Cyber Operations Planner

The Cyberspace Operations Planner applies in-depth knowledge of the JOPP to develop detailed plans and orders supporting CCMD cyberspace operation requirements. Uses Joint, Service, and interagency planning and operational experience to conduct strategic and operational level planning across the full range of military operations for integrated information and cyberspace operations. Develops and maintains deliberate and crisis action planning products. Collaborates with cyberspace operators to identify and levy requirements for intelligence collection and analysis. Participates in targeting selection, validation, synchronization, and execution of complex cyberspace operations. Has sufficient technical knowledge to understand cyberspace operations capabilities, target vulnerabilities, and effects. Collaborates with cyberspace operators, analysts, enablers and planners to gain access and technical intelligence to meet planning objectives.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T2009 additional Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives.
• T2052 additional Assess target vulnerabilities and/or operational capabilities to determine course of action.
• T2073 additional Provide input to the identification of cyber-related success criteria.
• T2130 additional Develop, review and implement all levels of planning guidance in support of cyber operations.
• T2159 additional Contribute to crisis action planning for cyber operations.
• T2186 additional Coordinate, produce and track intelligence requirements.
• T2237 additional Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives.
• T2265 additional Develop and maintain deliberate and/or crisis plans.
• T2266 additional Develop and review specific cyber operations guidance for integration into broader planning activities.
• T2272 additional Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives.
• T2327 additional Develop, implement, and recommend changes to appropriate planning procedures and policies.
• T2365 additional Ensure operational planning efforts are effectively transitioned to current operations.
• T2368 additional Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines.
• T2386 additional Evaluate intelligence estimates to support the planning cycle.
• T2417 additional Facilitate the sharing of “best practices” and “lessons learned” throughout the cyber operations community.
• T2424 additional Incorporate cyber operations and communications security support plans into organization objectives.
• T2425 additional Incorporate intelligence and counterintelligence to support plan development.
• T2446 additional Identify and submit intelligence requirements for the purposes of designating priority information requirements.
• T2459 additional Identify intelligence gaps and shortfalls.
• T2509 additional Provide input to or develop courses of action based on threat factors.
• T2524 additional Integrate cyber planning/targeting efforts with other organizations.
• T2528 additional Interpret environment preparations assessments to determine a course of action.
• T2529 additional Issue requests for information.
• T2561 additional Maintain situational awareness of cyber-related intelligence requirements and associated tasking.
• T2562 additional Maintain situational awareness of partner capabilities and activities.
• T2590 additional Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives.
• T2621 additional Provide SME and support to planning/developmental forums and working groups as appropriate.
• T2626 additional Provide subject matter expertise to planning efforts with internal and external cyber operations partners.
• T2628 additional Participate in exercises.
• T2752 additional Provide input to the administrative and logistical elements of an operational support plan.
• T2770 additional Provide time sensitive targeting support.
• T2806 additional Review and comprehend organizational leadership objectives and guidance for planning.
• T2837 additional Submit or respond to requests for deconfliction of cyber operations.
• T2888 additional Document lessons learned that convey the results of events and/or exercises.
• T8004 additional Analyze data (e.g., MOEs, MOPs) to determine mission effectiveness.
• T8018 additional Assess data to determine whether an event meets CCIR criteria.
• T8043 additional Contribute to and oversee cyberspace operational plans (OPLANs) to include annexes.
• T8044 additional Contribute to cyberspace base plans (BPLANs), concept plans (CONPLANs).
• T8045 additional Contribute to cyberspace Execution Orders (EXORDs).
• T8046 additional Contribute to cyberspace Operational Orders (OPORDs).
• T8048 additional Coordinate operational planning teams (OPTs), coordination groups, and task forces as necessary.
• T8069 additional Develop cyberspace operations TTPs for integration into operational and tactical levels of planning.
• T8070 additional Develop detailed operational and tactical plans and orders supporting cyberspace operations requirements at the tactical levels of warfare.
• T8098 additional Evaluate reporting (e.g., BDA, MOEs, MISREP) in order to support commanders decisions.
• T8104 additional Facilitate the development of partnership agreements.
• T8105 additional Gather data to support the synchronization of effects into the joint targeting cycle.
• T8119 additional Integrate cyberspace operations planning efforts with domestic and foreign partners.
• T8122 additional Interpret complex and rapidly evolving concepts.
• T8123 additional Interpret cyberspace base plans (BPLANs), concept plans (CONPLANs).
• T8124 additional Interpret cyberspace Operational Orders (OPORDs).
• T8125 additional Interpret cyberspace Warning Orders (WARNORDs), Alert Orders (ALERTORD), and Fragmentary Orders (FRAGORDs).
• T8126 additional Lead planning efforts with other DOD and non-DOD cyberspace operations partners.
• T8127 additional Lead the planning effort within cyberspace exercises and wargames.
• T8132 additional Maintain situational awareness of the adversary.
• T8142 additional Participate in planning efforts with other DOD and non-DOD cyberspace operations partners.
• T8146 additional Perform operational design.
• T8154 additional Prepare COAs to address CCIR events.
• T8163 additional Provide briefings regarding mission activities to stakeholders.
• T8188 additional Review cyberspace operations TTPs for integration into operational and tactical levels of planning.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A3001 ability additional Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.
• A3011 ability additional Ability to apply critical reading/thinking skills.
• A3021 ability additional Ability to collaborate effectively with others.
• A3022 ability additional Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• A3033 ability additional Ability to coordinate cyber operations with other organization functions or support activities.
