The General Directorate of Telecommunications launches a message of "tranquility" and trusts in the extensive security network of the Canary Islands
February has been the month that has marked a turning point in the issue of cybersecurity. The start of the Russian-Ukrainian war forced the Government of the Canary Islands to take measures -even earlier- in coordination with the National Cryptologic Center (CCN) to combat a 'fake news' campaign and prevent possible attacks.
The Pegasus thing It's just one more drop," he said.
Victor Melian, General Director of Telecommunications and New Technologies. The espionage program has affected, among others, the president
Pedro Sanchez and the Defense Minister,
In addition, a recent report published by the British newspaper The Guardian pointed to Morocco as the perpetrator of the espionage
more than 200 Spanish mobiles. However, among the incidents registered by the Autonomous Community, there is no evidence that any infection has occurred.
"It is important to convey a message of calm on this matter -explains the CEO-. These events and computer attacks occur daily, but few are successful, and at least in our environment we are not aware of any related to espionage.
Melián affirms that in what is limited to its competences, the Canarian Public Administration has several technological and personal tools that have been configured over time.
Specifically for mobile devices they have an antivirus called
Harmony Mobileof the Check Point architecture, which protects them from the Pegasus program.
To this is added the
Mobile Device Management (MDM), which is responsible for monitoring the devices and controlling, for example, that the applications that you want to install are more or less secure. «The objective is to minimize the impact surface. The more restricted it is, the more difficult it is to enter, “adds the CEO.
In this sense, the recommendations of the CCN are a constant. Specifically, Melián points out that in recent days they have received specific elements to apply only to iPhones for Pegasus detection. According to the guidelines received, the data is then sent for analysis.
This body is responsible, on the other hand, for providing
a series of software: the 'Glory' for event correlation, which allows patterns to be identified; the 'Lucía', for the sharing of incidents or the 'Reyes', for the detection of searches are some of the most outstanding.
Regardless of whether they have suffered an incident, the terminals are renewed, as a general rule,
twice per legislature. The last change occurred during last summer, coinciding with the equator.
On the other hand, one of the most powerful tools available to the Canarian Government is the
Security Operations Center (SOC, according to its acronym in English). A team made up of five experts in cybersecurity who sound the alarm in the face of any event and, as far as possible, provide solutions.
The general management intends to "go one step further" in this set of measures and bet on what it considers its "star project" for the coming years. This is the creation of a cybersecurity control center, which is known as
CSIRTsdependent on the Autonomous Community to manage incidents.
"It would be a higher level than just having the SOC and we would also like to extend it to local administrations, since city councils are vulnerable spaces," acknowledges Melián.
To do this, the Ministry of Public Administrations, Justice and Security has already presented the project with the aim of obtaining financing through European funds from the Recovery and Resilience Mechanism.
Other “more physical” elements complement the Canarian security system, such as firewalls, server vulnerability analysis systems, denial of service attacks, identity authentication, as well as internal dissemination regulations so that all public employees are aware of the tools available.
What are the main computer attacks?
The SOC reports monthly to the General Directorate of Telecommunications and New Technologies on the incidents that occur in the environment of the Public Administration.
The three main themes
According to the data corresponding to the month of March, his team made up of five people
detected a total of 789 events of different kinds. A figure slightly higher than the average recorded in the first quarter of this year, which stands at 550.
Despite this, the person in charge of the area, Víctor Melián, has assured that it is not a cause for concern, since of that total, 514 events were managed through the protocols already established in the SOC response system, so the intervention of the National Cryptologic Center was necessary.
In general, the average direct detection through the Government's own tools
is 93% and the efficiency they present to elucidate whether they are attacks or minor incidents is 88%. "These are very good percentages, and what they come to show is that the SOC works," says Melián.
In this sense, the general director warns that the bulk of the incidents are due to "clumsiness" of the users themselves. Although he does not rule out that there is a key technological component, he assures that the Government is equipped with sufficient tools to minimize the impact in that area. On the other hand, the possibility of giving away valuable information through deception is beyond that control.