National cyber security policy in the offing: Defence Secretary

By Hiyal Biyagamage

Defence Secretary Kapila Waidyaratne PC yesterday revealed that Sri Lanka is presently working on drafting a national policy on cybersecurity. 

“The country which is in the process of drafting a cybersecurity policy; Sri Lanka needs to identify mechanisms for the implementation or a body that it will monitor,” Waidyaratne as the Chief Guest told the inauguration ceremony the 6th Annual Daily FT-CICRA Cyber Security Summit 2018 titled ‘Towards a secure digital future’.

A report titled ‘Information and Cyber Security Strategy of Sri Lanka 2018-2023’ by the Sri Lanka Computer Emergency Readiness Team | Coordination Centre (Sri Lanka CERT|CC) states, “As the complexity of the cyber security ecosystem increases, the government of Sri Lanka recognises the necessity of introducing a National Information and Cyber Security Strategy to cope with emerging threats.”

The proposed strategy, which is going to be implemented over a period of five years (2018-2023), will be a high-level top-down approach to information and cyber security that establishes a range of national objectives and priorities that should be achieved in a specific timeframe.

The report further states, “To further strengthen our regulatory framework to effectively battle emerging cybercrimes, gaps in the existing policies and laws will be identified, and new legislation, policies, and standards will be drafted and implemented to create a secure cyberspace for individuals and organisations.”

In line with the strategy, a National Information and Cyber Security Agency (NICSA) will also be established. “The Agency will be responsible for overseeing the implementation of the cyber security strategy, setting national polices, facilitating the protection of critical national infrastructure, educating citizens, building a pioneering technology competent workforce, and promoting industry development,” further states the report.

Speaking further at the Daily FT-CICRA Cyber Security Summit with over 400 participants from private and public sectors, Waidyaratne mentioned that the Government of Sri Lanka has taken a number of steps to mitigate cyber threats over the last few years by enacting relevant legislation such as the Electronic Transactions Act No. 19 of 2006, Payment Devices Frauds Act No 30 of 2006, the Intellectual Property Rights Acts, and Computer Crimes Act No 24 of 2007. Sri Lanka ratified the Budapest Convention on Cybercrime in 2015 and became the first country in South Asia to join this convention.

However, Waidyaratne believes that Sri Lanka needs to improve the legislation to implement the international treaties which it is signatory as well as to empower intelligent services and military forces of Sri Lanka.

“By doing so, they will be capable of assessing threats in the cyber domain and countering them in a digital future,” Waidyaratne opined.

Pointing out that cybercrimes are growing beyond geographical and jurisdictional boundaries apart from growing economic losses, Waidyaratne said it poses huge threats for the national security. 

“We are aware that the cyber terror attacks can cripple military, financial and services sectors of advanced economies. Therefore, global community as a whole has a significant responsibility to safeguard national and global sensitive information against cyber-attacks. More importantly, wise and strong achievements, investments in the cyber security and defences are more required in the most wild and the complicated 21st century,” said Waidyaratne. 

Apart from national security, Waidyaratne said that cybercrimes have already been a severe threat to the development in the current world. “Therefore, it is crucial to discuss the cyber security threats domestically as well as internationally. Cybersecurity corporations between partnering countries is essential,” he mentioned at the forum. 

Among the 193 ITU (international Telecommunication Union) member countries, Sri Lanka is ranked 72 in the Global Cybersecurity Index (GCI) in the year 20166. GCI assesses a country’s overall commitment towards cyber security in relation to five different dimensions, namely legal, technical, capacity building, organisational, and cooperation dimensions. Sri Lanka’s performance in each dimension is assessed and rated either as initiating, maturing, or leading. Sri Lanka’s overall performance is rated as maturing.

The Daily FT-CICRA Cyber Security Summit focussed on four core sessions: mitigating cyber risks in financial services, security in the IOT Era, prevention of data leakage, and digital forensic dynamics.

