While continuing my research on cybersecurity and cyberwarfare issues in Latin America, I stumbled across this excellent interview from earlier this month with Army General José Carlos dos Santos, commander of the Cyber Defense Center in Brazil. My summary of the key points of the interview is in the bullets below.
  • Santos calls cyberwarfare an asymmetric challenge and points to Stuxnet-like threats and North Korea's cyber forces as two potential future challenges.
  • 20 soldiers currently work at the center and they expect to have over 30 by the end of the year. He said he hopes to eventually have a force of 100 people.
  • They are hiring civilians with cyber skills, not just training military forces. They are willing to recruit hackers if they can guarantee they will only work for the white hats.
  • They are building a Situational Awareness Room to monitor threats.
  • They are monitoring social networks broadly for threats, but focusing more on trends and statistics rather than monitoring individual users. However, the general also gives the example of Egyptian uprising and says they have the capability to notice a potential protest and inform others in the government about it.
  • They expect the center to cost R$1.5 million per year. They made a R$10 million investment in various technologies last year.
  • The military is focused on information security standards, believing they are as vulnerable as their weakest network link. They have restricted network access and banned flash memory drives.
  • Brazil's military will engage in offensive operations if they identify a cyber threat that they need to neutralize. They received training in offensive cyberwarfare techniques from a US company.
  • The cyber attacks in Brazil last month were not serious, but they point to a potentially serious attack in the future. The general provided the example of a hack that took down the tax system the week taxes were due, causing economic problems.
  • Santos  says there are "thousands" of recorded cyber incidents every day in Brazil. Some attack the military, as when one accessed an army database. Others are attacking critical infrastructure, providing the example of a recent attack on water distribution systems in Recife.
  • The military supports legislation that deems hacking and defacement of websites a crime, while also noting that it should not restrict freedom on the internet.
The two questions I would have liked to ask are how is Brazil's military working with its neighbors in South America and how are they cooperating with the US on cyberwarfare issues. Still, this is a great interview and a good attempt by the Brazilian military to be a bit more transparent about their operations in the cyber domain. I can only wish other military commanders in Latin America would do similar interviews.