The International Telecommunication Union (ITU) published, this Thursday (12/9), the fifth edition of the Global Cybersecurity Index 2024 (Global Cybersecurity Index – GCIv5), demonstrating the continued progress of Brazil in developing its capabilities in this area. In 2018, Brazil was ranked as the sixth country in the Americas, in 2021 as the third and in this most recent edition, the second country most committed to the ITU's Global Cybersecurity Agenda, which encompasses the capabilities developed with regard to legal measures; technical and procedural measures; organizational structures (governance); training and awareness; and international cooperation.
It is worth noting that Anatel, as Brazil's representative in international telecommunications organizations, was once again responsible for coordinating and submitting Brazil's response to the fifth edition of the Index, with the collaboration of several bodies and entities essential to the process in this edition, especially the Institutional Security Office of the Presidency of the Republic (GSI/PR); the Ministry of Foreign Affairs; and the Information and Coordination Center of Ponto BR (NIC.br).
The fifth edition of the GCI innovates by eliminating the classification by ranking, based on a decision by Member States adopted at the last World Conference on Telecommunications Developments held in 2022, and instead classifying countries into groups, with Brazil classified in Group 1 as a model. The full report can be found at: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/GCIv5/2401416_1b_Global-Cybersecurity-Index-E.pdf .
Check the classification of countries in the Americas in the figure below:
Additionally, the Brazilian contribution to the GCIv5 process and improvement is highlighted, since Anatel led the Correspondence Group and the Regional Center for Studies for the Development of the Information Society (Cetic.br) led the development of the methodology for changing the ranking to classify into groups.
Regarding GCIv4, published in 2021, the main highlights that justify the Brazilian position are the publication of the National Cybersecurity Policy (PNCiber) and the creation of the National Cybersecurity Committee (CNCiber), by Decree No. 11.856, of December 26, 2023; Brazil's accession to the Budapest Convention, enacted in Brazil by Decree No. 11.419, of April 12, 2013; the Good Hackers Program; Anatel's Certification Acts with minimum cybersecurity requirements (Anatel Acts 77/2011 and 2436/2023); the publication of the Cybersecurity Guidance Guide for Telecommunications Service Providers - Basic Level; among other actions related to the 5 pillars evaluated - legal measures; technical and procedural measures; organizational structures (governance); training and awareness; and international cooperation.
Anatel has been developing several efforts in this area and recently updated its Anatel Cybersecurity Regulation (R-Ciber – Resolution No. 740/2020). R-Ciber, which created the Technical Group for Cybersecurity and Critical Infrastructure Risk Management (GT-Ciber) of Anatel, with the objective of strengthening the organizational structures of Brazilian society and collaborating with the development of actions related to cybersecurity. In addition, Anatel created on its portal a space dedicated to cybersecurity with current public policies, available regulations, certification acts, GT-Ciber decisions and repository of decisions, studies and awareness materials.
