8/16/2019 The National Cyber Security Strategy_Spain
1/43
NATIONALCYBER SECURITY STRATEGY
NIPO 002-14-024-X
8/16/2019 The National Cyber Security Strategy_Spain
2/43
NATIONALCYBER SECURITY STRATEGY
8/16/2019 The National Cyber Security Strategy_Spain
3/43
THE PRIME MINISTER
The use of Information and Communications Technologies has become wide-
spread in daily life in our country. This new scenario of possibilities offers un-precedented development in the exchange of information and communications,
but at the same time it entails serious risks and threats which can affect Na-
tional Security.
Several factors contribute to the proliferation of criminal actions in cyberspace:
the profitability of exploiting it in economic, political or other terms, the ease and
low cost of employing the tools used to stage attacks, and the ease with which
attackers can hide make it possible to carry out these activities anonymously
and from anywhere in the world, with crosscutting impacts on the public and
private sectors and on citizens themselves.
The different attacker profiles exploit technological vulnerabilities in order to
glean information, steal highly valuable assets and threaten basic services thatare essential to our country’s normal functioning. The peaceful enjoyment of
certain fundamental rights enshrined in our Constitution and in international law
can be seriously compromised as a result of actions of this kind.
Fully conscious of the importance of the matter and committed to the devel-
opment of the Digital Society, the National Security Council has promoted the
drafting of the National Cyber Security Strategy in order to provide a response
to the huge challenge entailed by protecting cyberspace from the risks and
threats hovering over it.
The National Cyber Security Strategy is adopted under, and aligned with, the
National Security Strategy of 2013, which includes cyber security in its twelve
areas of action.
The adoption of the present strategic document highlights the collective capa-
bilities and the commitment of a nation determined to guarantee its security in
cyberspace. For Spain, advances in the field of cyber security furthermore con
tribute to enhancing our economic potential, as they promote a more secure
environment for investment, job creation and competitiveness.
8/16/2019 The National Cyber Security Strategy_Spain
4/43
THE PRIME MINISTER
The National Cyber Security Strategy is the frame of reference of a comprehen-
sive model based on the involvement, coordination and harmonisation of all theState actors and resources, and on publicprivate collaboration and citizen par-
ticipation. Likewise, as cyber security is transnational, cooperation with the Eu-
ropean Union and other international organizations with responsibilities in this
field is an essential part of this model.
To achieve its objectives, the Strategy establishes an organisational structure
that is integrated into the framework of the National Security System. This
structure will underpin the single action of the State in accordance with princi-
ples shared by the actors concerned and in an appropriate institutional frame-
work.
This dependence on cyberspace requires us to devote all the necessary means
to placing our capabilities at the service of cyber security. The environment isdynamic and we face many uncertainties and challenges. Only if we are firmly
committed to the security of cyberspace will the competitiveness of our econo-
my and Spain’s prosperity be a possibility.
Mariano Rajoy BreyPrime Minister of Spain
8/16/2019 The National Cyber Security Strategy_Spain
5/43 NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT v
Contents
• Executive Summary ............................................................................... 1
•
Chapter 1Cyberspace and security ......................................................................... 7
• Chapter 2Purpose and guiding principles of cyber security in Spain ....................13
• Chapter 3
Objectives of cyber security ..................................................................19• Chapter 4
Lines of action of National cyber security .......... .... ....... .... ....... .... ... 29
• Chapter 5Cyber security in the National Security System ....................................41
8/16/2019 The National Cyber Security Strategy_Spain
6/43
ExecutiveSummary
Executive Summary
8/16/2019 The National Cyber Security Strategy_Spain
7/43
3
Executive Summary
T he National Cyber SecurityStrategy is the strategic document that provides the Spanish Government
withabasisfordevelopingtheprovisions
of the National Security Strategyon the
protectionofcyberspaceinorderto im
plementcyberthreatprevention,defence,
detection,responseandrecoveryactions
againstcyberthreats
The Strategy consists of five chap
ters. The first,entitledCyberspaceand
itssecurity,outlinesthecharacteristicsthat
define cyberspace, the opportunities it
provides and the security implications of
dependingonit.Thischaptershowshow
the par ticular character istics which are
commontocyberthreatsandthehighde
pendence of the economy and essential
services on cyberspace result in an in-
creaseinrisksandthreatswithapoten
tiallyseriousimpactonNationalSecurity.
The second chapter dealswiththe
Purpose and guiding principles of cyber secu-
rity in Spain.Itestablishesasapurposethe
settingofgeneralguidelinesforthesecure
useofcyberspacethroughacomprehen
sivevisionthatinvolvesthecoordination
ofthePublicAuthorities,theprivatesec
torandcitizensandchannelsinternational
initiativesinthisfield,respectingdomestic
andinternationallawandinlinewithother
nationalandinternationalstrategicdocu
ments.
The guiding principlesofcybersecurity
arenational leadership and the coordination
of efforts; shared responsibility; proportionali-
ty, rationality and efficiency; and international
cooperation as an extension of the basic
principlesoftheNationalSecurityStrate
gy.Theseprinciplesunderlinetheneedfor
developmentplanningofthecurrentcon
text,with special emphasis on protecting
the constitutional values as an element
commontoallfourprinciples.
Inthethird chapter, theStrategyex
aminestheCyber security objectivesingreat
erdetail.Anoverall objective istoensure
that Spain makes secure use of the Informa-
tion and Telecommunications Systems,
strengthening cyberattack prevention, de
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
8/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT4
fence, detection, analysis, investigation, recov-
ery and response capabilities. The National
Cyber Security Policy must serve this pur-
pose.
The Strategy goes on to set up six spe-cific objectives: 1) for the Public Authori-
ties, to ensure that the Information and Tel-
ecommunications Systems used by them
have the appropriate level of security and
resilience; 2) for companies and critical infra-
structures, to foster the security and resil-
ience of the networks and information sys- tems used by the business sector in general
and by operators of critical infrastructures
in particular ; 3) in the judicial and police field
operations, to enhance prevention, detec-
tion, response, investigation and coordina-
tion capabilities vis-à-vis terrorist activities
and crime in cyberspace; 4) in the field of
sensitisation, to raise the awareness of citi-
zens, professionals, companies and Spanish
Public Authorities about the risks derived
from cyberspace; 5) in capacity building, to
gain and maintain the knowledge, skills, ex-
perience and technological capabilities
Spain needs to underpin all the cyber secu-
rity objectives; and 6) with respect to inter-
national collaboration, to contribute to im-
proving cyber security, supporting the
development of a coordinated cyber secu-
rity policy in the European Union and in
international organisations, and to collabo-
rate in the capacity building of States that
so require through the development coop-
eration policy.
