SlideShare a Scribd company logo

Sri Lanka Cyber Security Bill Flaws and Improvements

J
Jeewanthi Fernando

Information and Network Security - INS

Technology
1 of 6
Download to read offline
Sri Lanka Institute of Information Technology Master of Science (Information Management) Degree Program Information and Network Security Assignment 2 Cyber Security Bill – Sri Lanka W.M.J.H. Fernando MS18901290
2 New Cyber Security draft Bill for Sri Lanka. The Sri Lanka government has drafted a new “Cyber Security Bill to protect vital information and essential service from cyber-attack. According to Non-Cabinet Minister of Digital Infrastructure and Information Technology Ajith P. Perera. Cyber Crimes Act will also be amended shortly to crack down on cyber-attacks, online security and social media related incidents.
3 A National Information and Cyber Security Strategy has also been unveiled at the launch of Cyber Resilience for Development (CYBER 4DEV) project funded by the European Union (EU) in Colombo. [1] British, Dutch and Estonian governments are the partners for the implementation of the project in collaboration with Sri Lanka’s Ministry of Digital Infrastructure and Information Technology. CYBER 4DEV project will be spearheading the promotion of cyber resilience through “raising awareness on cyber threats; and developing national cyber security strategies.
4 It will also be providing for information assurance and resilience; setting up, training and equipping Computer Emergency Response Teams, building early warning, information sharing and analysis capabilities. Sri Lanka has already shown clear support to this through its national cyber strategy and through signing the Commonwealth Cyber Declaration, agreed in London last year. In that Declaration, members of the Commonwealth agreed to support a cyberspace that supports economic and social development and rights online, to build the foundations of an effective national cyber security response, and to promote stability in cyberspace through international cooperation, he added. The Computer Emergency Readiness Team| Coordination Centre (CERT/CC) has formulated Sri Lanka’s first Information and Cyber Security Strategy to be implemented over a period of five years from 2019 to 2023. [2] The Strategy is an institutional framework that aims to create a resilient and trusted cyber security ecosystem that will enable Sri Lankan citizens to have access to safe digital exposure and facilitate a better future, Dr. Kanishka Karunasena,[3] the research and policy specialist for CERT said. [3] CERT has worked with multi-sectoral institutions, banks and utility organizations to create this cyber security strategy. But current Sri Lanka cyber security bill law having some unclear areas. These are, [4] • “3(3) The Agency shall be the Apex and Executive body for all matters relating to cyber security policy in Sri Lanka and shall be responsible for the implementation of the National Cyber Security Strategy of Sri Lanka.” This implies that SLCERT and NCSOC will be subordinate to CSASL. However, it is not immediately obvious why three separate institutions are necessary. Siloes and delays in communication across institutions are not conducive to the cybersecurity area, where working fast and staying ahead of emergent threats is imperative. Increased budgets and bloated institutional structures are also unaffordable in budget- and skills-constrained countries like Sri Lanka. [4] As the example, Singapore which has a well-defined structure with the National Cybersecurity Agency of Singapore as the “national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development” and the Singapore Computer Emergency Response Team (SingCERT) a unit within the Agency responsible for facilitating the detection,
5 resolution and prevention of cyber security related incidents on the Internet relevant to Singapore. • Another confusion is about the seemingly relative imbalance of power between CSASL and SLCERT. Part II 4(2) states that “in the discharge of its powers and functions, the Agency [CSASL] shall at all times consult Sri Lanka Computer Emergency Readiness Team [SLCERT] and ensure the said powers are carried out through the institutions established under Part IV of this Act.” While it is natural that consultation shall occur with an agency that is likely to have a high level of expertise, it is unclear why CSASL always must consult SLCERT. [4] • Further contributing to the confusion of hierarchies is Part II 5(1)(a)(iv), which states that a member nominated by the Board of Sri Lanka Computer Emergency Readiness Team is to be an ex-officio member of the CSASL Board. It is unclear why a member of a subordinate institution (SLCERT) should have a seat in the CSASL Board. The reverse makes sense, thinking through normal governance hierarchies.[4] • Part VII 21(3) “Every person who being the owner of a CII who fails, without reasonable cause, to fulfill the obligations imposed under this Act or fails to report cyber security incidents to the Agency and CERT, in accordance with section 19(1) (c) to (f), commit an offence under this Act and shall on conviction be liable to a fine not exceeding two hundred thousand rupees or to imprisonment for a term not exceeding two years or to both such fine and imprisonment.” By mandating a fixed penalty (financial and jail time), the Bill violates the important principle that the punishment should be proportional to the crime. Attacks on a CII that causes billions of rupees of damage and one that causes hundreds of rupees of damage could be treated equally when assigning such penalties. − We propose other methods of calculating fines be considered - for example, a penalty that increases by a prescribed amount each day an identified security violation is left unaddressed. Here, the number of days acts as a proxy for the damage caused. − Another question to be asked is if there a need to introduce punitive actions on parties deemed to have failed in their responsibilities to contain any fallout from “cybersecurity incidents”? Will this be an effective approach to address the problem?[4]
6 References [1] “Flaws in draft cybersecurity bill under review,” The Sunday Times Sri Lanka. . [2] “Sri Lanka’s unsung cyber security champions.” [Online]. Available: http://www.ft.lk/columns/Sri- Lanka-s-unsung-cyber-security-champions/4-677891. [Accessed: 18-Aug-2019]. [3] “Sri Lanka introduces new legislation to protect people from cyber-attacks,” The Sunday Times Sri Lanka. . [4] “Cyber_Security_Bill_2019-05-22_LD_Final_Version.pdf.”.

