In view of growing cyber attacks, online security threats and social media related incidents, the government is set to enact Cyber Security Act this month to protect critical information infrastructure within Sri Lanka, Digital Infrastructure and Information Ministry announced .
The proposed act gives sweeping powers to state cyber agencies and institutions and the Digital Infrastructure and Information Ministry despite concerns from civil liberties activists and computer societies over judicial oversight and potential abuse of power.
Alongside the new disposition on terrorism-related content, the Act seeks to set a framework to prevent the misuse of digital devices including social media networks, they claimed.
The proposed act provides provisions for the establishment of the Cyber Security Agency (CSA) of the empowerment of the Sri Lanka Computer Emergency Readiness Team (CERT) and National Cyber Security Operations Centre, a senior official of the Digital Infrastructure and Information Ministry said.
It will ensure the effective implementation of the National Cyber Security Strategy in Sri Lanka to prevent, mitigate and respond to cyber security threats and incidents effectively and efficiently.
It will act as the central point of contact for cyber security in Sri Lanka, and provide necessary advices to all government and private organisations in respect of cyber security matters.
This authority will take measures to interface for the multi-directional and cross-sector sharing of information related to cyber threat indicators, defensive measures, cyber security risks, and to provide warnings for government and private sector organisations.
Another function of the authority is to identify and designate Critical Information Infrastructure (CII) both in government r and private sectors and regulate owners of CII with regard to the cyber security.
According to the Act any CII owner, who fails to report cyber security incidents to the Agency and CERT, commits an offence, and shall on conviction be liable to a fine not exceeding Rs 200,000 or to imprisonment for a term not exceeding two years or to both such fine and imprisonment.
The CS A will be empowering the institutional framework to provide for a safe and secure cyber security environment as well as to protect the CII, he disclosed.
(LI)