Tuesday Apr 28, 2026
Tuesday Apr 28, 2026
Tuesday, 28 April 2026 01:51 - - {{hitsCtrl.values.hits}}
 |
 |
 |
 |
 |
| Chief Opposition Whip Gayantha Karunathilaka |
Deputy Finance and Planning Minister Dr. Anil Jayantha Fernando |
Opposition MP and President’s Counsel Faiszer Musthapha | Industry and Entrepreneurship Development Deputy Minister Chathuranga Abeysinghe | Treasury Secretary Dr. Harshana Suriyapperuma |
The Government has rejected an Opposition request at the party leaders’ meeting to hold a parliamentary debate on the $ 2.5 million Treasury cyber breach, as scrutiny intensifies over the circumstances of the loss and the handling of its aftermath.
Chief Opposition Whip Gayantha Karunathilaka said the matter was raised at a party leaders’ meeting held yesterday, where the Opposition called for a debate when Parliament reconvenes on 5 May. He said the Government did not agree to allocate time for the discussion.
Govt. says Rs. 9.5 billion ‘Rebuilding Sri Lanka’ Fund secure
Amidst the intensifying fire, the Government was yesterday compelled to assure that State funds were secure.
The Government has pushed back against concerns over the ‘Rebuilding Sri Lanka’ Fund, assuring that all donations are securely held and utilised in line with established laws and regulations.
Deputy Finance and Planning Minister Dr. Anil Jayantha Fernando said a total of Rs. 9,583 million had been received as of 24 April, with contributions flowing in from Sri Lankans living in 49 countries as well as foreign donors.
Issuing a special clarification via a video message, the Minister rejected allegations raised by various parties regarding the management of the Fund, describing them as “false and baseless,” and stressed that accountability mechanisms are firmly in place.
The Fund forms part of broader recovery efforts following Cyclone Ditwah, for which the Government approved a Rs. 500 billion supplementary allocation last December to support affected communities.
Dr. Fernando said a Presidential Task Force has carried out comprehensive damage assessments and expanded its scope to include wider recovery needs, with eight subcommittees, including one dedicated to finance and funding, overseeing implementation.
He acknowledged that disbursement and project execution may face delays due to the complexity of assessments and planning, but stressed that the objective is to rebuild affected areas to a higher standard and improve long-term living conditions.
“The intention is not just recovery, but to improve the living standards of those affected beyond what existed before,” he said.
Risks to national security, economic stability
Opposition MP and President’s Counsel Faiszer Musthapha has called for the immediate appointment of a Presidential Special Investigation Committee to probe the $ 2.5 million cyber breach involving the General Treasury, warning of broader risks to the economy and national security.
“If the diversion of $ 2.5 million from the General Treasury to a wrong party is indeed a cyber heist, the entire economic fabric of Sri Lanka is at risk. Therefore, a Presidential Special Investigation Committee must be appointed immediately,” Musthapha said.
He said the incident should not be viewed solely as a financial loss but as a threat to national security, particularly given its link to the Treasury, which sits at the centre of the country’s financial system.
Musthapha said the breach highlights the need to reassess the resilience of Sri Lanka’s cybersecurity architecture, noting that even highly secured global systems have been exposed to cyber attacks.
He called for an investigation led by technical experts, including those with international experience, stressing that accountability must be pursued irrespective of political affiliation.
The MP also urged the Government to work with the Opposition in efforts to recover the diverted funds, given the broader implications for public finance management.
He said the incident comes at a time when key institutions, including the banking system and the Inland Revenue Department (IRD), are undergoing digitalisation, making it necessary to review whether existing security protocols remain adequate.
Musthapha also proposed the inclusion of subject-matter experts such as Dr. Hans Wijayasuriya in the investigative process.
He warned that failure to address underlying technical vulnerabilities and strengthen system safeguards could have wider implications for the economy, describing the breach as a signal risk to the country’s financial sovereignty.
Lawyers flag reporting and transparency issues
The $ 2.5 million Treasury cyber breach has taken a legal turn, with the Free Lawyers Organisation yesterday alleging lapses in procedural reporting and calling for greater transparency from the Government.
The group said that five days after the alleged cyber attack involving a Treasury transaction, the relevant facts had not been presented before a Magistrate’s Court. It also claimed that investigators had yet to record statements from the officials who were suspended in connection with the incident.
Against this backdrop, the organisation issued 22 questions addressed to President Anura Kumara Dissanayake and the Cabinet, seeking clarity on the timeline of events, administrative accountability, and the handling of the investigation.
The questions centre on whether the President, in his capacity as Finance Minister, was informed of the breach when it occurred and what actions followed. They also probe whether complaints were lodged with law enforcement in a timely manner, and whether any delay constitutes a failure of oversight.
