In February 2020, the Decree 10.222 established Brazil’s National Cybersecurity Strategy (E-Ciber) — the first official document to provide an overview regarding Brazil’s role in cybersecurity, as well as objectives and guiding principles for its development between 2020 and 2023. With the Covid-19 pandemic, thousands of people, governmental agencies, and businesses have rapidly adapted their ... [Show full abstract] activities to a largely virtual environment. This sudden migration led to new threats and attack surfaces for exploiting vulnerabilities. More than ever, different sectors must be prepared and trained to respond to and resist these threats. However, this was precisely the period in which Brazil suffered the worst cyber attack in its history – highlighting, yet again, that many challenges remain for ensuring that concerns with security turn into action across different sectors. This strategic paper identifies the main gaps and challenges for cybersecurity governance in Brazil. We unpack the main elements of E-Ciber in order to understand and place the country’s strategic vision historically as well as in relation to other international experiences. We adopt a principles-based approach that seeks to strengthen and inform the implementation of strategic
cybersecurity objectives in Brazil, which include: national and international coordination and
cooperation; knowledge integration; sustainability of efforts; and cybersecurity-related training.
This document is the result of three months of interviews with specialists from various sectors, thematic document analysis, and ethnographic work in different areas, forums, and debates.