CO-OPS-001 Cyber Operator

Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

Performs activities to gather evidence on criminal or foreign intelligence entities to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.

Conducts collection, processing, and/or geolocation of systems to exploit, locate, and/or track targets of interest. Performs network navigation, tactical forensic analysis, and, when directed, executes on-net operations.

Knowledges 44

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0009	Knowledge of application vulnerabilities.	6
K0021	Knowledge of data backup and recovery.	9
K0051	Knowledge of low-level computer languages (e.g., assembly languages).	4
K0109	Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).	15
K0142	Knowledge of collection management processes, capabilities, and limitations.	4
K0224	Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.	5
K0363	Knowledge of auditing and logging procedures (including server-based logging).	1
K0372	Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages).	1
K0373	Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications.	1
K0375	Knowledge of wireless applications vulnerabilities.	1
K0379	Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.	7
K0403	Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.	5
K0406	Knowledge of current software and methodologies for active defense and system hardening.	1
K0420	Knowledge of database theory.	4
K0423	Knowledge of deconfliction reporting to include external organization interaction.	1
K0428	Knowledge of encryption algorithms and tools for wireless local area networks (WLANs).	1
K0427	Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).	8
K0429	Knowledge of enterprise-wide information management.	1
K0430	Knowledge of evasion strategies and techniques.	2
K0433	Knowledge of forensic implications of operating system structure and operations.	1
K0438	Knowledge of mobile cellular communications architecture (e.g., LTE, CDMA, GSM/EDGE and UMTS/HSPA).	1
K0440	Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.	8
K0452	Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP.	1
K0468	Knowledge of internal and external partner reporting.	1
K0481	Knowledge of methods and techniques used to detect various exploitation activities.	1
K0485	Knowledge of network administration.	1
K0486	Knowledge of network construction and topology.	1
K0480	Knowledge of malware.	8
K0516	Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.	10
K0528	Knowledge of satellite-based communication systems.	1
K0530	Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.	1
K0531	Knowledge of security implications of software configurations.	1
K0536	Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).	1
K0560	Knowledge of the basic structure, architecture, and design of modern communication networks.	10
K0565	Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.	11
K0573	Knowledge of the fundamentals of digital forensics to extract actionable intelligence.	1
K0608	Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).	2
K0609	Knowledge of virtual machine technologies.	1

Skills 26

Code	Description	Work Roles
S0062	Skill in analyzing memory dumps to extract information.	3
S0183	Skill in analyzing terminal or environment collection data.	2
S0236	Skill in identifying the devices that work at each level of protocol models.	3
S0182	Skill in analyzing target communications internals and externals collected from wireless LANs.	1
S0190	Skill in assessing current tools to identify needed improvements.	1
S0192	Skill in auditing firewalls, perimeters, routers, and intrusion detection systems.	1
S0202	Skill in data mining techniques (e.g., searching file systems) and analysis.	2
S0206	Skill in determining installed patches on various operating systems and identifying patch signatures.	1
S0221	Skill in extracting information from packet captures.	1
S0242	Skill in interpreting vulnerability scanner results to identify vulnerabilities.	2
S0243	Skill in knowledge management, including technical documentation techniques (e.g., Wiki page).	2
S0252	Skill in processing collected data for follow-on analysis.	2
S0255	Skill in providing real-time, actionable geolocation information utilizing target infrastructures.	1
S0257	Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data).	1
S0266	Skill in relevant programming languages (e.g., C++, Python, etc.).	1
S0267	Skill in remote command line and Graphic User Interface (GUI) tool usage.	1
S0270	Skill in reverse engineering (e.g., hex editing, binary packaging utilities, debugging, and strings analysis) to identify function and ownership of remote tools.	2
S0275	Skill in server administration.	1
S0276	Skill in survey, collection, and analysis of wireless LAN metadata.	1
S0281	Skill in technical writing.	3
S0282	Skill in testing and evaluating tools for implementation.	1
S0293	Skill in using tools, techniques, and procedures to remotely exploit and establish persistence on a target.	2
S0295	Skill in using various open source data collection tools (online trade, DNS, mail, etc.).	1
S0298	Skill in verifying the integrity of all files. (e.g., checksums, Exclusive OR, secure hashes, check constraints, etc.).	1
S0299	Skill in wireless network target analysis, templating, and geolocation.	1
S0363	Skill to analyze and assess internal and external partner reporting.	1

Abilities 4

Code	Description	Work Roles
A0095	Ability to interpret and translate customer requirements into operational action.	2
A0097	Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.	1
A0099	Ability to perform network collection tactics, techniques, and procedures to include decryption capabilities/tools.	1
A0100	Ability to perform wireless collection procedures to include decryption capabilities/tools.	1

Tasks 26

Code	Description	Work Roles
T0566	Analyze internal operational architecture, tools, and procedures for ways to improve performance.	1
T0567	Analyze target operational architecture for ways to gain access.	1
T0598	Collaborate with development organizations to create and deploy the tools needed to achieve objectives.	1
T0609	Conduct access enabling of wireless computer and digital networks.	1
T0610	Conduct collection and processing of wireless computer and digital networks.	1
T0612	Conduct exploitation of wireless computer and digital networks.	1
T0616	Conduct network scouting and vulnerability analyses of systems within a network.	1
T0618	Conduct on-net activities to control and exfiltrate data from deployed technologies.	1
T0619	Conduct on-net and off-net activities to control, and exfiltrate data from deployed, automated technologies.	1
T0620	Conduct open source data collection via various online tools.	1
T0623	Conduct survey of computer and digital networks.	1
T0643	Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers).	1
T0644	Detect exploits against targeted networks and hosts and react accordingly.	1
T0664	Develop new techniques for gaining and keeping access to target systems.	1
T0677	Edit or execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems.	1
T0696	Exploit network devices, security devices, and/or terminals or environments using various methods or tools.	1
T0697	Facilitate access enabling by physical and/or wireless means.	1
T0724	Identify potential points of strength and vulnerability within a network.	1
T0740	Maintain situational awareness and functionality of organic operational infrastructure.	1
T0756	Operate and maintain automated systems for gaining and maintaining access to target systems.	1
T0768	Conduct cyber activities to degrade/remove information resident in computers and computer networks.	1
T0774	Process exfiltrated data for analysis and/or dissemination to customers.	1
T0796	Provide real-time actionable geolocation information.	1
T0804	Record information collection and/or environment preparation activities against targets during operations designed to achieve cyber effects.	1
T0828	Test and evaluate locally developed tools for operational use.	1
T0829	Test internal developed tools and techniques against target tools.	1