The CCN-CERT has traditionally collaborated and collaborates in several SOCs of different sizes, at the level of Ministries, Provincial Councils/Town Halls or Local Entities, recently accruing Essential Services Operators.
Start-up of a SOCSecurity Operations Centers
These SOCs provide the organisation with capabilities in terms of prevention (expanding knowledge regarding their vulnerabilities, both technical and human, to reduce the exposure surface), protection (applying blocking measures, at different points of the infrastructure, to prevent or limit cyberattacks), detection (observing everything that happens in the organisation to look for existing threats and use cases) and response (acting in the event of cyber incidents to minimise the impact on the Organisation). As well as security management capability, establishing the course of the rest of the capabilities, to carry out proper Governance.
In this dynamic, the need arose to create a tool to interconnect the SOCs so that any suspicious attempted cyberattack could be stopped in its tracks immediately, even before determining whether it was an actual attack or not: the National Network of SOCs.
Prevention
Protection
Response
Detection
If among all the SOCs that provide protection to the public sector, we share information on tactics, techniques, and procedures of new threats, we will improve the capabilities of detecting and responding to potential cyber incidents.