III Cyber Defence Symposium of the Spanish Joint Cyber Defence Command
Military Operations In Cyberspace
Madrid, 2018 May 22nd - 24th. Kinépolis Madrid (Ciudad de la Imagen)
www.jornadasciberdefensa.es   |   #JornadasCD18   |   #MandoCiberdefensa
Training
PANEL: Cyberreserve
Wednesday, 23rd May 2018   -   09:00 - 10:00
The slides of the presentations made by each speaker can be downloaded below, next to his biography. The answers to the questions that were made can be found at the end of each video, except for those that were answered personally afterwards due to lack time, that can be accessed here.
Participants:
Moderator
Luis Fernández Delgado
Editor SIC Magazine

Luis Fernández Delgado holds a Bachelor's degree in Information Sciences, a branch of Journalism, from the CEU San Pablo University. Since 1992, he has published the Spanish journal SIC cybersecurity, information security and privacy, owned by Coda Editions. Likewise, he co-directs the Securmática Organization team, the global cybersecurity, information security and privacy congress, which for the last twenty-eight years has been the most specialized event in the field in the Spanish language, and more recently Espacio TiSEC, SIC Responses, SIC Trends and Identi :: SIC.

Fernández Delgado, co-promoter of AgoraSIC - Knowledge Center in Cybersecurity-, is a frequent speaker in courses, symposiums and national and international seminars on cybersecurity and ICT security; collaborating professor of, among others, the Cybersecurity Masters of University Carlos III and the UPM. He is also an advisor on cybersecurity, information security, auditing, control, privacy, and industry and cybersecurity analyst in the public and private spheres of protection and defense.

He is currently a member, among others, of the Madrid chapter of ISACA, ISMS Forum, AEDEL and CriptoRed

Speaker
Enrique Ávila Gómez
National Centre of Excelence in Cybersecurity Director

Enrique Avila has a Law Degree from the Complutense University of Madrid. University Specialist in Intelligence Services. Master´s degree in Digital Evidence and fight against Cybercrime. Lecturer in the following Master´s programme: Master of ICT Security of the European University of Madrid, Master in Digital Evidence and fight against Cybercrime of the UAM and Master of Cyberdefense and Cybersecurity of the School of War of Colombia. He is a researcher at the Institute of Forensic Sciences and Security of the Autonomous University of Madrid. He has held the post of Deputy Director of the School of Economic Intelligence. He is currently Director of the National Center of Excellence in Cybersecurity and Head of the Information Security Area of the Technological Innovation and Information Security Service of the Civil Guard.

Enrique Avila is a member of the Order of Merit of the Civil Guard and he holds the White Merit Cross.

Speaker
Carlos Gómez López de Medina
Major General. Commander of ESP Joint Cyber Command (MCCD)

Maj. Gen. Carlos Gómez López de Medina is commander of the Joint Cyber Command from inception (July 13) to date.

Spanish Air Force Academy Graduate, class of '81.

As a Lieutenant, he served at the Royal Guards Regiment, in his Majesties' residence.

As a telecommunications specialist, he has served in technical posts both in the Spanish Air Force and in NATO.

He served as Commander of the Air Force's Signals Group prior to being appointed as aide-de-camp to His Majesty King Juan Carlos I.

For the better part of his career as an Officer he was involved in the planning, implementation, operation and maintenance of the different Command and Control systems of the Spanish Air Force.

As a full colonel he was assigned to the Air Force Staff and Later as the Chief of the Control and Reporting Center (CRC) at Torrejón AFB.

He was promoted to Brigadier General in July 2011 and posted to the Logistics Support Command (Weapon System Directorate).

He was promoted to Major General in July 2014.

He is graduated from the Air Force C2 Technical School, the Air Force War College and the High Studies National Defence Centre (CESEDEN).

He is in possession of several national and international civilian and military awards and decorations.

Speaker
Oscar Maqueda
Cybersecurity expert

Oscar Maqueda has been in the world of information technology for more than 25 years most often associated with security issues. He began his professional career in the Ministry of Education where he spent 10 years, then, he leaps into private enterprise working for companies such as Vodafone, Colt Telecom, and Microsoft  He holds a dedree in Statistics and is currently finishing his studies in Business Administration and Management. He also holds a Master´s degree in Analysis of Digital Evidence and Fight against Cybercrime from the UAM. He is stll connected with the academic instruction within SAPROMIL program and in the Forensic Science and Security Institute together with CNEC at the UAM . He is also a professor in the Master on Cybersecurity at the School of Industrial Organization.

Oscar has worked as a volunteer in REMER (Emergency Radio Network) for many years and currently performs volunteer work as a Health Emergency Technician at the Spanish Red Cross. He is part of the Emergency Response Unit of the above mentioned organization within the IT / Telco Team for deployments in major catastrophes. He has been a speaker at the Spanish Society of Emergency Medicine on issues related to Health Emergencies and Technology.

