Critical infrastructures

Critical infrastructures

The cybersecurity of critical infrastructures is a determining element for the security of any State. A cyberattack by a terrorist group, a cybercriminal or an enemy country could force the suspension of essential services for the community.

The biggest threat to these assets, due to the increasing dependence of critical infrastructures on information technology, is cyber-attacks.

One of the objectives of the National Security Strategy is to promote security in technological development, which means, among others, adopting the necessary measures to ensure well-protected, configured and managed systems. Not forgetting, in addition, the governance of technologies: big data, artificial intelligence, etc.

PIC Law (LPIC)

The PIC Law (Critical Infrastructure Protection) is the regulation that determines which institutions and organizations are considered critical, and is based on their responsibility for the proper functioning of essential services and, therefore, on their importance for the security of citizens.

In addition, the LPIC lays the foundations for the PIC Planning System, a set of regulatory texts that define measures for the protection of critical infrastructures, and generates the National Catalog of Strategic Infrastructures.

The body responsible for the promotion, coordination and supervision of all activities related to the protection of critical infrastructures in the national territory is the National Center for the Protection of Critical Infrastructures (CNPIC), which is also responsible for the designation of an infrastructure as critical.

It should be noted that the protection of critical infrastructure will sometimes require the use of industrial cybersecurity methods and technologies, but not all industrial cybersecurity actions will be associated with critical infrastructure.