As the Latin American and Caribbean (LATAM) region continues to rapidly adopt innovative cybersecurity technologies, threat actors are continuing to target vulnerabilities.

Threats such as ransomware, data breaches, and malware are most acute in Brazil, a prime target for cyberattacks, accounting for 42% of all incidents in LATAM during the first half of 2023. Brazil’s size and move to a digital economy has not only made it a key target in the region, but the country also is ranked globally as the second most vulnerable country to cyberattack, behind only the U.S. The staggering rise in attacks has highlighted the urgent need to prioritize a comprehensive approach to cybersecurity and data governance.

To address this issue, on July 9 the Permanent Subcommittee on Cyber Defense of the Federal Senate of Brazil held an interactive public hearing, “International Risks in Cybersecurity and the Importance of a National Digital Security Agency (NDSA) in Brazil.” The hearing was broken into the following two panel sessions:

Panel #1: The Importance of a National Cybersecurity Agency for Brazil

• Jorge Blaco | Director of Information Security, Google
• Santiago Paz | Cybersecurity Sector Specialist, Inter-American Development Bank (IDB)
• Jordana Siegel | Cybersecurity and Data Protection Leader for the Americas, Amazon Web Services (AWS)
• Rafael Goncalves | Executive, Trellix 

Panel #2: The Importance of Cooperation Between Public Authorities and the Private Sector in Combating Cyber Crimes

• Dr. Patricia Soler | International Section Chief, Joint Cyber Defense Collaborative (JCDC), Cybersecurity and Infrastructure Security Agency (CISA)
• Paulo Manzato | Head of Public Sector Area, Cloudflare
• Belisario Contreras | Senior Director, Venable LLP

Belisario Contreras, Coordinator of the Digi Americas Alliance, and Senior Director, Venable LLP focused his testimony on international risks in cybersecurity and their implications for Brazil, the importance of establishing a NDSA, and examples and lessons learned from other nations that have already implemented similar measures.

Contreras highlighted that Brazil’s current approach to cybersecurity governance is fragmented, with responsibilities spanning across various agencies, creating confusion, and hampering Brazil’s ability to respond effectively to threats. Creating a NDSA would centralize resources and streamline the execution of Brazil’s National Cybersecurity Strategy (E-Ciber).

Elevating the issue of cybersecurity to the highest level of government by creating a NDSA will provide the direction needed to coordinate action items and monitor the implementation of the national strategy. A centralized agency would enhance Brazil’s national resilience against threats, define roles and responsibilities more clearly, and facilitate coordination among government entities, the private sector, and international stakeholders. This agency could also lead educational initiatives, promoting cybersecurity research and career pathways, contributing to a robust cybersecurity talent pipeline in the country.

In his testimony, Contreras pointed to the U.S. and UK as two examples where a centralized authority in managing cybersecurity efforts have contributed to a more resilient, secure digital environment. The U.S.’ Cybersecurity and Infrastructure Security Agency (CISA), Office of the National Cyber Director (ONCD), and the UK’s National Cyber Security Center (NCSC) play key roles in federal cybersecurity and infrastructure protection. Designating a federal agency to spearhead cyber initiatives ensures that cybersecurity remains a top priority at the highest levels of government and provides a comprehensive approach to combating threat actors.

The benefits to a NDSA are clear. Recently, Chile adopted legislation becoming the first country in LATAM to establish a National Cybersecurity Agency. With the rising tide of cyberattacks, Brazil cannot afford to wait and must take action to secure its digital infrastructure and protect its citizens. Fellow testimonies reflected this narrative, and similarly highlighted the importance of establishing a National Digital Security Agency in Brazil to foster a more resilient ecosystem.

A full video of the proceedings can be found here. Belisario's testimony can be found here.