Collection Operations (CLO) NICE Specialty Area
NICE Work Role Name:
All Source-Collection Manager
NICE Work Role ID:
CO-CLO-001
NICE Category:
Collect and Operate (CO)
NICE Work Role Description:
Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership’s intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.
-
All Source-Collection Requirements Manager (CO203-RBT)
-
Cybersecurity Hunt (CO280)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0036 – Knowledge of human-computer interaction principles.
- K0058 – Knowledge of network traffic analysis methods.
- K0109 – Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
- K0177 – Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- K0353 – Knowledge of possible circumstances that would result in changing collection management authorities.
- K0361– Knowledge of asset availability, capabilities and limitations.
- K0364 – Knowledge of available databases and tools necessary to assess appropriate collection tasking.
- K0380 – Knowledge of collaborative tools and environments.
- K0382 – Knowledge of collection capabilities and limitations.
- K0383 – Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.
- K0386 – Knowledge of collection management tools.
- K0387 – Knowledge of collection planning process and collection plan.
- K0390 – Knowledge of collection strategies.
- K0392 – Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
- K0395 – Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
- K0401 – Knowledge of criteria for evaluating collection products.
- K0404 – Knowledge of current collection requirements.
- K0405 – Knowledge of current computer-based intrusion sets.
- K0412 – Knowledge of cyber lexicon/terminology
- K0417 – Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
- K0419 – Knowledge of database administration and maintenance.
- K0425 – Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.
- K0427 – Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
- K0431 – Knowledge of evolving/emerging communications technologies.
- K0435 – Knowledge of fundamental cyber concepts, principles, limitations, and effects.
- K0440 – Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.
- K0444 – Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
- K0445 – Knowledge of how modern digital and telephony networks impact cyber operations.
- K0446 – Knowledge of how modern wireless communications systems impact cyber operations.
- K0448 – Knowledge of how to establish priorities for resources.
- K0449 – Knowledge of how to extract, analyze, and use metadata.
- K0453 – Knowledge of indications and warning.
- K0454 – Knowledge of information needs.
- K0467 – Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).
- K0471 – Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
- K0474 – Knowledge of key cyber threat actors and their equities.
- K0475 – Knowledge of key factors of the operational environment and threat.
- K0477 – Knowledge of leadership’s Intent and objectives.
- K0480 – Knowledge of malware.
- K0482 – Knowledge of methods for ascertaining collection asset posture and availability.
- K0492 – Knowledge of non-traditional collection methodologies.
- K0495 – Knowledge of ongoing and future operations.
- K0496 – Knowledge of operational asset constraints.
- K0498 – Knowledge of operational planning processes.
- K0503 – Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact.
- K0505 – Knowledge of organization objectives and associated demand on collection management.
- K0513 – Knowledge of organizational priorities, legal authorities and requirements submission processes.
- K0516 – Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
- K0521 – Knowledge of priority information, how it is derived, where it is published, how to access, etc.
- K0522 – Knowledge of production exploitation and dissemination needs and architectures.
- K0526 – Knowledge of research strategies and knowledge management.
- K0527 – Knowledge of risk management and mitigation strategies.
- K0552 – Knowledge of tasking mechanisms.
- K0553 – Knowledge of tasking processes for organic and subordinate collection assets.
- K0554 – Knowledge of tasking, collection, processing, exploitation and dissemination.
- K0558 – Knowledge of the available tools and applications associated with collection requirements and collection management.
- K0560 – Knowledge of the basic structure, architecture, and design of modern communication networks.
- K0561 – Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- K0562 – Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.
- K0563 – Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.
- K0565 – Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
- K0569 – Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.
- K0570 – Knowledge of the factors of threat that could impact collection operations.
- K0579 – Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
- K0580 – Knowledge of the organization’s established format for collection plan.
- K0581 – Knowledge of the organization’s planning, operations and targeting cycles.
- K0583 – Knowledge of the organizational plans/directives/guidance that describe objectives.
- K0584 – Knowledge of the organizational policies/procedures for temporary transfer of collection authority.
- K0587 – Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.
- K0588 – Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.
- K0596 – Knowledge of the request for information process.
