A few weeks ago we talked about the effects a cyberattack could have on healthcare institutions but…

What other critical infrastructures are there? What would imply an attack against them?

To understand the impact and consequences this kind of attacks might have, let´s start by defining “critical infrastructure”. Critical infrastructures are those services and facilities that are vital to the basic operations of a society. Some examples are: power plants, water treatment plants, transport, nuclear power plants, airport control towers and so on.

Not long ago, the defense of these infrastructures consisted of a set of physical security measures. However, the technology advances along with how easily an attack like this could be executed (low cost, it can be prepared from everywhere, etc.) and the high impact and speed with which panic and chaos would be created, have forced governments to take this threat very seriously.

In Spain, the CNPIC is the public institution responsible for ensuring the cyber security of these infrastructures. This institution:


Strategic sectors


Current threat level (there are 5 levels of threat)

What is the profile and motivations of a hacker to carry out this type of attack?

The motivation behind most cyberattacks is economic but those attacks of a political nature are becoming more frequent. In these attacks, beyond money, the objectives are:

  • To bring down the systems.
  • The destabilization of a country
  • To cause chaos and confusion.

One of the most famous attacks against critical infrastructures took place in Kiev on December 2015. A group of hackers managed to compromise the information systems of 3 energy distribution companies. As a result, some parts of Western Ukraine were left without electricity.

How would an attack against a critical Spanish infrastructure be handled?

The Secretary of State for Security and the Department of Telecommunications agreed that INCIBE would operate as a technical support for CNPIC to support the management of ICT security incidents affecting critical infrastructures. As a result of this collaboration, a CERT was created.

In addition, since November 2017, the people in charge of critical infrastructures can communicate, in real time, to the security forces any incident through a new mobile application named AlertPIC.

It is important to note that these types of attacks have not ceased to increase each year and the fact that some countries have not been affected yet, does not mean they are free from it in a near future.

Follow us on Twitter and LinkedIn to stay up on the latest updates and remember that you can also subscribe to our blog!.