Tuesday Dec 10, 2024
Wednesday, 27 November 2024 00:22 - - {{hitsCtrl.values.hits}}
Public Security Ministry Secretary Ravi Seneviratne
Lanka Pay CEO Channa De Silva
From left: Visa India and South Asia Head of Risk Vipin Suraliya, Sysco LABS Engineering and Architecture Director Nishantha Hettiarachchi, Google Cloud Security Head – Security Engineers Sijesh Sreedhar,Cyber Security Evangelist, EC Council Master Trainer Belly Richadinato, CICRA Holdings Group Director/CEO Boshan Dayaratne, and Moderator Daily FT Editor and CEO Nisthar Cassim – Pix by Upul Abayasekara and Ruwan Walpola
By Hiyal Biyagamage
Public Security Ministry Secretary Ravi Seneviratne said the existing Computer Crimes Act (CCA) in Sri Lanka needs modifications to apprehend cyber criminals and bring them to justice. He expressed these views at the Daily FT-CICRA Annual Cyber Security Summit, which was held for the 10th consecutive year at Cinnamon Grand.
Delivering a speech as the Chief Guest, former Senior Deputy Inspector General (DIG) Seneviratne admitted that the country’s law enforcement still does not have robust measures to fight these rising cybercrimes and their perpetrators.
“From the part of law enforcement, I admit that we do not have the strongest mechanisms and tools to effectively deal with cyber criminals and dispense justice to victims. Therefore, the need to amend the Computer Crime Act, to update law enforcement professionals of our country and improve knowledge and skills of law enforcement teams handling cybercrime investigations to deal with the ever-evolving threats to cyber security, is strongly felt,” said Seneviratne.
The Computer Crimes Act No. 24 of 2007 provides for the identification of computer crimes and stipulates the procedure for the investigation and enforcement of such crimes. The basis of the Computer Crimes Act No. 24 of 2007 is to criminalise attempts at unauthorised access to a computer, computer program, data or information. It also contains a provision to deal with unauthorised use of computers regardless of whether the offender had the authority to access the computer.
The CCA has been in place for over a decade without any significant changes. Industry professionals have been calling for amendments to the CCA to address modern challenges and better match the principle of ‘proportional punishment’. As per the Act, offences such as hacking, cracking, unauthorised modifications such as worm viruses, and cyber-attacks are generally understood as ‘grave’ since they materially affect the reputation, business or operations on an immense scale. Punishments for such offences are comparatively severe, with imprisonment of up to five years or a fine of up to Rs.300 000.
However, experts point out that the penalties in the Act are fixed and inadequate to combat modern cybercrimes. The articulation of the Act enables judicial discretion to fix a penalty within the criteria of a penalty of Rs.300, 000 or up to five years of imprisonment. However, the Act failed to distinguish the different degrees of offence (Such as first-degree and second-degree) on the grounds of potential damage rendered by such crime.
“CCA of Sri Lanka has been in force for over a decade, without any substantial amendments. Thus, the urge to refine our framework is recognised to combat modern challenges in cyberspace. ‘Proportional Punishment’ is a cardinal element for a pragmatic cyber framework in Sri Lanka. Therefore, it is necessary to reform our framework by incorporating the principles to achieve the core objectives of criminal law,” a research paper published on standardising Sri Lanka’s cybercrime regime highlights.
LankaPay CEO Channa de Silva said quick passage in Parliament to the Cyber Security Act will help effective action against rising cybercrimes. He said that the Act which empowers the SLCERT with wide powers as well as moots establishing a Cyber Security Agency, is ready but is pending Parliament approval.
Speaking at the forum, industry veteran and LankaPay Chief Executive Officer Channa de Silva said the Sri Lanka Computer Emergency Readiness Team (SL CERT) cannot enforce cybersecurity-related guidelines as the Cyber Security Act has yet been implemented.
“The Cyber Security Act was drafted, but it has not been approved yet. This Act has to be passed so that SL CERT can use its full power and enforce guidelines. The implementation of the Act will follow the establishment of the proposed Cyber Security Authority,” said de Silva.
He also stressed the importance of managing the cybersecurity defences of the military and civilians under separate entities.
“The biggest issue is separating military and civilian cybersecurity. These two have to be managed by two different entities. Organisations like the Water and Electricity Boards should not come under military cybersecurity defence. Those should come under the civilian entity. This needs to happen with digitalisation, and if it is not done right, the road ahead will not be clear.”
Visa India and South Asia Vice President and Head of Risk Services Vipin Surelia revealed that the estimated cost of cybercrime will be $ 10.5 trillion next year, up from $ 7 trillion in 2022. The compounded Annual Growth Rate is 32% and has outpaced the growth of the global economy which is 5%.
He said five key drivers are accelerating growth of fraud and cybercrime globally. They are the rapidly acceleration of AI capabilities and its adoption by threat actors; they are organising and carrying out attacks at unprecedented speed and scale; they are able to leverage sophisticated tools and infrastructure to carry out attacks; they continuously target consumers as the weakest link in the payment security flow; and utilising non-traditional payment methods to monetise their schemes, as faster payments result in faster fraud.
The full day summit with keynotes, guest speakers and panellists discussed issues such as “The rise of cyber scams and how to detect and prevent fraud; data breaches and leakages: protecting sensitive information; Cyber security in the age of AI: New frontiers, new risks, and Global threats and local impact: Securing critical infrastructure.” The summit concluded with a night hack demonstrating some of the latest trends and threats. A forerunner to the summit was the CEO Forum on Monday attended by over 100 business leaders and executives.
Strategic partners of the CEO Forum and the 10th Annual Cyber Security Summit were Visa, Belkasoft, the platinum partners are Huawei and Google Cloud, Gold Partner is Sysco LABS, and Silver Partners are Millennium IT ESP, NCinga, and Just In Time Group. People’s Bank is the Banking Partner, LankaPay is the Official Payment Network Partner whilst Platform Provider is HashX. Electronic media partners are SIrasa TV, TV1 and NewsFirst, while the Podcast Partner is TechTalk360, and Brand Communications Partner is MullenLowe Sri Lanka.