- Highlight need for more funding, legislation and policies
- Say stronger cyber security resilience can attract investors
- Reveal new cyber security laws drafted, awaiting approval
- Assert Colombo International Financial City needs strong cyber security regulations
Even though Sri Lanka has made significant strides in improving its cyber security environment, more funding, legislation, policy initiatives and awareness are needed, a group of top experts said this week, pointing out that such Government-led efforts could also result in more foreign investment inflows.
Cyber Resilience for Development Project Leader Maurice Campbell
Cyber Security Ambassador
Dr. Henry Pearson
- Pix by Lasantha Kumara
They expressed these sentiments at the 12th Annual National Conference on Cyber Security, which was organised by the Sri Lanka Computer Emergency Response Team (SLCERT) on Tuesday in Colombo and drew participants from industry, government, academia and the international cyber security arena.
Speaking at the event, European Union (EU) Cyber Resilience for Development Project Leader Maurice Campbell emphasised the importance of Sri Lanka improving its cyber security and pointed out that it would also increase the country’s investment opportunities.
A mature cyber security apparatus and high resilience in both the State and private sector was a significant consideration for investors when planning Foreign Direct Investment (FDI), opined Campbell.
“The ability to attract FDIs into the country for instance, especially into the financial sector, will depend on the existing cyber security environment and we can see that the Sri Lankan Government is committed to it.”
The EU Cyber Resilience for Development Project is currently assisting Sri Lanka draft its National Cyber Security Strategy.
Campbell pointed out that the EU had recognised the need for helping countries worldwide protect their vital infrastructure by boosting their resilience to cyberattacks and cybercrime and that the European collective was concerned about how disruptions caused by cyber threats could affect stability and peace across the globe.
“Sri Lanka was the first country to join the project,” he said. Commenting on the increasing range of cyber security threats, Campbell said attacks were inevitable and what mattered was how countries responded to them.
The UK’s Cyber Security Ambassador Dr. Henry Pearson, who was delivering the keynote address at the forum, explained the United Kingdom’s experience in establishing a world-leading cyber security system. He pointed out that cyber security did not come cheap, with the UK investing £ 1.9 billion towards the effort for the 2016-2021 period.
Pearson underscored the possible impact cyber threats posed to global economies, government services and critical national infrastructure. Many of the major cyber threats faced by the UK in recent times were believed to be State-sponsored action, he opined, citing the ‘Wanna Cry’ ransomware attack of 2017 that originated in North Korea.
He identified a well thought out regulatory process, public-private partnerships, industry collaboration and skills development as vital components of a sound cyber security policy. The United Kingdom had established the National Cyber Security Center (NCSC) to oversee, mitigate or neutralise cyber threats. Sri Lanka is in the process of establishing an NCSC of its own and is closely examining the UK experience.
SLCERT CEO Lal Dias pointed out that cybercrime and cyber threats were borderless and the need for international cooperation was crucial to protect the country’s national infrastructure and tech-dependent economy.
According to SLCERT, Sri Lanka is ranked 72nd on the Global Cyber Security Index (GCI), with its overall performance rated as “maturing”. But the need for SLCERT to have more resources and expertise was also highlighted as it is currently staffed by less than 20 individuals. According to Dias, Sri Lanka will also host the Annual General Meeting (AGM) of the Asia Pacific Computer Emergency Response Team (APCERT) in Colombo next year.
At a roundtable discussion on cyber security at the Lakshman Kadirgamar Institute (LKI), which featured some of the same speakers, ICTA Chairman Dr. Rohan Samarajiva expressed concern about the possible vulnerabilities of public sector online services, especially local government organisations, to ransomware attacks.
He cited recent ransomware attacks in the US state of Florida, which resulted in the public records of nearly 35,000 citizens and a local government computer network being infiltrated by hackers who asked for a ransom to be paid so that the files and system were decrypted and accessible to local authorities.
The attack had paralysed the local government’s day-to-day functioning and forced a vote where authorities decided to pay nearly $ 600,000 in ransom to hackers to regain access to the systems. Concerns about the upcoming Colombo International Financial City’s (CIFC) cyber security credentials were also discussed at the roundtable discussion, with experts pointing out that special laws governing the new territory needed to include robust cyber security clauses.
Pearson who also spoke at the roundtable discussion at LKI, pointing out that the British NCSC was established as an entity under the General Communications Headquarters (GCHQ) and is a State civilian intelligence organisation, while other military and foreign intelligence agencies had their organic cyber security establishments. However, he noted that different countries should build cyber security systems tailored to suit their needs.
SLCERT is a civilian organisation, however, the defence establishment has been proactive with their own cyber security initiatives at the armed forces and law enforcement level.