Trusting in the New Devil’s Advocate
The Catholic Church felt, early in its history, that too many people were being designated as saints. To bring some order to the process of conferring sainthood, the Church designated someone to argue against the individual being considered. The Devil’s Advocate, as the position was officially known, would list all the reasons that the individual did not deserve to become a saint. Today, the Church has abandoned the practice, but the concept of a Devil’s Advocate, through a process known as “red teaming,” is a vital component of crisis preparation in both the private and government sectors. As with the Church’s Devil’s Advocate, the mandate of the red team is to discredit the opinions or action steps of their employers — in short, to prove them wrong.
In Red Team: How to Succeed by Thinking Like the Enemy, a gripping, deeply informed overview of red teaming, author and security expert Micah Zenko describes how red teams are used by corporations and countries to prevent untested assumptions and blind spots from undermining efforts to identify potential threats. For example, Zenko describes the heroic pre-9/11 work of two leaders of the Federal Aviation Administration’s red team, which was formed in the wake of the tragic December 1988 bombing of Pan Am Flight 109 over Lockerbie, Scotland. The suitcase that contained the bomb had not been checked in by a passenger. Subsequently, new procedures were put in place to match all luggage to passengers on the plane.
Steve Elson was, according to Zenko, one of the original members of the FAA red team, which was launched in March 1991 and officially called the FAA Special Assessments team. Its goal: to conduct covert vulnerability probes in order to identify airline and airport security shortcomings (e.g., how luggage unattached to a passenger can be loaded onto a plane). Unfortunately, shortcomings were easy to find. Elson described to author Zenko how members of the undercover red team, including Elson, were able to smuggle aboard planes crude and poorly disguised fake bombs, fake guns that gave off the same x-ray images as real guns, and hunting knives. Security failures continued to be documented during Bogdan Dzakovic’s tenure as FAA red-team leader from 1995 to 2001. (During some tests, Dzakovic could clearly see the team’s fake bomb components displayed on the x-ray screen… but nobody was watching the screen.)
If the FAA red team was so successful in identifying shortcomings, how was 9/11 allowed to happen? Because, according to Zenko, the red-team reports would get lost in the bureaucracy of the FAA and the CAS (Civil Aviation Security, which received the reports and were supposed to share them with all appropriate field units). In 1999 and 2000, Elson and Dzakovic teamed up to warn the Inspector General of the Department of Transportation, Government Accountability Office investigators and senior Congressional staffers of the potential terrorist threats through the nation’s airspace… to no avail.
Red Team is filled with harrowing stories of red-team failures but also successes (e.g., the assassination of Osama Bin Laden) in the domains of both national security and the private sector, where companies, for example, red team against hackers. These stories reinforce the crucially important strategies (e.g., red teams should inform, not decide) and best practices (e.g., red teams should be semi-independent but sensitive to the constraints of the organization) proposed by Zenko to help the world avoid another catastrophe such as 9/11.
Receive our latest book reviews in your inbox each month.