Brazil urgently needs to start the debate on how to establish a Cybersecurity and Digital Sovereignty Framework in the country, argues a study produced by the Technology and Society Center (CTS) of the Rio de Janeiro Law School of the Getulio Vargas Foundation (FGV Direito Rio) .
The survey, in advance of the Broadcast (Grupo Estado’s real-time news system), recalls that there were 103.16 billion attempted cyber attacks in Brazil in 2022 alone.
Cybersecurity in Brazil needs a regulatory framework that considers the various sectors of society and existing initiatives on the subject, point out the researchers in the study coordinated by Professor Luca Belli, from FGV Direito Rio, which will be presented for the first time this Thursday (9) during the international conference “Cybersecurity and Digital Sovereignty”, at the FGV headquarters in Botafogo, in the south zone of Rio de Janeiro.
The article emphasizes the need for alignment in the national strategy through a law that brings minimum standards to operational levels, organizing their dimensions and establishing principles, governance and forms of cooperation between different sectors.
In view of new moves by the current government in proposing norms that involve accountability for behaviors on digital platforms, and with the end of the National Cyber Security Strategy (E-Ciber) in 2023, there is an opportunity to redesign the current arrangements, in the way of protecting people and guaranteeing human rights, says the document.
The study argues that it is imperative to create a National Cybersecurity Agency, which would be assisted by a Multisectoral Cybersecurity Committee and a National Cybersecurity Network.
The document also suggests that the Union develop, implement and periodically update a National Strategy for Cybersecurity and Digital Sovereignty, “which includes measures to protect digital systems, access infrastructures, critical infrastructures, databases, and applications in the Country”.
“The strategy should include provisions for the development of education, technical and operational capabilities, risk management, incident response, cooperation at national and international level, and definition of roles and responsibilities”, enumerated the document, which also suggests to the government to establish a certification program for digital systems, networks and data.
Cybersecurity is a “multidimensional, multisectoral and often transnational” matter, dependent on actors of an extremely different nature (such as the public and private spheres), “which are not necessarily located in the same jurisdiction”.
The survey highlights that the National Information Security Policy, instituted by Decree no. 9.637/18, provides for the creation of a National Information Security Strategy composed of different thematic modules, but only the National Cyber Security Strategy (E-Ciber) and the National Security Plan for Critical Infrastructures have already been published.
“These instruments are aimed at both government institutions and the private sector, as they establish guidelines, guides, strategic actions and targeted planning regarding the issues they deal with.
Faced with a reality in which connectivity becomes more permanent, ubiquitous and essential every day, this situation threatens not only activities that take place digitally, but all spheres of society, economy and Brazilian democracy.
In addition to business operations, they are also disrupted or affected by ransomware attacks, data leaks, etc. public services, critical infrastructure, and democratic processes themselves,” warned the study.
The report cites recent cyberattacks that have affected the provision of public services in Brazil, including vaccine control at ConectaSUS; processes and deadlines of the courts of Justice of Rio Grande do Sul and Superior Court of Justice; interruption of public services by the Municipality of Rio de Janeiro; and the invasion suffered on websites of the Government of Ceará, with messages claiming the annulment of votes by Brazilian citizens in the Northeast region, “hijacking the space of great visibility and credibility of these portals for the dissemination of hate speech and the promotion of an anti-democratic coup ”.
“Cybersecurity studies too often focus on technical aspects, such as encryption, or specific threats, such as malware or DDoS attacks,” the authors wrote.
“On the other hand, studies on telecommunications regulation, platforms, disinformation, protection of personal data and other areas where human action is translated into the digital sphere often focus on legal, political or economic aspects of their own, rarely getting to fully examine and, even more rarely, to connect the different dimensions of cybersecurity”, they added.
“In fact, all individuals, companies, public administrations, educational institutions and decision makers must consider cybersecurity as a fundamental concern before some of the main risks and threats become a reality”, they defended.
Source: CNN Brasil
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.