Cyber Defence Competencies A structured approach for MN CD E&T
towards cyber excellence
Allard Kernkamp MSc, Dr Josine van de Ven BSc. NATO Unclassified
Outline
• Overall perspective: Why do we need it?
• How do we get there?
• Recommendations
Why Do We Need It?
• Understand what competencies are needed
• for which target audience
• to perform CD tasks as part of their job
• Identify knowledge requirements for CD E&T
purposes and relate to projects e.g. EDA CD TEXP
• Based on existing studies and frameworks
• Solid basis for unified framework
Sources of information
• EDA Landscaping study 2013
• NIST SP 800-181 NICE Cybersecurity Workforce 2
Framework (US)
Two Frameworks - Phases
EDA Framework
NIST Framework
Prepare Prevent Detect Respond Enable
Identify Protect Detect Respond Recover
Two Frameworks
EDA Framework
• Build upon several US
frameworks.
– Military and civilian; over 7
years of experience
• Limited focus on
strategic tasks and roles.
• Focus on Tactical -
Technical level.
• 53 Work roles.
• Competencies at work
role level (not prioritized).
NIST Framework
• Study from 2013.
• Focus on NATO,
including strategic level.
• 18 target audience
segments.
• Proficiency levels to
indicate significant tasks.
• Differentiates between
core and supporting
tasks.
Approach
Example role in this presentation
Cyber Ops Planner (NIST work role ID: 332)
Collect and Operate (CO) / Cyber Defence Specialist (CDS4)
Develops detailed plans for the conduct or support of the
applicable range of cyber operations through collaboration with
other planners, operators and/or analysts. Participates in
targeting selection, validation, synchronization, and enables
integration during the execution of cyber actions.
Observations:
• Not a technical cyber expert
• Core activity: (cyber) planning process
• Supporting activities: Provides advice to sr. decision makers,
developers, HR, etc. to improve procedures/tools/etc,
involved with internal and external stakeholders
Why
> EDA Hierarchical Task List (Focus on NATO
processes)
> NIST detailed task list (tactical – technical
level)
WHY - Tasks
• Frameworks differ: number of tasks, detailed
description of tasks (number of tasks)
Core task:
(mission) planning
Support task: Advice to
decision makers
Who Redefine target audience overview
based on NIST work roles.
Backwards compatible with EDA
Target Audience List.
WHO - Target Audience
What
Definition of proficiency levels.
NIST framework of competencies.
WHAT - Proficiency levels
Knowledge
| Level 1 |
The individual can perform
basic or developmental level
work in activities requiring this
competency.
Comprehension and Application
| Level 2 |
He/She is considered someone
who has the capability to fully
perform work that requires
application of this competency in
routine situations and can
contribute knowledge or new ideas
in applying this competency.
Analysis
| Level 3 |
The individual is confident in
serving as an advisor and is
sought out to provide insight
into the application of this
competency.
Synthesis and Evaluation
| Level 4 |
The individual is able to per-
form successfully in complex,
unstructured situations.
He/She serves as a resource
and provide guidance to others.
WHAT - Competencies
• Observable, measureable patterns of knowledge,
skills, abilities (KSAs) that an individual needs to
perform successfully.
Note:
• Not a technical cyber expert
• Core activity: (cyber)
planning process
• Supporting activities: Advice
decision makers, Advice
developers, HR, etc.
Focus on education and
training of core
competencies
Level 3 and Level 4
competencies
E&T focus Pre-
requisite
Knowledge areas of Cyber OPS Planner
Example Knowledge areas
| Level 1 & Level 2|
Knowledge of …
staff management,
assignment, and allocation
processes. (K0534)
malware.
(K048)
computer networking
fundamentals.
(K0395)
| Level 3 & Level 4|
Knowledge of …
required intelligence
planning products
associated with cyber
operational planning.
(K0525)
planning activity initiation.
(K0518)
crisis action planning for
cyber operations.
(K0400)
Recommendations
1. Practical use and improvement of framework via
various opportunities, e.g:
a) Implementation of NATO Cyber Strategy,
b) EU-NATO cooperation,
c) Oeiras school,
d) EDA projects like CD TEXP & DePoCyTE,
e) Other national and international projects
2. Use Knowledge, Skills and Abilities from NIST
framework, made compatible with EDA via MN CD
E&T results.
3. Validate the updated Hierarchical Task List with
academia.
On behalf of the MN CD E&T team
Dr Josine van de Ven BSc
M: +31 6 22362896
Allard Kernkamp MSc
M: +31 6 20542148