Combating cybercrime is a national responsibility: CB Governor
Central Bank Governor Dr. Indrajit Coomaraswamy, while speaking at the Cyber Security Summit 2016, said that taking measures to eradicate looming cybercrime should be considered a national responsibility.
“The cybercrime industry, which seeks these ICT-based services for vicious purposes, has already overtaken the illicit drug trade and is appearing as a prominent revenue generator. Many nations are confronted with the prospect of cyber warfare which is a theft, as you know, of information. Attacks against critical national infrastructure disrupt the delivery of electronic services and even threaten lives. Along with this, the threat landscape has also changed. It is no longer a teenager who is trying to break the system for fun. This includes well-organised criminals who are stealing sensitive information to get into bank accounts and steal money. This is why combating cybercrime needs to be considered as a national interest and a national responsibility,” said Dr. Coomaraswamy.
As Sri Lanka becomes a more connected country through the introduction of better access technologies, more affordable devices and becomes increasingly automated in terms of electronic services, cyber threats posed to our nation will also increase. Rather than fear this stress, citizens need to strike to learn and apply good security practices and standards in accordance with our way of life and face the ICT-enabled future with confidence, Dr. Coomaraswamy opined.
“According to a recent security report by Microsoft, Sri Lanka has been rated among the top ten countries in the Asia Pacific region in terms of facing cyber threats. The introduction of the baseline security standards for the banking sector was a pioneering effort. However, there is no cause for complacency. Cybercrimes are becoming increasingly sophisticated. The threat has to be recognised and addressed at all levels by regulators as well as businesses and government institutions. As a consequence, cyber security has become one of the most serious national and economic challenges we face as a nation, particularly in the financial sector. Cybercrime is the fastest growing social criminality in the world. The effects of one successful attack on a large institution will have far-reaching implications. If this institution happens to be a financial institution, we all know that the impact will be huge.
“For this reason, the Central Bank attaches the highest priority to working closely with financial institutions to combat these threats. It has to be a collaborative effort as the cyber criminals tend to look at the weakest link in the chain,” he said.
The Governor revealed the different initiatives that had been taken by the Central Bank in order to mitigate security breaches and other related risks within the financial sector. These include the establishment of the Finance Sector Computer Security Incident Response Team (FINCSIRT) back in July 2014 and the establishment of a certifying authority to ensure the legitimacy of electronic transactions.
“The ICTA with Sri Lanka CERT (Computer Emergency Readiness Team) has taken many initiatives to control and manage ICT-related threats. Along with these, CBSL has been also been involved with the Government’s initiative and has been involved in setting up the Finance Sector Computer Security Incident Response Team (FINCSIRT). This was established in July 2014 as a joint initiative of the Central Bank of Sri Lanka, Lanka Clear, Sri Lanka CERT and the Sri Lanka Bankers Association. It is entrusted with a broad objective of providing strategic direction to financial sector institutes in the area of information security. This is governed by a steering committee, chaired by the CBSL, with members from Sri Lanka CERT, Lanka Clear and SLBA. This will soon be extended to finance companies as well.
“The other initiative which had been taken is the establishment of a certifying authority to ensure authenticity of electronic transactions by digital signing, introducing internet and mobile payment guidelines, mandated disaster recovery arrangement, secure card-based payments and mandated baseline security standards in the banking sector. In addition, I am being told that there is an active CIO forum to share experiences in the banking sector. This is an excellent initiative to move forward. The Central Bank of Sri Lanka can play a role in bridging the gap that may exist between CEOs and CIOs,” added Dr. Coomaraswamy.
He also added that the internet had become important to the nation’s economic competitiveness as a means of promoting innovation. As the internet becomes an ever larger part of our lives, there is a parallel increase and evolution in cyber security threats emerging. As the world becomes more inter-connected through the internet, the threats that countries face from cyberspace are constantly increasing in frequency, he stated. However, Dr. Coomaraswamy suggested that a shift in mindset was needed in implementing a national approach to safeguard the nation’s digital assets.
“Cyberspace touches nearly every part of our lives. The World Wide Web has made us all interconnected to each other. There will be many more broadband networks beneath us and wireless signals around us will make our lives more comfortable. However, cybercrime is capable of transforming this comfortable lifestyle into a complete disaster. We must secure our cyberspace to ensure that we can continue to grow the nation’s economy and protect our way of life. Clearly, cloud technology offers scope to enhance cyber security. However, there are issues related to the sovereignty of information which need to be addressed. We have to develop a national approach to protect digital assets with a shift from a physical security mindset to a cyber security mindset.”