National Cyber-Security Council
This is a collegiate body supporting the National Security Council as Delegate Government National Security Commission within the framework of Law 50/1997, dated 27th November, from the Government. The National Cyber-Security Council was set up by Agreement from the National Security Council on 5th December 2013 and it is presided over by the Secretary of State, director of the CCN.
The National Cybersecurity Council is responsible for strengthening the coordination, collaboration and cooperation between the different public administrations with competencies in cybersecurity matters, as well as between the public and private sectors. It also facilitates the decision-making process of the Council itself through the analysis, study and proposal of initiatives at both the national and international levels.
The Council meets at the initiative of its president at least every two months or as many times as deemed necessary, depending on the circumstances affecting cybersecurity.
National Cybersecurity Strategy
The National Cybersecurity Strategy, approved on April 30, 2019, develops the forecasts of the 2017 National Security Strategy in the area of cybersecurity. Considering the general purposes, the objective of the scope and the lines of action established to achieve it, the document is structured in five chapters:
- Cyberspace, beyond a common global space, which provides an overview of the scope of cybersecurity, the progress made in this area since the adoption of the 2013 Strategy, the reasons which support the development of the 2019 National Cybersecurity Strategy, as well as the main features which drive its development.
- The threats and challenges in cyberspace, it determines the main threats to cyberspace which derive from its status as a common global space, the high level of technology and the great connectivity that makes it possible to amplify the impact of any attack. It classifies these threats and challenges into two categories: on the one hand, those which threaten assets that are part of cyberspace; and on the other hand, those that use cyberspace as a means for malicious and illicit activities of all kinds.
- Purpose, principles and objectives for cybersecurity, it applies the guiding principles of National Security Strategy 2017 (Unity of Action, Anticipation, Efficiency and Resilience) to five specific objectives.
- Lines of action and measures, where seven lines of action are established and the measures for the development of each of them identified.
- Cybersecurity in the National Security System, it defines the organic architecture of cybersecurity. Under the direction of the President of the Government, the structure is composed of three organs: the National Security Council, as the Government's Delegate Commission for National Security; the National Cybersecurity Council, which supports the National Security Council and assists the President of the Government in the direction and coordination of national security policy in the area of cybersecurity, and fosters relations of coordination, collaboration and cooperation between public administrations and between these and the private sector, and the Situation Committee which, with the support of the National Security Department, will support the management of crisis situations in any area which, due to their transversality or dimension, exceed the response capacities of the usual mechanisms.