The Ministry of Justice and the National Intelligence Centre (CNI) have signed a collaboration agreement on cybersecurity that aims to establish the collaboration actions to which the Ministry itself, represented by the Subdirectorate General of New Technologies for Justice of the Ministry of Justice (SGNTJ), and the CNI, embodied in the National Cryptologic Centre (CCN), are committed.
This agreement, published in the Official State Gazette on 27 July, is part of the security of the Justice Administration’s ICT (Information and Communication Technologies) systems, services and networks, which process, store or transmit information in electronic format, and which include encrypted media.
The agreement, signed on June 5 by the then Secretary of State for Justice, Carmen Sánchez-Cortés Martín, and by the Secretary of State Director of the CNI and the CCN, Félix Sanz Roldán, includes the implementation of a security office, responsible for the strategy, management and operation of systems, services and ICT networks of the Administration of Justice.
It also includes the implementation and operation of a Cybersecurity Operations Centre (SOC), which will improve the monitoring and incident detection capabilities of the SGNTJ’s systems and optimise the capacity to react and respond to any possible attack. The Ministry of Justice will assume the direction and management of the SOC and the CCN-CERT, as the National Governmental CERT, will act as the service provider. This SOC will operate as an extension of the Security Operations Centre of the General State Administration and will gradually tend to unify and converge the different security actions provided.
The service provided will strengthen the security of courts and tribunals, prosecutors, administrative records to support judicial activity, Institute of Legal Medicine, National Institute of Toxicology and Forensic Sciences, and territorial management, as mandated by Law 18/2011, which throughout its articles, establishes requirements for security, requiring it to be an integral quality in the design of services, systems and applications (art. 48.1), a comprehensive process that addresses in any case the special sensitivity of the information contained in electronic judicial proceedings (art. 48.2), and a process of continuous improvement (art. 50), and also describes the basic elements to be taken into account in
decisions on security, security levels, and differentiated function (art. 53.1), and establishes the dimensions of electronic judicial security in terms of authenticity, confidentiality, integrity, availability, traceability and preservation (art. 53.2)
In the field of Justice, the Judicial Interoperability and Security Scheme (EJIS) includes the security requirements, similar to the ENS (National Security Scheme), applicable to the General State Administration.
The costs arising from the execution of this agreement (three million euros) are assumed by the Ministry of Justice, spread over 3 years: one million in 2018; 1.5 million in 2019; and 500,000 euros in 2020. The cost of technical and functional sustainability is determined according to the number of
users of the systems, services and T.I.C. networks of the Administration of Justice For the valuation, it has been considered that eighteen thousand (18,000) users are covered and an annual cost per user of eighty-three euros and thirty-three euro cents (83.33 euros and thirty-three euro cents) is attributed.
Performances:
a) Actions for the exchange of technical information on the security of systems, services and networks in the following fields:
– Sensors deployed in the different agencies, their monitoring capabilities, technical information on security.
– Safety-related technical documentation.
The C.C.N. will give access to the series of C.C.N.-S.T.I.C. guides developed for the Administration in order to adapt them to the environments of the S.G.N.T.J. In case of their diffusion in other environments, the origin of the document must be mentioned.
– Security incidents.
Technical information and resolution procedures for their application in the C.C.N. (Public Sector) and S.G.N.T.J. environments.
– Security initiatives developed by both entities in order to improve coordination between them and, as far as possible, to give a common message.
– Exchange of training and good practices in the field of each of the parties.
b) Actions to promote the development of security tools and specific programmes.
Possibility for the Ministry of Justice to promote the development and use of computer security tools and specific products or programs at the proposal of the C.C.N.
In this sense, the S.G.N.T.J. will be able to test these tools and programs that will allow it, if necessary, to complete their functionality in order to use them in its field of action.
c) Actions for the implementation and operation of a Security Office.
Implementation and operation by the C.N.I. in direct collaboration with the S.G.N.T.J., of a Security Office in charge of the strategy, management and operation of systems, services and T.I.C. networks of the Justice Administration that process, store or transmit information in electronic format, and that include encrypted media, with the aim of increasing their security levels.
The implementation and operation actions encompass all strategic, management and operational activities related to the security of the Security Office and, in particular:
– At a strategic level: Preparation by the C.C.N. of the Security Master Plan for the scope of action of the agreement.
– At management level: Analysis and definition of security control panels according to the criteria and information supplied by the S.G.N.T.J.; development, publication and dissemination of security regulations; preparation of system adaptation plans, development of the business continuity plan; risk analysis and management and monitoring and support for the implementation of the measures to be applied as a result of the Security Master Plan, by the C.C.N. according to the criteria and information supplied by the S.G.N.T.J.
– At the operational level: Execution of regulatory compliance audits and technical security audits, technological consultancy, staff training and awareness, according to criteria and information provided by the S.G.N.T.J.
d) Actions for the implementation and operation of a Cybersecurity Operations Centre (hereinafter S.O.C.).
At the operational level: definition and implementation of the SOC through which the monitoring and incident detection capabilities of the S.G.N.T.J. systems will be improved and the capacity to react and respond to any attack will be optimised, in accordance with the criteria and information provided by the S.G.N.T.J.
Due to its centralised nature, the S.O.C. will facilitate both the implementation of the most appropriate tools and/or technologies at all times, and the adoption of the appropriate measures for efficient defence.
The direction and management of the S.O.C. corresponds to the Ministry of Justice, in which the C.C.N.-C.E.R.T., as national governmental C.E.R.T., acts as service provider according to the competences of the Royal Decree 3/2010, of 8 January, regulating the National Security Scheme, modified by Royal Decree 3/2010, of 8 January, modified by Royal Decree 3/2010, of 8 January, regulating the National Security Scheme.
Decree 951/2015, of 23 October, amending Royal Decree 3/2010, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration, and under the supervision of the S.G.N.T.J., in compliance with the collaboration agreement between
the two bodies
In compliance with the provisions of the General Secretariat for Digital Administration to consider security services as shared services, this SOC will operate as an extension of the Cybersecurity Operations Centre of the General State Administration (S.O.C.-A.G.E.), gradually tending to unify and converge the different security actions provided.
The agreement includes mechanisms for monitoring, surveillance and control and the confidentiality of the information and data protection exchanged between the SGNTJ and the CCN.