On November 2nd and 3rd, the Galician cybersecurity meeting (CIBER.gal) was celebrated for the third consecutive year at the City of Culture of Galicia in Santiago. As always, we did not want to miss it, in order to stay up-to-date with the cybersecurity developments in Galicia.
The topics covered over the two days of CIBER.gal were divided into three main blocks. The morning of the first day featured activities led by the Public Administration, explaining the risks companies face and the obligations of each user regarding cybersecurity, with talks and presentations by main Galician IT organizations and executives.
In the afternoon of the same day, very interesting lectures aimed at the business sector took place.
Galicia segura: the path created towards cybersecurity
Adrián Lence, director of AMTEGA, mentioned the challenges that the Galician Public Administrations had set for themselves in that same forum during the previous year, assessing the progress that had been made. Although there have been quite a few advancements, there is still a long way to go to reach a fully secure cyber environment.
Challenges and trends in cybersecurity for Public Administrations
Javier Candáu spoke about the importance of information security by Public Administrations and the delay many of them have in complying with certain ENS standards, which have been in force for years and are supposed to be mandatory. He mentioned that we must accelerate the application of security measures, as the administration is increasingly the target of more sophisticated attacks, motivated by the large amount of sensitive data they manage.
In line with Javier Candau’s comments, the complex implementation of certain regulatory cybersecurity regulations in some public administration bodies was discussed, such as in the case of small councils with less than 5,000 inhabitants, which represent 80% of the Galician councils. It was mentioned that little by little the councils are working together to address this issue and adapt as many municipalities as possible to the ENS, and then to adapt those larger cities that are still pending. In any case, the focus was very much on the importance of the security of Public Administrations because citizens trust that their data is in good hands with them.
Cybersecurity as a priority of the Galician public sector in the face of Next Generation Funds?
Here the importance of applying cybersecurity policies and improvements within the Next Generation funds was discussed. It was mentioned that several projects already included this aspect, being favorably scored when opting for subsidies.
Cybersecurity and hacking in a world of artificial intelligence, robots, and humans
A lecture by Chema Alonso: this was one of the most interesting of the day, discussing Artificial Intelligence, its evolution, and its relationship with hacking.
Myths and opportunities: cybersecurity in the cloud
An interesting debate about the security of cloud servers versus physical servers and how the former have evolved very favorably, with more control and prevention mechanisms. It’s worth highlighting the contributions of Rafael Villaverde, CEO of cloud.gal (partner of Inprosec), and his Galician cloud services company.
Challenges in the regulation of cybersecurity – NIS 2: new implications for the private sector
The new regulation that will govern from the end of this year in terms of cybersecurity in Europe: NIS 2, and the challenges it poses in application to new strategic sectors. Although the rule has not yet been transposed into law in Spain, it will be mandatory when it does, presumably in October of next year.
In short, the NIS 2 standard delves into the security control systems that companies corresponding to strategic activity sectors of the EU (food or automotive among others…) must have. These sectors will be expanded from NIS 1 to NIS 2, becoming stricter in cybersecurity matters. The panel discussed the need to apply it as soon as possible, both legislatively and at the company level.
Cyberattacks with destabilizing potential
An interesting lecture by the lieutenant colonel of the cyberterrorism division, where he spoke about certain groups focused on trying to destabilize countries through information theft and espionage. Likewise, he advanced that payment to these groups for certain industrial espionage has already begun.
The second day, the activities were mainly oriented towards the citizens, giving the audience the opportunity to participate in different technical workshops such as “Installation and configuration of Snort on Raspberry Pi for the detection of intrusions in industrial networks” or “Privilege escalation and persistence in Linux systems.” They could also learn about cybersecurity in social media and the role of women within the realm of inclusive technology.
Inclusive technology: women in cybersecurity
Women in cybersecurity: The 3 women participating in this panel gave us their personal point of view on their jobs, reviewing their professional career in the world of cybersecurity. The participating speakers were: Eva González (Abanca), Pilar Vila (CEO Forensic & Security, partner of Inprosec) and Ana Salazar (CISO Hijos de Rivera).
The cyber threat of my social network
Esther Estévez (from TikTok and TVG) offered some advice to younger people on how to cope with and manage abuse and harassment on social networks.