The term CERT stands for Computer Emergency Response Team and it refers to a team of persons dedicated to the establishment and management of technological measures with a view to mitigating the risk of attacks against the community systems to which the service is rendered. It is also known by the abbreviation (Computer Security and Incident Response Team) and it offers Incident response services and security management services.

The first CERT was created in 1988 at the Carnegie Mellon University, in the United States (which is the owner of this registered trademark), and from then on, these type of Teams have been created worldwide and in different spheres of society (Administration, University, Investigation, company, etc.).

Likewise, several forums and organizations have arisen with the aim to coordinate the different CSIRTs worldwide; share information on vulnerabilities and attacks at a global level and spread technological measures which may mitigate the risk of attacks to systems and users connected to the Internet, providing an answer to their communities.

Among these organizations, the FIRST’s is one of the most outstanding forums (Forum of Incident Response and Security Teams), with more than 180 members worldwide; and, at an European level, the Trusted Introducer of TERENA is also an outstanding forum (Transeuropean Research and Education Networking Association). The CCN-CERT is full member of both forums.

The CCN-CERT is the Information Security Incident Response Team of the National Cryptologic Centre, CCN, under the Spanish National Intelligence Centre, CNI. Its functions are listed in Law 11/2002 of 6 May, regulating the CNI, in RD 421/2004 regulating the CCN and in RD 3/2010, of 8 January, regulating the National Security Scheme.

According to the Spanish Cybersecurity Strategy, the CCN-CERT plays an essential role in Line of Action 2: Security of the CIS Systems of Public Administrations. In order to ensure the full implementation of the National Security Scheme, the CCN-CERT is responsible for strengthening intelligence, detection, analysis and response capabilities and Detection and Early Warning Systems.

At an earlier stage, CCN-CERT activity focused on the systems of the different Administrations (Central, Regional and Local). Its scope of responsibility now includes attacks against companies belonging to strategic sectors that are essential for Spanish security and economy.

In order to fully comply with their duties, the CCN-CERT and the CCN have established relations and signed agreements both at a national and an international level.

The CCN-CERT was formed in 2006 under the National Cryptologic Centre to address the need for enhanced prevention, detection, analysis, response and coordination capabilities to defeat cyber threats against the Public Administrations and classified systems.

The CCN-CERT is responsible for countering cyber attacks on classified systems, Public Administrations and companies and organizations in the strategic sector (those that are essential for Spanish security and economy).

Its mission is to foster cybersecurity in Spain. The CCN-CERT is the national alert and response centre, and helps provide quick and effective solutions to cyber attacks and counter cyber threats in a proactive manner. It promotes coordination between the different Incident Response Teams and Cybersecurity Operation Centers.

The ultimate goal of the CCN-CERT is to guarantee a safer and trustworthy cyberspace by protecting classified (pursuant to art. 4.F of Law 11/2002) and sensitive information, preventing service disruption, preserving the Spanish technological heritage, training experts, implementing security policies and procedures, and by using and developing the most adequate technology to this aim.

All those envisaged by applicable regulations and any service required by the cybersecurity situation at a given time, with a continuous updating on emerging threats and risks.

+ Information: CCN-CERT Services

Public Administrations, classified systems and companies of strategic interest for the country. A wide range of services (training, reports, guides, tools, etc.) is included in this website, freely available to anyone.

Even the best security infrastructure cannot fully exclude the possibility of an eventual intrusion. In fact, when a security incident or a cyber incident occurs, the organization needs to count on an efficient response protocol in order to minimize the loss, information exfiltration or service disruption. The sooner an incident is detected, analyzed and defeated, the less significant the damage and cost will be.

CCN-CERT’s capacity to coordinate and exchange information with the adequate organizations may strengthen their capacity to defeat cyber incidents in an efficient manner. Likewise, small and medium size entities may gain access to tools that are rarely at their disposal, as they are usually exclusively available to National Government CERTs.

A major advantage is the possibility of using all the information gathered while managing a cyber incident to enhance the capacity to react to future security incidents, which will result in a more effective and better protection of the system.

In this website, you will find the guidelines to report incidents to the CCN-CERT, which may offer technical assistance to defeat the incident, or put you in contact with other sites affected by the same incident.

Yes. CCN-CERT’s policy assures strict confidentiality of any information provided by the entity or organization requesting assistance. In fact, our team will always operate on a collaboration basis, except for cases involving classified information, where the CCN-CERT acts on its own initiative.

• Incidents affecting classified information
• Cyber espionage: APTs, malware campaigns, special incidents
• Disruption of IT Services
• Data Exfiltration
• Potentially compromised services
• Takeover of system control
• Theft, disclosure or sale of stolen information
• Cyber crime
• Identity theft

+ Information: CCN-STIC guide 817

Yes. Public Administrations, in compliance with the National Security Scheme, are compelled to report to the CCN-CERT on any incident whose threat level is assessed as high, very high or critical.

+ Information: CCN-STIC guide 817

At the domestic level, the CCN-CERT is a member of and/or cooperates with:

Coordinator of the group responsible for drafting the Spanish Cybersecurity Strategy

◦ Ministry of Finance and Public Administrations

• Deputy Directorate of the Executive Committee of the Commission of CIS Strategy, in charge of fostering the digital transformation of the Administration in compliance with a common CIS strategy.
• Agreement and partnership with the National Institute of Public Administration (INAP) and the State Secretariat for the Civil Service to promote security in the field of the Electronic Administration. This agreement envisages the drafting of the National Security Scheme.
• Working groups on secure electronic communications; implementation of the Single Euro Payments Area (SEPA), identification and authentication of Administration WEB services.
• Working group on the National Security Scheme.
• Working Group on Security of the Sectorial Committee of the Electronic Administration (Autonomous Regions)

◦ Ministry of Defense

◦ Ministry of Industry, Energy and Tourism

• Working groups on projects Rescata, Seguridad y Cofianza, DNIe (e-ID).

◦ Ministry of the Interior

• Working Group on e-ID in partnership with the General Directorate of the National Police.
• Working Group on Critical Infrastructure in partnership with the State Secretariat for Security.

◦ Spanish Federation of Municipalities and Provinces

• Agreement on cooperation on information security in local entities.

Regional Government of Castilla and Leon: support to the Security Operation Centre.

Regional Government of Valencia. Agreement and support to CSIRT-CV.

Regional Government of Catalonia: Agreement and support to the Security Center: CESICAT.

Regional Government of Andalusia: Cooperation agreement to foster Information Society and support to AndalucíaCERT.

Other Autonomous Regions and City Councils (Adhesion to CCN-CERT’s Early Alert System, SAT).

Member of CSIRTes: Working group on national CERTs.

AENOR (Spanish Association for Standardization and Certification): Subcommittees on CIS security and biometric identification.

ABUSES Forum: Working group on Internet Service Providers (ISP).

The CCN-CERT participates in the following international meetings and workshops:

• OTAN’s NCIRC (NATO Computer Incident Response Capability), in which the different CERTs of the member countries of this organization analyze and share information on information security.
• The European Network and Information Security Agency (ENISA), of the European Union.
• APWG (Anti-Phishing Working Group), a program of the Council of Europe focused in eradicating all type of fraud and identity theft by means of phishing, pharming or ghost mails.
• Forum of Incident Response and Security Teams (FIRST). The first and most important international organization, with more than 180 members form Europe, America, Asia and Oceania, from the governmental, economic, educational, business and financial environment.
• Trusted Introducer, main European forum of CERTs in which the most distinguished CERTs of the continent collaborate, innovate, and share information. This forum is part of TERENA, (the Transeuropean Research and Education Networking Association). They are part of the Trusted Introducer (TI) with more than fifty European CERTs.
• EGC (European Government CERTs) group. Organization that unites the main governmental CERTs in Europe.

In these forums the participants share objectives, ideas and information on vulnerabilities and attacks at a global level.

Likewise, this presence allows the CCN-CERT to maintain a direct contact with other teams from the rest of the World in order to, in the event of an attack, distinguish which information sources are reliable. It also allows it to spread the technological measures which may mitigate the risk of attacks to systems and users connected to the Internet, which are providing services to their communities.