Every day we almost helplessly witness too many cases of cyberattacks. It is not a local problem, although I recognize that more recently and due to the lack of preparation of companies and entities, Portugal is a little more exposed to this phenomenon. But the reality of the challenge is global and between the jostling of responsibilities from the rulers to the military and from the military to the rulers, the picture is improving and a few steps have finally been taken. In fact, the problem here lies in this brief introduction that I made of it and which I am now clarifying, in the light of my experience and my opinion.
Before entering into the conversation, I must say that I am very impartial on the subject because it is my job. I am not one to pull strings, but I believe that in order to expose what I write here, it is necessary that you get to know me in this important chapter, because tired of the opinions the world is full of everything and nothing else. In fact, and if you will allow me, I believe that it would always be useful for each high position to be filled by a person who is eminent in his field and not in the political field, unless that person is the eminent academic or professional and that happens to be that area. Ask yourself, the reader right now, what does this have to do with this? I will be there and you will certainly agree with me.
Returning to the introductory point and returning to the previous paragraph, there is an alarming slowness in the preparation of European nations on the subject of cybersecurity. Although our country is attractive in the eyes of attackers, whether they are very advanced or just beginners, we are not alone in this lake and there are certainly nations further back than us and others ahead. Now, not everyone is in Europe or those who are, not everyone has our spotlight on the international stage. Not all of them have a military base in the middle of the world, not all of them have recently had a President of the European Commission, not all of them have a Secretary General of the United Nations and certainly not all of them have the good diplomatic corps like ours or the privileged relations with Africa like us. This means that, although we are a small country, we are in the crosshairs of our competitors in terms of domestic games as well as hackers around the world who just want to “make a quick buck”, i.e. say make money. I say this as an analyst in the world of computer security with a career of 20 years, graduate, master and doctor precisely in this field. Of course, it must be said that my reasoning above and my resume would never get me into politics, even if my life depended on it. I thought it was important to have this clarification as a guarantee that my opinion formed comes from living and breathing the subject matter while awake and not with facts of personal interest. It is precisely because I am very well informed and trained, because I teach the subject in several higher education establishments in the most varied sectors of computer security, I have master’s and doctoral students who are smarter than me and teach me new things every day, qualify me to give informed, unplugged advice, and say what I’m going to say next.
Just a few weeks ago, CNN Portugal was once again a pioneer in its work. Indeed, this has been the case since the metamorphosis that created it and the fact that it has surrounded itself with individuals who ensure the public service of impartial and quality information, but above all, because they have a proven track record in their fields, either with academic or life experience. But as that is not enough, they are also people chosen for their long professional experience where they apply what they preach. CNN has followed and reported very comprehensively on the cybersecurity landscape in Portugal, almost always alone, but critically and clearly as it does. Whenever there is a problem or a novelty that does not appear anywhere else or that appears so quickly, CNN delves into the subject with each attack that appears and the proof is that the most famous hackers in the world, like the one who brought down the group Lapsus, to give very in-depth and informative interviews.
In the wake of this reality, there are real professionals and experts in fact and not in law around CNN, which makes the material they publish very accurate. One of these questions was the request ignored by all specialists of the most varied arcs of computer security, the request of a task force. Some laughed, some criticized and some agreed, but no one echoed this need as it is an inconvenient reality, but not in Australia. In the world around us, reality is as dark as here, but some are more prepared than others and those who are not create the conditions to be, that is, to be and to be very quickly . As I wrote at the beginning, our country tends not to address issues until the conditions are created for such a task, and in the meantime there is widespread silence or criticism, and this has become a increasingly present reality in most of the challenges we face as a nation. The problem is the speed of the problem called cyber insecurity, and as I said, Australia has already made great strides starting with the Minister for Cybersecurity.
In this distant country, we have already realized that the problem moves much faster than the solution, that there are a lot of commercial interests in the noise and that this does not always concern the strategy or its absence in the lands south of your Majesty. We have already realized that the conditions had to be created so that a solution to IT insecurity could really be built. It may be a pioneer in the creation or elevation of this interest to a ministry, but it is certainly not new because in China for some time now a Task Force has created for the government a computer security policy which obliges all companies to put in place, and yes, there are tens of millions of companies and all without exception have been applying it, since 2016, revised in 2022.
There is no shame in admitting that we have work to do. It is normal to admit in this chapter that we are behind; it will not drive away potential investments in the country and do you know why? Because everyone is late or rather, everyone needs to work on this, a lot. There is no problem in admitting that in Portugal there is no problem-focused strategy and that many forces are pulling to their side. Before they shoot to the point of breaking the curtain, you really have to create an overall strategy that applies end to end, no matter what. The alternative is much worse because each day the challenge is greater and each day a “virus” appears more aggressive than the previous one. Each day a group appears more destructive than the previous one. Every day, another door seems to close next to those that our companies and entities have already opened. Therefore, create the Task Force, choose a working group filled with people who really know the subject. That the most eminent professors (except me), companies and international consortia be chosen to write a charter of principles. That a strategy be created before calling on legislators to write the laws, but above all that something big and nuclear be done, otherwise we will go deeper into our problem. Let this group not be limited or involved in laws, on the contrary, let them work and then adjust the laws.
As ridiculous as what I say above sounds to you and as absurd as the title of this review “The Ministry of Cybersecurity” sounds to you, I remember Australia already has her, her name is Clare O ‘Neil and she’s home secretary and cybersecurity, so a task force isn’t that far-fetched.