The Government approves the ‘Cybersecurity Crash Plan’ within the framework of a new package of measures against cyberthreats

24/05/2021
210525_f_ciberseguridad.jpg
  • The plan incorporates measures and investments that improve cyber defense capabilities more effectively, forcefully and directly
  • Protection against malicious code, detection of threats on computers and strengthening disaster recovery capabilities are some of the measures of the plan
  • The package of actions agreed by the Council of Ministers also includes the updating of the National Security Plan
  • The adoption of security management standards and policies in the private sector is promoted to increase the level of cybersecurity of technology providers in the public sector
  • The deployment of the Cybersecurity Operations Center of the Administration (COCS) is accelerated thanks to the Recovery Plan

    • The Council of Ministers agreed on Tuesday to launch a package of urgent actions in the field of cybersecurity. The objective is to immediately strengthen the capabilities of defense against cyberthreats on the public sector and on the entities that supply technologies and services to it.


    The Council of Ministers agreed on Tuesday to launch a package of urgent actions in the field of cybersecurity. The objective is to immediately strengthen the capabilities of defense against cyberthreats on the public sector and on the entities that supply technologies and services to it.
    The approved agreement includes the adoption of a Cybersecurity Crash Plan, the updating of the National Security Scheme and the promotion of measures to increase the level of cybersecurity of technology providers in the state public sector.
    These actions will effectively strengthen the capacity for prevention, detection, protection and defense against the materialization of cyberthreats. In addition, it ensures that the digital transformation is accompanied by organizational and technical security measures proportionate to the risks, which favors confidence in the use of digital technologies by economic actors and citizens.
    Cybersecurity Crash Plan
    The measures included in this crash plan include protection against malicious code (especially of the type aimed at destroying information through encryption), the extension of services for the detection of cyberthreats in user equipment, the implementation of remote access surveillance, the reinforcement of threat search capabilities, the expansion of cyberintelligence capabilities, the extension of the application of the use of the second factor in identification and authentication processes, the deployment of capabilities for the notification and monitoring of cyberincidents, business continuity and disaster recovery, awareness and training, and the review of cybersecurity regulations.
    The measures included in the ‘Cybersecurity Crash Plan’ are linked to the Recovery, Transformation and Resilience Plan in turn Component 11 (Investment 1. Modernization of the General Administration of the State) and in its Component 15 (Investment 7. Cybersecurity).
    National Security Scheme
    The second action of the package of measures agreed by the Government on Tuesday is the updating of the National Security Scheme, which dates from a stage with a normative, social and technological context that has undergone a radical evolution. To this end, a royal decree will be urgently processed and approved to replace Royal Decree 3/2010, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.
    The National Security Scheme (ENS) offers a common approach of basic principles, minimum requirements, protection measures and compliance and monitoring mechanisms, adapted to the role of the Public Sector for the continuous management of security for the Digital Administration. The ENS is a scheme of application to Public Sector entities and indirectly, to Private Sector entities that collaborate with them in the provision of public services. It is an essential tool for digital management to be robust and reliable.
    Private sector security
    The third action consists of promoting and encouraging the adoption of security management systems, standards and policies in the private sector, in particular by increasing the level of cybersecurity of technology providers in the State Public Sector in the face of the evidence that the cybersecurity of an organism is also conditioned to that of its technology providers.
    Implementation of the Cybersecurity Operation Center of the General Administration of the State and its Public Agencies (COCS)
    Simultaneously with the implementation of the package of urgent actions in cybersecurity, the implementation of the Cybersecurity Operation Center of the General Administration of the State and its Public Agencies (COCS) is executed.
    The COCS will strengthen the capabilities of surveillance, prevention, protection, detection, response to cybersecurity incidents, advice and support to the management of cybersecurity in a centralized way, through the corresponding catalogue of services, which through optimization and economies of scale allows better efficiency and effectiveness, with the savings of money, effort and time derived.
    This is an investment included in Component 11 of the Recovery, Transformation and Resilience Plan. Its creation is foreseen in the National Cybersecurity Strategy 2019.