Chapter four lays down the Lines of
Action of National Cyber Security. Interde-
pendently, and in connection with the ob- jectives established in the previous chapter,
the Strategy guides the action aimed at
achieving the objectives set out.
The fifth and last chapter is devot-
ed to Cyber security in the National Se-
curity System and establishes the organi-sational structure at the service of cyber
security. Under the direction of the Prime
Minister, the structure is comprised of
three bodies. One already exists – the
National Security Council as the
Government Delegated Commission for
National Security – and two are new: the
Specialised Cyber Security Com-
mittee, which will support the National
Security Council by assisting the direction
and coordination of the National Security
Policy in cyber security matters and by
fostering coordination, cooperation and
collaboration among Public Authorities
and between them and the private sec-
tor ; and the Specialised Situation
Committee which, with the support of
the Situation Centre of the National Se-
curity Depar tment, will manage cyber se-
curity crisis situations which, on account
of their cross-cutting nature or extent,
8/16/2019 The National Cyber Security Strategy_Spain
9/43
5
exceed the response capabilities of the Committeeswillactinacomplementary
usual mechanisms.The two Specialised manner.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
C b
8/16/2019 The National Cyber Security Strategy_Spain
10/43
Cyberspaceand itssecurity
Chapter 1Cyberspaceand its security
8/16/2019 The National Cyber Security Strategy_Spain
11/43
9
Chapter 1Cyberspace and its security
T hedevelopmentofInformationandCommunicationsTechnologies(ICT)hasgivenrisetoanewspaceinwhichrelationsareconductedandinwhichthespeedandeasewithwhichinformationandcommunicationsareexchangedhaveovercomethebarriers
ofdistanceandtime.Cyberspace,thenamegiventotheglobalanddynamicdomaincom
posedoftheinfrastructuresofinformationtechnology–includingtheInternet–networks
andinformationandtelecommunicationssystems,hasblurredborders,involvingtheirusers
inanunprecedentedglobalisation thatprovidesnewopportunitiesbut alsoentails new
challenges,risksandthreats.
Oursociety’sdegreeofrelianceonICTandcyberspaceisgrowingdaily.Knowledgeof
itsthreats,managingtherisksandbuildinganappropriateprevention,defence,detection,
analysis,investigation,recoveryandresponsecapabilityareessentialelementsoftheNa
tionalCyberSecurityPolicy.
“Te development of IC has given rise to a new space in whichrelations are conducted and in which the speed and ease with whichinformation and communications are exchanged have overcome the
barriers of distance and time”
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
12/43
Theattacksderivedfromthesethreats,knownascyberattacks,generallyshareanumber
ofcommoncharacteristics:
Characteristics of cyber attacks
Low Cost
many of the tools used by attackers can be obtained free of charge or at a very low
cost.
Ubiquity and ease of execution
the execution of attacks is independent of the location of the aggressors, and in many
cases considerable technical knowledge is not necessary.
Effectiveness and impact
if the attack is well designed, it may achieve its desired objectives.The absence of
cyber security policies, insufficient resources and lack of awareness and skills can
facilitate this adverse outcome.
Reduced risk for the attacker
ease of concealment means that it is not easy to attribute a cyber attack to its real
perpetrator or perpetrators.This, coupled with a disparate or non-existent legalframework, makes it difficult to prosecute the action.
Thehostofpotentialattackersincreasestherisksandthreatsthatcanseriouslyjeopard
isetheservicesprovidedbythePublicAuthoritiesandtheCriticalInfrastructuresandthe
activitiesofcompaniesandcitizens.Furthermore,thereisevidencethatcertaincountries
havemilitaryandintelligencecapabilitiestocarryoutcyberattacksthatplaceNationalSe
curityatrisk.
“Cyber security is a necessityCybersecurityisanecessityofoursociety
of our society and our andoureconomicmodel.Giventheinfluence of Information andTelecommunications Sys- economic model” tems on the economy and public services,
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
13/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT 11
Spain’s stability and prosperity largely depend on the security and reliability of cyber space
– qualities which can be jeopardised by technical causes, natural phenomena or deliberate
aggressions.
Risks and threats to national Cyber Security
FOREIGN STATES
CYBERSPACE
HACKING
ORGANISED CRIME
HACKTIVISTS
DOMESTIC THREATS
TECHNICAL CAUSES NATURAL PHENOMENA
INDIVIDUALS ACTING ALONE
CONFLICTS
TERRORISM SABOTAGE
CRIME ESPIONAGE
TERRORIST
ORGANIZATIONS
P
8/16/2019 The National Cyber Security Strategy_Spain
14/43
Purposeand guiding principles of cyber security
Chapter 2Purposein Spain
and guiding principlesof cyber securityin Spain
8/16/2019 The National Cyber Security Strategy_Spain
15/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
Chapter 2Purpose and guiding principlesof cyber security in Spain
S pain requires secure and reliable Information and Telecommunications Systems, bothfor its physical infrastructure (equipment and networks) and the intangible component(computer programmes, models or procedures).These systems, while allowing citizens and
companies access to cyberspace, store valuable information and support strategic services
for our nation that are essential to the correct functioning of our society.
The purpose of the National Cyber Se-
curity Strategy promoted by the National “Te purpose of the NationalSecurity Council is to establish general Cyber Security Strategyguidelines for the secure use of cyberspace, en
promoted by the Nationalcouraging a comprehensive vision, the applica-
Security Council is to establish tion of which helps guarantee our nation’s security and progress through appropriate guidelines for the secure use ofcoordination and cooperation among all the cyberspace”Public Authorities and with the private sector
and citizens, with utmost respect for the princi
ples enshrined in the Constitution and in the provisions of the Charter of the United Na
tions on the peace keeping and international security; and in consonance with the National
Security Strategy and initiatives developed in the European, international and regional
framework.
It likewise encourages Spain’s presence in international organisations and forums by
channelling international initiatives and efforts to protect cyberspace.
