It's 2023 and Sri Lanka doesn't have a cyber security authority
All should change this year as the country passes its Cyber Security Bill
Sri Lanka's Ministry of Technology has confirmed it will have a cyber security authority – at some point.
According to local media, state minister Kanaka Herath told the Cyber Security Conference in Colombo that efforts to create a cyber security authority in 2023 are under way.
The authority is established through the Cyber Security Bill [PDF] as part of a wider strategy. The bill is expected to be submitted to the country's parliament this year.
Sri Lanka ranks 81st out of 175 countries in the National Cyber Security Index. In January, it scored a 0 for protection of digital and essential services. The country was, however, given nine out of nine points for education and professional development.
Yet, as of 2020, Sir Lanka claimed membership among the third of countries that did not have some form of a national cyber security strategy.
The Global Cybersecurity Index in 2020 listed over half of the world's countries as having a computer incident response team (CIRT) and almost two-thirds as having some form of a national cyber security strategy.
- Five Eyes and Microsoft accuse China of attacking US infrastructure again
- This legit Android app turned into audio-snooping malware – and Google missed it
- Philly Inquirer says Cuba ransomware gang's data leak claims are fake news
- IT security analyst admits hijacking cyber attack to pocket ransom payments
According to management consulting firm Kearney, in Asia many CIRTS play the role of de facto national cyber security agencies – for better or worse.
The European Union developed a region-wide cyber security strategy in 2013 – but developing such a framework has been more difficult for ASEAN, of which Sri Lanka is a member. The region is bifurcated by having some countries – like Singapore, Malaysia, Thailand and the Philippines – with strategies in place, while others do not.
According to Kearney, ASEAN faces challenges in pulling together a unified framework "largely because of the inherent absence of a power to legislate or veto budgets and appointments."
"The lack of sector-specific governance and policies is a region-wide issue, resulting in limited transparency and a lack of sharing of threat intelligence," said Kearney. ®