According to Professor Danielle Ayres, the G20 - as a forum with the largest economies in the world - is the ideal place to think about effective practices that can serve as an example to the world with models of action. The State will have to put limits that already exist in physical life, and the great challenge is to be able to consolidate authority without this being understood as authoritarianism.
Nowadays, many people get their news from online newspapers or social media, buy clothes and goods from foreign websites, conduct banking transactions through apps, or talk to people in other countries via the Internet. The digital world has brought unimaginable conveniences for previous generations. On the other hand, just like in the physical world, where you have to be aware when walking down the street after a particular hour, the digital environment brings some dangers, such as avoiding financial scams.
Professor Danielle Ayres, from the Federal University of Santa Catarina (UFSC), has research experience in International Relations and International Security with an emphasis on Cybersecurity. She gave an exclusive interview on the G20 website on Cybersecurity.
According to the expert, a regulatory environment on the subject that promotes the safety of users of digital services and protects the most vulnerable, such as children and the elderly, is needed. Danielle speaks about the concept of cyber maturity, which is the ability of governments and organizations to prevent and respond to threats from the digital world, and the importance of forums such as the G20 to discuss solutions and the implementation of good practices worldwide. Check out the interview.
What does the concept of Cyber Maturity mean? What we need to achieve with this, both in Brasil and globally?
We use the term Cyber Maturity because, through various global indices, specific criteria are established to achieve some level of protection, facilitation, and security for the user within digital resources. In addition to the resilience of the State when it comes to attacks or problems.
The safer the citizens' use of technologies is, the more mature the protection system under which the State works will be. Thus, the more significant and more sustainable the framework for producing standards, rules, strategies, and policies, the more mature our understanding of the country's technological security will be.
The G20 is a multilateral forum with the world's largest economies, and connectivity is not restricted to borders. Therefore, how is an international cooperation agreement possible in this context?
Multilateral forums like the G20 are ideal spaces for discussing how to build cybersecurity maturity or improve a digital economy ecosystem. If you think about the way we use digital technologies, for example, you can access a website outside Brasil and make a purchase. So, there is no idea that this ecosystem is protected unilaterally because it is a multidimensional and cooperative system. That is why a forum like the G20, with the largest economies in the world, is the ideal place to think about effective practices that can be materialized and serve as an example to the world with effective models of action.
For example, Brasil is one of the best models for creating rules, norms, laws, and legal and normative documents to legislate in the cyber area. When you have this capacity and are in a multilateral forum, it is possible to exchange experiences, explain how the processes are created, and create an understanding of the step-by-step process for building these dynamics. This can be applied in other countries and become an international standard, especially for those not in the G20. And then you extend it to other international forums.
The G20's Experience in Brasil and India effectively demonstrates the construction of a model that is not centered on the world's traditional sources of power and wealth. People from the Global South have effectively other needs and propose other answers. Maybe that's what the world needs in terms of answers because many times, when answers come from the great powers downwards, almost in an imposed way, they don't meet our needs.
Are there practices from other countries that we can use as a guide or beacon?
Today what we need the most is to concentrate the regulatory and promotion efforts of public policies in this area in the hands of some entities. In 2023, we created the National Cybersecurity Policy and we have also discussed creating a national cybersecurity agency like Anatel. This agency could have a regulatory role and also a sort of inspection capacity.
Other countries, such as Australia, the United Kingdom, and Italy, have this, and it works very well. We realize that by creating these agencies, it is possible to improve the dynamics by which cybersecurity maturity is consolidated. I believe one of the major examples that Brasil's National Cybersecurity Policy was based on came from the United Kingdom and Italy.
Therefore, I think this would be the next step in effectively consolidating this maturity and promoting a more poignant and safer digital economy.
When discussing safety, we're talking about many things, isn't it? From financial inclusion, public services to fake news, right?
Let's think about two significant areas: public safety or cybersecurity and national defense. Public security is maintaining the ability to guarantee cybersecurity in the daily lives of citizens, private companies, and the State itself. We're thinking about how to prevent cybercrime. But also to train people to understand how to use digital resources, identify the most vulnerable groups, and take a different look at them. These are groups composed of children and older people, for example. Children cannot understand the notion of danger. However, the elderly grew up in the analog world but live in the digital world, and the percentage of them who use social networks is not small. Therefore, it is necessary to inform these groups because they can be the target of fake news and scams. Citizens need to be aware that using this resource can expose them to some type of integrity violation, primarily economic.
The pandemic pushed us to use digital technologies without prior training, and we had to race against time. However, one of the big problems is that the speed at which the state bureaucracy creates public policies to train people is much lower than that of the digital phenomenon.
Where is the Threshold? Where can we feel safe without feeling mainly in the companies' hands?
The problem is that when we think about the digital issue, it is in our subconscious as something without limits where everything can be done. Then, it will be very complex for the State to be able to act with authority without becoming authoritarian at some point. We may think that when you restrict an Instagram post for fake news, you can talk about a limitation of freedom, but in Law, no freedom is absolute. In this case, the State will have to impose a limit that already exists in physical life, but as we have another perception of digital, we think it is a violation. This is the great challenge of the State-consolidating its authority without this being understood as authoritarianism.
Therefore, the State has a decisive legislative role for citizens and companies, especially big techs, to avoid threats to citizens. However, citizens will also need to protect themselves or try to learn how to do it. It's challenging, but I think that would be the way.
