Brazil: National Policy of Cybersecurity and institutes National Cybersecurity Committee

On 27 December 2023, the Brazilian Government issued Decree No. 11.856, which officially established the National Cybersecurity Policy and formed the National Cybersecurity Committee to oversee and guide cybersecurity efforts across the country. The Decree came into effect on 27 December 2023.

Main objectives of Brazil’s national cybersecurity policy:

1. Development of Cybersecurity Solutions: Promote the creation of national cybersecurity products, services, and technologies.
2. Data Protection: Ensure the confidentiality, integrity, authenticity, and availability of solutions and data involved in information processing, storage, and digital transmission.
3. Combatting Cybercrime: Contribute to the fight against cybercrimes and other harmful activities in cyberspace.
4. Risk Management: Encourage the adoption of measures to protect against, prevent, mitigate, and neutralise cyber vulnerabilities, incidents, and attacks.
5. Organisational Resilience: Enhance the resilience of public and private organisations to withstand cyber incidents and attacks.
6. Research and Innovation: Support scientific research, technological development, and innovation in the field of cybersecurity.
7. Regulatory Improvement: Develop and enhance regulatory, inspection, and control mechanisms to bolster national cybersecurity and resilience.

Main duties of the National Cybersecurity Committee:

1. Policy Updates: Propose updates to the National Cybersecurity Policy.
2. Cybersecurity Enhancements: Evaluate and suggest measures to strengthen cybersecurity in Brazil.
3. Incident Management: Formulate proposals to improve the prevention, detection, analysis, and response to cyber incidents.
4. Cybersecurity Education: Propose initiatives to advance cybersecurity education.
5. International Cooperation: Develop strategies to enhance international technical cooperation in cybersecurity.