National Centre for the Protection of Critical Infrastructure
Español (España)  English (United Kingdom)
CNPIC - What are critical operators and who are they?

They are the entities or organisms responsible for investments on- or the functioning of installations, networks, systems, physical assets or ICT assets designated as critical infrastructures because of their supplying a service necessary to society.

Operators designated as being critical by the National CIP Commission will be part of the CIP System and will be responsible for optimizing the protection of the critical infrastructure they manage. To that end, they will have to:

  • Advice technically the Secretariat of State for Security of the Ministry of the Interior, through the CNPIC, in the assessment of the infrastructures they own/operate included in the Catalogue and updating the available data yearly and, in every case, after being required to do so by the abovementioned Ministry.

  • Cooperate, the case being, with the working group designated to elaborate the corresponding Sectoral Strategic Plans, and in carrying out risk analysis on the strategic sector/s they are related to.

  • Elaborate the Operator Security Plan and keep it updated

  • Elaborate Specific Protection Plans for each and every one of their infrastructures considered to be critical in the National Strategic Infrastructure Catalogue.

  • Nominate a Liaison and Security Officer.

  • Nominate a Security Delegate for each and every one of the infrastructures considered to be critical by the Ministry of the Interior.

  • Facilitate the inspections by competent Authorities in order to verify that sectoral regulations are being respecter and to adapt the needed measures from each Plan, solving the deficiencies found as soon as possible.

An owner/operator can be designated as being critical only if at least one of the infrastructures managed by that company is considered as being critical

The CNPIC will be the organism in charge of proposing the designation and of informing the owner/operator. The affected company will have fifteen day starting the day after the notification is received, to send to the CNPIC the allegations they might want to make. After these fifteen days have passed, the National Commission, on proposal by the Working Group of the corresponding sector, will dictate the resolution in which it will designate, the case being, the operator as being critical. Critical operators will find in the CNPIC a straight interlocutor at the Ministry of the Interior to consult on their functions, responsibilities, and obligations.

The added value for critical operators is that they will be part of the system and will then have a seat at the sectoral Working Groups. They will also have access to the Hermes System, where they will find information on good practices, and so on, in relation to the sector/subsector in which they operate. Moreover, the infrastructures they own/operate will be given priority by law enforcement in case either an intervention is needed or they need their support in case of upgrading of the threat level.

  • Direct taking part by critical operators at the different CIP sectoral meetings and decision-making processes which may affect them .

  • Development of HERMES, computer system which will enable operators to create, read and modify inputs on the critical infrastructures owned/operated by them, establishing in this way a way of direct communication with CNPIC.