15
8/16/2019 The National Cyber Security Strategy_Spain
16/43
6
Guiding Principles
TheNational Cyber Security Strategy,intunewiththebasicprinciplesoftheNationalSecurityStrategyandasanextensionofthem,isunderpinnedandinspiredbythe
followingGuidingPrinciples:
the scope and complexity of the challenges of cyberspace require, in addition to determined
national leadership, appropriate coordination of the capabilities, resources and responsibilitiesinvolved. Both tasks are undertaken by the Prime Minister, who will direct and supervise the
National Cyber Security Policy in the framework of the National Security Council.
the crossborder nature of threats makes it essential to promote global cooperation, as many of
the possible measures will only prove effective if they are adopted internationally with appropriate
cooperation and coordination between the different countries.
All the public and private agents with responsibilities in these matters, also including citizens,
must feel involved in cyber security. For this purpose, intense coordination of the different
bodies of the Public Authorities is necessary together with appropriate publicprivatecooperation capable of ensuring the compatibility of initiatives and fostering the exchange of
information.
it is necessary to manage the risks derived from the use of technology in a dynamicmanner, balancing opportunities and threats and ensuring proportionality in the protection
measures adopted, which must be confidencebuilding elements and not hindrances to the
development of new services.
National
leadership andcoordination
of efforts
International
cooperation
Shared
responsibility
Proportionality,
rationality and
efficiency
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
17/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
Theyallrespectandstrengthentheprotectionandfullenjoymentofthefundamental
freedomsenshrinedinourConstitutionandininternationalinstrumentsasimportantas theUniversalDeclarationofHumanRights,theInternationalCovenantonCivilandPolitical
RightsandtheEuropeanConventionfortheProtectionofHumanRightsandFundamental
Freedoms.TheSpanishGovernmentundertakestodeveloppolicieswhich,byimproving
thesecurityoftheInformationandTelecommunicationsSystemsusedbycitizens,profes
sionalsandcompanies,preservethefundamentalrightsofthemall,especiallyinthemost
underprivilegedsectors.
17
Obj i
8/16/2019 The National Cyber Security Strategy_Spain
18/43
Objectivesofcyber security
Chapter 3Objectives ofcyber security
8/16/2019 The National Cyber Security Strategy_Spain
19/43
21
Chapter 3Objectives of cyber security
OVERALL OBJECTIVE
To ensure that Spain uses Information and Telecommunications Systems se
curely by strengthening prevention, defence, detection and response capa
bilities vis-à-vis cyber attacks.
T oachieveasecurecyberspace,aNational
CyberSecurityPolicywillbepromotedbydeveloping an appropriate regulatory frame
workandfosteringaStructurethatbringsto
getherandcoordinatesalltheinstitutionsand
agents with responsibilities in this area.This
Structurewillbebasedontheprincipleofeffi
ciencyandsustainabilityintheuseofresources,
guaranteeing theoptimal prevention, defence,
detection, analysis, investigation, recovery and
response capabilities of the Information and
TelecommunicationsSystemsvis-à-vispossible
cyberattacks.
“o achieve a secure cyberspace,a National Cyber Security Policywill be promoted by developing
an appropriate regulatory framework and fostering a
Structure that brings together
and coordinates all theinstitutions and agents withresponsibilities in this area”
ThestrengtheningofcybersecuritywillprovidethePublicAuthorities,theindustrialand
businesssector,thescientificcommunityandcitizensingeneralwithgreater confidencein
theuseofICT.Forthispurposethepublicorganisationsresponsiblewillworkincoordina tionwiththeprivatesectorandcitizensthemselvestoguaranteethesecurityandreliability
ofthesystemsthatunderpintheso-calledInformationSociety.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
20/43
Also,indefenceofnationalinterest,theNationalCyberSecurityPolicywillbealigned
withinitiativessimilartothoseofthecountriesinourneighbourhoodandwiththeEuro-peanandinternationalorganizationswithresponsibilitiesinthisarea,particularlytheEU
CyberSecurityStrategy.
Finally,inordertoensuretheprotectionofthesystemsandtheresilienceoftheservices
ofthePublicAuthoritiesandCriticalInfrastructures,aswellastheavailabilityofreliable
products,itwillbenecessarytobolster,giveimpetustoandstrengthenthenationalcyber
securityresearchanddevelopmentcapabilitiesoftheICT.
InthisconnectionSpain,continuingwithitspolicyoftechnologicaldiversificationand
neutrality,willendeavourtousecomponentsthatarecertifiedasconformingtointerna
tionallyrecognisedstandards.
Theconsiderationsofthisoverallobjectivewillapplytotherestoftheobjectives.
OBJECTIVE I
To ensure that the Information and Telecommunications Systems used by the
Public Authorities have an appropriate level of cyber security and resilience
AconsiderablepartoftheICTsystemsoftheSpanishPublicAuthorities,theinformation
containedinthemandtheservicestheyprovideconstitutestrategicnationalassets.
Itisthereforeessentialtofostertheimplementationofacoherentandcomprehensive
nationalframeworkforpolicies,proceduresandtechnicalstandardsthathelpensurethe
protection of public information and its sys
temsandservices,andofthesupportingnet“It is essential to foster the
works. Thisframeworkwillbeakeytodevelimplementation of a coherentoping and implementing services that are
increasinglysecure. and comprehensive national
framework for policies,AdaptingthesystemsofthePublicAuthori- procedures and technical
tiestothisrealityinvolvesestablishingsecurity standards that help ensure theservicesinthem,improvingandexercisingtheir
protection of publicability toprevent, detect, respond toand re
information”coverfromincidents,developingnewtoolsandkeepingthelegalsystemuptodate.
22 NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
21/43
23
Likewise,inadditiontoimprovingthecapabilitiesofthemilitary,Defenceandintelligence
systems,itisnecessarytobolsterthesecurityofthestrategicInformationandCommunica tionSystems,adaptingthemtothenewrisksandthreatsofcyberspace.
ThePublicAuthoritieswillbeactivelyinvolvedinaprocessofcontinuousimprovement
withrespecttoprotectingtheirICTsystems.Theauthoritiesarerequiredtosetanexample
inthemanagementofcybersecurity.