• A3044 ability additional Ability to exercise judgment when policies are not well-defined.
• A3076 ability additional Ability to tailor technical and planning information to a customer’s level of understanding.
• A4190 ability additional Ability to apply the Joint Planning Process (JPP).
• A4355 ability additional Ability to solve complex problems.
• K0264 knowledge additional Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
• K0270 knowledge additional Knowledge of common adversary tactics, techniques, and procedures in assigned area of responsibility (i.e., historical country-specific tactics, techniques, and procedures; emerging capabilities).
• K1056 knowledge additional Knowledge of operations security.
• K2531 knowledge additional Knowledge of organizational planning concepts.
• K3098 knowledge additional Knowledge of virtualization products (Vmware, Virtual PC).
• K3106 knowledge additional Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).
• K3114 knowledge additional Knowledge of all forms of intelligence support needs, topics, and focus areas.
• K3146 knowledge additional Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
• K3154 knowledge additional Knowledge of classification and control markings standards, policies and procedures.
• K3159 knowledge additional Knowledge of cyber operations support or enabling processes.
• K3194 knowledge additional Knowledge of crisis action planning and time sensitive planning procedures.
• K3211 knowledge additional Knowledge of cyber laws and legal considerations and their effect on cyber planning.
• K3218 knowledge additional Knowledge of cyber operations terminology/lexicon.
• K3219 knowledge additional Knowledge of cyber operations.
• K3225 knowledge additional Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
• K3235 knowledge additional Knowledge of deconfliction processes and procedures.
• K3257 knowledge additional Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities.
• K3262 knowledge additional Knowledge of evolving/emerging communications technologies.
• K3264 knowledge additional Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.
• K3268 knowledge additional Knowledge of staff management, assignment, and allocation processes.
• K3271 knowledge additional Knowledge of internal and external partner cyber operations capabilities and tools.
• K3287 knowledge additional Knowledge of how collection requirements and information needs are translated, tracked, and prioritized across the extended enterprise.
• K3338 knowledge additional Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions.
• K3358 knowledge additional Knowledge of organizational hierarchy and cyber decision making processes.
• K3374 knowledge additional Knowledge of malware.
• K3391 knowledge additional Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning.
• K3441 knowledge additional Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
• K3572 knowledge additional Knowledge of organization decision support tools and/or methods.
• K3582 knowledge additional Knowledge of the intelligence frameworks, processes, and related systems.
• K3585 knowledge additional Knowledge of accepted organization planning systems.
• K3605 knowledge additional Knowledge of the information environment.
• K3610 knowledge additional Knowledge of the relationships between end states, objectives, effects, lines of operation, etc.
• K3615 knowledge additional Knowledge of the structure and intent of organization specific plans, guidance and authorizations.
• K3616 knowledge additional Knowledge of the structure, architecture, and design of modern digital and telephony networks.
• K4106 knowledge additional Knowledge of analytic tools and techniques.
• K4389 knowledge additional Knowledge of accessing a network remotely (e.g. bypassing IDS/IPS, credential harvesting, vulnerability analysis, COTS toolkit employment).
• K4425 knowledge additional Knowledge of cyber laws, legal considerations—to include the law of armed conflict (LOAC) and designated rules of engagement (ROE)—and their effect on cyberspece operations.
• K4446 knowledge additional Knowledge of exploitation methods.
• K4449 knowledge additional Knowledge of formal coordination procedures.
• K4451 knowledge additional Knowledge of the full spectrum of cyberspace operational missions (e.g., DODIN Operations, DCO, OCO), principles, capabilities, limitations, and effects.
• K4454 knowledge additional Knowledge of hacker methodology.
• K4459 knowledge additional Knowledge of host and network security.
• K4471 knowledge additional Knowledge of intelligence/SIGINT reporting and dissemination procedures.
• K4474 knowledge additional Knowledge of joint doctrine and joint planning concepts, to include knowledge of the JPP (JP 5-0).
• K4475 knowledge additional Knowledge of joint doctrine for information activities (JP 3-04).
• K4476 knowledge additional Knowledge of joint doctrine intelligence concepts (JP 2-0).
• K4477 knowledge additional Knowledge of joint doctrine operations concepts (JP 3-0).
• K4478 knowledge additional Knowledge of joint doctrine targeting concepts (JP 3-60).
• K4504 knowledge additional Knowledge of operational assessment (i.e., BDA and Restrike Recommendation (RR)).
• K4507 knowledge additional Knowledge of operational platforms.
• K4512 knowledge additional Knowledge of persistence tools and methods (e.g. Implants/Rootkits, Tunneling, Native Actions).
• K4515 knowledge additional Knowledge of Post-Exploitation TTPs (e.g. data exfiltration, privilege escalation, operational prep of the environment).
• K4579 knowledge additional Knowledge of the structure and intent of USCYBERCOM and its subordinate organizations specific plans, orders, and standing rules of engagement.
• K4582 knowledge additional Knowledge of the U.S. SIGINT System (USSS) authorities, responsibilities, and contributions to the cyberspace operations mission.
• K4590 knowledge additional Knowledge of USCYBERCOM cyberspace operations terminology.
• S3665 skill additional Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
• S3766 skill additional Skill in documenting and communicating complex technical and programmatic information.
• S3772 skill additional Skill in evaluating information for reliability, validity, and relevance.
• S3844 skill additional Skill in preparing and presenting briefings.

Other roles in this element