Brazil struggles to create cybersecurity policies

Several months have passed since the news around the NSA spying scandal - including intense monitoring of Brazil's communications - but Dilma Rousseff's government appears to be struggling to structure proper cybersecurity mechanisms.

According to the Brazilian Secretary of Strategic Affairs (SAE), an over-arching strategic plan aimed at improving national security and defense policies in the cyberspace will only be ready around September time.

"The idea is to first perform sectorial meetings to discuss these matters, followed by regular plenary meetings to report on the progress of activities, with requests for suggestions that can improve the work. After that, we will submit proposals to the SAE Minister and all ministries that are part of this initiative, then finally present [a proposal] to the President," says general Gonçalves Dias, a defense aide at the SAE. 

This means that one year will have passed since the NSA spying activities became public by the time the proposals are submitted by the SAE in seven months' time.

Disparate initiatives

Many cybersecurity-related measures were announced since the NSA monitoring scandal hit the headlines last July, such as the creation of an anti-snooping email system and planned demands that organizations store data locally - all immediate reactions, labeled as "emotional" by world wide web creator and activist Tim Berners-Lee. 

While the government wants to boost its cybersecurity set-up, there are many issues to overcome - access to skills being one of them. One initiative announced to mitigate that was a Ministry of Science and Technology project to create funding pools specifically for new ventures specializing in cybersecurity.

Last month, Defense Minister Celso Amorim also announced that a working group at this department presented their own cybersecurity proposal, which included a multimillion-dollar project to create of a National School of Cyberdefense.

However, the creation of cybersecurity policies in Brazil appears to be a string of separate initiatives that continue to be launched by different government departments without a cohesive strategy. Large sums of taxpayer money also appear to be committed without any set deadlines around when and how projects will be delivered - which is particularly worrying, given that all-encompassing plan is not going to materialize anytime soon. 

Considering that a global conference on the future of Internet governance is set to be held in Brazil in April and that the creation of a cybersecurity strategy is one of the government's key technology priorities for 2014, one would have thought Brazil would have more results to show in terms of policy creation.

Nine months have passed since the Brazilian government realized it needed to do something about it and seven more months are now required to come up with a cybersecurity plan. Perhaps it's time to consider getting some extra help to project manage this?