National Cybersecurity Strategy

The National Cybersecurity Forum was created in 2020 by the National Security Council, and in assistance to the National Cybersecurity Council, with the aim of responding to one of the measures contemplated in Line of Action 4 of the National Cybersecurity Strategy 2019: to have a Forum that is able to respond to the doubts and concerns associated with cybersecurity in an environment of global collaboration.

And, in order to understand the need for this Forum, it is first necessary to point out the need for the National Cybersecurity Strategy, which is responsible for its creation.

Need for a National Cybersecurity Strategy

Cybersecurity, as the document 'Spanish approach to cybersecurity' points out, has been introduced, over the years, "among the priorities of a large number of governments, now considered a matter of national security and a fundamental axis of society and its economic systems". Therefore, in recent years, national cybersecurity strategies have been emerging in different countries, documents in which the objectives and measures to achieve and maintain a high level of security of networks and information systems of the states are reflected.

Spain began this path in 2011, at a time when the need to develop a national cybersecurity system that would promote the integration of all actors and instruments, public and private, was already very evident in order to preserve cyberspace from all types of risks and attacks and, therefore, defend national interests and contribute to the development of the Digital Society.

In this way, and after years of intense work through different groups and agencies, the National Cybersecurity Strategy was published in April 2019, following its approval by the National Security Council.

5 chapters, 5 objectives and 7 lines of action

The document, which develops the forecasts of the 2017 National Security Strategy in the field of cybersecurity, is made up of five chapters based on the general objectives, the objective of the area and the lines of action established:

  1. Cyberspace as a common global space, which provides an overview of the field of cybersecurity, the progress made in the field since the approval of the 2013 Strategy, the reasons that underpin the development of the National Cybersecurity Strategy 2019, as well as the main features that drive its development.
  2. Threats and challenges in cyberspace, which derive from its status as a common global space, the high level of technology and the great connectivity that makes it possible to amplify the impact of any attack. This chapter classifies these threats and challenges into two categories: on the one hand, those that threaten assets that are part of cyberspace; and on the other, those that use cyberspace as a means to carry out malicious and illicit activities of all kinds.
  3. Purpose, Principles, and Objectives for Cybersecurity, applies the guiding principles of the 2017 National Security Strategy (Unity of Action, Anticipation, Efficiency, and Resilience) to to five specific objectives
  4. Lines of action and measures, where seven lines of action are established and the measures for the development of each one of them are identified. And in number 4, 'Promoting the cybersecurity of citizens and companies', the creation of the National Cybersecurity Forum is established as one of the measures envisaged.
    Líneas de acción
  5. Cybersecurity in the National Security System, where the organic architecture of cybersecurity is defined. Under the direction of the President of the Government, the structure is made up of three bodies: the National Security Council, as the Government's Delegate Commission for National Security; the the National Cybersecurity Council, which supports the National Security Council and assists the President of the Government in the direction and coordination of the National Security policy in the field of cybersecurity, and promotes relations of coordination, collaboration and cooperation between Public Administrations and between these and the private sector, and the Situation Committee which, with the support of the Department of National Security, will support the management of crisis situations in any field, which due to their transversality or dimension, overflow the response capacities of the usual mechanisms.