AN-TGT-002 Target Network Analyst

Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.

Conducts advanced analysis of collection and open-source data to ensure target continuity; to profile targets and their activities; and develop techniques to gain more target information. Determines how targets communicate, move, operate and live based on knowledge of target technologies, digital networks, and the applications on them.

Knowledges 45

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0108	Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless).	11
K0109	Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).	15
K0177	Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).	12
K0349	Knowledge of website types, administration, functions, and content management system (CMS).	8
K0362	Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).	9
K0379	Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.	7
K0389	Knowledge of collection sources including conventional and non-conventional sources.	1
K0392	Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).	9
K0395	Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).	10
K0403	Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.	5
K0413	Knowledge of cyber operation objectives, policies, and legalities.	3
K0424	Knowledge of denial and deception techniques.	1
K0431	Knowledge of evolving/emerging communications technologies.	11
K0436	Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects.	8
K0439	Knowledge of governing authorities for targeting.	2
K0440	Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.	8
K0442	Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless).	1
K0444	Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).	11
K0445	Knowledge of how modern digital and telephony networks impact cyber operations.	9
K0449	Knowledge of how to extract, analyze, and use metadata.	7
K0462	Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.	2
K0471	Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).	9
K0472	Knowledge of intrusion detection systems and signature development.	1
K0473	Knowledge of intrusion sets.	3
K0479	Knowledge of malware analysis and characteristics.	2
K0483	Knowledge of methods to integrate and summarize information from any potential sources.	1
K0487	Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).	4
K0499	Knowledge of operations security.	8
K0500	Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors).	1
K0516	Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.	10
K0520	Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure.	2
K0544	Knowledge of target intelligence gathering and operational preparation techniques and life cycles.	2
K0547	Knowledge of target methods and procedures.	2
K0550	Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference.	2
K0559	Knowledge of the basic structure, architecture, and design of converged applications.	2
K0567	Knowledge of the data flow from collection origin to repositories and tools.	2
K0592	Knowledge of the purpose and contribution of target templates.	1
K0599	Knowledge of the structure, architecture, and design of modern digital and telephony networks.	5
K0600	Knowledge of the structure, architecture, and design of modern wireless communications systems.	2

Skills 36

Code	Description	Work Roles
S0177	Skill in analyzing a target's communication networks.	2
S0178	Skill in analyzing essential network data (e.g., router configuration files, routing protocols).	1
S0181	Skill in analyzing midpoint collection data.	1
S0183	Skill in analyzing terminal or environment collection data.	2
S0187	Skill in applying various analytical methods, tools, and techniques (e.g., competing hypotheses; chain of reasoning; scenario methods; denial and deception detection; high impact-low probability; network/association or link analysis; Bayesian, Delphi, and Pattern analyses).	3
S0191	Skill in assessing the applicability of available analytical tools to various situations.	1
S0194	Skill in conducting non-attributable research.	5
S0196	Skill in conducting research using deep web.	3
S0197	Skill in conducting social network analysis, buddy list analysis, and/or cookie analysis.	1
S0203	Skill in defining and characterizing all pertinent aspects of the operational environment.	6
S0205	Skill in determining appropriate targeting options through the evaluation of available capabilities against desired effects.	2
S0208	Skill in determining the physical location of network devices.	2
S0217	Skill in evaluating data sources for relevance, reliability, and objectivity.	2
S0219	Skill in evaluating information to recognize relevance, priority, etc.	1
S0220	Skill in exploiting/querying organizational and/or partner collection databases.	1
S0222	Skill in fusion analysis	2
S0225	Skill in identifying a target’s communications networks.	1
S0228	Skill in identifying critical target elements, to include critical target elements for the cyber domain.	4
S0229	Skill in identifying cyber threats which may jeopardize organization and/or partner interests.	5
S0231	Skill in identifying how a target communicates.	1
S0234	Skill in identifying leads for target development.	2
S0244	Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.	3
S0246	Skill in number normalization.	1
S0248	Skill in performing target system analysis.	3
S0256	Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.	5
S0259	Skill in recognizing denial and deception techniques of the target.	2
S0261	Skill in recognizing relevance of information.	1
S0262	Skill in recognizing significant changes in a target’s communication patterns.	2
S0263	Skill in recognizing technical information that may be used for leads for metadata analysis.	1
S0268	Skill in researching essential information.	1
S0274	Skill in reviewing and editing target materials.	2
S0277	Skill in synthesizing, analyzing, and prioritizing meaning across data sets.	2
S0280	Skill in target network anomaly identification (e.g., intrusions, dataflow or processing, target implementation of new technologies).	2
S0287	Skill in using geospatial data and applying geospatial resources.	2
S0291	Skill in using research methods including multiple, different sources to reconstruct a target network.	1
S0301	Skill in writing about facts and ideas in a clear, convincing, and organized manner.	2

Abilities 14

Code	Description	Work Roles
A0013	Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.	14
A0066	Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.	12
A0073	Ability to clearly articulate intelligence requirements into well-formulated research questions and requests for information.	2
A0080	Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.	6
A0084	Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.	7
A0085	Ability to exercise judgment when policies are not well-defined.	9
A0087	Ability to focus research efforts to meet the customer’s decision-making needs.	6
A0088	Ability to function effectively in a dynamic, fast-paced environment.	7
A0089	Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.	13
A0091	Ability to identify intelligence gaps.	6
A0101	Ability to recognize and mitigate cognitive biases which may affect analysis.	6
A0102	Ability to recognize and mitigate deception in reporting and analysis.	5
A0106	Ability to think critically.	9
A0109	Ability to utilize multiple intelligence sources across all intelligence disciplines.	6

Tasks 24

Code	Description	Work Roles
T0582	Provide expertise to course of action development.	5
T0595	Classify documents in accordance with classification guidelines.	1
T0599	Collaborate with other customer, Intelligence and targeting organizations involved in related cyber areas.	2
T0767	Perform content and/or metadata analysis to meet organization objectives.	1
T0606	Compile, integrate, and/or interpret all-source data for intelligence or vulnerability value with respect to specific targets.	2
T0607	Identify and conduct analysis of target communications to identify information essential to support operations.	1
T0617	Conduct nodal analysis.	5
T0621	Conduct quality control to determine validity and relevance of information gathered about networks.	1
T0624	Conduct target research and analysis.	3
T0650	Determine what technologies are used by a given target.	3
T0653	Apply analytic techniques to gain more target information.	1
T0692	Generate and evaluate the effectiveness of network analysis strategies.	1
T0706	Gather information about networks through traditional and alternative techniques, (e.g., social network analysis, call-chaining, traffic analysis.)	1
T0707	Generate requests for information.	5
T0710	Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.	3
T0715	Identify collection gaps and potential collection strategies against targets.	2
T0722	Identify network components and their functionality to enable analysis and target development.	1
T0745	Make recommendations to guide collection in support of customer requirements.	2
T0765	Provide subject matter expertise to development of exercises.	1
T0778	Profile targets and their activities.	1
T0797	Provide target recommendations which meet leadership objectives.	4
T0802	Review appropriate information sources to determine validity and relevance of information gathered.	2
T0803	Reconstruct networks in diagram or report format.	1
T0807	Research communications trends in emerging technologies (in computer and telephony networks, satellite, cable, and wireless) in both open and classified sources.	1