What are the main challenges that Brazil faces to prevent threats in the cybersecurity field, such as cyber attacks? Who are the social actors with a key role in this theme? How can they work together to mitigate existing risks? The search for answers to these questions encouraged the Igarapé Institute to systematize, analyze and gather the existing knowledge on Brazil’s cybersecurity governance landscape.


The Brazilian Cybersecurity Portal gathers analyzes, research, norms and other documents on national cybersecurity. Thus, it intends to strengthen the skills for a collective action by the civil society, the academic community, the public authorities and the private sector in order to build a more secure, cooperative, resilient and sustainable digital environment.


In 2020, the Brazilian federal government published its first National Cybersecurity Strategy (E-Ciber), indicating for the first time, how it intends to establish a whole-of-society approach to cybersecurity policies and guidelines. 


The strategic paper “Cybersecurity in Brazil: an analysis of the national strategy”, by the Igarapé Institute, looks into the E-Ciber and presents recommendations for a multistakeholder vision for cybersecurity governance. The study positions the Strategy historically, reviews the strategic objectives in light of other international experiences and provides recommendations for its implementation.

We identified 6 challenges

The absence of a shared vocabulary when referring to cybersecurity/digital issues in society.

The association of cybersecurity with military affairs, responsibilities and institutions.

Lack of understanding regarding specific and shared digital risks across sectors.

The absence of mechanisms for sharing information regarding security risks/threats and knowledge across sectors.

Lack of normative, strategic, and operational alignment for incident response.

The existence of various cybersecurity maturity levels throughout society.


Public oversight of the E-Ciber could enhance transparency and accountability in monitoring how strategic objectives are being met. To do so, we recommend the publication of an annual report detailing the achievements and challenges for implementing the E-Ciber.

Establish communication channels with civil society and recognize its role as an important actor with experience in training programs. This communication will be fundamental for a more transparent discussion about national cybersecurity and for the inclusion of human rights as a fundamental element in the FPA’s cybersecurity agenda.

Improve public and private sector information sharing mechanisms related to incidents and vulnerabilities, and establish directives for coordinated vulnerability disclosure. Guides and reports with recommendations from the government on this topic should be accessible to the whole of society.

Although the Strategy includes consultation mechanisms like the Council, its implementation also depends on improving communication between GSI, CSOs and academic groups (from the humanities and from the natural sciences). To this end, it is imperative that GSI construct a communication and outreach to engage more effectively with these groups.

Assess GSI’s internal capacities vis à vis expanding its roles and responsibilities in national cybersecurity. Future efforts should prioritize multistakeholder implementation plans.

Evaluate timing and/or necessity of a Cybersecurity Bill avoiding further confusion between cybersecurity and other themes, such as disinformation.