Network Technician

The Network Technician provides enterprise and tactical infrastructure knowledge, experience, and integration to the Cyber Protection Team (CPT). The Network Technician supports CPT elements by understanding of network technologies, defining mission scope, and identifying terrain.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T1104 additional Examine network topologies to understand data flows through the network.
• T1109 additional Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.
• T1153A additional Install, update, and troubleshoot systems/servers.
• T2062 additional Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the NE or enclave.
• T2102 additional Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.
• T2119 additional Conduct network scouting and vulnerability analyses of systems within a network.
• T2232 additional Determine course of action for addressing changes to objectives, guidance, and operational environment.
• T2379B additional Identify threats to Blue Force vulnerabilities.
• T2477 additional Identify potential points of strength and vulnerability within a network.
• T2611 additional Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event's history, status, and potential impact for further action in accordance with the organization's cyber incident response plan.
• T433 additional Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.
• T434A additional Check system hardware availability, functionality, integrity, and efficiency.
• T452 additional Conduct functional and connectivity testing to ensure continuing operability.
• T456A additional Conduct periodic system maintenance including cleaning (both physically and electronically), disk checks, routine reboots, data dumps, and testing.
• T461 additional Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.
• T462 additional Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols, tunneling).
• T467 additional Consult with engineering staff to evaluate interface between hardware and software.
• T499 additional Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs.
• T518 additional Develop and document systems administration standard operating procedures.
• T518A additional Comply with organization systems administration standard operating procedures.
• T602 additional Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• T667 additional Install or replace network hubs, routers, and switches.
• T683 additional Maintain baseline system security according to organizational policies.
• T695 additional Manage accounts, network rights, and access to systems and equipment.
• T701A additional Manage system/server resources including performance, capacity, availability, serviceability, and recoverability.
• T728A additional Oversee installation, implementation, configuration, and support of system components.
• T736 additional Patch network vulnerabilities to ensure information is safeguarded against outside parties.
• T763A additional Diagnose faulty system/server hardware.
• T763B additional Perform repairs on faulty system/server hardware.
• T765 additional Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• T781 additional Plan, execute, and verify data redundancy and system recovery procedures.
• T782 additional Plan and recommend modifications or adjustments based on exercise results or system environment.
• T802 additional Provide feedback on network requirements, including network architecture and infrastructure.
• T8042 additional Consult with customers about network system design and maintenance.
• T8058 additional Design countermeasures and mitigations against potential weaknesses and vulnerabilities in system and elements.
• T8059 additional Design, develop, and modify network systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.
• T8078 additional Diagnose network connectivity problems.
• T8091 additional Engage customers to understand their expectations and wants.
• T8099 additional Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.
• T811 additional Provide ongoing optimization and problem solving support.
• T8110 additional Identify optimal locations for network sensor placement to collect on targeted devices.
• T8117 additional Implement and enforce DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).
• T8120 additional Integrate toolkit into existing networks and create documentation for the new architecture.
• T8131 additional Maintain Operational, technical, and authoritative situational awareness during effects-based operations
• T8139 additional Notify designated mission leadership or applicable team members of any suspected cyber incident.
• T8161 additional Provide and maintain documentation for TTPs as inputs to training programs.
• T8165 additional Provide feedback for RFI generation.
• T8187 additional Repair network connectivity problems.
• T835A additional Troubleshoot hardware/software interface and interoperability problems.
• T880B additional Work with stakeholders to report network security incidents and vulnerability compliance.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A1072A ability additional Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• A3063 ability additional Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.
• A3076 ability additional Ability to tailor technical and planning information to a customer’s level of understanding.
• A4196 ability additional Ability to build, implement, and maintain distributed sensor grid.
• A41A ability additional Ability to operate the organization's LAN/WAN pathways.
• A4201 ability additional Ability to characterize network traffic for trends and patterns.
• A4215 ability additional Ability to configure and place distributed sensor grid
• A4224 ability additional Ability to coordinate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decision-making authorities
• A4228 ability additional Ability to create rule sets within an Intrusion Detection System (IDS).
• A4230 ability additional Ability to create rules/alerts for traffic validation.
• A4273 ability additional Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
• A4290 ability additional Ability to implement network TAP configuration
• A4291 ability additional Ability to implement sensors according to sensor plan
• A4294 ability additional Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, ensuring a robust software quality control process and establishing multiple source
• A4316 ability additional Ability to organize policy standards to insure procedures and guidelines comply with cybersecurity policies
• A4352 ability additional Ability to setup Serial and Ethernet interfaces
• A4354 ability additional Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
• A4357 ability additional Ability to test tools within sensor grid
• A4358 ability additional Ability to track the location and configuration of networked devices and software across departments, locations, facilities and potentially supporting business functions.
• A4360 ability additional Ability to troubleshoot computer software and hardware issues, make repairs, and schedule updates
• A4365 ability additional Ability to use and/or integrate a Security Information and Event Management (SIEM) platform.
• A6100 ability additional Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• A68A ability additional Ability to build architectures and frameworks.
• K0012 knowledge additional Knowledge of communication methods, principles, and concepts (e.g., crypto, dual hubs, time multiplexers) that support the network infrastructure.
• K0015 knowledge additional Knowledge of capabilities and applications of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.
• K0051 knowledge additional Knowledge of how system components are installed, integrated, and optimized.