- K0601 – Knowledge of the systems/architecture/communications used for coordination.
- K0605 – Knowledge of tipping, cueing, mixing, and redundancy.
- K0610 – Knowledge of virtualization products (VMware, Virtual PC).
- K0612 – Knowledge of what constitutes a “threat” to a network.
- K0613 – Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations.
Skills
- S0304 – Skill to access information on current assets available, usage.
- S0305 – Skill to access the databases where plans/directives/guidance are maintained.
- S0316 – Skill to associate Intelligence gaps to priority information requirements and observables.
- S0317 – Skill to compare indicators/observables with requirements.
- S0327 – Skill to ensure that the collection strategy leverages all available resources.
- S0329 – Skill to evaluate requests for information to determine if response information exists.
- S0330 – Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.
- S0334 – Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines.
- S0335 – Skill to identify Intelligence gaps.
- S0336 – Skill to identify when priority information requirements are satisfied.
- S0337 – Skill to implement established procedures for evaluating collection management and operations activities.
- S0339 – Skill to interpret readiness reporting, its operational relevance and intelligence collection impact.
- S0344 – Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology.
- S0346 – Skill to resolve conflicting collection requirements.
- S0347 – Skill to review performance specifications and historical information about collection assets.
- S0348 – Skill to specify collections and/or taskings that must be conducted in the near term.
- S0352 – Skill to use collaborative tools and environments for collection operations.
- S0353 – Skill to use systems and/or tools to track collection requirements and determine if they are satisfied.
- S0362 – Skill to analyze and assess internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).
Abilities
- A0069 – Ability to apply collaborative skills and strategies.
- A0070 – Ability to apply critical reading/thinking skills.
- A0078 – Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.
Tasks
- T0562 – Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements.
- T0564 – Analyze feedback to determine extent to which collection products and services are meeting requirements.
- T0568 – Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).
- T0573 – Assess and apply operational environment factors and risks to collection management process.
- T0578 – Assess performance of collection assets against prescribed specifications.
- T0604 – Compare allocated and available assets to collection demand as expressed through requirements.
- T0605 – Compile lessons learned from collection management activity’s execution of organization collection objectives.
- T0626 – Construct collection plans and matrixes using established guidance and procedures.
- T0631 – Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads.
- T0632 – Coordinate inclusion of collection plan in appropriate documentation.
- T0634 – Re-task or re-direct collection assets and resources.
- T0645 – Determine course of action for addressing changes to objectives, guidance, and operational environment.
- T0646 – Determine existing collection management webpage databases, libraries and storehouses.
- T0647 – Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function.
- T0649 – Determine organizations and/or echelons with collection authority over all accessible collection assets.
- T0651 – Develop a method for comparing collection reports to outstanding requirements to identify information gaps.
- T0657 – Develop coordinating instructions by collection discipline for each phase of an operation.
- T0662 – Allocate collection assets based on leadership’s guidance, priorities, and/or operational emphasis.
- T0674 – Disseminate tasking messages and collection plans.
- T0681 – Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems.
- T0683 – Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures.
- T0698 – Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers.
- T0702 – Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables.
- T0714 – Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.
- T0716 – Identify coordination requirements and procedures with designated collection authorities.
- T0721 – Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness.
- T0723 – Identify potential collection disciplines for application against priority information requirements.
- T0725 – Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.
- T0734 – Issue requests for information.
- T0737 – Link priority collection requirements to optimal assets and resources.
- T0750 – Monitor completion of reallocated collection efforts.
- T0753 – Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture.
- T0755 – Monitor the operational environment for potential factors and risks to the collection operation management process.
- T0757 – Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements.
- T0773 – Prioritize collection requirements for collection platforms based on platform capabilities.
- T0779 – Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations.
- T0806 – Request discipline-specific processing, exploitation, and disseminate information collected using discipline’s collection assets and resources in accordance with approved guidance and/or procedures.
- T0809 – Review capabilities of allocated collection assets.
- T0810 – Review intelligence collection guidance for accuracy/applicability
- T0811 – Review list of prioritized collection requirements and essential information.
