The National Cybersecurity Policy (PNCiber) was recently instituted in Brazil through Decree No. 11,856, published by the federal government in the Brazilian Official Gazette. The implementation of the legislation also includes the creation of the National Cybersecurity Committee (CNCiber) in the country.
Before discussing PNCiber, it is important to provide some background on Brazilian cybersecurity by going back a few years to August 14, 2018, when the General Data Protection Law (LGPD) was launched. The LGPD became a normative milestone in Information Security aimed at ensuring data subjects’ right to know how their personal data is processed. This law established the National Cybersecurity Agency (ANCiber), overseen by the National Cybersecurity Committee (CNCiber) and the Cyber Crisis Management Office (GGCiber).
Following some system intrusions, especially in government systems, comes PNCiber, which aims to guide cybersecurity activities and ensure fundamental rights such as freedom of expression, protection of personal data, privacy protection, and access to information.
One of the highlights of the implemented policy is the diligent action in cyberspace, especially in protecting children, adolescents, and seniors, as well as combating cybercrimes.
The decree also establishes the participation of civil society, companies, and scientific institutions alongside government representatives in forming the National Cybersecurity Committee.
Paulo Azevedo, Head of Architecture & Cybersecurity at act digital, views the decree’s publication regulating cybersecurity actions in the country with optimism.
“The text was very well crafted, applying to individuals and legal entities, whether public or private, without prejudice to the provisions of the General Data Protection Law (LGPD), regarding cybersecurity actions for data protection,” says the expert.
Paulo comments that PNCiber complements other guidelines that promote safe technology use. “The decree establishes competencies related to national cybersecurity without conflicting with the other competencies of the Internet Management Committee in Brazil regarding the Internet governance model.”
Cybersecurity: A Global Concern
The implementation of PNCiber follows a global trend of concern about cyberspace use. The Global Risks Report, elaborated at this year’s World Economic Forum (WEF), highlighted the need for measures to strengthen security in virtual environments.
The report emphasizes the importance of cybersecurity in a global context of geopolitical conflicts, climate change, artificial intelligence development, and economic inequality among countries.
Importance of PNCiber
Azevedo states that the National Cybersecurity Policy addresses flaws pointed out since 2014 by the Senate Federal Cyber Espionage CPI report, as well as determining the coordination of cyber defense actions under the responsibility of the Ministry of Defense through the Cyber Defense Military System (SMDC).
The expert highlights the provision of incentives related to the National Financial System for academic entities to promote the increase of specialized cybersecurity workforce to meet the growing demands in the field.
Furthermore, Azevedo reinforces that an important aspect of PNCiber is the inclusion of cybersecurity in primary and secondary education in public and private networks. “Widespread societal awareness is crucial to increasing our digital security maturity and reducing each individual’s exposure.”
The report released by the consulting company Gartner, with predictions of cybersecurity trends, estimates that 10% of organizations will use privacy as a competitive advantage and that by 2026, 10% of large companies will have a ‘Zero Trust’ program in place, a security strategy that limits access to systems or IT demands.
To learn more, speak with one of act digital’s specialists.
