Joint Cyberspace Command

1.         Ensure free access to cyberspace in order to carry out the missions and tasks assigned to the Armed Forces, through the development and use of the necessary means and procedures.

2.         Ensure availability, integrity and confidentiality of information, as well as integrity and availability of the networks and systems that manage and entrust it.

3.         Ensure operation of the critical services of the Armed Forces information and telecommunications systems in a degraded environment due to incidents, accidents or attacks.

4.         Obtaining, analysing and exploiting information on cyberattacks and incidents in the networks and systems under their responsibility.

5.         Exercising a timely, legitimate and proportionate response in cyberspace against threats or aggressions that may affect National Defence.

6.         Directing and coordinating, in matters of cyber-defence, the activity of both the information security incident response centres of the Armies and Navy and the information security operations of the Ministry of Defence.

7.         Representing the Ministry of Defence in matters of military cyber defence at the national and international levels.

8.         Cooperating, in the area of cyber-defence, with the national information security incident response centres, in accordance with the national cybersecurity strategies and policies in force, as well as with other military information security incident response centres at the international level.

9.         Defining, directing and coordinating cyber-defence awareness, education and specialized training.

MCCE's structure is as follows:

• Commander.
• Deputy commander.
• MCCE Staff (EMMCCE in Spanish).
• Cyberspace Operations Force (FOCE in Spanish).
• Head of Command & Control (JMC in Spanish).
• Head of Cyberdefence Systems (JSCD in Spanish).
• Head of Telecommunications & Electronic Warfare (JTEW in Spanish).

EMMCCE is the main subsidiary body of the MCCE Commander, carrying out the planning, organisation, coordination, monitoring and control activities of the MCCE.

FOCE is responsible for the execution of military operations that ensure the freedom of action of the Armed Forces in the cyberspace. Within the aforementioned military operations, it manages, both operationally and technically, the activities of the Armed Forces’ Security Operations Centres (COS). It coordinates all neccesary actions with the Armies, the Navy and the Centre for Information and Communications Systems and Technologies (CESTIC in Spanish). Whenever there are operations in the electromagnetic spectrum, it will coordinate that those operations and cyber efforts are flowing together.

The National Defence Directive 2012 establishes that deterrence is the result of having capabilities and the determination to use them if necessary. To this end, among other guidelines, it establishes that the Ministry of Defence participates in the promotion of comprehensive cybersecurity management, within the framework of the principles established for this purpose within the National Cybersecurity Strategy.

This comprehensive management requires the Ministry of Defence to contribute to national cybersecurity, not limited to protect purely military systems.

For this reason, and due to the critical nature of the information processed by information and telecommunications systems, their multiple dependence, technical complexity, quantity and geographical dispersion of their infrastructures, the creation of a Joint Cyber-Defence Command is required to direct and coordinate actions of the Armed Forces in this area.

The creation of the  Joint Cyberspace Command (MCCE in Spanish) is the result of a gradual process in which five milestones are highlighted:

• January 28^th, 2011, approval by the JEMAD of the " Military Cyber-Defence Vision". This vision guides the definition, development and use of the national military capabilities necessary to ensure the effective use of cyberspace in military operations.
• July 28^th, 2011, approval by the JEMAD of the "Concept of Military Cyber -Defence". This concept establishes the principles, objectives and challenges of cyber-defence in the military field.
• July 12^th, 2012, approval by the JEMAD of the "Action Plan for Obtaining Military Cyber- Defence Capability. This plan is configured as a living document to adapt to the dynamic nature of cyberspace and the evolution of information technologies and to seek synergy through the coordination of efforts between the joint field (EMAD), the corporate field (DIGENIN), and the specific fields (Armies), as well as by taking advantage of existing structures.
• February 19^th,2013, the Minister of Defence issued "Ministerial Order 10/2013, creating the Joint Cyber-Defence Command".
• July 27^th, 2020, Order DEF/710/2020 new Defence Staff HQ structure, where former MCCD is renamed as MCCE

ESP DEF CERT is the name of the Ministry of Defence Incident Response Centre. It is part of the Joint CyberDefence Command. Its scope of action includes the networks and the information and telecommunications systems of the Spanish Armed Forces, as well as those other networks and systems specifically entrusted to it that may affect the National Defence.

Contact:

E-mail: esp-def-cert@mde.es

Telephone: 34 638 76 96 98

PGP Fingerprint: F9F38723F50DA3810E725FF16EEC566F438D6BEE