At the time of writing these lines, it is not yet known who was behind the biggest cyberattack ever made against Portugal: the attack on the communications infrastructure of one of the largest national operators: Vodafone. The attack began on February 7 at around 210 and, according to the operation, you “abruptly” attacked “almost all” of your telecommunications services through a very targeted attack on the operator’s networks because you will have a large botnet and with the majority of equipment (according to cloudfare) in the US and Singapore but, as happens in this type of attack, the operation was not commanded from here but from a third country.

Vodafone activated its contingency plan and began to recover services one by one. The attack was just the latest in a series that has not yet ended and that should put all companies, organizations and national citizens on guard. Vodafone was, in fact, just the latest in a series of attacks that began on January 2 with an attack on Impresa and that destroyed – by encrypting – the Expresso and SIC websites and deleted the backups that this company had on the Amazon Cloud. and which was followed by attacks – of varying success and duration, on the Assembly of the Republic, Correio da Manhã, Sábado, Visão, Caras, TAP and, more recently, on the Germano de Souza laboratories. Apparently, it was not the same organization that was part of this wave of attacks and they differ in method, nor in objectives: some were classic ransomware objectives with financial and others aimed at affecting the communication networks essential to the normal functioning of the country. As these data on economies, attacks were from the 1930s and 1940s, it would be the destruction of bridges, roads or telephone networks by aerial bombing or sabotage by fifth letters but now – the degree of digitization of the equivalent and the trivialization of these news and information consequences – we are not paying attention to the problem. Basically Portugal is at war against an unknown agent or agents and we are not doing enough to defend ourselves… And we need to!

Two days after Vodafone, it was the turn of the mobile network of the Spanish operator Movistar. These attacks, and in particular the attack on Dafone Portugal and Movistar, can be inserted in a broader geopolitical context, where Portugal is still being used as a “test” of a large-scale operation against the management of more essentials, such as a of services still main dams, power grid, a parallel attack on all communications and internet operators and on internal security and defense systems. The attack on Vodafone could be like this or a test of Vodafone’s defense (which has not yet been) it could be like that or a test of defence, reaction and mitigation or a demonstration of capability that aims to intimidate those who, in NATO countries, believe that must help force or force new expressions against any aggression in Eastern Europe.

What happened to Impresa (with the loss of online data and the history of SIC and Expresso), to Cofina (Correio da Manhã, Saturday) and, more recently to Vodafone (with impacts on firefighters, INEM, the ATM network, hospitals and More than 4 million individual and business customers) must lead the government of the Republic and establish a major cybersecurity initiative:

1. All Government bodies, Ministries and Local Authorities begin or complete a transition to a secure cloud structure with a “Zero Trust” architecture with mandatory multi-factor authentication (MFA) systems and strong implementation. And that the government set a specific deadline to complete this transition.

2. Improvement of computer security in the “Software Supply Chain” by determining common security rules for all software sold to the Government and Local Authorities and that this launch as the basis for a partnership initiative initiative that guarantees the development of secure software from large central state programs.

3. The creation of a security seal that allows the “energy star” to develop to the “energy star” and the general public that software developed in a safe way and that allows the government, using its immense power to develop for here, force manufacturers to here their entire market, software more secure and without vulnerabilities.

4. Be “Cybersecurity Review Cabinet Security and Review Sector Cybersecurity Review Office where the secure sector changed the private sector significant, after a security incident” cybersecurity components that failed. This will ensure that all organizations can benefit from resolving the failures of some.

5. Create a “Book of Rules” from a text still incomplete and already available at the National Cybersecurity Center for response to Cyber ​​Incidents that must be attended by government authorities and local authorities – regardless of their digital maturity – and that organizations require a minimum standard of response among all organizations that can later be followed by private sector organizations.