The Brazilian government has created a national cybersecurity strategy with the core objectives of increasing the country's digital trustworthiness and resilience against cyber threats.
There are good initiatives currently in place in Brazil around cybersecurity, but they are "fragmented" and introduced on an ad-hoc basis, which "hinders the convergence of efforts in the sector," said the presidential decree that created the strategy. Another problem of the current set-up is the "lack of normative, strategic and operational alignment."
According to the decree, published on February 7 following a consultation period that lasted seven months and involved over 40 public sector bodies, experts and academia, the strategy fills "an important gap in the national regulatory framework on cybersecurity."
With the strategy in place, the current focus is on the creation of a national cybersecurity policy. The policy, which should be presented to the Congress as draft regulation before year-end, is now being created and will provide specific guidelines and timescales for the execution of the ten strategic steps set out in the document published last week.
The plan published last week includes a set of ten strategic actions. These recommendations have a myriad of ramifications, including the establishment of minimum cybersecurity requirements in public sector contracts, as well as the implementation of cyber governance programs and projects.
The adoption of national encryption systems and intensifying anti-piracy policies is also part of the advice set out in the strategy, which also recommends the expansion of digital certification use across government.
Other points mentioned in the document are around a plan to inform the population about the topic of cybersecurity, as well as the creation of controls for the treatment of restricted information. About a year ago, there were significant changes to the way Brazil handles classified information in government, with the power to assign top-level secrecy to documents awarded to hundreds to public servants.
Brazil often leads rankings of cybersecurity threats. When it comes to ransomware, for example, it is the world's second most threatened country, according to a recent study by Trend Micro.
Brazilians are neither happy with the way in which companies handle their personal data or trust them, according to another study, by IBM: 6 in 10 Brazilians know someone who has been a victim of a data leak or have been through such situations themselves.
The Brazilian government's intentions to further develop its cybersecurity strategy and policy are being published ahead of the creation of the National Data Protection Agency, where attributions will include the creation of frameworks on how to handle information and guide organizations on how to adhere to the rules.
However, experts say the creation of the cyber strategy, as well as other initiatives - such as the creation of a single citizen database to be fully shared across government departments - may point to some impatience from those leading the government's security and digital agenda, who are not prepared to wait until measures around data protection are defined.