It featured 17 speakers and panellists creating awareness on the importance of cyber security among top officers in the Government, corporates and IT professionals. It also showcased best practices to participants in acquiring, implementing, managing and measuring information security postures of their organisations and countermeasures. 

The summit also highlighted latest flaws in information security that affects the global community including corporations and governments. Discussions and presentations revolved around some of the most malicious attacks and potential threats surrounding the security field.

Participants got a better understanding of the need for proactive strategies for corporate IT infrastructure through these demonstrations. 

The day conference of the summit was followed by Hangout with Hackers (Night Hack) – an evening edutainment meet-up where ethical hackers conducted demonstrations and engage with the audience to showcase the latest skills. 

Visa Inc., US, Director (Risk Services, India and South Asia)Lakshmi Ramakrishnan delivered the keynote address at the session on ‘Mitigating risks in financial services’, while Central Bank Governor Dr. Coomaraswamy was the Guest Speaker. Commercial Bank of Ceylon COO/Executive Director Sanath Manatunge, LankaClear DGM (IT and Operations)Dinuka Perera and Central Bank Head of IT Wasantha de Alwis figured in the panel discussion.

The second session, titled ‘Security in the IOT Era’ had CISCO USA Cyber Security Regional Manager (India and SAARC)Vivek Srivastava delivering the keynote while Dialog Axiata Chief Operating OfficerDr. Rainer Deutschmann was the Guest Speaker. Duo World Inc. CEO and Chief Architect MuhunthanCanagey and Dialog Axiata M2M/IoT Strategy Development and Partner Management Head Dr. Indika Samarakoon participated in the panel.

InfoWatch Russia Senior Manager Nikita Zaychikov delivered the keynote at the third session, titled ‘Prevention of data leakage’, while Cisco Inc. US Cyber Security Director (India and SAARC)Vishak Raman was the Guest Speaker. Hatton National Bank Deputy General Manager (Risk/CRO/CISO)DamithPallewatta and BDO Sri Lanka and the Maldives Partner (Risk, Forensic and IT Advisory Service)AshaneJayasekara were the panellists of the session.

Digital Intelligence and Investigation Solutions, Cellebrite, Israel Vice President (APAC)Terry Loo delivered the keynote for the fourth session titled ‘Digital Forensic Dynamics’.  AppKnox, Singapore Co-Founder/CTOSubhoHalder was the Guest Speaker of the session while the panellists were Sri Lanka Police STF CommandantSenior DIG M.R. Latiff and Sri Lanka CERT|CC Principal Information Security EngineerRoshan Chandragupta.

The Summit which was followed by a CEO Forum on Wednesday was supported by Cisco as the Principal Sponsor, Visa as the Strategic Partner and Infowatch and Tufin as Co-Sponsors. LankaPay is the Official Payment Partner while Dialog is the Telecommunication Partner. Sri Lanka Insurance is the Insurance Partner. The Ministry of Telecommunication and Digital Infrastructure and ICT Agency of Sri Lanka have endorsed the event. Cinnamon Grand is the Hospitality Partner of the summit while Triad is the Creative Partner. The Electronic Media Partners of the event are TV Derana, FM Derana, Ada Derana and Derana24X7.

The Summit saw the participation of over 60 deserving university students sponsored by the National Savings Bank; Carson Management Services; John Keells Holdings PLC; Lanka Orix Leasing PLC; Vallibel PLC; Siam City Cement; 99X; AIA; Expolanka Holdings PLC; PAYable; BDO Partners/Lanka Holdings; Nature Beauty Creation; Overseas Reality Ceylon; and Sunshine Holdings.

The universities represented wereUniversity of Moratuwa; University of Peradeniya; University of Jaffna; University of Colombo; University of Sri Jayewardenepura; University of Kelaniya; Sabaragamuwa University of Sri Lanka; Uva Wellassa University of Sri Lanka; and Open University of Sri Lanka.