Information and Cyber protection approach of Sri Lanka

 Introduction.

Many government organizations in Sri Lanka now depend on the reliable functioning of digital systems and infrastructure. Malicious actors, however, can exploit these digital systems to cause harms such as theft of sensitive information, disruption of day to day operations, damage to the reputation of organizations which in turn can lead to the loss of public trust and confidence in government systems, and place nation’s security, economy, safety and wellbeing at a risk.

Government organizations in Sri Lanka have progressed rapidly over the past decade in developing digital systems to carry out their daily administrative work and to provide services to the general public, other government organizations as well as to the private sector. As organizations become increasingly dependent on digital systems, protecting information and digital infrastructure from unauthorized access, disclosure and destruction, and from natural disasters such as floods and fire have also become a high priority. Information and cyber security policies therefore, should be implemented in organizations to protect digital systems and reduce the risk of operational disruptions in order to provide services in a secure and efficient manner.

Definition of  "CYBER".

• Numerous authorities have furnished exceptional definitions for the word “cyber”. in line with the Cambridge dictionary cyber approach “concerning, the use of or relating to computers, especially the net.
•  In step with the oxford dictionary, cyber method “relating to or characteristic of the culture of computers, information generation and digital reality .

Sri Lanka IT Literacy.

In Sri Lanka IT Literacy is 28.3% and virtual Literacy 38.7%. constant smartphone subscription in line with one hundred population is 12.49, cellular telephone subscriptions in line with one hundred population is 103.16, and broadband subscriptions according to a hundred inhabitants is 10.454. family pc possession is 23.5% whilst the internet usage stands at 21.3%, and email usage at 11%. there's a great disparity in ICT readiness among the city, Rural and Estates sectors in Sri Lanka.

What is cyber Attack?

• A cyber attack is an assault launched by means of cybercriminals using one or more computer systems towards a unmarried or more than one computers or networks.
• A cyberattack is where an attacker tries to benefit unauthorized access to an IT machine for the motive of theft, extortion, disruption, or different nefarious motives.

 Types of Cyber Attacks.

1. Malware
2. Phishing
3. Man-in-the-middle attack (MITM)
4. Distributed Denial-of-Service (DDoS) attack
5. SQL injection
6. Zero-day exploit
7. DNS Tunnelling
8. Business Email Compromise (BEC)
9. Cryptojacking
10. Drive-by Attack
11. Cross-site scripting (XSS) attacks
12. Password Attack
13. Eavesdropping attacks
14. AI-Powered Attacks
15. IoT-Based Attacks

Incidents Reported.

Sri Lanka CERT,CC has seen a sharp rise in the number of cybersecurity-related incidents reported to it during the last few years. Instances reported increased from 71 to 222 between 2010 and 2017. The number of reported events involving social media has also skyrocketed. From 80 instances in 2010 to 3685 incidents in 2017, it has skyrocketed.

• 3685 Social Media Related Incidents Reported.
• 2018 fake social media accounts,829 incidents of hacking social media accounts.
• 416 Incidents on Photo abuse.
• 57 Incidents of threatening and cyberbullying 54 Incidents involving misuse of phone numbers.
• 17 Incidents related to pornographic videos 7 Copyright violations.
• other 287.

                            Some facts as reported to Sri Lanka CERT/CC 2017

2019

• Cyber-protection related incidents reported to Sri Lanka CERT have accelerated inside the yr 2019 as compared to previous year. In 2019, a total of 3566 incidents have been pronounced to Sri Lanka CERT even as it become 2598 in the course of the year 2018. The boom is due to the tremendous range of instances reported for website compromise and privateness associated troubles.

2020

• Majority of the reported incidents fall in to the category of social media associated incidents and on common greater than one thousand instances pronounced every month. most of the social media incidents, as usual facebook associated incidents had been the highest. this could be because of improved use of social media, due to COVID-19 pandemic situation.

Cybercrime policies/strategies.

CERT|CC,

         The ICT Agency of Sri Lanka (ICTA) established Sri Lanka CERT | CC as the country's national CERT in 2006. The primary driver behind the creation of CERT was to address the potential rise in cyber security issues brought on by Sri Lanka's IT infrastructure's explosive growth. It is currently employed by the Ministry of Technology and is registered as a Private Limited Liability Company.

