The much anticipated Cyber Security Act which will ensure a safe and secure cyber security environment in the country is currently under Cabinet observation and its enactment is likely to take place early next year, according to a Sri Lanka Computer Emergency Readiness Team (SLCERT) official.
He said the Bill has passed all other preliminary stages and now it is up to the Cabinet to approve and enact it.
The objectives of the Act is to ensure the effective implementation of the National Cyber Security Strategy in Sri Lanka, prevent, mitigate and respond to cyber security threats and incidents effectively and efficiently, set up the Cyber Security Agency of Sri Lanka and to empower the institutional framework to provide a safe and secure cyber security environment; and protect the Critical Information Infrastructure.
The Act has provision for the setting up of a Cyber Security Agency which shall be the apex and executive body for all matters relating to cyber security policy in Sri Lanka and shall be responsible for the implementation of the National Cyber Security Strategy of Sri Lanka.
The Agency will take steps to implement the National Cyber Security Strategy of Sri Lanka including preparation and execution of operational strategies, policies, action plans, programs and projects, develop security standards for the government, facilitate the adoption of the policies and standards in government institutions and other sectors and prescribe an assessment framework and criteria to assess cyber security policies and standards, identify and designate Critical Information Infrastructure (CII) in the government and other sectors.
The Act also provides provisions to develop strategies and plans for the protection of CII in consultation with the owners of CII in consultation with stakeholders, act as the central point of contact for cyber security in Sri Lanka, and provide advice to government institutions and other sectors in respect of cyber security matters, act as the interface for the multi-directional and cross-sector sharing of information related to cyber threat indicators, defensive measures, cyber security risks, incidents, analysis and warnings in relation to cyber security for government institutions.
To assist in curricular and skills development relating to cyber security, including the development of cyber security industry standards, ensure the availability of competent and highly skilled professionals in the cyber security domain, coordinate the conduct of sectoral cyber security drills from time to time to improve overall cyber security readiness, establish or designate institutions, units or any other entity to assist the Agency in the performance and discharge of its duties, set up and authorise sectoral computer emergency readiness teams in various sectors based on the critical importance of a particular sector, request the submission of reports or returns from the owners of the designated CIIs and other government institutions which includes information relating to compliance with the cyber security assessment and information relating to the steps taken to protect their CIIs.
CICRA Holdings Director/CEO Boshan Dayaratne said Sri Lanka needs a Cyber Security and Data Protection Act to protect personal data from being hacked and misused by others.
“There needs to be some regulation on how data should be used in the country. Personal data needs to be protected from email and mobile phone campaigns and advertisements which flood the personal space without the consent of the person concerned,” he said.
The General Data Protection Regulation (GDPR) introduced by the European Union to protect data of Europeans has laid out fines ranging from Euro 20 million or four percent of the global revenue from any institution of the region failing to protect data.
- LF