Skip to content Skip to footer

Brazil wins its national cybersecurity policy (PNCiber)

As 2024 unfolds, Brazil opens a crucial chapter in its digital journey by implementing its long-awaited National Cybersecurity Policy (PNCiber). This initiative represents a significant step forward for cybersecurity in the country, although it has come some way behind other nations. The decree establishing it outlines seven principles, eleven objectives and creates the National Cybersecurity Committee, demonstrating a comprehensive approach.

By adopting this policy, Brazil is aligning its cybersecurity strategies and emphasizing its commitment to cooperation between the public and private sectors. This article explores how PNCiber, while not having an immediate impact on the market, signals an effective organization for cyber security. In this way, it promotes trust and outlines a more secure and innovative future for Brazil’s digital age.

Contextualizing PNCiber

Although lagging behind other countries, Brazil entered 2024 with its National Cybersecurity Policy in place. This measure was instituted by a decree published in the Official Gazette on December 26 last year. The decree is not long, but it lays the foundations that will guide cybersecurity activity in the country. The document contains seven principles, highlighting cooperation between public and private bodies in cyber security. It also has 11 objectives, starting with promoting the development of cybersecurity products, services and technologies. It also includes two instruments, the National Cybersecurity Strategy and Plan. Finally, it creates the National Cybersecurity Committee, a body that will monitor the implementation and evolution of PNCiber.

The plan is a kind of “executive version” of the cyber security strategy previously created by the federal government. Although the text of the decree may seem complex, it can be concluded that it establishes the ways and purposes in which Brazilian cybersecurity will be carried out. In a way, the Policy consolidates, with great scope, definitions that surround and permeate all cybersecurity activity in the country. This activity encompasses both the private and governmental spheres. Therefore, as one of the many definitions of “policy” says, it is a set of determinations that will guide actions to achieve the planned result.

Committee to verify the implementation of PNCiber

The decree establishes the National Cybersecurity Committee, a body made up of 25 representatives from government and society. This body acts as a watchdog and monitor, carrying out periodic checks to follow the implementation and evolution of the policy.

Although it could have done so earlier, Brazil has caught up. He ended up adopting a policy tempered with a trend-oriented approach. More recently, they have challenged technology and the authorities. These trends include generative AI, complex attacks on critical infrastructures and the exponential increase in the power of denial of service attacks. In addition, there are future factors on the horizon, such as quantum computing. Although it won’t have an immediate impact, the enactment of PNCiber is expected to encourage positive attitudes and actions. Among these actions, we can expect, for example, the exchange of information on security between companies and government agencies.

The PNCiber, at least in theory, aims to promote “cooperation between public and private bodies and entities in matters of cyber security”. This establishes all Brazilian organizations as allies. This includes not only those directly involved in cyber attacks, such as IT and telecommunications.

PNCiber | Artigo 3º
Source: BRASIL, Decree No. 11.856, of 26/12/2023.

Organization for cyber security issues

The publication of the policy has no direct impact on the market for telecommunications and IT companies. However, it establishes a degree of organization for the issue of cyber security that promotes trust, signaling the concern and proactivity of the authorities on the subject. This favors a safer digital environment, which in the medium and long term increases market confidence and results in gains in economic activity.

This effect will emerge in the future in the form of a reduction in the frequency and cost of cybercrime and greater protection of critical infrastructure assets. Directing all organizations to the same minimum security standards. At the same time, a vigorous cybersecurity policy provides the conditions to expand the market for new cybersecurity products and services. As you can imagine, this can lead to innovation and the creation of more jobs in the sector.

The first country to have a cybersecurity policy was Estonia, which considered its digital assets and their operation to be fundamental to national security. In April 2007, cyber attacks against government and private assets, originating from Russian IPs, damaged economic and social activities in the country. The start of the attacks coincided with clashes between Russian supporters and opponents on the streets of Tallinn, the capital. This happened because of the relocation of a statue honoring Russian soldiers killed in action during the Second World War. The statue was moved from the city center to a cemetery.

Estonia has taken the first step

Since then, Estonia has started to plan and invest in cyber security. It is currently the headquarters of NATO’s CCDCOE – Cooperative Cyber Defence Centre of Excellence. Since 2010, the Center has promoted an international cyber-defense exercise for NATO countries, called Locked Shields, in which Brazil participates as a guest.

Today, many countries, including Brazil, are taking advantage of the lessons learned and solutions developed by Estonia. Every year, Brazil carries out the Cyber Guardian, an extensive cyber-defense exercise. It is currently considered the largest cyber defense exercise in the Southern Hemisphere, providing participants with a realistic environment in which the country’s critical infrastructures need to be protected.

With the PNCiber in force, the notices convening the 25 members of the National Cybersecurity Committee (CNCiber) have already been signed. These members will take part in the quarterly meetings in 2024, overseeing the implementation of PNCiber.

So, did you like the article? So be sure to check out our latest content and keep up to date with the world of technology! See you next time!

Go to Top