A Cyber security incident in Sri Lanka can affect any country in the world hence a well formulated Cyber Security culture is therefore needed to keep such acts at bay says CEO of Sri Lanka CERT Lal Dias.
Computer Emergency Readiness Team - Coordination Center (Sri Lanka CERT |CC) is a government Institution now operating under the Presidential Secretariat. Sri Lanka CERT’s mandate is primarily to ensure that Sri Lanka’s cyber space is secure.
Lal Dias is a Chartered Information Technology professional and a Fellow of the British Computer Society and was educated in the UK and Australia. Dias has been instrumental in the setting up of Sri Lanka CERT|CC.
Extract from the interview with Lal Dias.
What does cyber security mean and what is its importance to the world?
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious cyber attacks.
Internet thus is a means of superior communication as against conventional communication. If communication and information involving the internet is interfered with in midstream it is a breach of trust between the parties involved.
Is cyber security a decisive factor as regards uplifting the economy of a country?
Yes, it does now. Tourism industry for example could get badly affected due to a cyber-attack. If the immigration systems are compromised at the height of tourist season, tourist cannot arrive. It creates a huge backlog and the impact on the economy of the country will be huge.
Ransomware can encrypt all data in your computer and the entire network and in order to decrypt your data you need the decryption key which is held by the attacker who will hold you to ransom. That is a regular occurrence not only in Sri Lanka but around the world involving large corporates, small to medium sized business and individuals, where attackers demand exorbitant sums of money to provide decryption keys to recover data.
Cybercrime play a crucial role in global context now. Your comment.
A tea exporter for example would use an integrated system like enterprise resource planning system aka ERP service. These are tools developed for forecasting, monitoring inventory levels, processing orders, optimizing shipping process and many more.
It minimizes manual intervention in all operations. ERP systems help large and medium sized e-Commerce businesses around the world to reduce costs and to help operate business processes effectively. A Cyber-attack can hamper this process and see the downfall of a huge company.
As far as cybercrime is concerned Prevention is better than cure. CERT’s security strategy is based on finding ways of detecting vulnerabilities to prevent a cyber-attack. Prevention and also management which emphasizes more on implementing sound information security policies and practices go hand-in-hand.
Who are Black hat, white hat and gray hat hackers? Can we use the potential of young blood to detect potential hacking vulnerabilities?
Black Hat hackers are criminals who break into computer systems and networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.
Ethical hackers or white hat hackers report vulnerabilities they catch. To enter into someone else’s computer system is illegal. These volunteers use the internet to explore vulnerabilities. Vulnerabilities are also available on the Web. After finding those they pass that information to responsible authorities. Multinational service providers like Google have a ‘Bug Bounty’ program where youngsters become members. Every time they find a bug in the Google platform, Google would reward them. It is possible for a Sri Lankan youngster to become a member.
In the old days’ hackers did it for bragging rights, but modern day hackers do not do it for fun, they mean business and they are inclined to make money for themselves. Most of these hackers are moonlighting. They have a regular day job.
Why do hackers love untrusted public Wi-Fi?
One of the dangers of using untrusted public Wi-Fi network is that data over this type of open connection is often unencrypted and unsecured, leaving you vulnerable to a man-in-the-middle (MITM) attack. What is an MITM? It’s when a cybercriminal exploits a security flaw in the network to intercept data.
Essentially, this gives a hacker access to sniff out any information that passes between you and the websites you visit — details of browsing activities, account logins, and purchase transactions. Your sensitive information, such as passwords and financial data, are then vulnerable to identity theft.
What is the core competency of Sri Lanka CERT and how does this entity make people aware of the importance of cyber security?
Our mandate is primarily to ensure that Sri Lanka’s cyber space is secured.
We play a much wider role in terms of coordinating efforts with law enforcement agencies and the Defence establishment as and when requested, even though they themselves are well equipped with the required cyber security skills. For example, CERT is a member of the expert panel under the Payment Devices and Frauds Act of 2006, and as a result we are required to carry out Digital Forensics Examinations based on a Court Order issued.
The best defense for cyber issues, is the creation of awareness.
We do awareness programs regularly. The most popular such program is the ‘Cyber Security Week’ which we run every year during one whole week encompassing a 5-day conference with international speakers, a cyber-security quiz for the school children, a hacking challenge and multiple Workshops. This time around due to Covid-19, we would do a webinar series, five days of webinars and five days of cyber exercises. These will be like fire drills on different topics. More than fifty percent of the presenters consist of international speakers.
Our awareness and training programs cover a much wider citizen base ranging from school children to senior government executives. We have recently initiated a program to train 10,000 government executives.
Since internet is borderless, we have a worldwide community supporting us. In cyberspace, cyber security vulnerabilities are global and borderless and therefore it was necessary to establish relationships with international bodies.
The Asia Pacific CERT (APCERT) has 26 member countries. Forum of Incident Response and Security Teams aka FIRST has 400 members from around the world including all the big nations and mega service providers like Facebook, Google & Microsoft etc. and Sri Lanka has been an active member for the last 13 years. We exchange cyber threat intelligence with this community 24/7 and 365 days of the year.
This is how the global community protects information on internet.
Are our school children being educated of cybercrime?
Yes. That’s happening now. Education Ministry educates these children via the schools’ IT clubs to create awareness. CERT with its teacher-training program educates the IT teachers. The Education Ministry organizes groups of teachers from each region to gather in Colombo for residential programs to undergo training.
One of our strategies is implementation of sector-based CERTs. The financial sector already has its own CERT which is called, FinCSIRT (Computer Security Incident Response Team) which is funded by the banks and supported by the Central Bank. Likewise, the education sector too has a CERT called the EduCSIRT. Sri Lanka CERT|CC acts as the coordinating center in order to resolve cyber security issues that are escalated to us.
Is there legislation, policies and standards that are implemented as regards cyber security in Sri Lanka?
There are number of legislations. Computer Crime Act of 2007 was the very first piece of legislation that came out. That paved way for Sri Lanka CERT to be established as a subsidiary of ICTA in 2006 and came into operation in 2007. The Electronic Transactions Act and Payment devices and Frauds Act too are there.
CERT would issue guidelines to all government organizations to protect their information systems, and plan to benchmark the adoption of information security controls at various government organizations. Since CERT is now under the Presidential Secretariat, so we are in a good position to enforce these guidelines at government institutions.
Could you elaborate on the Cyber Security Strategy of Sri Lanka CERT?
Sri Lanka’s first Information and Cyber Security Strategy will be implemented over a period of five years from 2019 to 2023. Our strategy aims to create a resilient and trusted cyber security ecosystem that will enable Sri Lankan citizens to realize the benefits of digital technology and facilitate growth, prosperity and a better future for all Sri Lankans.
What is militarization of cyber security, and what is cyberwarfare? Are we prepared as a country to face cyberwarfare?
Cyber warfare is a different topic altogether, and it’s a domain that Sri Lanka’s Defence/Military establishment is well aware of and is something that we have to be very concerned as a nation.
It could well be the next wave of attacks that Sri Lanka will have to endure. It would be not with conventional guns and bullets but cyber. This can paralyze critical infrastructure of a country. You don’t have to have an airplane crashing into the critical Department building. Instead of that the attackers could paralyze a Department through a cyber-attack. Thus critical infrastructure providers in this country have to make sure that their computer systems are secured.
Sri Lanka’s Defence establishments are well trained in this field.