Attention: CISA Learning is now available for External Users! The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users should wait to access CISA Learning until the system is ready for internal use in the coming days.

CE-WRL-007

Target Network Analysis

Responsible for conducting advanced analysis of collection and open-source data to ensure target continuity; profiling targets and their activities; and developing techniques to gain target information. Determines how targets communicate, move, operate, and live based on knowledge of target technologies, digital networks, and applications.

Task statements

T0624: Conduct target research and analysis
T0650: Determine what technologies are used by a given target
T0707: Generate requests for information
T0718: Identify intelligence gaps and shortfalls
T0778: Profile targets and their activities
T1020: Determine the operational and safety impacts of cybersecurity lapses
T1032: Determine cyber operation objectives
T1053: Identify and characterize intrusion activities against a victim or target
T1055: Determine if priority information requirements are satisfied
T1084: Identify anomalous network activity
T1085: Identify potential threats to network resources
T1118: Identify vulnerabilities
T1119: Recommend vulnerability remediation strategies
T1489: Correlate incident data
T1638: Recommend cyber operation targets
T1642: Advise stakeholders on course of action development
T1655: Classify documents
T1661: Assess all-source data for intelligence or vulnerability value
T1662: Identify information essential to intelligence collection operations
T1675: Determine validity and relevance of information gathered about networks
T1677: Develop intelligence collection plans
T1698: Collect target information
T1732: Determine effectiveness of network analysis strategies
T1737: Develop intelligence collection strategies
T1743: Identify information collection gaps
T1745: Identify gaps in understanding of target technology
T1801: Determine validity and relevance of information
T1802: Prepare network reports
T1806: Research communications trends in emerging technologies
T1835: Determine if intelligence requirements and collection plans are accurate and up-to-date
T1840: Analyze target communications

Knowledge statements

K0480: Knowledge of malware
K0551: Knowledge of targeting cycles
K0655: Knowledge of intelligence fusion
K0658: Knowledge of cognitive biases
K0674: Knowledge of computer networking protocols
K0675: Knowledge of risk management processes
K0676: Knowledge of cybersecurity laws and regulations
K0677: Knowledge of cybersecurity policies and procedures
K0678: Knowledge of privacy laws and regulations
K0679: Knowledge of privacy policies and procedures
K0680: Knowledge of cybersecurity principles and practices
K0681: Knowledge of privacy principles and practices
K0682: Knowledge of cybersecurity threats
K0683: Knowledge of cybersecurity vulnerabilities
K0684: Knowledge of cybersecurity threat characteristics
K0689: Knowledge of network infrastructure principles and practices
K0698: Knowledge of cryptographic key management principles and practices
K0710: Knowledge of enterprise cybersecurity architecture principles and practices
K0716: Knowledge of host access control (HAC) systems and software
K0717: Knowledge of network access control (NAC) systems and software
K0718: Knowledge of network communications principles and practices
K0732: Knowledge of intrusion detection tools and techniques
K0751: Knowledge of system threats
K0752: Knowledge of system vulnerabilities
K0766: Knowledge of data asset management principles and practices
K0773: Knowledge of telecommunications principles and practices
K0786: Knowledge of physical computer components
K0787: Knowledge of computer peripherals
K0791: Knowledge of defense-in-depth principles and practices
K0792: Knowledge of network configurations
K0812: Knowledge of digital communication systems and software
K0844: Knowledge of cyber attack stages
K0845: Knowledge of cyber intrusion activity phases
K0857: Knowledge of malware analysis tools and techniques
K0860: Knowledge of malware signature principles and practices
K0915: Knowledge of network architecture principles and practices
K0916: Knowledge of malware analysis principles and practices
K0925: Knowledge of wireless communication tools and techniques
K0926: Knowledge of signal jamming tools and techniques
K0942: Knowledge of cryptology principles and practices
K0960: Knowledge of content management system (CMS) capabilities and applications
K0962: Knowledge of targeting laws and regulations
K0963: Knowledge of exploitation laws and regulations
K0969: Knowledge of cyber-attack tools and techniques
K0977: Knowledge of intelligence collection management tools and techniques
K0979: Knowledge of information searching tools and techniques
K0980: Knowledge of intelligence collection sources
K0983: Knowledge of computer networking principles and practices
K0984: Knowledge of web security principles and practices
K0986: Knowledge of target selection criticality factors
K0987: Knowledge of target selection vulnerability factors
K0990: Knowledge of cyber operations principles and practices
K0994: Knowledge of denial and deception tools and techniques
K1003: Knowledge of targeting governing authorities
K1004: Knowledge of reporting policies and procedures
K1010: Knowledge of intelligence policies and procedures
K1011: Knowledge of network addressing principles and practices
K1012: Knowledge of malware characteristics
K1014: Knowledge of network security principles and practices
K1019: Knowledge of operations security (OPSEC) principles and practices
K1028: Knowledge of target development principles and practices
K1041: Knowledge of target intelligence gathering tools and techniques
K1042: Knowledge of target selection policies and procedures
K1043: Knowledge of target characteristics
K1051: Knowledge of collection data flow from origin into repositories and tools
K1059: Knowledge of request for information processes
K1064: Knowledge of Request For Information (RFI) processes
K1100: Knowledge of analytical tools and techniques
K1101: Knowledge of analytics
K1104: Knowledge of geospatial data analysis tools and techniques
K1116: Knowledge of classification guidelines
K1128: Knowledge of customer requirements
K1174: Knowledge of network components

