Preventive Legislations in Sri Lanka for Cyber-Attacks


"Everybody should want to make sure that we have the cyber tools necessary to investigate cyber crimes, and to be prepared to defend against them and to bring people to justice who commit it." - Janet Reno



My article’s objective is to investigate laws that are enabled to prevent cyber-attacks in Sri Lanka and also analyze whether those laws are sufficient to prevent a cyber welfare in the future.

It has been recognized mainly the  role of cyber laws in cybersecurity, preventive legislations in Sri Lanka for cyber-attacks, what are the present regulations in Sri Lanka? And what are the measures taken by the government? Scope of cyber law.

This article includes information and links pertaining to Digital Laws which have been adopted in Sri Lanka.

In the analysis, the statutes and laws are being discussed. It has been critically analyzed the preventive laws in Sri Lanka such as, Electronic Transaction Act, Information and Communication Technology Act, Telecommunication Act, Computer Crime Act, Intellectual Property Act etc.

Suggestions and opinions were presented to improve the laws of Sri Lanka.

In the conclusion, it has been discussed whether the Sri Lankan laws are enough or not enough.

By reading through this article, you will gain a good idea regarding the above-mentioned facts.

 

What is Cyber Law?

Cyber laws, also referred to as internet laws, are legal informatics rules that govern software, e-commerce, and information security as well as the digital transfer of information. It typically encompasses a wide range of connected topics, including Internet access and use, freedom of speech, and privacy.

 

Why Cybercrime Laws?

The usage of the internet raises numerous security and privacy concerns. Intelligent criminals have been reported to carry out unauthorized operations and potential fraud using cutting-edge tactics. As a result, there is a great need to protect against them, and the best way to do so is to impose a cyber security strategy. By holding these criminals responsible for their destructive deeds and imposing the proper punishment determined by the federal government, these regulations and laws are designed to protect individuals and businesses online.

 

Role of Cyber Laws in Cybersecurity

Cyber rules are essential to using the internet and have several functions. The majority of these regulations are designed to safeguard users from falling prey to cybercrimes, while some are intended to control how people use the internet and computers more generally. These three key areas are covered by cyberlaw:

  • Fraud: Users are protected from falling prey to online fraud by cyber laws. They are around to stop crimes like identity and credit card theft. These statutes further proclaim that anyone who attempts to conduct such fraud will face federal and state criminal prosecution.
  • Copyright: In addition to outlawing copyright infringement, cyber laws also enforce copyright protection. They grant people and organizations the right to safeguard and benefit from their creative creations.
  • Defamation: Cyber laws are also enforced in cases of online slander, which offers people and companies protection from untrue claims made online that could hurt their reputations.





What is the scope of Cyber Law?

The cybersecurity industry has made significant strides in response to the rise in malicious cybercrimes. However, the rules and regulations in place today do not sufficiently address these offenses. 

This necessitates the government taking effective action to adopt new laws and acts that are both comprehensive and effective in order to counteract these threats and to manage the complexities and challenges brought on by quickly developing technologies.

Enabling Legal Environment

The usage of ICT is significantly influenced by digital laws since they create the legal framework required for conducting electronic business and using electronic data and documents for official and personnel functions. Moreover, the behaviors that are damaging for the usage of Digital transactions should be regulated by Computer Crime legislation.

The "2001 Budapest treaty supported by the council of Europe" is the first international instrument to combat cybercrime. Sri Lanka joined that council and the Computer Crime No. 24 of 2007 Act (CCA) went into effect.

Sri Lanka Computer Emergency Readiness Team | Coordination Centre. The focal point for Cyber security in Sri Lanka.


Information and Communication Technology Agency | ICTA.

 


Acts and polices enabled to prevent cyber-attacks in Sri Lanka

Cybersecurity or cybercrime laws are regulations that protect information technology with the intention of requiring businesses and organizations to use a variety of defenses to secure their systems and data against intrusions. We'll quickly review the several categories of Sri Lankan laws against cybercrime below.

