Brazil Put Its Military In Charge of Cyber Security

Brazil Put Its Military In Charge of Cyber Security

This post is also available in: heעברית (Hebrew)

cyber
Illustration

Brazil’s military approach to cyber insecurity is consistent with a broader effort to find a role for the Brazilian armed forces in the 21st century.

brazil is currently one of the most technologically developed country in South America and it is also concerns its military. Social media, online banking and a software industry development are the state’s locomotives.

however, along with the developed internet environment, the digital world dark side cannot be ignored. Online scams, hacking, espionage and digital surveillance are at place. The problem is with the proper response to those threats from the government side. It may have seriously misinterpreted the nature and significance of those threats and, as a consequence, the best way to tackle them.

For political reasons Brazil has outsourced most responsibility for the country’s cyber security to the military. While the armed forces has enthusiastically embraced this new role, placing them in charge of overall cyber security for both civilian and military networks is a mismatch that could have damaging consequences the country’s security.

Not all the cyber threats are equal therefore not all of them are to be treated by the military alone. Brazil’s popular protests of June-August 2013, for example, coincided with a sharp rise in hacktivist activity, but if the military to take care and deal with it, it might pose danger on a social scale

Since Edward Snowden’s revelations which involved listening on Brazilian President Dilma Rousseff’s phone by US surveillance,  it ratcheted-up Brazil’s concern with cyber security. The U.S. National Security Agency was routinely spying on wide spread of state and commercial networks,but Brazil was friendly to the United States most of the time in Latin America. The recent developments are rising skepticism towards US intentions and Washington should not underestimate the reputational damage that its global surveillance strategy has inflicted.

There is virtually no public debate or research in Brazil into those responsible for launching cyber attacks, what their interests and motivations might be, how they operate, or if and how they might be connected to criminal and political organizations.

While operating to a large extent in the dark, the Brazilian government has nevertheless rapidly constructed a sprawling cyber security and defense infrastructure.

Its response is narrowly focused on just one or two dimensions of these threats—especially foreign ones. At the center of the state’s response is the Brazilian Army’s Center for Cyber Defense (CDCiber), one of the only such entities in South America. Yet the emphasis on a military response may be incommensurate with the real (as opposed to existential) threats facing the country. Despite allegations of Hezbollah smuggling weapons to Brazilian gangs (these rumors have been circulating for decades), the country has comparatively few external cyber threats from foreign governments or terrorist groups.

This represents a mismatch with the real and emerging threats in cyberspace. Instead of focusing on international and domestic cyber-criminality, which constitutes by far the gravest risk, the state is doubling down on strengthening cyber war-fighting and anti-terrorism capabilities.

Government is overemphasizing broader issues of national security rather than addressing the core of the cyber crime, as most pressing challenges confronting citizens.

The military approach to cyber insecurity in Brazil is consistent with a broader effort to find a role for the Brazilian armed forces in the twenty-first century. On the one hand, they are strengthening border control and anti-drug activities in the Amazon and the so-called tri-border area of Argentina, Brazil and Paraguay. On the other, the military is seeking to expand its reach and influence in cyberspace.

For instance, CDCiber and Brazil’s central intelligence agency (ABIN) created social media monitoring platforms in the aftermath of the 2013 protests.

Meanwhile, other public institutions such as the Federal Police are less generously resourced and supported. These developments are partly inspired by Brazil’s desire to enhance its geopolitical reach and relevance. As a rising power, the Brazilian government is mobilizing the country’s nascent cyber security architecture to project soft power in bilateral relations and multilateral arenas. For example, in 2013 the President requested that the UN develop a new global legal system to govern the Internet.

Brazil’s own Internet architecture is still in progress. While there have been some important developments, there are conflicting lines of accountability among institutions, distorted funding priorities, confused public debate, contradictory legislative measures and the importation of outside solutions for local challenges. In the meantime, the military has “captured” resources for cyber defense, with potentially dangerous implications for civil liberties more generally.

What is more, the comparatively limited engagement of civil society in cyber security debates in Brazil means that the armed forces have free reign to advance their interests.

Military, law enforcement and civilian entities may exaggerate risks in order to increase their likely access to resources. If Brazil is to build a cyber security system fit for purpose, an informed debate is imperative.

At a minimum, Brazilians need to better understand the dynamics of cyber crime groups, and the ways in which traditional crime is migrating online. It also needs to monitor how security forces are adapting new surveillance technologies. Above all, the government should encourage a broader debate with a clear communications strategy about the need for cyber security and what forms this might take.