On May 23rd 2019, the Government of Sri Lanka posted the Draft Cyber Security Bill on the SL CERT website and invited public comments/input. LIRNEasia submitted comments in response to the SL CERT’s request. Our written comments submitted on 5th June 2019 are available through the link below Comments on the Cyber Security Bill – Sri Lanka 2019 Subsequently in August 2023, the Government of Sri Lanka posted an updated version of the Cyber Security Bill and invited public comments. LIRNEasia once again submitted written comments on 18th August 2023, which can be accessed here. Comments on the Cyber Security Bill – Sri Lanka 2023 The report below analyses the extent to which the input submitted by LIRNEasia in 2019 has been taken into account in the updated (August 2023) version of the proposed Bill
LIRNEasia submitted a response to the Ministry of Technology’s invitation to comment on the Cyber Security Bill uploaded to the website of Sri Lanka CERT in August 2023 (www.cert.gov.lk). The submission addresses specific concerns related to the requirement for accreditation of Cyber Security service providers, the composition of the Cyber Security Regulatory Authority and the definition of the term Critical National Information Infrastructure.
LIRNEasia comments on the proposed Cyber Security Bill for Sri Lanka - 2019
Sri Lanka just came out with a draft bill for a proactive, national cyber-defense entity. This entity functions by designating systems as Critical Information Infrastructure (CII) and then appointing people responsible for reporting security breaches and so on and so forth. The legalese looks like this: Part V 18(1) states that “the Agency shall identify and recommend to the Minister the designation of a computer or computer system as CII for the purposes of this Act, if the Agency is satisfied that- (a) the computer or computer system is necessary for the continuous delivery of essential services for the public health, public safety, privacy, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace or for any other criteria as may be prescribed and the disruption or destruction of which would likely to have serious impact on the public health, public safety, privacy, national security, international stability or on the effective functioning of the government or the economy; and (b) the computer or computer system is located wholly or partly in Sri Lanka… The current proposed version gives the Agency the right to designate even corporate computer systems as CIIs, bust down their doors, inspect […]
Cybersecurity of developing countries is most at risk! Gartner projects that more than 20 billion IoT devices will be connected by 2020. The security of these Internet Of Things (IOT), relating to cyber security, in a broader sense hinges on service continuity and availability. Whether it be a DDoS attack that affects the availability or a malicious attack on the configuration that brings down the IoT device(s) or exposes private data, they all converge on the concept of cybersecurity. LIRNEasia partnered with Vanuatu Office of the Government Chief Information Officer, Prime Minister’s Office, Netherlands Radio communications Agency / University of Twente and the Internet Society (ISOC) in introducing the Raster Tool and engaging the participants in an IOT cybersecurity assessment exercise.
In a wide-ranging interview, Htaike Htaike Aung and Phyu Phyu Thi talk about MIDO and how they approach policy problems in the ICT space. The article.