Creating a cyber-resilient society

Monday, 21 October 2019 00:00 -     - {{hitsCtrl.values.hits}}

 

  • Policy challenges to an effective digital transformation

     

While technology is opening a whole new world of opportunities, the threats posed from terrorists are no longer pure physical attacks but also expand to the digital world. The danger may not venture into weapons or create a battlefield with thousands of troops anymore, the future of wars will be fought in the cyber space with more advance technology. 

The digital environment is composed of digital services facilitated by the internet which play a vital role in all aspects of life making it convenient and enjoyable. However, the laws and regulations related to the digital environment have failed to keep pace with its role. 

For most developing countries, the foundation of a strong digital economy is built on the investment into infrastructure development, such as, fibre and wireless connectivity. The goal is to maximise the availability of high-speed internet connectivity whilst making it economically feasible for public and private IT businesses. 

Sri Lanka is gradually making progress in the regulation of the digital space whilst building a cyber-resilience society. The weakness in cybersecurity governance and gaps in the inconsistent transposition of legislative framework have been identified as the main barriers to effective digital policy delivery.  

Based on the publicly available National Digital Policy draft paper which provides an overview of a complex policy landscape, the challengers are strongly connected with our desire as a collective society for a prosperous and competitive economy, a sustainable environment, and a more open, democratic and healthy society. 

The digital transformation should be a key positive element for citizen empowerment and business growth and the Government’s initiative will help us build an open, innovative, secure and sustainable society. Moreover, people need a clear and balanced understanding of the policy, its challenges and context in which they are addressed. 

As things stand, Sri Lanka will have a lot to achieve by 2025. From achieving a $ 5 billion ICT export revenue by 2020, to creating new jobs, driving innovation, enhancing investments, policy and legal reforms, promoting entrepreneurship, ensuring national security and sovereignty are some of the key targets. Another target, as per the proposed digital policy, is to create a globally competitive and digitally empowered economy.

 

A productive approach to policy making 

Sri Lanka needs a more structured and a constructive approach to policy making, especially in the technology and digital sectors, to achieve the scale and nature of the above goals. 

Over the last decade, the Government has adopted innovative tools to improve public sector service delivery. However, lack of clearly defined processes and an understanding of which emerging technologies to adopt in order to address most vital issues in the society may be challenging for the overall mission.

 

Barriers to adopt of new technology

Failing to adopt these technologies faster can have a negative effect on citizen expectations and possible exposure to new threats and malicious cyber activities. Being vulnerable to threats, cybercrime and hacktivism can create social disorder, service disruption, destruction of critical digital property, degrade economic progress and threaten national security. 

In today’s world, the economic impact of cybercrime is rising, and citizens are vulnerable to interference and manipulation. Therefore, adopting a national cybersecurity strategy and having a competent authority tasked with the execution is important. Moreover, a nation-wide plan is needed to protect cyberspace and ICT security. 

 

Gaps in proposed policy frameworks

Many policy frameworks are still fragmented despite the publication of National Cybersecurity Bill, Data Protection Bill and National Digital Policy. According to data protection and cybersecurity experts, there is a considerable gap between Sri Lankan cybersecurity policies and those implemented in comparable other countries in the region. 

The Government needs to strengthen national-level preparedness for cyber risks. Strong checks and balances for surveillance agencies and accountability mechanisms for Government authorities is as important as effective implementation and successful coordination between the various stakeholders. 

 

Failing to synchronise with international standards

Despite all the challenges, Sri Lanka made significant progress by being a state party to the Council of Europe’s Convention on Cybercrime (ETS 185 of 2001). It was a historic success as Sri Lanka became the first country in South Asia to accede to the Convention, ordinarily called the ‘Budapest Convention’. This requires synchronising national legislation to EU standards to combat cybercrime and strengthen data protection. 

In that sense Sri Lanka’s proposed Cybersecurity bill, data protection bill and national digital policy needs more detail overview and a strategic approach to foster international cooperation on cyber-security. Each citizen should be responsible to promote responsible behaviour in cyberspace, avoid spreading disinformation, support the respect of human rights and democratic principles while championing worldwide web to maximise knowledge and to make it a lucrative business model.

 

Need effective public-private collaboration

To promote closer collaboration across the country, the Government and private sector organisations should step forward to educate the public, adopt a common strategy to share information and develop effective mechanisms to achieve cyber readiness. 

In order to avoid duplicate efforts, a more balanced approach is needed to align the country’s economic vision with its national security priorities via a centralised coordination process. Similarly, reinforcement of cybercriminal law in response to better protection for its citizens is also needed with an evaluation to all current laws, regulations and standards relating to IoT devices.

 

Create awareness and changing public mindset 

Finally, a complete shift in public mindset is also needed to be aware of the risks and opportunities presented by digitisation and internet connections. A strategy to increase public awareness about the impacts of threats that are aimed at critical infrastructure or services, consequences of data breaches, identifying and reporting a cybercrime and effects of a nation-wide cyberattack is needed to fully understand the risks associated.

The public should be aware of the risks and opportunities afforded by ICT innovation and internet uptake and how to manage those risks by investing in their security in a more structured manner. Sri Lanka then can fully harvest the benefits associated with the digital economy and reach the determined targets set in its strategies. Once all the above is completed, Sri Lanka will then be on the pathway to become a cyber-resilient nation with healthy internet and digital ecosystem.



(The writer is the Regional Head of South East Asia and serves on the Board of Directors for Meta Defence Labs, a cybersecurity service provider in the UK and Sri Lanka. She also volunteers as the Programme Director for SHe CISO Exec., a global training platform for Cybersecurity | Leadership and Women Empowerment. She is a passionate individual with diverse experience, skills and learning to become a data protection officer and GDPR practitioner. At Meta Defence Labs, Nisa is committed to assisting organisations to improve their security posture whilst achieving business goals. Connect with Nisa on LinkedIn: https://www.linkedin.com/in/nisavithana.)

Recent columns

COMMENTS