Information and cybersecurity policy for all govt. entities

With the state institutions increasingly falling victims of cyberattacks and data breaches, the Cabinet of Ministers this week approved to implement an information and cybersecurity policy, in line with the globally recognised information protection standards for government institutions to mitigate such risks.

President Ranil Wickremesinghe, in his capacity as the Technology Minister, on Monday sought the approval of the Cabinet of Ministers to implement the proposed information and cyber protection policy in relation to government institutions.

“It is compulsory to implement this policy by all the state institutions defined as the ‘Competent Authority’ in Right to Information Act No. 12 of 2016,” the Government Information Department said.

The policy has been drafted by the Sri Lanka Computer Emergency Readiness Team (SLCERT) in concurrence with the National Information and Cyber Security Strategy of Sri Lanka 2019-2023
According to the Government Information Department, cybersecurity in relation to state institutes remains largely neglected while they increasingly move to operate on digital systems, leading to heightened 
cybersecurity concerns.

“Although there is a trend in the state institutions to operate on digital systems, the information and information technology systems of those institutions have been exposed to extreme risk, due to not paying sufficient attention to information and cyber protection, utilisation of age-old technology as well as the shortage of skilled staff required for the cybersecurity management in the state sector,” the Government Information Department said.