• K0070 knowledge additional Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• K0072 knowledge additional Knowledge of local area and wide area networking principles and concepts including bandwidth management.
• K0076 knowledge additional Knowledge of measures or indicators of system performance and availability.
• K0090 knowledge additional Knowledge of operating systems.
• K0096 knowledge additional Knowledge of performance tuning tools and techniques.
• K0106 knowledge additional Knowledge of remote access technology concepts.
• K0113 knowledge additional Knowledge of server and client operating systems.
• K0127 knowledge additional Knowledge of systems administration concepts.
• K0141 knowledge additional Knowledge of the enterprise information technology (IT) architecture.
• K0145 knowledge additional Knowledge of the type and frequency of routine maintenance needed to keep equipment functioning properly.
• K0148 knowledge additional Knowledge of Virtual Private Network (VPN) security.
• K0278 knowledge additional Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
• K0287 knowledge additional Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
• K0344 knowledge additional Knowledge of virtualization technologies and virtual machine development and maintenance.
• K081A knowledge additional Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K0902 knowledge additional Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA).
• K0986 knowledge additional Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
• K0990 knowledge additional Knowledge of the common attack vectors on the network layer.
• K0991 knowledge additional Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
• K1033 knowledge additional Knowledge of basic system administration, network, and operating system hardening techniques.
• K1034A knowledge additional Knowledge of Personally Identifiable Information (PII) data security standards.
• K1034C knowledge additional Knowledge of Personal Health Information (PHI) data security standards.
• K1063A knowledge additional Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications).
• K1072 knowledge additional Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth, Zero Trust).
• K112A knowledge additional Knowledge of systems engineering theories, concepts, and methods.
• K114A knowledge additional Knowledge of system/server diagnostic tools and fault identification techniques.
• K141A knowledge additional Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures.
• K212A knowledge additional Knowledge of network mapping and recreating network topologies.
• K3188 knowledge additional Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
• K3246 knowledge additional Knowledge of confidentiality, integrity, and availability requirements.
• K3277 knowledge additional Knowledge of general SCADA system components.
• K3353 knowledge additional Knowledge of the Risk Management Framework Assessment Methodology.
• K3402 knowledge additional Knowledge of network construction and topology.
• K342A knowledge additional Knowledge of operating system command line/prompt.
• K3431 knowledge additional Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
• K3539 knowledge additional Knowledge of telecommunications fundamentals.
• K4390 knowledge additional Knowledge of active directory federated services.
• K4396 knowledge additional Knowledge of basic cloud based technologies and concepts.
• K4398 knowledge additional Knowledge of basic Cyber Threat Emulation concepts.
• K4399 knowledge additional Knowledge of basic Embedded Systems concepts.
• K4415 knowledge additional Knowledge of common obfuscation techniques (e.g. command line execution, string substitution, clandestine side channel, Base64).
• K4429 knowledge additional Knowledge of cybersecurity controls and design principles and methods (e.g., firewalls, DMZ, and encryption).
• K4438 knowledge additional Knowledge of different types of log subscriptions (e.g. push vs pull, MS Windows event forwarding, winlogbeat, syslog).
• K4451 knowledge additional Knowledge of the full spectrum of cyberspace operational missions (e.g., DODIN Operations, DCO, OCO), principles, capabilities, limitations, and effects.
• K4481 knowledge additional Knowledge of long haul circuits.
• K4499 knowledge additional Knowledge of Network OSs.
• K4500 knowledge additional Knowledge of network systems management methods including end-to-end systems performance monitoring.
• K4501 knowledge additional Knowledge of non-Active Directory domains (e.g. IDM, LDAP).
• K4516 knowledge additional Knowledge of principles and methods for integrating system and network components.
• K4522 knowledge additional Knowledge of public key infrastructure (PKI) libraries, certificate authorities, certificate management, and encryption functionalities.
• K4529 knowledge additional Knowledge of routing protocols such as RIPv1/v2, OSPF, IGRP, and EIGRP
• K4532 knowledge additional Knowledge of Security Technical Implementation Guide (STIG)
• K4537 knowledge additional Knowledge of stream providers (e.g. KAFKA).
• K4539 knowledge additional Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).
• K4588 knowledge additional Knowledge of transmission capabilities (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)).
• K4594 knowledge additional Knowledge of WAN technologies such as PPP, Frame-relay, dedicated T1s, ISDN, and routing protocols
• K4595 knowledge additional Knowledge of web applications and their common attack vectors.
• K6240 knowledge additional Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).
• S154 skill additional Skill in analyzing network traffic capacity and performance characteristics.
• S167A skill additional Skill in conducting system/server planning, management, and maintenance.
• S170 skill additional Skill in configuring and optimizing software.
• S171A skill additional Skill in correcting physical and technical problems that impact system/server performance.
• S180 skill additional Skill in designing the integration of hardware and software solutions.
• S183 skill additional Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• S191 skill additional Skill in developing and applying security system access controls.
• S193 skill additional Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.
• S194 skill additional Skill in diagnosing connectivity problems.
• S195A skill additional Skill in troubleshooting failed system components (i.e., servers)
• S202A skill additional Skill in identifying and anticipating system/server performance, availability, capacity, or configuration problems.
• S206A skill additional Skill in installing system and component upgrades.
• S207 skill additional Skill in installing, configuring, and troubleshooting LAN and WAN components such as routers, hubs, and switches.
• S209 skill additional Skill in maintaining directory services.
• S211A skill additional Skill in monitoring and optimizing system/server performance.
• S216A skill additional Skill in recovering failed systems/servers.
• S219A skill additional Skill in operating system administration.
• S231 skill additional Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol).
• S3741 skill additional Skill in determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.
• S3871 skill additional Skill in remote command line and Graphic User Interface (GUI) tool usage.
• S4606 skill additional Skill in applying STIG upgrades
• S4609 skill additional Skill in cable management and organization
• S4615 skill additional Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).
• S4635 skill additional Skill in implementing DHCP and DNS
• S4664 skill additional Skill in router IOS backup, recovery, and upgrade.
• S4671 skill additional Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.
• S6590 skill additional Skill in interfacing with customers.

