The Spanish Cybersecurity Strategy is Lacking — Civil Guard
Spain’s Civil Guard group has consulted with the Spanish Congress, as the country’s readiness when it comes to cybersecurity. A formal warning from Spain’s security forces has been communicated to the lawmakers, in the hopes new legislation will help improve Spain’s cybersecurity situation. “A military tactic: be prepared to respond to the most dangerous hypothesis. Hostile states trying to destabilize other states. We are expecting black swans,” said Colonel Luis Fernando Garcia of the Civil Guard.
Colonel Garcia hinted the threats against Spain’s networks and computers but has not disclosed any names of groups or individuals they suspect of planning against exposed systems. Aside from being a civil guard’s leader, Garcia is also a cybersecurity expert with twenty years of experience in dealing with IT issues. He had an exclusive session with the Spanish lawmakers, more than two hours of discussion with them in order to give a good picture of Spain’s cybersecurity infrastructure.
“It is my duty to convey the most objective vision possible. And what we have is cause for concern. I ask you to take note and urge the executive to improve security. The welfare and future of Spanish society depend on it,” added Garcia.
Spain, being a member of the powerful regional block, the EU and also involved with NATO, it receives assistance from different member countries. “There is disinformation and intoxication by foreign powers, by actors who are for the most part states, but also individuals seeking to polarize or confront parts of society. We are detecting worrisome behavior within Jihadist terrorism. I urge the executive to improve security. The welfare and future of Spanish society depend on it. We need synergies, citizens believe that the state has huge macro data at its disposal. If only. That would make our work a lot easier. But we are headed toward a future led by large corporations above and beyond the states.,” explained Garcia.
The key to compliance with security policy is education. Educating users on the need for security is important as it will help users to understand the importance of information security, and how it will benefit them in their daily works. Thus, implementing a security awareness program is a major step in ensuring compliance with security policy. In order to make security awareness program effective, it is crucial to have a strategy on building a solid program.
The program should emphasize explaining why “Security is everyone’s responsibility“ and teach the users about their role in maintaining the security. This is because people often tend to think that only the State Department which handles state security, IT department or Information Security personnel in private institutions can and need to take care of information security issues and it is not their responsibility to participate in protecting the security of their company.
The state auditors who are responsible for checking the compliance with the cybersecurity policy of a nation should be independent of the persons implementing the policy. In checking user compliance, auditors need to ensure that all users are aware, understand and perform their roles and responsibilities as stated in the policy. For technology compliance, the audit should focus on technical security settings of a network, operating systems as well as other critical systems and applications.