Skip to main content

CyberBRICS: A Multidimensional Approach to Cybersecurity for the BRICS


This book stems from the CyberBRICS project, which is the first initiative to develop a comparative analysis of the digital policies developed by BRICS (Brazil, Russia, India, China and South Africa) countries. BRICS have been chosen as a focus not only because their digital policies are affecting more than 40% of the global population – i.e. roughly 3.2 billion individuals living in such countries – but also all the individuals and businesses willing to use technologies developed in the BRICS or trading digital goods and services with these countries.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   139.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. 1.

    The author thanks wholeheartedly the entire CyberBRICS team for their excellent work. The author would like to especially acknowledge the very useful feedback received from Dr. Min Jiang and Mr. Walter Britto as well as the tremendous editorial work of Mr. Luã Fergus, Ms. Laila Lorenzon, Ms. Carolina Telles and, once again, Mr. Walter Britto. The author expresses sincere gratitude for their friendship, feedback and very constructive comments, all along the development of the CyberBRICS project, to Dr. Ivar Hartmann, Ms. Hannah Draper, Dr. Ian Brown, Dr. Alison Gillwald, Dr. Marcelo Thompson, Ms. Elonnai Hickok, Mr. Sunil Abraham, Dr. Enrico Calandro, Ms. Anri van der Spuy, Dr. Alexey Ivanov, Dr. Shen Yi, Mr. Sergio Suchodolski, Mr. Sizwe Snail, Dr. Nicolo Zingales, Dr. Danilo Doneda and Mr. Bruno Ramos. The CyberBRICS project is an incredible collective effort, hosted by Fundação Getulio Vargas (FGV) Law School and developed in partnership with the Higher School of Economics, in Moscow, Russia; the Centre for Internet and Society, New Delhi, India; the Fudan University, Shanghai, China; and the University of Cape Town, Cape Town, South Africa. For further information, see <>.

  2. 2.

    See <>.

  3. 3.

    The phrase was coined by the British mathematician Clive Humby, in 2006, and was subsequently made popular by the World Economic Forum 2011 report on personal data. See WEF (2011).

  4. 4.

    See Kuneva (2009).

  5. 5.

    See The Economist (2017).

  6. 6.

    The term Internet user is utilised in this in its double nature of prosumer, i.e. both producer and consumer of digital products and services. See Belli (2017:98).

  7. 7.

    This concept has gained particular relevance at the South African level, as highlighted by Sagwadi Mabunda’s analysis in Chap. 10 of this volume. See also Department of Telecommunications and Postal Services, South Africa (2017).

  8. 8.

    See, for instance, Vaidya (2015); Department of Telecommunications and Postal Services, South Africa (2017); Gemalto (2018).

  9. 9.

    See O’Neill (2001).

  10. 10.

    The inclusion of South Africa in the group can be largely explained by the existence of the India-Brazil-South Africa Dialogue Forum or IBSA Trilateral, established in June 2003, as a mechanism for permanent coordination between the countries. The creation of IBSA signalled the strong political will to establish a long-standing partnership, collaborating to “the construction of a new international architecture; bring their voice together on global issues; deepen their ties in various areas”. See <>.

  11. 11.

    See Stuenkel (2016).

  12. 12.

    See Brazilian Presidency of the BRICS (2019).

  13. 13.

    See BRICS (14 August 2019).

  14. 14.

    For an analysis of such documents and their impact, see Kiselev and Nechaeva (2018).

  15. 15.

    The BRICS Memorandum of Understanding on Cooperation in Science, Technology and Innovation was approved at the second BRICS Science, Technology and Innovation Ministerial Meeting, held in Brasília, on 18 March 2015. See BRICS (18 March 2015).

  16. 16.

    See BRICS Working Group on ICT Cooperation (11 November 2016).

  17. 17.

    See BRICS (2018).

  18. 18.

    See BRICS STIEP WG (May 2019).

  19. 19.

    See Itamaraty (27 June 2019).

  20. 20.


  21. 21.

    See BRICS (2017).

  22. 22.

    See BRICS (October 2019).