Skill statements

S0111: Skill in interfacing with customers
S0177: Skill in performing network analysis on targets
S0194: Skill in conducting non-attributable research
S0208: Skill in determining the physical location of network devices
S0248: Skill in performing target system analysis
S0385: Skill in communicating complex concepts
S0430: Skill in collaborating with others
S0433: Skill in creating analytics
S0434: Skill in extrapolating from incomplete data sets
S0435: Skill in analyzing large data sets
S0436: Skill in creating target intelligence products
S0438: Skill in functioning effectively in a dynamic, fast-paced environment
S0443: Skill in mitigating cognitive biases
S0444: Skill in mitigating deception in reporting and analysis
S0497: Skill in developing client organization profiles
S0499: Skill in performing intelligence collection analysis
S0503: Skill in selecting targets
S0504: Skill in identifying vulnerabilities
S0505: Skill in performing intrusion data analysis
S0506: Skill in identifying customer information needs
S0507: Skill in collecting terminal or environment data
S0509: Skill in evaluating security products
S0511: Skill in establishing priorities
S0512: Skill in extracting metadata
S0515: Skill in identifying partner capabilities
S0521: Skill in integrating information
S0522: Skill in summarizing information
S0536: Skill in applying target templates
S0537: Skill in designing wireless communications systems
S0558: Skill in developing algorithms
S0559: Skill in performing data structure analysis
S0566: Skill in developing signatures
S0567: Skill in deploying signatures
S0579: Skill in preparing reports
S0600: Skill in collecting relevant data from a variety of sources
S0610: Skill in communicating effectively
S0673: Skill in translating operational requirements into security controls
S0688: Skill in performing network data analysis
S0690: Skill in performing midpoint collection data analysis
S0696: Skill in conducting deep web research
S0697: Skill in analyzing social networks
S0702: Skill in defining an operational environment
S0704: Skill in performing target analysis
S0709: Skill in developing analytics
S0712: Skill in evaluating data source quality
S0714: Skill in performing fusion analysis
S0716: Skill in identifying target communications networks
S0718: Skill in identifying cybersecurity threats
S0719: Skill in identifying intelligence gaps
S0724: Skill in managing client relationships
S0726: Skill in performing data normalization
S0734: Skill in identifying technical information
S0740: Skill in creating target materials
S0743: Skill in identifying network anomalies
S0744: Skill in performing technical writing
S0750: Skill in applying geospatial resources
S0753: Skill in reconstructing target networks
S0777: Skill in developing collection strategies
S0779: Skill in determining information requirements
S0780: Skill in fulfilling information requests
S0791: Skill in presenting to an audience
S0847: Skill in performing all-source intelligence analysis
S0854: Skill in performing data analysis
S0866: Skill in performing log file analysis
S0869: Skill in performing metadata analysis
S0871: Skill in performing network analysis
S0876: Skill in performing nodal analysis
S0888: Skill in performing target communications analysis

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)