Collection Operations (CLO)

Collection Operations (CLO) NICE Specialty Area

Executes collection using appropriate strategies and within the priorities established through the collection management process.

NICE Work Role Name:

All Source-Collection Manager

NICE Work Role ID:

CO-CLO-001

NICE Category:

Collect and Operate (CO)

NICE Work Role Description:

Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership’s intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.

School of Cybersecurity Training

All Source-Collection Requirements Manager (CO203-RBT)
Cybersecurity Hunt (CO280)

CCE Program

Certified Expert Exploit Analyst (CEEA)®

Knowledge, Skills, Abilities and Tasks

Knowledge

K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0004 – Knowledge of cybersecurity and privacy principles.
K0005 – Knowledge of cyber threats and vulnerabilities.
K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
K0036 – Knowledge of human-computer interaction principles.
K0058 – Knowledge of network traffic analysis methods.
K0109 – Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
K0177 – Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
K0353 – Knowledge of possible circumstances that would result in changing collection management authorities.
K0361– Knowledge of asset availability, capabilities and limitations.
K0364 – Knowledge of available databases and tools necessary to assess appropriate collection tasking.
K0380 – Knowledge of collaborative tools and environments.
K0382 – Knowledge of collection capabilities and limitations.
K0383 – Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.
K0386 – Knowledge of collection management tools.
K0387 – Knowledge of collection planning process and collection plan.
K0390 – Knowledge of collection strategies.
K0392 – Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).
K0395 – Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
K0401 – Knowledge of criteria for evaluating collection products.
K0404 – Knowledge of current collection requirements.
K0405 – Knowledge of current computer-based intrusion sets.
K0412 – Knowledge of cyber lexicon/terminology
K0417 – Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
K0419 – Knowledge of database administration and maintenance.
K0425 – Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.
K0427 – Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
K0431 – Knowledge of evolving/emerging communications technologies.
K0435 – Knowledge of fundamental cyber concepts, principles, limitations, and effects.
K0440 – Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.
K0444 – Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
K0445 – Knowledge of how modern digital and telephony networks impact cyber operations.
K0446 – Knowledge of how modern wireless communications systems impact cyber operations.
K0448 – Knowledge of how to establish priorities for resources.
K0449 – Knowledge of how to extract, analyze, and use metadata.
K0453 – Knowledge of indications and warning.
K0454 – Knowledge of information needs.
K0467 – Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).
K0471 – Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).
K0474 – Knowledge of key cyber threat actors and their equities.
K0475 – Knowledge of key factors of the operational environment and threat.
K0477 – Knowledge of leadership’s Intent and objectives.
K0480 – Knowledge of malware.
K0482 – Knowledge of methods for ascertaining collection asset posture and availability.
K0492 – Knowledge of non-traditional collection methodologies.
K0495 – Knowledge of ongoing and future operations.
K0496 – Knowledge of operational asset constraints.
K0498 – Knowledge of operational planning processes.
K0503 – Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact.
K0505 – Knowledge of organization objectives and associated demand on collection management.
K0513 – Knowledge of organizational priorities, legal authorities and requirements submission processes.
K0516 – Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
K0521 – Knowledge of priority information, how it is derived, where it is published, how to access, etc.
K0522 – Knowledge of production exploitation and dissemination needs and architectures.
K0526 – Knowledge of research strategies and knowledge management.
K0527 – Knowledge of risk management and mitigation strategies.
K0552 – Knowledge of tasking mechanisms.
K0553 – Knowledge of tasking processes for organic and subordinate collection assets.
K0554 – Knowledge of tasking, collection, processing, exploitation and dissemination.
K0558 – Knowledge of the available tools and applications associated with collection requirements and collection management.
K0560 – Knowledge of the basic structure, architecture, and design of modern communication networks.
K0561 – Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
K0562 – Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.
K0563 – Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.
K0565 – Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
K0569 – Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.
K0570 – Knowledge of the factors of threat that could impact collection operations.
K0579 – Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
K0580 – Knowledge of the organization’s established format for collection plan.
K0581 – Knowledge of the organization’s planning, operations and targeting cycles.
K0583 – Knowledge of the organizational plans/directives/guidance that describe objectives.
K0584 – Knowledge of the organizational policies/procedures for temporary transfer of collection authority.
K0587 – Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.
K0588 – Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.
K0596 – Knowledge of the request for information process.
K0601 – Knowledge of the systems/architecture/communications used for coordination.
K0605 – Knowledge of tipping, cueing, mixing, and redundancy.
K0610 – Knowledge of virtualization products (VMware, Virtual PC).
K0612 – Knowledge of what constitutes a “threat” to a network.
K0613 – Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations.