Recommended

Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Cyber swachhta kendra20
Cyber swachhta kendra20Cyber swachhta kendra20
Cyber swachhta kendra20pavanwagh5
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...Benjamin Ang
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspectiveShoeb Ahmed
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 

Recommended

Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Role of Forensic Triage In Cyber Security Trends 2021
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
 
Cyber swachhta kendra20
Cyber swachhta kendra20Cyber swachhta kendra20
Cyber swachhta kendra20pavanwagh5
 
Unit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismUnit v: Cyber Safety Mechanism
Unit v: Cyber Safety MechanismArnav Chowdhury
 
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...
2017 cyber legislation in Singapore (v2) - case study and discussion of cybe...Benjamin Ang
 
Deep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsDeep Learning for Cybersecurity Innovation Insights from Patents
Deep Learning for Cybersecurity Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
cyber security legal perspective
cyber security legal perspectivecyber security legal perspective
cyber security legal perspectiveShoeb Ahmed
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
Cyber security course online
Cyber security course onlineCyber security course online
Cyber security course onlineDINESHKUMARANAPPONIX
 
ppt Cybercrime
ppt Cybercrimeppt Cybercrime
ppt CybercrimeAvinash Katariya
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
Cybersecurity
CybersecurityCybersecurity
Cybersecuritypronab Kurmi
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
Cybersecurity jobs jb
Cybersecurity jobs jbCybersecurity jobs jb
Cybersecurity jobs jbJenniferBraun16
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Tech
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsSiemplify
 
AITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAPNIC
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
Htc itmr 30-05-13
Htc itmr 30-05-13Htc itmr 30-05-13
Htc itmr 30-05-13s.balu swaminathan
 
2015_ICMSS_Institutional_Cybersecurity_s02
2015_ICMSS_Institutional_Cybersecurity_s022015_ICMSS_Institutional_Cybersecurity_s02
2015_ICMSS_Institutional_Cybersecurity_s02Government
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Shawn Nutley
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paperWesen Tegegne
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfAlexandre Pinheiro
 

More Related Content

What's hot

Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Tech
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsSiemplify
 
AITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAPNIC
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Ekonomikas ministrija
 
2015_ICMSS_Institutional_Cybersecurity_s02
2015_ICMSS_Institutional_Cybersecurity_s022015_ICMSS_Institutional_Cybersecurity_s02
2015_ICMSS_Institutional_Cybersecurity_s02Government
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Shawn Nutley
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 

What's hot (20)

Cyber security course online
Cyber security course onlineCyber security course online
Cyber security course online
 
ppt Cybercrime
ppt Cybercrimeppt Cybercrime
ppt Cybercrime
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT security
 
Cybersecurity jobs jb
Cybersecurity jobs jbCybersecurity jobs jb
Cybersecurity jobs jb
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014
 
Cyber Security & Cyber Security Threats
Cyber Security & Cyber Security ThreatsCyber Security & Cyber Security Threats
Cyber Security & Cyber Security Threats
 
AITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformationAITI Smart Future Forum: Cybersecurity and digital transformation
AITI Smart Future Forum: Cybersecurity and digital transformation
 
Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...Cyber Security in the Manufacturing Industry: New challenges in the informati...
Cyber Security in the Manufacturing Industry: New challenges in the informati...
 