  23. 23.

    See BRICS (September 2019).

  24. 24.

    Three BRICS countries, i.e. China, India and Brazil, are the most populated countries of the regions where Internet growth is expected to be the most relevant. See Cisco (2017).

  25. 25.

    See BRICS STIEP WG (May 2019).

  26. 26.

    See Kunming (11 September 2019).

  27. 27.

    The first Institute has been established in Shenzhen, China, in August 2019. See XinhuaNet (2019).

  28. 28.

    See, for instance, Banga and Jeet Singh (2019); BRICS Competition Centre (2019).

  29. 29.

    See Belli (2016:347–358).

  30. 30.

    See paragraph 69 of the Tunis Agenda for the Information Society (18 November 2005). WSIS-05/TUNIS/DOC/6(Rev. 1)-E. <>.

  31. 31.

    I thank my friend Henrique Paiva for sharing this metaphor during his presentation at the CyberBRICS event on 5G and New Digital Infrastructures in the BRICS, held at FGV Law School on 30 August 2019. See <>.

  32. 32.

    Formal agreement on the necessity to adopt a multistakeholder model to properly address cybersecurity has already emerged since the World Summit on the Information Society, culminating in the adoption of the Tunis Agenda, whose paragraph 39 states that UN members “reaffirm the necessity to further promote, develop and implement in cooperation with all stakeholders a global culture of cybersecurity, as outlined in UNGA Resolution 57/239 and other relevant regional frameworks”. See Tunis Agenda for the Information Society (18 November 2005). WSIS-05/TUNIS/DOC/6(Rev. 1)-E. <>.

  33. 33.

    UNGA (2018:4).

  34. 34.

    According to the cybersecurity analysis firm Gemalto, during the first 6 months of 2018, “almost 1 billion records were compromised” only considering the breach incident of Indian digital identify programme Aadhaar, including the leak of Indian citizen names, addresses and a wide range of other personally identified information. See, for instance, Gemalto (2018).

  35. 35.

    Article 33 of the General Data Protection Regulation that entered in force in the European Union in May 2018 determines that personal data breach incidents must be notified to the supervisory authority “without undue delay and, where feasible, not later than 72 hours after having become aware of it”. This norm, by itself, is at the origin of a much greater awareness of the number of breaches occurring on a daily basis. This provision has also directly inspired the drafters of the Brazilian General Data Protection Legislation that, in its Article 48 foresees – in a less constringent tone than the EU Regulation – that “data breach notifications must occur within a reasonable time, to be defined by the national authority”.

  36. 36.

    See, for instance, Ewing (2016); Kolomychenko (2018).

  37. 37.

    See, for instance, the reasoning of the Court of Justice of the European Union declaring that the EU Commission’s US Safe Harbour Decision is invalid, stressing that “the law and practice of the United States do not offer sufficient protection against surveillance by the public authorities of the data transferred to that country”. Case C-362/14. Maximillian Schrems v Data Protection Commissioner. Press Release No 117/15. <>.

  38. 38.

    See, for instance, Sevastopulo and Bond (2019).

  39. 39.

    Since the World Summit on the Information Society, cybersecurity has been considered as an overarching concept encompassing a wide range of items and practices, including information sharing of national and regional approaches, good practices and guidelines; development of warning and incident response capabilities; establishment of suitable technical standards and industry solutions; harmonisation of national legal approaches and establishment of international legal coordination; definition of sound privacy, data and consumer protection systems; and promotion of cybersecurity capacity building. See ITU (2005).

  40. 40.

    For a recent and well-structure overview, see Fichtner (2018), discussing four approaches to cybersecurity, based on data protection, safeguards of financial interests, protection of public and political infrastructures and control of information and communication flows. For an analysis of different conceptualisations of cybersecurity, see also Wolff (2016).

  41. 41.

    See ITU-T (2009).

  42. 42.

    The authors acknowledge that telecoms regulation and capacity building programmes are also two further dimensions that need to be explored, to have a complete picture of cybersecurity policy frameworks. However, these dimensions are not analysed in this volume, as they will be explored within the 2020–2021 CyberBRICS workflow, dedicated to Internet access policies and the digitalisation of public administrations in the BRICS.