OBJECTIVE II
To foster the security and resilience of the Information and Telecommunica
tions Systems used by the business sector in general and the operators of
Critical Infrastructures in particular
When applying the principle of shared re
sponsibility,thePublicAuthoritiesmustmaintain “Ensuring the Protectioncloserelationswiththecompaniesthatmanage of Spain’s echnologicalInformation andTelecommunications Systemsrelevanttonationalinterests,exchangingknowl- Heritage”edgeinordertofacilitateappropriatecoordina
tionbetweenbothandamutualunderstanding
ofthecybersecurityenvironment.
InthisconnectionspecialmentionshouldbemadeofactionsaimedatensuringtheProtectionofSpain’sTechnologicalHeritage,whichistakentomeanthosetangibleornon-
tangibleassetswhichunderpintheintellectualandindustrialpropertyofthebusinesssector,
shapeourpresentandconditionfuturedevelopment.
Itisalsointerestingtodeterminetheimpactthatpotentialinterruptionordestructionof
thenetworksandsystemsthatprovideessentialservicestosocietymayhaveonSpain.As
theprivatesectorownsagoodmanyofthesesystems,themeasuresadoptedincyberse
curitymustbealignedwiththerequirementslaiddownintheregulationsontheProtection
ofCriticalInfrastructuresinordertoachieveacomprehensivesetofmeasurestobeap
pliedtotherelevantsectors.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
http:///reader/full/Spain.Ashttp:///reader/full/Spain.As
8/16/2019 The National Cyber Security Strategy_Spain
22/43
4
OBJECTIVE III
To enhance prevention, detection, reaction, analysis, recovery, response, re
search and coordination capabilities vis-à-vis terrorist activities and crime in
cyberspace
“It is essential to strengthen
international judicial and police cooperation,establishing appropriate
instruments for collaborationand the exchange ofinformation and the
harmonisation of nationallegislation”
ICTareameans,anendoracombinationof
both, used by terrorist and criminal organisa
tionstoachievetheirobjectives.Tothisshould
beaddedthegrowingpossibilityofusingcyber
spaceasanobjectiveinitselftoperpetrateat
tacksagainstessential servicesorCritical Infra
structures.Inbothcasesitisnecessarytobolster
theprevention,detection,reaction,analysis re
covery,response,investigationandcoordination
mechanismsrelatingtothesekindsofcrimes.
ThepoliceandjudicialactionoftheStatein
cybersecuritymattersmustbeadaptedtothe
patternsofconductandtypesofcrimecommit
tedbyterroristsandcriminalsincyberspace,whoseobjectives–butnotmethods–usu
allycoincidewithtraditionalones.
Toeffectivelyaddressthesethreats,whichoftenextendbeyondStates’borders,itisessentialtostrengtheninternationaljudicialandpolicecooperation,establishingappropriate
instrumentsforcollaborationandtheexchangeofinformationandtheharmonisationof
nationallegislation,anddevelopingandmaintainingsoundandeffectiveregulations.
Likewise,itisnecessarytofostercitizencollaboration,facilitatingproceduresfortheac
cesstoandtransmissionofinformationofinteresttothepolice.
Successincombatingterrorismandcrimeincyberspacerequiresputtinginplacethe
mechanismsneededtoimprovethecapabilitiesofthepoliceinstitutionsandrelevantjudi
cialbodies.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
23/43
25
OBJECTIVE IV
To raise the awareness of citizens, professionals, companies and Spanish Pub
lic Authorities about the risks derived from cyberspace
The Spanish Government, recognising the
importance of building and maintaining confi
dence in the InformationandTelecommunica
tions Systems used by citizens, professionals,
companiesandpublicsectorbodies,willunder
take the information and sensitisation actions
neededtoensurethattheyareallawareofthe
risksofoperatingincyberspaceandhaveknowl
edgeof,andaccessto,toolsthatmakeitspro
tectionpossible.
“Companies must be aware ofthe responsibility of ensuring
the security of their systems, the protection of their clients’ andsuppliers’ information and thereliability of the services they
provide”
Atthesametime,companiesmustbeawareoftheresponsibilityofensuringthesecurityoftheirsystems,theprotectionoftheirclients’andsuppliers’informationandthereli
abilityofthe services theyprovide.Maintainingconsumerconfidence isessentialto the
successofthedigitaleconomy.ThesameistrueofthePublicAuthoritiesandtheirrelation
shipwithcitizens.
Therefore,anessentialfunctionistopromoteasoundcybersecurityculturewhichpro-
videsallactorswiththenecessaryawarenessandconfidencetomaximisethebenefitsof theInformationSocietyandreducetoaminimumtheirexposuretotherisksofcyberspace
byadoptingreasonablemeasurestoguaranteetheprotectionoftheirdataandthesecure
connectionoftheirsystemsandequipment.
Theeffectivemanagementoftherisksderivedfromcyberspacemustbebuiltona
soundcultureofcybersecurity.Thisrequiresuserstobesensitivetotherisksentailedby
operatinginthisdomain,andtobefamiliarwiththetoolsforprotectingtheirinformation,
systemsandservices.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
24/43
6
OBJECTIVE V
To gain and maintain the knowledge, skills, experience and technological ca
pabilities Spain needs to underpin all the cyber security objectives
Giventhestrategicimportanceofsecurityincyberspace,anabsolutepriorityistohave
qualifiedpersonnelatalllevels:government,management,operational,technicalandjudicial
bodies.
Furthermore,it is important to foster and
“It is necessary to foster and boostthetechnologicalcapabilitiesrequiredforreliablenational solutions thatenablesystemseffectively maintain R & D& I to be adequately protected from different
activity in cyber security” threats.
Toachievethisconfidence,itisnecessaryto
fosterandeffectivelymaintainR&D&Iactivityincybersecurity.ForthispurposethegroupofagentsinvolvedinICTmustbeappropriatelycoordinated,facilitatingcollaborationbe
tweencompaniesandpublicresearchbodiesandpromotingprojectsfortheevaluationand
certificationofsecurity.
Thequalificationofthepersonnelinchargeofthedirection,managementandimple
mentationofcybersecurityisafundamentalobjective,especiallyinthePublicAuthorities
andStrategicandCriticalInfrastructuresofnationalinterest.Whatismore,theuseofverifiedsecurityproductsisasignificantadditionalelementofprotection.
