Spain (ES)

The spanish National Cyber Security Strategy was adopted in 2013.

The spanish strategy is divided into six specific objectives:

OB 1  -  for the Public Authorities, to ensure that the Information and Telecommunications Systems used by them have the appropriate level of security and resilience.
OB 2 - for companies and critical infrastructures, to foster the security and resilience of the networks and information systems used by the business sector in general and by operators of critical infrastructures in particular.
OB 3 - in the judicial and police field operations, to enhance prevention, detection, response, investigation and coordination capabilities vis-à-vis terrorist activities and crime in cyberspace.
OB 4  -  in the field of sensitisation, to raise the awareness of citizens, professionals, companies and Spanish Public Authorities about the risks derived from cyberspace.
OB 5 - in capacity building, to gain and maintain the knowledge, skills, experience and technological capabilities Spain needs to underpin all its cyber security objectives.
OB 6 - with respect to international collaboration, to contribute to improving cyber security, supporting the development of a coordinated cyber security policy in the  European Union and in international organisations, and to collaborate in the capacity building of States that so require through the development cooperation policy.


Year of adoption

2013. INCIBE, the Spanish National Cybersecurity Institute, has a mission to strengthen digital confidence, improve cyber security and resilience and contribute to the digital market so that the safe use of cyberspace is encouraged in Spain. Its activities are based on three fundamental pillars: service delivery, research, and coordination.

€24,3M has been invested in INCIBE and €161M in CNI (Centro Nacional de Inteligencia) to strengthen cyber security in Spain. (Sources: official budget for the former and several newspapers reports on the figure for the latter.)

Updates and revisions In October 2014, the National Cyber Security Council adopted the National Cyber Security Plan, after identifying the challenges facing Spain. The plan covers the action guidelines up to 2017 to achieve optimal implementation of the objectives outlined in the ENCS.
Implementation and monitoring

Under the direction of the Prime Minister, the Spanish national cyber security strategy is implemented by three bodies:

  • The National Security Council as the Government Delegated Commission for National Security.
  • The Specialised Cyber Security Committee, which will support the National Security Council by assisting the direction and coordination of the National Security Policy in cyber security matters and by fostering coordination, cooperation and collaboration among Public Authorities and between them and the private sector.
  • The Specialised Situation Committee which, with the support of the Situation Centre of the National Security Department, will manage cyber security crisis situations which, on account of their cross-cutting nature or extent, exceed the response capabilities of the usual mechanisms.

The Spanish government's annual report on national security includes a chapter devoted to cyber security (chapter 3).

Operational capacity building

Spain has several national and regional computer emergency response teams (CERTs).

The National Centre for Critical Infrastructure Protection (CNPIC) acts as the national competent authority for network and information security in Spain (NIS).

CERTSI is the national accredited CSIRT for security and industry. This accredited CSIRT is in charge of coordinating response measures across Spanish networks (Spanish:; English:

CCN-CERT is the national alert and reporting system for Public administration, company and organisation of strategic interest, such as those essential for Spanish security and economy (Spanish:; English:

CSUC-CSIRT is one of the computer emergency response teams for the University of Catalanya (Catalan:; English:

EsCERT  is the second computer emergency response team for the regional academic network (Catalan:; Spanish:; English:

RedIRIS is the third computer emergency response team for the Academia and Research network (English:

CSIRT-CV is the security centre of the Valencian community (Spanish:


  • Collaborative tool: REYES ('Kings' in Spanish) is a collaborative tool to exchange information about cyber threats. Access will be granted upon request to those organisations that are users of the Early Alert System of the Spanish CERT. It is based on MISP (Malware Information Sharing Platform) technology. There is also coordination with similar systems in other countries.
  • CCN-CERT Analysis tool: MARTA is the name of an advanced sandboxing platform devoted to the automated analysis of files which may have a malicious behaviour. It can be used by those organizations being part of the Early Alert System of the Spanish CERT. This tool analyses several kinds of files (.doc and .pdf among others).
  • CCN-CERT Analysis tool MARIA is a detection tool developed for static analysis of harming code by means of multiple antivirus and antimalware engines for Windows and Linux platforms.
  • CCN-CERT Analysis tool: LUCIA is a tool developed aiming at the management of cyber incidents at the entities for which the national security schema is applied. This tool pursues to improve the communication between the governmental CERT and the organisms and organisations it collaborates with.