Role of CERT,

•  Have to help the nation to overcome above challenges and Contribute to National Cybersecurity Strategy.
•  Collaborate with law enforcement agencies & International collaboration.
•  Help in protecting the vital national information infrastructure
• Run awareness campaigns for the local judicial system to increase understanding of cybercrimes (attack techniques, potential damage, evidence gathering, etc.)

Local Collaborations

• Sri Lanka Police.
• Ministry of Education.
• NCPA- National child protection authority.
• Hithawathi.
•  Ministry of Women and Child Affairs

The Sri Lanka pc Emergency Readiness group (Sri Lanka CERT) obtained 3907 incidents that are associated with cyber security in yr 2017. Sri Lanka has taken some of measures for the cyber safety based totally on ISO 27000, data sharing policy and legislation together with (Sri Lanka CERT|CC, 2019);

• Electronic Transactions Act No. 19 of 2006.
• Payment devices frauds Act No. 30 of 2006.
• The Intellectual property rights Act.
• Computer crimes Act No. 24 of 2007.

According to Sri Lankan police records, a decrease of the normal crime rate may be recognized. but the study analyzes cyber-crime. This form of crimes steadily expanded. Phishing, abuse privacy, malware, e-mail harassment, fake accounts (Facebook), and intellectual property cases reported to the Sri Lankan Computer Emergency Readiness Team. In addition to this e-banking cases, website hacking, e mail harassment, infant pornography instances said to Cyber-Crime Unit in Sri Lanka police. consistent with the computer crime act of 1997, crime has been identified as a time period used to pick out all of the frauds which might be connected with or related to computer and data technology.

When concerning about the laws prevailing in Sri Lanka,  main acts are related to internet. Those acts are;

• Computer crime Act No. 24
• Electronic transaction Act No. 19
• Information Communication Technology Act No. 27
• Information Communication Technology Act No. 33
• Intellectual property Act No. 26

In Sri Lankan Laws, following can be considered as the laws in Sri Lanka for the prevention of computer and cyber-crimes;

•  Information Communication Technology Act 2003.
• Payment and settlement Act of 2005.
• Intellectual property Act No 36 of 2006.
• Sri Lankan Telecommunication Act No 27 of 1996.

Payment Devices Frauds Act No. 30 of 2006

When considering this act, the Payment devices fraud Act No 30 of 2006 has been introduced to prevent the use of unauthorized or counter payment devices in the country.

Intellectual Property Act No. 36 of 2003

This act contains several new features in relation to the protection of software, trade secrets and integrated circuits.

                                                      https://www.nipo.gov.lk

Computer Crimes Act No. 24 of 2007

The Computer Crimes Act No. 24 of 2007 provides for the identification of computer crimes and stipulates the procedure for the investigation and enforcement of such crimes

Cyber security Act

• To make sure Sri Lanka's National Cyber Security Strategy is implemented successfully.
• To effectively and efficiently avoid, mitigate, and respond to cybersecurity threats and incidents.

  The Electronic Transactions Act No. 19 of 2006

This act is based on the standards established by United Nations Commission on International Trade Law Model Law on Electronic Commerce (1996) and Model Law on Electronic Signatures (2001).

The objectives of the Act as are as follows (Electronic Transactions ACT, No. 19 of 2006);

• To facilitate national and international electronic commerce by eliminating legal barriers and establishing legal certainty.
• To promote the use of trustworthy electronic trade methods.
• To make it easier for people to file documents electronically with the government and to encourage effective service delivery by the government through trustworthy electronic communications.
• To improve public confidence in the authenticity, integrity and reliability of data messages and electronic communications.

            

Terrorists who carry out such acts must be stopped by the people, organizations, and governments who are subject to them. Even though it is an expensive operation, it enables us to effectively track down offenders and uphold the law. As a result, criminals will be deterred from committing crimes. Even though most of us are only now learning about cyber terrorism, it has emerged as a very difficult global issue. To eliminate this menace, the people and the government should cooperate. Through business and governmental initiatives, many nations have achieved notable progress thus far in defending against cyberattacks. But we can prevail in this conflict if we take the appropriate strategic security measures.