EWU courses that develop this role

NCAE CyberGames scoreboard errors for this role

• NCAE-7aabdb11ec DNS EXT FWD / failure: Can't contact DNS Server on IP
• NCAE-b364740c09 DNS EXT REV / failure: Can't contact DNS Server on IP
• NCAE-9b363f6139 DNS INT FWD / failure: Can't contact DNS Server on INT_IP
• NCAE-7f0bb3106d DNS INT REV / failure: Can't contact DNS Server on INT_IP
• NCAE-a35a20c717 DNS EXT REV / partial: Connected to IP:53, no useful content though...
• NCAE-c8514560b8 Router ICMP / failure: Request Timed Out to host IP after 1 seconds
• NCAE-cb9ddf3665 DNS INT REV / partial: Connected to INT_IP:53, no useful content though...
• NCAE-a159d521db DNS INT FWD / partial: Connected to INT_IP:53, no useful content though...
• NCAE-c1a43a09d2 DNS EXT FWD / partial: Failed to lookup: ns1.team15.ncaecybergames.org, files.team15.ncaecybergames.org, shell.team15.ncaecybergames.org
• NCAE-98b67814b9 Router ICMP / failure: ping says "Destination Host Unreachable" to host IP
• NCAE-27ec0357b6 DNS EXT FWD / partial: Connected to IP:53, no useful content though...
• NCAE-71165e8b85 DNS EXT FWD / partial: Failed to lookup: ns1.team18.ncaecybergames.org, files.team18.ncaecybergames.org, shell.team18.ncaecybergames.org
• NCAE-6b1ed4e432 DNS INT REV / partial: Failed to lookup: INT_IP

Other roles in this element