The Cybersecurity Operations Centre (COCS) will provide a coordinated response to cyber incidents on a permanent basis. This center will facilitate access to a catalogue of advanced cybersecurity services and intelligence and will provide a centralized security event management and correlation (SIEM) platform, deploying sensors in member entities, proactively searching for threats (threat hunting), and offering ticketing and engineering services for the onboarding process.
It will also reinforce, through horizontal cybersecurity services, the capabilities for prevention, protection, detection and response to cybersecurity incidents, so that, thanks to optimization and economies of scale, better effectiveness and efficiency can be achieved and serve as a benchmark for other centers.
The Cybersecurity Planning and Coordination Division, which reports to the General Secretariat for Digital Administration (SGAD), will be responsible for the technical and strategic direction of the service. Likewise, the National Cryptologic Centre (CCN-CERT) provides its cybersecurity operation capability, tools, and cybersecurity solutions.
The COCS will have at its disposal all the user entities of the Unified Communications Service of the General State Administration, plus other entities that have a direct connection to an interconnection node of the Network of Application Systems and Networks for Administrations (Red Sara).