Access Network Operator

Conducts access collection, processing, and/or geolocation of wired or wireless computer and digital networks in order to exploit, locate, and/or track targets of interest.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T2020A additional Analyze target operational architecture for ways to gain access.
• T2088 additional Collaborate with development organizations to create and deploy the tools needed to achieve objectives.
• T2105 additional Conduct access enabling of wireless computer and digital networks.
• T2106 additional Conduct collection and processing of wireless computer and digital networks.
• T2109 additional Conduct exploitation of wireless computer and digital networks.
• T2119 additional Conduct network scouting and vulnerability analyses of systems within a network.
• T2123 additional Conduct on-net and off-net activities to control, and exfiltrate data from deployed, automated technologies.
• T2124 additional Conduct open source data collection via various online tools.
• T2133 additional Conduct survey of computer and digital networks.
• T2205 additional Deploy tools to a target and utilize them once deployed (e.g., backdoors, sniffers).
• T2294 additional Develop new techniques for gaining and keeping access to target systems.
• T2408 additional Exploit network devices, security devices, and/or terminals or environments using various methods or tools.
• T2412 additional Facilitate access enabling by physical and/or wireless means.
• T2477 additional Identify potential points of strength and vulnerability within a network.
• T2612 additional Operate and maintain automated systems for gaining and maintaining access to target systems.
• T2708 additional Process exfiltrated data for analysis and/or dissemination to customers.
• T2762 additional Provide real-time actionable geolocation information.
• T2846 additional Test and evaluate locally developed tools for operational use.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A3059 ability core Ability to interpret and translate customer requirements into operational action.
• A3658A ability core Ability to perform wireless collection procedures to include decryption capabilities/tools.
• A3658B ability core Ability to perform network collection tactics, techniques, and procedures to include decryption capabilities/tools.
• K0264 knowledge core Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
• K0912 knowledge core Knowledge of collection management processes, capabilities, and limitations.
• K3130 knowledge core Knowledge of auditing and logging procedures (including server-based logging).
• K3140 knowledge core Knowledge of basic programming concepts (e.g., levels, structures, compiled vs. interpreted languages).
• K3144 knowledge core Knowledge of basic wireless applications, including vulnerabilities in various types of wireless applications.
• K3206 knowledge core Knowledge of current software and methodologies for active defense and system hardening.
• K3253 knowledge core Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
• K3254 knowledge core Knowledge of encryption algorithms and tools for WLANs.
• K3261 knowledge core Knowledge of evasion strategies and techniques.
• K3267 knowledge core Knowledge of deconfliction reporting to include external organization interaction.
• K3270 knowledge core Knowledge of forensic implications of operating system structure and operations.
• K3280 knowledge core Knowledge of Global Systems for Mobile Communications (GSM) architecture.
• K3286 knowledge core Knowledge of host-based security products and how they affect exploitation and vulnerability.
• K3317 knowledge core Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP.
• K3374 knowledge core Knowledge of malware.
• K3399 knowledge core Knowledge of network administration.
• K3402 knowledge core Knowledge of network construction and topology.
• K3441 knowledge core Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
• K3473 knowledge core Knowledge of satellite-based communication systems.
• K3479 knowledge core Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.
• K3480 knowledge core Knowledge of security implications of software configurations.
• K3508 knowledge core Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network).
• K3513 knowledge core Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.
• K3543 knowledge core Knowledge of the basic structure, architecture, and design of modern communication networks.
• K3561 knowledge core Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
• K3579 knowledge core Knowledge of the fundamentals of digital forensics in order to extract actionable intelligence.
• K3627 knowledge core Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.
• K3637 knowledge core Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).
• K3644 knowledge core Knowledge of virtual machine technologies.
• K3658 knowledge core Knowledge of network collection procedures to include decryption capabilities/tools, techniques, and procedures.
• S3670 skill core Skill in analyzing terminal or environment collection data.
• S3677 skill core Skill in analyzing target communications internals and externals collected from wireless LANs.
• S3690 skill core Skill in assessing current tools to identify needed improvements.
• S3740 skill core Skill in determining installed patches on various operating systems and identifying patch signatures.
• S3779 skill core Skill in extracting information from packet captures.
• S3801 skill core Skill in identifying the devices that work at each level of protocol models.
• S3815 skill core Skill in interpreting vulnerability scanner results to identify vulnerabilities.
• S3817 skill core Skill in knowledge management, including technical documentation techniques (e.g., Wiki page).
• S3848 skill core Skill in processing collected data for follow-on analysis.
• S3871 skill core Skill in remote command line and Graphic User Interface (GUI) tool usage.
• S3889 skill core Skill in survey, collection, and analysis of wireless LAN metadata.
• S3929A skill core Skill in using tools, techniques, and procedures to exploit a target.
• S3948 skill core Skill in verifying the integrity of all files.
• S3949 skill core Skill in wireless network target analysis, templating, and geolocation.
• K3141 knowledge additional Knowledge of basic software applications (e.g., data storage and backup, database applications) and their vulnerabilities.
• K3155 knowledge additional Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
• S3883 skill additional Skill in server administration.
• S3899 skill additional Skill in testing and evaluating tools for implementation.
• S3931 skill additional Skill in using various open source data collection tools (online trade, DNS, mail, etc.).

EWU courses that develop this role

Other roles in this element