three. The activities of each of these exemplars are provided in Appendix B to this report.
In each of these examples, the red teams have been granted independence in assessing vulnerabilities and evaluating threat responses. Each entity also has access to a strong base of expertise available to brainstorm vulnerabilities and solutions. Technical subject matter experts (SMEs) in academia and industry are engaged as necessary; they perform detailed analysis, use their imagination, or brainstorm on a particularly challenging problem. In the SSBN Security program, for example, the diverse SME team is preplanned, extensible through outreach, and explicitly identified as the “Friends of SSBN” network; it is a standing team, ready to be called on to respond to surprise issues.
It is also noted that in order to identify threats and anticipate surprise, red teams perform modeling, simulation, and analysis at three levels of fidelity: (1) campaign-level modeling validated through (2) system-of-systems simulation made realistic by (3) high-fidelity physics-based models. Successful implementation of this multitiered modeling involves an ability to leverage existing simulations that are being developed in the national laboratories and industry, often by individuals in the SME networks. Running exercises and threat scenarios through this three-tiered modeling and analysis capability will identify potential threats, allow for response evaluation, and identify potential vulnerabilities and risk. Subsequently, in-depth vulnerability analysis (including precise evaluation of algorithms, software, hardware, or system performance issues) has proven essential to determining the impact of a threat and the necessary response.
In some cases, this response will require a change to existing assets or acquisition of a new technology. Therefore, red teams are able to recommend and/or deploy solutions to the field as necessary.
The methodology for assessing and responding to surprise that is used by the SSBN security red team serves as an excellent representative approach (see Figure 3-1) for evaluating vulnerabilities in large programs of record. As an independent group that seeks to challenge the organization in order to improve effectiveness, the SSBN Security program leverages simulation, modeling, and analysis to assess risks to submarine security and recommends mitigation strategies. Similar success has been noted in the approaches used by the Air Vehicle Survivability Evaluation Program. Each of these exemplars leverages modeling and analysis tools in conjunction with a network of experts to expose bias, offer critical review, model vulnerabilities, and demonstrate alternative ways to respond to surprise.
U.S. naval leadership should leverage the approaches used by the three exemplar organizations (SSBN security, Air Force red team, Aegis BMD’s Operation Burnt Frost) to further anticipate, model, and simulate both intelligence-inferred and potential disruptive surprise. The hallmarks of these successful approaches are as follows: