The Early Warning System (SAT) of the SARA network (SAT-SARA)* is a service developed by the CCN-CERT in partnership with the Ministry of Finance and Public Administrations (responsible for the SARA network).
Its goal is to detect attacks and threats in real time by analyzing the traffic that circulates between the networks of the Public Administration bodies connected to the SARA network. The system is supplemented with the analysis of different detection sources (firewall, antivirus, proxy and DNS). Logs are collected by a Central System to be analyzed and correlated. Under no circumstances does the system analyze the content of the traffic that is irrelevant to detect a threat.
Information on the security status of the network is made available to the participating bodies by the CCN-CERT. Additionally, we are developing a website that will offer statistics and information, upon request, on the general security status. Thanks to these tools, management is supplied with valuable information to ensure network security.
Fig. Internet Early Warning System Architecture
* The SARA network (System of Applications and Networks for Administrations) is a set of communications infrastructure and basic services that connects the networks of the Spanish Public Administrations and European institutions to encourage information exchange and access to services. Its implementation is mandatory pursuant to article 43 of Law 11/2007 on Citizen Electronic Access to Public Services, and to article 13 of the Royal Decree 4/2010 regulating the National Interoperability Scheme within the Electronic Administration Framework. The Resolution of 19 July 2011 on the Technical Interoperability Standard for Requirements for Connection to the Communication Network of the Spanish Public Administration sets out the requirements that any Administration body or entity governed by public law related to or under the Spanish Administration must meet to gain access to the SARA network.