Sri Lanka just came out with a draft bill for a proactive, national cyber-defense entity. This entity functions by designating systems as Critical Information Infrastructure (CII) and then appointing people responsible for reporting security breaches and so on and so forth. The legalese looks like this: Part V 18(1) states that “the Agency shall identify and recommend to the Minister the designation of a computer or computer system as CII for the purposes of this Act, if the Agency is satisfied that- (a) the computer or computer system is necessary for the continuous delivery of essential services for the public health, public safety, privacy, economic stability, national security, international stability and for the sustainability and restoration of critical cyberspace or for any other criteria as may be prescribed and the disruption or destruction of which would likely to have serious impact on the public health, public safety, privacy, national security, international stability or on the effective functioning of the government or the economy; and (b) the computer or computer system is located wholly or partly in Sri Lanka… The current proposed version gives the Agency the right to designate even corporate computer systems as CIIs, bust down their doors, inspect […]
United Nations Economic and Social Commission for Asia and the Pacific (UN-ESCAP), and their Asia Pacific Information Superhighway (AP-IS) initiative, might consider offering their member states: A set of tools and methodologies for technology stewards to assess their own E-Resilience in their organizations and communities; then, supply the quantitative and qualitative findings to include in an AP-IS database for researchers and practitioners to use in analyzing national, cross-boarder, and regional strategies for addressing E-Resilience. Best-practices for developing community centered communications networks with options for reliable and proven back-haul and interconnection; along with their resilience to various disaster, geographic and socioeconomic constraints. Guidelines for building Business Continuity – Disaster Recovery Plans (BC-DRPs) that comply with emergency communications requirements; taking into consideration survivability & availability and Rapid Restoration of Access to Telecommunication (RReAcT) programs These were three key recommendations contributed to the 2nd session of the AP-IS steering committee and WSIS regional review meeting held 27th & 28th September 2018, UN Conference Center in Thailand. The event was a precursor to the Committee on Information and Communications Technology & Science, Technology and Innovation, Second session. The main contribution, of my talk, was to cover E-Resilience: i.
Cybersecurity of developing countries is most at risk! Gartner projects that more than 20 billion IoT devices will be connected by 2020. The security of these Internet Of Things (IOT), relating to cyber security, in a broader sense hinges on service continuity and availability. Whether it be a DDoS attack that affects the availability or a malicious attack on the configuration that brings down the IoT device(s) or exposes private data, they all converge on the concept of cybersecurity. LIRNEasia partnered with Vanuatu Office of the Government Chief Information Officer, Prime Minister’s Office, Netherlands Radio communications Agency / University of Twente and the Internet Society (ISOC) in introducing the Raster Tool and engaging the participants in an IOT cybersecurity assessment exercise.
When people were getting their knickers in a twist in relation to Y2K problem, I was in government. I used to get a lot of questions about it. Part of my job was to prepare for all eventualities, without creating unnecessary panic. My response Y2K hype always included reference to a Sinhala aphorism about people who slept on mats on the floor had little to fear about falling off beds. Appears that logic will not apply to cyber warfare.
Some time back I wrote about the dangers of the emergence of an International Internet Union at the behest of Vladimir Putin and Hu Jintao. They’ve held a conference in London to beat it back, but apparently were missing something really important: a counter narrative. In his closing message, he said: “State-sponsored attacks are not in the interests of any country, long term… those governments that perpetrate them need to bring them under control.” He did not name names. Some private-sector delegates like Wikipedia founder Jimmy Wales were less reticent.