Putting the digital horse before the cart

This past month has seen the Government once again push forward the idea of a smart ID system, while separately a new committee has been formed to help regulate blockchain technology and look into the viability of cryptocurrency usage. On top of this, leading online retailer Kapruka has also announced that it plans to take cryptocurrency payments in the near future.

From the outside looking in, and for those hoping to see Sri Lanka at the forefront of a South Asian digital explosion, it’s all rather quite exciting. However, a sharper look might lead to a slightly different conclusion, one where other digital issues might be better prioritised.

For one, there is the matter of cybersecurity. While the Government has sought to bring through legislation to strengthen the nation’s cybersecurity through a new bill called the ‘Cyber Defence Command Act’ and the establishment of a ‘Sri Lanka Cyber Protection Agency,’ as well as the formulation of a Data Protection Bill, there is still a distinct lack of digital literacy among the public in terms of cybersecurity.

For the most part, the public is woefully unaware of the measures that need to be taken in order to protect their data online. While this can be done primarily through the use of better passwords, non-repetition of passwords on multiple websites and the use of a decent password manager, the Government itself could do more in helping secure their websites from prying eyes through the use of things like two-factor verification or, merely, regularly updating their passwords.

Indeed, the Government undoubtedly needs to be more proactive when it comes to its cybersecurity protocols, something highlighted by the LK Domain Registry hack earlier this year. According to website Cyber Security Works, “Investigations on the Sri Lankan Domain attack reveal that threat actors could have used exposed credentials and vulnerabilities to breach and redirect the websites. These credentials have been exposed on the dark web for the past eight years.”

Without getting into the nitty-gritty of the hack, the overarching takeaway is that the website responsible for storing data on all LK domain registrations had not updated their credentials for almost eight years, something that highlights an egregious lack of security awareness.

Moving away from cybersecurity for a moment, there is also a noticeable discrepancy between urban and rural IT literacy rates. While Sri Lanka did a commendable job in providing 4G technology ahead of the rest of South Asia and at a lower price, more needs to be done to educate people about how the internet can be used to build businesses, increase knowledge and connect to markets – and how to do this safely.

In this context it’s hard to imagine how focusing on cryptocurrency mining, as lucrative as it may be, makes sense in the short run. Indeed, several other areas, such as Sri Lanka’s overall internet coverage, online payment systems such as PayPal, and the digitisation of various Government-run essential services such as transport, arguably need to be looked at first before we as a nation turn our gaze to the bright shiny apple that is cryptocurrency mining, lest we put the proverbial cart before the horse and trip over ourselves in ha