Earlier "today" ( Thursday 9th June ) I had the pleasure of listening to a free "Red Teaming 101 Webinar" by Mark Mateski of the Red Team Journal. ( The next event is on the 7th of July, and is listed here: http://redteamjournal.com/events/ ) This was an enjoyable high-level webex seminar about the idea of red teaming in general, very much on the "contrarian perspective" being a useful and under-used tool by organisations, and a quick run through of the overall concepts.

This inspired me to finally get down this idea that I've been ruminating on for a while. This piece is a drastically modified version of the article "Serious Wargames Needs Serious 'scout team' Wargamers" that appeared in issue 289 of The Nugget, "The Journal of Wargames Developments". Wargames Developments is a "loose association of like-minded wargamers dedicated to the continued development of wargames of any type whatsoever".

That original piece was in reply to Tim Price's piece in the previous issue: "Red Teaming, Black Games and Failure in our Wargames", lamenting the lack of diversity in professional wargaming meaning that the play of the "red team" was unhelpful. However I was inspired to modify my article, and publish it in a wider context, due to the Red Team Journal blog post "Operational Code Analysis for the Real-World Red Team, Part I" ( http://redteamjournal.com/2016/04/operational-code-analysis-for-the-real-world-red-team-part-i/ ). When announcing that piece via Twiiter, the author Mark Mateski quoted his article "Know thy enemy? Good luck with that! ( Yes, I'm exaggerating, but only a bit. )".

In the article Mark enumerates a very useful list of 37 questions to ask yourself, or your on-hand experts, about the opponent you are modelling in order to create a model of their "operational code", the operational code being that opponents way of working, of thinking, of fighting. That way you can simulate that operational code within your red team exercise, and effectively emulate the opposition.

Which brings us back to the original article by Tim Price. In this article Tim highlighted the lack of an effective opposition within the serious games he'd been involved with, where the people playing the opponent clearly were thinking and acting in the usual way for their standing, culture, and the situation - which considering that this was a military simulation was usually in a similar way to the organisation they were attacking. While it might win the game this approach isn't very useful when trying to understand the enemy, which is the point of playing the wargame / simulation in the first place. Tim Price pointed to the use of experienced amateur wargamers as a solution to this, players who've spent a great deal of time looking for winning strategies outside of the "rules", players who have little regard for any artificial constraints to victory.

However I put forward that Tim is correct only up to a point, and considering his experience this wasn't a decision I made lightly. Partly serious wargamers are ideally suited to this situation, people who are used to adversarial situations and everything that goes with them, from the importance of a reserve force to the necessity and value of logistics. Those serious wargamers are who you want, as Tim said, "they are programmed to seek winning strategies" However I think Tim omitted an equally valuable characteristic of the right kind of wargamer, which the members of Wargames Developments brings to mind... the wargamers needed must be more interested in understanding the game, they must be most interested in solving the puzzle the game represents, than in winning the game. For those wargamers representing the opponent, for those wargamers playing the red team, their overall aim needs to be to determine how to win this kind of game, rather than winning this particular incidence of it. They need to be a true OPFOR, the aim is not to win this game but to win all games against this opponent, and ideally to understand how this particular type of game can be won.

Now I'm only on the periphery of serious gaming, it's one of the career options I'm currently considering, but I was initially astounded that imitating the opponent isn't seen as best practice, and a diverse set of players and experts seen as a way to achieve that. To me it seems obviously non-sensical that putting forward the imitation of the enemy as the main pre-requisite is seen as some kind of underground or iconoclastic point of view. But then, taking a step back to consider the situation for a moment, there has been a similar discussion going on for some time in my field, the world of Penetration Testing. Penetration Testers are hired to attack a company's systems to look for security vulnerabilities, with the aim of illustrating and describing those security vulnerabilities before they're exploited by genuine attackers. However it's becoming increasingly clear that penetration testers tend to illustrate the security issues that penetration testers would exploit, those issues that are more intriguing to investigate or more exciting to describe, whereas a criminal hacker will pick on easy targets to make money; the opponents penetration testers are meant to be representing don't have time to play with puzzles, they are not looking for stories to tell - they have a job to do and money to make.

( If you're interested, this slide deck from a recent presentation at the RSA Conference is a good summary of the arguments: http://www.rsaconference.com/writable/presentations/file_upload/asd-w02-intelligent-application-security-rsa.pdf )

So if Serious Gaming doesn't get this, and neither does Penetration Testing... neither industry being notably short of smart people... does anyone have what I believe is the right point of view? In my experience the best example came from one of my other interests, American Football. To over-simplify there are two sets of players on a team: Offense - who play when you have the ball, and Defense - who play when the opponents have the ball. Team rosters are huge, partly due to how common injuries are in the game, therefore there are definitely "starters" on Offense and Defense, backed up by "second string" and "third string" players. Due to the wide variety of styles of play in the sport, the starters need to practice against the specific playing style of the opponent they'll face that week, and this is where the "scout team" comes in. The scout team consists of the second and third string players on your team imitating the style and plays of that week's upcoming opponent, for the benefit of the starters. As well as their ability to play the sport overall, scout team players are graded on their ability to imitate opponents, and this is what serious gaming needs.