Htc itmr 30-05-13
Htc itmr 30-05-13Htc itmr 30-05-13
Htc itmr 30-05-13
 
2015_ICMSS_Institutional_Cybersecurity_s02
2015_ICMSS_Institutional_Cybersecurity_s022015_ICMSS_Institutional_Cybersecurity_s02
2015_ICMSS_Institutional_Cybersecurity_s02
 
Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020Top 8 Cybersecurity Trends 2020
Top 8 Cybersecurity Trends 2020
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paper
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docx
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 

Similar to Sri Lanka Cyber Security Bill Flaws and Improvements

Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfAlexandre Pinheiro
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIAAnish Rai
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossierYury Chemerkin
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomySettapong_CyberSecurity
 
Computer Emergency Response Team for Health Care Sector (CERT-H)
Computer Emergency Response Team for Health Care Sector (CERT-H)Computer Emergency Response Team for Health Care Sector (CERT-H)
Computer Emergency Response Team for Health Care Sector (CERT-H)Manpreet Singh Sidhu
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...DaveNjoga1
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillaydotZADNA
 
CYBER SECURITY brazil.pdf
CYBER SECURITY brazil.pdfCYBER SECURITY brazil.pdf
CYBER SECURITY brazil.pdfAnahideCastro
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...Terrance Tong
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
 

Similar to Sri Lanka Cyber Security Bill Flaws and Improvements (20)

Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
National_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdfNational_Cyber_Security_Strategy.pdf
National_Cyber_Security_Strategy.pdf
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity Singapore. industry 4.0 and cybersecurity
Singapore. industry 4.0 and cybersecurity
 
CYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIACYBER Crime Cyber Security Cyber Law INDIA
CYBER Crime Cyber Security Cyber Law INDIA
 
Finland s cyber security strategy background dossier
Finland s cyber security strategy background dossierFinland s cyber security strategy background dossier
Finland s cyber security strategy background dossier
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
Guideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital EconomyGuideline Thailand Cybersecure Strate Digital Economy
Guideline Thailand Cybersecure Strate Digital Economy
 
Computer Emergency Response Team for Health Care Sector (CERT-H)
Computer Emergency Response Team for Health Care Sector (CERT-H)Computer Emergency Response Team for Health Care Sector (CERT-H)
Computer Emergency Response Team for Health Care Sector (CERT-H)
 
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
Critical Information Infrastructure Cyberspace Situational Awareness_Measure ...
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 
CYBER SECURITY brazil.pdf
CYBER SECURITY brazil.pdfCYBER SECURITY brazil.pdf
CYBER SECURITY brazil.pdf
 
Cyber Security For Businesses
Cyber Security For BusinessesCyber Security For Businesses
Cyber Security For Businesses
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...
Strengthening the Great Cyber-Wall of China — An Effort in Protecting the Mas...
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
 

More from Jeewanthi Fernando

Business Process Management Doc
Business Process Management DocBusiness Process Management Doc
Business Process Management DocJeewanthi Fernando
 

More from Jeewanthi Fernando (20)

Assingment 5 - ENSA
Assingment 5 - ENSAAssingment 5 - ENSA
Assingment 5 - ENSA
 
Assingment 4 - DDos
Assingment 4 - DDosAssingment 4 - DDos
Assingment 4 - DDos
 
Assingment 3 - Bug bounty
Assingment 3 - Bug bountyAssingment 3 - Bug bounty
Assingment 3 - Bug bounty
 
Assingment 1 - Google haker
Assingment 1 - Google hakerAssingment 1 - Google haker
Assingment 1 - Google haker
 
Ob group presentation
Ob group presentationOb group presentation
Ob group presentation
 
OB group assignment
OB group assignmentOB group assignment
OB group assignment
 
Poster
PosterPoster
Poster
 
Assignment - Maliban
Assignment - MalibanAssignment - Maliban
Assignment - Maliban
 
Assignment 1
Assignment 1Assignment 1
Assignment 1
 
BPM presentation
BPM presentationBPM presentation
BPM presentation
 
Business Process Management Doc
Business Process Management DocBusiness Process Management Doc
Business Process Management Doc
 
Group assingment
Group assingmentGroup assingment
Group assingment
 
Class activity 5
Class activity 5 Class activity 5
Class activity 5
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
Class activity 3
Class activity 3 Class activity 3
Class activity 3
 
Professional networking
Professional networkingProfessional networking
Professional networking
 
Tesco doc
Tesco docTesco doc
Tesco doc
 
Tesco
TescoTesco
Tesco
 
ALSS Assingment 1
ALSS Assingment 1ALSS Assingment 1
ALSS Assingment 1
 
Specialist or clever teams
Specialist or clever teamsSpecialist or clever teams
Specialist or clever teams
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Sri Lanka Cyber Security Bill Flaws and Improvements

