Joint action needed to build force against cybercrime

Only a concerted effort can build an appropriate safeguard against cybercrime, says ICT Agency of Sri Lanka (ICTA) CEO Reshan Dewapura.

Dewapura said so during his keynote address at the fourth annual national conference held in Colombo recently (19).

Organized by the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT), a fully owned subsidiary of ICTA, the conference was part of the Cyber Security Week 2011.

“It is only through the joint actions of governments and citizens as a whole, as a cohesive force, that a reliable shield against cybercrime can be built”, Dewapura emphasised.

Citing at the outset Research In Motion’s recent catastrophe as an indication of the threat that cyber-warriors could pose, Dewapura stressed the need for concerted effort to stall cybercrime.

In an effort to emphasise the fact that cybercrime is a real threat requiring all possible synergic endeavour he said: “Cyberspace is not so different from the traditional spaces of social interaction.

Threats in cyberspace are very real. The number of cyber attacks in the world is constantly growing and so is the cost due to cybercrime. Cybercrime affects the very base of the social and economic wellbeing of the general public.

New threat

“Today, in the light of these new realities and this major new threat to security - not only to the citizens but to the very functioning of the national economies, each state’s contribution to combating cybercrime becomes particularly important.

“There is no country that, in this age of cyber terrorism, can remain indifferent and unresponsive, or rely on nature or geography (like in the old days) to protect it against malicious acts, because in addition to bringing people closer, the Internet has eliminated distances and differences, while placing at the hands of criminals a very powerful means of organized acts of crime.

“It is only through the joint actions of governments and citizens as a whole, as a cohesive force, that a reliable shield against cybercrime can be built”.

Moving on to place the effort to establish a mechanism for tackling cybercrime and the setting up of Sri Lanka CERT in the perspective of national development Dewapura said: “The e-Sri Lanka initiative, of the government of Sri Lanka, commenced implementation in 2005, under the innovative strategies of the government’s policy document Mahinda Chinthana. This initiative looked to take the benefits of ICT to every citizen in every villages and to re-engineer how government works.

IT systems

“It was envisaged that, Sri Lanka will become an ICT driven nation and cyberspace will be a major medium for service delivery.

“The Information and Communication Technology Agency of Sri Lanka, as the apex body for ICT in the country, found it greatly necessary to establish a mechanism to tackle the potential threat from cybercrime in the face of this e-development activity, which saw huge amounts of ICT Infrastructure and IT systems being implemented.

“Hence, the Sri Lanka Computer Emergency Readiness Team (CERT), was created as a fully owned subsidiary of ICTA in 2006, as the Centre for cyber security in Sri Lanka. Sri Lanka CERT has been mandated to protect nation’s information infrastructure, to coordinate protective measures and respond to cyber security threats and vulnerabilities”.

Pointing out the need for widening of the spectrum needed to combat cybercrime Dewapura said: “Today, critical infrastructures such as transportation, public utilities such as electricity and water supply and health care can all be targets of cyber criminals.

Foreign experts

“Therefore, the necessity for all public and private sector institutions to work together, to establish public-private partnerships for capacity building in law enforcement and the judiciary, as well as training and dealing better with cyber-attacks should be high on the agenda”.

Driving home the global nature of cybercrime to the audience at the conference, graced by the presence of participants including local and foreign experts, ICTA CEO said: “Internal Security Strategy adopted by most nations in recent year’s, mentions that fighting cybercrime and cyber security, are high on their lists of security challenges. Cybercrime is a global problem and, therefore, needs a global response”.

Pointing out the relevance of global co-operation even for ensuring security in Sri Lanka Dewapura said: “The exchange of information and analysis on cyber attacks to harmonize legal definitions and legislation for cyber conflicts is an absolute necessity. Therefore the establishment of partnerships with the global community is of paramount importance, if we intend to successfully fight cyber-criminals and strengthen the security of Sri Lankan networks”.

Create awareness

Urging citizens and companies to join in the effort to combat cybercrime and showing how this could be done in a practical way the ICTA CEO stated: “Citizens and companies must be encouraged to report crimes more often, since crimes cannot be solved if they are not reported in the first place. In this respect, it is necessary to create awareness - for government departments, as well as the general public in order to understand the type of cyber crimes that needs reporting.

“Cybercrime cannot be handled in isolation, there has to be extensive cooperation and coordination, both internal and external. The old dividing lines between Defence and Security, Law Enforcement and Judiciary, Public and Private, etc do not hold in Cyberspace; therefore, governments need to coordinate activities across ministries and departments using broad national cyber security strategies by appointing lead agencies or individuals”.

Practical proposals

ICTA CEO commended Sri Lanka CERT for its endeavours to combat cybercrime and recommended five practical proposals, to help create a safer cyberspace in Sri Lanka. These had been formulated with the great assistance of the COO of Sri Lanka CERT Lal Dias:

l We have to recognize that it is the responsibility of the government to ensure that national networks are secure and have not been penetrated. To achieve this, the nation’s cyber activities need to be coordinated on both the institutional, district and provincial levels. And this has to be led by the Apex Agency of Cyber Security in Sri Lanka, SLCERT.

l Centralized bodies such as Sri Lanka CERT, Law Enforcement Agencies and the Legislature should focus on areas where it has particular competence, such as protecting critical infrastructure and coordinating legal structures, as well as regulating and working with business, consumer protection privacy, and anti-terrorism.

l The national security policy would need to be extended to include a cyber security agenda that covers the length and breadth of the country, in order to take the message to the people that cyber security is compatible with individual rights, privacy and freedom of speech.

l This national security and defense policy can be used for furthering Sri Lanka’s cyber security agenda; this policy must also ensure that military operations and civilian missions are protected against cyber attacks. Cyber defence should be made an active capability of the country as a whole; it is crucial that Sri Lanka takes advantage of the overlaps it shares with its powerful Asian neighbours to coordinate activities between our countries.

l Establish Public Private Partnerships - It is essential for governments to cooperate with the private sector, as the majority of web infrastructure is in private hands. All developed nations have identified this and are working closely with the private sector, and the private sector in return should reciprocate equally”.

Affirming that the outcome of implementing these proposals will yield positive results Dewapura added: “These recommended proposals, when fully implemented will go a long way in strengthening our defenses against cyber attacks, and staying ahead of the cyber criminals. The government is already making concrete plans to successfully implement these in the shortest possible time”.