OBJECTIVE VI
To contribute to improving cyber security in the international sphere
ThedevelopmentofacoordinatedcybersecuritypolicyintheEuropeanUnionandin
theinternationalSecurityandDefenceorganisationsinwhichSpaintakespartwillbefos
teredandsupported,andcollaborationwillbecarriedoutincapacitybuildingofStatesthat
sorequirethroughthedevelopmentcooperationpolicy,helpingthemtoimplementacyber
securityculture.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
25/43
27
Cooperationwillbefosteredintheframe
workoftheEUandwithinternationalandre
gionalorganisationssuchastheEuropeanDe
fence Agency (EDA), the European Union
AgencyforNetworkandInformationSecurity
(ENISA),theEuropeanCybercrimeCentreat
tachedtoEUROPOL,theUnitedNations(UN),
theOrganizationforSecurityandCooperation
in Europe (OSCE), the NorthAtlanticTreaty
Organization(NATO),andtheOrganizationforEconomic Cooperation and Development
(OECD),amongothers.
“Te development of acoordinated cyber security policyin the European Union and the
international Security andDefence organisations will be promoted and supported”
Togetherwiththecountriesbelongingtoourstrategicenvironment,effortsaimedat
achievingasecureandreliablecyberspacewillbepromotedbystrengtheninginternational
collaboration,creatingconfidencerelationshipsfortheexchangeofessentialcybersecurity
informationanddataandthedevelopmentofcooperationanddevelopmentinitiatives.Ac tionsdesignedtopromotetheadoptionofinternationalcybersecuritystandardsandtheir
progressiveraisingwilllikewisebecarriedout.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
http:///reader/full/initiatives.Achttp:///reader/full/initiatives.Ac
8/16/2019 The National Cyber Security Strategy_Spain
26/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
To ensure that Spain usesInformation and
Telecommunications Systems
securely, by strengthening
prevention, defence, detection,
analysis, investigation, recovery
and response capabilities vis-à-vis
cyber attack.
OBJECTIVEI
OBJECTIVEII
OBJECTIVE
III
OBJECTIVEIV
OBJECTIVEV
OBJECTIVEVI
OVERALLOBJECTIVE
To contribute to
improving cyber
security in the
international
sphere
To ensure that the Information and TelecommunicationsSystems used by the Public Authorities have the
appropriate level of cyber security and resilience.
To foster the security and reslilience of the Information
and Telecommunications Systems used by the business
sector in general and operators of Critical Infrastructures
in particular.
To enhance prevention, detection, reaction, analysis,
recovery, response, investigation and coordination
capabilities vis-à-vis terrorist activities and crime incyberspace.
To raise the awareness of citizens, professionals,
companies and Spanish Public Authorities about the risks
derived from cyberspace.
To gain and maintain the knowledge, skills, experience
and technological capabilities Spain needs to underpin all
the cyber security objectives.
28
Lines of
8/16/2019 The National Cyber Security Strategy_Spain
27/43
Lines ofaction ofNationalcyber security
Chapter 4
Lines of actionof Nationalcyber security
8/16/2019 The National Cyber Security Strategy_Spain
28/43
31
Chapter 4Lines of action ofNational cyber security
The National Cyber Security Strategy for achieving the above objec-tives is based on the following Lines of Action:
LINE OF ACTION 1
Capability to prevent, detect, respond to and recover from cyber
threats
Increase prevention, defence, detection, analysis, response, recovery and coordination
capabilities vis-à-vis cyber threats, placing particular emphasis on the Public Authorities,
Critical Infrastructures, military and Defence capabilities and other systems of national in
terest.
TheSpanishGovernmentwilladopttherelevantmeasuresinthislineofaction,in
cluding:
• Broadenandimprovecapabilities todetectandanalysecyber threatsinorder to
enableattackproceduresandoriginstobeidentifiedandthenecessaryintelligenceto
begatheredforamoreeffectivedefenceandprotectionofnationalnetworks.
• Broadenand strengthencapabilities todetectand respond tocyber attacksdi
rectedagainstnational,regionalorsectorialtargets,includingcitizensandcompanies.
• Guarantee thecoordination,cooperationandexchangeof informationbetween
theCentralGovernment,theAutonomousRegions,LocalAuthorities,theprivatesector
andtheEUandinternationalbodieswithresponsibilitiesinthisfieldinordertoensure
continuousawarenessraising,trainingandresponsecapabilitythroughtheSystemforthe
ExchangeofInformationandReportingofIncidents.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
29/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
• Ensure the cooperation of organisations with responsibilities in cyber security,
especiallybetweentheGovernmentCERToftheNationalCryptologyCentre(CCNCERT),theArmedForcesJointCyberDefenceCommand(MCCD),andtheCERTfor
SecurityandIndustry.TheCERTsoftheAutonomousRegions,thoseofprivateinstitu
tionsandotherrelevantcybersecurity servicesmustbecoordinatedwiththeabove
mentioneddependingontheresponsibilitiesofeachone,establishingtheappropriate
instrumentsforthispurpose.
• Developpreventionanddetectioninstructionsandkeep themupdated,including
proceduresforrespondingtocrisissituationsandspecificcontingencyplansvis-à-viscybersecurityincidentsthatarenationalinscope,ensuringtheyareintegratedintothe
NationalSecuritySystem.
• Develop
and
implement
a
Programme
of
Simulation
Exercises
for
Cyber
Security
Incidents,inordertoassessandimprovetheactionscarriedoutinthisfield.
• Broadenandcontinuously develop theCyber Defencecapabilitiesof theArmed
ForcesallowingthemtoappropriatelyprotecttheirNetworksandInformationandTel
ecommunicationsSystems,aswellasothersystemswhichaffectNationalDefence.The
implementationoftheJointCyberDefenceCommandwillbeconsolidatedanditwillbe
encouragedtocooperatewiththedifferentbodieswiththecapability torespondto
cyberincidentsinaspectsofcommoninterest.
• Boostmilitary and intelligencecapabilities todeliver a timely,legitimateandpro
portionateresponse incyberspace tothreats oraggressions thatcan affectNational
Defence.
32
8/16/2019 The National Cyber Security Strategy_Spain
30/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 2
Security of the Information and Telecommunications Systems that
underpin the Public Authorities
Ensure the implementation of the National Security Scheme, strengthen detection ca
pabilities and improve the defence of classified systems.
