“El pistolas”, roughly translatable as “gunslinger”, is the term often used lately by Chief Information Security Officers (CISOs) to refer to the Director of Corporate Security (sometimes also known in Spain as “physical security”, “equity security” or the like). The innuendo suggests that the relation between the two is distinctly improvable and that they are being obliged to come to an understanding on systematic though not exactly constructive or equal terms. Return fire sometimes comes in the form of the equally scornful sobriquet of “el informático” (the computer nerd).
Security reshuffling is of course to be expected in the wake of the passing of Spain’s Protection of Critical Infrastructure Act (Ley PIC)(*), especially among energy and financial firms (the first strategic sectors that, in the words of Spain’s National Center for the Protection of Critical Infrastructure – CNPIC – are to work with a Strategic Sector Plan). The energy sector, to boot, is continually being harried by the press or by Monday-morning quarterbacks with such terms as cybersecurity, cyberattack, cyberterrorism or cyber-come what may. The terms “Cybersecurity in industrial systems” or “SCADA security” have therefore also been factored into the mix together with the terms “Protection of Critical Infrastructure Act” or “sabotage of data center supplies” or “private security manager”.
Thought-provoking movements are currently afoot. Maybe the naïve utopia of integral security is not quite so far off as many think.
Under the European Commission’s upcoming research and innovation program, Horizon 2020, many of the security initiatives are dealt with under “Societal Challenge 7: Secure societies”. There, security is clearly conceived as an all-embracing term.
There is also a trend of increasing turnout and higher level in integral security events as compared with those dealing only with information security or ICT security. Even the more “exotic” events like the one organized a few weeks ago by the Industrial Cybersecurity Center (Centro de Ciberseguridad Industrial: CCI), under the watchword “Cybersecurity in Industrial Environments” brought together a varied clutch of organizations, all of them interested parties. True it is that the opinions and official stances expressed there show, in general, a chronic skepticism about the worth of taking on new challenges or changes of any ilk, but the positive aspect is that all the security stakeholders within any organization have the chance of speaking to each other (and they do speak), call each other to order (this also happens) and find out how other organizations are dealing with the issue of interest to us all.
Lastly, more and more CISOs seem to be showing an interest in qualification as a private security manager under the General Police Directorate of Spain’s Interior Ministry. Interest here tends to center on the recognized course that has to be passed to obtain this qualification. It should not be forgotten here that the critical operators’ designated Security and Government-Liaison Officer (Responsable de Seguridad y Enlace), as defined in the Ley PIC, needs to have this qualification and many of today’s “pistolas” already do.
Over the next months we will see how this all pans out in terms of the CISOs’ ongoing duties and line management within organizations. Opinions of all sorts are likely to be expressed. Watch this space.
(*) Content in Spanish
Author: Javier Zubieta
Las opiniones vertidas por el autor son enteramente suyas y no siempre representan la opinión de GMV
The author’s views are entirely his own and may not reflect the views of GMV