National Information and Cyber Security Strategy 17-04-2018

English >> Information and Cyber Security Strategy 23-05-2018.pdf
Sinhala >> - National Information and Cyber Security Strategy 23-05-2018.pdf
Tamil>> - National Information and Cyber Security Strategy 23-05-2018.pdf

Post Your Comments below.


  1. Replies
    1. Please find our contact details below.

      Tel: +94 11 269 1692 / 269 5749 / 267 9888
      Fax: +94 11 269 1064

  2. This can be seen a valuable step taken towards creating a secured IoT based environment here in Sri Lanka. Hats Off to CERT!!

  3. Hi, is it still open to given comments or there a deadline to respond to this document?

  4. What is deadline for public comments?

    1. Dear Lal- CEO, Is this document still open for public comments?

      Thilak Pathirage
      Senior Cybersecurity Consultant

    2. Yes, still open for public comments

  5. hello . mn me oylata kiynna gatte mge yaluwekge photo wagayak kauda mnda aduranne nethi ekkenek facebook dala .e account eke nama kasun kumara .mt e photo tika ayin karanna vidiyak neddaa

  6. මගේ ෆේස් බුක් අකවුන්ට් එක හැක් කරල තියෙනව. මට ඒක ඕපන් කරන්න බෑ. හැක් කරපු කෙනාට ඒක වැරදි විදියට පාවිච්චි කරන්න පුලුවන් . මගේ අකවුන්ට් එක නතර කරන්නෙ කොහොමද?

  7. This comment has been removed by the author.

  8. I have read the whole document.The things you have mentioned are really important for the security of Sri lankan cyber space.But as other government projects this should not be given up halfway.First thing we need is to create the necessary workforce to cater to the security issues.Though we have more IT professionals we lack cyber security professionals.We need to include professional certifications as CCNA security into NVQ exams.
    You have mentioned that you are going to create "National Information and Cyber security Agency " which will be responsible for cyber security breeches.I really appreciate this step since we do not have a more sophisticated body to look after cyber treats.The police cyber security division will not be able to handle increasing number of cyber treats in the future.
    The other important this i am really interested is , "education the mass about cyber breeches ".Most of the security treats happen because of the ignorance of the mass in technology.The situation is somewhat good in urban areas whereas people live in rural areas are more prone to vulnerabilities.First step to overcome this is to include security lessons to local curriculum. ICT teachers should be trained on security.
    Creating legislation and policies play a major role in preventing cyber threats.Maximum punishment should be given to criminal as the law states and at the same time corporate environments should be equipped with incident response plans.In Sri Lanka we do not have sophisticated digital forensics lab.So establishing so called labs play a crucial part in bringing the criminal to the court of law.Social engineering plays a major role in Sri Lanka.If you call and ask a person his password in a friendly manner he would give it willingly so People should be educated to understand these kind of vulnerabilities.As a Sri Lankan I wish you good luck.

    Kavinda ( BIT,NVQ 4,MSC in cyber security (reading))

  9. Happy to hear, You are going to start cyber security strategy to sri lankans. We are all hope this strategy will work properly and monitoring with ISO standards. We have several bigger problems to achieve as Nation. According to my understanding those are Funds, Sophisticate work force, upper management leadership and approvals. Firstly, we need to have sufficient Funds to implement our strategy island wide. And other thing is we need to have sophisticated work force. That workforce always need to move with new technologies, need to attend Research Conferences, need to do practices with Forensic Lab, update and verify our knowledge with industry specialized members(Foreign countries). We need to build strong relationship with other Country’s CERT. We have to share our knowledge to lower levels (Schools, Universities, Training centers). However, we need to improve our work force qualifications and experiences in proper manner to face this task.
    Actually, we wish you by heart to complete this task. Everyone needs to know this is not a money waste. This is a investing for our Nation.

    Niroshan Tharanga

  10. This comment has been removed by the author.

  11. This comment has been removed by the author.

    1. ඔයා ඒක හරියටම කිව්වා අයියේ..ඔයා තමයි මගේ වීරයා...ඔයාගේ නොම්බරේ එවන්නකෝ අපි කතා කරමු...

      -මිට සිර්පිනා-

  12. The world is at an age of exponential growth in technological development. Most of this year’s growth in internet consumers have been driven by smartphones. When we focus on Sri Lanka, many businesses have gone online and even government institutions have implemented e-governance in an attempt to create more access and convenience to the public. It is indicated Sri Lanka’s fast-growing level of computer literacy. But the question is what the level of cybersecurity awareness is? Especially in the government sector, consideration and support for information security management from the top management are very poor. Therefore, the vulnerability of businesses and individuals to attacks is increasing and would continue to increase in the future with the increased move to digital platforms.
    And also obviously Sri Lanka must prepare to face threats that could penetrate the country via the cyber domain and to illustrate what mechanisms the country needs to take to overcome these threats to national security.
    The contribution of CERT by proceeding for a cybersecurity strategy to Sri Lanka and I wish good luck to archive the ultimate goal, keep the nation safe, secure and prosperous.

  13. Dr. Kanishka Karunasena

    Good to open this forum for public. What I observed as a government officers is that; most of the technical decisions on ICT are taken by non-IT professions in public sector and fail most of the time. So failures are not due to PUBLIC policies but basically due not practicing professions with required capacity / background.

    At the same time graduates with high qualifications in ICT sector are recruited in public sector to SLICT Service (Ministry of public Administration), at non-executive (with non-decision making power) category to public sector and also they are the ONLY graduates not become non-executive professionals in this public sector. (Discriminated and demotivated ICT professionals).

    Thus focus to adsorb those class 2 /1 officers to those positions and let the ICT professionals to practice and work on the technical matters to sustain the Cyber Security strategy for the betterment of the country.


Post a Comment