National Cryptology Centre

The National Cryptology Centre (CCN from now on), part of the National Intelligence Centre (CNI from now on), is the Organism responsible for coordinating the actions by the different administrative organisms using encrypting means or procedures, and for guaranteeing ICT security in that domain, reporting on coordinated purchases of encrypting material and training administrative specialists in that domain. These functions are mandated in Royal Decree 421/2004, dated March 12, which regulates the CCN and establishes its responsibility for watching that the legislation related to the protection of classified information in information-and-telecommunications-systems-related aspects, as foreseen in Law 11/2002, dated May 6, regulatory of the CNI.

 

Additionally, the CCN, as foreseen in Royal Decree 3/2010, dated January 8, which regulates the National Security Outline in the Electronic Administration field, is responsible for coordinating the response to security incidents by means of the CCN´s computer emergency response team(CCN-CERT) and for coordinating at national and international levels this response and the links with the rest of capacities for responding to security incidents that may happen in the rest of public administrations, to which it will provide with an information programme, training, recommendations and the necessary tools.

 

As far as Critical Infrastructures are concerned, the CCN is responsible for cybersecurity in two of the twelve strategic sectors foreseen in the Critical Infrastructure Protection Law 8/2011, dated April 30: Public Administration and ICT. This is the reason why it takes part in the Critical Infrastructure Protection Working Group, which is coordinated by the National Centre for Critical Infrastructure Protection (CNPIC), collaborating with this Organism in dealing with cyberattacks on critical infrastructure and in updating information on vulnerabilities, security control and data acquisition (SCADA) systems and cybersecurity-related incidents in relation to critical infrastructure.