CE-WRL-007

Target Network Analysis

Responsible for conducting advanced analysis of collection and open-source data to ensure target continuity; profiling targets and their activities; and developing techniques to gain target information. Determines how targets communicate, move, operate, and live based on knowledge of target technologies, digital networks, and applications.

Task statements

T0624: Conduct target research and analysis
T0650: Determine what technologies are used by a given target
T0707: Generate requests for information
T0718: Identify intelligence gaps and shortfalls
T0778: Profile targets and their activities
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1032: Determine cyber operation objectives
T1053: Identify and characterize intrusion activities against a victim or target
T1055: Determine if priority information requirements are satisfied
T1084: Identify anomalous network activity
T1085: Identify potential threats to network resources
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1489: Correlate incident data
T1638: Recommend cyber operation targets
T1642: Advise stakeholders on course of action development
T1655: Classify documents
T1661: Assess all-source data for intelligence or vulnerability value
T1662: Identify information essential to intelligence collection operations
T1675: Determine validity and relevance of information gathered about networks
T1677: Develop intelligence collection plans
T1698: Collect target information
T1732: Determine effectiveness of network analysis strategies
T1737: Develop intelligence collection strategies
T1743: Identify information collection gaps
T1745: Identify gaps in understanding of target technology
T1801: Determine validity and relevance of information
T1802: Prepare network reports
T1806: Research communications trends in emerging technologies
T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date
T1840: Analyze target communications

Knowledge statements

K0480: Knowledge of malware
K0551: Knowledge of targeting cycles
K0655: Knowledge of intelligence fusion
K0658: Knowledge of cognitive biases
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0698: Knowledge of cryptographic key management principles and practices
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0718: Knowledge of network communications principles and practices
K0732: Knowledge of intrusion detection tools and techniques
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0766: Knowledge of data asset management principles and practices
K0773: Knowledge of telecommunications principles and practices
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0791: Knowledge of defense-in-depth principles and practices
K0792: Knowledge of network configurations
K0812: Knowledge of digital communication systems and software
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0857: Knowledge of malware analysis tools and techniques
K0860: Knowledge of malware signature principles and practices
K0915: Knowledge of network architecture principles and practices
K0916: Knowledge of malware analysis principles and practices
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0942: Knowledge of cryptology principles and practices
K0960: Knowledge of content management system (CMS) capabilities and applications
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0969: Knowledge of cyber-attack tools and techniques
K0977: Knowledge of intelligence collection management tools and techniques
K0979: Knowledge of information searching tools and techniques
K0980: Knowledge of intelligence collection sources
K0983: Knowledge of computer networking principles and practices
K0984: Knowledge of web security principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0990: Knowledge of cyber operations principles and practices
K0994: Knowledge of denial and deception tools and techniques
K1003: Knowledge of targeting governing authorities
K1004: Knowledge of reporting policies and procedures
K1010: Knowledge of intelligence policies and procedures
K1011: Knowledge of network addressing principles and practices
K1012: Knowledge of malware characteristics
K1014: Knowledge of network security principles and practices
K1019: Knowledge of operations security (OPSEC) principles and practices
K1028: Knowledge of target development principles and practices
K1041: Knowledge of target intelligence gathering tools and techniques
K1042: Knowledge of target selection policies and procedures
K1043: Knowledge of target characteristics
K1051: Knowledge of collection data flow from origin into repositories and tools
K1059: Knowledge of request for information processes
K1064: Knowledge of Request For Information (RFI) processes
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1104: Knowledge of geospatial data analysis tools and techniques
K1116: Knowledge of classification guidelines
K1128: Knowledge of customer requirements
K1174: Knowledge of network components

Skill statements

S0111: Skill in interfacing with customers
S0177: Skill in performing network analysis on targets
S0194: Skill in conducting non-attributable research
S0208: Skill in determining the physical location of network devices
S0248: Skill in performing target system analysis
S0385: Skill in communicating complex concepts
S0430: Skill in collaborating with others
S0433: Skill in creating analytics
S0434: Skill in extrapolating from incomplete data sets
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0443: Skill in mitigating cognitive biases
S0444: Skill in mitigating deception in reporting and analysis
S0497: Skill in developing client organization profiles
S0499: Skill in performing intelligence collection analysis
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0506: Skill in identifying customer information needs
S0507: Skill in collecting terminal or environment data
S0509: Skill in evaluating security products
S0511: Skill in establishing priorities
S0512: Skill in extracting metadata
S0515: Skill in identifying partner capabilities
S0521: Skill in integrating information
S0522: Skill in summarizing information
S0536: Skill in applying target templates
S0537: Skill in designing wireless communications systems
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0566: Skill in developing signatures
S0567: Skill in deploying signatures
S0579: Skill in preparing reports
S0600: Skill in collecting relevant data from a variety of sources
S0610: Skill in communicating effectively
S0673: Skill in translating operational requirements into security controls
S0688: Skill in performing network data analysis
S0690: Skill in performing midpoint collection data analysis
S0696: Skill in conducting deep web research
S0697: Skill in analyzing social networks
S0702: Skill in defining an operational environment
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0712: Skill in evaluating data source quality
S0714: Skill in performing fusion analysis
S0716: Skill in identifying target communications networks
S0718: Skill in identifying cybersecurity threats
S0719: Skill in identifying intelligence gaps
S0724: Skill in managing client relationships
S0726: Skill in performing data normalization
S0734: Skill in identifying technical information
S0740: Skill in creating target materials
S0743: Skill in identifying network anomalies
S0744: Skill in performing technical writing
S0750: Skill in applying geospatial resources
S0753: Skill in reconstructing target networks
S0777: Skill in developing collection strategies
S0779: Skill in determining information requirements
S0780: Skill in fulfilling information requests
S0791: Skill in presenting to an audience
S0847: Skill in performing all-source intelligence analysis
S0854: Skill in performing data analysis
S0866: Skill in performing log file analysis
S0869: Skill in performing metadata analysis
S0871: Skill in performing network analysis
S0876: Skill in performing nodal analysis
S0888: Skill in performing target communications analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)