The Security and Industry CERT consults the main Spanish critical infrastructure to measure their capacity to resist a cyber-attack.
Is your organisation prepared to resist cyber-attacks? This is the main question that the Security and Industry CERT sent to thirty-two organisations that operate critical infrastructure in our country.
Sectors such as banking, industry, water, transport, and healthcare, that provide essential services to citizens, whose functioning is indispensable, and a cyber-attack against which could have major consequences for society, are being consulted through an extensive questionnaire in order to evaluate how they protect their facilities against potential cyber-attacks.
The Security and Industry CERT (INCIBE-CERT) recorded 17,888 cybersecurity incidents in Spain during 2014, which were managed by the INCIBE-CERT_ of which 63 affected strategic businesses.
As revealed by an ENISA report, more than 50% of successful attacks are due to carelessness and negligence in key aspects of cybersecurity. This figure has been the same in the last three years, and as such, it is necessary to improve awareness raising about cybersecurity.
At INCIBE-CERT_ the aim is to avoid cases such as that which occurred in the American bank JPMorgan Chase, which affected 76 million homes and 7 million small businesses, or in the case of a steel factory in Germany that sustained serious damage because the cybercriminals prevented an oven from being turned off.
Cyber resilience is the capacity for a process, nation, organisation, or business to anticipate, resist, recover, and evolve to improve its capacity to face adverse conditions, stress or attacks on the technological resources that it needs in order to function.
Using a form with 54 questions designed to extract the metrics and indicators of cyber resilience of organisations against cyber-attacks, the National Centre for Critical Infrastructure Protection (CNPIC), the State Department of Security body of the Ministry for Home Affairs responsible for the protection of Critical Infrastructure, along with the National Cybersecurity Institute (INCIBE), a body under the State Department of Telecommunications and the Information Society of the Ministry of Industry, aims to draft a report on the state of cyber resilience in Spanish critical infrastructures, which will allow an action plan to be developed to improve the protection of cybersecurity and resilience.
The state report on cyber resilience in Spanish critical infrastructure will allow us to answer the question on whether or not our country is prepared to resist cyber-attacks and take the necessary measures to make our country cyber resilient.