ThislineofactioncoverstheinitiativesneededtoprotecttheInformationSystemsof
theCentralGovernment, theAutonomous Regions, theLocalAuthorities andbodies
relatedorattachedtothem,aswellastheInformationandTelecommunicationsSystems
andinfrastructurescommontothemall.
Forthispurpose,theSpanishGovernmentwilladoptthefollowingmeasures,among
others:
• Ensure the full implementation of the National Security Scheme and establish the
necessaryproceduresforbeingregularlyapprisedofthestateofthemainsecurityvariablesofthesystemsinvolved.
• Broaden and improve the capabilities of the Government CERT – CCN-CERT
andparticularlyofitsDetectionandEarlyWarningSystems.
• Strengthen the security structures and surveillance capability of Information Sys
tems,particularlythosethathandleclassifiedinformation.
• Optimise the model whereby the Spanish Government bodies interconnect with
publicvoiceanddatanetworks,maximisingtheirefficiency,availabilityandsecurity.• Strengthen the implementation and security of the common and secure infra
structureintheSpanishpublicadministrationsystem(SARAnetwork),boostingitsuse
anditssecurityandresiliencecapabilities.
• Develop new secure horizontal services in accordance with the guidelines of the
DirectorateforInformationandCommunicationTechnologiesof theCentralGovern
ment,thebodyresponsibleforcoordinating,directingandrationalisingtheuseofICTin
theCentralGovernment.
• Step
up
national
activities
aimed
at
developing
and
evaluating
products,
services
andsystemsinordertoobtaintheircertificationbyspecificallysupportingthosewhich
underpinnationalsecurityneeds.
• Give impetus to the creation, dissemination and application of Best Practices in
CyberSecuritymatterswithinthedomainofthePublicAuthorities.
33
8/16/2019 The National Cyber Security Strategy_Spain
31/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 3
Security of the Information and Telecommunications Systems that
underpin Critical Infrastructures
Foster the implementation of the regulations on the Protection of Critical Infrastructures
and of the necessary capabilities for protecting essential services.
ItisnecessarytoincreasetheresilienceofSpain’sCriticalInfrastructurestoprevent
potentialdisruptionstothenormalfunctioningoftheessentialservices,whichcouldaf
fectSpanishpeople’sdailyactivity.
Inthisconnection,theSpanishGovernmentwilladoptthefollowingmeasuresamong
others:
• Ensure
the
implementation
of
the
regulations
on
the
Protection
of
Critical
Infrastructuresinordertoachieveasecuritythatembracesbothphysicalandtechnological
aspects. Tothisendtheincorporationofsuitablecybersecuritymeasuresintothediffer
entplansestablishedwillbeevaluated.
• Broaden and improve the capabilities of the CERT for Security and Industry,
boostingcollaborationandcoordinationwiththeNationalCentrefortheProtectionof
CriticalInfrastructures,withthedifferentbodieswiththecapabilitytorespondcyber
securityincidentsandwiththeoperationalunitsoftheStateLawEnforcementAgencies.• Encourageprivate-sector involvementin theProgrammesof simulationExercises
forCyberSecurityincidents.
• Developsimulationmodels thatallow theinterdependenceof thedifferentCriti
calInfrastructuresandtherisksaccumulatedbythemtobeanalysed.
34
8/16/2019 The National Cyber Security Strategy_Spain
32/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 4
Capability to investigate and prosecute cyber terrorism and cyber
crime
Strengthen capabilities to detect, investigate and prosecute terrorist and criminal activi
ties in cyberspace on the basis of an effective legal and operational framework.
Thislineofactionisfocusedoncombatingterrorismandcrimethatoperateincyber
space,whichplaysadualroleasbothaninstrumentthatfacilitatestheiractivitiesanda
directtargetoftheiraction. Thisconceptalsoincludesorganisationswhichusetechnol
ogyfortheirownfinancingorforprofit,makingcrimesandmoney-launderingpossible.
TheSpanishGovernmentwill take relevantmeasures inthislineofaction, among
them:
• Incorporate into the Spanish legal framework solutions to problems that arise in
connectionwithcybersecurityinordertoestablishtypesofcriminaloffencesandthe
workofthedepartmentswithresponsibilitiesinthisarea.
• Broaden and improve the capabilities of the bodies responsible for investigating
andprosecutingcyberterrorismandcybercrimeandensurethatthesecapabilitiesare
coordinatedwithactivitiesinthefieldofcybersecuritybyexchanginginformationand
intelligencethroughtheappropriatechannelsofcommunication.• Strengthen international police cooperation and foster citizen collaboration, es
tablishinginstrumentsfortheexchangeandtransmissionofinformationofinteresttothe
police.
•
Ensure
that
legal
professionals
have
access
to
information
and
resources
that
pro
videthemwiththenecessarylevelofknowledgeinthejudicialfieldtoapplytheassoci
atedlegalandtechnicalframeworkmoreeffectively.Inthisconnectioncooperationwith
theGeneralCouncilof the Judiciary, theStateLawyer’sOffice,theStateProsecutor’sOffice,theComputerCrimeProsecutor’sOfficeandtheGeneralCouncilofSpanish
Lawyersisparticularlyimportant.
35
8/16/2019 The National Cyber Security Strategy_Spain
33/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 5
Security and resilience of ICT in the private sector
Boost the security and resilience of infrastructures, networks, products and services us
ing instruments of public-private cooperation.
Thislineofactionisdesignedtoimprovethesecurityandresilienceofnetworks,productsandservicesusedbytheindustrialsectorindevelopingitsactivitybystrength
eningpublic-privatecollaborationwiththeindustrialsectorandinparticularwiththeICT
securitysector. TheparticipationofprofessionalCollegesandAssociations,amongothers,
willbevalued.
TheGovernmentwilldevelopthefollowingmeasures,amongothers:
• Foster
cooperation
between
the
public
and
private
sectors,
promoting
the
exchangeofinformationonvulnerabilities,cyberthreatsandtheirpossibleconsequences,
especiallyinrelationtoprotectingsystemsofnationalinterest.