Oscar holds the Merit Cross of the Civil Guard for his collaboration with the last mentioned corps.

Speaker
Vicente Moret Millás
Legal Advisor to the Spanish Congress

Currently, Vicente Moret is civil servant at the Spanish Congress, as member of the Parliament Legal Advisors service. He is the Economical Affairs Director and Infrastructures Director of the Congress. Likewise, He acts as the Legal Advisor for the Joint Committee of National Security, and Permanent Secretary of the Spanish Delegation to the Council of Europe Parliamentary Assembly.

He has held various positions in the Congress and the Senate, also being part of the Senior Executive Service of State Administration. He graduated in law from the University of Valencia.

Since 2013, he is also professor of Administrative Law at the IE Law School, Department of Public Law, and academic of the Royal Academy de Jurisprudence and Legislation. He has been awarded with Guardia Civil Merit Silver Cross and Police Merit Medal with white badge.

Speaker
Miguel Rego Fernández
Cybersecurity expert

Partner of iHackLabs, a cybersecurity company specialized in industrial cybersecurity, empowerment, training and simulation.

From 2013 to October 2016, he was General Director of the National Institute of Cybersecurity (INCIBE), a center designated by the Government of Spain to provide not only cybersecurity services to citizens and businesses but also  development of talent and improvement of the cybersecurity industry.

Miguel is a collaborator of the Organization of American States. He Has  participated in the definition of national cybersecurity strategies in Peru, Paraguay and the Dominican Republic. Miguel contributed to the definition of the National Cybersecurity Plan of Spain.

He is a regular collaborator in masters, media and national and international cybersecurity forums, and has been co-director and founder of the Master on management of Cybersecurity at the School of Telecommunication Engineers of the Polytechnic University of Madrid.

Prior to joining INCIBE, he held positions of responsibility in the firms EY and Deloitte, and in the telecommunication company ONO. Previously, he occupied destinations related to the management of information systems and cybersecurity in the Navy and the Ministry of Defense.

Miguel is Lieutenant Colonel of the Navy's Quartermaster Corps and has different postgraduate and certifications related to the administration and management of ICTs and cybersecurity.

Answers to those questions that were not answered during the session due to lack of time, that were sent directly to the attendees that made them.
To: Carlos Gómez López de Medina
Los reservistas civiles ¿no supondrían la mayor facilidad de entrada a sujetos indeseables y por lo tanto un aumento de la vulnerabilidad?
Consideramos que ese riesgo queda controlado si todos los ciber-reservistas disponen de Habililatión Personal de Seguridad (HPS) en el nivel que corresponda al puesto de trabajo que vayan a ocupar.
To: Vicente Moret Millás
¿Cómo puede un civil sin formación militar convertirse en militar "a todos los efectos" durante la activación?
Según la normativa reguladora de la reserva voluntaria vigente en estos momentos un reservista durante su activación como reservista se convierte en militar a todos los efectos de derechos y obligaciones de los miembros de las Fuerzas Armadas. Solo durante el periodo de activación. En cuanto a la formación los reservistas deben superar un periodo de formación de un mes para poder acceder a la condición de reservista.
To: Carlos Gómez López de Medina
¿Por qué motivo se están buscando efectivos de reserva cuando existe personal de tropa y suboficiales especialistas (en el caso del Ejército de Tierra), sobradamente preparados que por su condición de especialistas no pueden ocupar puestos en el Mando Conjunto de Ciberdefensa?
Como se indicó, con la ciber-reserva se pretende poder hacer frente a situaciones de emergencia y crisis que se apartan claramente de la normalidad, contribuir a que se cumpla el artículo 30.1 de la Constitución Española "Los españoles tienen el derecho y el deber de defender a España" y reforzar la confianza mutua entre Sociedad y Fuerzas Armadas.

