The question is not if we are attacked, but if we are ready
En un momento en que la vida cotidiana de los ciudadanos transcurre cada vez más en entornos digitales, el gobernador de Mendoza, Alfredo Cornejo, anunció ante expertos internacionales en ciberseguridad la presentación de una ley provincial que busca establecer, por primera vez, un marco legal claro para proteger infraestructuras críticas y datos personales. La iniciativa, gestada durante un año junto a especialistas técnicos, reconoce una verdad incómoda: Argentina ha operado sin reglas definidas en el espacio digital, dejando a instituciones y ciudadanos expuestos a amenazas que no esperan. Mendoza elige prepararse antes de que la crisis obligue a improvisar.
- Cada organización pública y privada recibe ciberataques de forma constante, y la pregunta ya no es si serán atacadas, sino si estarán preparadas para responder sin caer en el caos.
- La ausencia de legislación clara en Argentina ha dejado un vacío peligroso: hospitales, plantas de energía y sistemas de agua operan sin protocolos formales ante incidentes digitales.
- La proliferación de sitios web y aplicaciones gubernamentales ha creado un terreno fértil para el phishing, confundiendo a los ciudadanos y facilitando el fraude en su nombre.
- El proyecto de ley propone roles institucionales diferenciados —planificación, auditoría y respuesta técnica— para evitar que una misma entidad sea juez y parte de su propia seguridad.
- Mendoza trabaja en paralelo para unificar su presencia digital y reducir la superficie de engaño, buscando que los ciudadanos puedan confiar en un único punto de contacto con el Estado.
- La ley se presentará a la legislatura provincial tras el receso invernal y el Mundial, con una implementación por fases que incluirá al sector privado como socio, no como destinatario pasivo.
El gobernador Alfredo Cornejo eligió la White Hat Conference 2026, un encuentro internacional de investigadores digitales y especialistas en cibercrimen, para hacer público lo que su administración construyó en silencio durante casi un año: un proyecto de ley integral de ciberseguridad. La propuesta llegará a la legislatura provincial después de agosto, cuando los legisladores regresen del receso invernal y concluya el Mundial. Es, en esencia, un reconocimiento de que Mendoza —como toda Argentina— ha navegado el mundo digital sin marcos legales claros.
El corazón de la ley es ambicioso: identificar y proteger infraestructuras críticas como hospitales, plantas de energía y sistemas de agua. La ministra de Seguridad y Justicia, Mercedes Rus, lo explicó con un ejemplo directo: si los sistemas de un hospital son comprometidos, la institución necesita protocolos para seguir funcionando, proteger datos de pacientes y responder sin improvisación. La norma establece roles institucionales separados —uno planifica, otro audita, un tercero opera y responde— y parte de una premisa que Rus enunció sin rodeos: los ataques son constantes; la pregunta es si hay preparación.
El proyecto surgió de la colaboración entre el Ministerio de Seguridad y un comité de especialistas técnicos, tomando modelos internacionales ante la ausencia de legislación propia en Argentina. La ministra señaló además un problema secundario pero urgente: la multiplicación de sitios y aplicaciones gubernamentales genera confusión y abre la puerta al phishing. Por eso, en paralelo a la ley, Mendoza lleva un año trabajando para unificar su presencia digital y ofrecer a los ciudadanos un entorno confiable y reconocible.
La implementación será gradual. Primero, un diagnóstico de vulnerabilidades en el sector público y privado. Luego, coordinación entre organismos y con las empresas, a quienes el Estado necesita como socios con visibilidad real sobre lo que ocurre en sus sistemas. Cornejo posicionó a Mendoza como una provincia que actúa antes de que la crisis lo exija. La ley no será definitiva ni perfecta, pero su llegada marca un punto de inflexión: las amenazas digitales son constantes, y las instituciones que no se preparan terminan fallando a quienes deben proteger.
Governor Alfredo Cornejo stood before the White Hat Conference 2026, an international gathering of digital researchers and cybercrime prevention specialists, and announced what his administration has been quietly building for the better part of a year: a comprehensive cybersecurity law. The proposal will land in the provincial legislature sometime after August, once lawmakers return from winter recess and the World Cup concludes. It is an acknowledgment, finally made public, that Mendoza—like every jurisdiction in Argentina—has been operating without clear legal guardrails in the digital realm.
