Joint action needed to build force against cybercrime
Only a
concerted effort can build an appropriate safeguard against cybercrime,
says ICT Agency of Sri Lanka (ICTA) CEO Reshan Dewapura.
Dewapura said
so during his keynote address at the fourth annual national conference
held in Colombo recently (19).
Organized by
the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT), a
fully owned subsidiary of ICTA, the conference was part of the Cyber
Security Week 2011.
“It is only through the joint actions of governments and citizens as
a whole, as a cohesive force, that a reliable shield against cybercrime
can be built”, Dewapura emphasised.
Citing at the outset Research In Motion’s recent catastrophe as an
indication of the threat that cyber-warriors could pose, Dewapura
stressed the need for concerted effort to stall cybercrime.
ICTA CEO Reshan Dewapura |
In an effort to emphasise the fact that cybercrime is a real threat
requiring all possible synergic endeavour he said: “Cyberspace is not so
different from the traditional spaces of social interaction.
Threats in cyberspace are very real. The number of cyber attacks in
the world is constantly growing and so is the cost due to cybercrime.
Cybercrime affects the very base of the social and economic wellbeing of
the general public.
New threat
“Today, in the light of these new realities and this major new threat
to security - not only to the citizens but to the very functioning of
the national economies, each state’s contribution to combating
cybercrime becomes particularly important.
“There is no country that, in this age of cyber terrorism, can remain
indifferent and unresponsive, or rely on nature or geography (like in
the old days) to protect it against malicious acts, because in addition
to bringing people closer, the Internet has eliminated distances and
differences, while placing at the hands of criminals a very powerful
means of organized acts of crime.
“It is only through the joint actions of governments and citizens as
a whole, as a cohesive force, that a reliable shield against cybercrime
can be built”.
Moving on to place the effort to establish a mechanism for tackling
cybercrime and the setting up of Sri Lanka CERT in the perspective of
national development Dewapura said: “The e-Sri Lanka initiative, of the
government of Sri Lanka, commenced implementation in 2005, under the
innovative strategies of the government’s policy document Mahinda
Chinthana. This initiative looked to take the benefits of ICT to every
citizen in every villages and to re-engineer how government works.
IT systems
“It was envisaged that, Sri Lanka will become an ICT driven nation
and cyberspace will be a major medium for service delivery.
“The Information and Communication Technology Agency of Sri Lanka, as
the apex body for ICT in the country, found it greatly necessary to
establish a mechanism to tackle the potential threat from cybercrime in
the face of this e-development activity, which saw huge amounts of ICT
Infrastructure and IT systems being implemented.
“Hence, the Sri Lanka Computer Emergency Readiness Team (CERT), was
created as a fully owned subsidiary of ICTA in 2006, as the Centre for
cyber security in Sri Lanka. Sri Lanka CERT has been mandated to protect
nation’s information infrastructure, to coordinate protective measures
and respond to cyber security threats and vulnerabilities”.
Pointing out the need for widening of the spectrum needed to combat
cybercrime Dewapura said: “Today, critical infrastructures such as
transportation, public utilities such as electricity and water supply
and health care can all be targets of cyber criminals.
Foreign experts
“Therefore, the necessity for all public and private sector
institutions to work together, to establish public-private partnerships
for capacity building in law enforcement and the judiciary, as well as
training and dealing better with cyber-attacks should be high on the
agenda”.
Driving
home the global nature of cybercrime to the audience at the conference,
graced by the presence of participants including local and foreign
experts, ICTA CEO said: “Internal Security Strategy adopted by most
nations in recent year’s, mentions that fighting cybercrime and cyber
security, are high on their lists of security challenges. Cybercrime is
a global problem and, therefore, needs a global response”.
Pointing out the relevance of global co-operation even for ensuring
security in Sri Lanka Dewapura said: “The exchange of information and
analysis on cyber attacks to harmonize legal definitions and legislation
for cyber conflicts is an absolute necessity. Therefore the
establishment of partnerships with the global community is of paramount
importance, if we intend to successfully fight cyber-criminals and
strengthen the security of Sri Lankan networks”.
Create awareness
Urging citizens and companies to join in the effort to combat
cybercrime and showing how this could be done in a practical way the
ICTA CEO stated: “Citizens and companies must be encouraged to report
crimes more often, since crimes cannot be solved if they are not
reported in the first place. In this respect, it is necessary to create
awareness - for government departments, as well as the general public in
order to understand the type of cyber crimes that needs reporting.
“Cybercrime cannot be handled in isolation, there has to be extensive
cooperation and coordination, both internal and external. The old
dividing lines between Defence and Security, Law Enforcement and
Judiciary, Public and Private, etc do not hold in Cyberspace; therefore,
governments need to coordinate activities across ministries and
departments using broad national cyber security strategies by appointing
lead agencies or individuals”.
Practical proposals
ICTA CEO commended Sri Lanka CERT for its endeavours to combat
cybercrime and recommended five practical proposals, to help create a
safer cyberspace in Sri Lanka. These had been formulated with the great
assistance of the COO of Sri Lanka CERT Lal Dias:
l We have to recognize that it is the responsibility of the
government to ensure that national networks are secure and have not been
penetrated. To achieve this, the nation’s cyber activities need to be
coordinated on both the institutional, district and provincial levels.
And this has to be led by the Apex Agency of Cyber Security in Sri
Lanka, SLCERT.
l Centralized bodies such as Sri Lanka CERT, Law Enforcement Agencies
and the Legislature should focus on areas where it has particular
competence, such as protecting critical infrastructure and coordinating
legal structures, as well as regulating and working with business,
consumer protection privacy, and anti-terrorism.
l The national security policy would need to be extended to include a
cyber security agenda that covers the length and breadth of the country,
in order to take the message to the people that cyber security is
compatible with individual rights, privacy and freedom of speech.
l This national security and defense policy can be used for
furthering Sri Lanka’s cyber security agenda; this policy must also
ensure that military operations and civilian missions are protected
against cyber attacks. Cyber defence should be made an active capability
of the country as a whole; it is crucial that Sri Lanka takes advantage
of the overlaps it shares with its powerful Asian neighbours to
coordinate activities between our countries.
l Establish Public Private Partnerships - It is essential for
governments to cooperate with the private sector, as the majority of web
infrastructure is in private hands. All developed nations have
identified this and are working closely with the private sector, and the
private sector in return should reciprocate equally”.
Affirming that the outcome of implementing these proposals will yield
positive results Dewapura added: “These recommended proposals, when
fully implemented will go a long way in strengthening our defenses
against cyber attacks, and staying ahead of the cyber criminals. The
government is already making concrete plans to successfully implement
these in the shortest possible time”. |