- T0812 – Review and update overarching collection plan, as required.
- T0814 – Revise collection matrix based on availability of optimal assets and resources.
- T0820 – Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources..
- T0821 – Specify discipline-specific collections and/or taskings that must be executed in the near term.
- T0827 – Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques.
NICE Work Role Name:
All Source-Collection Requirements Manager
NICE Work Role ID:
CO-CLO-001
NICE Category:
Collect and Operate (CO)
NICE Work Role Description:
Evaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of collection requirements. Evaluates performance of collection assets and collection operations.
-
Mission Assessment Specialist (AN201-RBT)
Knowledge
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0036 – Knowledge of human-computer interaction principles.
- K0058 – Knowledge of network traffic analysis methods.
- K0109 – Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
- K0177 – Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- K0353 – Knowledge of possible circumstances that would result in changing collection management authorities.
- K0361– Knowledge of asset availability, capabilities and limitations.
- K0364 – Knowledge of available databases and tools necessary to assess appropriate collection tasking.
- K0380 – Knowledge of collaborative tools and environments.
- K0382 – Knowledge of collection capabilities and limitations.
- K0383 – Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.
- K0384 – Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements).
- K0386 – Knowledge of collection management tools.
- K0387 – Knowledge of collection planning process and collection plan.
- K0390 – Knowledge of collection strategies.
- K0395 – Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
- K0401 – Knowledge of criteria for evaluating collection products.
- K0404 – Knowledge of current collection requirements.
- K0412 – Knowledge of cyber lexicon/terminology
- K0417 – Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
- K0419 – Knowledge of database administration and maintenance.
- K0421 – Knowledge of databases, portals and associated dissemination vehicles.
- K0425 – Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.
- K0427 – Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
- K0431 – Knowledge of evolving/emerging communications technologies.
- K0435 – Knowledge of fundamental cyber concepts, principles, limitations, and effects.
- K0444 – Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
- K0445 – Knowledge of how modern digital and telephony networks impact cyber operations.
- K0446 – Knowledge of how modern wireless communications systems impact cyber operations.
- K0448 – Knowledge of how to establish priorities for resources.
- K0453 – Knowledge of indications and warning.
- K0454 – Knowledge of information needs.
- K0467 – Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).
- K0474 – Knowledge of key cyber threat actors and their equities.
- K0475 – Knowledge of key factors of the operational environment and threat.
- K0477 – Knowledge of leadership’s Intent and objectives.
- K0480 – Knowledge of malware.
- K0482 – Knowledge of methods for ascertaining collection asset posture and availability.
- K0492 – Knowledge of non-traditional collection methodologies.
- K0495 – Knowledge of ongoing and future operations.
- K0496 – Knowledge of operational asset constraints.
- K0498 – Knowledge of operational planning processes.
- K0505 – Knowledge of organization objectives and associated demand on collection management.
- K0513 – Knowledge of organizational priorities, legal authorities and requirements submission processes.
- K0516 – Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
- K0521 – Knowledge of priority information, how it is derived, where it is published, how to access, etc.
- K0526 – Knowledge of research strategies and knowledge management.
- K0527 – Knowledge of risk management and mitigation strategies.
- K0552 – Knowledge of tasking mechanisms.
- K0554 – Knowledge of tasking, collection, processing, exploitation and dissemination.
- K0558 – Knowledge of the available tools and applications associated with collection requirements and collection management.
- K0560 – Knowledge of the basic structure, architecture, and design of modern communication networks.
- K0561 – Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- K0562 – Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.
- K0563 – Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.
- K0565 – Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
- K0568 – Knowledge of the definition of collection management and collection management authority.
- K0569 – Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.
- K0570 – Knowledge of the factors of threat that could impact collection operations.
- K0579 – Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
- K0580 – Knowledge of the organization’s established format for collection plan.
- K0581 – Knowledge of the organization’s planning, operations and targeting cycles.
- K0584 – Knowledge of the organizational policies/procedures for temporary transfer of collection authority.
- K0587 – Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.
- K0588 – Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.
- K0596 – Knowledge of the request for information process.
