New guidelines for National Critical Infrastructures

The Secretariat of Modernization, within the framework of the National Cybersecurity Strategy, and with collaboration of the Cybersecurity Committee, sanctioned Disposition No. 1523/2019 (the “Disposition").

The Disposition defines the concept of critical infrastructure and critical information infrastructure. Thus, critical infrastructure was identified as “those that are essential for the proper functioning of the essential services of society, health, security, defense, social welfare, the economy and the effective functioning of the State, whose destruction or disturbance, totally or partially, affects and/or impacts them significantly”. On the other side, critical information infrastructure was defined as “information, operation and communication technologies, as well as associated information, which are vital for the operation or the security of critical infrastructure”.

The Disposition also passed a Cybersecurity Glossary, where terms such as access, threat, cyberattack, cookies and data leakage can be find. In its recitals, the Disposition explains that, in order to take advantage of international experience and knowledge in the field, the Cybersecurity Committee carried out a detailed analysis of the definitions adopted by different countries and International Organizations.

Finally, the Disposition delegates with the National Director of Cybersecurity the power to review, and periodically update the Cybersecurity Glossary, as it is considered a living document which should be subject to all the necessary modifications depending on the technological changes.