PIC Law (Protection of Critical Infrastructure). Basic Concepts
Within the regulatory framework associated with industrial cybersecurity, the Law on the Protection of Critical Infrastructure (PIC Law 8/2011), complemented by Royal Decree 704/2011, is of particular...
Within the regulatory framework associated with industrial cybersecurity, the Law on the Protection of Critical Infrastructure (PIC Law 8/2011), complemented by Royal Decree 704/2011, is of particular importance in Spain.
Objectives.
The two main objectives of this regulation are to catalogue all infrastructures that provide essential services to our society and to design a plan that contains effective prevention and protection measures against possible threats to such infrastructures, both in terms of physical security and the security of information and communication technologies.
The definition, according to the PIC Law, of critical infrastructure, essential services and strategic infrastructure.
The PIC Law defines critical infrastructures as those whose operation is indispensable and does not allow for alternative solutions, so that their disruption or destruction would have a serious impact on essential services. These, in turn, are defined as the services necessary for the maintenance of basic social functions, the health, safety, social and economic well-being of citizens, or the effective functioning of State Institutions and Public Administrations.
Finally, it defines strategic infrastructures as the facilities, networks, systems and physical and information technology equipment on which the operation of essential services rests.
The sectors that have been designated as providers of essential services.
The following twelve sectors: Administration, water, food, energy, space, chemical industry, nuclear industry, research facilities, health, financial and tax system, information and communication technologies and transport.
The definition of critical infrastructure protection.
The protection of critical infrastructure is defined as the set of activities aimed at ensuring the functionality, continuity and integrity of critical infrastructure in order to prevent, mitigate and neutralize the damage caused by a deliberate attack against such infrastructure and to guarantee the integration of these actions with others from other responsible parties within the scope of their respective competence.
In future posts, we will delve deeper into the scope and main contributions of the PIC Law.
Dr. Fernando Sevillano
Industrial Cybersecurity by Logitek Manager
