National Centre for the Protection of Critical Infrastructure
Español (España)  English (United Kingdom)
CNPIC - Response to Critical-Infrastructure-Related Incidents

The National Centre for Critical Infrastructure Protection (CNPIC in its acronym in Spanish language) is competent for critical infrastructure protection, as established in Law 8/2011 and Royal Decree 704/2011.

The State Secretariat of Security and the State Secretariat of Telecommunications and for the Information Society have signed an agreement where, among other aspects, the ground is established for the cooperation between the CNPIC and the INCIBE (National cybersecurity Institute) in order to Respond to ICT-Related Incidents Affecting Critical Infrastructure in Spain. In this way, INCIBE becomes a support tool to CNPIC in cybersecurity incident management.

Both entities have set up a Security Incident Response Team specialised in analysing and managing problems and incidents related to technological security. In this way, the response team becomes the CERT specialised in managing incidents related to critical infrastructure at national level.

If a critical infraestructure is affected by a cybersecurity incident, the operator responsible for it will have the possibility to use the services provided by the Response Team, informing about any incidence through the Only Point of Contact, established to this end.

To this purpose, a cybersecurity incident is any incident that affects the correct functioning of an infrastructure, either using technological elements or targetting them. For instance, attacks that interrupt or rend technological services useless; access to privileged information; altering information in order to manipulate technological systems and the information by them managed in an unlawful way; and so on.

In order to report incidents to CNPIC and INCIBE, an e-mail containing detailed information on the contact person and a description as complete of possible of the incident, must be sent to: 


If the incident report contains information that could be compromising, it is recommended to encrypt it with a PGP key. CNPIC´s and INCIBE´s public keys can ben found in their respective specific contents Public PGP keys.         

Once a report has been received, the CERT will get in touch with the contact person/s at the affected infrastructure and the incident management process will be started.

The section FAQ can be consulted in order to clarify possible doubts.




The critical operators of the public sector will report the incident to the CCN-CERT, whose email is:




 The incident can also be reported through the LUCIA Tool developed by the CCN-CERT for the Management of Cyber-incidents, by selecting the corresponding tab in the notification form.

PGP key to use with LUCIA Download



In any case, when an email is sent, information about the incident should be detailed as completely as possible, and include the data of the contact point of the affected organization.

If the incident contains sensitive information, it is advisable to encrypt the message. Detailed information on this procedure can be found in "Encryption and public keys of CERTSI and CCN-CERT".

Once the notification is received, the incident response team will contact those responsible for the affected infrastructure and begin the process of incident management.