Internet Governance and Cybersecurity in Brazil
[Internet Governance and Cybersecurity in Brazil. Conference of Forte de Copacabana, v. 11, p. 167-181, 2014]
In December 2010, the Brazilian Department of Information and Communication Security (Departamento de Segurança da Informação e Comunicações, DSIC) within the Office of Institutional Security (Gabinete de Segurança Institucional da Presidência da República, GSI/PR) published the Green Book on Cybersecurity in Brazil (Mandarino 2010). By doing so, Brazil took a first step on an important path to protect its national computer networks against different forms of cyberthreats. The objective of the Green Book was to present an initial concept of what later should become a complete strategy called Política Nacional de Segurança Cibernética. Following international recommendations, the DSIC understands cybersecurity as a transborder and international challenge instead of a purely national issue. Therefore, the Green Book refers to a number of international strategies and references, mainly from international organisations such as the Organisation of American States (OAS), the Organisation for Economic Co-operation and Development (OECD), the International Telecommunication Union (ITU) and others (idem, p. 20ff). Besides that, the DSIC also follows the multi-stakeholder approach by underlining the importance of players from different parts of society, whose inclusion in the process is crucial to achieving the most effective results. In this context, the Green Book makes special reference to five principal players: the government, the private sector, academia, the third sector and society (idem p. 14). Cooperation among these players is aspired to in the sub-fields of political and strategic decision-making, economy, social aspects, science, technology and innovation, education, legal problems, international cooperation and the security of critical infrastructure. Here it is important to differentiate between critical infrastructure as mentioned in the Green Book and critical Internet resources as mentioned above. Critical infrastructure has a broader meaning than critical Internet resources, including energy, transport, water, telecommunication, finance, information and more. It is defined in the Green Book as “installations, services, goods and systems whose complete or partial interruption or destruction cause a serious social, economic, political, environmental or international impact, or implications on the security of state and society“ (idem p.19; translation by the author). When comparing the previously mentioned definition on critical Internet resources (especially the definition of the technical parts) with the definition of critical infrastructure, it becomes clear that critical internet resources are part of the critical infrastructure of every country. Within strategies on cybersecurity they play a central part. On the other hand, it is clear that there is much more to cybersecurity than the protection of technical infrastructure.
Download the complete book here.