Joint action needed to build force against cybercrime

Only a concerted effort can build an appropriate safeguard against cyber crime, says ICT Agency of Sri Lanka (ICTA) CEO Reshan Dewapura.

Dewapura said so during his keynote address on 19 October at the fourth annual national conference on cyber security held in Colombo.

Organised by the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT), a fully-owned subsidiary of ICTA, the conference was part of Cyber Security Week 2011 (14-21 October).

“It is only through the joint actions of Governments and citizens as a whole, as a cohesive force, that a reliable shield against cybercrime can be built,” the ICTA CEO emphasised.

Citing at the outset Research In Motion’s recent catastrophe as an indication of the threat that cyber-warriors could pose, Dewapura stressed the need for a concerted effort to stall cybercrime.

In an effort to emphasise the fact that cybercrime is a real threat requiring all possible synergic endeavours, the ICTA CEO said: “Cyberspace is not so different from the traditional spaces of social interaction. Threats in cyberspace are very real. The number of cyber attacks in the world is constantly growing and so is the cost due to cybercrime. Cybercrime affects the very base of the social and economic wellbeing of the general public.

“‘Today, in the light of these new realities and this major new threat to security – not only to the citizens but to the very functioning of the national economies – each state’s contribution to combating cybercrime becomes particularly important.

“There is no country that, in this age of cyber terrorism, can remain indifferent and unresponsive, or rely on nature or geography (like in the old days) to protect it against malicious acts, because in addition to bringing people closer, the internet has eliminated distances and differences, while placing at the hands of criminals a very powerful means of organised acts of crime.”

Moving on to the effort to establish a mechanism for tackling cybercrime and the setting up of the Sri Lanka CERT in the perspective of national development, Dewapura said: “The e-Sri Lanka initiative of the Government of Sri Lanka commenced implementation in 2005 under the innovative strategies of the Government’s policy document, the ‘Mahinda Chinthana’.

“This initiative looked to take the benefits of ICT to every citizen in every villages and to re-engineer how Government works. It was envisaged that Sri Lanka will become an ICT-driven nation and cyberspace would be a major medium for service delivery.

“ICTA, as the apex body for ICT in the country, found it greatly necessary to establish a mechanism to tackle the potential threat from cybercrime in the face of this e-development activity, which saw huge amounts of ICT infrastructure and IT systems being implemented. Hence, Sri Lanka CERT was created as a fully-owned subsidiary of ICTA in 2006 as the centre for cyber security in Sri Lanka. Sri Lanka CERT has been mandated to protect the nation’s information infrastructure, to coordinate protective measures and respond to cyber security threats and vulnerabilities.”

Pointing out the importance of widening the spectrum needed to combat cybercrime, Dewapura said: “Today, critical infrastructures such as transportation, public utilities such as electricity and water supply and healthcare can all be targets of cyber criminals. Therefore, the necessity for all public and private sector institutions to work together to establish public-private partnerships for capacity building in law enforcement and the judiciary, as well as training and dealing better with cyber-attacks, should be high on the agenda.”

Driving home the global nature of cybercrime to the audience at the conference, graced by the presence of participants including local and foreign experts, the ICTA CEO said: “Internal security strategies adopted by most nations in recent years mention that fighting cybercrime and ensuring cyber security are high on their lists of security challenges. Cybercrime is a global problem and therefore needs a global response.”

Pointing out the relevance of global cooperation even for ensuring security in Sri Lanka, Dewapura said: “The exchange of information and analysis on cyber attacks to harmonise legal definitions and legislation for cyber conflicts is an absolute necessity. Therefore the establishment of partnerships with the global community is of paramount importance if we intend to successfully fight cyber-criminals and strengthen the security of Sri Lankan networks.”

Urging citizens and companies to join in the effort to combat cybercrime and showing how this could be done in a practical way the ICTA CEO stated: “Citizens and companies must be encouraged to report crimes more often, since crimes cannot be solved if they are not reported in the first place. In this respect, it is necessary to create awareness – for Government departments as well as the general public in order to understand the types of cybercrimes that need reporting.

“Cybercrime cannot be handled in isolation, there has to be extensive cooperation and coordination, both internal and external. The old dividing lines between defence and security, law enforcement and judiciary, public and private, etc. do not hold in cyberspace, therefore Governments need to coordinate activities across ministries and departments using broad national cyber security strategies by appointing lead agencies or individuals.”

The ICTA CEO commended Sri Lanka CERT for its endeavours to combat cybercrime and recommended five practical proposals to help create a safer cyberspace in Sri Lanka, which had been formulated with the assistance of Sri Lanka CERT COO Lal Dias:

We have to recognise that it is the responsibility of the Government to ensure that national networks are secure and have not been penetrated. To achieve this, the nation’s cyber activities need to be coordinated on both the institutional, district and provincial levels. And this has to be led by the apex agency of cyber security in Sri Lanka, Sri Lanka CERT.

Centralised bodies such as Sri Lanka CERT, law enforcement agencies and the legislature should focus on areas where it has particular competence, such as protecting critical infrastructure and coordinating legal structures, as well as regulating and working with business, consumer protection privacy and anti-terrorism.

The national security policy would need to be extended to include a cyber security agenda that covers the length and breadth of the country, in order to take the message to the people that cyber security is compatible with individual rights, privacy and freedom of speech.

This national security and defence policy can be used for furthering Sri Lanka’s cyber security agenda; this policy must also ensure that military operations and civilian missions are protected against cyber attacks. Cyber defence should be made an active capability of the country as a whole; it is crucial that Sri Lanka takes advantage of the overlaps it shares with its powerful Asian neighbours to coordinate activities between our countries.

Establish Public-Private Partnerships – It is essential for governments to cooperate with the private sector, as the majority of web infrastructure is in private hands. All developed nations have identified this and are working closely with the private sector and the private sector in return should reciprocate equally.

Dewapura affirmed that the outcome of implementing these proposals would yield positive results: “These recommended proposals, when fully implemented, will go a long way in strengthening our defences against cyber attacks and staying ahead of cyber criminals. The Government is already making concrete plans to successfully implement these in the shortest possible time.”