Target Network Analyst

Target Network Analyst Work Role ID: 132 (NIST: AN-TD-002) Category/Specialty Area: Analyze / Targets Workforce Element: Cyberspace Effects

Conducts advanced analysis of collection and open-source data to ensure target continuity; to profile targets and their activities; and develop techniques to gain more target information. Determines how targets communicate, move, operate and live based on knowledge of target technologies, digital networks and the applications on them.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
264

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2081

Classify documents in accordance with classification guidelines.

Task
2089

Collaborate with other customer, Intelligence and targeting organizations involved in related cyber areas.

Task
2099

Compile, integrate, and/or interpret all-source data for intelligence or vulnerability value with respect to specific targets.

Task
2121

Conduct nodal analysis.

Task
2127

Conduct quality control in order to determine validity and relevance of information gathered about networks.

Task
2134

Conduct target research and analysis.

Task
2243

Determine what technologies are used by a given target.

Task
2251

Apply analytic techniques to gain more target information.

Task
2427

Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.)

Task
2441

Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.

Task
2469

Identify network components and their functionality to enable analysis and target development.

Task
2639

Perform content and/or metadata analysis to meet organization objectives.

Task
2719

Profile targets and their activities.

Task
2779

Review appropriate information sources to determine validity and relevance of information gathered.

Task
2781

Reconstruct networks in diagram or report format.

Task
2798

Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources.

Task
3001

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability
3002

Ability to focus research efforts to meet the customer’s decision-making needs.

Ability
3020

Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information.

Ability
3022

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability
3039

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability
3043

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Ability
3044

Ability to exercise judgment when policies are not well-defined.

Ability
3047

Ability to function effectively in a dynamic, fast-paced environment.

Ability
3048

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability
3052

Ability to identify intelligence gaps.

Ability
3077

Ability to think critically.

Ability
3078

Knowledge of target methods and procedures.

Knowledge
3081

Ability to utilize multiple intelligence sources across all intelligence disciplines.

Ability
3095

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge
3106

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge
3113

Knowledge of target intelligence gathering and operational preparation techniques and life cycles.

Knowledge
3172

Knowledge of collection sources including conventional and non-conventional sources.

Knowledge
3177

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge
3188

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge
3291

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge
3298

Knowledge of how to extract, analyze, and use metadata.

Knowledge
3382

Knowledge of methods to integrate and summarize information from any potential sources.

Knowledge
3407

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge
3418

Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors).

Knowledge
3441

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge
3450

Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure.

Knowledge
3564

Knowledge of the data flow from collection origin to repositories and tools.

Knowledge
3608

Knowledge of the purpose and contribution of target templates.

Knowledge
3616

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge
3617

Knowledge of the structure, architecture, and design of modern wireless communications systems.

Knowledge
3664

Skill in identifying how a target communicates.

Skill
3667

Skill in analyzing a target’s communication networks.

Skill
3670

Skill in analyzing terminal or environment collection data.

Skill
3671

Skill in analyzing essential network data (e.g., router configuration files, routing protocols).

Skill
3674

Skill in analyzing midpoint collection data.

Skill
3689

Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses).

Skill
3692

Skill in assessing the applicability of available analytical tools to various situations.

Skill
3704

Skill in conducting non-attributable research.

Skill
3708

Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis.

Skill
3724

Skill in defining and characterizing all pertinent aspects of the operational environment.

Skill
3742

Skill in determining the physical location of network devices.

Skill
3771

Skill in evaluating data sources for relevance, reliability, and objectivity.

Skill
3773

Skill in evaluating information to recognize relevance, priority, etc.

Skill
3778

Skill in exploiting/querying organizational and/or partner collection databases.

Skill
3787

Skill in identifying a target’s communications networks.

Skill
3793

Skill in identifying critical target elements, to include critical target elements for the cyber domain.

Skill
3797

Skill in identifying leads for target development.

Skill
3831

Skill in number normalization.

Skill
3842

Skill in performing target system analysis.

Skill
3851

Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.

Skill
3861

Skill in recognizing denial and deception techniques of the target.

Skill
3864

Skill in recognizing relevance of information.

Skill
3865

Skill in recognizing significant changes in a target’s communication patterns.

Skill
3866

Skill in recognizing technical information that may be used for leads for metadata analysis.

Skill
3873

Skill in researching essential information.

Skill
3880

Skill in reviewing and editing target materials.

Skill
3885

Skill in fusion analysis

Skill
3895

Skill in target network anomaly identification (e.g., intrusions, dataflow or processing, target implementation of new technologies).

Skill
3908

Skill in using research methods including multiple, different sources to reconstruct a target network.

Skill
3915

Skill in using geospatial data and applying geospatial resources.

Skill
3951

Skill in writing about facts and ideas in a clear, convincing, and organized manner.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
2059

Provide expertise to course of action development.

Task
2101

Identify and conduct analysis of target communications to identify information essential to support operations.

Task
2393

Generate and evaluate the effectiveness of network analysis strategies.

Task
2429

Generate requests for information.

Task
2453

Identify collection gaps and potential collection strategies against targets.

Task
2568

Make recommendations to guide collection in support of customer requirements.

Task
2628A

Provide subject matter expertise to development of exercises.

Task
2767

Provide target recommendations which meet leadership objectives.

Task
3073

Ability to recognize and mitigate cognitive biases which may affect analysis.

Ability
3074

Ability to recognize and mitigate deception in reporting and analysis.

Ability
3107

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge
3129

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge
3137

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge
3155

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge
3158

Knowledge of cyber operation objectives, policies, and legalities.

Knowledge
3237

Knowledge of denial and deception techniques.

Knowledge
3262

Knowledge of evolving/emerging communications technologies.

Knowledge
3274

Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects.

Knowledge
3281

Knowledge of governing authorities for targeting.

Knowledge
3286

Knowledge of host-based security products and how they affect exploitation and vulnerability.

Knowledge
3288

Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless).

Knowledge
3292

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge
3338

Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.

Knowledge
3348

Knowledge of intrusion detection systems and signature development.

Knowledge
3349

Knowledge of intrusion sets.

Knowledge
3372

Knowledge of malware analysis and characteristics.

Knowledge
3534

Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference.

Knowledge
3542

Knowledge of the basic structure, architecture, and design of converged applications.

Knowledge
3627

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Knowledge
3699

Skill in conducting research using deep web.

Skill
3737

Skill in determining appropriate targeting options through the evaluation of available capabilities against desired effects.

Skill
3794

Skill in identifying cyber threats which may jeopardize organization and/or partner interests.

Skill
3822

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Skill
3890

Skill in synthesizing, analyzing, and prioritizing meaning across data sets.

Skill