This paper examines Brazil's cybersecurity posture as assessed by the Security and Defense Agenda (SDA). Despite establishing a national cybersecurity strategy, a national CERT, and an Information Security Department, Brazil receives a low rating due to significant structural weaknesses. The paper explores inadequate legislation, rampant corruption diverting cybersecurity resources, poor private-sector performance, and a dramatic rise in cyberattacks and online banking fraud. It also addresses the military's outsized role in cybersecurity governance, the lack of inter-agency coordination, and the absence of mandatory data breach reporting laws — all of which leave Brazilian consumers and institutions persistently vulnerable.
The paper uses a policy-assessment structure: it introduces an evaluative standard (the SDA rating), identifies specific criteria where the subject falls short, and supports each gap with cited evidence. This approach — criterion identification followed by evidence-backed gap analysis — is a reliable technique for comparative policy papers at the undergraduate level.
The paper opens with Brazil's geopolitical and economic context, then summarizes its SDA rating and institutional history. Subsequent paragraphs move from legislative and resource deficiencies to rising crime statistics, and finally to structural governance problems — military dominance and inter-agency fragmentation. A brief implicit conclusion ties the weaknesses together. The progression from macro context to specific institutional failures gives the argument a logical, layered structure.
Brazil is the largest country in South America and one of the world's major emerging economies. Yet it remains a developing country that has struggled to maintain stable, reliable government. Corruption issues can potentially derail any attempt at a coherent national cybersecurity strategy. Brazil has generally been free from war — internal or external — for generations, and is not a participant in any major military bloc.
Brazil received a 1/2 star rating from the Security and Defense Agenda (SDA). The country gains points for having a national cybersecurity strategy. Brazil participates in CERT communities and has its own national CERT. The government established an Information Security Department within the federal government in 2006, adding cybersecurity responsibilities to this department in 2010. However, many weaknesses cited in the SDA report reduce Brazil's overall rating significantly.
One issue identified is a lack of legislation regarding cybersecurity. The Brazilian government has held the attitude that the country is unlikely to be a target of attack, and this has unfortunately been used as justification for its poor legislative framework and for the limited resources devoted to cybersecurity. The resources that do flow into cybersecurity are often subject to police corruption, meaning funds are used inefficiently as a result of this widespread problem. The lack of laws has allowed banking Trojan horses to proliferate, to the detriment of consumer confidence.
Furthermore, the SDA report cites poor performance by private enterprise in Brazil with respect to cybersecurity, mirroring the generally underdeveloped infrastructure across the region. Even as the region's largest economy, Brazil tends to benchmark its infrastructure against its neighbors rather than against leaders in the field.
Overall, it appears that the slow pace of change with respect to cybersecurity in Brazil has left the country vulnerable to attack, and the current structure for defense against cyberattacks and prosecuting them is inadequate.
Advogados, A. (2015). Cyber security in Brazil. Mondaq. Retrieved March 31, 2016 from http://www.mondaq.com/brazil/x/438036/data+protection/CYBER+SECURITY+IN+BRAZIL
Anscombe, T. (2015). Brazil faces unique cybersecurity challenges. Avg.com. Retrieved March 31, 2016 from
ITU.int (2014). Cyberwellness profile: Brazil. International Telecommunications Union. Retrieved March 31, 2016 from https://www.itu.int/en/ITU-D/Cybersecurity/Documents/Country_Profiles/Brazil.pdf
Muggah, R., Diniz, G., & Glenny, M. (2014). Brazil doubles down on cyber security. Open Democracy. Retrieved March 31, 2016 from
Muggah, R., & Thompson, N. (2015). Brazil's cybercrime problem. Foreign Affairs. Retrieved March 31, 2016 from https://www.foreignaffairs.com/articles/south-america/2015-09-17/brazils-cybercrime-problem
SDA (no date). Cyber-security: The vexed question of global rules. Security and Defense Agenda. In possession of the author.
Always verify citation format against your institution’s current style guide requirements.