Skills

S0304 – Skill to access information on current assets available, usage.
S0305 – Skill to access the databases where plans/directives/guidance are maintained.
S0316 – Skill to associate Intelligence gaps to priority information requirements and observables.
S0317 – Skill to compare indicators/observables with requirements.
S0327 – Skill to ensure that the collection strategy leverages all available resources.
S0329 – Skill to evaluate requests for information to determine if response information exists.
S0330 – Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.
S0334 – Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines.
S0335 – Skill to identify Intelligence gaps.
S0336 – Skill to identify when priority information requirements are satisfied.
S0337 – Skill to implement established procedures for evaluating collection management and operations activities.
S0339 – Skill to interpret readiness reporting, its operational relevance and intelligence collection impact.
S0344 – Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology.
S0346 – Skill to resolve conflicting collection requirements.
S0347 – Skill to review performance specifications and historical information about collection assets.
S0348 – Skill to specify collections and/or taskings that must be conducted in the near term.
S0352 – Skill to use collaborative tools and environments for collection operations.
S0353 – Skill to use systems and/or tools to track collection requirements and determine if they are satisfied.
S0362 – Skill to analyze and assess internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).

Abilities

A0069 – Ability to apply collaborative skills and strategies.
A0070 – Ability to apply critical reading/thinking skills.
A0078 – Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.

Tasks

T0562 – Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements.
T0564 – Analyze feedback to determine extent to which collection products and services are meeting requirements.
T0568 – Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).
T0573 – Assess and apply operational environment factors and risks to collection management process.
T0578 – Assess performance of collection assets against prescribed specifications.
T0604 – Compare allocated and available assets to collection demand as expressed through requirements.
T0605 – Compile lessons learned from collection management activity’s execution of organization collection objectives.
T0626 – Construct collection plans and matrixes using established guidance and procedures.
T0631 – Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads.
T0632 – Coordinate inclusion of collection plan in appropriate documentation.
T0634 – Re-task or re-direct collection assets and resources.
T0645 – Determine course of action for addressing changes to objectives, guidance, and operational environment.
T0646 – Determine existing collection management webpage databases, libraries and storehouses.
T0647 – Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture’s form and function.
T0649 – Determine organizations and/or echelons with collection authority over all accessible collection assets.
T0651 – Develop a method for comparing collection reports to outstanding requirements to identify information gaps.
T0657 – Develop coordinating instructions by collection discipline for each phase of an operation.
T0662 – Allocate collection assets based on leadership’s guidance, priorities, and/or operational emphasis.
T0674 – Disseminate tasking messages and collection plans.
T0681 – Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems.
T0683 – Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures.
T0698 – Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers.
T0702 – Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables.
T0714 – Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.
T0716 – Identify coordination requirements and procedures with designated collection authorities.
T0721 – Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness.
T0723 – Identify potential collection disciplines for application against priority information requirements.
T0725 – Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.
T0734 – Issue requests for information.
T0737 – Link priority collection requirements to optimal assets and resources.
T0750 – Monitor completion of reallocated collection efforts.
T0753 – Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture.
T0755 – Monitor the operational environment for potential factors and risks to the collection operation management process.
T0757 – Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements.
T0773 – Prioritize collection requirements for collection platforms based on platform capabilities.
T0779 – Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations.
T0806 – Request discipline-specific processing, exploitation, and disseminate information collected using discipline’s collection assets and resources in accordance with approved guidance and/or procedures.
T0809 – Review capabilities of allocated collection assets.
T0810 – Review intelligence collection guidance for accuracy/applicability
T0811 – Review list of prioritized collection requirements and essential information.
T0812 – Review and update overarching collection plan, as required.
T0814 – Revise collection matrix based on availability of optimal assets and resources.
T0820 – Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources..
T0821 – Specify discipline-specific collections and/or taskings that must be executed in the near term.
T0827 – Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques.