Cyber-attack suffered by the Ministry of Health hints at what lies ahead in 2022

Ronaldo Lemos´s weekly column

published in

14 de December de 2021


{{ its_tabs[single_menu_active] }}


Cyberattacks have become a political weapon to undermine trust in public institutions

The digital attack suffered by Brazil’s Ministry of Health is a glimpse of the “new normal” that may enter the picture in 2022. The layers and consequences that this incident allows us to address are numerous.

First of all, the attack, regardless of its nature, resulted in the paralysis of essential ministry services, including but not limited to access to vaccine certificates. Even the calculation of the number of cases and deaths caused by COVID-19 has been impacted.

Besides, the lack of transparency about what happened calls attention. Under the allegation of not harming the investigations, the agency allowed an information war to be waged around the incident. This, in turn, has resulted in mistrust, conflicting narratives, and doubts regarding the ministry’s ability to manage technology.

But one thing is for sure. The attack seals a trend that had been going on for some time and has grown stronger and stronger. A strategic shift is underway. Cyberattacks have become a political weapon and have been incorporated into the protocol of various groups, especially those who benefit from strategies to spread fear, doubt, and uncertainty.

Since the use of disinformation campaigns via the internet has lost effectiveness due to the actions enforced by the online platforms and the Supreme Court of Brazil, attacks have been retargeted at government structures as a device to generate social repercussions.

This backlash can then be instrumentalized to advance political ends and undermine people’s confidence in public institutions themselves.

This course of action was applied to the most recent voting cycle, in 2020, when the Superior Electoral Court (TSE) was attacked on election day. Although the attack did not produce any grave consequences nor did it even come close to harming the electronic voting system, the incident was politically instrumentalized. In 2022, similar actions are expected to be perpetrated once again.

One of the reasons is that cybersecurity in Brazil has been adrift for a while. This makes the technological infrastructure of the public sector an easy target for attacks of all kinds, even when they are minor setbacks such as service interruption, DNS manipulation, or even ransomware attacks.

Since 2019, the country’s institutional cybersecurity framework has been redesigned, starting with the creation of the National Information Security Policy, which is a positive thing. Interestingly, the very Ministry of Health has a seat on the Brazilian Internet Steering Committee. However, the changes and the new institutional model have failed since they could not prevent an attack on one of the country’s most critical technological resources.

This shows that the model needs to be improved. The cybersecurity policy currently in force is almost entirely in the hands of the Executive branch. To be effective, however, a multi-sectoral approach must be adopted, counting on the effective participation of the country’s scientific community, the private sector, civil society, as well as the judiciary and legislative branches. This issue is too important to be neglected and, above all, has repercussions on national security. Therefore, an institutional failure of this magnitude cannot be tolerated.

Given this scenario, we can expect that this new mobilization strategy based on attacks on public infrastructure will be repeated in 2022. The only positive aspect is that by knowing it, we can prepare ourselves to tackle the problem, even institutionally.


What’s out Badmouthing one’s political opponent directly

What’s in Launching coordinated disinformation attacks against opponents

What’s next Launching cyber-attacks against opponents and institutions of interest

{{ pessoas.pessoaActive.title }}