Joint Cyberspace Command (MCCE)

The Joint Cyberspace Command (MCCE) will be structured into:

a.  Command.

b.  Second Command / Chief of Staff of the MCCE.

c.  MCCE Csel.

d.  Secretary.

e.  Office of Institutional Relations (ORICE).

f.  MCCE General Staff (EMMCCE).

g.  Cyberspace Operations Force (FOCE).

h.  Chief of Cyberspace Systems Headquarters (JSISCE).

i.  Military Cyber Operations School (EMCO).

The Staff of the Joint Cyberspace Command (EMMCCE) shall serve as the primary supporting agency to the Commander of the MCCE, carrying out planning, organisation, coordination, monitoring, and control activities on behalf of the Command.

In addition, the EMMCCE also acts as the main advisory body to the Commander of the MOC, to the Commander of the MCC during activated operations, as well as to the Commander of the ESPDEF-CERT.

The EMMCCE is organised into three distinct areas, within which the various Staff Sections are structured.

a. Support Area

a.1. Coordination (C-0), which includes a Security Office.

a.2. Personnel (C-1).

a.3. Logistics (C-4), incorporating an Infrastructure Office.

a.4. Resources and Finance (C-8).

b. Operations Area

b.1. Intelligence (C-2).

b.2. Operations (C-3), which includes a SEGINFOSIT Office.

b.3. Training and Readiness (C-7), including a Federated Mission Network (FMN) Office.

b.4. Strategic Communications (StratCom) (C-9).

c. Plans Area

c.1. Plans (C-5).

c.2. C4D (Command and Control, Communications, Cyberdefense & Digital) (C-6). 

Chief of General Staff and Second Command of Joint Cyberspace Command: Brigadier General  Federico Juste de Santa Ana.

 The Cyberspace Operations Force (FOCE) is the joint force unit responsible for conducting military operations that ensure the freedom of action of the Armed Forces (FAS) within cyberspace, as well as contributing to national cybersecurity through its role as the Ministry of  Defence’s Cyber Incident Response Centre (ESPDEF-CERT).

Within the scope of these operations, it provides both operational and technical direction over the activities of the Cybersecurity Operations Centres (COS) assigned to it as part of the mission. It also coordinates with all relevant actors operating in cyberspace, whether civilian or military, and whether domestic or allied, as required by the operation.

Enclosed by its area of responsibility, the FOCE shall guarantee the confidentiality, integrity, availability, and traceability of the information handled by the networks and systems used by the Armed Forces, as well as any additional systems entrusted to it by the Chief of the Defence Staff (JEMAD).

It is tasked with the protection and defence of critical networks and systems belonging to the Armed Forces, along with any other assets deemed relevant to National Defence.To that end, it plans, directs, coordinates, controls, and executes actions focused on the identification, protection, detection, and response to threats or attacks in or through cyberspace.

The FOCE shall also carry out cyber threat intelligence activities, as well as cyber Intelligence, Surveillance, and Reconnaissance (ISR) operations, supporting assigned cyber missions and contributing to the collection of intelligence outlined in current plans or in support of multidomain operations as directed.

Furthermore, the FOCE is responsible for ensuring deterrence and response capability in cyberspace, delivering legitimate, timely, and proportionate responses to any threats or hostile actions that may impact critical military networks or systems, or that pose a risk to National Defence.

It will also be in charge of deploying, configuring, auditing, operating, and maintaining the necessary CIS infrastructure to accredit systems and carry out cyber operations and exercises under EMAD’s responsibility. This includes providing full CIS and cryptographic support to EMAD and its operational structure, particularly in relation to the management of the Tactical Data Links (TDLs) of the Army, Navy, and Air and Space Force.

The Chief of the FOCE (CFOCE) is Major General Pablo Gómez Lera.

The FOCE is composed of:

a. Coordination and Support Unit (UCOA), which includes the Audit Group.

b. Cyber Operations Combat Group (GRUCO).

c. CIS Infrastructure Operations Unit (UROCIS).

The Cyberspace Systems Command (JSISCE) will be in charge of defining, overseeing the acquisition, and ensuring the sustainment of joint cyber defence systems and the Federated Mission Networking (FMN) capabilities. It will also be responsible for coordinating with the Services and the Navy in the development of technical requirements for their respective cyber defence systems, ensuring interoperability and designing the necessary system architectures.

In addition, JSISCE will host the Artificial Intelligence Centre of Excellence within the framework of the Spanish Joint Defence Staff (EMAD).

JSISCE will be organised into the following areas:

a. Coordination and Support Office (OCA).

b. Cyber Range (cyber operations training and exercise platform).

c. Cyberspace Combat System (SCOMCE).

d. 5G Cyber Defence Centre.

e. FMN Lab Group (Federated Mission Networking Laboratory).

f. Artificial Intelligence Centre – EMAD (CIA – EMAD).

