இலங்கை சைபர் பாதுகாப்பு நிலைமையை மதிப்பீடு செய்வதற்காக ஸ்ரீலங்கா சர்ட் நிறுவனம் தேசிய மட்டத்திலான சில ஆய்வுகளை ஆரம்பித்துள்ளது.
The following surveys are being launched with the assistance of various stakeholders.
1. Public Officers’ Information and Cyber Security Readiness Assessment
In battling cyber-attacks, organizations around the world are focusing heavily on protecting hardware infrastructure and software applications. However, there is a lack of attention being paid to the human aspects which is commonly understood as the weakest aspect of cybersecurity. Many organizations underestimate the human factor in information and cyber security though people’s understanding, knowledge, and perceptions on information and cyber security is critical for protecting digital systems in organizations. Globally accepted research reveals that 7 out of 10 employees lack the awareness, skills and knowledge to prevent cybersecurity incidents.
In Sri Lanka, it is also an accepted fact that the public officers’ awareness of information and cyber security is insufficient. However, no proper study has been conducted to date, in order to access the public officials’ readiness for information and cyber security. Therefore, Sri Lanka CERT | CC launched a survey of public sector employees to assess their Information Security and Cyber Security readiness to work in a digital government environment. Findings of the survey will be used to develop a strategy to enhance overall competence of Information Security and Cyber Security.
Progress up to now (15.06.2021)
Having followed an open tender process, the Project was awarded to Multi-Tech Solution (Pvt) Ltd. The Questionnaire was prepared with the approval of Sri Lanka CERT|CC. The data collection has been already completed for 3540 employees in 236 government organizations. Based on the data analysis, drafting of the Operational Strategy to enhance the public officers’ overall readiness on information and cyber security is in progress.
2. Cyber Security Professional’s Supply and Demand Assessment
Along with the numerous rewards that digitalization provides, there are threats and risks emerging where it is almost impossible to eliminate the negative impacts. Financial institutions, defence agencies and the government institutes have become the primary targets of the attackers in recent times. Hence cyber threats need to be identified early and preventive measures taken well in advance. Most of the attacks turn out to be successful due to lack of awareness and the lack of required skills of the personnel that are responsible for operating these ICT systems. In this context, it is necessary to ensure the availability of knowledgeable and highly skilled professionals in the information and cyber security domain in order to protect, detect, defend and respond to these cyberattacks.
In Sri Lanka, to date, there is a severe lack of initiatives to address the domestic shortage of cybersecurity experts. Therefore, Sri Lanka CERT | CC aims to conduct a national level survey to analyse the gap between the supply and demand of information and cybersecurity professionals in the industry. Results of this analysis will be utilized by Sri Lanka CERT|CC to formulate appropriate strategies and policies to fill the supply and demand gap of cyber security professionals of the country.
Progress up to now (15.06.2021)
Following an open tender process, the project was awarded to IPID. Questionnaires and other materials were finalized with the approval of Sri Lanka CERT | CC. At the moment survey is 70% completed assess and verified the Supply and Demand related data via questionnaires.
3. Assess the Information and Cyber Security Readiness of the Critical Infrastructure Service Providers
Although digital government initiatives promise tremendous benefits for citizens and government, they can also be subjected to various cyberattacks such as malware attacks, unauthorized access, and denial of service attacks. Cyber-attacks on digital government services can cause significant disruptions to the public service delivery, and thereby destroy public confidence. Our citizens will not embrace digital government, if their information cannot be securely maintained in the government information systems. It is, therefore, essential to adopt an appropriate operational strategy to ensure security of digital government systems and critical information infrastructure.
Prior to the implementation of such a strategy, it essential to understand the overall readiness of critical infrastructure service providers. Sri Lanka CERT | CC therefore conducted this survey in order to; identify the organizations maintaining critical infrastructure, and the critical information infrastructure and severity of failures, overall readiness of critical information infrastructure of critical infrastructure providers, and to develop an operational strategy to increase the readiness of the information and cyber security of the identified organizations.
Project has been awarded to KPMG (Pvt) Ltd following an open tender process. Sixty organizations were surveyed in order to identify the National Critical Services and out of that 35 selected organizations were surveyed to identify the Critical Information Infrastructure (CII) of the country. Based on the results operational strategy is being drafting to increase the readiness of the information and cyber security of the CII providers.
4. National Survey on Citizens Awareness on Information Security and Cyber Security & to establish the Cyber Security Readiness of Most Vulnerable Communities
The Internet has become important for all aspects of daily life including education, work, and participation in society. A considerable segment of society is becoming more and more dependent on the Internet thereby becoming more vulnerable to cybercrime. A major reason for such vulnerabilities to cybercrime is lack of awareness among citizens about possible cyber threats and its consequences. Theft of identity, stealing of credit card numbers, and privacy violation and unauthorized access on social media for example are commonly caused due to the lack of awareness of citizens. It is, therefore, essential to raise citizens’ awareness about emerging cyber threats and empower them with the knowledge and skills necessary to defend themselves against evolving cyber threats. Prior to the proposing of any strategy Sri Lanka CERT | CC aims to conduct a baseline assessment to assess Sri Lankan citizens’ awareness, attitudes and behaviors on information and cyber security related affairs.
Progress up to now (15.06.2021)
According to a recommendation given by National Planning Division (NPD), the survey to be conducted with the collaboration of Department of Census and Statistics (DCS). The survey instruments and other related documents for the survey have been completed. The pilot survey is to be initiated soon.