The Information and Cybersecurity Strategy of Sri Lanka 2019–2023
November 2018
Strategies and Action Plans
The ‘Information and Cybersecurity Strategy of Sri Lanka 2019–2023’ serves as a blueprint to create a secure and resilient digital environment. The strategy reflects the country’s commitment to addressing the growing challenges in cyberspace, ensuring that its digital ecosystem remains a key enabler of social and economic development.
The strategy aims to establish a comprehensive framework that supports a trusted cyberspace for all stakeholders, including individuals, businesses, and government institutions. The policy ensures that digital transformation progresses without compromising security by fostering innovation and protecting critical information infrastructure. It focuses on mitigating cyber threats, safeguarding national interests, and promoting international collaboration to maintain a resilient and adaptive digital landscape.
The scope of the strategy is broad, covering all aspects of cybersecurity, from prevention and protection to detection and response. It encompasses both public and private sectors, addressing critical infrastructure needs, industries, and individual users. Furthermore, the policy recognises the importance of international engagement, advocating for partnerships with global entities to strengthen Sri Lanka’s cybersecurity posture.
Strategic objectives
- Enhancing cybersecurity awareness and education to develop a population equipped to identify and address cyber risks effectively.
- Strengthening legal frameworks and enforcement capabilities to tackle emerging cybercrimes and ensure justice for affected parties.
- Establishing a robust cybersecurity governance framework to ensure coordinated efforts among stakeholders.
- Improving technical capabilities to prevent, detect, and respond to sophisticated cyber threats.
- Promoting international collaboration to share expertise and resources, building a global network of resilience.
The strategy is underpinned by several key pillars that provide the foundation for its implementation.
Pillars of the strategy
- Legislation and policy emphasise the need to modernise legal structures and policies to address contemporary cyber threats.
- Capacity development, which focuses on empowering individuals and organisations with the skills and knowledge to navigate the digital landscape securely.
- Technology and standards, advocating for the adoption of international cybersecurity standards and innovative technological solutions.
- Public-private partnerships encourage collaboration to leverage resources and share critical threat intelligence.
- Incident response and recovery, establishing mechanisms to minimise the impact of cyber incidents and facilitate rapid recovery.
The implementation mechanisms of the strategy are designed to ensure practical and actionable outcomes. A National Cybersecurity Agency is proposed to act as the central authority coordinating all cybersecurity efforts. The strategy includes sector-specific guidelines to address unique challenges faced by industries such as finance, healthcare, and critical infrastructure. Awareness campaigns are a vital component aimed at fostering a culture of cybersecurity among the public.
The document recognises the challenges posed by rapid digital transformation, the scarcity of skilled cybersecurity professionals, and the dynamic nature of cyber threats. It seeks to address these challenges through targeted measures, including capacity development, technological innovation, and fostering partnerships.