The Brazilian Army is getting ready to engage an enemy who takes down entire networks, reveals state secrets and compromises countries’ security with a few keystrokes.
The Brazilian Army is getting ready to engage an enemy who takes down entire networks, reveals state secrets and compromises countries’ security with a few keystrokes.
The increasing frequency and severity of cyber attacks has alarmed governments around the world. Brazil’s armed forces have responded by launching the Center for Cyber Defense (CDCiber) in Brasília. A military-led enterprise, the center’s name aligns with Brazil’s pacifist tradition — with the focus on “cyber defense” instead of “cyber war.”
“Our strategy is an active defense,” said General José Carlos dos Santos, head of command at CDCiber. “The center seeks to protect Brazilian’s systems by preventing attacks and minimizing their effects.”
The center aims to provide the army with an organization that can act in the cyber field “in times of peace and of conflict,” said Gen. dos Santos.
Risks are real and attacks are merciless
In late June, a particularly virulent series of denial-of-service attacks — in which access to a website is disrupted — took down government-run sites including that of Brazil’s main government statistical institution, IBGE, which boasts a vast archive of demographic and economic data.
While these attacks showed vulnerabilities, the Brazilian government has made significant investment in the security of its networks, according to Bruno Rossini, Manager of Public Relations of Symantec Latin America.
“The government has a very secure and solid network. Otherwise, the recent attacks would have been much worse,” explained Rossini. The same applies to the banking system.
“Brazil has one of the most advanced electronic banking systems in the world. There has been no successful hacking of that network,” Rossini said, noting, however, a significant increase in electronic theft. “At the end of the day, the final user is the weakest link.” Brazil, says a Symantec Corp. 2011 survey, ranks only behind China in its vulnerability to virtual attacks. That’s why CDC
iber has become such a priority for the government. The center is run by the Institutional Security Office (GSI) of the presidency of the republic, the body in charge of security measures within Brazil’s public administration.
“If our center were fully operational, we could have been able to neutralize, or at the very least, realize the imminent attacks much earlier,” dos Santos said.
CDCiber opens its doors, not a minute too soon
The GSI manages 320 public computer networks that cover about one million public sector users from 37 cabinet offices and 6,000 government entities. Brazil registers more than 2,000 hacking attempts against government websites per hour. The center that defends Brazilian cyberspace is located in the third floor of a building in Brasilia’s military urban sector. While its official debut was in June, the CDCiber has been in development for around a year.
All the branches of Brazil’s Armed Forces have programs of cyber defense, but the new center will integrate leadership of those programs.
“We are developing policies for coordination and integration,” dos Santos explained. “Defense Minister [Nelson] Jobim conferred the same degree of importance to the cyber sector as to the space and nuclear ones. We can’t forget our specific function as armed forces. Several of these attacks can be considered acts of war.”
About 100 Army, Air Force and Navy officers will staff the center. The team is well-trained to meet the challenge but is also expected — and will receive incentives — to further their specialization.
The officers are encouraged to pursue master’s and doctorate programs in cyber defense and computer sciences through Rio de Janeiro’s Military Institute of Engineering.
CDCiber is equipped with a laboratory to analyze malware, a center to deal with specific incidents and two servers that will simulate cyberwar for exercises.
Army Leads the Cyber Way
As it is evident in recent attacks around the world, a small but well-trained and determined force can wreck havoc on forces that are much bigger, and supposedly stronger. They’re also protected by a veil of anonymity, often manipulating computers of unsuspecting users.
CDCiber’s work focuses on national defense, in which the Armed Forces have the lead role, as well as on national security, in which they are ancillary. The center will protect Brazil’s military and government network, as well as information infrastructure as a whole.
“The cyber security world can learn a great deal from the military,” said William Beer, the London-based director of OneSecurity at PricewaterhouseCoopers. “The military approach and mentality can be very helpful [because it] has access to advanced technology and higher visibility not always available in the private sector. It increases confidence in the system.”
Beer said that CDCiber’s key challenge would be to protect civilian infrastructure that is in private hands, but also considered critical.
Pay attention to the man behind the cyber curtain
his view is shared by Santos, commander of CDCiber. The 58-year-old general, a telecommunications engineer who’s long been in the forefront of introducing new technologies in war and defense operations, is credited with bringing mobile phone into the barracks for the first time, back in 1999. He also commanded the communications battalion in Recife in support of the government fight against drugs.
“Young people are born with a knack for the cyber world, but they lack a more general, comprehensive vision,” said dos Santos. “I have acquired that vision through years of experience. Also, most basic concepts of security of communications haven’t changed much. Only the technology has.”
Yet if CDCiber is to meet its long-term objectives, the general’s leadership skills will be tested beyond his direct chain of command. The center’s staff, while focused on the protection of national interests, will also need to learn to work with vital areas outside of military control, such as transportation, pharmaceutical production and communications.
Taking security seriously
GSI has been working to educate the public sector about the importance of incorporating best security practices at all government agencies.
Rossini, from Symantec, insists that there are two fronts, the implementation of effective security policies and the compliance with those policies. He says the new center proves the government’s commitment to establishing a climate of confidence and sending a clear message about the seriousness of cybercrime.
“Governments have to mobilize, because complacency is the enemy,” he said. “Hacking, clearly, could happen to anyone.”
A recent survey by the Tribunal de Contas da União shows that 64 percent of Brazil’s federal entities don’t even have a policy of information security. Experts warn that this is not only a national security problem, but an economic one as well — since a reputation of vulnerability to cyber attacks could send the wrong signal to potential foreign investors.
The CDCiber is still studying the myriad of ways it will need to connect with the civilian and private sectors.
“We do not want to reinvent the wheel,” said dos Santos. “So we already work very closely with several private enterprises that provide cyber programs and hardware that meet our needs, such as data analysis, forensics, social network trends and analytics.”
Beer says the Brazilian military has an opportunity to overcome some of the private sector’s skepticism and take advantage of the immense potential for collaboration on cyber security.
“The military should engage with senior leaders from across the business community, not just IT and security,” said Beer. “There need to be forums that are not limited to government and a established channel for regular communications.”
The next 12 months
Dos Santos envisions CDCiber becoming a modular monitoring center that could be relocated anywhere at a moment’s notice in an emergency. Currently, around 75 per cent of military data is in military servers. “Our number one priority is to increase network security by having it 100 per cent under internal control,” he said.
The other priority is training. In 2012, all Brazilian military schools will have a new Technology, Information and Communications curriculum.
“Finally, we will set up the CDCiber per se,” said dos Santos. “This well-equipped room is just the first iteration. This is merely the nucleus of a much more complex and sophisticated system for the Brazilian army and society as a whole.”
Very nice piece on Brazil. Hope to read more about security issues in this rapidly growing country. what a good infomation must read pages are been displayed.Very good pages.