Abstract

The year is 2008. This was the very first time that the Brazilian national defense strategy recognized cyberspace as one of the strategic domains for the country’s defense and national security. At that time, cyber attacks were becoming notorious and ever more reflective of geopolitical tensions. One year earlier, Estonia had suffered a major cyber attack from Russia, followed later on by further Russian attacks in Georgia. Not that differently from the growing global concern with cyber security, Brazil had then started to witness what would become a decade of fundamental institutional developments aimed at consolidating an architecture for cyber security governance within the federal government and a national cyber security agenda informed by concerns with external threats, “cyber wars,” and the country’s existent problem of terrorism. These initial concerns would later be replaced by an emphasis on combating cybercrime and digital propaganda – but not before bequeathing a set of institutional arrangements and organizations that have become part of the government’s cyber infrastructure. At the same time, the institutional legacy from this period came to coexist and interact with existing non-governmental organizations involved in technical response to cyber incidents and with developing Internet policy (Hurel, 2019).