Brasília (DF) – What if Brazil experienced a cyber crisis that affected sectors such as transport, communications and even defense? Who would have to be called in? Which institutions should act first? What procedures would need to be adopted? The best solutions to several of these questions were debated in Exercise Cyber Guardian 5.0, a simulation conducted by the Ministry of Defense and coordinated by the Cyber Defense Command (ComDCiber) that brought together the three Armed Forces and around 150 institutions, including government entities and several Brazilian companies.
Held at the Higher Defense School between October 2 and 6, the exercise trained cyber protection actions involving a country’s so-called “critical infrastructures”: water, energy, transport, communications, finance, biosecurity and bioprotection, defense and the nuclear sector. During the simulation, a Crisis Office was set up in charge of a team from the Brazilian government. The exercise was not limited to the federal capital. The activity also included actions carried out from São Paulo, at the 2nd Army Division Command (2nd DE). On Thursday 5, the activities were accompanied by Ministers José Múcio, of Defense, and Marcos Antônio Amaro dos Santos, of the Institutional Security Cabinet, as well as by the Commander of the Army, General Tomás, and the Commander of the Air Force, Lieutenant-Brigadier Damasceno.
According to the Head of the Army’s Science and Technology Department, General Furlan, cyber defense is something that cannot be done in isolation. “It has to involve all the critical sectors of a nation. Energy, the financial sector, the nuclear sector… everything can be the target of a cyber attack. In an exercise like this, the aim is to train the personnel who are going to carry out these attacks to prepare them for the scenarios they could face.”
The Army’s Cyber Defense Commander, Lieutenant General Alan, explained how some of the dynamics of the activity work. “In this exercise, we bring in regulatory agencies that coordinate priority areas of the country’s critical infrastructure. It’s these agencies that bring in the companies that ultimately provide the services that Brazilian society uses. And Cyber Guardian has contributed to increasing the cyber resilience of these companies. Year on year we see this growth”.
During the exercise, representatives from the Central Bank and various banking institutions met to work together on solutions to a simulated financial crisis involving the Pix money transfer method. “The institutions brought the issue to the Central Bank, which dictated the pace of what had to be done. In a joint effort, thematic groups were created, one operational to solve the problem, the other communication, to avoid panic and calm the market,” said Giselle Foschetti, one of the Central Bank’s representatives in the exercise.
For Enrico Vasconcelos, also from the Central Bank, the institution’s participation in several editions of the Cyber Guardian exercise has greatly improved the quality of the response to cyber crises in the financial system. “We can clearly see the evolution in the maturity of our crisis response plans, both for the Central Bank and the financial institutions. Many problems we have faced over the years in the exercises have led us to identify gaps we had.”
Cyber Guardian is an assignment from the Ministry of Defense to carry out an annual cyber protection exercise in areas considered essential to the national infrastructure. Representatives from various government bodies, institutions and companies, as well as the academic community, take part in the activity. Participants acted in a collaborative and integrated manner in efforts to prevent and resolve incidents involving information assets of relevance to National Defense. Through the exercise, ComDCiber sought to contribute to the integration of government, the private sector and academia in increasing the protection of national cyberspace.
Source: Army Media Center