Attorney General Jayantha Jayasuriya PC yesterday said successfully facing the growing cybersecurity challenge is key to safeguarding socioeconomic prosperity in the country.
The importance of cybersecurity, challenges towards it and some of the measures taken so far were highlighted by Jayasuriya in his address after inaugurating the 11th National Cyber Security Week 2019 organised by SL-CERT and ICTA at the Hilton Colombo yesterday.
He said the value of global cyber security incidents in 2015 was $ 590 billion and estimated to be $ 2.1 trillion, a fourfold increase.
“There are certain challenges countries and organisations will have to face when mitigating cyber threats. Some of them are lack of awareness of cyber threats among citizens, lack of readiness of stakeholders to deal with it, gaps in laws in relation to modern cybercrimes, lack of cooperation among relevant stakeholders and countries,” the Attorney General said.
In that context he commended the SL-CERT (Computer Emergency Readiness Team) for its pioneering initiative in enhancing awareness of cyber security in the country as part of its core role of being the focal point for cybersecurity in Sri Lanka.
“Knowledge sharing is critical for the society to be better equipped to achieve cleaner secure and stable internet environment. This is important for socio economic growth of Sri Lanka,” the Attorney General emphasised.
The full-day forum featured a host of international and local experts shared key insights to latest challenges and trends on cyber security.
During his address Jayasuriya also noted that Sri Lanka has made tremendous progress in meeting the challenge of cyber security. Among them were the creation of sectoral CERTs such as for the financial sector and education sector. Another was the Cyber Defence Command Centre at the Air Force. The latest was the launch of National Cyber Security Strategy, which the AG said “paves the way to coordinate multiple actions and bring together all stakeholders”.
Nevertheless, Jayasuriya stressed the need for continuously safeguarding the achievements and initiatives the country has progressed with. “If the systems are abused or attacked, they may lead to disruption of what we have achieved so far. So we need to have proper mechanisms and thereby ensure all that we enjoy is protected from cyberattacks,” said the AG, who commended the courage and determination of all stakeholders to ensure “we live in a secure cyber world”.
Focusing on his area of expertise, the AG said cyber security and provisions relating to cybercrime were interconnected. “Cyber security deals with prevention whilst provisions relating to cybercrime takes care of criminal justice aspect to the breaches of cyber security,” he said, adding that prosecutors face many challenges when endeavouring to be successful in meting out justice against cybercrime.
He said following the enactment of the Computer Crime Act in 2007, based on the Budapest Cyber Crime Convention, the ICTA and SLCERT worked very closely and tirelessly for eight years to make Sri Lankathe first country in South Asia in the Budapest Convention in 2016. Being a State party to the Budapest Convention, Sri Lanka has created legal and policy framework to meet the challenges associated with cybercrime, he added.
The AG also said since cybercrime is cross border and given the challenges, a uniform mechanism, rules of procedure and evidence are of paramount importance, which can be achieved by bringing all parties/stakeholders together under the umbrella Budapest convention.
The Convention he said provided judicial officers, prosecutors, law enforcement agencies and other stakeholders with capacity building opportunities to deal with cybercrime investigation and prosecution.
“Having such a mechanism will not and should not distract our attention from having a proper system of prevention,” stressed Jayasuriya. He also said cybercrime threats will enhance the scope for cyber security jobs and professionals to be involved to ensure all stakeholders will have the benefit of a secure cyber world.
Estonian Information System Authority International Relations Director, NATO CCD COE Ambassador Liina Areng focused on what ensures resilience of a national cyber security strategy in her presentation.
She said it was important to have a proper interface between public and private sectors, defence as well other stakeholders. The need for proper balance between policy and processes with clear action was also stressed. To deal with increased complexity of threats, the benefit of security by design was another aspect. This, she said, requires both developers and defenders to work together.
Among other key foundations for resilience were education, community building, harnessing cyber culture, law enforcement capacities to keep pace with cyber criminals, and international cooperation.
SL-CERT Chairman Jayantha Fernando told the opening ceremony that SL-CERT now handles over 4,000 cyber security incidents per year, as opposed to below 50 when it was set up in July 2006. It was pointed SL-CERT has remained relevant and effective because of its inclusive approach collaborating with multiple stakeholders.
Fernando also highlighted a host of initiatives carried out by SL-CERT, and the significance of Sri Lanka being part of the Budapest Convention on Cyber Crime. He said the initial operational funding challenges compelled us to think out of the box – to find ways and means to deploy sectoral CSIRTs with key stakeholders, with Sri Lanka CERT functioning as the umbrella org. This approach led to us to establish the FIN CERT, which supports the banking and financial sector, and the EDU-CERT. The FIN CERT is housed at Lanka Clear and functions with a CBSL led Steering Committee implementing the Baseline Security standards for Banks.
Similar initiatives have been taken in other sectors – The Cyber Defence Command of the Ministry of Defence, hosted by Sri Lanka Airforce, is another land mark initiative to address Cyber security challenges in the defence and military sectors.
"Our ability to respond effectively to the needs of our stakeholders will determine whether we stay relevant. Sri Lanka CERT stayed relevant primarily because the multi-stakeholder Board representation, which added so much value to the effectiveness of Sri Lanka CERT. Past and present Board members of CERT should be thanked for their guidance over the years," Fernando said.
He also said during Sri Lanka’s entry to the Budapest Cybercime Convention, Sri Lanka CERT became the Centre of Excellence with a vision of making Sri Lanka a Cyber security and Cybercrime capacity building hub. "Sri Lanka CERT has shared their expertise at various Council of Europe training activities since then, including the establishment of Tonga CERT. We also managed to attract support from British Govt to partner us in a number of activities," the SL-CERT Chairman added.
He also said the 2018 edition of CSW was the biggest to date, and that it was significant since it was the first since the launch of the National Cyber Security Strategy and SL-CERT becoming an independent legal entity, as opposed to it being part of ICTA previously.
Among experts who made presentations at the forum included H. Ogawa, Counsellor, Cabinet Secretariat, Director for International Strategy, Japan National Centre of Incident Readiness and Strategy for Cybersecurity, Japan; Dhanya Thakkar, Vice President Trend Micro Asia Pacific, Middle East and Africa; Leonard Kleinman, Chief Cyber Security Advisor, Asia Pacific and Japan, RSA Security LLC; Sean Duca, Vice President, Regional Chief Security Officer, Asia Pacific, Palo Alto Networks; and Hoo Chuan Wei, Chief Cybersecurity Officer, Cybersecurity Systems Group, ST Engineering Electronics, Singapore. Local experts included WSO2 Founder, Chief Architect and Chairman Dr. Sanjiva Weerawarana and Bandaranaike Centre for International Studies Director Dr. Harinda Vidanage.
Secretary Ministry of Digital Infrastructure Chulananda de Silva, ICTA Chairman Prof. Rohan Samarajiva, CEO Damith Hettihewa and SL-CERT CEO Lal Dias were among officials present at the opening.
Apart from the full day conference, the 2018 Cyber Security Week comprised technical workshops, a hacking challenge and an information security quiz.
Principal sponsors of the Cyber Security Week 2018 were EZY, Trend Micro and VMWare, Gold sponsors were Just In Time Group, RSA, Intel and Dell and Silver sponsors were APNIC, Paloalto and ST Engineering. Official Payment Network was LankaPay, Education Partner was ISC2, and the Communication Partner was Dialog. Daily FT along with Sunday Times and Daily Mirror were the Print Media sponsors.