CE-WRL-001

Cyberspace Operations

Responsible for gathering evidence on criminal or foreign intelligence entities to mitigate and protect against possible or real-time threats. Conducts collection, processing, and geolocation of systems to exploit, locate, and track targets. Performs network navigation and tactical forensic analysis and executes on-net operations when directed.

Task statements

T0796: Provide real-time actionable geolocation information
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1034: Prepare deconfliction report
T1035: Determine how threat activity groups employ encryption to support their operations
T1039: Identify network artifacts from hardware and software options
T1040: Identify impact of network artifacts on exploitation
T1041: Determine impact of software configurations
T1575: Adapt software to new hardware
T1576: Upgrade software interfaces
T1577: Improve software performance
T1633: Identify target operational architecture vulnerabilities
T1663: Identify potential avenues of access in digital technologies
T1664: Access wireless computer and digital networks
T1665: Process intelligence collection data
T1666: Exploit wireless computer and digital networks
T1668: Conduct network scouting
T1669: Analyze system vulnerabilities within a network
T1670: Conduct on-net activities
T1671: Exfiltrate data from deployed technologies
T1672: Conduct off-net activities
T1673: Exfiltrate data from automated technologies
T1674: Perform open source data collection
T1676: Survey computer and digital networks
T1691: Detect exploits against targeted networks and hosts
T1692: Counter exploits against targeted networks and hosts
T1709: Develop new techniques for accessing target systems
T1734: Exploit network devices and terminals
T1747: Identify system vulnerabilities within a network
T1759: Maintain situational awareness of organic operational infrastructure
T1760: Maintain functionality of organic operational infrastructure
T1774: Gain and maintain access to target systems
T1781: Degrade or remove data from networks and computers
T1784: Process exfiltrated data
T1803: Document information collection and environment activities
T1829: Evaluate locally developed tools
T1830: Test internally developed software

Knowledge statements

K0018: Knowledge of encryption algorithms
K0375: Knowledge of wireless applications vulnerabilities
K0480: Knowledge of malware
K0635: Knowledge of decryption
K0636: Knowledge of decryption tools and techniques
K0637: Knowledge of data repositories
K0656: Knowledge of network collection tools and techniques
K0657: Knowledge of network collection policies and procedures
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0688: Knowledge of common application vulnerabilities
K0689: Knowledge of network infrastructure principles and practices
K0695: Knowledge of programming principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0698: Knowledge of cryptographic key management principles and practices
K0701: Knowledge of data backup and recovery policies and procedures
K0702: Knowledge of data warehousing principles and practices
K0703: Knowledge of data mining principles and practices
K0712: Knowledge of Local Area Networks (LAN)
K0713: Knowledge of Wide Area Networks (WAN)
K0718: Knowledge of network communications principles and practices
K0738: Knowledge of low-level programming languages
K0744: Knowledge of operating system (OS) systems and software
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0759: Knowledge of client and server architecture
K0770: Knowledge of system administration principles and practices
K0773: Knowledge of telecommunications principles and practices
K0775: Knowledge of information management tools and techniques
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0806: Knowledge of machine virtualization tools and techniques
K0810: Knowledge of deployable forensics principles and practices
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0837: Knowledge of hardening tools and techniques
K0858: Knowledge of virtual machine detection tools and techniques
K0915: Knowledge of network architecture principles and practices
K0923: Knowledge of operating system structures and internals
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0942: Knowledge of cryptology principles and practices
K0953: Knowledge of data mining tools and techniques
K0970: Knowledge of auditing policies and procedures
K0971: Knowledge of logging policies and procedures
K0975: Knowledge of software application vulnerabilities
K0983: Knowledge of computer networking principles and practices
K0988: Knowledge of active defense tools and techniques
K0991: Knowledge of database administration principles and practices
K0992: Knowledge of database maintenance principles and practices
K0993: Knowledge of deconfliction processes
K0998: Knowledge of Wireless Local Area Network (WLAN) tools and techniques
K0999: Knowledge of information management principles and practices
K1000: Knowledge of evasion principles and practices
K1001: Knowledge of evasion tools and techniques
K1014: Knowledge of network security principles and practices
K1015: Knowledge of network topology principles and practices
K1023: Knowledge of network exploitation tools and techniques
K1024: Knowledge of partnership policies and procedures
K1032: Knowledge of satellite-based communication systems and software
K1049: Knowledge of routing protocols
K1055: Knowledge of digital forensics principles and practices
K1069: Knowledge of virtual machine tools and technologies
K1085: Knowledge of exploitation tools and techniques
K1088: Knowledge of knowledge management tools and techniques
K1102: Knowledge of remote command line tools and techniques
K1103: Knowledge of Graphic User Interface (GUI) tools and techniques

Skill statements

S0182: Skill in analyzing target communications internals and externals collected from wireless LANs
S0208: Skill in determining the physical location of network devices
S0221: Skill in extracting information from packet captures
S0252: Skill in processing collected data for follow-on analysis
S0378: Skill in decrypting information
S0442: Skill in collecting network data
S0472: Skill in developing virtual machines
S0473: Skill in maintaining virtual machines
S0491: Skill in processing digital forensic data
S0497: Skill in developing client organization profiles
S0506: Skill in identifying customer information needs
S0508: Skill in managing enterprise-wide information
S0509: Skill in evaluating security products
S0519: Skill in detecting exploitation activities
S0523: Skill in constructing networks
S0531: Skill in assessing security hardware and software
S0532: Skill in analyzing software configurations
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0579: Skill in preparing reports
S0586: Skill in administering databases
S0599: Skill in performing memory dump analysis
S0650: Skill in writing scripts
S0673: Skill in translating operational requirements into security controls
S0690: Skill in performing midpoint collection data analysis
S0694: Skill in auditing network devices
S0700: Skill in mining data
S0701: Skill in performing data mining analysis
S0704: Skill in performing target analysis
S0705: Skill in installing patches
S0706: Skill in identifying patch signatures
S0710: Skill in evaluating metadata
S0711: Skill in interpreting metadata
S0715: Skill in generating operation plans
S0723: Skill in interpreting vulnerability scanner results
S0724: Skill in managing client relationships
S0735: Skill in programming
S0738: Skill in performing reverse engineering of software
S0741: Skill in administering servers
S0743: Skill in identifying network anomalies
S0744: Skill in performing technical writing
S0745: Skill in testing tools for implementation
S0746: Skill in evaluating tools for implementation
S0754: Skill in establishing persistence
S0757: Skill in verifying the integrity of files
S0758: Skill in performing wireless network analysis
S0778: Skill in evaluating operational environments
S0779: Skill in determining information requirements
S0791: Skill in presenting to an audience
S0803: Skill in performing partner analysis
S0837: Skill in executing computer scripts to automate tasks
S0854: Skill in performing data analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)