Abstract
In the current context of global interconnectivity, the cybersecurity of critical infrastructures (CI) is of utmost importance to the private and public sectors. In this regard, based on the analysis of elaborated guidelines and norms, gaps were identified that may hinder the implementation of CI protection measures, facing threats of all kinds, affecting population well-being, economic power and contributing to weakening the reputation of a country in the concert of nations. Considering the dynamic nature and the speed of technological evolution, this study aims to raise subsidies for the improvement of the cybersecurity of CI in Brazil, pointing out norms to be elaborated or adopted, good practices and strategic actions to be followed. The methodology used in the development of this work begins with bibliographic and document research, and through comparative analysis, points out the most relevant, existing standards and initiatives. A diagnosis of the Brazilian situation is provided including field research, a solution proposal and finally an analytical discussion of proposed actions.
Highlights
In Brazil, the issue of Cybersecurity for Critical Infrastructures started to be addressed in 2007, with the publication of Resolution 2 of the Chamber of Foreign Affairs and NationalDefense of the Government Council (CREDEN), Resolution 2, which mentioned the critical sectors of critical infrastructures (CIs) that would be initially studied by the Critical Infrastructure Safety Technical Groups (GTSIC), namely: Energy, Transport, Water and Telecommunications (Brazil, 2007)
The theme of the present work can be problematized by asking the following question: which norms, good practices, and strategic actions could serve as subsidies for the improvement of cybersecurity of CIs in Brazil?
Field research and cross-examination of the collected data, it appears that it is essential to develop new norms and regulatory instructions on cybersecurity of CIs, which are adapted to the Brazilian reality and culture
Summary
In Brazil, the issue of Cybersecurity for Critical Infrastructures started to be addressed in 2007, with the publication of Resolution 2 of the Chamber of Foreign Affairs and NationalDefense of the Government Council (CREDEN), Resolution 2, which mentioned the critical sectors of critical infrastructures (CIs) that would be initially studied by the Critical Infrastructure Safety Technical Groups (GTSIC), namely: Energy, Transport, Water and Telecommunications (Brazil, 2007). Ordinance No 02 of the Institutional Security Office of the Presidency of the Republic (GSI/PR) instituted these GTSICs, including the Finance sector among the priority CI areas, without prejudice to others that may be defined. To deal with cyber threats to CIs, the Presidency of the Republic of Brazil currently has member bodies, among which the Institutional Security Office of the Presidency of theRepublic (GSI/PR) instituted stands out; immediate https://ojs.vvg.hr/index.php/adrs/article/view/37/33. The infrastructure to protect CIs counts on the following Computer Security Incident Response Team (CSIRTs): nacional responsibility - Center for the Study, Response and Treatment of Security Incidents in Brazil (CERT.br), Government Cyber Treatment and Response Center (CTIR Gov); energy CSIRT Cemig; finance - CSIRTs Bank of Brazil (BB), Caixa, SICREDI, BASA, BNB, BRB, BANESE,Santander, and Cielo; telecommunication - CTIR/DATAPREV, GRA/SERPRO, PRODESP, EMBRATEL, Telefônica/Vivo, TIM, Oi, among others (CERT.br, 2020)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