 

                               1.      National Data Sharing Policy

                               2.      The Electronic Transaction Act

                               3.      Payment Devices Frauds Act

                               4.      Cyber security act

                               5.      Intellectual Property Act

                               6.      Computer Crimes Act

                               7.      Data protection legislation

                               8.      Digital signature and authentication regime

 


1.      National Data Sharing Policy

The policy's goal is to outline a set of rules and principles that will aid in developing an ecosystem for improved access to shareable data by relevant stakeholders while preserving the rights of both the information provider and the information seeker.

The policy must specify a structure for the proactive sharing of regularly updated shareable data with the Sri Lankan government. The policy shall apply to all data, whether it be in the form of electronic or manual records.

 

2.      The Electronic Transaction Act

      This act is based on the principles provided by United Nations Commission on International Model Law on Electronic Commerce from 1996 and the Trade Law Model Law on Electronic Signatures (2001).

(Electronic Transactions Act, No. 19 of 2006) The Act's goals are as follows: 

·        To make legal barriers to national and international electronic commerce easier removing obstacles and creating legal certainty.

·        To promote the usage of reputable electronic commerce platforms.

·        To facilitate electronic filing of papers with government and to enhance effective delivery of government services by means of dependable forms of electronic communications.

·        To increase public trust in data transmissions and electronic communications' reliability, authenticity, and integrity.

 

3.      Payment Devices Frauds Act 

When considering this act, the Payment devices fraud Act No 30 of 2006 has been introduced to prevent the use of unauthorized or counter payment devices in the country.

 

4.      Cyber Security Act 

The National Cyber Security Strategy in Sri Lanka is being implemented effectively, and the goals of the cybersecurity act are to confirm this. 

They also include creating the Sri Lankan Cyber Security Agency, empowering the institutional framework to provide a safe and secure cybersecurity environment, and protecting the Critical Information Infrastructure.

The Act includes a provision for the Cyber Security Agency, which aids in resolving any problems associated with the nation's current cybersecurity policy.  (Sunday Observer,2019).

·        To make sure Sri Lanka's National Cyber Security Strategy is carried out effectively.

·        To stop, reduce, and address cybersecurity threats and incidents efficiently and  effectively.

·        Create the Sri Lankan Cyber Security Agency and strengthen another institutional  framework to ensure a safe and secure cyberspace environment.

·        In order to safeguard the Critical Information Infrastructure.

 

5.     Intellectual Property Act

The Code of Intellectual Property Act No. 52 of 1979 was updated with the Intellectual Property Act No. 36 of 2003 in terms of the protection of intellectual property rights (IPR).

The 2003 IP Act added a number of additional provisions for the security of software, trade secrets, and integrated circuits.

 

6.    Computer Crimes Act

The Computer Crimes Act No. 24 of 2007 specifies the process for investigating and prosecuting such crimes and enables the detection of computer crimes.

The Computer Crimes Act No. 24 of 2007's main goal is to make attempts at unauthorized access to a computer, computer program, data, or piece of information illegal.

 Regardless of whether the criminal had permission to access the computer, it also includes a clause to address unlawful computer use.

The Act defines offenses for unauthorized modification, alteration, or deletion of information as well as denial of access, making it unlawful for anyone to program a computer in a way that restricts access to only authorized parties.

Other offenses that are intended to be included in the proposed Act include interception of computer programs, data, or information while they are being transported from one computer to another, as well as harming or damaging a computer by introducing viruses, logic bombs, or other harmful software.

The Act establishes a new framework for investigating crimes. A panel of "Experts" has been designated in the Act to support the Police in their investigation of computer criminal offenses.


7.     Data Protection Legislation

      In the information age, where personal data has become a valuable asset for many businesses, particularly those doing business online, data protection laws have grown in significance.

      However, in a connected global economy, it is simple to get around national data privacy laws, and as soon as data is transferred outside of the country, the individuals' rights to protection are lost.