I should stress, this is where players willing to be a "scout team" are required, rather than those with knowledge of all possible opponents or combat environments. And it is these "scout team" players that serious games need. They need open-minded wargamers who are more interested in winning the game than winning the battle the game represents, understanding the difference between the two is crucial.

Overall, it is those rare players capable of and willing to emulate an opponent that serious wargaming needs to make up a "scout team", which to me is taking the profession much more seriously that merely winning or losing whatever battle is being played. So while my angle was different to Tim Price's, my conclusion was the same... serious wargames need serious hobby wargamers.

Back to Mark Mateski's piece on operational code. As I say, there's a comprehensive set of questions in that article, but after that Mark appears to hit something of a block. He suggests a couple of techniques for helping the red team work under that operational code, but these are quite general and designed to suit every situation.

Sticking to the imagined scenario of my original piece, looking at serious games, expected to be an exercise of a few days, and military in nature and therefore directly confrontational, I see two useful ways to turn the answers from Mark's 37 questions directly into something a red team can use:

Firstly - "trait cards". Each of Mark Mateski's questions should elicit several statements on the operational code of the opponent that the red team is looking to emulate, anything from "use deception whenever possible" to "prefer indirect over direct fire" or "sacrifice soldiers rather than ground" and so on. Eachanswer to those 37 questions should be distilled into a trait and written on a card, and assigned a number of points by the red team in conjunction with the experts being used to provide information on the operational code of the opponent. Whenever the red team carries out an action during the engagement, and I'm thinking of a wargame with something of a turn-based structure when actions are put forward by player teams and resolved by a combination of the wargame's system and its umpires, the red team can play appropriate trait cards in order to score points. Therefore the more successfully the red team emulates the opponent by following the cards, the more points they'll score.

This is a version of the idea from roleplaying games of "XP", or experience points, that I referred to in my original tweet displayed above. Expereince points are awarded by the person running the game, usually a GamesMaster ( GM ), in return for completing objectives, but most importantly in this context, they are also awarded for successful roleplaying, for a player acting in the same way that the character they are playing as would act. These trait cards would formalise that role-play aspect, and enable to red teamers to judge what kind of action they should take to emulate the opponent.

Secondly - a CARVER matrix based on the perceived operational code of the opponent. A CARVER matrix, to quote directly from Wikipedia, "was developed by the United States special operations forces during the Vietnam War. CARVER is an acronym that stands for Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability and is a system to identify and rank specific targets so that attack resources can be efficiently used. CARVER was developed in WWII by the OSS for the French field agents as a simple, uniformly and somewhat quantifiable means of selecting targets for possible interdiction. CARVER can be used from an offensive (what to attack) or defensive (what to protect) perspective." This matrix could show the value, to the red team, of destroying different assets being operated by the blue team. Therefore the red team can now prioritise goals through the CARVER matrix, and choose which actions to use to reach those goals through which trait cards they can play.

This method is relatively simple, and stops the red team trying to win the game... it's now intuitive for them to act with a single objective in mind: accumulating points. This gives the red team a method to turn the answers to Mateski's 37 questions into actions, and gives the blue team in the wargame a version of the opponent that is in some way following the real world opponent's operational code.

As with all attempts at gamifying a process in order to improve adherence to it, there will be a gap between the actual operational code of the opponent and how that is portrayed by the red team in the wargame. Turning a vague statement that the enemy will employ deception whenever possible depending on available time and resources into a card stating "employ deception in an attack, score five points" means assigning complex decisions a value on a linear scale, but I think what you would lose in complexity you gain in focus.

And if the trait card points or CARVER matrix turn out to be wildly incorrect, to the extent that the red team aren't emulating the opponent in the wargame, then just change the values. Red teamers, especially the leaders, and especially if they have ready access to experts on how the opponent being emulated thinks, should be able to spot when the numerical model has too great a gap from the perceived operational code of the opponent, or the actual operational code of the opponent, to be useful; and therefore they will modified the scoring on the cards and in the matrix.

Unfortunately I've yet to have an opportunity to practice this idea, but I see this as the way to turn the perception of an operational code into an actionable set of ideas that a red team can use during an exercise, and therefore this will effectively guide the red team into achieving their true aim: emulating the opponent. Also it gives wargamers, acting as a red team, a way to naturally and intuitively play a wargame in a way that is of use to the blue team, while naturally and intuitively using their desire to win.

And one last thought, considering the expected competitive nature of red teamers... have two red teams in play, neither knows the constituents or deliberations of the other team, just what actions they've taken and how many points they've scored.