The organisation further questions whether the incident reflects deeper weaknesses across institutions linked to finance, digital systems, and national security. It asks whether the Government accepts responsibility for the breach and whether existing controls were adequate to prevent such an incident.
A key area of focus is the role of the Treasury Secretary, including whether due process was followed in responding to the breach and whether the integrity of preliminary investigations has been maintained. The group also raises concerns about whether a fair and impartial inquiry can proceed under current administrative arrangements.
Investigation update
The $ 2.5 million Treasury cyber breach is widening into a broader institutional failure, with investigators now probing potential internal lapses alongside external intrusion, as the Criminal Investigation Department (CID) escalates its forensic inquiry.
The inquiry has taken a more serious turn with the reported disappearance of documents linked to a future loan repayment to France from Finance Ministry systems. Officials believe the same actors may be attempting to stage a second fraud, suggesting that the initial breach may not have been contained.
Police said statements have been recorded from seven officials drawn from the External Resources Department (ERD) and the Public Debt Management Office (PDMO) of the General Treasury. Several computers including laptops used by these officials have been taken into custody for forensic analysis, as investigators attempt to reconstruct how a payment intended for an Australian creditor was diverted.
The breach, traced to unauthorised access to the ERD’s email system, has already led to the suspension of four senior officials, including an Additional Director General and Director from the PDMO, and a Director and Assistant Director from the ERD.
Investigators are working with the Sri Lanka Computer Emergency Readiness Team (SLCERT) to analyse the technical breach, while the Australian Federal Police has joined the probe under an existing bilateral arrangement on financial crimes. Technical logs have been shared with Australian authorities to track the movement of funds and identify perpetrators.
A senior Government official acknowledged that investigators are examining the possibility of internal assistance to external actors. Dr. Fernando said the compromise of Treasury communication systems pointed to “clear negligence” in payment handling, while not ruling out deliberate manipulation.
“In the future, all loan repayments will have to be approved by the Central Bank of Sri Lanka (CBSL) as well so that there is no chance for a similar situation,” he said, adding that additional safeguards have been introduced to secure internal systems.
The episode has also drawn attention to a “vulnerable” transition period in public debt management, as responsibilities shift from the CBSL to the Treasury, creating overlapping controls and potential gaps in verification processes.
Industry and Entrepreneurship Development Deputy Minister Chathuranga Abeysinghe has framed the breach as part of a broader pattern of administrative weakness rather than an isolated incident.
He pointed to “negligence and vulnerability in Treasury payments,” linking the episode to wider inefficiencies across Government systems, including the text book controversy, Customs clearance bottlenecks, and coal procurement complications.
The incident has intensified scrutiny over public financial management at a critical juncture, as Sri Lanka navigates fiscal consolidation and debt restructuring. Dr. Suriyapperuma has sought to reassure creditors that debt servicing remains intact, even as investigations continue.
The breach, involving funds due to Export Finance Australia, has exposed weaknesses in verification protocols within the ERD and raised questions about control frameworks during institutional transition. For investors and creditors, the issue is less the loss itself than what it reveals about process integrity in sovereign financial operations.
President, Finance and Digital Economy Minister Anura Kumara Dissanayake
In open letter to President Anura Kumara Dissanayake, call for formal advisory mechanism linking Govt. and professionals
Propose governance structure, accountability, and gap assessment
The Digital Trust Alliance yesterday called for a structured overhaul of cybersecurity governance across the public sector, following the reported diversion of approximately $ 2.5 million from Finance Ministry systems.
In an open letter to President and Finance and Digital Economy Minister Anura Kumara Dissanayake, the group said the incident highlights weaknesses in institutional preparedness, accountability, and cyber risk management.
The Alliance proposed a formal advisory engagement between Government and professional bodies to drive practical reforms, including a dedicated governance structure, clearer accountability, and a comprehensive gap assessment of existing systems.
It also recommended aligning public-sector cybersecurity practices with global frameworks and convening a focused roundtable to define priorities and implementation steps.
The letter is as follows:
“We write on behalf of the Digital Trust Alliance and a coalition of professional organisations representing cybersecurity, information systems audit, digital trust, ICT governance, and related professional disciplines in Sri Lanka.
Considering the recent cybersecurity incidents reported in relation to Government financial systems, we believe it is imperative that Sri Lanka adopts a more robust, structured, and governance-led approach to cybersecurity across the public sector.
