How Critical Infrastructures are protected
Critical infrastructures are those facilities that, because of their activity, are essential for the functioning of a country. Their relevance is such that they even have their own law to guarantee that both public and private operators apply the highest security standards for the protection of critical infrastructures. In some cases they are supranational in nature because their role can affect citizens of several countries. In the United States, for example, the concept of critical infrastructure not only includes those that are vital for the march of the country, but also certain monuments whose affection can undermine the morale of citizens. In the case of Spain, the regulation defines as strategic infrastructure that "whose operation is indispensable and does not allow alternative solutions, so that its disturbance or destruction would have a serious impact on essential services." In this definition, very different facilities fit together. all types of sectors, from water supply, to airports, through hospitals, research laboratories, communications (for example, satellites) or power plants ... Thus, 12 strategic sectors have been defined, including some cross-cutting ones such as the Administration Public and information technologies. The critical infrastructures are collected in a catalog that is not public. To improve its protection, an approach is made at different levels. There is a national plan, a sectoral plan for each of the 12 national production sectors identified as critical in the PIC Law, a protection plan for each operator, public or private, of one or several critical infrastructures, and also a plan for specific protection for each of them. Currently, the sectoral plans for seven of the 12 major strategic sectors are approved: chemical industry, water, nuclear industry, space, energy, transport and finance. In addition, there are 106 critical operators that must launch a series of specific protection plans on all their infrastructures, complemented by the application of the corresponding operational plans provided by the State Security Forces and, where appropriate, by the Armed Forces. According to Agustin SOLIS, director of Security Systems at Tales Spain, "although you can never be calm and you can always improve, there is a consensus that in Spain, which in the past was threatened by terrorism, the critical infrastructures are quite well prepared in front of physical threats. It is not the case against cyber attacks that, for different reasons, are the big area of improvement For the protection of this type of facilities ".
WHAT IS THE LAW OF PROTECTION OF CRITICAL INFRASTRUCTURES?
Law 8/2011 regulates the protection measures that must be applied, guiding the steps of the National Plan for the Protection of Critical Infrastructures. This encompasses both the public sector and private operators, with an approach that emphasizes collaboration Between both spheres. The objective is "to implement in the medium term a culture of security in which both the private sector and Public Administrations work on homogeneous and clearly defined parameters in terms of protection of their respective assets, achieving a coordination of efforts and a synergy in their objectives ", They explain from the National Center for the Protection of Infrastructures Critics (CNPIC).
Security equipped with a computer tool for the integral management of critical infrastructure protection mechanisms. This station not only serves to monitor the activity of the installation, through digital plans of the infrastructure or video images, but artificial intelligence helps the technicians to solve any type of incident. If there is a security breach, the system immediately gives the alarm signal, helping those responsible to resolve any crisis situation, indicating, for example, what is the protocol to follow in each scenario. If an intrusion occurs, the positioning radars will indicate where the strangers are in the digital plane, while the video surveillance cameras they will provide the images in real time.
That's why we have to respond not only from the technical point of view, but also organizational, with the awareness of employees and the redefinition of processes, taking into account what should be done and what not. We are constantly transforming systems to be able to anticipate risks and detect threats in a critical infrastructure. We do this, for example, through intelligence from open sources in social networks and through the development of methods to share information and coordinate response centers, to help react once an attack has been detected, "underlines Agustin Solís.