The article is about the laws in Sri Lanka to prevent cyber-attacks and analyzing whether those laws are sufficient to prevent a cyber warfare in the future. Cyber warfare consists with the actions of any international organization to attack and do damage the infrastructure, computers or information systems of another nation by using computer viruses or denial of service attacks. This can be also defined as affecting in a war fare in the background of computers and networks.
The first global instrument to address cyber crime is “2001 Budapest convention promoted by the council of Europe”. Sri Lanka also has taken the membership of that council and Computer Crime No.24 of 2007 Act (CCA) came into practice. In Sri Lanka, it can be identified that there are several acts for the prevention of crimes which cause through the internet as follows (Ariyadasa, 2019).
- Electronic Transaction Act.
- Information and Communication Technology Act.
- Telecommunication Act.
- Computer Crime Act.
- Intellectual Property Act
Literature Review
When considering globally, the number of cyber security incidents that has been occurred in year 2015 was 59.06 million. According to the estimated statistics, the total annual cost of all data breaches by year 2019 will be $ 2.1 trillion. When concerning about Sri Lanka, the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) received 3907 incidents which are related to cyber security in year 2017. Sri Lanka has taken a number of measures for the cyber security based on ISO 27000, data sharing policy and legislations such as (Sri Lanka CERT|CC, 2019);
- Electronic Transactions Act No. 19 of 2006,
- Payment devices frauds Act No. 30 of 2006.
- The Intellectual property rights Act.
- Computer crimes Act No. 24 of 2007.
Terrorists use the new technology to fulfill their purposes. The terrorists use social media to communicate their messages. Sri Lanka has to implement new laws to protect against the misuse of communication networks. So that, the laws have to be strict. Sri Lanka should have a proper digital security which protect the general public who involve with the information. And also, the Sri Lankan government needs to enforce new laws based on social media and regulate social media.
Penalties should be brought against hate speech (Ariyadasa, 2019). According to the Oxford dictionary, Cyber Bullying refers to using electronic communication to bully a person by sending messages in a threatening nature. In cyber bullying, the use of Electronic communication or internet to hurt someone take place or forcing someone to do something that they do not want to do taken place. Cyber bullying take place when someone harass on social media or internet communications such as skype, WhatsApp, viber, you tube etc. Posting rumors, sexual remarks etc. can be considered as harmful bullying behaviors (Ariyadasa, 2019).
According to Sri Lankan police records, a decrease of the normal crime rate can be identified. But the study analyzes cyber-crime. This type of crimes gradually increased. Phishing, abuse privacy, malware, e-mail harassment, fake accounts (Facebook), and intellectual property cases reported to the Sri Lankan Computer Emergency Readiness Team. In addition to this e-banking cases, website hacking, e-mail harassment, child pornography cases reported to Cyber-Crime Unit in Sri Lanka police. According to the computer crime act of 1997, computer crime has been identified as a term used to identify all the frauds that are connected with or related to computer and information technology.
In Section 3 to Section 10, it has been described the key substantive offences under computer crime act. Securing unauthorized access to a computer an offence, doing any act to secure unauthorized access in order to commit an offence, causing a computer to perform a function without lawful authority an offence, offences committed against national security and national economy and public order. And also, about dealing with unlawful data and, unlawfully obtained an offence, illegal interception of data an offence, using of illegal devices an offence, unauthorized disclosure of information enabling access to a service also an offense (Jayasekara and Rupasinghe, 2015).
There is a provision in the act which enhances the scope of intellectual property provisions contained in the Intellectual Property Act 36 of 2003. An amendment made to the penal code in 2006 introduced an offence requiring all persons providing a computer service like a cybercafe to ensure that such a service would not be used for offences relating to sexual abuse of a child (Jayasekara and Rupasinghe, 2015).
1. Espionage
Cyber espionage is one of the area concerns about the illegally access confidential or classified information. This can be happened to military or any other organization. So, it is necessary to know how to ensure their data classification (Nathaniel, 2018). Without having adequate security measures and strategies, the world will not be protected or safe from cyber espionage privy to data drain to multinational organizations from local. In Sri Lanka there is a need of data security and digital privacy laws since currently there are no data privacy laws practice in Sri Lanka (Fernandopulle, 2018). In the contemporary world, many countries and nations are engaging in cyber espionage which is distinct from a cyber-attack.
