National Centre for the Protection of Critical Infrastructure
Español (España)  English (United Kingdom)
CNPIC - Response to Critical-Infrastructure-Related Incidents

The National Centre for Critical Infrastructure Protection (CNPIC in its acronym in Spanish language) is competent for critical infrastructure protection, as established in Law 8/2011 and Royal Decree 704/2011.

The State Secretariat of Security and the State Secretariat of Telecommunications and for the Information Society have signed an agreement where, among other aspects, the ground is established for the cooperation between the CNPIC and the INCIBE (National cybersecurity Institute) in order to Respond to ICT-Related Incidents Affecting Critical Infrastructure in Spain. In this way, INCIBE becomes a support tool to CNPIC in cybersecurity incident management.

Both entities have set up a Security Incident Response Team specialised in analysing and managing problems and incidents related to technological security. In this way, the response team becomes the CERT specialised in managing incidents related to critical infrastructure at national level.

If a critical infraestructure is affected by a cybersecurity incident, the operator responsible for it will have the possibility to use the services provided by the Response Team, informing about any incidence through the Only Point of Contact, established to this end.

To this purpose, a cybersecurity incident is any incident that affects the correct functioning of an infrastructure, either using technological elements or targetting them. For instance, attacks that interrupt or rend technological services useless; access to privileged information; altering information in order to manipulate technological systems and the information by them managed in an unlawful way; and so on.

In order to report incidents to CNPIC and INCIBE, an e-mail containing detailed information on the contact person and a description as complete of possible of the incident, must be sent to: 


If the incident report contains information that could be compromising, it is recommended to encrypt it with a PGP key. CNPIC´s and INCIBE´s public keys can ben found in their respective specific contents Public PGP keys.         

Once a report has been received, the CERT will get in touch with the contact person/s at the affected infrastructure and the incident management process will be started.

The section FAQ can be consulted in order to clarify possible doubts.