The Government of Catalonia is fully aware of the key value of cybersecurity in our digital society, as well as the challenge and the needs that must be dealt with to ensure the proper development of the productive sector and social fabric of the country; the expansion of a trustworthy, integrating digital administration, and the secure use of ICTs by the public.
In this sense, and in line with the strategic thrust undertaken, the Government made the Centre for Information Security of Catalonia (CESICAT) Foundation responsible for overseeing cybersecurity within the Government of Catalonia, with the idea of extending its model to other areas of action that could benefit from its activities.
In the context of Government resolution GOV/103/2012, the CESICAT Foundation was given responsibility for functions concerning the ICT security of the Government of Catalonia. This meant the CESICAT Foundation took charge of the planning, management and control of the ICTs of the Government administration and its part of the public sector.
As a response to this task and the challenges it raises, CESICAT is promoting a compulsory regulatory framework; providing the material and technical services required to ensure cybersecurity, and overseeing electronic identification and secure, reliable digital identity services.
CESICAT organises its activities following a cybersecurity governance model that includes functions of protection, prevention and resilience of information systems and ICT infrastructures with regard to cyberthreats. These have become primary activities in its value chain.
In its function to support and promote cybersecurity at Catalan local authorities, CESICAT assesses the level of cybersecurity of the ICT infrastructures with Internet access belonging to more than 500 local authority bodies through a cooperation agreement with the Open Electronic Administration Consortium of Catalonia (CAOC).
At the same time, CESICAT also acts as CESICAT-CERT™ in its capacity as CSIRT for Catalonia. In this way, it interacts at local authority level, offering prevention and reaction against cybersecurity incidents, as well as an advice service for bodies that have suffered an incident and tips and recommendations for preventing them.
CESICAT offers its cybersecurity support to Catalan public universities through its coordination and cooperation with the University Services Consortium of Catalonia (CSUC), a body responsible for providing network security assistance to institutions connected to the Anella Científica.
In this area, CESICAT also acts in its capacity as CESICAT-CERT™, exercising its function as CSIRT for Catalonia. Its principal activity is based on coordination with CSUC for cybersecurity incidents that occur or active cyberthreats that could be aimed at universities and/or research centres. Meanwhile, it also offers support through guidelines and other regulations that may apply in the university environment, if considered appropriate.
CESICAT has a duty to oversee the cybersecurity of Catalan digital society and it also does so in relation to the public, civil society and the productive sector of the country. In this area, CESICAT acts as CSIRT for Catalonia and focuses its action on providing support, advice and recommendations when faced with cybersecurity incidents and permanently promoting awareness-raising and training activities intended to prevent incidents and make secure use of ICTs.