Clarion call to government for ‘proper’ data backup
The Computer Emergency Readiness Team (CERT) has not made much progress on detecting the ransomware attack culprits on the Lanka Government Cloud (LGC) which affected 5,000 emails prompting top officials to call for a proper government strategy to address cyber security.
Informed sources told the Business Times that it is difficult for the Sri Lankan government to secure a forensic expert because the ransom attack has wiped out the audit trail.
Currently, some state authorities are using gmail addresses to correspond.
Sri Lanka has two primary data centres and government data is not stored or backed up outside the country. LGC sits on Dialog Data Centre. Sri Lanka Telecom also has a data centre.
IT expert Prof. Rohan Samarajiva told The Business Times on Wednesday that government authorities can use Sri Lankan sites, but they need to back the data up in a reliable place. “We should not back data up in Sri Lanka. The fuel rationing QR system we had recently, was hosted on Amazon Cloud.”
He said the issue the country is facing currently is because the government data was not stored elsewhere. “There should be a proper strategy to do all this.” Most government agencies have their own ‘little’ data centres.
IT experts pointed out that there should be a national-level policy to go to the cloud with government data. “We should not maintain data centres and have primary solution recovery within Sri Lanka,” an IT specialist said.
Data centres are called Legacy Applications, and they are totally outdated in the current context, Prashan Lakshan, Infra Dev Specialist, engaged in a government project for Singapore, told the Business Times.
The reason for government authorities to reject cloud services for backup is privacy concerns. “There is a general understanding and a de facto government rule to not store government data outside Sri Lanka. This came from the Ministry of Technology at the time called the Ministry of Digital Infrastructure,” a top official said.
But cloud services provide options to encrypt data enforcing industrial data privacy standards, Mr. Lakshan added.
Thorsten Leppek, Director Asia Region at Acumatica, a leading US-based company specializing in cloud-based ERP software solutions, in Sri Lanka recently told the Business Times that the cloud services are so secure that US-based Pentagon hosts on the cloud. “I believe the cloud is safe and secure and the cloud gets audited annually to ensure that it is up to date,” he added.
To gain access to the targeted system, the attackers might have used malicious links sent to government employees, according to ICTA. The hackers likely exploited a vulnerability in an outdated version of Microsoft Exchange that hadn’t been updated.
Hitad.lk has you covered with quality used or brand new cars for sale that are budget friendly yet reliable! Now is the time to sell your old ride for something more attractive to today's modern automotive market demands. Browse through our selection of affordable options now on Hitad.lk before deciding on what will work best for you!