      The EU data protection policy includes rules governing the transfer of personal data to non-EU nations like Sri Lanka in an effort to prevent this circumvention.

      Currently, the Government is pursuing a strategy centered on the adoption of a private sector-inclusive data protection code of practice, with the potential for the code to be given statutory status through regulations published under the 2003 Information and Communication Technology Act.

      As a result, this strategy might be viewed as a self- or co-regulatory strategy.

 

8     Digital Signature and Authentication Regime

      Establishing a national framework with defined legal, administrative, and technological rules for awarding, controlling, and enforcing the usage of digital certificates to authenticate the identities of persons who originate e-services with the goal of limiting fraud is important to solve the aforementioned.

      The Electronic Transactions Act No. 19 of 2006 offers digital certificates and other electronic signatures legal status.

      Utilizing the public key cryptosystem and hash function, users can obtain confidentiality and integrity through the usage of Electronic Signatures through technologies like "Digital Certificates."

      According to the regulations of the Electronic Transactions Act No. 19 of 2006, digital certificates are issued by properly accredited certificate service providers (also known as "CSPs") (as Amended).

      The above-mentioned Act establishes the National Certification Authority (NCA) as the ultimate governing and standard-setting body necessary for the efficient operation of Certification Service Providers (CSPs).

      The Electronic Transactions Act No. 19 of 2006's Chapter IV calls for the creation of a nationally renowned organization to carry out the NCA's duties.

      Sri Lanka CERT was founded as a separate legal entity within the Ministry on August 1st, 2018.

      Consequently, by Gazette Extraordinary, 2147/58, dated 30th October 2019, Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) has been designated as the Certification Authority under section 18 of the aforementioned Act to carry out the functions of the NCA.

      Subsequently, the operations NCA were transferred from ICTA to Sri Lanka CERT.




       Suggestions and Opinions

     The establishment of rules and regulations under Cyber Crime Act is in a very lower level in the country.

      ICT Agency of Sri Lanka should identify and commence programs to develop capacity in the Police  Department so that Police personnel would be well equipped to investigate computer crimes.

      Lack of knowledge and awareness in terms of computer crimes in people is another problem in Sri  Lanka.

      Awareness about computer crimes and new media literacy have to be provided in all three languages practiced in the country.

      It is necessary to taught parents about the internet safeguard methods.

      Human Resource of an organization should be trained from time to time to raise awareness about the latest attacking procedure. Conduct regular risk assessments and define vulnerabilities.

      Organizations must now be information security conscious and must develop and implement proper security controls based on the results of their internal risk assessment and vulnerability assessment.

    

      Conclusion

      Cybercrimes can be effectively stopped in their tracks, but it will take the combined efforts of international organizations, governments, and businesses.

      In order to preserve a safe, secure, and open environment for everyone, cybersecurity laws and regulations governing each action and activity are essential as cyberspace grows more widespread. 

      The government anticipates making significant strides with cyber regulations in the next years, but ultimately, the effectiveness of these rules will depend on the users.  

      Cybercrimes are extremely difficult to prevent in Sri Lanka. The computer crimes are not only difficulties among individuals but also this is a method of war and   even nuclear bombs can be detonated by without the permission.

      The government of Sri Lanka and other nations must take drastic efforts to combat cybercrime. so that  everyone might benefit from world peace and security.

      Cybercrime prevention presents a challenge in Sri Lanka. Network-based crime is on the rise, and  finding a proper balance between everyone's needs has become a challenging issue.

      It is necessary to strengthen the coordination process in order to investigate and prosecute such crime,  as well as protect users' rights on such networks.

      Prosecutor, investigator, and judger need to operate in coordinated fashion, skilled investigators need  to  cope with cyber-crime.

      One strategy for reducing cybercrime is to raise people's awareness of information technology and new media literacy. The Sri Lankan judicial system must also be changed.

