Digital Network Exploitation Analyst

Digital Network Exploitation Analyst Work Role ID: 122 (NIST: N/A) Workforce Element: Cyberspace Effects

The DNEA analyzes intercepted intelligence information for metadata and content. They use this data to reconstruct and document target networks to judge the intelligence value and maintain target continuity. DNEAs understand and analyze target implementation of communication technologies and digital network systems. They discover methods and suggest strategies to exploit specific target networks, computer systems, or specific hardware and/or software.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
4396

Knowledge of basic cloud-based technologies and concepts.

Knowledge
4399

Knowledge of basic Embedded Systems concepts.

Knowledge
4401

Knowledge of basic reconnaissance activity concepts and techniques (foot printing, scanning and enumeration).

Knowledge
4420

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge
4423

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge
4428

Knowledge of cybersecurity concepts and principles.

Knowledge
4431

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
4460

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge
4470

Knowledge of intelligence sources and their characteristics.

Knowledge
4490

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize all-source information pertaining to target.

Knowledge
4523

Knowledge of quality review process and procedures.

Knowledge
4533

Knowledge of SIGINT laws and directives.

Knowledge
4539

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge
4570

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge
4578

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge
4582

Knowledge of the U.S. Cryptologic Systems authorities, responsibilities, and contributions to the cyberspace operations mission.

Knowledge
4601

Skill in analyzing endpoint collection data.

Skill
4620

Skill in developing and maintaining target profiles.

Skill
4631

Skill in geolocating targets.

Skill
4643

Skill in operational use of raw collection databases.

Skill
4645

Skill in performing data fusion from all-source intelligence for geospatial analysis.

Skill
4646

Skill in performing data fusion from all-source intelligence for network analysis and reconstruction (e.g., Single Table Inheritance (STIs), network maps).

Skill
4647

Skill in performing data fusion from all-source intelligence.

Skill
4651

Skill in providing feedback to enhance future collection and analysis.

Skill
4656

Skill in recognizing exploitation opportunities.

Skill
4659

Skill in recognizing the value of survey data.

Skill
4667

Skill in selector normalization.

Skill
4669

Skill in targeting (e.g., selectors).

Skill
8011

Apply and/or develop analytic techniques to provide better intelligence.

Task
8013

Apply customer requirements to the analysis process.

Task
8023

Assist planners in the development of courses of action

Task
8063

Develop analytical techniques to gain more target information.

Task
8064

Develop and lead exercises

Task
8065

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Task
8081

Document and disseminate analytic findings.

Task
8090

Enable targeting offices to find new sources of collection.

Task
8100

Evaluate the strengths and weaknesses of the intelligence source.

Task
8101

Evaluate threat critical capabilities, requirements, and vulnerabilities.

Task
8102

Facilitate collaboration with customers, Intelligence and targeting organizations involved in related cyber areas.

Task
8108

Identify and facilitate partner relationships to enhance mission capabilities

Task
8128

Lead work role working groups/planning and development forums

Task
8137

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Task
8138

Mitigate collection gaps

Task
8145

Perform network analysis to support new or continued collection.

Task
8157

Produce digital network intelligence against specific named target sets.

Task
8164

Provide expertise in support of operational effects generated through cyber activities.

Task
8173

Provide intel target recommendations which meet leadership objectives.

Task
8191

Select, build, and develop query strategies against appropriate collection databases.

Task
8205

Understand technologies used by a given target

Task
8206

Understand TTPs and methodologies to enable access ops or access vector opportunities.

Task