Cyberspace Effects
CE-WRL-001

Cyberspace Operations

Responsible for gathering evidence on criminal or foreign intelligence entities to mitigate and protect against possible or real-time threats. Conducts collection, processing, and geolocation of systems to exploit, locate, and track targets. Performs network navigation and tactical forensic analysis and executes on-net operations when directed.

  • T0796: Provide real-time actionable geolocation information
  • T1020: Determine the operational and safety impacts of cybersecurity lapses
  • T1034: Prepare deconfliction report
  • T1035: Determine how threat activity groups employ encryption to support their operations
  • T1039: Identify network artifacts from hardware and software options
  • T1040: Identify impact of network artifacts on exploitation
  • T1041: Determine impact of software configurations
  • T1575: Adapt software to new hardware
  • T1576: Upgrade software interfaces
  • T1577: Improve software performance
  • T1633: Identify target operational architecture vulnerabilities
  • T1663: Identify potential avenues of access in digital technologies
  • T1664: Access wireless computer and digital networks
  • T1665: Process intelligence collection data
  • T1666: Exploit wireless computer and digital networks
  • T1668: Conduct network scouting
  • T1669: Analyze system vulnerabilities within a network
  • T1670: Conduct on-net activities
  • T1671: Exfiltrate data from deployed technologies
  • T1672: Conduct off-net activities
  • T1673: Exfiltrate data from automated technologies
  • T1674: Perform open source data collection
  • T1676: Survey computer and digital networks
  • T1691: Detect exploits against targeted networks and hosts
  • T1692: Counter exploits against targeted networks and hosts
  • T1709: Develop new techniques for accessing target systems
  • T1734: Exploit network devices and terminals
  • T1747: Identify system vulnerabilities within a network
  • T1759: Maintain situational awareness of organic operational infrastructure
  • T1760: Maintain functionality of organic operational infrastructure
  • T1774: Gain and maintain access to target systems
  • T1781: Degrade or remove data from networks and computers
  • T1784: Process exfiltrated data
  • T1803: Document information collection and environment activities
  • T1829: Evaluate locally developed tools
  • T1830: Test internally developed software
  • K0018: Knowledge of encryption algorithms
  • K0375: Knowledge of wireless applications vulnerabilities
  • K0480: Knowledge of malware
  • K0635: Knowledge of decryption
  • K0636: Knowledge of decryption tools and techniques
  • K0637: Knowledge of data repositories
  • K0656: Knowledge of network collection tools and techniques
  • K0657: Knowledge of network collection policies and procedures
  • K0674: Knowledge of computer networking protocols
  • K0675: Knowledge of risk management processes
  • K0676: Knowledge of cybersecurity laws and regulations
  • K0677: Knowledge of cybersecurity policies and procedures
  • K0678: Knowledge of privacy laws and regulations
  • K0679: Knowledge of privacy policies and procedures
  • K0680: Knowledge of cybersecurity principles and practices
  • K0681: Knowledge of privacy principles and practices
  • K0682: Knowledge of cybersecurity threats
  • K0683: Knowledge of cybersecurity vulnerabilities
  • K0684: Knowledge of cybersecurity threat characteristics
  • K0688: Knowledge of common application vulnerabilities
  • K0689: Knowledge of network infrastructure principles and practices
  • K0695: Knowledge of programming principles and practices
  • K0697: Knowledge of encryption algorithm capabilities and applications
  • K0698: Knowledge of cryptographic key management principles and practices
  • K0701: Knowledge of data backup and recovery policies and procedures
  • K0702: Knowledge of data warehousing principles and practices
  • K0703: Knowledge of data mining principles and practices
  • K0712: Knowledge of Local Area Networks (LAN)
  • K0713: Knowledge of Wide Area Networks (WAN)
  • K0718: Knowledge of network communications principles and practices
  • K0738: Knowledge of low-level programming languages
  • K0744: Knowledge of operating system (OS) systems and software
  • K0751: Knowledge of system threats
  • K0752: Knowledge of system vulnerabilities
  • K0759: Knowledge of client and server architecture
  • K0770: Knowledge of system administration principles and practices
  • K0773: Knowledge of telecommunications principles and practices
  • K0775: Knowledge of information management tools and techniques
  • K0786: Knowledge of physical computer components
  • K0787: Knowledge of computer peripherals
  • K0792: Knowledge of network configurations
  • K0806: Knowledge of machine virtualization tools and techniques
  • K0810: Knowledge of deployable forensics principles and practices