The Military School for Cyber Operations (EMCO) will serve as the Armed Forces' specialist training centre for advanced education in the field of cyber operations. Operating under the Joint Cyberspace Command (MCCE), its mission will be to equip personnel with the necessary skills to plan, lead, coordinate, control, and conduct military operations within the cyber domain.

To this end, it will develop joint training programmes and curricular designs tailored to officers, NCOs, and enlisted personnel, aimed at building the capabilities required to carry out operations in or through cyberspace.

The EMCO will maintain a close relationship with the Cyber Operational Forces Command (FOCE), ensuring that the education provided remains aligned with both current and anticipated needs of the Armed Forces’ cyber defence units.

Its responsibilities will include: a. Managing course development files, validating and accrediting its training activities, organising seminars, workshops, and lecture series as part of the MCCE’s advanced training programme, as well as contributing to studies, research, and analysis supporting cyberspace operations and related initiatives. b. Promoting and maintaining collaborative ties with other educational institutions, both military and civilian, as appropriate.

The EMCO will be structured as follows:

a. Command Section.

b. Executive Support Office.

c. Studies Division.

d. Departments (4):

d.1 Department of Defensive and Offensive Cyber Operations (DCDO).

d.2 Department of ISR Cyber Operations and Social Engineering (DCIIS).

d.3 Department of Applied Technologies for Cyber Operations (DTAC).

d.4 Department of Leadership and Doctrine in Cyber Operations (DLDC).

The National Defence Directive 2012 establishes that deterrence is the result of having capabilities and the determination to use them if necessary. To this end, among other guidelines, it establishes that the Ministry of Defence participates in the promotion of comprehensive cybersecurity management, within the framework of the principles established for this purpose within the National Cybersecurity Strategy. This comprehensive management requires the Ministry of Defence to contribute to national cybersecurity, not limited to protect purely military systems. For this reason, and due to the critical nature of the information processed by information and telecommunications systems, their multiple dependence, technical complexity, quantity and geographical dispersion of their infrastructures, the creation of a Joint Cyber-Defence Command is required to direct and coordinate actions of the Armed Forces in this area.

The creation of the Joint Cyberspace Command (MCCE in Spanish) is the result of a gradual process in which six milestones are highlighted:

• January 28^th, 2011, approval by the JEMAD of the " Military Cyber-Defence Vision". This vision guides the definition, development and use of the national military capabilities necessary to ensure the effective use of cyberspace in military operations.
• July 28^th, 2011, approval by the JEMAD of the "Concept of Military Cyber -Defence". This concept establishes the principles, objectives and challenges of cyber-defence in the military field.
• July 12^th, 2012, approval by the JEMAD of the "Action Plan for Obtaining Military Cyber- Defence Capability. This plan is configured as a living document to adapt to the dynamic nature of cyberspace and the evolution of information technologies and to seek synergy through the coordination of efforts between the joint field (EMAD), the corporate field (DIGENIN), and the specific fields (Armies), as well as by taking advantage of existing structures.
• February 19^th,2013, the Minister of Defence issued "Ministerial Order 10/2013, creating the Joint Cyber-Defence Command".
• The DEF Order of 2015, dated 16 September, created the JCISFAS, heir to the CIS Division of the EMACON, and entrusted it with the responsibility of drawing up the requirements of the Information and Telecommunications Systems (CIS) of the operational structure of the Armed Forces, including Electronic Warfare Systems (EW) and Earth Observation Systems (EOS).  It also monitored the activities related to the procurement and operation of these Information and Telecommunications Systems, including in the fields of Information Security and Cyber Defence, evaluating and supervising their operational effectiveness. It provided support to the operational structure of the Armed Forces in terms of CIS, EW and SOT resources, in accordance with the guidelines established and the specific agreements to this effect between the JEMAD and the Secretary of State for Defence. It advised the JEMAD on the CIS aspects of Military Command and Control relating to the functional unit.  It was also the representative before the OISDs in the CIS aspects of the EMAD's area of responsibility and supported the JEMAD in the planning and strategic conduct of operations.
• 27 July 2020, Order DEF/710/2020 determines that the necessary freedom of action of the Armed Forces must be guaranteed in the cyberspace domain. To this end, the Joint Cyberspace Command has been created to reinforce the FAS's capacity to act in this area. This Command is established on the basis of the Joint Cyber Defence Command (MCCD) and the Information and Telecommunications Systems Headquarters (JCISFAS), which disappear from the new structure of the Defence Staff.

ESPDEF-CERT is the name of the Ministry of Defence Incident Response Centre. It is part of the Joint CyberDefence Command. Its scope of action includes the networks and the information and telecommunications systems of the Spanish Armed Forces, as well as those other networks and systems specifically entrusted to it that may affect the National Defence.

Contact (NOT TO REPORT INCIDENTS ):

e-mail     espdef.cert@gmail.com

Contact (TO REPORT INCIDENTS ):

e-mail   espdef-cert@mde.es  

Twiter   @ESPDEF_CERT

Duty Phone. (only working hours):: +34 91 512 6289

PGP Fingerprint: F9F38723F50DA3810E725FF16EEC566F438D6BEE