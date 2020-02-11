The Brazilian government has developed a national cyber security strategy with the core objective of increasing the country’s digital reliability and resilience to cyber threats.

There are currently good cyber security initiatives in Brazil, but they have been “fragmented” and introduced ad hoc, “hampering the convergence of efforts in the sector,” according to the presidential decision that created the strategy. Another problem with the current set-up is the “lack of normative, strategic and operational coordination”.

According to the decree, published on February 7 after a seven-month consultation period involving more than 40 government agencies, experts and academia, the strategy “fills an important gap in the national cyber security regulatory framework.”

With the current strategy, the focus is currently on drawing up a national cyber security policy. The policy, which should be presented to Congress as a draft regulation before the end of the year, is now being drafted and will contain specific guidelines and timetables for the implementation of the ten strategic steps set out in the document published last week.

The plan that was published last week contains a series of ten strategic actions. These recommendations have numerous implications, including the establishment of minimum cyber security requirements in government contracts, and the implementation of cyber governance programs and projects.

The adoption of national encryption systems and the intensification of anti-piracy policy is also part of the advice in the strategy, which also recommends the extension of the use of digital certifications within the government.

Other points mentioned in the document relate to a plan to inform the population about the subject of cyber security and about establishing controls for the treatment of limited information. About a year ago, there were major changes in the way Brazil handles classified information in the government, with the power to grant top-level secrecy to documents granted to hundreds of officials.

Brazil often leads the rankings of cyber security threats. When it comes to ransomware, for example, it is the world’s second most endangered country, according to a recent study by Trend Micro.

Brazilians are also not happy with the way companies handle their personal data or trust them, according to another study, by IBM: 6 out of 10 Brazilians know someone who has been the victim of a data breach or has experienced such situations themselves.

The intentions of the Brazilian government to further develop its cyber security strategy and policy are published prior to the establishment of the National Data Protection Agency, where attributes include the establishment of frameworks for dealing with information and assisting organizations in complying with the rules.

Experts say, however, that the creation of the cyber strategy, as well as other initiatives – such as the creation of a single citizen database to be fully shared between administrations – may point to some impatience from those who lead the security and digital agenda of the government, which are unwilling to wait until data protection measures have been defined.