New strategy to tackle cyber-crime vital
Delivering the keynote address at the round table discussion on
‘Contemporary Cyber Security Redefined’, Minister for Scientific Affairs
Prof Tissa Vitharana recently said even though Sri Lanka has the legal
framework against those committing cyber-crime, the lack of personnel to
detect the offenders should be addressed.
“Many countries have specially trained teams and well trained
investigative police to make detections and correctly identify those who
have committed the crimes,” he added.
What is cyber-crime?
There is a wide range of offences that can be committed through
Cyber-crimes are commonly considered as offences committed using new
technologies, such as offences against computer systems and data, dealt
with in the Computer Crimes Act No. 24.
They may also include crimes such as hacking or breaking into
computer systems to steal or alter data, and crimes such as the transfer
of illegal images or fraud. However, while the focus is often on online
fraud or child protection, there is a significant number of other
offences committed through the internet, such as harassment, threatening
behaviour and other anti-social activity.
Computers, the internet and electronic communications play an
ever-increasing part in all our lives, with the use of the internet in
the home, at work or in educational establishments now standard and
continuing to grow. The impact increases as new, and often unpredicted,
applications of technologies are quickly adopted by significant
proportions of the population.
Mobile internet devices, such as smartphones, are now common, and a
growing number of services, such as location based services, are being
created to work with them.
We can expect the rapid development and exploitation of computers and
electronic communication technologies to continue to accelerate. The Sri
Lankan Government has made considerable progress toward its vision of a
digitally rich country.
In the past 10 years, we have become prominent in South East Asia as
a leader in the digital field particularly, in mobile phone markets.
Internet penetration in Sri Lanka has also gone up to 1.2 million as at
March 2012. Sri Lanka is developing into a vibrant, valuable digital
economy. The Government has made a commitment that by 2015 everyone in
the country can benefit from access to the internet.
However, this has implications for safety and security, including
crime and its prevention, detection, investigation and prosecution.
Cyber criminals are quick to spot the potential vulnerabilities of new
technologies and exploit them to commit offences, or to try to frustrate
detection of their activities. The cyber-crimes reported in 2008 which
stood at 49 have increased to 1500 by 2011.
As more and more of the nation’s public and private assets are stored
electronically rather than physically, often outside our jurisdiction,
there will be more opportunities for crime. However, the same
technologies can be used to protect ourselves and by our law enforcement
agencies todetect, investigate and prosecute offenders.
There are significant benefits to Sri Lanka in developing and growing
the digital economy.
As more services and trade move online, including those provided by
government agencies, so criminals will try to exploit this for their
gain, in the same way as markets and trading have always attracted those
who would seek to profit from illegal behaviour. The public, businesses
and government are all at risk from organized crime groups, and from
those who would seek to harm individuals, particularly children. Whether
the crime is fraud, data theft from individuals, businesses, or
Government, or child sexual abuse committed through the online
environment, the impact of crime initiated on the internet can be
devastating for its victims.
The Government needs to be involved to ensure that, as with the
offline world, there is an appropriate response to crime when needed.
The internet is here for the long-term, and criminals will seek to
exploit it and profit from it, not just financially, and we therefore
need to plan a long term response. The difference between traditional
crime and cyber-crime is that generally traditional crime occurs in one
place and has an impact on one set of victims whereas cyber-crime can
have an impact globally at the push of a button, hence the need for a
coordinated and timely response.
Cyber criminals are becoming more sophisticated, and continue to
develop malicious software and devise improved methods for infecting
computers and networks. This is not purely confined to technological
advances: the criminals are also refining their social engineering
techniques to improve infection rates.
Cyber criminals will continually adapt their tactics, as new defenses
are implemented, to serve the illicit market in compromised private
data. Infection of computers, although primarily aimed at harvesting
identities for financial gain, is also a method of gaining control of
tens of thousands of computers which are then used for attack on
industry or infrastructure.
Enhance Government co-ordination
As networked or internet enabled devices become omnipresent, and a
significant number of government departments provide some or all of
their services via the internet, there is a responsibility upon the
Government to provide leadership in responding to cyber-crime at a
policy level. Experts of IT believe that we can and should enhance the
fight against cyber-crime at government level by ensuring an integrated
response, led by the Scientific Affairs Ministry but working with other
However, to be effective, we should have a Cyber Security Strategy
detailing out the Government’s strategic objectives to tackle
The Office of Cyber Security can be set up at a secure place to
provide coordination of the overall response to threats from the
This Office can be the strategic lead for a broad programme of work
to secure our country’s advantage in cyber space. Working with partners
across government and industry, the Office will be in a position to:
(1) reduce the risk to the Sri Lanka’s safe and secure use of cyber
(2) exploit opportunities in cyber space, and
(3) improve knowledge, capabilities and decision- making.
It is in this context that we need to create a Ministerial Committee
for cyber-crime, led by a group of relevant ministers and assisted by
BCIS, Cyber-crime division of the CID and experts in the field, who can
work with ministers from other fields, and lead the cross-Government
effort to tackle cyber-crime. They can formulate a National IT Security
Strategy and the Sri Lanka Cyber Security Strategy.
This assignment must be considered a national priority because we
cannot afford to be complacent. The threat from cyber-crime is
constantly evolving - with new opportunities to commit ‘old’ crimes in
new ways as well as high-tech crimes that did not exist five years ago.
Now is the right time to update and strengthen our response.
Government authorities should also do more to improve public
awareness of cyber-crime through working with other agencies: what it
looks like, who is doing it and what the public and business can do to
protect themselves from cyber criminals.
These and other measures will allow us to take action against cyber
criminals from the organised groups at the top end right through to the
long tail of criminality that exists underneath. Cyber- crime threatens
our safety, undermines our economy, and the scope and sophistication of
cyber- crime in the 21st Century demands an equally sophisticated and
ambitious strategy to tackle it.