The 4 Main Contributions of the PIC Law

Once the objectives of the PIC Law have been defined, we summarize in this entry the main contributions made by the regulation:

1. Creates the National System for the Protection of Critical Infrastructure.

The National System for the Protection of Critical Infrastructure contains those institutions, bodies, and companies, from both the public and private sectors, with responsibilities in the proper functioning of essential services or in the safety of citizens. These are: critical operators, the CNPIC, ministries, CCAA, local corporations, sectoral working groups, etc.

2. Lays the foundations for the PIC Planning System.

The PIC Planning System is a set of regulatory texts that define a series of measures for the protection of critical infrastructures, which are specified in actions to be carried out by the members of the Critical Infrastructure Protection System.

Taking into account the provisions of the PIC Law, as many PESs (Sectoral Strategic Plans) will be developed as sectors have been defined. In turn, companies that are designated as critical operators must submit a PSO (Operator Security Plan) and a PPE (Specific Protection Plan) with respect to all their infrastructures classified as critical. Finally, the competent administration, supported by the police force, must develop an PAO (Operational Support Plan).

3. Generates the National Catalogue of Strategic Infrastructures.

The National Catalogue of Strategic Infrastructures contains complete, updated, verified, and computer-systematized information regarding the specific characteristics of each of the strategic infrastructures existing in the national territory. To facilitate this information, the HERMES system has been developed, through which critical operators can register, access, and modify information relating to those infrastructures that they manage.

4. Establishes the CERT for the management of cybersecurity incidents.

Supporting the CNPIC, INTECO becomes the CERT specialized in the management of incidents related to critical infrastructures at the national level. The mission of the CERT is to respond to security incidents specializing in the analysis and management of technological security problems and incidents.