  43. 43.

    As an instance, in June 2019, the United States were reportedly “stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively”. According to the New York Times, “current and former [US] government officials described the previously unreported deployment of American computer code inside Russia’s grid” by the United States Cyber Command, the arm of the Pentagon that runs the military’s offensive and defensive operations in the online world. See Sanger and Perlroth (2019).

  44. 44.

    As an instance, BRICS countries jointly agreed during the Ninth BRICS Summit, in 2017, to jointly advocate for data protection and, after the 2017 Xiamen Declaration, all BRICS adopted or updated their data protection regimes.

  45. 45.

    See BRICS (2017).

  46. 46.

    In China, significant government-led and policy-promoted investments in infrastructure are commonly acknowledged amongst the main driving forces that propelled the remarkable Internet growth undertaken by the country. See, for example, Boston Consulting Group (2017). A deeper analysis into the BRICS frameworks related to Internet access will be undertaken by the CyberBRICS project starting from 2020.

  47. 47.

    The expansion of connectivity as well as the advancement of the IoT can trigger an ample range of benefits, spanning from increased access to education, information and knowledge to gains in productivity, improved citizen participation, but also smoother transportations, more reliable electricity and cleaner environments. See, for example, World Bank (2016) and ITU (2016).

  48. 48.

    These BRICS countries are respectively first, second, fourth and fifth nation with most smartphone users in the world. See Statista (2019).

  49. 49.

    See Tunis Agenda, paragraph 39.

  50. 50.

    This definition was originally proposed by the National Institute of Standards and Technology. See NIST (2003).

  51. 51.

    See Sect. 2.1 of the Brazilian Country Report, in Chap. 2.

  52. 52.

    See Sect. 3.1 of the Russian Country Report, in Chap. 3.

  53. 53.

    See Sect. 4.1 of the Indian Country Report, in Chap. 4.

  54. 54.

    See Sect. 5.1 of the Chinese Country Report, in Chap. 5.

  55. 55.

    See Sect. 6.1 of the South African Country Report, in Chap. 6.

  56. 56.

    See Min Jiang’s analysis in Chap. 8.

  57. 57.

    See European Union Chamber of Commerce in China (2019).

  58. 58.

    This alternative regulatory technique will be the object of a future study.

  59. 59.

    This phenomenon is particularly evident as regards terms of service of digital platforms. See Belli and Venturini (2016).

  60. 60.

    In the BRICS context, this approach has been very vocally reasserted by the Supreme Court of India, in 2017, with the adoption of its landmark Puttaswamy Judgement, stating that “the Right to Privacy is an integral part of Right to Life and Personal Liberty guaranteed in Article 21 of the Constitution”. See WP (C) 494 of 2012, Justice K.S. Puttaswamy (Retd) vs Union Of India.

  61. 61.

    See UNCTAD (2016).

  62. 62.

    See, for example, Gemalto (2018).

  63. 63.

    In this sense, see Min Jiang’s analysis in Chap. 8.

  64. 64.

    See Bond (2019).

  65. 65.

    See <>.

  66. 66.

    See Andrey Shcherbovich’s analysis in Chap. 4.

  67. 67.

    See Belli (2019).

  68. 68.

    According to the consultancy Statista, the “total installed base of Internet of Things (IoT) connected devices is projected to amount to 75.44 billion worldwide by 2025, a fivefold increase in ten years”. See <>.

  69. 69.

    See Mosenia and Jha (2016).

  70. 70.

    Marzano et al. (2018).

  71. 71.

    See Antonakakis et al. (2017).

  72. 72.

    See Pankov (2019).

  73. 73.

    See UNGA Resolution: Creation of a global culture of cybersecurity and taking stock of national efforts to protect critical information infrastructure, A/RES/64/211.

  74. 74.

    See ITU (2014).

  75. 75.

    For an analysis of benefits as well as inconveniences determined by multistakeholder governance and models, see Belli (2015, 2016).

  76. 76.

