Webinar on “The challenges on Cyber Security in Sri Lanka"

The COVID-19 pandemic created an immense humanitarian crisis that severely affected almost all countries in the world. Due to the health security measures taken by the governments, it forced organizations and individuals to adopt new practices such as social distancing and working from home. As a result, more and more people began to carry out their daily transactions, purchases, office administration and even for education digitally and thus became very vulnerable for cyber-attacks. Globally, a majority of the countries including developed as well as developing countries have created their cyber security strategies to prevent or minimize cyber-attacks. The Institute of National Security Studies conducted a webinar on “The challenges of cyber security in Sri Lanka” with a platform that was sponsored by MAC holdings. The public lecture on the webinar was held on 17th June from 3.00 p.m. - 4.00 p.m. via zoom and the guest speaker was Mr. Lal Dias, Chief Executive Officer of the Sri Lanka Computer Emergency Readiness Team (SLCERT). The webinar was moderated by Admiral (Prof.) Jayanath Colombage, Director General, INSSSL.

Admiral (Prof.) Jayanath Colombage stated that, especially during the lockdown period due to spread of COVID-19 the dependence on digital technology by the societies had changed the paradigm of the entire world, with the challenge of being vulnerable to cyber-attacks on individuals, governments and organizations. He cited that recently, there were two major cyber-attacks on government establishments in Sri Lanka. He stated that the Colombo port is thriving to become fully digitalized, but one must not forget the vulnerability of stalling the port activities within a very short period if struck by a single cyber-attack. With this preamble Admiral (Prof.) Colombage invited the guest speaker, Mr. Lal Dias to go ahead with his presentation.

Mr. Lal Dias initially highlighted that for the last ten years Sri Lanka has been subjected to several cyber-attacks, but comparatively he sees a decline in the attacks when compared to last year which was 13 compared to this year only three up to now since a Task force has been activated to monitor and deal with it. He stated the reason behind this is, due to weak construction of government websites with less concern for adapting protective security measures and due to the use of simple and obvious passwords. As a solution, he suggested that sustainable cyber security methods should be adapted by all institutions, companies, and government.

Mr. Lal Dias also described the three components of the World Wide Web (www), the surface web which everybody can access, the dark web and deep web. The deep web cannot be accessed by normal browsers and used by companies for crypto transactions etc. and that it is about 500 times larger than the surface web. He went on to say that, on the other hand the dark webs are used primarily (80%) for shady illegal activities such as child phonography, sale of drugs, stolen credit card numbers, etc. by the underworld to make money. He also mentioned that it is also used to pass information by whistle blowers and to bypass censorship on social media thus having a few advantages as well. He then discussed a few preventive measures that could be taken, such as making the staff/ employees aware of pitfalls and especially phishing attacks through emails, whatapp etc. which are commonly used. As another preventive measure he discussed that all organizations should have a Cyber Security Policy in place where SLCERT can help to develop them. He also emphasized that organizations should have a mechanism to continuously monitor their websites, networks, firewalls and do traffic analysis and internal audits and have periodic reviews to overcome such cyber-attacks on their websites. He also added that all government institutions should have a Manager appointed for Cyber security who should be independent of the employees dealing with IT in the organization.

Then Mr. Lal Dias discussed about the National Information cyber security strategy stating that, Sri Lanka has taken a step ahead than other developing countries in Cyber Security. He stated that CERT was established in year 2006 and that we are a full member of the Asia Pacific CERT. The government of Sri Lanka, committed to keeping the nation safe, secure, and prosperous, introduced the first National Cyber Security Strategy in 2018 to be implemented over five years from 2019 to 2023. Establishment of a government framework for overall implementation of cyber security in Sri Lanka has been one of the initial thrust points in this endeavor. He also stated that Sri Lanka has the relevant legislation, policies and standards in place now, such as Payment device frauds act in 2006, Electronic transaction act in 2006, Computer crimes act in 2007 and a fully functional cyber-crimes unit at the police CID to investigate cyber-crimes. Sri Lanka CERT has established sector based CERT. As examples CERT for the banking sector, Cert for the Education sector. As a part of the strategy a resilient digital governance and infrastructure was another thrust area that was discussed. With the global shortage of cyber security professionals he stated that he intends capacity building by training employees both in the public and private sector to have a competent workforce for cyber security. Also another thrust area discussed was the awareness and empowerment of citizens and to improve on public private and international partnerships by developing cooperation among these three segments concerning cyber security

Finally, during the Q & A session, it discussed further about the right to privacy, militarization of cyber security, the advantages and threats of cyber space, measurements and strategies to reduce the vulnerability of the cyber space.

By Udeshika Jayasekara
Research Assistant
Media Release of Institute of National Security Studies, Sri Lanka (INSSSL),Think Tank of the Ministry of Defence