Simply, sabotage can be defined as stealing of electronic data. In this situation an intentional damage to the websites take place. This cause for the websites to get hacked, defaced or destroyed (Rajapaksha, 2015). The cyber sabotage is also carried out by terrorists. When concerning about sabotage, one of the most important case was the August 1997, “suicide email bombings” by internet black tigers, a faction of the Liberation Tigers of Tamil Eelam (LTTE), here the target was the e mail accounts of Sri Lankan embassies in Seoul, Washington and Ottawa (Dolnik, 2009). Sabotage attacks are a huge security threat for the future.
The terrorists also use the internet for the purpose of organization, planning, entertainment and to educate the believers. Al – Qaeda, started in 2011, many Jihadi groups and individuals moved on to social media platforms. They create sponsored twitter accounts and use them to release their statements and videos. In Sri Lanka, the computer crimes act covers several areas related with computer crimes, data misuse, data privacy, cyber stalking, cyber bullying etc. have to be filled by the legislature (Ariyadasa, 2019). Terrorists like to tight control of their messages but lacking directly control of mass media, print or television, have in the past relied on compelling mainstream media into doing the communication by means of the staging of attacks.
Social media enable terrorists to communicate their radicalizing messages to a far wider circle of potential adherents than they could have reached with traditional media. The radicalization required personal contact with someone who could provide materials, ideological grooming, and connections to wider jihadist networks (Ariyadasa, 2019). Cyber terrorism does not require the cyber terrorists to be physically present. Cyber terrorists can remotely launch attacks, and remain anonymous by using proxy servers and other methods to hide their real addresses. Because cyber terrorists will simply hide their identity, it is hard for government agents to trace and capture them.
4. Electric Power Grid
5. Economic Disruption
The cyber-attacks highly impact towards the economic disruption of a country. The cyberattacks can disrupt the lives of citizens In Sri Lanka, the country’s future economic prosperity and social wellbeing will be depending on the country’s security of cyber networks (Dauris, 2019). The cyber-attacks impact towards the financial system of a country, causing banks, businesses and consumers. The cyber-attacks impact on stock prices too. In addition to direct financial damage, businesses and governments also have to spend money and resources to identify what know-how and data have been compromised by hackers.
The Surprise attacks often succeed even though,
in most cases, warnings had been available beforehand. Surprise has always been
an inseparable feature of terrorism. Terrorism operates on the presumption that
the victim will be accessible and vulnerable precisely because the attack is
unexpected at a particular point in time and space. In other words, for an
attack to be successful the victim must be taken by surprise (Morris, 2009).
7. Propagandism
Cyber propaganda is the use of modern electronic methods to influence public perceptions towards a certain point of view. Here, the stealing of private information and releasing that information to the public, hacking machines, spreading fake news etc. take place (Trendmicro.com, 2017). The LTTE also conducted propaganda campaigns to raise funds from the Tamil diaspora and international sources using social media platforms. The criminal activities such as cloning of credit cards and credit card fraud had been carried out using Information Communication Technology. In an examination of the LTTE’s military operations against the Sri Lankan state it became apparent that the LTTE had launched cyber-attacks on the country’s websites and its missions abroad.
Methodology
When concerning about the laws prevailing in
Sri Lanka, four main acts are related to internet. Those acts are;
- Computer crime Act No. 24
- Electronic transaction Act No.19
- Information Communication Technology Act No. 27
- Information Communication Technology Act No. 33
- Intellectual property Act No. 26
(1) Primary data: interviews, lawyers,
judges cyber-crime investigators, policy makers, media researchers.
(2) Content analysis: Computer Crime Act
No. 24 of 2007, Electronic Transaction Act No. 19 of 2006, Intellectual
Property Act No. 36 of 2003, Information and Communication Technology Act No.
27 of 2003;
(3)
Secondary data: websites, books, journals, and magazines, Academic research
articles about cybercrimes.
In Sri Lankan Laws, following can be
considered as the laws in Sri Lanka for the prevention of computer and
cyber-crimes;
- Information Communication Technology Act 2003.
- Payment and settlement Act of 2005.
- Intellectual property Act No 36 of 2006.
- Sri Lankan Telecommunication Act No 27 of 1996. Mobile Payment Guidelines No 1 of 2011.
Payment Devices Frauds Act No. 30 of 2006,
When considering this act, the Payment
devices fraud Act No 30 of 2006 has been introduced to prevent the use of
unauthorized or counter payment devices in the country
Intellectual Property Act No. 36 of 2003,
This act contains several new features in
relation to the protection of software, trade secrets and integrated circuits.
