Towards building a digital tourism fortress

By Aazam Ameen

Tourism stands as a cornerstone of the Sri Lankan economy, drawing visitors from across the globe to experience its diverse landscapes and cultural heritage. The traveller entry system to the country serves as a gateway, streamlining arrivals and boosting tourism revenue. However, the efficiency and convenience of this system must be balanced with robust security measures since the country’s framework of managing its borders processes vast amounts of sensitive data.

As Sri Lanka prioritises seamless tourist services and experiences, safeguarding its systems from digital threats become increasingly important.

Data Tsunami 2.0

With cybercriminals aiming data mining strategies at the global tourism industry, the call for proactive security measures is becoming louder. Leaving airlines and airports stranded in limbo, the massive IT outage from July this year is but one example underscoring the severity of the threat. (Source – https://www.reuters.com/business/aerospace-defense/air-travel-hit-by-global-cyber-outage-2024-07-19/).

Thailand’s 2021 data breach, exposing over 106 million visitor records, also serves as a stark reminder of the vulnerabilities well-seasoned travel destinations face. (Source –https://fulcrum.sg/thailands-public-sector-data-breaches-erode-public-trust-and-might-undermine-e-government/#:~:text=In%20September%202021%2C%20the%20personal,sale%20on%20the%20dark%20web.

In the wake of recent attacks, countries all over the world are adopting new policies to respond to the risks. France’s position on cybersecurity has launched initiatives in collaboration with the UK, China, and the USA to reinforce its defences. (Source – https://pariscall.international/en/)

The UK is also making headway with plans to introduce parameters, including its Electronic Travel Authorisation scheme (ETA) (Source https://www.lexology.com/library/detail.aspx?g=ac235746-6562-4275-aa29-a7436c08903) to minimise potential cybersecurity risks.

Sri Lanka, with its own share of cyberattacks across sectors, cannot afford complacency.

Speaking on the subject, cybersecurity advocate and digital strategist, Asela Waidyalankara added, “By and large, if the country allows digital mediums accessible to wider global audiences, it’s imperative that the Government focus on restructuring Sri Lanka’s Digital Public Infrastructure to prioritise cybersecurity as the cornerstone of its procedural outline.”

Cybersecurity playbook

Fortunately, we have a wealth of best practices to draw from. Scandinavia, a leader in digital governance, offers a robust model. Operating under the stringent data protection standards of the General Data Protection Regulation (GDPR), they’ve implemented advanced encryption, multi-factor authentication, and continuous monitoring to secure their visa processes. Regular security audits are not an afterthought but a cornerstone of their proactive approach.

The UK government’s system provides another valuable case study. Biometric data is securely processed and stored, while mandatory compliance with the GDPR (General Data Protection Regulation) sets a high bar for data handling. The Home Office responsible for the United Kingdom’s visa system emphatically stresses on continuous system evolution, adapting to the ever-changing threat landscape.

Placing safety first 

Sri Lanka has a unique opportunity to relaunch its entry system stronger than ever. By incorporating best practices, we can fortify our data security framework. But technology alone is not enough. Strong Government policies towards this front are critical. Further partnering with reputable cybersecurity firms is essential. These experts bring invaluable experience in anticipating and mitigating threats, ensuring traveller data is in safe hands.

It is essential for companies, including banks, airlines, hotels, visa service providers, etc. that process large volumes of data, to implement robust security measures to ensure this data remains secure.

The reactivation of Sri Lanka’s visa system is a beacon of hope for the tourism industry. However, its long-term success hinges on our unwavering commitment to data security. By embracing global best practices, robust Government policies, engaging cybersecurity experts, and fostering a culture of vigilance, the island can build an impenetrable digital fortress around its tourism industry, protecting both sensitive information and the trust of its precious global visitors. But these steps are not just about securing data; it’s about securing Sri Lanka’s future as a premier, and safe travel destination.