Safeguarding critical infrastructure and sensitive locations from unmanned aerial threats has become a top priority for many. One effective method for testing and refining these security measures is through C-UAS Red Teaming. This approach, which involves simulating threat scenarios to test response protocols and technology, aids with the development of robust defences and systems that are prepared for a range of scenarios.
Brooke Tapsall, CEO of DroneALERT, spoke at the Counter UAS Homeland Security 2024 conference, where she offered attendees insight and advice on how to conduct effective Red Team operations.
What is Red Teaming?
Red Teaming is an adversarial testing methodology that mimics potential real-world threats to evaluate the effectiveness of security systems and protocols. It is a structured way to identify vulnerabilities, test standard operating procedures (SOPs) and refine responses to drone incursions.
“[Red Teaming] is going to test your SOPs, it’s going to test the technology that you want to have in-situ, and then you will be learning from that,” Tapsall explained.
This hands-on approach is essential for testing the readiness of personnel and the effectiveness of deployed technology in a controlled yet realistic environment.
Building a strong foundation
Before embarking on Red Teaming exercises, establishing a solid operational foundation is crucial, according to Tapsall:
“If you don’t build a foundation, everything is going to crumble in a way. Unfortunately, you need to set down a lot of processes and protocols to get this done,” she said.
This foundation includes well-defined SOPs, stakeholder management and integrated technology solutions. The development of SOPs should be tailored to the specific scenarios and technologies in use.
“Your SOPs may change depending on the technology that you have or what you will deploy into that scenario,” Tapsall noted, highlighting the dynamic nature of C-UAS operations.
A robust framework ensures that all team members are aligned and prepared for the complexities of counter-drone operations.
A cycled approach to UAS protection
Improving C-UAS protection protocols and structures is not a one-time event but a continuous cycle that evolves through different phases. Tapsall outlined a structured approach with four key phases:
- Foundation and stakeholder engagement: Setting up SOPs and engaging with all relevant stakeholders.
- Technology selection and integration: Choosing the right C-UAS technologies based on the specific threat environment and integrating them into operational plans.
- Red Team/Blue Team exercises: Running adversarial and threat scenarios to challenge and refine the SOPs and technology.
- Feedback and continuous improvement: Using the outcomes of Red Teaming to update and enhance SOPs and training programs, which feeds back into phase one, completing the cycle.
This cyclical process helps organisations remain agile and responsive to emerging threats. As Tapsall puts it:
“You have got the cycle going down, but you are feeding back into it so that once you have actually run an operation and you have tested everything, you [run the cycle] again to make sure everything is updated.”
The importance of testing in-situ
Tapsall stressed the need for testing technology in the actual environment where it will be deployed, to ensure that the results can actually be used when developing SOPs for the environment in question.
“How it acts in one test scenario is not how it will act in another environment,” she warned. “Every bit of the technology will have slight variations, slight deviations, and this has to be accounted for so you can understand what it may do [in that environment].”
Different environments can significantly impact the performance of C-UAS systems. For example, physical obstruction from buildings or terrain can impact detection capabilities while interference from RF congestion can cause issues for C-UAS systems that utilise RF. Without appropriate testing in the deployment environment, organisations risk unpleasant surprises when the time comes to use their systems.
Leveraging digital forensics
Digital forensics plays a crucial role in validating the outcomes of Red Teaming exercises. Data collected from drones and C-UAS systems provides insights into their performance and helps to identify any discrepancies between expected and actual behaviour.
“You can say what you want to say for a service provider, but your data will actually tell you the truth,” explained Tapsall. “You need to match that data with the drones that were flown to see how well you tracked.”
Matching this data with operational scenarios helps verify whether the systems can effectively track and manage drone threats without manual input. This forensic approach is essential for refining both the technology and the tactics used in C-UAS operations.
Recommendations for effective Red Teaming
To maximise the effectiveness of C-UAS Red Teaming, Tapsall outlined the following key recommendations in her presentation:
- Use an experienced independent Red Team: Independent Red Teams bring an objective, unbiased approach. They can challenge assumptions and identify weaknesses that internal teams might overlook, ensuring a more thorough and realistic evaluation of systems and protocols.
- Red Team/Blue Team collaboration: Red teaming is not about defeating the Blue Team, it is a learning experience for both sides. The goal is to build confidence and foster a culture of continuous improvement and the emphasis is on collaboration to enhance C-UAS capabilities and preparedness.
- Implement standardised protocols and data formats: Adopting standardised data formats and protocols across C-UAS operations is key for effective analysis and interoperability. This ensures consistency and accuracy in the data collected and the insights it generates.
- End-to-end coverage of the C-UAS process: It is important to cover the entire C-UAS process in any asset protection strategy and to avoid cherry picking. From protocols to technology, Red Team testing, in-situ trials, digital forensics and continuous training. Each step is integral to ensuring holistic protection against potential UAS threats.
Red Teaming is an extremely useful addition to any C-UAS strategy. By simulating real-world threats and rigorously testing response plans and technology, organisations can ensure they are well-prepared to counter the growing threats posed by hostile UAS. The key to success lies in building a strong foundation, continuously refining SOPs and embracing a proactive approach to testing and training.
Post Image – A drone fitted with an example of a potential IED, used by DroneALERTin a Red Teaming exercise (Post Image Credit: DroneALERT)