      In my view, Sri Lankan law has to be updated to a higher standard.😊





       References

      Enabling digital laws - https://www.icta.lk/legal-framework/

       Electronic transactions act no. 19 of 2006 - https://nca.gov.lk/files/ETA-E.pdf

       Enabling legal environment - https://www.gov.lk/

       https://www.icta.lk/legal-framework/

       Information and cyber security strategy of Sri Lanka 2018-2023 -https://sherloc.unodc.org/cld/en/treaties/strategies/sri_lanka/lka0001s.html

      Mitigating the risk of cyber crime in Sri Lanka - Mitigating the Risk of Cyber Crime in Sri Lanka - The Lakshman Kadirgamar Institute (lki.lk)

      Intellectual property act https://www.nipo.gov.lk/web/images/pdf_downloads/Intellectual_Property_Act_No_36_of_2003.pdf

      Payment devices and frauds - https://www.icta.lk/icta-assets/uploads/2016/03/Payment_devices_FraudsActNo.30of2006.pdf

      Computer crimes act - https://www.icta.lk/icta-assets/uploads/2016/03/ComputerCrimesActNo24of2007.pdf

      Intellectual crime act - https://www.icta.lk/icta-assets/uploads/2016/03/IntellectualPropertyActNo.36of2003Sectionsr.pdf

      Laws in Sri Lanka - Laws of Sri Lanka revised laws, consolidated acts, amendment acts, legislative enactment (srilankalaw.lk)

      Role of cybersecurity - https://www.knowledgehut.com/blog/security/cyber-security-laws


Comments

Post a Comment

Popular posts from this blog

Software projects fail? – 10 Common reasons and Prevention strategies

Image
   In today's technologically advanced world, almost every company is developing and improving software solutions to aid in the expansion of their businesses. Surprisingly, the majority of these quickly growing software businesses end in failure. Overly enthusiastic innovators may ignore little elements that are crucial to a project's success. IT professionals usually overestimate the value of their ideas, struggle to work together effectively, and use the wrong tools to construct projects. To lower the failure rate of these projects, it is therefore vital to address the issues that can result in their failure. Do you wish to investigate the causes of software development failure from the case studies of unsuccessful software projects? This article will give you advice on some of the most typical reasons why software projects fail so you can stop your efforts from being for naught.   1.        Unclear specifications       Everyone involv...
Read more

Crafting Delightful Digital Journeys: UI/UX Design Principles for Enhanced User Engagement

Image
In the ever-evolving landscape of digital products, user interface (UI) and user experience (UX) design play pivotal roles in shaping interactions and perceptions. These disciplines go beyond mere aesthetics; they are about creating seamless, intuitive, and enjoyable experiences for users. Let's delve into the fundamental principles that underpin effective UI/UX design. 1. Clarity in Simplicity: UI design demands clarity. A clean and straightforward interface enables users to effortlessly navigate and understand the purpose of each element. Avoid clutter, and embrace simplicity to enhance user comprehension. 2. Consistency as a Cornerstone: Consistency is the glue that holds a design together. From color schemes and typography to navigation and interactions, maintaining a uniform design language fosters familiarity and reinforces user confidence. 3. Hierarchy Guides the Way: Establish a visual hierarchy to guide users through the interface logically. Prioritize information and act...
Read more

Unveiling the Artistry of Front-End Development: Crafting User Experiences with Code

Image
Unveiling the Artistry of Front-End Development: Crafting User Experiences with Code In the dynamic realm of web development, the front end stands as the artistic face of digital landscapes. It's the canvas where user experiences come to life, and every pixel holds the potential to captivate an audience. In this article, we'll journey through the intricate world of front-end development, exploring its essence, evolving trends, and the role it plays in shaping the online universe. The Front-End Symphony: An Overview Front-end development refers to the creation of the visual and interactive aspects of a website or web application. It's the synthesis of HTML, CSS, and JavaScript, where structure, style, and behavior converge to deliver seamless and engaging user interfaces. HTML: Building the Foundation At the heart of front-end development lies HTML (Hypertext Markup Language). It provides the structural backbone of web content, defining elements like headings, paragraphs, ...
Read more