Sri Lanka steps up efforts to combat cyber warfare in the banking arena
Sri Lanka is stepping up security efforts to effectively handle and protect the banking financial sector information from the growing threat of computer hacking and cyber crimes which could paralyse the country’s economy.
A pragmatic initiative has been made to establish a centralised body to coordinate cyber security measures of the banking sector spending hundreds of man hours, officials said.
The push to set up a Computer Security Incident Response Team (CSIRT) for the banking and finance sector came after six years of planning and developing a process as government officials are now increasingly concerned about the ability of a cyber attack to cause major disruptions to the country’s financial system, Sri Lanka Computer Emergency Readiness Team Coordination Centre (CERT) CEO Lal Dias said at the launching ceremony of Bank CSIRT in Colombo on Tuesday.
The CSIRT for the banking and finance sector is hosted and managed by LankaClear (Pvt) Ltd under the guidance of the Central Bank with the assistance of the Sri Lanka Computer Emergency Readiness Team and the Sri Lanka Banks Association (SLBA).
He revealed that the planning process was not easy as they had to overcome many obstacles and reluctance of banks to share sensitive information as well as heavy lobbying by security service providers.
Mr. Dias noted that Bank CSIRT is ready to offer five very unique information security services that third party service providers are not in a position to provide.
It will formulate and implement baseline security standards and share fraud, cyber crime and threat intelligence information and issue vulnerability, advisory and international alerts, registration of 3rd party service providers and incident response. These alerts will be obtained and filtered from information originating from 400+ countries and banks will not have to carry out research on vulnerabilities and threats, he said, adding that a base line security standard will address gaps in security capabilities.
Information security breaches have grown rapidly and Sri Lankan banks have invested heavily in information security Infrastructure, he said, noting that the traditional approach of banks to resolving cyber security issues in isolation is no longer effective.The establishment of Bank CSIRT will address all these shortcomings and it can also disseminate information received from international computer emergency response teams relating to new cyber security threats enabling individual banks and financial institutions to take proactive action, he added.
Delivering the keynote address, Secretary to the President Lalith Weeratunga revealed that Sri Lanka will soon sign the Budapest Convention on Cyber Crimes that urges countries to harmonise national legislation and facilitate investigations and co-operation between law enforcement operations globally.
The Cabinet of Ministers has given its approval to sign this convention recently and it would help the country to be on par with international status and frameworks while providing access to systems and networks of other countries.
He noted that many people have become victims of cyber attacks exposing their personal and financial information, and even (unknowingly) transferring funds to the account of the attackers.
“Invasion of information systems take place daily, however, a sudden spike in major phishing attacks, over 250, were recorded during the recent turbulence in Aluthgama, with attackers attempting to take advantage of the chaos.” he said.
CSIRT is “one of the most important things in modern Internet and banking.”
He stated that previously, if attacks originated within the country, they were easy to isolate due to the relatively fewer Information and Communication Technology (ICT) users compared with the present.
Sri Lanka has to pay a high price if the country’s ICT system collapses through cyber attacks and it is important to take precautionary measures soon, he added.
He added that a global co-operation is essential due to a rapid increase in cyber crimes and hacking of computer data, cyber laundering, cyber terrorism and phishing in countries worldwide including Sri Lanka.
A large number of people become victims of cyber crime every minute and there should be a coordinated effort to take precautions against organised cyber criminals, he emphasised.
There is a growing need to protect the financial data in the banking system as the country has already embraced Internet banking mobile banking, electronic cheque transactions and e-transfer of money, etc, he said, adding that the importance of information security in the banking industry has grown rapidly at present.
Mr. Weeratunga launched the system, accessible through the Bank CSRIT website by sending the first informational alert to all member banks.
Governor of the Central Bank Ajith Nivard Cabraal emphasised the need for high security protection as a result of ever increasing IT threats owing to easy connectivity in the country.
He said that the Central Bank has taken measures to maintain the integrity of the banking sector which is the cornerstone of the economy. He expressed the belief that the country s financial system will be made stable and safe with the assistance of Bank CSIRT.