Public reporting has referred to the diversion of approximately $ 2.5 million following a breach of Finance Ministry systems, with investigations now underway into the circumstances of the incident. We recognise that investigations are ongoing and do not seek to prejudge the facts. However, the incident has understandably raised serious public concern and has highlighted the need for stronger institutional preparedness, clearer accountability, and more resilient cyber governance mechanisms.
Our purpose in writing is not to criticise the Ministry or any public institution. Rather, as responsible professionals in the field, we believe this is a timely moment for the professional community to offer constructive support to the Government of Sri Lanka.
Cybersecurity is no longer only a technical concern. It is now a matter of financial integrity, public trust, institutional continuity, and national resilience.
Internationally, professional bodies have played an important role in supporting governments to strengthen cybersecurity governance, audit, assurance, and regulatory frameworks.
For example, Information Systems Audit and Control Association (ISACA) has contributed evidence and expertise to UK policy and legislative processes on cyber resilience, audit reform, governance, and professional standards. Similar structured engagement between Government and recognised professional bodies can be valuable for Sri Lanka, particularly at a time when public sector digital systems are becoming more central to economic management and citizen services.
We, therefore, respectfully propose the establishment of a structured advisory engagement between the Ministry, relevant Government institutions, and the undersigned professional organisations. The objective would be to assist the Government in identifying practical governance, assurance, and implementation measures that can strengthen cybersecurity resilience across critical public sector systems.
In our view, the greatest value of such an engagement would not be general discussion or one-off consultation. The real benefit would come from a clear process that leads to specific, implementable outcomes.
These may include:
*A designated Government cybersecurity governance structure: A formally designated team or committee with the authority, technical understanding, and institutional mandate to receive recommendations, coordinate across agencies, and drive implementation.
*Clear ownership and accountability: Cybersecurity recommendations should be linked to responsible officials or institutions, expected outcomes, and realistic review timelines. This will help ensure that advice does not remain merely advisory but can be translated into measurable institutional improvement.
*A structured maturity and gap assessment: A practical review of current governance arrangements, incident readiness, third-party risk management, payment and communication verification controls, business email compromise safeguards, and escalation procedures.
*Alignment with recognised cybersecurity governance frameworks: The engagement may be anchored to globally recognised frameworks such as the NIST Cybersecurity Framework 2.0, which organises cybersecurity outcomes across Govern, Identify, Protect, Detect, Respond, and Recover functions. Such an approach would provide a common language for Government, technical teams, auditors, and policymakers.
*Focused public-sector cybersecurity roundtable: We propose convening an initial roundtable with a carefully selected group of senior public officials, cybersecurity professionals, audit and governance experts, and relevant statutory bodies. The purpose would be to identify immediate priorities, agree on a structured engagement process, and define the institutional outcomes expected from the exercise.
We respectfully suggest that the Ministry consider inviting the participation of key institutions such as the Digital Economy Ministry, Sri Lanka Computer Emergency Readiness Team (SLCERT), the Data Protection Authority, GovTech, and other relevant agencies whose mandates intersect with cybersecurity, digital governance, financial systems, and public sector accountability.
For this process to be useful, we believe the Government would benefit from appointing a designated senior point of contact and identifying a small implementation-focused team. This would help ensure that the engagement remains practical, coordinated, and capable of producing recommendations that can be acted upon. It would also allow the professional bodies to engage with the appropriate officials, understand institutional constraints, and tailor any guidance to the realities of Government operations.
The undersigned organisations stand ready to contribute their expertise in a constructive and professional manner. Our collective membership includes certified cybersecurity professionals, information systems auditors, governance specialists, privacy professionals, cloud security experts, and ICT practitioners with experience across both local and international contexts.
We believe that a structured engagement of this nature would provide the Government with several important benefits: independent professional insight, access to globally recognised good practices, strengthened public confidence, clearer implementation priorities, and a more mature approach to cybersecurity governance across the public sector.
We would be grateful if the Ministry would consider this proposal and indicate whether it is willing to initiate a formal dialogue with the undersigned organisations. Should the Ministry see value in this exercise, we would be pleased to coordinate an initial meeting at your convenience and thereafter support the development of a practical engagement roadmap.
We make this offer in the spirit of national responsibility and professional service. At a time when digital trust is central to public confidence, we believe collaboration between Government and the professional community can make a meaningful contribution to strengthening Sri Lanka’s cyber resilience.”
The letter was signed by Digital Trust Alliance President Lakmal Embuldeniya, ISACA Sri Lanka President Indika Rajakaruna, International Information Systems Security Certification Consortium, Inc. (ISC2) Sri Lanka Secretary Kanishka Yapa, Cloud Security Alliance Sri Lanka President Neranjan Dissanayake, and BSides Sri Lanka Representative Haran Mamankaran.
