Creating a ‘Cyber Resilient’ society

In today’s world, the economic impact of cybercrime is rising, and citizens are vulnerable to interference and manipulation

• Policy challenges to an effective digital transformation

While technology is opening a whole new world of opportunities, the threats posed from terrorists are no longer purely physical attacks but have also expanded into the digital world. The danger may not venture into weapons or create a battlefield with thousands of troops anymore; the future of wars will be fought in cyber space with more advanced technology. The digital environment is composed of digital services facilitated by the internet which plays a vital role in all aspects of life, making it convenient and enjoyable. However, the laws and regulations related to the digital environment have failed to keep pace with its role. 

For most developing countries, the foundation of a strong digital economy is built on the investment into infrastructure development, such as fibre and wireless connectivity. The goal is to maximise the availability of high-speed internet connectivity whilst making it economically feasible for public and private IT businesses. Sri Lanka is gradually making progress in the regulation of the digital space whilst building a cyber-resilient society. The weakness in cybersecurity governance and gaps in the inconsistent transposition of legislative framework have been identified as the main barriers to effective digital policy delivery.  

Based on the publicly available National Digital Policy draft paper which provides an overview of a complex policy landscape, the challenges are strongly connected with our desire as a collective to create a prosperous and competitive economy, a sustainable environment and a more open, democratic and healthy society. Digital transformation is a key element for citizen empowerment and business growth, and the Government’s initiative will help us build an open, innovative, secure and sustainable society. Moreover, people need a clear and balanced understanding of the policies, their challenges and context in which they must be addressed. 

As things stand, Sri Lanka will have a lot to achieve by 2025. From achieving a $5 billion ICT export revenue by 2020, to creating new jobs, driving innovation, enhancing investments, policy and legal reforms, promoting entrepreneurship, ensuring national security and sovereignty are some of the key targets. Another target, as per the proposed digital policy, is to create a globally competitive and digitally empowered economy.

A productive approach to policy making 

Sri Lanka needs a more structured and a constructive approach to policy making, especially in the technology and digital sectors, to achieve the scale and nature of the above goals. Over the last decade, the Government has adopted innovative tools to improve public sector service delivery. However, the lack of clearly defined processes and an understanding of which emerging technologies to adopt in order to address the most vital issues may be challenging for the overall mission.

Barriers to adopting new technology

Failing to adopt these technologies faster can have a negative effect on citizen expectations and possible exposure to new threats and malicious cyber activities. Being vulnerable to threats, cybercrime and hacktivism can create social disorder, service disruption, destruction of critical digital property, degrade economic progress and threaten national security. In today’s world, the economic impact of cybercrime is rising, and citizens are vulnerable to interference and manipulation. Therefore, adopting a national cybersecurity strategy and having a competent authority tasked with the execution is important. Moreover, a nation-wide plan is needed to protect cyberspace and ICT security. 

Gaps in proposed policy frameworks

Many policy frameworks are still fragmented despite the publication of the National Cybersecurity Bill, Data Protection Bill and the National Digital Policy. According to data protection and cybersecurity experts, there is a considerable gap between Sri Lankan cybersecurity policies and those implemented in comparable other countries in the region. The Government needs to strengthen national-level preparedness for cyber risks. Strong checks and balances for surveillance agencies and accountability mechanisms for Government authorities are as important as effective implementation and successful co-ordination between the various stakeholders. 

Failing to synchronise with international standards

Despite all these challenges, Sri Lanka made significant progress by being a state party to the Council of Europe’s Convention on Cybercrime (ETS 185 of 2001). It was a historic success as Sri Lanka became the first country in South Asia to accede to the Convention, also known as the “Budapest Convention”. This requires synchronising national legislation to EU standards to combat cybercrime and strengthen data protection. In that sense, Sri Lanka’s proposed Cybersecurity Bill, Data Protection Bill and National Digital Policy needs a more detailed overview and strategic approaches to foster international co-operation on cybersecurity. Each citizen should be responsible for promoting responsible behaviour in cyberspace, avoid spreading disinformation, support human rights and democratic principles, while championing the worldwide web to maximise knowledge and make it a lucrative business model. 

Need for effective public-private collaboration

To promote closer collaboration across the country, the Government and private sector organisations should step forward to educate the public, adopt a common strategy to share information and develop effective mechanisms to achieve cyber-readiness. In order to avoid duplicate efforts, a more balanced approach is needed to align the country’s economic vision with its national security priorities via a centralised co-ordination process. Similarly, reinforcement of cybercriminal law in response to better protection for its citizens is also needed with an evaluation to all current laws, regulations and standards relating to IoT devices.

Creating awareness and changing the public mindset 

Finally, a complete shift in public mindset is also needed to be aware of the risks and opportunities presented by digitisation and internet connections. A strategy to increase public awareness about the impacts of threats that are aimed at critical infrastructure or services, the consequences of data breaches, identifying and reporting a cybercrime and the effects of a nation-wide cyber-attack is needed for the public to become fully aware of the risks and opportunities afforded by ICT innovation and internet uptake and how to manage those risks by investing in their security in a more structured manner. Sri Lanka then can fully harvest the benefits associated with a digital economy and reach the determined targets set in its strategies. Once all the above is completed, Sri Lanka will then be on the pathway to becoming a cyber-resilient nation with a healthy internet and digital ecosystem.

The author is the Regional Head of South East Asia for Meta Defence Labs, a cybersecurity service provider in the UK and Sri Lanka, and serves in its Board of Directors. She also volunteers as the Program Director for She CISO Exec., a global training platform for Cybersecurity, Leadership and Women Empowerment. She is a passionate individual with diverse experience, skills and learning to become a data protection officer and GDPR practitioner. At Meta Defence Labs, Nisa is committed to assisting organisations to improve their security posture whilst achieving business goals. She can be contacted on LinkedIn: https://www.linkedin.com/in/nisavithana.