OAS, GCSCC and UK Government Present Report on Brazil's Cybersecurity Maturity

The Organization of American States (OAS) together with representatives of the GCSCC, the Government of the Federative Republic of Brazil and the Government of the United Kingdom presented 21 August, the report "Review of Cybersecurity Capabilities of the Federative Republic of Brazil".

The report, developed by the Cybersecurity Program of the Inter-American Committee against Terrorism of the OAS and the GCSCC through the CMM methodology, evaluated five specific dimensions to determine the level of preparedness from Brazil. Through consultations with stakeholders from various sectors (including criminal justice, law enforcement, the defence community, information-technology officers, critical infrastructure owners, policy makers, and computer emergency response teams).

This was the third CMM review according to the GCSCC methodology in the LAC region after the assessments in Jamaica and Colombia in 2015.
Among the main discoveries, the following stand out:

  • In Brazil there has been considerable development with respect to five fundamental areas measured in the research: (1) the existence of legal frameworks related to cybersecurity; (2) awareness initiatives and (3) standards, organisations and technologies. In particular, he possesses remarkable strength in his handling of cyber incidents and in the existence of a cybersecurity awareness at various levels of his government.
  • Given that Brazil has hosted several international events in recent years, this has allowed the development of cyber crisis management protocols by different response teams. Said protocols of action and knowledge of functions by different government units are maintained today and have been adapted according to the type of attack.
  • An increasing number of users and stakeholders from the public and private sectors are seen as having general knowledge of how personal information is handled online and are employing good cybersecurity practices to protect their personal information online.

The Secretary for Multidimensional Security, Farah Urrutia, said: “In addition to being an example of our close cooperation ties with the Governments of the United Kingdom and Brazil, this report will help Brazil to know its true capacities, areas of opportunity and prioritise efforts and investments in cybersecurity”. Similarly, he pointed out that "Although the region is currently experiencing a notable transformation due to the Covid-19 pandemic, we are convinced that cybersecurity should be a priority for Brazil and the entire region."

Similarly, Liz Davidson, Charge d'Affaires of the British Diplomatic Mission in Brazil said: “The global crisis caused by the Covid 19 pandemic has further highlighted some of the challenges we face as governments in the area of ​​cybersecurity, and the exchange of experiences and support between governments is even more important. We are therefore very honoured that the British Government's Digital Access Program has supported the development of this report with Brazil and we hope that it will be, as it is for us, an important instrument to enhance our capabilities."

And Prof Michael Goldsmith, Co-Director of the GCSCC, emphasised: “Brazil needs to continue working with its international partners to consolidate the gains of the last five years and the positive trend from the last two years, to address the add challenges to cyberspace from the fallout of the COVID-19 pandemic."