The Industrial Cybersecurity Center in Brazil

Team

Marcelo Branquinho

Marcelo Branquinho is a SCADA security expert and an electrical engineer who specializes in computer systems. Branquinho has an M.B.A. in Business Management and is founder and CEO of TI Safe Segurança da Informaçao. A senior member of ISA International, he has over 15 years in the field of critical infrastructures and SCADA Systems and […]

Claudio Caracciolo

Es Coordinador del Centro de Ciberseguridad Industrial en Latinoamérica. Además de: Chief Security Ambassador at Eleven Paths ISSA Argentina Chapter’s President (2011-2013 and 2013-2015) Coordinator at Centro de Ciberseguridad Industrial (CCI-Es.org) in Argentina Co-Founder at Root-Secure SRL Information Security Consultant with international certifications, mainly oriented on penetration test techniques, but with a particular passion by […]

Mr. Marcelo Branquinho, the Industrial Cibersecurity Center Coordinator in Brazil (CCI Coordinators Team), helps us to get in context of the state of the industrial cybersecurity in his country, and to do so, he shares with us his impressions.

He describes the level of sensitivity of industrial organizations in his country according to the following percentages:

He also affirms that the trend of recent years has been a slight increase.

Brazil counts with local and national public bodies promoting an adequate legal framework, in order to ensure the progressive incorporation of industrial cybersecurity measures in national presence companies (mainly critical infrastructure). The main organizations are:

  • DSIC - Departamento de Segurança da Informação e Comunicações - Presidência da República do Brasil
  • CD CIBER - Centro de Defesa Cibernética - Ministério da Defesa do Brasil

Among the main national laws and regulations affecting in this context in Brazil, Marcelo Branquinho mentions:

  • Estratégia da segurança da informação e comunicações e de segurança cibernética da administração pública federal (2015-2018) - Download
  • GUIA DE REFERÊNCIA PARA A SEGURANÇA DAS INFRAESTRUTURAS CRÍTICAS DA INFORMAÇÃO - Download
  • LIVRO VERDE SEGURANÇA CIBERNÉTICA NO BRASIL - Download

Analysing the most widely adopted industrial cybersecurity measures by Brazilian organizations to protect industrial automation systems, Marcelo Branquinho highlights the application of:

  • Industrial cybersecurity consulting / advisory
  • Internal security audit
  • Network design and architectures
  • Conventional firewalls
  • Industrial firewalls
  • Backups
  • Log correlation
  • Whitelisting
  • Antivirus

The CCI Coordinator in Brazil characterizes the industrial cybersecurity situation in his country with the following SWOT analysis:

Weaknesses

  • Lack of operational technologies certifications, processes and professionals

  • Lack of specific industry cybersecurity legislation

  • Lack of a solutions and services catalogue of industrial cybersecurity

  • Lack of specific CERTs

Strengths

  • Awareness, especially regarding industrial critical infrastructures

  • Frequent events and forums on industrial cybersecurity

Threats

  • Application of IT security measures without discretion

  • High development of industrial applications without cybersecurity requirements

  • Slow legislation

  • Shortage of local industrial cybersecurity professionals working for manufacturers

  • Shortage of specific industrial cybersecurity risk management tools

Opportunities

  • Strategic position in the industrial cyber security sector

Activities

XIV International Congress of Industrial Cybersecurity in Latin America, held from October 27 to 29, in Virtual Format

As a fundamental part of its activity, the Center for Industrial Cybersecurity (CCI) has held its XIV International Congress on Industrial Cybersecurity in Latin America. Reference event for the Latin American market, and a meeting point and exchange of knowledge, experiences and relationships of all the actors involved in this field.