New Cyber Security Act soon
In view of growing cyber attacks, online security threats and social media related incidents, the government is set to enact this Cyber Security Act this month to protect critical information infrastructure within Sri Lanka.
The proposed Act gives sweeping powers to state cyber agencies and institutions and the Digital Infrastructure and Information Ministry despite concerns from civil liberties activists and computer societies over judicial oversight and potential abuse of power.
Alongside the new disposition on terrorism-related content, the Act seeks to set a framework to prevent the misuse of digital devices including social media networks, they said.
The proposed Act provides provisions for the establishment of the Cyber Security Agency (CSA) of the empowerment of the Sri Lanka Computer Emergency Readiness Team (CERT) and National Cyber Security Operations Centre, a senior official of the Digital Infrastructure and Information Ministry said.
It will ensure the effective implementation of the National Cyber Security Strategy in Sri Lanka to prevent, mitigate and respond to cyber security threats and incidents effectively and efficiently.
It will act as the central point of contact for cyber security in Sri Lanka, and provide necessary advices to all government and private organisations in respect of cyber security matters.
This authority will take measures to interface for the multi-directional and cross-sector sharing of information related to cyber threat indicators, defensive measures, cyber security risks, and to provide warnings for government and private sector organisations.
Another function of the authority is to identify and designate Critical Information Infrastructure (CII) both in government and private sectors and regulate owners of CII with regard to the cyber security.
Information Security Officers are to be appointed across all layers of the government, who will be in charge of information and cyber security related matters in government organisations.
According to the Act any CII owner, who fails to report cyber security incidents to the Agency and CERT, commits an offence, and shall on conviction be liable to a fine not exceeding Rs 200,000 or to imprisonment for a term not exceeding two years or to both such fine and imprisonment.
The CSA will be empowering the institutional framework to provide for a safe and secure cyber security environment as well as to protect the CII, he disclosed.
This agency will be coming directly under the aegis of the Digital Infrastructure and Information Ministry which will be the apex and executive body for all matters relating to cyber security policy in Sri Lanka.