The law's architecture is ambitious. At its core sits a mandate to identify and protect critical infrastructure: power plants, energy facilities, hospitals, water systems—the physical and digital backbone that keeps a province functioning. Mercedes Rus, the minister of security and justice, explained the reasoning with a concrete example. If a hospital's systems are compromised or if a blackout occurs (as happened across Argentina two years ago), the institution needs protocols in place to keep operating, to safeguard patient data, to respond without chaos. The law creates a framework for that readiness. It establishes clear institutional roles: one team designs the cybersecurity plan, another audits it, a third handles the technical operations and immediate response when attacks happen. Rus was blunt about the current state: every organization receives cyberattacks constantly. The question is not whether they will be targeted, but whether they are prepared.
The bill emerged from collaboration between the Ministry of Security and a committee of technical specialists, drawing on international models because, as Rus acknowledged, Argentina simply lacks established cybersecurity law. The government's approach reflects a recognition that the threat landscape has shifted. Citizens have digitized their lives—education, work, banking, health records—and in doing so have handed their most sensitive information to state systems and private platforms. This creates vulnerability at scale. The minister described a secondary problem: governments have proliferated websites and applications, forcing people to navigate multiple platforms. Confusion breeds opportunity for phishing attacks and fraudulent pages.
To address this, Mendoza has spent the past year working across all ministries and the Office of Informatics to consolidate how government communicates with the public. The goal is to reduce the surface area for deception, to create a unified digital presence that citizens can trust. The cybersecurity law, then, is not just about defending against external attackers. It is about protecting what Rus called the citizen's digital identity—the constellation of personal, financial, and health data that now lives in government systems and must be managed with care.
The implementation will roll out in phases. First comes the diagnostic work: understanding where vulnerabilities exist, what the private sector is facing, whether businesses are under active attack. Then comes coordination—harmonizing rules across agencies, establishing protocols, bringing private industry into the conversation as a partner rather than an afterthought. Rus framed this as essential: the state cannot protect digital infrastructure alone. It needs visibility into what is happening in the private sector, and the private sector needs clarity about what the government expects.
Cornejo's announcement at the conference was strategic. He positioned Mendoza as a province preparing itself, taking cybersecurity seriously at a moment when most Argentine jurisdictions have not. The law will not be perfect. It will likely evolve. But its arrival signals that the province recognizes a basic truth: digital threats are not hypothetical. They are constant. And the institutions that fail to prepare for them will fail their citizens.
Citações Notáveis
We want a Mendoza prepared to protect its citizens, also in the digital realm— Governor Alfredo Cornejo
All organizations receive cyberattacks all the time. The question is not if we receive them, but if we are prepared for them— Mercedes Rus, Minister of Security and Justice
A Conversa do Hearth Outra perspectiva sobre a história
Why announce this law at a cybersecurity conference rather than, say, in the legislature itself?
Because the audience matters. You are signaling to the technical community, to researchers, to the private sector that you take this seriously. It is not just a legislative formality. It is a commitment made in front of people who understand the stakes.
The minister said every organization gets attacked constantly. Does that mean Mendoza's systems are already compromised?
Not necessarily. It means they are being probed, tested, targeted. Whether they have been breached is a different question. The law is partly an admission that we do not have clear visibility into what is happening. The diagnostic phase will answer that.
Why does the government need a year of work to write a law? That seems slow.
Because they were not just writing. They were consulting with experts, studying international models, coordinating across multiple ministries. A law written in weeks tends to be a law that breaks in months. This one was built to last.
The minister mentioned unifying government websites. How does that prevent cyberattacks?
It does not prevent them directly. But it reduces confusion. If there is only one official government portal, people are less likely to accidentally enter a fake one. Phishing works because people are uncertain. Clarity is a defense.
What happens if a hospital gets hit by ransomware after this law passes?
The law creates a protocol for response. It establishes who is responsible for what, how information flows, how quickly the hospital can restore operations. It does not guarantee immunity. It guarantees that when something goes wrong, the system knows how to react.
Is this law going to make Mendoza safer than other provinces?
Potentially, yes. But only if it is actually implemented. A law on paper is just paper. The real work begins after August, when legislators vote and the government starts building the infrastructure the law describes.