By Rodrigo Fragola, Deputy Defense Director of Assespro-DF and President of Aker
Document from the Information Security Management Committee outlines the diagnosis
and the goals of digital security in Brazil between 2015 and 2018
and the goals of digital security in Brazil between 2015 and 2018
If it is true that Brazil is still behind in terms of integrated information security and cybersecurity policies, today we can see that society has already realized this fact and its extreme gravity.
And as elementary as this may seem, such recognition – of course, as long as it is duly supported by action – already puts us in a position of superiority compared to countless other countries that still do not give due importance to the issue.
Concrete actions, by the way, had already been taken by our State bodies at least since 2000, when the first embryo of the CGSI – Information Security Management Committee – was established – an organ that has been slowly perfected until the present day, and that gained much better defined features, in addition to greater proactivity, after the recent international espionage cases that are known to all.
It is important to note that, from the beginning, the CGSI appeared linked to the National Defense Council, thus realizing the clear concern – already at that moment – with the creation of a Brazilian military doctrine for the issue of cyber security. A discussion, by the way, which is on the agenda today and which is undoubtedly one of the guiding elements of the new "Strategic Map for Information Security and Cybersecurity 2015-2018", launched at the end of last May by the Cabinet of Security of the Presidency of the Republic, and whose great virtue is precisely that of reflecting the maximum state of the country's critical mass in this area.
The document is especially detailed in detailing the specific attributions of the various State bodies involved in the issue of digital security and in describing the mechanisms available for the participation of society – companies, universities, citizens and community bodies – in the elaboration of these policies.
Apart from that, it is worth mentioning his affirmation of the importance of strengthening academic knowledge and industrial know-how in the country, including endorsing some policies already in progress, such as the adoption by the State of its private digital communication networks (such as that of the SERPRO) for the most sensitive communications, as well as in the referendum on fiscal promotion and application of the Government's purchasing power in favor of local research and development.
Therefore, the Strategic Map is essential for national security industry leaders to be able to locate themselves in the face of the complexity of the security and defense machine that involves the three powers.
The Strategic Map 2015 – 2018 should also be celebrated for reflecting an advance in our management vision for the security & defense sector, showing that the Management Committee is, in fact, strongly embracing its founding idea.
In a highly complex and comprehensive issue such as cyber and information security in general, management is perhaps the first knot to be untied so that the correct and integrated policies can be architected, in order to effectively generate a framework of good practices. that are disseminated and assimilated with objectivity throughout all levels of society's organization.
The Brazilian public power demonstrates, in the publication of the Strategic Map, its rigorous insertion as a leadership force in the development of the issue, which, for us citizens, should serve as encouragement, since we are the ones led.
But as the document itself shows us, Brazil urgently needs to hurry and speed up its efforts, to not stop at the intention and to actually use this structuring vision as a concrete guide for action.
Among the indicators used for the elaboration of the Map, the CGSI uses worrying data, collected by the TCU, according to which in public ADM bodies and state-owned companies, 80% of the networks have failures in business continuity mechanisms. No less than 70% has access control flaws and 75% has incident management flaws, while 85% has risk management flaws.
Of the companies and bodies analyzed – all of them forming a highly strategic institutional core – only 50% have designated a manager responsible for information security and only 54% declared they have internal rules for data backup.
Thus, as important as having practical initiatives of the greatest technical-strategic value, such as incentives for the development of a proprietary cryptographic algorithm, or the identification and certification of a population of Strategic Defense Companies, it is up to the Brazilian State to pursue the creation and consolidation of a long-term, tactical agenda for the issue of governance.
A good start, for that, is to reverse, in the shortest possible time, the points of vulnerability and lax management of companies and public bodies portrayed in the Strategic Map 2015-2018. Our proposal is that, in this sense, the local IT industry and universities are immediately invited to present their proposals to the government, the armed forces and the entire set of security, defense and intelligence organizations.
EN 
PT 
