The Role of CCN-CERT in the Face of AI-Driven Cyberattacks and Disinformation Campaigns

Cybersecurity in Spain has entered a critical phase. It’s no longer just about stopping traditional attacks like ransomware or credential theft, but about facing a new landscape where artificial intelligence (AI) becomes a weapon for attack and where digital disinformation threatens the country’s political, social, and economic stability. In this context, CCN-CERT (National Cryptologic Center – Incident Response Team), under the CNI, plays a decisive role as a shield for public administration and critical infrastructure.

Artificial Intelligence: The New Driver of Cyber Threats

Generative AI and advanced machine learning models have become powerful tools in the hands of cybercriminals. These systems enable:

• Hyper-realistic phishing, with emails and messages indistinguishable from legitimate communications.
• Automated social engineering attacks, capable of adapting in real-time to the victim’s responses.
• Creation of polymorphic malware, constantly changing its code to evade traditional detection systems.
• Voice and video forgery (deepfakes) used in financial scams or to impersonate high-ranking officials.

In response to this evolution, CCN-CERT develops countermeasures based on its own defensive AI infrastructure, with algorithms capable of detecting anomalous patterns in traffic, access, and network behavior.

Disinformation: A Hybrid Threat

While disinformation is not always considered a “cyberattack” in a technical sense, its effects are equally dangerous. Manipulating public opinion through coordinated campaigns on social media, bots, and false news can erode trust in institutions and destabilize democratic processes.

CCN-CERT works in coordination with the CCN-CNI and the Joint Cyber Space Command to identify networks of fake accounts, analyze the spread of hostile narratives, and strengthen the cybersecurity of official media and portals. Additionally, it participates in international forums of NATO and the European Union, where the fight against disinformation is already a shared priority.

Tools of CCN-CERT Against Emerging Threats

1. LUCIA Platform: facilitates correlation of incidents and detection of advanced attack patterns, including those generated by AI.
2. Advanced network monitoring systems in the Administration’s networks: provide real-time alerts for anomalies that could indicate automated attacks.
3. STIC Guides: technical recommendations that include measures against malicious use of AI and digital disinformation campaigns.
4. Public-private cooperation: collaboration with telecom operators and digital platforms to reduce the spread of false information and block attacks.

Exercises and Training in Hybrid Scenarios

In recent years, CCN-CERT has strengthened public personnel training in two key areas:

• How to identify AI-powered attacks (from deceptive emails to identity faking).
• How to respond to digital disinformation crises, simulating manipulation scenarios on social media during elections or national emergencies.

Exercises such as CyberEx already include hybrid scenarios combining technical cyberattacks with psychological operations and mass disinformation campaigns.

International Cooperation: An Essential Network

Spain does not face this challenge alone. CCN-CERT maintains active links with:

• ENISA (European Union Agency for Cybersecurity), which has prioritized combating malicious AI usage.
• NATO CCDCOE (Cyber Defence Centre of Excellence, Estonia), a pioneer in studying hybrid cyber threats.
• FIRST, a global incident information sharing forum.

Thanks to these alliances, Spain shares threat intelligence, detection methodologies, and practical cases that reinforce resilience against global risks.

Future Challenges

The challenge for CCN-CERT lies in anticipating technologies that evolve rapidly:

• Adversarial AI: models designed to deceive other defensive AI systems.
• Disinformation campaigns supported by autonomous bots that adapt based on social response.
• Quantum computing: which in the future could break encryption algorithms used today by the Administration.

The key will be keeping technological innovation in step with attackers, enhancing collaboration with private companies, and increasing training for officials and critical personnel at all levels.

Conclusion

CCN-CERT not only protects the State’s information systems but has also become a central actor in the fight against AI-enhanced cyberattacks and digital disinformation campaigns.

In a world where the boundary between the real and the manipulated blurs more each day, its role is essential to guarantee digital sovereignty, institutional stability, and citizen trust in the information era.

Frequently Asked Questions (FAQ) About CCN-CERT and Emerging Threats

How does CCN-CERT combat AI-based cyberattacks?
Using automated detection systems, traffic pattern analysis, and proprietary algorithms capable of identifying behaviors generated by malicious AI.

What role does CCN-CERT play in fighting digital disinformation?
It analyzes and detects coordinated social media campaigns, bots, and hostile narratives, in coordination with other defense and security agencies.

What is CCN-CERT’s relationship with international organizations in this area?
It collaborates with ENISA, NATO, and forums like FIRST, sharing threat intelligence and best practices to combat hybrid attacks.

Why are deepfakes and AI-supported disinformation so dangerous?
Because they can erode public trust, manipulate political and economic decisions, and cause social crises with huge security and stability costs.