India has initiated the revival of the Colombo Security Conclave, a cooperative framework involving India, Sri Lanka, the Maldives, Mauritius, the Seychelles, and Bangladesh, with a focus on maritime and security cooperation. The first meeting included discussions on four key areas of cooperation, including cybersecurity. The Colombo Security Conclave has embarked on strengthening capacity building and academic cooperation in cybersecurity, emphasizing post-incident response and digital forensics. While the nations involved have varying levels of cybersecurity maturity, India may assume a leadership role in the group. India's interest in regional cybersecurity cooperation may be driven by geopolitical considerations, particularly in countering China's influence in the Indian Ocean region. India aims to become a leader in cybersecurity and expand its digital economy, with the Colombo Conclave serving as a platform for regional cybersecurity collaboration.
Cybersecurity is a growing concern in today's technology-driven world. While technologies like Artificial Intelligence, Blockchain, and Quantum Computing have enabled automation and convenience, they have also given rise to cybercrimes such as DDoS attacks, phishing, and ransomware. These attacks are increasingly automated using advanced technologies.
Cybersecurity is a dynamic field, with new threats constantly emerging. There is a global shortage of cybersecurity professionals, and there's a need for greater awareness and training in this area. In an interview with Cyber Security Specialist Asela Waidyalankara, he emphasized the importance of addressing cyber threats and suggested two legislative measures: the Cyber Security Act and the Data Privacy Act, to manage incidents and protect data online.
The security of smart devices, especially smartphones, is crucial due to their extensive use for various activities, including storing personal data. Attackers can extract data from these devices, making privacy and data protection paramount.
Regarding Huawei's ecosystem, Waidyalankara expressed confidence in its security measures. Huawei's HMS (Huawei Mobile Services) ecosystem has numerous compliance certifications, including GDPR, GAPP, Trust E, PCI, EMVCo, CSA STAR, ISO 27001, and secure development certifications. These certifications demonstrate Huawei's commitment to data protection and privacy. Huawei ID is highlighted as a protective feature within the ecosystem.
In summary, cybersecurity is a significant concern given the increasing prevalence of cybercrimes. Legislation and compliance certifications, as well as robust security measures in technology ecosystems like Huawei's HMS, play a crucial role in mitigating these threats.
Sri Lanka's President Gotabaya Rajapaksa has ordered the creation of a digital database of citizens, linking their bio-data to various activities such as income tax and voting. The project, overseen by the Information and Communication Technology Agency (ICTA) and a Presidential Task Force, is seen as a response to the COVID-19 pandemic and the need for a digital identity system. Sri Lanka already has a well-developed National Identity Card (NIC) system, and the new initiative aims to digitize and integrate different identity registers, improving public sector efficiency. However, concerns have been raised about the cybersecurity of such a system, with some officials downplaying cybersecurity worries.
Sri Lanka is prioritizing the implementation of a national biometrics-based digital identity project called the Unitary Digital Identity Framework (UDIF), similar to India's Aadhaar program. However, cybersecurity experts have expressed concerns over the lack of data protection laws and potential cybersecurity risks.
Key points:
Sri Lanka plans to adopt a digital identity framework similar to India's Aadhaar program, following a grant offer from India.
The Aadhaar framework, based on the India Stack, has the world's largest biometric database but has faced data breach incidents in the past.
Sri Lanka lacks data protection laws, raising concerns about data security in the implementation of the UDIF.
The absence of data regulations also poses challenges for data customization and localization.
Cyberattacks from anti-government entities, including hacktivists, are potential risks to the database.
Implementation of the framework is costly, and Sri Lanka faces challenges in reconciling fragmented citizen data and digitizing historical records.
In summary, Sri Lanka's adoption of a digital identity framework similar to Aadhaar presents cybersecurity and data protection challenges, particularly in the absence of robust data regulations and potential cybersecurity threats.
The e-Grama Niladhari project was initiated in Sri Lanka in response to the COVID-19 pandemic, promoting the use of online information and services to increase efficiency in government agencies. The Immigration and Emigration Department and the Department of Registration of Persons continue to use digital workflows, which have streamlined services such as passport and National Identity Card issuance, saving citizens time.
The digitization effort extends to the Household Registry maintained by Grama Niladhari officials, with data collection beginning in 2023. The project aims to improve service efficiency and reduce the laborious task of form-filling for various certificates and letters obtained from Grama Niladhari offices.
However, some concerns have been raised on social media about the extensive information required for the e-Grama Niladhari project and the security of data collected through printed forms. Citizens worry about data leaks, fraud, and identity theft.
The e-Grama Niladhari project is aimed at providing technological tools to Grama Niladharis, who are government officials citizens frequently interact with. The project requires Grama Niladharis to collect detailed data from residents in their administrative divisions to confirm residency.
