The IDART Methodology

The Information Design Assurance Red Team (IDART) Methodology grew out of red-teaming by the IDART from our inception in 1996. We inserted our own unique methods into existing frameworks used for physical security assessments.

The IDART Methodology process shows the overall flow of the methodology. This flow looks like many other assessment process flows, but IDART has added unique methods to the overall process.

The process begins with planning — a small box on the diagram but a very big element of success. Without careful planning, any red team activity will fail — sometimes disastrously. Over the years of our practice, we realized that we needed to help our customers and sponsors with their planning, thus we developed another methodology for them — Red Teaming for Program Managers (RT4PM). RT4PM plays an important part in the initial planning within the IDART methodology.

Once IDART has a plan for a red team project, we work through a cycle of data collection, characterization, and analysis supported by system engagements. This cycle is shown as a circle to acknowledge that it often requires more than one iteration to complete this portion of the process.

Data collection can include requesting and receiving documents (down to the lowliest napkin sketch), interviews that can be powered by automated tools, and live data collection using system engagement.

The IDART methodology has provided a unique method to the characterization step in the process. IDART uses “views” of the system created by the data collection team to develop understanding of the system that frequently exceeds the knowledge of the owner. These views include but are not limited to:

Each view is a description of some aspect of the system from one of these viewpoints. Most views are diagrammatic but a view can be a table or textual.

IDART also distinguishes itself in the method used to analyze vulnerabilities and attacks. The analysis starts with a “brainstorming” session to develop an attack diagram. The key to this brainstorming is diversity of the team — a diverse team, each bringing their own knowledge and skills, can almost always out-perform a single individual in finding possible attacks. The diagram is built like a jig-saw puzzle. On one side are the consequences and on the other side are the adversary starting points — both gained during planning and data collection. These are like the outside of the jigsaw puzzle which are easily put together because of the straight edge. The team brainstorms attacks, each adding attack steps that they believe are possible from the views and their own expertise. This is like putting together groups of puzzle pieces that are recognizably similiar. Once the brainstorm session slows down, the group puts the attack steps together in scenarios that reach from adversary starting point to consequence — just as the groups of puzzle pieces fill in the interior of the puzzle.

The attack diagram is the initial and final mode of expressing attacks in the IDART methodology. It works well for brainstorming and communicating with customers. IDART also uses the Graphical Adversary Modeling Environment, which turns the attack diagram into a form of state diagram. GAME diagrams work well for discovering mitigations and normalizing attack steps. Attack trees are another way that IDART expresses attacks for adversary requirement modeling and determining system effectiveness. Each of the three attack expressions has advantages and disadvantages and converting between them refines attacks and analysis.

The final stage of the IDART methodololy is the report. Reporting is the point of the process — to help customers understand their situation and options. Reports are how IDART provides the red team deliverables:

The report also contains the metrics analysis discussed elsewhere on this web-site.

IDART can and does actively engage customer systems — through physical means, cyber means, human means, or electromagnetic means. These engagements support the cycle of data collection, characterization, and analysis. We have developed some principles that appear in our Rules of Engagement documents negotiated with customers:

These and the ROEs in which we use them are indicative of the formality of the agreements we sometimes employ with customers. Understanding and preparing for the consequences of one’s actions when red teaming are the result of experience and professionalism.

Top of page