Sri Lanka’s cyber security strategy: Open for public comments soon | Sunday Observer

Sri Lanka’s cyber security strategy: Open for public comments soon

30 September, 2018

The much anticipated cyber security strategy for the country will be open for public comments within a couple of weeks, a senior official of ICTA told the gathering at the Organisation of Professional Associations of Sri Lanka (OPA) conference in Colombo last week.

ICT Agency of Sri Lanka Director and Legal Advisor Jayantha Fernando said the cyber strategy will be available for public comment within the next couple of weeks and added that the draft strategy was presented to the Cabinet two weeks an ago.

He said this matter is being addressed through an institutional framework. Sri Lanka CERT has been working with multi-sectoral institutions, banks and utility organisations to create a cyber security strategy.

“The strategy will comprise many areas affecting an organisation’s cyber security,” Fernando said.

According to cyber security experts, cyber threats cut across vast domains from military to citizens and private and public organizations across the globe. There has been a spate of cyber attacks during the past five years and occurrences have become frequent in the recent past causing colossal losses to institutions and countries across the word.

Experts said unless adequate security measures and strategies are in place the world will not be safe from cyber espionage having privy to data drain wealth from local to multinational organizations. Sri Lanka has been fairly safe from cyber crimes that have adversely affected countries militarily and economically resulting in major threats to national security. However, cyber security experts said this there is no reason and room for Sri Lanka to be complacent and that adequate safeguard through national strategies and policies should be enforced to avert such attacks.

India launched its cyber security policy in 2013.

The need for data security and digital privacy laws in the country was stressed at the conference. Currently there is no data privacy laws in Sri Lanka. The possibility for Singaporean companies to have access to private data of Sri Lankans through the Sri Lanka Singapore Free Trade Agreement as also highlighted at the forum.

“Without a Constitutional safeguard having policies to protect data privacy will be meaningless. There has to be a constitutional mechanism with overarching data protection laws to ensure safety of personal data. The 19th Amendment gave citizens the right to information as a human right with the right to privacy as an exemption,” Fernando said.

The Ransomware called Wannacry spread across the world last year targeting several organization including public utilities and large corporations. This was followed by an advanced malware called Petya the same year.

However, despite all the hype, Sri Lanka has still not being able to get the much looked forward to digital ID and experts have been asking what is holding it back.

“It is a coordination issue. Work on the ID is progressing but there has to be synergy and the push to get it through. Some concerted efforts have been made by the Department of Registration of Persons. What is holding back is lack of cooperation of all agencies,” Fernando said. It was also question as to why it has taken such a long time for digital penetration to take off in Sri Lanka. The current credit card penetration is around four percent in the country. However, the number of debit cards is presently around 10 million. Hemas Holdings PLC Executive Director Murtaza Esufally said the country has an advanced payment system but lack of awareness is not helping the banking sector services to reach the grassroots.

‘There are options for digital transactions but adoption of them is needed to get to the next level,’ Esufally said.

Chartered Institute of Management Accountants Sri Lanka Country Manager Zahara Ansary said being relevant with skills is crucial to survive in any occupation. CIMA had been changing the syllabus once in five years but now we it is being changed once in two years.

“It is now a matter of lifelong learning and not lifelong jobs. If one does not keep learning and upgrading his or her knowledge they are bound to fail,” Ansary said.