What is CNPIC?
What is INCIBE?
How do CNPIC and INCIBE work together?
What is a CERT?
What is a Critical Infraestructure?
How does cybersecurity affect Critical Infrastructures?
What services does the Critical infrastructure Security Incident Response Centre offer?
How does the operator benefit?
What kind of incidents are dealt with?
The Centro Nacional de Protección de Infraestructuras y Ciberseguridad (National Center for Infrastructure Protection and Cybersecurity - CNPIC) is the body operating under the auspices of the Spanish Interior Ministry responsible for leading, coordinating and supervising the activity of the Secretaria de Estado de Seguridad (Secretary of State for Security) in relation to the protection of Critical Infrastructures located in Spain.
More information: http://www.cnpic.es
The Instituto Nacional de Ciberseguridad de España (Spanish National Institute of Cibersecurity – INCIBE) is an official body operating under the auspices of the Spanish Ministry of Economic Affairs and Digital Transformation, the Secretary of State for Digitization and Artificial Intelligence.
INCIBE’s mission is to strengthen cybersecurity, trust, and the protection of privacy with respect to Information Society services, providing value to the public, businesses, the Spanish Government, the ITC sector, coordinating its efforts with national and international bodies which work in this field.
More information: http://www.incibe.es
INCIBE operates as a technical support for CNPIC to support the management of ICT security incidents affecting Critical Infrastructures.
A CERT is a Computer Emergency Response Team, and comprises resources and personnel responsible for developing preventive and reactive measures regarding information system security incidents.
INCIBE is the Computer Emergency Response Team offered by INCIBE, which operates to provide preventive and reactive support in the area of information and communication technology security in the context of Critical Infrastructure security incidents.
Spanish law(Ley 8/2011) defines a Critical Infrastructure in this way:
"Critical infrastructures (i.e. those which provide essential services) are those whose operation is indispensible and to which there are no alternatives, for which reason their disruption or destruction would imply a serious impact on essential services."
The law governing the protection of Critical Infrastructures (Ley 8/2011 and Real Decreto 704/2011) emphasises the need to guarantee an adequate provision of essential services through mechanisms which proportion a comprehensive level of security to those Critical Infrastructures covered by the legislation. In order to reinforce measures related to Critical Infrastructure cybersecurity, a Critical Infrastructure incident management service has been set up.
The Centre’s principal activity is to take responsibility for the management of incidents, from initial notification to resolution, following the incident life-cycle as defined in the Incident Management protocol.
In addition to this, it is also planned to develop the services offered by the Centre, so as to provide services offering reactive (subsequent to an incident) and proactive (prior to a possible incident) protective mechanisms.
Having such a team at their disposition supposes various direct benefits for the operator, including:
- access to a specialist technical team;
- availability of an early warning notification service for risks, threats and incidents that could affect the operator’s information systems;
- an enhanced ability to limit the incident through collaboration with different relevant agents, such as internet service providers, law enforcement agencies and other CERTs, including at an international level in cases involving incidents with origins beyond the limits of Spanish jurisdiction;
- access to services of a preventative character oriented to the more efficient protection of national infrastructures;
- access to judicial and legal support throughout the incident’s life-cycle;
- incident tracking based on a common action protocol;
All security incidents which affect either national Critical infrastructures, or those that operate at an international level and who have signed up to the corresponding action protocol.