The Limited Times

Now you can see non-English news...

Félix Barrio (Incibe): "Cyberattacks on the health network have skyrocketed in the last two years and will continue to grow"


The general director of the National Institute of Cybersecurity, assures that Spain is demonstrating world leadership in the digital field, which would also explain why it is one of the countries that receives the most cyberattacks

With eight months behind him as general director of the National Institute of Cybersecurity (Incibe), Félix Barrio (50 years old, Ponferrada, León) attended his first Mobile World Congress (MWC) last February holding this position.

"Our main objective right now is to prepare for the Spanish presidency of the European Union (in the second half of this year) and make 017, the cybersecurity helpline, an initiative with a European dimension", he assures as soon as this interview begins, held in a small meeting room in the Spanish pavilion at the MWC in Barcelona.

Barrio, a software and systems engineer and doctor from the University of Salamanca, is far from being a newcomer: 16 years have passed since he began his steps at Incibe as a manager.

From her predecessor in management, Rosa Díaz, she has inherited this 017, launched in 2020 and one of the insignia that the entity wears most proudly, but also the growing problem of phishing and the challenge of raising awareness among citizens and companies of the need to prevent and protect themselves against threats on the Internet, which do nothing but multiply.

This interview took place before the cyberattack on the Hospital Clínic de Barcelona occurred, seriously damaging the operation of the center.

The first two questions that follow were answered by Barrio in writing after the face-to-face interview, to provide more information about that assault.


The cyberattack suffered by the Hospital Clínic de Barcelona has revealed that health centers are also the target of cybercriminals.

How could this have happened and what solution do you have?


Cyberattacks on the health network have skyrocketed in the last two years.

It is one of the sectors preferred by criminal organizations to extort them and to try to regain control of their computer systems as soon as possible to avoid harm to people's health.

They take advantage of the rapid growth in the number of devices that exist in these health centers and that are connected to the internet.

The growing number of connected technologies, which characterize the Internet of Things, are associated with many vulnerabilities from a cybersecurity point of view and require technical preparation to prevent them from being a gateway for attackers.

The supply chain is another attack vector,

since the existence of multiple providers means that the infection of health systems can occur due to the fact that a company or professional that provides its services externally lacks sufficient preparation in cybersecurity.

The forecast is that attacks on the healthcare network will continue to grow.


So, can what happened to the Clínic happen again?

How can health be protected to avoid it?


The way to achieve a lower incidence of cyber attacks is to invest in awareness, training and prevention of professionals, develop specific tools for the security of health systems and carry out cyber exercises that test the resilience and business continuity of these organizations systematically.

Incibe has created this March a cybersecurity department for the private health sector, while public health depends on the other national agency, the National Cryptological Center.


About the new 017 cybersecurity helpline, do you think that citizens know about it and turn to it when the situation requires it?

How is the balance that it does after the three years that it has been in operation?


According to a study we have done, 55% of Spaniards have identified the service and the Incibe.

We have carried out some very important awareness campaigns and, in addition, there has been a change: at the beginning, 80% of the calls were from people who had been victims of a cyberattack, infection or fraud, and right now the 50% of the calls are for prevention.

People call to ask how to set parental controls for children or how to protect themselves if they are getting some kind of suspicious message.

This shows that the user is assuming it as a service that they can go to regularly and not just when they have already had a problem.

We have about 6,000 calls a month.

017, the cybersecurity helpline, receives some 6,000 calls a month


You have been at Incibe for many years, but from the management you will have been able to better verify what are the threats that citizens and companies face.

Is phishing the big enemy or what other dangers worry you?


Phishing is the way in which cyber attackers compromise users, obtaining their passwords, for example, to later use them for different purposes.

The greatest digital plague that we are experiencing is that of ransomware-

type device infections

and online fraud, bank fraud, which takes advantage of the data obtained with phishing.

This is accentuated with minors, with the very elderly and with SMEs.

We are reinforcing investment so that our cybersecurity industry, those who provide those solutions that we install on our phones, tablets and computers, are the most advanced and secure.

And that is the biggest bet that we have right now from the Government of Spain.

Only Incibe is going to exceed 600 million euros of investment until 2026 to reinforce the entire market of cybersecurity solutions for citizens.


And this year your budget is 150 million.


We are investing about 150 million a year between Next Generation funds (from the European Union) and our own funds, and that is allowing us to allocate it to research and development.

We have just awarded a first batch of 137 million euros to 96 projects led by small and medium-sized Spanish companies that are developing cybersecurity solutions for citizens.

And that will allow us to achieve something very important: digital sovereignty, that we have alternative products to others that come from other countries so that users have more and more options and we do not depend on service outages by third parties.


We have talked about threats, but what strengths does Spain have in the field of cybersecurity?


017 is a pioneering service worldwide, but, in addition, Spain is the second country in cybersecurity response centers (CERTS), behind the US. According to the United Nations, our country is the fourth with the best level of cybersecurity capabilities for society and the economy.

Therefore, we are showing that we have grown a lot in the last decade.


However, according to some analysts, Spain is one of the countries that receives the most cyberattacks and phishing attacks.

For what is this?


We are the reference center in new technologies for the Spanish-speaking world, a Spanish-speaking community that makes cybercriminals systematically try to take advantage of and sometimes find a preferred place in Spain for their cyberattacks.

We know, but it's part of that leadership.

Sometimes we are not aware of the importance that, from a cultural point of view in the digital world, Spanish has for the world.

According to the United Nations, our country is the fourth with the best level of cybersecurity capabilities for society and the economy


Could it also be due to the fact that Spanish companies, especially SMEs, still do not have a sufficient level of awareness to protect themselves and prevent attacks?


I don't think so.

Just two weeks ago, Italy issued an alert of a wave of attacks that took advantage of an application vulnerability.

We did a follow-up and the Spanish systems that were actually attacked did not reach 3%.

I think we have a very good level of preparation, although obviously cyber attackers are always innovating and you have to make an effort.

It is very important that we continue to raise awareness, not settle.


As far as 5G is concerned, Spain follows the US trend of vetoing Chinese companies, or at least trying not to leave deployment in their hands for security reasons.

How is work being done on this and how will the deployment continue, especially with regard to 6G, which is already being talked about in the sector?


It is being regulated from the EU to establish the bases of the game that allow control under its rules, but we also work from the point of view of self-regulation.

At Incibe we are developing a 5G laboratory that allows us to act as a certification entity, that helps companies that manufacture and distribute 5G systems and that gives users peace of mind;

that we can, in some way, verify that what is going to reach homes and companies is something safe.

There is no technology owned by a single brand, we find environments in which you can have 10, 20 or 30 different manufacturers of different nationalities;

The most important thing is that we have technological evaluation systems that assure us that this technology does not have risks.

Technology is not bad by itself,


Since you mention the legislation, do you think it is easier to achieve a political consensus on cybersecurity?


I think so.

Cybersecurity is something on which any government of any country in modern Western democracies will agree on the basic principles, although we may disagree on whether countries have more or less rigorous regulation.

The EU is perhaps the most demanding area because there is something that cannot be waived: the protection of citizens' rights, privacy, the protection of personal data...

You can follow

EL PAÍS Tecnología





or sign up here to receive our

weekly newsletter


Subscribe to continue reading

Read without limits

Keep reading

I'm already a subscriber

Source: elparis

All tech articles on 2023-03-30

Trends 24h


© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.