WHAT IS THE FUTURE OF BRAZIL’S CYBERSECURITY GOVERNANCE?

In 2023, Brazil enacted its first national cybersecurity policy. The policy emerged as a response to worrisome diagnoses, which listed information security and cybersecurity among Brazil’s public administration high-risk vulnerabilities, according to a 2022 report from the Federal Court of Auditors. What lies ahead for Brazil’s newly enacted Cybersecurity National Policy? Our analysis aims to answer this question by unraveling the existing cyber governance structure that the new policy inherited and by analyzing the governance structure debated and enacted by the current policy. We conclude that Brazil has made several efforts to securitize cyberspace through a broad but disconnected collection of documents; their implementation maturity is unclear, and the Cybersecurity National Policy fails to design straightforward policy tools to address those challenges.

Keywords:
governance; cybersecurity; Brazil; public policy analysis; PNCiber

Policy objectives in GSI’s Draft Bill	Policy objectives in Decree n. 11.856 (2023)Decreto n. 11.856 de 26 de dezembro de 2023. (2023). Institui a Política Nacional de Cibersegurança e o Comitê Nacional de Cibersegurança. Brasília, DF.
I - guarantee the confidentiality, integrity, authenticity, and availability of cyber assets of interest to Brazilian society.	I - promote the development of national products, services, and technologies aimed at cybersecurity.
II - promote cyber-protection and cyber-resilience of the Public Power, of cyber-assets of interest, and of society as a whole	II - ensure the confidentiality, integrity, authenticity, and availability of solutions and data used for the processing, storage, and electronic or digital transmission of information
III - develop a cybersecurity culture in Brazilian society	III - strengthen diligent action in cyberspace, especially among children, adolescents, and the elderly
IV - encourage the coordination of the exchange of cybersecurity information between: a) government spheres; b) the private sector; and c) society in general	IV - contribute to combating cybercrime and other malicious actions in cyberspace
V - promote productive and technological autonomy in the field of cybersecurity	V - encourage the adoption of cyber protection and risk management measures to prevent, avoid, mitigate, reduce, and neutralize vulnerabilities, incidents, and cyber-attacks and their impacts
VI - promote Brazil’s participation in the global supply chain of products and services related to cybersecurity.	VI - enhance the resilience of public and private organizations to incidents and cyber-attacks.
VII - promote the ethical use of cyber assets and its associated technologies in the country	VII - develop education and technical-professional training in cybersecurity within society
VIII - promote the fight against cybercrime	VIII - promote scientific research, technological development, and innovation activities related to cybersecurity
IX - promote actions that contribute to the security and stability of the global digital environment	IX - enhance coordinated efforts and the exchange of cybersecurity information among: a) the Union, States, the Federal District, and Municipalities; b) the Executive, Legislative, and Judicial branches; c) the private sector; and d) society in general
X - increase Brazil’s international projection and engage the country in international decision-making processes to uphold national values and interests.	X - develop regulatory, oversight, and control mechanisms aimed at improving national cyber security and resilience
	XI - implement collaboration strategies to develop international cooperation in cybersecurity

Fundação Getulio Vargas, Escola de Administração de Empresas de São Paulo Cep: 01313-902, +55 (11) 3799-7898 - São Paulo - SP - Brazil
E-mail: cadernosgpc-redacao@fgv.br

Acompanhe os números deste periódico no seu leitor de RSS

[1] *Corresponding author