The National Information and Cyber Security Strategy which was approved by the Cabinet last month will be implemented in the coming months, Principle Information Security Engineer, Sri Lanka CERT/ Coordination Centre Roshan Chandraguptha said.
The five-year strategy, which was an initiative of SL CERT/CC (Computer Emergency Readiness Team, Coordination Centre), in collaboration with academia, telecommunication companies, military and infrastructure organizations (such as the Ceylon Electricity Board), aims at making the cyber security space in Sri Lanka secure against cyber crimes.
“The cyber security strategy was finalised in September this year and having obtained Cabinet approval it will be implemented soon,” Chandraguptha said.
Cyber attacks globally and locally have been on the rise with the recent ‘Wannacry’ ransom ware attack resulting in colossal losses in many countries last year. The national cyber security strategy focuses on capacity building, carrying out surveys across the country, identifying gaps and implementing measures to counter cyber attacks.
Sri Lanka CERT|CC set up in 2006, acts as the focal point for cyber security in the country.
The computer crime rate in Sri Lanka has been increasing every year and according to SL CERT, the crime rate has risen by 4,733% from 2008 to 2014 with fake account crimes increased to 2,300.
“Many think that when a mobile phone or computer is involved for a fraudulent act such as demanding a ransom via email, such an act is a cyber crime. In fact, it need not necessarily be a cyber crime. The act has to be identified by experts to confirm whether it is a cyber crime or not,” Chandraguptha said adding that if there is a virus or malicious cyber activity, CERT informs the government and other departments about it.
Cyber-crime refers to an illegal activity that occurs in the virtual world of Cyberspace.
In a generic sense it is crime and fraudulent activity related to computers and information technology. Computer crime, also known as Cybercrime, is any illicit action that includes a computer or network associated gadget, for example, a cell phone.
Examples of computer crime are Malware, Trojans or other kinds of malware, DoS attacks, unauthorised access , intellectual property theft, child pornography, cyber stalk or cyber bullying, cyber terrorism, fraud – Altering data, espionage, harvesting, identity theft, Spoofing, Spamming and Phishing.
The Sri Lankan Computer Crimes Act No. 24 of 2007 criminalises unauthorised access to a computer or information held in any computer to commit an offence. The The Act further states a person who deliberately or illegally carries out a function which could modify or damage a computer, computer system or computer program is guilty of an offence.