National Centre for the Protection of Critical Infrastructure
Español (España)  English (United Kingdom)
CNPIC - Why is regulating Critical Infrastructure Protection necessary?

Objective of Law 8/2011

The final objective of the CIP Law is to channel the actions by every organ of the Public Administration, to enhance the collaboration and involvement by owners/operators of infrastructures that supply essential services and to coordinate the efforts and investments, in order to improve CIP against every kind threat.

Law 8/2011 transposes to national legislation the measures included in Directive 2008/114/CE, and more specifically the ones related to the identification and designation of European Critical Infrastructures by Member States and the putting in place of Operator Security Plans and the nomination of Security Liaison Officers –a new role, by affected owners/operators. States´ Authorities must take part in all these actions in order to guarantee the fulfillment of the abovementioned obligations and the suitability of the procedures and of the security levels in those European Critical Infrastructures in front of other Member States and of the European Commission

Additionally, the CIP Law pretends to complete and to adapt the abovementioned obligations to the Spanish political and administrative systems by meeting a series of basic objectives that are undertaken in detail by the Regulation that develops the Law, Royal Decree 704/2011. These basic objectives are:

  • Establishing common technology and a common reference framework for everything related to the protection of assets against malevolent attacks, and that can be used by both the public and the private sectors. It is evident, and the CNPIC has been working in that direction since it started functioning, that establishing a coordination and operational system where a great number of actors are going to take part, as the Law pretends, is not feasible unless an only language is spoken by everyone and basic homogeneous concepts are used.

  • Creating an organizational structure (the CIP System) at national level, in which functions and responsibilities are assigned to different agents, both public and private, in the framework of the security of the infrastructures that supply essential services to society, counting on the CNPIC as the central piece of the system, as director and coordinator organ.

  • Designing a planning system in which to include the Operator Security Plans established in Directive 2008/114/CE. A system to be integrated in a security strategy that allows Public Administrations and critical infrastructure owners/operators interact and distribute responsibilities.

  • Setting milestones that allow the implementation at medium/long range of global security plans that undertake physical and cyber threats against the assets to be protected in a homogeneous and systematic way.

  • Finally, establishing a secure communications network in which confidentiality and the protection of existing data on the different critical infrastructures is guaranteed, and where every agent of the CIP System is represented.