Brazilian Armed Forces plan on continuing to enforce the security concepts that succeeded in keeping the country safe from cyberattacks at the 2014 FIFA World Cup and the 2013 FIFA Confederations Cup during the 2016 Olympics in Rio de Janeiro.
In Brazil, there is a popular saying: "one should not mess with a team that’s winning.” For the Olympics, the Armed Forces will adhere to this philosophy by using the same cybernetic defense strategy that helped provide public safety during the previous major sporting events.
“The working model of the Center for Cybernetic Defense (CDCiber) will, in essence, continue unchanged since it has proven to be a successful strategy,” the Brazilian Army’s Social Communication Center (CCOMSEx) stated. “Small changes in the strategy do take place, though, as fruit of the lessons learned during the previous events. We are constantly broadening capabilities and perfecting processes.”
CDCiber, which security authorities created in September 2012, is an organization within the Brazilian Army that's responsible for coordinating and integrating cybernetic defense activities under the umbrella of the Ministry of Defense. During the Olympics, which will be held from August 5th-21st, CDCiber will be at the forefront of the activities that will bring together 200 members from all three branches of Brazil’s Armed Forces and other partner security agencies.
Countering threats in cyberspace
CDCiber's mandate is to fight against threats in cyberspace that could undermine the games. During the latest large events that Brazil has hosted, the main offenses were the abuse of public and private websites, wherein the page was hacked and content changed; virus alerts and hosting; and cases involving sites that were defaced or maliciously taken offline.
There were also a number of phishing attempts, in which a hacker tries to manipulate people into disclosing private information. For example, one phishing attempt could be a false e-mail from a “bank” asking for the user’s bank codes; if the intended victim provides the information, the perpetrator could clean out the account's contents.
On November 8th, the Army detected hackers had entered servers belonging to the Army’s network and leaked Natural Persons Registry (CPF, for its Portuguese acronym) numbers – a unique 11-digit number assigned to each individual – belonging to military personnel, as well as passwords they used to access Army web pages. CCOMSEx publicly stated that the breach did not compromise strategic defense systems and that the Army’s Coordination Center for the Response to Internet Offenses was handling the case.
Strategic defense structures
In the real world, attacks on "units" that are considered strategic for national defense such as ports, refineries, and hydroelectric power plants, could result in national catastrophes. However, Brazil has enacted important defense mechanisms to protect government databases and banks' electronic systems, ensuring that the country would continue to run smoothly in the event of an attack.
Brazil highlighted cyberspace, along with nuclear and aerospace threats, as the three most strategic areas that need to be protected, according to the "National Defense Strategy" report in 2008.
Since then, Brazil has launched a series of steps to protect cyberspace, which authorities define as “a virtual space, composed of computing devices – both connected to networks and not – from which digital information is transmitted and either processed or stored.”
During the Olympics, cyberspace defense activities will prioritize informational assets and systems according to how important they are to sustaining the event's overall structure. Informational assets refer to the means of storage, transmission, and processing of data and information, in addition to the places where the information is stored and the people who have access to them, according to the “Military Doctrine on Cybernetic Defense,” published in 2014 by the Ministry of Defense.
CCOMSEx added that the most highly sensitive systems and informational assets are institutions directly involved with cybernetic security and defense, such as Area Defense Coordination Centers (CCDA); Integrated Centers for Regional Command and Control (CICCR); CDCiber; the Ministry of Defense; and the Navy, Army, and Air Force.
During the Olympics, these organizations’ domains (URLs), address books, and systems and services of partner organizations, such as the Federal Police and Brazilian Intelligence Agency (ABIN), will be protected.