The hacker is alleged to have "seriously compromised the correct operations and security of a maintenance dry dock for nuclear submarines", according to a statement released by the Civil Guard on Monday. It added that the damage from the attack is thought to be around $500,000.
The unnamed man was thought to be part of a group of student hackers that had accessed more than 100 computer systems, including one based at the Navy's Point Loma base in San Diego. Investigation traced the attack back to Spain.
The suspect was later arrested in the Mediterranean city of Malaga. Police also seized his computer and other items.
Experts welcomed the arrest and said the attacks on high-level targets would inevitably end in arrest for the perpetrator.
"But it is the smaller cases of hacking on normal people and businesses that don't get given the same type of focus," said Tom Newton, product marketing manager of SmoothWall. "If each and every cyber crime case were given the same amount of attention as this one, then the world would be a safer place for us normal users."
He added that law enforcement agencies in the U.K., such as the NHTCU, are more up to speed on the current situation. "It is driving the focus of tackling cybercrime, rather than leaving it as a generic issue with local police."
"While the U.K. has made great strides in this area, the police simply do not have the resources to cope with the level of electronic crime. The onus is on businesses to secure their own futures with a multi layered approach to protect systems from the latest virus and security threats," said Newton.