New strategy to tackle cyber-crime vital

By Lionel WIJESIRI

Delivering the keynote address at the round table discussion on ‘Contemporary Cyber Security Redefined’, Minister for Scientific Affairs Prof Tissa Vitharana recently said even though Sri Lanka has the legal framework against those committing cyber-crime, the lack of personnel to detect the offenders should be addressed.

“Many countries have specially trained teams and well trained investigative police to make detections and correctly identify those who have committed the crimes,” he added.

What is cyber-crime?

There is a wide range of offences that can be committed through communication technology.

Cyber-crimes are commonly considered as offences committed using new technologies, such as offences against computer systems and data, dealt with in the Computer Crimes Act No. 24.

They may also include crimes such as hacking or breaking into computer systems to steal or alter data, and crimes such as the transfer of illegal images or fraud. However, while the focus is often on online fraud or child protection, there is a significant number of other offences committed through the internet, such as harassment, threatening behaviour and other anti-social activity.

Computers, the internet and electronic communications play an ever-increasing part in all our lives, with the use of the internet in the home, at work or in educational establishments now standard and continuing to grow. The impact increases as new, and often unpredicted, applications of technologies are quickly adopted by significant proportions of the population.

Mobile internet devices, such as smartphones, are now common, and a growing number of services, such as location based services, are being created to work with them.

We can expect the rapid development and exploitation of computers and electronic communication technologies to continue to accelerate. The Sri Lankan Government has made considerable progress toward its vision of a digitally rich country.

Internet penetration

In the past 10 years, we have become prominent in South East Asia as a leader in the digital field particularly, in mobile phone markets. Internet penetration in Sri Lanka has also gone up to 1.2 million as at March 2012. Sri Lanka is developing into a vibrant, valuable digital economy. The Government has made a commitment that by 2015 everyone in the country can benefit from access to the internet.

However, this has implications for safety and security, including crime and its prevention, detection, investigation and prosecution. Cyber criminals are quick to spot the potential vulnerabilities of new technologies and exploit them to commit offences, or to try to frustrate detection of their activities. The cyber-crimes reported in 2008 which stood at 49 have increased to 1500 by 2011.

As more and more of the nation’s public and private assets are stored electronically rather than physically, often outside our jurisdiction, there will be more opportunities for crime. However, the same technologies can be used to protect ourselves and by our law enforcement agencies todetect, investigate and prosecute offenders.

Benefits

There are significant benefits to Sri Lanka in developing and growing the digital economy.

As more services and trade move online, including those provided by government agencies, so criminals will try to exploit this for their gain, in the same way as markets and trading have always attracted those who would seek to profit from illegal behaviour. The public, businesses and government are all at risk from organized crime groups, and from those who would seek to harm individuals, particularly children. Whether the crime is fraud, data theft from individuals, businesses, or Government, or child sexual abuse committed through the online environment, the impact of crime initiated on the internet can be devastating for its victims.

The Government needs to be involved to ensure that, as with the offline world, there is an appropriate response to crime when needed. The internet is here for the long-term, and criminals will seek to exploit it and profit from it, not just financially, and we therefore need to plan a long term response. The difference between traditional crime and cyber-crime is that generally traditional crime occurs in one place and has an impact on one set of victims whereas cyber-crime can have an impact globally at the push of a button, hence the need for a coordinated and timely response.

Cyber criminals are becoming more sophisticated, and continue to develop malicious software and devise improved methods for infecting computers and networks. This is not purely confined to technological advances: the criminals are also refining their social engineering techniques to improve infection rates.

Cyber criminals will continually adapt their tactics, as new defenses are implemented, to serve the illicit market in compromised private data. Infection of computers, although primarily aimed at harvesting identities for financial gain, is also a method of gaining control of tens of thousands of computers which are then used for attack on industry or infrastructure.

Enhance Government co-ordination

As networked or internet enabled devices become omnipresent, and a significant number of government departments provide some or all of their services via the internet, there is a responsibility upon the Government to provide leadership in responding to cyber-crime at a policy level. Experts of IT believe that we can and should enhance the fight against cyber-crime at government level by ensuring an integrated response, led by the Scientific Affairs Ministry but working with other Government Ministries.

However, to be effective, we should have a Cyber Security Strategy detailing out the Government’s strategic objectives to tackle cyber-crime.

The Office of Cyber Security can be set up at a secure place to provide coordination of the overall response to threats from the internet.

This Office can be the strategic lead for a broad programme of work to secure our country’s advantage in cyber space. Working with partners across government and industry, the Office will be in a position to:

(1) reduce the risk to the Sri Lanka’s safe and secure use of cyber space,
(2) exploit opportunities in cyber space, and
(3) improve knowledge, capabilities and decision- making.

Committee

It is in this context that we need to create a Ministerial Committee for cyber-crime, led by a group of relevant ministers and assisted by BCIS, Cyber-crime division of the CID and experts in the field, who can work with ministers from other fields, and lead the cross-Government effort to tackle cyber-crime. They can formulate a National IT Security Strategy and the Sri Lanka Cyber Security Strategy.

This assignment must be considered a national priority because we cannot afford to be complacent. The threat from cyber-crime is constantly evolving - with new opportunities to commit ‘old’ crimes in new ways as well as high-tech crimes that did not exist five years ago.

Now is the right time to update and strengthen our response.

Government authorities should also do more to improve public awareness of cyber-crime through working with other agencies: what it looks like, who is doing it and what the public and business can do to protect themselves from cyber criminals.

These and other measures will allow us to take action against cyber criminals from the organised groups at the top end right through to the long tail of criminality that exists underneath. Cyber- crime threatens our safety, undermines our economy, and the scope and sophistication of cyber- crime in the 21st Century demands an equally sophisticated and ambitious strategy to tackle it.