National framework for cyber security vital: Eran

Thursday, 5 November 2015 00:00 -     - {{hitsCtrl.values.hits}}

  • Must include institutional framework
  • Important to form national level cyber strategies to handle security incidents
  • LGN must be national priority
  • RTI and ICT can combine for stronger accountability
  • Calls on private sector to provide guidance


State Enterprises Development Deputy Minister Eran Wickramaratne

2-DSC_2435 3-DSC_2444 4-DSC_2422 5-DSC_2412 5-DSC_2414 6-DSC_2419 7-DSC_2410

By Himal Kotelawala

A national framework for cyber security, including the establishment of an institutional framework, must be developed in order to handle cyber security incidents, Deputy Minister of State Enterprise Development Eran Wickramaratne said on Tuesday.

Speaking at the eighth Annual National Conference on Cyber Security, the Deputy Minister said the country needed to form national-level cyber strategies in order to handle security incidents at an organisational, industry, and national level.

“In recent times, many developed countries have suffered cyber-attacks as a result of ‘unstructured’ security organisation. The protection of Critical National Information Infrastructure such as the LGN must be a national priority and sufficient policies and procedures, infrastructure and personnel must be deployed to ensure its smooth functioning,” he said.

According to ICTA, the LGN, or Lanka Government Network Project, is a secure underlying information infrastructure backbone that connects all the government organisations (initially 325 locations in three phases) in a “cost-effective and secure manner to provide internet, email and IP based voice services.” The project sought to address basic hardware and LAN network needs of the connecting government organisations including but not limited to providing WAN connectivity to the LGN Hub.


Government accountability and significance of security

Commenting on the role ICT could play in Government accountability and the significance of security in this regard, the Deputy Minister noted the importance of government officials corresponding with officially assigned email accounts, as opposed to using Gmail or some other personal email address.

“Using personal email addresses means that there is no public traceability or memory of what has officially been done. Take for example the lack of documentation regarding what happened during the previous Government’s tenure. There is little to no traceability of accountability for what took place behind closed doors. Thus we must put in place protocols and capacities to deal with email correspondence,” he said.


Right to Information plus strong ICT

Right to Information (RTI) coupled with strong ICT could also play a part, going to the extent of fighting corruption, he said, adding that, for example, there was no reason why the Government couldn’t share information about how contracts are awarded.

“The Government should put out the requisite information on its websites and make it accessible to the public. Moreover, by putting it up online, it saves time for the public who no longer have to demand this information. It also saves time for the public sector who no longer have to divulge information on a piece-meal basis,” the Deputy Minister said.


Government commitment to developing IT

Emphasising the Government’s commitment to developing ICT, Wickramaratne said that Sri Lanka is attempting to develop a modern economy to integrate with the global economy and succeed in the world.

“Just as we are building physical highways, we need to build information highways. Just like we are concerned for safety and security in the physical world we live in, we need safety and security in the virtual world. We cannot simply limit ourselves to the physical world, because significant portions of our lives and activities are transacted in the virtual world. Thus, an understanding of the virtual world is important to succeed, as a people and as a country,” he said.

Good security practices and the development of security infrastructure must be part of the strategy to provide such a secure environment for the country, he added. Hence, the need to form national-level cyber strategies and develop a national framework for cyber security.


e-Sri Lanka initiative 

Commenting on the impact made by the e-Sri Lanka initiative, Wickramaratne said the project helped strengthen cyber security in the country.

“When the e-Sri Lanka project was envisaged, cyber security was thought of as simply a legal framework. It was through the e-Sri Lanka program that we were able to put in e-laws to provide cyber security. However, as the project subsequently developed, cyber security was institutionalised, and that is how CERT (Computer Emergency Readiness Team) Sri Lanka was born,” he said.

e-Sri Lanka, according to the Information and Communication Technology Agency (ICTA), utilised ICT to develop the economy of Sri Lanka, reduce poverty and improve the quality of life of the people through a six-program strategy which encompassed ICT policy, leadership, and institutional development, information infrastructure, re-engineering government, ICT human resource development, ICT investment and private sector development, and e-Society.


Catching up for lost time

The Deputy Minister further said that the UNP-led Government sees as its task to fast-track Sri Lanka into a position of success and to bring knowledge and competence in ICT.  

“We have to catch up for time lost during the past 10 years, and compensate for the people who lost focus of ICT development,” he said.

The challenge, he added, was not understood, and as a result the public sector is significantly behind and Sri Lanka is, therefore, vulnerable due to its lagging behind. 

“Strong cyber security and information platforms are not just a luxury to strive for; it is fundamental to our country’s operation. Whether we think about fighting against corruption, or for good governance, or economic development, understanding and strengthening our presence in the virtual world is essential,” he said.

Wickramaratne added that it was crucial to support CERT’s model of conducting educational activity on cyber-safety across the country, setting a national level framework on cybercrime forensics, and helping law enforcement agencies with investigations.

“It is important for all of us to continue to support this model, and help it develop accordingly with the dynamic global situation. Indeed, we all have a role to play,” he said.


Private sector support

The Deputy Minister also called on the private sector to provide guidance to the State sector in developing strong ICT infrastructure, adding that he was personally striving to reform public enterprises by developing strong ICT infrastructure.

“The private sector has made investments at a higher level, and thus have a more sophisticated ICT architecture. The public sector is lamentably lagging behind and there is an urgent need to bridge this gap. The government will look to you for guidance and the way forward,” he said.

Pix by Lasantha Kumara