  • K0812: Knowledge of digital communication systems and software
  • K0815: Knowledge of intelligence collection management processes
  • K0837: Knowledge of hardening tools and techniques
  • K0858: Knowledge of virtual machine detection tools and techniques
  • K0915: Knowledge of network architecture principles and practices
  • K0923: Knowledge of operating system structures and internals
  • K0925: Knowledge of wireless communication tools and techniques
  • K0926: Knowledge of signal jamming tools and techniques
  • K0942: Knowledge of cryptology principles and practices
  • K0953: Knowledge of data mining tools and techniques
  • K0970: Knowledge of auditing policies and procedures
  • K0971: Knowledge of logging policies and procedures
  • K0975: Knowledge of software application vulnerabilities
  • K0983: Knowledge of computer networking principles and practices
  • K0988: Knowledge of active defense tools and techniques
  • K0991: Knowledge of database administration principles and practices
  • K0992: Knowledge of database maintenance principles and practices
  • K0993: Knowledge of deconfliction processes
  • K0998: Knowledge of Wireless Local Area Network (WLAN) tools and techniques
  • K0999: Knowledge of information management principles and practices
  • K1000: Knowledge of evasion principles and practices
  • K1001: Knowledge of evasion tools and techniques
  • K1014: Knowledge of network security principles and practices
  • K1015: Knowledge of network topology principles and practices
  • K1023: Knowledge of network exploitation tools and techniques
  • K1024: Knowledge of partnership policies and procedures
  • K1032: Knowledge of satellite-based communication systems and software
  • K1049: Knowledge of routing protocols
  • K1055: Knowledge of digital forensics principles and practices
  • K1069: Knowledge of virtual machine tools and technologies
  • K1085: Knowledge of exploitation tools and techniques
  • K1088: Knowledge of knowledge management tools and techniques
  • K1102: Knowledge of remote command line tools and techniques
  • K1103: Knowledge of Graphic User Interface (GUI) tools and techniques
  • S0182: Skill in analyzing target communications internals and externals collected from wireless LANs
  • S0208: Skill in determining the physical location of network devices
  • S0221: Skill in extracting information from packet captures
  • S0252: Skill in processing collected data for follow-on analysis
  • S0378: Skill in decrypting information
  • S0442: Skill in collecting network data
  • S0472: Skill in developing virtual machines
  • S0473: Skill in maintaining virtual machines
  • S0491: Skill in processing digital forensic data
  • S0497: Skill in developing client organization profiles
  • S0506: Skill in identifying customer information needs
  • S0508: Skill in managing enterprise-wide information
  • S0509: Skill in evaluating security products
  • S0519: Skill in detecting exploitation activities
  • S0523: Skill in constructing networks
  • S0531: Skill in assessing security hardware and software
  • S0532: Skill in analyzing software configurations
  • S0558: Skill in developing algorithms
  • S0559: Skill in performing data structure analysis
  • S0579: Skill in preparing reports
  • S0586: Skill in administering databases
  • S0599: Skill in performing memory dump analysis
  • S0650: Skill in writing scripts
  • S0673: Skill in translating operational requirements into security controls
  • S0690: Skill in performing midpoint collection data analysis
  • S0694: Skill in auditing network devices
  • S0700: Skill in mining data
  • S0701: Skill in performing data mining analysis
  • S0704: Skill in performing target analysis
  • S0705: Skill in installing patches
  • S0706: Skill in identifying patch signatures
  • S0710: Skill in evaluating metadata
  • S0711: Skill in interpreting metadata
  • S0715: Skill in generating operation plans
  • S0723: Skill in interpreting vulnerability scanner results
  • S0724: Skill in managing client relationships
  • S0735: Skill in programming
  • S0738: Skill in performing reverse engineering of software
  • S0741: Skill in administering servers
  • S0743: Skill in identifying network anomalies
  • S0744: Skill in performing technical writing
  • S0745: Skill in testing tools for implementation
  • S0746: Skill in evaluating tools for implementation
  • S0754: Skill in establishing persistence
  • S0757: Skill in verifying the integrity of files
  • S0758: Skill in performing wireless network analysis
  • S0778: Skill in evaluating operational environments
  • S0779: Skill in determining information requirements
  • S0791: Skill in presenting to an audience
  • S0803: Skill in performing partner analysis
  • S0837: Skill in executing computer scripts to automate tasks
  • S0854: Skill in performing data analysis