GMV, as an expert cybersecurity company, has been providing services and solutions with cutting-edge technology since 1993; it is responsible for protecting the infrastructure and information systems of a great number of important international companies. GMV has therefore brought together some of its clients to find out the current cybersecurity situation faced by today’s organizations. Participants include Javier García Carmona CISO of Iberdrola; Ana Santos, head of cybersecurity projects of the National Cybersecurity Institute (Instituto Nacional de Ciberseguridad: INCIBE) and Markus Rueckert, ICT security engineer of the European Space Agency (ESA).

Experts give their opinion on cybersecurity

This encounter brought out the full complexity of today’s cybersecurity issues. It described the problems suffered by companies that fail to take suitable protection measures and explained how difficult it is to combat a threat that evolves day by day. The participants came to the conclusion that technology is the keystone for solving this problem, while also stressing the importance of education and awareness-raising throughout the whole organization to forestall hackers. Regulation is also crucial; there is currently a glut of rules and a lack of clarity. Better collaboration is also called for between the public and private sectors, in the interests of proper liaison and an agile exchange of information to confront the growing cybersecurity threat.

The SUAC3I project

In the second part of the encounter, Jose María Legido, Northwest Regional Director of GMV Secure e-Solutions, presented the results of SUAC3I (Secure User Authentication in Control Center for Critical Infraestructures), a European-Commission-funded, GMV-led research and development project to produce groundbreaking security technology applicable to critical infrastructure protection (CIP).

SUAC3I arose in answer to the specific workstation or user-station needs of critical infrastructure control center personnel in terms of access authentication, authorization and control. To solve this problem SUAC3I provides workstation-level user authentication, accounting and authorization without forfeiting any availability or the essential 24×7 visibility requirements in workstation screens. It will also be possible to identify which user has been using the workstation and adapt his or her authorization system to existing user privileges. Another key element in system design and implementation is compliance with the European data protection directive.