By Andréa Barretto/Diálogo October 04, 2017 Brazil is the South American nation that has suffered the most cyberattacks in recent years. According to information from the Guide to Cyber Defense in South America, a book published on August 23rd by the Ministry of Defense, cybercrimes affect more than 20 million Brazilians a year and cost the Brazilian government a net total of $8 billion. The publication brings together public data from 12 South American nations, as well as French Guiana, on initiatives in the areas of cyberdefense and security. This work, never published before in the region, was done by a group of scholars with incentives from Brazil’s National Council on Scientific and Technological Development and the Brazilian Institute of Defense Studies, an organization in charge of collecting data, conducting research, and producing analyses that are used by the Brazilian Ministry of Defense in its decision-making process. “At universities, there has been increasing interest in this issue,” stated Marcos Aurelio Guedes de Oliveira, a professor in the Political Science graduate program at Pernambuco Federal University and one of the authors of the guide. According to Guedes, most of the attention directed at the issue is due to the increasing number of cyberattacks and other crimes, not only in the defense sector, but also in the civil sector. “Imagine that your email data is stolen. That’s already a problem for the individual. Now consider the proportions that are gained when it’s about data at a national level,” he alerted. Cooperation and reinforcement The guide makes a distinction between cybersecurity and cyberdefense. The former “concerns issues relating to public safety.” While the latter refers to “the act of protecting a nation’s critical information technology and communication systems. In addition, it includes cyber issues and matters that may affect a nation’s survival.” In South America, each nation deals with cyberdefense and security in its own way. In Brazil, as distinguished from Colombia for example, there is a security structure that is separate from defense. And while issues relating to cybersecurity are the responsibility of the President’s Institutional Security Cabinet, those concerned with cyberdefense fall within the military sphere, especially the Brazilian Army, through its Cyber Defense Command (ComDCiber, per its Portuguese acronym). Service members from all three branches of the armed forces lead ComDCiber’s activities, whose mission is planning, orienting, coordinating, and controlling operational, doctrinal, development, and training activities within the scope of the Military Cyber Defense System. ComDCiber’s structure includes a Cyber Defense Center (CDCiber, per its Portuguese acronym), a unit established in 2011 as one of the ways of meeting the guidance issued by the National Defense Strategy, which defines the cyber sector as being strategic for the nation, alongside the nuclear and space sectors. “Brazil is the South American country that has invested the most in cyberdefense,” asserted professor Guedes, who believes that the nations of the region need to join together. “Cooperation is necessary, and we need to regulate the sector. That will lead to a greater strengthening of these institutions in the face of problems related to the cyber sector. As far as that goes, Brazil can play quite an important role, because it has more experience,” he added. Capturing the flag Among the activities that ComDCiber carries out are competitions to train service members. On June 29th, one of these twice yearly events took place. “It’s a chance for them to get trained on putting the knowledge they’ve acquired into practice. The big difficulty in the cyber arena is putting what you’ve learned into practice. So when we have a competition like this, it’s an excellent opportunity to test out what we’ve learned,” explained Brazilian Army Lieutenant Colonel Marcelo Antônio Righi, of ComDCiber. Mandabyte, the Third Armed Forces Cyber Competition, had participation from 243 service members—147 from the Brazilian Army, 48 from the Brazilian Navy, and 48 from the Air Force—as well as six civilian professionals. The competitors were divided into 84 teams. All members got a user name and password that let them interface with the championship platform from their own computer. When the event began simultaneously for all groups dispersed throughout Brazil, 18 “capture the flag” challenges were launched. In that player mode, each team has to defend a system and invade the adversary’s system. The one who finishes hacking first and gets the target data is the winner. According to ComDCiber, the rules of the competition are simple, “and they are focused exclusively on performing the assigned tasks, with any cyber activity that might compromise the running of the competition being disallowed and subjecting the team to disqualification.” That is controlled by ComDCiber itself. After six hours of continuous play, the winner of the Third Armed Forces Cyber Competition was team ZeroByte, from the Brazilian Army’s 41st Telematics Center (41º CT, per its Portuguese acronym), headquartered in Belém, in the state of Pará. “Something that made this competition quite interesting was the fact that some challenges depended on others to be solved,” the 41º CT’s team stated. Taking first place represented progress for ZeroByte, which had only come in 10th and 6th, respectively, in the two previous editions of Mandabyte.