III Cyber Defence Symposium of the Spanish Joint Cyber Defence Command
Military Operations In Cyberspace
Madrid, 2018 May 22nd - 24th. Kinépolis Madrid (Ciudad de la Imagen)
www.jornadasciberdefensa.es   |   #JornadasCD18   |   #MandoCiberdefensa
PANEL: National Cyber Security Strategy
Tuesday, 22nd May 2018   -   10:00 - 11:00
The slides of the presentations made by each speaker can be downloaded below, next to his biography. The answers to the questions that were made can be found at the end of each video, except for those that were answered personally afterwards due to lack time, that can be accessed here.
José De La Peña Muñoz
SIC Magazine Director

José de la Peña Muñoz holds a degree in Information Sciences, in its branch of Journalism from the Complutense University of Madrid. Since 1992, he is Director of the Spanish magazine Revista SIC and Co-Director of Securmática’s Organization Team, a Global Congress on Cybersecurity, Information Security and Privacy, and Co-Director of the Organization Team, as well, of the training and upgrading monographic seminars on management and technical cybersecurity: Respuestas SIC, Espacio tiSec, IdentiSIC and Tendencias SIC. De la Peña is an analyst and consultant on cyber security, information security, privacy and technology risks, and has participated as a speaker at numerous courses, congress and at national and international seminars and, as a teacher, in several specialized master's degrees.

Javier Candau
Head of Cybersecurity branch of the National Cryptologic Center

Artillery Lieutenant Colonel. Industrial Engineer specializing in electronics and automation. Cryptologist specialist. He has several certifications on ICT security (ISS, SANS, CRAMM, INAP Audit Course, CCN-STIC courses ... etc.).

His activity tasks are the training of specialized security personnel in the Administration, the development of CCN regulations (development of policies, guidelines and ICT security guidelines for Public Administration - CCN-STIC Series), the development of the risk analysis tool (PILAR), the supervision of systems accreditation and the performance of security audits as well as all the actions derived from the NATIONAL SECURITY SCHEME (ENS).

He has more than 19 years of experience in all these areas.

He is in charge of the responsiveness to Government Incidents (CCN-CERT www.ccn-cert.cni.es).

Joaquín Castellón Moreno
Operational Director, National Security Department. Cabinet of the Presidency of the Government

Joaquín Castellón Moreno joined the Department of National Security of the Presidency of the Government at the time of its creation, in the summer of 2012, where he currently holds the position of Operational Director.

During this time he has coordinated the Technical Commission that prepared the National Security Strategy 2013 and the work of preparing the National Cybersecurity Strategy, the National Maritime Security Strategy and the National Energy Security Strategy.

He is also a member of the National Council of Cybersecurity and the National Maritime Safety Council. He has coordinated the Technical Commission responsible for the drafting of the National Security Law promulgated in 2015.

He has participated in the elaboration of the "National Cybersecurity Plan" and the subsequent action plans. He is currently a member of the Board of Directors of the European Network and the Information Security Agency (ENISA). In addition, he is part of the working group responsible for the national transposition of the NIS Directive.

Since the beginning of 2017, it has also been coordinating the work of the 2017 National Security Strategy, which was approved by the Council of Ministers by Royal Decree on December 1.

He is commander at Spanish Navy and among others; he has been assigned to aboard Fleet units, the Navy Staff, the Ministry of Defence and the Spanish Institute for Strategic Studies.

Carlos Gómez López de Medina
Major General. Commander of ESP Joint Cyber Command (MCCD)

Maj. Gen. Carlos Gómez López de Medina is commander of the Joint Cyber Command from inception (July 13) to date.

Spanish Air Force Academy Graduate, class of '81.

As a Lieutenant, he served at the Royal Guards Regiment, in his Majesties' residence.

As a telecommunications specialist, he has served in technical posts both in the Spanish Air Force and in NATO.

He served as Commander of the Air Force's Signals Group prior to being appointed as aide-de-camp to His Majesty King Juan Carlos I.

For the better part of his career as an Officer he was involved in the planning, implementation, operation and maintenance of the different Command and Control systems of the Spanish Air Force.

As a full colonel he was assigned to the Air Force Staff and Later as the Chief of the Control and Reporting Center (CRC) at Torrejón AFB.

He was promoted to Brigadier General in July 2011 and posted to the Logistics Support Command (Weapon System Directorate).

He was promoted to Major General in July 2014.

He is graduated from the Air Force C2 Technical School, the Air Force War College and the High Studies National Defence Centre (CESEDEN).

He is in possession of several national and international civilian and military awards and decorations.

Alberto Hernandez Moreno
Director of the Spanish National Cybersecurity Institute (INCIBE)

Mr. Alberto HERNÁNDEZ, Chief Executive Officer (CEO) of INCIBE, holds a degree in Telecommunications Engineering from the Higher Technical School of Telecommunications Engineering of the Polytechnic University of Madrid and has the certification of Security Director appointed by the Ministry of Home Affairs.

He held the position of Chief Operating Officer (COO) at INCIBE from February 2014 to October 2016.

As COO he was responsible for the implementation of support services, technologies and activities for industry, R&D&I and talent at INCIBE during this period. As an international expert, he has participated in the missions of the Organization of American States (OAS) aimed at developing national cybersecurity strategies in several Latin American countries.

Before joining INCIBE he worked as the Head of Cyber-Defence at ISDEFE and was a member of the team responsible for the design and implementation of the Joint Cyber-Defence Command of the Spanish Armed Forces.

