CE-WRL-006

Target Analysis

Responsible for conducting target development at the system, component, and entity levels. Builds and maintains electronic target folders to include inputs from environment preparation and/or internal or external intelligence sources. Coordinates with partner target working groups and intelligence community members, and presents candidate targets for vetting and validation. Assesses and reports on damage resulting from the application of military force and coordinates federal support as required.

Task statements

T0624: Conduct target research and analysis
T0650: Determine what technologies are used by a given target
T0684: Estimate operational effects generated through cyber activities
T0707: Generate requests for information
T0717: Identify critical target elements
T0718: Identify intelligence gaps and shortfalls
T0744: Maintain target lists (i.e., RTL, JTL, CTL, etc.)
T0769: Perform targeting automation activities
T0776: Produce target system analysis products
T0778: Profile targets and their activities
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1030: Estimate the impact of collateral damage
T1032: Determine cyber operation objectives
T1035: Determine how threat activity groups employ encryption to support their operations
T1042: Acquire target identifiers
T1053: Identify and characterize intrusion activities against a victim or target
T1054: Scope analysis reports to various audiences that accounts for data sharing classification restrictions
T1055: Determine if priority information requirements are satisfied
T1084: Identify anomalous network activity
T1085: Identify potential threats to network resources
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1489: Correlate incident data
T1629: Prepare target analysis reports
T1638: Recommend cyber operation targets
T1642: Advise stakeholders on course of action development
T1648: Develop performance success metrics
T1653: Build electronic target folders
T1654: Maintain electronic target folders
T1661: Assess all-source data for intelligence or vulnerability value
T1683: Vet targets with partners
T1697: Prepare all-source intelligence targeting reports
T1707: Prepare munitions effectiveness assessment reports
T1754: Initiate requests to guide tasking
T1782: Develop website characterizations
T1789: Provide aim point recommendations for targets
T1790: Provide reengagement recommendations
T1796: Determine effectiveness of targeting activities
T1801: Determine validity and relevance of information
T1814: Protect information sources and methods
T1824: Identify cyber collateral damage
T1825: Document cyber collateral damage
T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date

Knowledge statements

K0018: Knowledge of encryption algorithms
K0480: Knowledge of malware
K0551: Knowledge of targeting cycles
K0655: Knowledge of intelligence fusion
K0658: Knowledge of cognitive biases
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0697: Knowledge of encryption algorithm capabilities and applications
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0718: Knowledge of network communications principles and practices
K0719: Knowledge of human-computer interaction (HCI) principles and practices
K0732: Knowledge of intrusion detection tools and techniques
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0766: Knowledge of data asset management principles and practices
K0773: Knowledge of telecommunications principles and practices
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0792: Knowledge of network configurations
K0812: Knowledge of digital communication systems and software
K0815: Knowledge of intelligence collection management processes
K0818: Knowledge of new and emerging cybersecurity risks
K0825: Knowledge of threat vector characteristics
K0831: Knowledge of network attack vectors
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0857: Knowledge of malware analysis tools and techniques
K0860: Knowledge of malware signature principles and practices
K0891: Knowledge of the Open Systems Interconnect (OSI) reference model
K0915: Knowledge of network architecture principles and practices
K0916: Knowledge of malware analysis principles and practices
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0960: Knowledge of content management system (CMS) capabilities and applications
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0968: Knowledge of analytic standards and frameworks Skill in assigning analytical confidence ratings
K0969: Knowledge of cyber-attack tools and techniques
K0983: Knowledge of computer networking principles and practices
K0984: Knowledge of web security principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0989: Knowledge of intelligence information repositories
K0990: Knowledge of cyber operations principles and practices
K0994: Knowledge of denial and deception tools and techniques
K0995: Knowledge of dynamic targeting principles and practices
K0996: Knowledge of deliberate targeting principles and practices
K1002: Knowledge of supervisory control and data acquisition (SCADA) systems and software
K1003: Knowledge of targeting governing authorities
K1005: Knowledge of intelligence collection capabilities and applications
K1006: Knowledge of intelligence cycle principles and practices
K1008: Knowledge of intelligence support activities
K1009: Knowledge of threat intelligence principles and practices
K1010: Knowledge of intelligence policies and procedures
K1011: Knowledge of network addressing principles and practices
K1012: Knowledge of malware characteristics
K1014: Knowledge of network security principles and practices
K1017: Knowledge of operational effectiveness assessment principles and practices
K1019: Knowledge of operations security (OPSEC) principles and practices
K1023: Knowledge of network exploitation tools and techniques
K1028: Knowledge of target development principles and practices
K1035: Knowledge of target research tools and techniques
K1040: Knowledge of target estimated recovery times
K1042: Knowledge of target selection policies and procedures
K1049: Knowledge of routing protocols
K1059: Knowledge of request for information processes
K1064: Knowledge of Request For Information (RFI) processes
K1066: Knowledge of threat behaviors
K1067: Knowledge of target behaviors
K1068: Knowledge of threat systems and software
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1104: Knowledge of geospatial data analysis tools and techniques
K1106: Knowledge of targeting databases
K1107: Knowledge of targeting systems and software
K1109: Knowledge of virtual collaborative workspace tools and techniques
K1167: Knowledge of information sanitization methods
K1232: Knowledge of targeting products

Skill statements

S0111: Skill in interfacing with customers
S0194: Skill in conducting non-attributable research
S0208: Skill in determining the physical location of network devices
S0248: Skill in performing target system analysis
S0375: Skill in developing information requirements
S0385: Skill in communicating complex concepts
S0430: Skill in collaborating with others
S0433: Skill in creating analytics
S0434: Skill in extrapolating from incomplete data sets
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0443: Skill in mitigating cognitive biases
S0444: Skill in mitigating deception in reporting and analysis
S0494: Skill in performing operational environment analysis
S0497: Skill in developing client organization profiles
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0506: Skill in identifying customer information needs
S0509: Skill in evaluating security products
S0511: Skill in establishing priorities
S0512: Skill in extracting metadata
S0514: Skill in preparing operational environments
S0515: Skill in identifying partner capabilities
S0534: Skill in developing target lists
S0535: Skill in performing threat factor analysis
S0537: Skill in designing wireless communications systems
S0566: Skill in developing signatures
S0567: Skill in deploying signatures
S0600: Skill in collecting relevant data from a variety of sources
S0610: Skill in communicating effectively
S0673: Skill in translating operational requirements into security controls
S0693: Skill in assessing effects generated during and after cyber operations
S0696: Skill in conducting deep web research
S0702: Skill in defining an operational environment
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0712: Skill in evaluating data source quality
S0713: Skill in evaluating information quality
S0714: Skill in performing fusion analysis
S0718: Skill in identifying cybersecurity threats
S0719: Skill in identifying intelligence gaps
S0728: Skill in preparing briefings
S0740: Skill in creating target materials
S0744: Skill in performing technical writing
S0748: Skill in querying data
S0750: Skill in applying geospatial resources
S0751: Skill in conducting open-source searches
S0756: Skill in incorporating feedback
S0777: Skill in developing collection strategies
S0779: Skill in determining information requirements
S0780: Skill in fulfilling information requests
S0791: Skill in presenting to an audience
S0801: Skill in assessing partner operations capabilities
S0802: Skill in assessing partner intelligence processes
S0847: Skill in performing all-source intelligence analysis
S0866: Skill in performing log file analysis
S0869: Skill in performing metadata analysis
S0876: Skill in performing nodal analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)