• Promote cooperation with the industry sectors and cyber security services in
ordertojointlyimprovedetection,prevention,responseandrecoverycapabilitiesvis-à
visthesecurityrisksofcyberspace,givingimpetustotheactiveinvolvementofservice
providersandthedevelopmentandadoptionofcodesofconductandgoodpractice.
•
Foster
the
development
of
standards
in
cyber
security
through
the
national
and
internationalstandardisationandcertificationbodiesandinstitutions,andpromotetheir
adoption.
36
8/16/2019 The National Cyber Security Strategy_Spain
34/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 6
Knowledge, skills and R&D&I
Promote the training of professionals, give impetus to industrial development and
strengthen the R&D&I system in cyber security matters.
Thislineofactionenvisagesinitiativesthatneedtobeundertakeninordertoachieveandmaintainanappropriateleveloftrainingincybersecurityforprofessionals(knowl
edgeandskills)andtoboostSpanishindustryandR&D&I. TheSpanishGovernmentwill:
• DevelopaFramework for Cyber Security Knowledgein the technical, operational
andlegalfields.
• Extend and broaden talent recruitment, advanced research and training pro
grammesincybersecurityincooperationwithUniversitiesandspecialisedcentres.
• Establishmechanisms thatallow thecyber security prioritiesanddemandsof the
publicauthoritiestobeidentifiedatanearlystageinordertoincorporatetheminto
previousinitiatives.
• Foster theindustrialdevelopmentof cyber security productsandservices through
instrumentssuchas,amongothers,theStatePlanforScientificandTechnicalResearch
andInnovationandinitiativesforsupportingitsinternationalisation.
• Promote
the
national
coordination
and
stimulation
of
the
industrial
and
cyber
securityservicessectorinordertoimprovecompetitiveness,internationalisation,identi
ficationofopportunities,eliminationofbarriersandregulatoryguidance,amongother
activities.
• Promotecyber security certicationactivitiesinaccordancewith theinternation
allyrecognisednormsandstandards,incorporatingthesecriteriaintoprocessesforthe
developmentandacquisitionofproductsorsystems.
• Promote
models
and
techniques
for
analysing
cyber
threats
and
measures
for
protectingproducts,servicesandsystems,aswellastheirspecification,evaluationand
certification.
37
8/16/2019 The National Cyber Security Strategy_Spain
35/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 7
Cyber security culture
Raise the awareness of citizens, professionals and companies about the importance of
cyber security and the responsible use of new technologies and the services of the Informa
tion Society.
TheSpanishGovernmentwilladapt,fosterordeveloprelatedmeasures,including:
• Giveimpetus tosensitisationactivities toensure thatcitizensandcompanieshave
accesstoinformationaboutvulnerabilitiesandcyberthreatsandaboutthebestwayof
protectingtheirtechnologicalenvironment.
• Promote thedevelopmentof Cyber Security Awareness-Raisingprogrammes in
collaborationwithpublic-andprivate-sectoragents,fosteringthenecessarycoordinationandrationalisationofeffortsthroughbodieswithresponsibilitiesinthisfield.
• Foster
the
mechanisms
for
supporting
companies
and
professionals
in
the
secure
useofICT,bolsteringknowledgeinsecuritymatters,promotingtheadoptionoftools,the
disseminationofregulationsandtheuseofgoodpractices.
• Adviseonandsupport thedevelopmentof educationmodulesfor sensitisationin
cybersecurity,aimedatalllevelsofteaching.
38
8/16/2019 The National Cyber Security Strategy_Spain
36/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
LINE OF ACTION 8
International commitment
Promote a secure and reliable international cyberspace, in support of national interests.
Technologicalglobalisationanditsopportunitiesandrisksmakeitnecessarytoalign
theinitiativesofallcountriesthatpursueasecureandreliablecyberspace.
Theseinter nationaleffortsmustenvisagethedraftingandadoptionofglobalstandards,theexpan
sionofthecapabilitiesoftheinternationallegalsystemandthedevelopmentandpromo
tionofbestpracticesinassessingthesituation,warningandresponsetocyberincidents.
Withinthis lineofaction,theSpanishGovernmentwilldevelopthefollowingmeas
ures,amongothers:
• Enhance
Spain’s
presence
at
international
and
regional
organisations
and
forumsoncybersecurity,supportingandtakinganactiveroleinthevariousinitiativesandcoor-
dinatingthepositionofthenationalagentsinvolved.
• Promote legislativeharmonisationand international judicialandpolicecoopera
tionincombatingcybercrimeandcyberterrorism,supportingthenegotiationandadop
tionofinternationalconventionsonthesematters.
• Foster thesigningof agreementswithininternationalorganisationsandwithprin
cipalpartnersandallies,inordertostrengthencooperationincybersecurityanddevelopacoordinatedapproachforcombatingcyberthreats.
• Giveimpetus to theestablishmentof internationalchannelsof information, detec
tionandresponse.
• Promote thecoordinatedparticipationof public institutionsand theprivatesec
torininternationalexercisesandsimulations.
• In thescopeof theEU, collaborateinharmonisingnationallegislations, implement
ingtheEUCyberSecurityStrategyandpromotinganinternationalpolicyincyberspace.
• Foster cooperationwithNATO in Cyber Defence, particularly with respect to
respondingtocyberincidentsandexchangingtechnicalinformationonthreatsandvul
nerabilities,whilepromotingactionswithintheOrganizationaimedathighlightingCyber
Defenceasoneofitspriorities.
39
8/16/2019 The National Cyber Security Strategy_Spain
37/43
LINE OF ACTION CONTENT
1
Capability to prevent, detect,
respond to and recover from
cyber threats
Increase prevention, defence,detection, analysis,response,recovery
andcoordinationcapabilitiesvis-à-viscyberthreats,placingparticular
emphasis on thePublicAuthorities, Critical Infrastructures, military
andDefencecapabilitiesandothersystemsofnationalinterest.
2
Security of the Information
and Telecommunications Sys
tems that underpin the Public
Authorities
EnsuretheimplementationoftheNationalSecurityScheme,strength
endetectioncapabilitiesand improvethe defenceof classifiedsys
tems.
3
Security of the Information
and Telecommunications Sys
tems that underpin Critical
Structures
Foster theimplementationof theregulations on theProtectionof
CriticalInfrastructuresandofthenecessarycapabilitiesforprotectingessentialservices.
