TB·Security

Ciberseguridad y Protección de Infraestructuras Críticas

Las infraestructuras críticas están presentes en numerosos sectores de la economía: actividades bancarias y financieras, transporte y distribución, energía o telecomunicaciones.

Según la definición de la Unión Europea, las infraestructuras críticas (IC) son "aquellas instalaciones, equipos físicos y de tecnologías de la información, redes, servicios y activos cuya interrupción o destrucción pueden tener grandes repercusiones en la salud, la seguridad o el bienestar económico de los ciudadanos o en el funcionamiento de los gobiernos"

TB Security takes part in the creation of the minimum contents for the Operator’s Security Plans and Specific Protection Plans

Both public or private organizations, operators and/or owners, the installations or systems of which are regarded as critical by the National Centre of Protection of Critical Infrastructures of the Home Office, CNPIC, will have to draw up an Operator ‘s Security Plan (PSO) and several Specific Protection Plans (PPE) for each of their critical infrastructures.

Those plans will have to include minimum contents, which were published in the Official State Gazette of the Spanish Government on last November 23, in the November 15 2011 Regulation of the Security State Department of Spanish the Home Office, in accordance to the Art 22.4 and Art. 25.5 of the 704/2011 Act of May 20, which approves the Regulation to protect critical infrastructures. This regulation implements, in turn, the 8/2011 Act of April 28, that establishes measures to protect critical infrastructures.

Given the numerous risks and threats from multiple fronts, and according to the introductory part of the November 15 2011 Act, all organizations that operate critical infrastructures should design a comprehensive and common security policy. Such policy should include all security measures to be implemented in order to protect critical infrastructures (against deliberate attacks, whether online or physical) and avoid their incapacitation or destruction, which would eventually lead to the stoppage of basic facilities, services and installations that are both indispensable and essential for the functioning of a society.

Therefore, the PSO designed by each of the operators of critical infrastructures will have to define general policies for the comprehensive protection of installations and systems either owned or operated by the organization. The PSO document will also include a list of the essential services provided, a method for risks analysis (including an identification of the physical and logical threats, paying attention to the deliberate or terrorist ones) and criteria for the implementation of measures. With regard to the PPE that will be designed by operators, they will have to list the specific measures planned to guarantee the comprehensive security –both physical and logical security- of those infrastructures.

Latest news