CERT and ICTA to help defend banks against cyber crime
Monday, 7 July 2014 00:55
Sri Lanka Computer Emergency Readiness Team| Coordination Centre (Sri Lanka CERT|CC), a subsidiary of ICT Agency of Sri Lanka (ICTA), joined hands with the Central Bank of Sri Lanka (CBSL) recently to help banks mitigate computer and internet related crime.
This combined effort to combat cyber-attacks and financial frauds took place when a Computer Security Incident Response Team (CSIRT) for banks was launched last Tuesday (1). BankCSIRT will provide cyber security for all of Sri Lanka’s 23 banks through a common platform to handle information security related incidents in the banking and finance sector.
The launch of the Bank CSIRT initiative held at CBSL was graced by President’s Secretary Lalith Weeratunga (Chief Guest), Governor of the Central Bank Ajith Nivard Cabraal and ICTA Chairman Professor P.W. Epasinghe. Among those present were Deputy Governors of the Central Bank, Ananda Silva and Dr. P.N. Weerasinghe, Sri Lanka CERT CEO Lal Dias, LankaClear Ltd. CEO/GM Sunimal Weerasooriya, ICTA Director/Legal Advisor Jayantha Fernando, Director IT Central Bank, R.A.S.M.Dayarate and CEOs as well as CIOs of banks and senior officials of CBSL.
The event was hosted by LankaClear Ltd., Sri Lanka’s national payment infrastructure provider, the platform initiated in 2008 and managed under the guidance of CBSL.
Delivering the keynote address on the occasion Weeratunga pointed out that the Government, in addition to taking Information Technology to the masses, had been doing a lot of work to protect Sri Lanka’s Cyber space. He added that recently Cabinet of Ministers authorised the Government to make an accession request to the Budapest Convention on Cyber Crime. This will help Sri Lanka to be in line with international statutes and frameworks while allowing it to have access to systems and networks of other countries.
Stressing the importance of this newly launched initiative, the Secretary to the President, Lalith Weeratunga, said that BankCSIRT would prove to be ‘one of the most important cyber crime eradication measures in the banking sector’. He said that in the past, if attacks originated within the country, they were easily isolated due to there being relatively fewer ICT users compared with the present.
He also said that many unsuspecting users had been victims of cyber attacks recently involving the divulging of personal and financial information, and even transferring of funds to attackers’ accounts. “Invasion of information systems occurs on a daily basis. A sudden spike in major phishing attacks, over 250, was recorded during the recent turbulence in Aluthgama, with attackers attempting to take advantage of the chaos,” the Presidential Secretary said.
However in a glowing tribute to Sri Lanka CERT|CC, the Presidential Secretary said that Sri Lanka CERT|CC was able to meet the challenge of protecting the country’s data. Commending ICTA’s subsidiary further Weeratunga said: “Sri Lanka CERT acts as the country’s front line team of soldiers, fighting the war thanklessly, away from the public eye.” The President’s Secretary also praised ICTA for taking steps to establish Sri Lanka CERT, under the World Bank funded e-Sri Lanka Development initiative. Since then Sri Lanka CERT and ICTA have been able to work together with Central Bank and Lanka Clear to build information security policies, legislation and other safeguards for banks and the financial sector, as part of a coordinated effort to ensure financial services sector stability in Sri Lanka. The Presidential Secretary stated that unfortunately not much was known about Sri Lanka’s unique Computer Crimes Act No. 24 of 2007, despite this legislation having the necessary features to deal with almost all aspects of cybercrime incidents. He said that it also had the safeguards to protect citizens, service providers as well as victims in the investigation of Cybercrime cases, because its features resembled the Budapest Convention on Cybercrime. While thanking ICTA for its pioneering work in drafting this legislation, the Secretary said, “When changes to the Criminal Procedure Code and Penal Code are being made, a lot of publicity is given. The same should be done for the Computer Crimes Act.”
The 2007 Computer Crimes Act was derived from the Council of Europe’s Convention on Cybercrime (2001), also known as the Budapest Convention. In a move to become integrated with the global cyber security and criminal justice efforts, the Cabinet of Sri Lanka recently authorised the Government to make an accession request to the Budapest Convention.
“The presence of cyber terrorism and cyber laundering has increased globally. The types of threats encountered evolve in complexity daily, and a high price will have to be paid if the country’s ICT network collapses,” Weeratunga added.
He said that ICT allowed the public new convenience, like being able to transfer money before their morning cup of coffee, or withdrawing money from an ATM on their way to work. “ICT must be taken to the rural areas. The wide ICT network that is being created should be fully utilised, and people should be imparted the simple knowledge of using it,” Weeratunga concluded. The system, accessible through the Bank CSRIT website, was launched by Weeratunga, where he sent out the first informational alert to all member banks.
Participating in the occasion Sri Lanka CERT|CC CEO Lal Dias, gave a succinct picture of the Cyber security situation in Sri Lanka. His presentation covered a wide range of topics. Among these were: ‘Information security in the banking sector’, ‘Why a CISIRT was necessary for banks?’ ‘Bank CSIRT Establishment process’, ‘Bank CSIRT functions’, ‘Benefits of Bank CSIRT’, ‘Baseline security standards’, ‘Registration of third party service providers’ and ‘Incident response’.