Fernando J. Sánchez Gómez
Director of the National Centre for Infrastructure Protection and Cybersecurity. Ministry of Interior.

He is a Lieutenant Colonel of the Guardia Civil, holds a High Degree in Military General Staff Course. He has completed numerous official courses of the Guardia Civil and other institutions, participating in several international missions with the European Union and the United Nations Organization. He has accredited several Masters and Higher Courses and has the certificate of Security Management recognized. He has been awarded with several distinctions. Speaks four languages: English, French, Italian and Portuguese.

He has over 25 years of professional experience in the security field. Prior to his current position, he worked for several years in the General Staff of the General Directorate of the Guardia Civil.

More recently, he has led the working group in charge of drafting the Spanish regulation on critical infrastructure protection (Law 8/2011, Royal Decree 704/2011 and its derived plans), and has been part of the drafting committee of the National Cybersecurity Strategy approved in December 2013. In the same way, he has participated as a Spanish representative in the discussions within the European Commission for the drafting of Directive 114/2008 on the protection of European Critical Infrastructures.

He is a member of the Spanish National Committee for Critical Infrastructure Protection, he is also the National Contact Point of the Spanish State with the European Union in the field of critical infrastructure protection and participates regularly in various national and international working groups in this field.

He is co-author of the books "Marco Legal y de Gestión de la Protección de las Infraestructuras Críticas en España" (2013) and "Seguridad nacional, amenazas y respuestas" (2014). Moreover, he is also the author of several publications and articles related to the field of his expertise. He actively collaborates as invited lecturer with different courses and master's degrees related to defence and security, organized by universities and academic institutes, and frequently participate as speaker in conferences and seminars, both national and international.

Answers to those questions that were not answered during the session due to lack of time, that were sent directly to the attendees that made them.
To: Carlos Gómez López de Medina
Would it be necessary to incorporate military capabilities in cyber defence to support NCSS objectives and actions?
Yes, it's necessary. According to NCSS Line of Action 1, the Spanish Government will adopt the relevant measures to:

a. Broaden and continuously develop the Cyber Defence capabilities of the Armed Forces allowing them to appropriately protect their Networks and Information and Tel­ecommunications Systems, as well as other systems which affect National Defence.The implementation of the Joint Cyber Defence Command will be consolidated and it will be encouraged to cooperate with the different bodies with the capability to respond to cyber incidents in aspects of common interest.

b. Boost military and intelligence capabilities to deliver a timely, legitimate and pro­portionate response in cyberspace to threats or aggressions that can affect National Defence.

See the Spanish National Cyber Security Strategy for more details (www.dsn.gob.es).
To: Carlos Gómez López de Medina
¿Están seguros de que están captando al personal adecuado para el MCCD? ¿Se mira sus conocimientos o su arma de origen?
Estamos captando al personal más adecuado del que solicita ocupar los puestos de trabajo que se publican para ser cubiertos. Sí, se estudian y comparan los conocimientos y experiencia de los solicitantes.
To: Carlos Gómez López de Medina
Relacionado con la falta de expertos, ¿cómo de lejos estamos de un “ejército del ciberespacio”?
Hay que seguir haciendo un gran esfuerzo en captación, selección y formación.
To: Carlos Gómez López de Medina
Actualmente la valoración del perfil de carrera militar informática + ciberseguridad está totalmente infravalorado, muy por debajo de otros como logística, inteligencia, personal o Estado Mayor. ¿Cree VE que en el MINISDEF se apoya la formación de expertos en ciberseguridad?
Se apoya, pero es necesario aumentar la intensidad de ese apoyo.
To: Javier Candau
Se habla de estrategias, de coordinación. Ustedes representan a diferentes organismos y por ello esta pregunta ¿Salvo en el día de hoy se coordinan entre ustedes de cara a esta campo?
Entiendo que la pregunta se refiere a la coordinación de la RESPUESTA A INCIDENTES. En este punto la estrategia es la comunidad de referencia del CERT y en caso de incidente severo la capacidad de coordinación técnica a nivel nacional del CCN-CERT. Respecto al resto de las actividades a realizar se debe seguir lo establecido en las leyes de RD que definen las funciones de cada organismo.
To: Javier Candau
Don Javier, qué definiría usted y por ende, el CCN, como "Captación de Talento" y qué busca en los "Talentos"?
Para nosotros la captación del talento se mueve en dos facetas. Personal para incorporar a la plantilla del CCN y personal para colaborar en diferentes actividades con el CCN. Para lo segundo necesitamos compromiso y capacidad técnica en la ejecución (esto último lo podemos detectar con plataformas como ATENEA). El compromiso se detecta mediante la realización de actividades que normalmente están muy limitadas en tiempo. Para la incorporación en la plantilla del CCN se unen otros requisitos de nuestra organización matriz.

De todas formas, no es el objetivo fundamental que se vengan con todas las capacidades técnicas (APTITUD) pero si con unas grandes dosis de ACTITUD para formarse en el campo que se le necesite y proporcionar el mejor servicio. Siempre valoramos aquí más la C que la P.
Strategic Sponsor
Platinum Sponsor
Gold Sponsors
Checkpoint Autek ForeScout Symantec Grupo ICA TAISA SYVALUE Hewlett Packard Enterprise Fortinet s2Grupo Alient Vault Telefónica
Silver Sponsors
Innotec Aiuken Solutions FireEye BBVA
Bronze Sponsors
Military Operations In Cyberspace    |    #JornadasCD18    |    #MandoCiberdefensa