    Particularly, the Tunis Agenda, in its paragraph 40, affirms “the necessity of effective and efficient tools and actions, at national and international levels, to promote international cooperation among, inter alia, law-enforcement agencies on cybercrime [and] call[s] upon governments in cooperation with other stakeholders to develop necessary legislation for the investigation and prosecution of cybercrime”.

  77. 77.

    This situation has led Russia to enact “Internet Sovereignty” legislation, to reterritorialise digital environment, as illustrated by Andrey Shcherbovich analysis. See Chap. 3 and the annexed Russian country report.

  78. 78.

    Cybercrime and cyberattacks are considered as transnational security issues to be maintained as “main areas of cooperation” for BRICS countries. See <>.

  79. 79.

    See World Bank (2017:66).

  80. 80.

    See <>.

  81. 81.

    The Convention on Cybercrime of the Council of Europe (CETS No. 185) is the only binding international instrument specially dedicated to framing cybercrime issue. It serves as a guideline for any country developing comprehensive national legislation against cybercrime and as a framework for international cooperation between treaty signatories. Interestingly, South Africa is the only BRICS member to be a signatory of the Budapest Convention, while Russia, which is a Council of Europe member, is not a signatory. See <>.

  82. 82.

    See UNODC (2013).

  83. 83.

    See the “Cybercrime” section of the Chinese Country Report, annexed to Chap. 5.

  84. 84.

    See Chap. 2 of this volume.

  85. 85.

    See the “Cybercrime” section of the Russian Country Report, in Chap. 3.

  86. 86.

    See Sagwadi Mabunda’s analysis in Chap. 6 and the “Cybercrime” section of the annexed South African Country Report.

  87. 87.

    See Anja Kovacs’ analysis in Chap. 4 and the “Cybercrime” section of the annexed Indian Country Report.

  88. 88.

    See, for example, ICCPR (1966) art. 12, 19, 21 and 22. Importantly, the degree of “necessity” is generally evaluated considering the legitimacy of the goal established by law and the proportionality of the measures. In this perspective, the UN Human Rights Council has consistently stated that “Restrictive measures must conform to the principle of proportionality; they must be appropriate to achieve their protective function; they must be the least intrusive instruments amongst those, which might achieve the desired result; and they must be proportionate to the interest to be protected”. See, for example, UNHRC General Comments No. 27/1999 and No. 34/2004.

  89. 89.

    See Belli and Sappa (2017).

  90. 90.

    See Belli, Francisco and Zingales (2017).

  91. 91.


  92. 92.

    See Min Jiang’s analysis in Chap. 5 as well as the Chinese Country Report.

  93. 93.

    See Daniel Oppermann’s analysis in Chap. 2 of this volume.

  94. 94.

    See Canongia and Mandarino (2012).

  95. 95.

    See Dewar (2018).

  96. 96.

    The Military Doctrine of the Russian Federation and the Russian Doctrine of Information Security are particularly relevant in this regard, as pointed out by Andrey Shcherbovich’s analysis in Chap. 4.

  97. 97.

    See Bridi and Greenwald (2013).

  98. 98.

    See O Globo (2015).

  99. 99.

    See the Russian enactment of the “Internet Sovereignty” law, as highlighted by Andrey Shcherbovich’s analysis in Chap. 4.

  100. 100.

    In this perspective, see Drake, Cerf and Kleinwächter (2016).

  101. 101.

    See BRICS (9 July 2015).

  102. 102.

    See BRICS (16 October 2016).

  103. 103.

    See BRICS (9 July 2015).

  104. 104.

    See BRICS (September 2019).

  105. 105.


  106. 106.

    See BRICS (2017).

  107. 107.

    In this sense, see Ziero (2015).

  108. 108.

    The various facets of the BRICS digital policies will be analysed in the forthcoming works of the CyberBRICS project.


Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Luca Belli .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Belli, L. (2021). CyberBRICS: A Multidimensional Approach to Cybersecurity for the BRICS. In: Belli, L. (eds) CyberBRICS. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-56404-9

  • Online ISBN: 978-3-030-56405-6

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)