- K0605 – Knowledge of tipping, cueing, mixing, and redundancy.
- K0610 – Knowledge of virtualization products (VMware, Virtual PC).
- K0612 – Knowledge of what constitutes a “threat” to a network.
Skills
- S0189 – Skill in assessing and/or estimating effects generated during and after cyber operations.
- S0194 – Skill in conducting non-attributable research.
- S0203 – Skill in defining and characterizing all pertinent aspects of the operational environment.
- S0211 – Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- S0216 – Skill in evaluating available capabilities against desired effects to provide effective courses of action.
- S0218 – Skill in evaluating information for reliability, validity, and relevance.
- S0227 – Skill in identifying alternative analytical interpretations to minimize unanticipated outcomes.
- S0228 – Skill in identifying critical target elements, to include critical target elements for the cyber domain.
- S0229 – Skill in identifying cyber threats which may jeopardize organization and/or partner interests.
- S0249 – Skill in preparing and presenting briefings.
- S0254 – Skill in providing analysis to aid writing phased after action reports.
- S0256 – Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
- S0271 – Skill in reviewing and editing assessment products.
- S0278 – Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).
- S0285 – Skill in using Boolean operators to construct simple and complex queries.
- S0288 – Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.).
- S0289 – Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches.
- S0292 – Skill in using targeting databases and software packages.
- S0296 – Skill in utilizing feedback to improve processes, products, and services.
- S0297 – Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
- S0303 – Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources.
- S0360 – Skill to analyze and assess internal and external partner cyber operations capabilities and tools.
Abilities
- A0069 – Ability to apply collaborative skills and strategies.
- A0070 – Ability to apply critical reading/thinking skills.
- A0078 – Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.
Tasks
- T0564 – Analyze feedback to determine extent to which collection products and services are meeting requirements.
- T0565 – Analyze incoming collection requests.
- T0568 – Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).
- T0577 – Assess efficiency of existing information exchange and management systems.
- T0578 – Assess performance of collection assets against prescribed specifications.
- T0580 – Assess the effectiveness of collections in satisfying priority information gaps, using available capabilities and methods, and adjust collection strategies and collection requirements accordingly.
- T0596 – Close requests for information once satisfied.
- T0602 – Collaborate with customer to define information requirements.
- T0605 – Compile lessons learned from collection management activity’s execution of organization collection objectives.
- T0613 – Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures.
- T0651 – Develop a method for comparing collection reports to outstanding requirements to identify information gaps.
- T0668 – Develop procedures for providing feedback to collection managers, asset managers, and processing, exploitation and dissemination centers.
- T0675 – Disseminate reports to inform decision makers on collection issues.
- T0675 – Conduct and document an assessment of the collection results using established procedures.
- T0682 – Validate the link between collection requests and critical information requirements and priority intelligence requirements of leadership.
- T0689 – Evaluate extent to which collected information and/or produced intelligence satisfy information requests.
- T0693 – Evaluate extent to which collection operations are synchronized with operational requirements.
- T0694 – Evaluate the effectiveness of collection operations against the collection plan.
- T0714 – Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.
- T0725 – Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.
- T0730 – Inform stakeholders (e.g., collection managers, asset managers, processing, exploitation and dissemination centers) of evaluation results using established procedures.
- T0734 – Issue requests for information.
- T0746 – Modify collection requirements as necessary.
- T0780 – Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans.
- T0809 – Review capabilities of allocated collection assets.
- T0810 – Review intelligence collection guidance for accuracy/applicability
- T0811 – Review list of prioritized collection requirements and essential information.
- T0819 – Solicit and manage to completion feedback from requestors on quality, timeliness, and effectiveness of collection against collection requirements.
- T0822 – Submit information requests to collection requirement management section for processing as collection requests.
- T0830 – Track status of information requests, including those processed as collection requests and production requirements, using established procedures.
- T0831 – Translate collection requests into applicable discipline-specific collection requirements.
- T0832 – Use feedback results (e.g., lesson learned) to identify opportunities to improve collection management efficiency and effectiveness.
- T0833 – Validate requests for information according to established criteria.