUQUERQUE, N.M. — - Sandia National Laboratories will offer classes on how to specify and utilize a "red team," which involves having people assume the role of bad guys that attempt to compromise system security.
Applying a red team can help identify future risk, find important vulnerabilities, and thus lead to design improvements or better decisions about impact from threats.
The course, called Red Teaming for Program ManagersTM (RT4PMTM) will be taught in Washington, D.C., and is geared for government program managers, decision makers, and military commanders. It is not open to the public.
Presented in four steps, the course shows attendees how to map objectives into eight types of red teaming, specify red teaming they need, identify red teams, and merge results back into their overall objectives. It is not intended to show how to red team, but how to use red teams.
The initial four-hour classes are offered at no charge and will be taught by key members of Sandia's Information Operations Red Team & Assessment (IORTA) program. Eight hour and multi-day courses are in the works that will provide opportunities for greater depth of discussion and extended exercise. There will be a fee for these expanded courses.
Sandia is a National Nuclear Security Administration laboratory.
“In Sandia's red team experience we find two obstacles for effective use of assessment outside of the red team itself," says Michael Skroch, manager of the Sandia department that runs red teams that probe US systems. "First, those program managers or decision makers that know about red teaming may not know how to specify their objectives to the red team. A second pervasive issue is that even more decision makers don't know about the use of red teaming. The result is that we create security systems brittle to the threat. They don't work if attacked. RT4PM was created to help address these obstacles.”
RT4PM introduces these eight types of red teaming that, separately and in combination, can be used by red teams: design assurance, hypothesis testing, benchmarking, behavioral, gaming, operational, penetration testing, and analytical. In the four-hour course, instructors will blend discussions with multiple short examples and exercises to illustrate course concepts.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin company, for the U.S. Department of Energy’s National Nuclear Security Administration. Sandia has major R&D responsibilities in national security, energy and environmental technologies, and economic competitiveness.
Sandia news media contact: Chris Burroughs, firstname.lastname@example.org, (505) 844-0948