Participation of EMPACT projects in coordination with EUROPOL. Operative actions fostering the collaboration with the private sector and awarenss raising.

Participation in CyberEurope, the pan-European cyber exercise organised by ENISA.

Participation in CyberEx, international cybersecurity exercise in cooperation with the Organisation of American States.

Participation in the European Cyber Security Challenge, organised by the European Commission and ENISA, with INCIBE and other 9 members in the Organisation Committee. Spain ranked first in the competition.

Legal conditions

All relevant Spanish legislation, including references to European regulations related to information security and cyber security are contained in a single document put together by INCIBE and the Official State Gazette. The document is available here.

The classification of information and the handling of such information is covered by Law 9/1968; Law 11/2007 and Royal Decree 3/2010. Spain classifies information deemed a state secret according to a four-tier classification system. The classification levels are assigned according to the level of risk involved in disclosing the classified information.

There is no legislation or policy in place in Spain that requires a public report on cyber security capacity for the government.
There is no legislation in place in Spain that requires each agency to have a chief information officer or chief security officer.
There is no legislation or policy in place in Spain that requires mandatory reporting of cyber security incidents.

However, the strategy states that enforced incident reporting is a line of action that the Spanish government will pursue.

Businesses and Public Private Partnerships

INCIBE provides dedicated services for businesses, such as:

INCIBE also provides complete and detailed awareness fostering programme for a broad range of companies. It includes lots of materials developed with training purposes, as well as a detailed manual to follow the necessary steps when applying the plan to a particular company case. Also, talks on different aspects of cybersecurity may be scheduled to supplement the documentation.

Both AENOR and AEI Ciberseguridad provide a trust seal. The AENOR seal validates good practices for e-commerce companies, while the AEI Ciberseguridad is a certification framework to check that a company is compliant with security requirements. Any company owning this certificate has passed a test to prove that they have in place the necessary physical and logical measures to protect their assets against several threats that could be damaging. This certification schema has a training programme associated.

The ISMS Forum is a company cluster established as a non-profit in 2007 to promote the development of information security in Spain and benefit the whole community involved in the sector. It is a specialised discussion forum for companies and public/private organisations to collaborate share and get to know the latest innovations concerning information security. Upwards of 150 companies and 850 independent professionals are part of it. The Forum also provides training courses at affordable prices. Currently they offer two different courses: one on GDPR and another one on certified data protection.

Overall assessment/best practices

In January 2016, ICC Spain in collaboration with the Spain Chamber of Commerce hosted a seminar in Madrid to present a Spanish version of the ICC Cyber security guide for business.The Spanish version of the guide launched at the seminar in Madrid today is the result of the collaboration between ICC Spain, ICC Mexico and ICC Chile with the support of Telefonica.

In February 2016, Huawei Spain and INCIBE signed a Memorandum of Understanding (MoU), which included a commitment from both organizations to promote best practices and information exchanges concerning cyber security protection.

Spain has also established the Centre for Industrial Cybersecurity (CCI) which promotes security best practices in the industrial sector.

Date of last WISER analysis

July 2017


Compliance with the GDPR and NIS Directive: Report a cyber incident

Report a cyber incident to national CERT/CSIRT

CERTSI - The Incident Response service is aimed at:

  • Citizens and businesses: through the OSI ( and telephone 901 111 121) and the e-mail
  • Staff from academic and research network (Red IRIS): through the e-mail Mailbox of RedIris
  • Strategic and Critical Infrastructure Operators: through the e-mail inbox PIC CERTSI






Guidance and Updates

CERT.ES provides a wealth of information about the cyber threat landscape in both Spanish and English, spanning latest updates (e.g. Hackers filter unreleased HBO content), technical blog posts (e.g. PRP and HRS redundancy protocols). Its Early warning service is for users with advanced knowledge in computing such as system administrators that need practical information that makes it easier to prevent, protect, and respond to a security incident as quickly as possible (most often in Spanish), as well as alerts on vulnerabilities in the form of a database in Spanish to inform, warn and help professioanals with the latest security vulnerabilities in technology systems. Other insights from CERT.ES include an impact map indicating the risk levels in Spain.

Some of the other regional CSIRTs/CERTs also provide updates, alerts and other information services.

Languages Spanish; English
Date of last WISER analysis July 2017


Contact us for more info