The subject of cybersecurity in Brazil has received considerable attention over the past year. With the aim of developing safeguards that ensure protection of the populace, banks, telecommunication companies, police, utilities, and politicians, cybersecurity reform reveals the concerted effort to design policy that significantly limits interference with on-line safety.
Brazil has been the target of multiple cyberattacks over the past several years. Most notably during the 2016 Olympics, as well as massive bank hacks in 2016 and 2018, a Social Security compromise in 2017, and even a recent invasion of president Jair Bolsonaro’s and his cabinet’s private information, all demonstrate the need for confronting the reality of cybercrime.
In 2019, there were 19,150 attacks on government networks, up 3,875 from 2018. Brazil trails only the United States in ransomware attacks, and ranks only behind China and the US in email threats.
In the same year, Brazil has lost US$ 20 billion to cybercrime, ` affecting almost a third of its population. Brazil maintains a deficit in its cybersecurity defense capability.
With a dearth of professionalism, investment, as well as a lack of awareness among its populace, six in ten Brazilians know of someone who has been affected by a data breach. In October of 2019, the personal information of 92 million citizens was available on the dark web.
But there have been moves to ameliorate the situation. Although frequently addressed on an ad-hoc basis, there has been a coordinated effort in 2020 to propose solutions to the problem of cybercrime.
What is needed, essentially, is a formal national strategy, focusing on requirements for public sector contracts, cyber governance, encryption, anti-privacy, and the expansion of digital certification.
An April 2020 study by Georgia Tech highlights the Brazilian National Policy on Information Security, which seeks to address the agenda of cybersecurity, cyber defense, infrastructure, private document protection and data leaks.
The study also delineates the strategic objectives of digital safety, resilience and international engagement in an effort to centralize, collaborate, legalize and coordinate public and private policy on cybersecurity.
Admittedly, the roots of policy can be traced back until 2005 with the promulgation of a National Defense Policy, and the 2008 National Defense Strategy. Prominent national events such as the Rio+20 Conference, the World Cup, and the 2016 Olympics demonstrated the proactive posture of government intervention in cybersecurity safety issues.
And the Brazilian military also plays a role, with a declaration and implementation of a 2014 Cyber Defense Military Doctrine, ensuring national information safety and intelligence security.
Ultimately, the move for reform must find structure in a formal cybersecurity bill. With the implementation of the 5G network, which could stop Huawei from accessing the Brazilian market, the fundamental goal remains the same: addressing cybersecurity.
Furthermore, Brazil intends to coordinate with the BRICS, Mercosur, the EU and the OAS revealing the merit of international integration to confront the issue.
Despite benign neglect, the legal framework for reform is indeed intact. The Institutional Security Office of the Presidency (Gabinete de Segurança Internacional – GSI) is the key actor in maintaining presidential and military security in information security and cyber-defense, issuing a 2010 “Green Book,” a guide for infrastructure protection and information security.
More recently, the Brazilian Central Bank and the Ministry on Science and Technology have taken steps to support cybersecurity safety with a 2018 initiative on Digital Strategy, an Internet Bill of Rights, and a General Data Protection Law.
But most significantly, the declaration of a National Cybersecurity Strategy published in February of 2020, has created an official policy plan for the enforcement of domestic and international cyber-governance, and will likely be followed by the implementation of a General Data Protection Law (LGPD) in 2021.
The future of cybersecurity in Brazil remains a work in progress. As the Bolsonaro administration has remained largely unresponsive to the COVID-19 pandemic, cybersecurity initiatives have been cast into doubt, while hundreds of malicious websites have arisen with the aim of hampering pandemic assistance.
For example, a hack of the Superior Electoral Court overseeing the municipal election this November leaked the data of public servants in an effort to undermine the vote.
Ultimately, progress in cybersecurity must engage the spheres of government, civil society and academia. Brazil stands poised to address the issue, although any impetus for reform and progress must come from a concerted national effort to confront the problem.
With a solid legal framework and the backing of the populace and politicians, there is hope for a coordinated goal of tackling the formidable challenge that cybersecurity poses for Brazil and its citizens.
