At the conclusion of today’s meeting, the official stated that the regime, which has already passed through parliament, aims to protect public and private organizations from cyberattacks, emphasizing that this is not merely a “digital problem” and could have severe impacts, such as the paralysis of air transportation, hospitals, and other services.
This regime, he explained, “requires public and private organizations to adopt measures to reduce their vulnerabilities” and implement “a set of responses” in case such attacks materialize.
According to the minister, “these measures are not the same for everyone,” considering that “not all organizations, infrastructures, and services are of the same size” and the same “level of vulnerability and criticality for our collective life.”
Therefore, a “balanced and proportional” regime was chosen, meaning that “if organizations are larger, they must adopt stricter protection measures and more significant recovery measures.”
Leitão Amaro also mentioned that the national cybersecurity authority (the National Cybersecurity Center) is empowered to “supervise,” highlighting that the regime sought to avoid “excessive contextual costs.”
Within this framework, the minister further explained that a solution involving “private cybersecurity certificates” issued by duly accredited institutions has been created for companies to ease the processes.
Leitão Amaro also underlined the creation of the ‘ethical hacking’ figure, allowing for the decriminalization, under certain conditions, of “activities where people seek to identify vulnerabilities in others’ systems,” which are then reported without personal gain.
The minister believes that the new regime “will come into force quickly.”
