The spanish National Cyber Security Strategy has been adopted in 2013.
The spanish strategy is divided into six specific objectives:
OB 1 for the Public Authorities, to ensure that the Information and Telecommunications Systems used by them have the appropriate level of security and resilience
OB 2 for companies and critical infrastructures, to foster the security and resilience of the networks and information systems used by the business sector in general and by operators of critical infrastructures in particular
OB 3 in the judicial and police field operations, to enhance prevention, detection, response, investigation and coordination capabilities vis-à-vis terrorist activities and crime in cyberspace
OB 4 in the field of sensitisation, to raise the awareness of citizens, professionals, companies and Spanish Public Authorities about the risks derived from cyberspace
OB 5 in capacity building, to gain and maintain the knowledge, skills, experience and technological capabilities Spain needs to underpin all the cyber security objectives
OB 6 with respect to inter-national collaboration, to contribute to improving cyber security, supporting the development of a coordinated cyber security policy in the European Union and in international organisations, and to collabo-rate in the capacity building of States that so require through the development cooperation policy.
National Cyber Security Strategy
|Year of adoption||The national Cyber Security Strategy was adopted in 2013.|
|Updates and revisions||In October 2014, the National Cyber Security Council adopted the National Cyber Security Plan, after identifying the challenges faced by Spain, by defining the action guidelines for the next two years to achieve optimal implementation of the objectives outlined in the ENCS.|
All relevant Spanish legislation (even if references to European regulations have been also included where necessary) related to information security and cybersecurity in general have been included in a single document by ICNIBE and the Official State Gazette. The document is available here.
|Implementation and monitoring||
Under the direction of the Prime Minister, the Spanish national cyber security strategy is implemented by three bodies:
|Risk assessment plan||There is no legislation or policy in place in Spain that requires the establishment of a written risk assessment plan.|
Royal Decree 3/2010, which regulates e-government within the National Security Framework, requires information security system to be audited at least once every two years, and contains the provision for additional auditing in times of emergency.
Current status: NIS Directive and national CERTs/CSIRTs
|Computer security incident response teams||
CERTSI is the national accredited CSIRT
CSIRT-CV is the security centre of the Valencian community
CESICAT-CERT is the computer emergency response team of Catalonia
CCN-CERT is the national alert and reporting system for Public administration, company and organization of strategic interest (those essential for Spanish security and economy)
AndaluciaCERT is the computer emergency response team for Public administration and governments in Andalucia
CSUC-CSIRT is one of the computer emergency responce team for the Academia and Research sector
EsCERT is the second computer emergency response team for the Academia and Research sector
RedIRIS is the third computer emergency response team for the Academia and Research sector
In January 2016, ICC Spain in collaboration with the Spain Chamber of Commerce hosted a seminar in Madrid to present a Spanish version of the ICC Cyber security guide for business.The Spanish version of the guide launched at the seminar in Madrid today is the result of the collaboration between ICC Spain, ICC Mexico and ICC Chile with the support of Telefonica.
In February 2016, Huawei Spain and INCIBE signed a Memorandum of Understanding (MoU), which included a commitment from both organizations to promote best practices and information exchanges concerning cyber security protection.
Spain has also established the Centre for Industrial Cybersecurity (CCI) which promotes security best practices in the industrial sector.
The National Centre for Critical Infrastructure Protection (CNPIC) monitors the national critical infrastructure protection system, which includes owners, operators and users of Spanish critical infrastructure. As a result, CNPIC facilitates cooperation between the public and private sectors through initiatives like sectoral working groups.
|Report an incident||
The national accredited CSIRT is in charge o coordinating response measures across Spanish networks:
The Incident Response service is aimed at:
|Date of last WISER analysis||September 2016|