Se considera que no es económicamente eficiente disponer permanentemente en las FAS de todo el personal necesario para atender a una crisis cibernética generalizada. Por otra parte, en caso de crisis es muy probable que esos efectivos del Ejército de Tierra tengan que atender a su misión actual.
To: Carlos Gómez López de Medina
Entendiendo el concepto tradicional de reserva como un reclutamiento de personal civil por necesidades defensivas del estado, no le parece que según los conceptos definidos por los ponentes no estaríamos hablando más bien de una cibereseva Voluntaria
Efectivamente, creo que todos los participantes en la panel nos referíamos a un modelo de ciber-reserva VOLUNTARIA. No imaginamos la existencia de la ciber-reserva de otra forma. Para que sea eficaz, la ciber-reserva ha de estar formada por personal voluntario y entusiasta, que esté dispuesto a prestar su apoyo on-line, incluso cuando no está formalmente activado.
To: Vicente Moret Millás
En algunos modelos de otros países vecinos, la actividad de la ciber reserva se limita a la concienciación y como mucho a la resiliencia. ¿Qué implicaciones legales puede tener la participación de ciberreservistas en operaciones militares, ya sean ofensivas o defensivas?
Si la cibersreservs se regula con los mismos perfiles legales y jurídicos que la reserva voluntaria ya recogida en la normativa vigente, un ciberreservusta durante su activación podría llevar a cabo cualquier cometido que decir encomiende sin distinción alguna en cuento a los cometidos según se trate de militares profesionales o reservistas. Una vez activado el reservista se integra durante ese periodo de activación en la estructura de las Fuerzas Armadas a todos lis efectos.
To: Carlos Gómez López de Medina
En el caso de Francia, la reserva de ciberdefensa se comparte entre las Fuerzas Armadas, la Gendarmería Nacional y la agencia ANSSI (equivalente al INCIBE español) . ¿Se contempla un modelo similar en España o sería exclusivamente de Defensa?
El modelo que planteamos es una ciber-reserva encuadrada en el Ministerio de Defensa. El Ministerio de Defensa, apoyado por la ciber-reserva, apoyaría a los organismos que lo necesitaran.
To: Enrique Ávila Gómez
¿Qué mínimo de conocimientos necesitaría un ciberreservista para poder ejercer con eficacia y eficiencia?
La propuesta legislativa presentada incluye dos aspectos muy relevantes relacionados con la pregunta que me traslada. Por un lado, al tratarse de perfiles pluridisciplinares, estaríamos hablando creación de grupos de trabajo con este tipo de perfiles complementarios, coordinados para hacer frente a una amenaza de forma holística. Pongamos el caso de una situación de ataque contra una o varias infraestructuras críticas en un escenario de tipo híbrido.
Probablemente, necesitaría a técnicos especializados en el control industrial de los dispositivos de la infraestructura que, como puede suponer, no tendrían, mayoritariamente el perfil de ingenieros sino de especialistas de formación profesional que habrían de ofrecer su conocimiento a psicólogos, sociólogos, ingenieros de telecomunicaciones, filósofos, expertos en comunicación...)
Por éste y otros motivos relacionados con los perfiles profesionales orientados hacia la Ciberseguridad, donde, muchos de los mejores no disponen de titulación universitaria, se explicita la NO NECESIDAD de aportar titulación universitaria.
Si nos referimos a capacidades deseables, no relacionadas con un conocimiento específico, deberían ser perfiles colaborativos, empáticos, acostumbrados al trabajo en grupo y que, al tiempo, se adaptasen a trabajar, si ello fuese necesario, en estructuras jerárquicas de toma de decisión.
To: Carlos Gómez López de Medina
¿Está siguiendo el MCCD los criterios adecuados de selección de personal con talento en Ciberdefensa dentro de FAS? ¿ Se utilizarán los mismos criterios para la formación de la ciber-reserva?
El MCCD está siguiendo todos los criterios que están a su alcance para seleccionar al personal de las FAS. Se considera que en el caso de la ciber-reserva se podrían utilizar los mismos criterios, e incluso mejorarlos en algunos aspectos.
To: Carlos Gómez López de Medina
¿Por qué motivo buscamos reservistas en el ámbito civil cuando tenemos en filas personal especialista de tropa y suboficiales (caso del Ejército de Tierra), los cuales están sobradamente preparados para ocupar determinados puestos dentro de la plantilla del Mando Conjunto de Ciberdefensa, y que por su naturaleza de "recurso crítico" no pueden siquiera optar a estos puestos de Coberdefensa?¿Para poder optar a estos puestos deberían de cogerse una excedencia voluntaria para posteriormente regresar de reservistas?
Como se indicó, con la ciber-reserva se pretende poder hacer frente a situaciones de emergencia y crisis que se apartan claramente de la normalidad, contribuir a que se cumpla el artículo 30.1 de la Constitución Española "Los españoles tienen el derecho y el deber de defender a España" y reforzar la confianza mutua entre Sociedad y Fuerzas Armadas.

Se considera que no es económicamente eficiente disponer permanentemente en las FAS de todo el personal necesario para atender a una crisis cibernética generalizada. Por otra parte, en caso de crisis es muy probable que esos efectivos del Ejército de Tierra tengan que atender a su misión actual.
Strategic Sponsor
Isdefe
Platinum Sponsor
PANDA INDRA
Gold Sponsors
Checkpoint Autek ForeScout Symantec Grupo ICA TAISA SYVALUE Hewlett Packard Enterprise Fortinet s2Grupo Alient Vault Telefónica
Silver Sponsors
Innotec Aiuken Solutions FireEye BBVA
Bronze Sponsors
Ediciones Coda SIA GMV PALOALTO CYBERARK S21 SEC
Military Operations In Cyberspace    |    #JornadasCD18    |    #MandoCiberdefensa