Computer Crimes Act No. 24 of 2007
The Computer Crimes Act No. 24 of 2007 provides for the identification of computer crimes and stipulates the procedure for the investigation and enforcement of such crimes. The Act creates offences for unauthorized modification, alteration or deletion of information and denial of access, which makes it an offence for any person to program the computer in such a manner so as to prevent authorized persons from obtaining access. Other offences sought to be created under the proposed Act include causing damage or harm to the computer by the introduction of viruses and logic bombs etc., unauthorized copying of information, unauthorized use of computer service and interception of a computer program, data or information while it is been transmitted from one computer to another (Gov.lk, n.d.).
Sri Lanka's Criminal Code of Criminal Procedure is being implemented to identify a computer crime, to investigate and prevent crime. In the first chapter of the Sri Lanka Computer Crimes Act (CCA), 11 offenses are listed as per the purpose of identifying computer crimes. These are internationally accepted common mistakes. The first offence identified in the act is to attempt to access or access without permission to a computer, so that if there is no legal right to access, the individual is committing a computer crime. Section 5 is one of the most important sections that must be discussed when considering the CCA. In here a person has committed an unauthorized entry into the computer, computer system, or computer program as a crime.
According to section 15 of CCA, special procedure to investigate computer crime has been introduced by Sri Lanka's cybercrime laws. Earlier, the court did not admit the evidence by the court. Also, there are no sufficient police officers present in the investigation, and the lack of technical knowledge of police officers who are technically less likely to do so There are problems with such weaknesses Location doesn't shield IT professionals. The most important point in Sri Lanka is that the Sri Lankan law allows to take both civil and criminal action in the court. Also, the Sri Lankan law allows the ability to enforce injunctions. Under the Sri Lankan computer crime act, any person trying to commit an offence under above categories can be subjected to penalty. (Senarathna, 2019).
A. The objectives of cybersecurity act is
to confirm the effective implementation of the National Cyber Security Strategy
in Sri Lanka, mitigate and take actions to cybersecurity threats and incidents
effectively, establishing the Cyber Security Agency of Sri Lanka and to empower
the institutional framework to provide a safe and secure cybersecurity
environment; and protect the Critical Information Infrastructure. The Act has
provision for the Cyber Security Agency which helps to solve all the issues
which are relating to the cybersecurity policy prevailing in the country.
(Sunday Observer, 2019).
B.
a)To ensure the effective implementation
of the National Cyber Security Strategy in Sri Lanka. b) To prevent, mitigate
and respond to cybersecurity threats and incidents effectively and efficiently.
c) To establish the Cyber Security Agency
of Sri Lanka and to empower another institutional framework to provide for a
safe and secure cybersecurity environment and,
d)
To protect the Critical Information Infrastructure.
To facilitate national and international electronic commerce
by eliminating legal barriers and establishing legal certainty.
To encourage the use of reliable forms of electronic commerce.
To facilitate electronic filing of documents with government and to promote efficient delivery of government services by means of reliable forms of electronic communications.
To improve public confidence in the
authenticity, integrity and reliability of data messages and electronic
communications.
Suggestions and Opinions
Without a transactional jurisdiction, controlling of cybercrimes is not easy. A single individual or a state cannot fight against these types of crimes. It is possible to prevent the cybercrimes by getting together as countries. For the purpose of harmonization of cybercrimes, the International cooperation can be implemented. The prevailing legal system in the country have to be modify to face these issues in a transnational level with the help of other jurisdictions. The establishment of rules and regulations under Cyber Crime Act is in a very lower level in the country. ICT Agency of Sri Lanka should identify and commence programs to develop capacity in the Police Department so that Police personnel would be well equipped to investigate computer crimes. Lack of knowledge and awareness in terms of computer crimes in people is another problem in Sri Lanka.
Awareness about computer crimes and new media literacy have to be provided in all three languages practiced in the country. It is necessary to taught parents about the internet safeguard methods. Human Resource of an organization should be trained from time to time to raise awareness about the latest attacking procedure. Conduct regular risk assessments and define vulnerabilities. Organizations must now be information security conscious and must develop and implement proper security controls based on the results of their internal risk assessment and vulnerability assessment.
Conclusion
No comments:
Post a Comment