To address data protection concerns, Sri Lanka has enacted the Personal Data Protection Act No.9 of 2022, which allows the public to hold authorities accountable for the personal data gathered. Despite these concerns, there is legislative support in case of data breaches.
Cybersecurity experts suggest more efficient data collection methods, such as providing a data entry platform for Grama Niladhari officials and allowing residents to update their records. They also stress the importance of public awareness and reassurance about the security and authorized access to collected data.
The data collection includes information about homeowners, residents, and household infrastructure, enabling efficient service provisions and certificate issuances through the e-Grama Niladhari portal. Information about the project is available on the 'eGramaNiladhari' YouTube channel.
The "techlash," a strong backlash against major tech companies, is expected to lead to legal and regulatory changes in 2020. Access Partnership, a UK public policy consultancy, highlights 10 trends for tech leaders:
In Sri Lanka, cybersecurity and data protection laws are still evolving, and the National Digital Policy is set to be announced in 2020.
Technology Consultant Asela Waidyalankara expressed concerns about Sri Lanka's lack of clear regulations for managing digital data of individuals. He highlighted that people's data has been exploited, citing instances like unsolicited propaganda during elections. Waidyalankara mentioned that the Data Protection Act is in progress but may take a while to come into effect due to the need for organizations to adapt their processes. Additionally, the Cybersecurity Bill is also being finalized and is expected to be presented to the cabinet soon.
The Cybersecurity Bill will address online security and be introduced under the National Cyber Security Strategy. It aims to combat various cybercrimes such as credit card fraud, hacking, and cyber-terrorism. Sri Lanka has improved its cybersecurity ranking, currently standing at 69th, thanks to organizations like the Sri Lanka Computer Emergency Readiness Team (SLCERT) and ICTA actively monitoring and safeguarding the digital platform.
With both the Data Protection Act and Cybersecurity Act in progress, Sri Lanka aims to become a safer and more secure digital environment in the future.
Sri Lanka's police force, the Sri Lanka Police (SLP), has been slow to embrace digital transformation despite efforts in other government sectors. The SLP primarily uses digital solutions for limited purposes like email communication and basic data entry. However, recognizing the importance of data analytics in modern policing, there have been steps taken in this direction.
Predictive policing, which utilizes data analysis to optimize resource allocation and prevent crimes, is gaining traction globally. While Sri Lanka has some foundational elements in place, such as the digital Criminal Records Division (CRD) and advanced surveillance technologies like CCTV systems and drones, the missing piece is facial recognition technology.
The potential implementation plan involves strengthening the CRD's data analytics unit, upgrading CCTV systems with facial recognition capabilities, and leveraging the eNIC project for demographic data. However, predictive policing also raises concerns related to privacy and misuse, which require legal provisions and oversight.
In conclusion, embracing predictive policing could enhance the SLP's efficiency and transform it into a more agile and effective law enforcement agency, provided that privacy and ethical concerns are appropriately addressed.
In Sri Lanka, there have been persistent rumors about SIM card replication, causing concerns among citizens. However, State Minister of Technology Kanaka Herath has dismissed the possibility of SIM card replication, citing the rigorous identity verification measures in place when issuing SIM cards. Telco insiders also consider these rumors unfounded, attributing them to sensationalist sources.
Instead, there is growing concern about cybercriminals using social engineering tactics to deceive individuals into disclosing their One-Time Passwords (OTPs) or installing third-party applications that clone their messages. This strategy bypasses the need for SIM card replication and focuses on obtaining OTPs for illicit financial transactions.
Cyber Security Advisor Asela Waidyalankara acknowledges persistent complaints about SIM replication but suggests that social engineering tactics play a significant role. Cybercriminals aim to capture OTPs to gain access to financial accounts. This approach may not involve SIM card replication but relies on manipulating individuals into revealing their OTPs.
Waidyalankara highlights the importance of digital literacy in safeguarding against such cybercrimes. He advises caution when sharing personal information and mobile numbers on social media, as this can inadvertently expose sensitive data. Digital literacy and awareness are essential for protecting personal information in the digital age.
While the issue of SIM card replication remains unsubstantiated, the broader challenge of cybersecurity is a pressing concern. Sri Lanka must educate its citizens about digital security and raise awareness to fortify defenses against cybercrime in an era of evolving digital threats.
Sri Lanka faces a growing cyber threat as it increasingly relies on digital services. Despite having capable cybersecurity professionals, top leadership's lack of awareness and understanding of these threats is concerning. The country has recorded high rates of cybercrime, and its regulatory framework is outdated.
The proposed Cyber Security Bill is yet to be presented, and the existing Computer Crimes Act needs updating. Investigative officers and agencies are often unprepared for cybercrime. This vulnerability puts critical infrastructure at risk.