IDART — The IDART is a multi-disciplinary team seeking to improve the security of information systems through systematic analysis using an adversary perspective.
Page Contact
Raymond C.
Parks
rcparks@sandia.gov
(505) 284-3178
Event Contact
Amy Bowen
adbowen@sandia.gov
(505) 284-3178
| Workshop Agenda | |
| 16 November 2010 | |
| 0800-1200 | Red Teaming for Program Managers (RT4PM) |
| 1200-1300 | Lunch |
| 1300-1345 | Rules of Engagement (ROE) by Domains Setup |
| 1400-1530 | Working Groups |
| 1545-1615 | Report First Session |
| 17 November 2010 | |
| 0800-0845 | Operational Plan (OPLAN) by Domains Setup |
| 0900-1130 | Working Groups |
| 1145-1215 | Report Second Session |
| 1215-1300 | Lunch |
| 1300-1345 | Rules of Engagement (ROE) Cross-Domain Setup |
| 1400-1530 | Working Groups |
| 1545-1610 | Report Third Session |
| 18 November 2010 | |
| 0800-0845 | Operational Plan (OPLAN) Cross-Domain Setup |
| 0900-1130 | Working Groups |
| 1145-1215 | Report Fourth Session |
| 1215-1300 | Lunch |
| 1300-1345 | Writing Session Setup |
| 1400-1530 | Working Groups |
| 1545-1615 | Deliver Templates |
| 1615-1630 | Farewell |
Sandia National Laboratories and The Johns Hopkins University Applied Physics Laboratory are sponsoring a workshop for government red teams to understand and develop a planning process for cross-domain red teaming.
RT2010 will take place at APL in Laurel, Maryland, on 16-18 November 2010.
RT2010 will start with a four-hour Red Teaming For Program Managers (RT4PM) course so the participants will have the foundation for discussing a SOW and scope for a red team project.
Plenary sessions will introduce both cross-domain red teaming as well as the elements of red team planning.
The participants will then form working groups to discuss how planning elements need consideration of cross-domain activities, identify existing methods and tools used in these activities, and then develop generic models, toolsets needed, and documents for each of those planning elements.
By the end of the workshop, each participant will take back a set of tools and documents for planning cross-domain red team activities.
Participants should include red team customers, red team program managers, red team project leads, and red team planners.
As in many endeavors, the key to successful red teaming is up-front planning. A Statement of Work (SOW) or MOA/U and scope are the start of planning. Operational plans, rules of engagement, authorizations, level of cooperation, level of information-sharing, amount of notice, and contingency plans build on the SOW and scope to ensure the red teaming provides actionable knowledge for the assessed without disrupting missions.
Cross-domain red teaming includes more than network and host assessment. Real adversaries attack by crossing between domains to achieve their goals. Red teams need to be adept at modeling such agility, employing attack steps not only in the cyber domain but in the human/behavioral and physical domains. Certain types of attacks are already cross-domain. Spearphishing crosses back and forth between cyber and human domains, war-driving encompasses all three domains and these are already some of the most controversial and complicated attacks we plan.
The IDART is a multi-disciplinary team seeking to improve the security of information systems through systematic analysis using an adversary perspective.
Sandia National Laboratories has a wide range of security expertise as well as expertise in a variety of operational contexts. This expertise is brought together to assist in the characterization and analysis of information systems using the IDART methodology which includes a spectrum of viewpoints and adversary models.
In addition to the assessment methodology, IDART has developed processes, metrics, and tools for analyzing the security robustness of information systems contributing to our national security.
©1997-2012 Sandia Corporation | Questions and Comments | Privacy and Security | 
News release RSS feed