Cyber Operations Planner

Cyber Operations Planner Work Role ID: 332 (NIST: CO-PL-002) Workforce Element: Cyberspace Effects

Develops detailed plans for the conduct or support of the applicable range of cyber operations through collaboration with other planners, operators and/or analysts. Participates in targeting selection, validation, synchronization, and enables integration during the execution of cyber actions.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

KSA
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
270

Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities).

Knowledge
2009

Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives.

Task
2052

Assess target vulnerabilities and/or operational capabilities to determine course of action.

Task
2058

Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.

Task
2073

Provide input to the identification of cyber-related success criteria.

Task
2130

Develop, review and implement all levels of planning guidance in support of cyber operations.

Task
2159

Contribute to crisis action planning for cyber operations.

Task
2160

Contribute to the development of the organization’s decision support tools if necessary.

Task
2186

Coordinate, produce and track intelligence requirements.

Task
2237

Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives.

Task
2265

Develop and maintain deliberate and/or crisis plans.

Task
2266

Develop and review specific cyber operations guidance for integration into broader planning activities.

Task
2272

Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives.

Task
2327

Develop, implement, and recommend changes to appropriate planning procedures and policies.

Task
2365

Ensure operational planning efforts are effectively transitioned to current operations.

Task
2368

Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines.

Task
2386

Evaluate intelligence estimates to support the planning cycle.

Task
2417

Facilitate the sharing of ā€œbest practicesā€ and ā€œlessons learnedā€ throughout the cyber operations community.

Task
2424

Incorporate cyber operations and communications security support plans into organization objectives.

Task
2425

Incorporate intelligence and counterintelligence to support plan development.

Task
2446

Identify and submit intelligence requirements for the purposes of designating priority information requirements.

Task
2459

Identify intelligence gaps and shortfalls.

Task
2459A

Identify cyber intelligence gaps and shortfalls.

Task
2509

Provide input to or develop courses of action based on threat factors.

Task
2524

Integrate cyber planning/targeting efforts with other organizations.

Task
2528

Interpret environment preparations assessments to determine a course of action.

Task
2529

Issue requests for information.

Task
2531

Knowledge of organizational planning concepts.

Knowledge
2558

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Task
2561

Maintain situational awareness of cyber-related intelligence requirements and associated tasking.

Task
2562

Maintain situational awareness of partner capabilities and activities.

Task
2590

Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives.

Task
2621

Provide SME and support to planning/developmental forums and working groups as appropriate.

Task
2624

Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.

Task
2626

Provide subject matter expertise to planning efforts with internal and external cyber operations partners.

Task
2628

Participate in exercises.

Task
2752

Provide input to the administrative and logistical elements of an operational support plan.

Task
2770

Provide time sensitive targeting support.

Task
2806

Review and comprehend organizational leadership objectives and guidance for planning.

Task
2837

Submit or respond to requests for deconfliction of cyber operations.

Task
2888

Document lessons learned that convey the results of events and/or exercises.

Task
3001

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability
3011

Ability to apply critical reading/thinking skills.

Ability
3021

Ability to collaborate effectively with others.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3033

Ability to coordinate cyber operations with other organization functions or support activities.

Ability
3044

Ability to exercise judgment when policies are not well-defined.

Ability
3054

Ability to identify external partners with common cyber operations interests.

Ability
3076

Ability to tailor technical and planning information to a customerā€™s level of understanding.

Ability
3098

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge
3106

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge
3114

Knowledge of all forms of intelligence support needs, topics, and focus areas.

Knowledge
3146

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3154

Knowledge of classification and control markings standards, policies and procedures.

Knowledge
3159

Knowledge of cyber operations support or enabling processes.

Knowledge
3194

Knowledge of crisis action planning and time sensitive planning procedures.

Knowledge
3211

Knowledge of cyber laws and legal considerations and their effect on cyber planning.

Knowledge
3218

Knowledge of cyber operations terminology/lexicon.

Knowledge
3219

Knowledge of cyber operations.

Knowledge
3225

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge
3235

Knowledge of deconfliction processes and procedures.

Knowledge
3257

Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities.

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3264

Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.

Knowledge
3268

Knowledge of staff management, assignment, and allocation processes.

Knowledge
3271

Knowledge of internal and external partner cyber operations capabilities and tools.

Knowledge
3287

Knowledge of how collection requirements and information needs are translated, tracked, and prioritized across the extended enterprise.

Knowledge
3293

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge
3338

Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.

Knowledge
3342

Knowledge of intelligence support to planning, execution, and assessment.

Knowledge
3356

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge
3358

Knowledge of organizational hierarchy and cyber decision making processes.

Knowledge
3374

Knowledge of malware.

Knowledge
3391

Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning.

Knowledge
3419

Knowledge of organization or partner exploitation of digital networks.

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3463

Knowledge of required intelligence planning products associated with cyber operational planning.

Knowledge
3489

Knowledge of organizational structures and associated intelligence capabilities.

Knowledge
3571

Knowledge of the organizational planning and staffing process.

Knowledge
3572

Knowledge of organization decision support tools and/or methods.

Knowledge
3582

Knowledge of the intelligence frameworks, processes, and related systems.

Knowledge
3585

Knowledge of accepted organization planning systems.

Knowledge
3605

Knowledge of the information environment.

Knowledge
3607

Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process.

Knowledge
3610

Knowledge of the relationships between end states, objectives, effects, lines of operation, etc.

Knowledge
3615

Knowledge of the structure and intent of organization specific plans, guidance and authorizations.

Knowledge
3616

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge
3638

Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations.

Knowledge
3665

Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.

Skill
3766

Skill in documenting and communicating complex technical and programmatic information.

Skill
3772

Skill in evaluating information for reliability, validity, and relevance.

Skill
3844

Skill in preparing and presenting briefings.

Skill
3976

Skill to apply the process used to assess the performance and impact of cyber operations.

Skill
3998

Skill to craft indicators of operational progress/success.

Skill
4008

Skill to distinguish between notional and actual resources and their applicability to the plan under development.

Skill
4058

Skill to synchronize operational assessment procedures with the critical information requirement process.

Skill
4106

Knowledge of analytic tools and techniques.

Knowledge
4451

Knowledge of the full-spectrum of cyberspace operational missions (e.g., DODIN Operations, DCO, OCO), principles, capabilities, limitations, and effects.

KSA
4471

Knowledge of intelligence/SIGINT reporting and dissemination procedures.

KSA
8069

Develop cyberspace operations TTPs for integration into operational and tactical levels of planning.

Task