The second session of the 28th International Seminars, held on June 24 in Palma de Mallorca by MAPFRE GLOBAL RISKS, began with a fascinating talk between Guillermo Llorente, MAPFRE’s corporate director of security, and José Luis Pérez, a Civil Guard commander in charge of managing Spain’s National Center for Critical Infrastructure Protection. During the conversation, particular emphasis was placed on the importance of taking a comprehensive view of threats, preparedness and collaboration.
Intrinsically related to the theme of the latest edition of the MAPFRE Global Risks Seminars, “Ensuring a sustainable world together”, the work of the National Center for Critical Infrastructure Protection (CNPIC) was discussed. This agency of the Ministry of the Interior is responsible for the promotion, coordination and supervision of all the activities entrusted to it by the Secretary of State for Security with respect to the protection of critical infrastructure throughout Spain’s national territory. “Nothing that is insecure is sustainable, and large critical infrastructures are the backbone on which this world’s assets, goods and energy circulate,” Guillermo Llorente said in his presentation.
Ensuring the security of critical infrastructure, whether public or private, is critical to the operation of the State, as these types of installation provide essential services to its citizens. Its proper functioning is indispensable for society; so its disturbance, interruption or destruction would have a serious impact.
Baptism of fire
Just as it was generally perceived up until a few years ago that the world’s resources were virtually infinite, for a long time attention that should have been paid has not been paid to the operation of these infrastructures. “It’s been during the onset of Covid when we’ve given greater thought to water, electricity or gasoline,” Llorente emphasized.
In the words of José Luis Pérez at the CNPIC, “when it comes to risks, we try to protect infrastructures from events that have a very low probability of occurring, but a high impact.” Thus, without being the focus of attention that initially focused on the protection of critical infrastructures—particularly regarding possible threats of a fundamentally deliberate nature, of a terrorist nature or by organized crime after 9/11—Covid-19 has been a baptism by fire for this agency.
During the toughest times of the lockdown, it was shown that if all participants in the System work together in a coordinated manner; this works. “We have provided the entire System, which after all is the country itself, with a great capacity for resilience,” said the CNPIC director.
The national security strategy has for a long time incorporated public-private collaboration into its ranks
A new impact
With the pandemic not yet over, a new challenge has put the whole world on alert: the conflict in Ukraine. Its outcome is still uncertain and poses a severe economic and security threat.
For Pérez, “the return to advanced conventional warfare has presented new challenges for all countries, in that we have come to realize that the supply chain is very easily broken.” This can occur due to an event, also relatively unlikely, affecting suppliers or service providers, without the need to directly attack critical infrastructure.
“All of these types of situations have an impact on the normal functioning of the essential services provided by the critical and strategic infrastructures,” the expert revealed. In this regard, time and circumstances are giving rise to a much broader perspective than that apparent at the time the CNPIC was brought into being. Today, the Center is working to “expand its goals and come to understand that there are other issues outside of the protection of the infrastructure itself, which can have an impact, a very significant impact, on the supply chain and on the deployment and provision of essential services,” said Llorente.
Today we are living through a time of intense volatility, highly exposed to uncertainty. At the CNPIC, they try to address all the issues brought about by the current VUCA environment, characterized by volatility, uncertainty, complexity and ambiguity. To this end, methodologies, correcting the vision for the future and a deeper understanding of the geopolitical situation, are all brought to bear.
The advancement of society and the work tools themselves also cause vulnerabilities to change. To address these new security gaps, “we are conducting a constant and in-depth situational analysis at the Center, because any type of threat can affect the provision of essential services, which is the key element when it comes to critical infrastructures,” Pérez said.
All of these issues are circumstances that are important for the State and for the infrastructures themselves that are protected through simple, flexible procedures, so as to be able to respond and be coordinated when faced with situations totally different from those originally foreseen. “You have to change the working vision, as the planning put in place that existed previously doesn’t fit the reality we are now facing,” he explained
The classic and traditional unidirectional model of security protection by which the State Security Forces and Armed Forces, provided stability to the State in the case of defense, has all but disappeared. The national security strategy has for a long time incorporated public-private collaboration into its ranks.
The National Critical Infrastructure Protection System was designed to coordinate the Administration, the Ministry of the Interior, CNPIC and the Security Forces and Agencies of the State and Autonomous Communities. Companies that own or export this infrastructure also play a key role.
Although the Center and System are permanently activated, in recent years there have been threats that have put them on high alert. For example, Commander José Luis Pérez mentioned how they reacted in the face of the notorious cyber-attack during the talk: “WannaCry was one of the times when the Center had to communicate with all the operators with problems in this regard and coordinate the response.”
How protection has evolved
Security, like any aspect of society, evolves. The emergence of information and communication technologies, as well as consideration of geopolitical and strategic situations worldwide, have led to a holistic view of security. This has gone from being considered an expense, to becoming a critical part of the organization’s own operation.
The vision has changed completely and concepts are being introduced that no longer deal exclusively with security. “Now we’re talking about resilience.” Pérez explained that the new direction being worked on focuses on the resilience of critical entities. This encompasses a much larger dimension that is not just limited to threats by organized crime or terrorists, but rather incorporates a more global view of the threats currently being faced.