  • 1. Sri Lanka Institute of Information Technology Master of Science (Information Management) Degree Program Information and Network Security Assignment 2 Cyber Security Bill – Sri Lanka W.M.J.H. Fernando MS18901290
  • 2. 2 New Cyber Security draft Bill for Sri Lanka. The Sri Lanka government has drafted a new “Cyber Security Bill to protect vital information and essential service from cyber-attack. According to Non-Cabinet Minister of Digital Infrastructure and Information Technology Ajith P. Perera. Cyber Crimes Act will also be amended shortly to crack down on cyber-attacks, online security and social media related incidents.
  • 3. 3 A National Information and Cyber Security Strategy has also been unveiled at the launch of Cyber Resilience for Development (CYBER 4DEV) project funded by the European Union (EU) in Colombo. [1] British, Dutch and Estonian governments are the partners for the implementation of the project in collaboration with Sri Lanka’s Ministry of Digital Infrastructure and Information Technology. CYBER 4DEV project will be spearheading the promotion of cyber resilience through “raising awareness on cyber threats; and developing national cyber security strategies.
  • 4. 4 It will also be providing for information assurance and resilience; setting up, training and equipping Computer Emergency Response Teams, building early warning, information sharing and analysis capabilities. Sri Lanka has already shown clear support to this through its national cyber strategy and through signing the Commonwealth Cyber Declaration, agreed in London last year. In that Declaration, members of the Commonwealth agreed to support a cyberspace that supports economic and social development and rights online, to build the foundations of an effective national cyber security response, and to promote stability in cyberspace through international cooperation, he added. The Computer Emergency Readiness Team| Coordination Centre (CERT/CC) has formulated Sri Lanka’s first Information and Cyber Security Strategy to be implemented over a period of five years from 2019 to 2023. [2] The Strategy is an institutional framework that aims to create a resilient and trusted cyber security ecosystem that will enable Sri Lankan citizens to have access to safe digital exposure and facilitate a better future, Dr. Kanishka Karunasena,[3] the research and policy specialist for CERT said. [3] CERT has worked with multi-sectoral institutions, banks and utility organizations to create this cyber security strategy. But current Sri Lanka cyber security bill law having some unclear areas. These are, [4] • “3(3) The Agency shall be the Apex and Executive body for all matters relating to cyber security policy in Sri Lanka and shall be responsible for the implementation of the National Cyber Security Strategy of Sri Lanka.” This implies that SLCERT and NCSOC will be subordinate to CSASL. However, it is not immediately obvious why three separate institutions are necessary. Siloes and delays in communication across institutions are not conducive to the cybersecurity area, where working fast and staying ahead of emergent threats is imperative. Increased budgets and bloated institutional structures are also unaffordable in budget- and skills-constrained countries like Sri Lanka. [4] As the example, Singapore which has a well-defined structure with the National Cybersecurity Agency of Singapore as the “national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development” and the Singapore Computer Emergency Response Team (SingCERT) a unit within the Agency responsible for facilitating the detection,
  • 5. 5 resolution and prevention of cyber security related incidents on the Internet relevant to Singapore. • Another confusion is about the seemingly relative imbalance of power between CSASL and SLCERT. Part II 4(2) states that “in the discharge of its powers and functions, the Agency [CSASL] shall at all times consult Sri Lanka Computer Emergency Readiness Team [SLCERT] and ensure the said powers are carried out through the institutions established under Part IV of this Act.” While it is natural that consultation shall occur with an agency that is likely to have a high level of expertise, it is unclear why CSASL always must consult SLCERT. [4] • Further contributing to the confusion of hierarchies is Part II 5(1)(a)(iv), which states that a member nominated by the Board of Sri Lanka Computer Emergency Readiness Team is to be an ex-officio member of the CSASL Board. It is unclear why a member of a subordinate institution (SLCERT) should have a seat in the CSASL Board. The reverse makes sense, thinking through normal governance hierarchies.[4] • Part VII 21(3) “Every person who being the owner of a CII who fails, without reasonable cause, to fulfill the obligations imposed under this Act or fails to report cyber security incidents to the Agency and CERT, in accordance with section 19(1) (c) to (f), commit an offence under this Act and shall on conviction be liable to a fine not exceeding two hundred thousand rupees or to imprisonment for a term not exceeding two years or to both such fine and imprisonment.” By mandating a fixed penalty (financial and jail time), the Bill violates the important principle that the punishment should be proportional to the crime. Attacks on a CII that causes billions of rupees of damage and one that causes hundreds of rupees of damage could be treated equally when assigning such penalties. − We propose other methods of calculating fines be considered - for example, a penalty that increases by a prescribed amount each day an identified security violation is left unaddressed. Here, the number of days acts as a proxy for the damage caused. − Another question to be asked is if there a need to introduce punitive actions on parties deemed to have failed in their responsibilities to contain any fallout from “cybersecurity incidents”? Will this be an effective approach to address the problem?[4]
  • 6. 6 References [1] “Flaws in draft cybersecurity bill under review,” The Sunday Times Sri Lanka. . [2] “Sri Lanka’s unsung cyber security champions.” [Online]. Available: http://www.ft.lk/columns/Sri- Lanka-s-unsung-cyber-security-champions/4-677891. [Accessed: 18-Aug-2019]. [3] “Sri Lanka introduces new legislation to protect people from cyber-attacks,” The Sunday Times Sri Lanka. . [4] “Cyber_Security_Bill_2019-05-22_LD_Final_Version.pdf.”.