4
Capability to investigate and
prosecute cyber terrorism and
cybercrime
Strengthencapabilitiestodetect,investigateandprosecuteterrorist
andcriminalactivitiesincyberspaceonthebasisofaneffectivelegal
andoperationalframework.
5Security and resilience of ICT
in the private sector
Boost
the
security
and
resilience
of
infrastructures,
networks,
products
andservicesusinginstrumentsofpublic-privatecooperation.
6 Knowledge, skills and R&D&IPromotethetrainingofprofessionals,giveimpetustoindustrialdevel
opmentandstrengthentheR&D&Isystemincybersecuritymatters.
7 Cyber security cultureRaisethe awarenessof citizens,professionalsandcompaniesabout
the importance of cyber security and the responsible use of new
technologiesandtheservicesoftheInformationSociety.
8 International commitmentPromoteasecureandreliableinternationalcyberspace,insupportof
nationalinterests.
40 NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
Cyber securit
8/16/2019 The National Cyber Security Strategy_Spain
38/43
Cyber securitin theNationalSecurity System Chapter 5
Cyber securityin the NationalSecurity System
8/16/2019 The National Cyber Security Strategy_Spain
39/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
Chapter 5Cyber securityin the National Security System
T hecomprehensivevisionofcybersecurityenshrinedinthisStrategy,thedetectedrisks
andthreatsthataffectitandthestatedobjectivesandlinesofactionforprovidingan
appropriatejointresponsetopreservingcybersecurityinaccordancewiththeprinciples
thatunderpintheNationalSecuritySystemexplaintheneedforanorganisationalstructure
tailedtothesepurposes,whichwillconsistofthefollowingcomponentsunderthedirection
ofthePrimeMinister:
A. TheNationalSecurityCouncil;
B.
The
Specialised
Cyber
Security
Committee;
C. TheSpecialisedSituationCommittee,whichisuniquetothewholeNationalSecu
ritySystem.
Organisational structure of cyber security
43
8/16/2019 The National Cyber Security Strategy_Spain
40/43
ORGANISATIONAL STRUCTURE OF CYBER SECURITY
a) National Security Council:
TheNationalSecurityCouncil,whichistheDelegatedCommissionoftheGovernment
forNationalSecurity,assiststhePrimeMinisterindirectingtheNationalSecurityPolicy.
b) Specialised Cyber Security Committee:
TheSpecialisedCyberSecurityCommitteewillsupporttheNationalSecurityCouncilin
performingitsfunctions,particularlyinassistingthePrimeMinisterindirectingandcoordi
natingtheNationalSecurityPolicyinthefieldofcybersecurity.Itwillfurthermorestrength
encoordination,collaborationandcooperationrelationsamongthedifferentPublicAu
thoritieswithresponsibilitiesincybersecuritymattersandbetweenthepublicandprivate
sectors,andwillfacilitatetheCouncil’sdecisionmakingbyanalysing,studyingandproposinginitiativesatboththenationalandtheinternationallevels.
ThecompositionoftheSpecialisedCyberSecurityCommitteewillreflectthespectrum
ofareascoveredbythedepartments,bodiesandagenciesofthePublicAuthoritieswith
responsibilitiesincybersecuritymatters,inordertocoordinateactionsthatneedtobead
dressedjointlywiththeaimofraisingsecuritylevels.
Otherrelevantprivate-sectoractorsandspecialistswhosecontributionisdeemednec
essarymaytakepartintheCommittee.
Incompliancewithitsfunctions,theSpecialisedCyberSecurityCommitteewillbesup
portedbythe National Security DepartmentasaTechnicalSecretariatand permanent
workingbodyoftheNationalSecurityCouncil.
44 NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
8/16/2019 The National Cyber Security Strategy_Spain
41/43
c) Specialised Situation Committee:
TheSpecialisedSituationCommitteewillbeconvenedtomanagecrisissituationsinthe
fieldofcybersecuritywhich,onaccountofthesignificantcross-cuttingnatureortheextent
andimpactoftheireffects,exceedtheeffectiveresponsecapabilitiesoftheusualmecha
nisms, whilealways respecting the responsi
bilitiesassignedtothedifferentPublicAuthor
itiesinordertoguaranteeanimmediateand “Te Specialised Cyber Security
effective response through a single body in Committee and the SpecialisedchargeofthestrategicandpoliticaldirectionSituation Committee will act in
ofthecrisis.a complementary manner, each
The SpecialisedCyberSecurity Commit- in its own area of responsibility, teeandtheSpecialisedSituationCommittee but under the same strategic andwillactinacomplementarymanner,eachin political direction of the Nationalitsownareaofresponsibility, butunderthe
Security Council chaired by thesame strategic and politicaldirectionof the Prime Minister”National Security Council chaired by the
PrimeMinister.
TheSpecialisedSituationCommitteewillbesupportedbytheSituationCentreofthe
NationalSecurityDepartmentinordertoensureitisinterconnectedwiththeoperational
centresinvolvedandtoprovideanappropriateresponseincrisissituations,facilitatingtheir
monitoringandcontrolandthetransmissionofdecisions.
ToensuretheeffectivefulfilmentofitsfunctionsofsupportingtheSpecialisedSituation
Committee,theSituationCentreoftheNationalSecurityDepartmentmaybereinforced
withspecialisedpersonnelfromministerialdepartmentsorbodieswithresponsibilitiesin
thisarea,whowillmakeupthespecificCoordinationCellinthefieldofCyberSecurity.
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT 45
8/16/2019 The National Cyber Security Strategy_Spain
42/43
NATIONAL CYBER SECURITY STRATEGY 2013 PRESIDENCY OF THE GOVERNMENT
IMPLEMENTATION
ThesettingupoftheSpecialisedCyberSecurityCommitteeandtheSpecialisedSitua tionCommitteeandtheharmonisationoftheirfunctioningwiththeexistingbodieswillbe
carriedoutgraduallythroughtheapprovalofthenecessarylegalprovisionsandreadjust
mentsoftheexistingones,inordertoachievethecoordinatedandefficientfunctioningof
thesecomponentsoftheNationalSecuritySystem.
46
8/16/2019 The National Cyber Security Strategy_Spain
43/43
www.lamoncloa.gob.es
http:///reader/full/www.lamoncloa.gob.eshttp:///reader/full/www.lamoncloa.gob.es