Hacking the State: Progress, Criticism, and What the Federal Cybersecurity Agency Is Saying About the National Strategy

A report comparing different cybersecurity policies in Latin America highlights that in Argentina, "strategies are well-defined, but face challenges in their implementation due to a lack of technical and human resources ." Furthermore, there are concerns regarding a presidential decree introduced last month that gives more power to the Federal Cybersecurity Agency (AFC) , an entity created within the jurisdiction of the State Intelligence Secretariat (SIDE) in July 2024.

The report, published by the non-governmental organization Derechos Digitales , reviews chronologically the cybersecurity public policies adopted in Latin America. One of the most significant steps was taken by Chile in March 2024 with the enactment of the Framework Law on Cybersecurity and Critical Information Infrastructure.

The analysis of the Argentine case revolves around the so-called Second Cybersecurity Strategy , approved in September 2023. "The change recently introduced by Decree 274/2025, which modifies cyber governance following the creation of the AFC, generates uncertainty about the continuity of the rights-based approach in the implementation of the strategy by this entity," Juan Carlos Lara, co-executive director of the NGO and author of the study, told Clarín .

"While the content of the strategy represents a normative and discursive advance, significant doubts remain about its practical implementation. Furthermore, we share the concerns expressed by Argentine organizations following the creation of the AFC, especially regarding its oversight powers ," he added.

Information security and hacking are no minor issue in Argentina. In line with the global rise in cyberattacks and the professionalization of groups operating within the infrastructure of criminal organizations, it's enough to look back at some hacks in recent years: the National Directorate of Migration , the National Senate , PAMI ( National Institute of Statistics and Censuses), and the National Securities Commission ( CNS) were victims of various variants of ransomware , a malware that encrypts information to make it inaccessible and demands a ransom in return.

Last year , the entire Renaper database was leaked , exposing data on millions of Argentines, as well as driver's license photos that ended up for sale on a Telegram channel, to mention just two cases of media impact.

Beyond the AFC, Argentina already had two entities that are part of the structure that protects the State's digital assets: CERT.ar , which is the incident response and vulnerability monitoring team, and the National Cybersecurity Directorate ( DNC ), which coordinates and designs the cybersecurity strategy for the entire territory.

"We understand that much remains to be done. That we need to invest resources to improve the resilience of the State's critical infrastructure and enhance the cybersecurity that affects the country as a whole," officials from the Federal Cybersecurity Agency told Clarín .

“On the other hand, CERT.ar was not responding to incidents (they learned of very few relevant events, rarely assisted with recovery, and did not investigate); the Cybersecurity Committee did not meet in 2024—and rarely before—and there was a lack of investment , which resulted in no mapping of critical infrastructure and no national awareness-raising activities,” they continued.

The Digital Rights report's statement about the lack of "technical and human resources" is confirmed by the Agency. "Unfortunately, last year we started with a budget that was practically zero. The previous government had reduced SIDE's budget from its historical value to 25-30%, and that didn't even consider the new cybersecurity functions assigned to the AFC. We had less budget than a small bank to secure the country. We didn't buy firewalls or switches [devices to control and protect traffic] with such little money. This year it grew slightly, but it's still tiny compared to what a multinational, for example, spends," they concluded.

On April 16, this agency, a novelty for our country, gained greater influence, and this did not occur without criticism from the community. "Argentina has taken a step against the grain, or rather, out of time, by designating the SIDE's AFC (Association of the Secretary of State for Cybersecurity) as the governing body for cybersecurity prevention and security, and removing most of the functions from the national office of the Chief of Staff (Decree 274/2025)," Marcela Pallero, a specialist in cybersecurity regulation in the public sector, explained to this outlet.

Other sources in the state cybersecurity world assured this outlet that "at first, the decision to give the AFC more influence over the DNC was not well received ," because the AFC "copy[s] many functions" from the directorate. However, they also recognize the training within the agency: "The people working in the area, two people in particular, have a great deal of technical expertise," sources confirmed.

"It will be interesting to observe the results of the current experiment, considering that the secretive nature of the SIDE's operations is difficult to reconcile with the principles of digital trust promoted by international organizations such as the OECD and ECLAC, and the world at large, especially for urgent domestic issues of digital security," warns Pallero.

Cybersecurity in the state faces the same problems as public management in Argentina: insufficient or poorly spent budgets.

“I've dedicated the last 27 years to what is now called cybersecurity, 15 of which were in the state. There is a very capable technical team, but it lacks the necessary material, human, or political resources. Funds are allocated to licenses for 'black box' solutions that hold great promise but require certifications and time that state personnel cannot afford,” Arturo Busleiman, a cybersecurity specialist at Buanzo Consulting, told this outlet.

Others criticize the licensing process: "The money is there, but it's spent on proprietary solutions from friendly companies . Often, former executives from the same technology companies participate in the bidding process: Red Hat, IBM, Oracle, Microsoft, Fortinet, Cisco, and others," says a former contractor who worked for the state for 12 years and is now in the private sector.

In relation to Latin America, Argentina is a few steps behind , while the region is going through an embryonic period that has some pioneers: "While the European Union has been making steady progress in cybersecurity and personal data protection legislation, Latin America is still in the stage of establishing National Policies and Strategies from the executive branch, broadly speaking, except for Chile and El Salvador , which have had a national cybersecurity law very recently," says Pallero.

"We believe that regional cooperation in cybersecurity must advance not only in technical terms, but also in ensuring a rights-based approach. This implies capacity-sharing mechanisms and mutual assistance , but also common principles that guarantee the protection of privacy, freedom of expression, and digital inclusion," agrees Lara, from the NGO that produced the report.

Busleiman believes it's key to hire qualified professionals, in addition to creating a school: "We must professionalize the program, change how budgets are allocated , coordinate the three branches of government, recruit those who truly know what they're doing, and—above all—prioritize state policy over partisan logic," he says.

The creation of a cybersecurity governing body like the AFC is, for some in the community, a step forward. In this regard, Derechos Digitales highlights a positive aspect.

“At Derechos Digitales, we appreciate that Argentina's Second Strategy explicitly incorporates principles of human rights, inclusion, and a gender perspective, which positively distinguishes it within the regional landscape. Furthermore, it is valuable to have processes such as public consultation and participatory spaces, which seem to have favored a more open and inclusive approach, although there is always room for criticism regarding such participation,” says Lara.

The challenge seems to lie in the transparency of the AFC and its relationship with the other two existing entities, CERT.ar and DNC, with the question of whether cooperative work is possible or whether it will be a puzzle whose pieces are acronyms that don't fit together.

"Cybersecurity in Latin America: National Strategy in 2024" analyzes the public cybersecurity policies of Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Guatemala, Mexico, Nicaragua, Panama, Paraguay, and the Dominican Republic.

The full report can be read below, or at this link .