Share

Security in Vital Infrastructures: One step forward and many more to go

ByFrancisco Javier Dieguez- 02 / 09 / 2014

Since the end of last year, material facts have been produced in Spain that have resulted in tangible advancements in this field. This is just the start and the model must continue to mature progressively.

The first key milestone to take place after November was the publication, in mid December, of the National Cybersecurity Strategy (ECSN) in which various actions are proposed to ensure the Protection of Technological Equity in Spain, and which explicitly mentions the importance of protecting Vital Infrastructures among its objectives.

A second material fact has already been produced during the first half of this year, this being the start of the designation of vital telecommunications operators by the CNPIC. We find ourselves in a situation that has triggered a substantial change, since the CNPIC is passing the baton to the telecommunications operators themselves who must now lead the next phase: develop their respective Operator Security Plans (PSO). They have six months to do so following their designation as a vital operator.

As a result, at the end of 2014 or the beginning of 2015 they should already have their PSOs. This makes 2015 the year in which the framework for the Protection of Vital Infrastructures will actually be completed in Spain, through the development of Specific Protection Plans and Operational Support Plans that are designed for specific Vital Infrastructures.

We should keep in mind that we are seeing the first iteration of the process and that there are still many strategic sectors to be incorporated. Therefore, over the next two years some challenges will arise that we must face:

  1. Define intersectorial dependencies to identify the weaknesses of the initial model and future synergies..
  2. International coordination in the Protection of Vital Infrastructures. We form part of an international community and some of our strategic sectors will depend on telecommunications operators from other countries. This will have an associated operative impact with regard to service availability and others of a legislative nature as members of the European Union.
  3. Develop a regulatory framework (that works) that is generally agreed to by governments and private telecommunications operators. The conflict of interests arises whenever the vision of a government agency (CNPIC in the case of Spain) opposes that of private companies (the case of many vital telecommunications operators). Here is where the decision made on the regulatory development of a framework for infractions and sanctions will have a significant influence, such as the framework for the Nuclear sector.

The scenario is complex and those involved in it have priorities that are difficult to reconcile. Thus, the collaborative capacity at various levels, between governments from different countries, or between the public and private sector, or even between competing companies, will be the key factor that will make the difference in measuring the future success of the Protection of Vital Infrastructures in our country and in our environment.