• Govt. awaits committee findings on dividing national, civilian cybersecurity roles
• New authority to gain powers to enforce fixes, take non-compliant systems offline
• NCSOC to provide real-time threat detection across critical national platforms
• Bill to be fine-tuned after report before Cabinet, parliamentary approval

The enactment of the Cyber Security Bill is expected to be delayed until the Government-appointed committee tasked with developing a national cybersecurity implementation strategy publishes its report, according to the Deputy Minister of Digital Economy. 

Speaking to The Sunday Morning Business, Deputy Minister of Digital Economy Eranga Weeraratne stated that a committee had been formed to develop a strategy for implementing cybersecurity in the country, which was expected to submit its report later this year. 

He further noted that the enactment of the Cyber Security Bill and the establishment of the Cyber Security Authority and the National Cyber Security Operations Centre (NCSOC) under the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) would be postponed until the reception of the committee’s report.

Weeraratne revealed that the Government was awaiting this report because the committee would be analysing how the cybersecurity functions would be demarcated between these two new entities. 

“We have to decide the way forward when it comes to national cybersecurity and civilian domain cybersecurity,” he stated.

Commenting further, he revealed that the Cyber Security Bill had already been drafted, but noted that it would require additional fine-tuning once the committee’s report was received.

“The committee will submit the report in a couple of months. Thereafter, we have to put this bill before the Cabinet and then obtain approval from Parliament,” he explained. 

Speaking to The Sunday Morning Business in June, Weeraratne revealed that the mandate of the Cyber Security Authority would include the enforcement of cybersecurity measures.

He noted: “Sri Lanka CERT can only provide guidelines at present; it can perform an assessment and issue recommendations to those entities. However, it cannot mandate this without fixing existing security issues – the relevant businesses cannot go live.”

Accordingly, he stated that the Cyber Security Authority would be empowered to mandate the resolution of cybersecurity issues and, where necessary, to enforce compliance by taking offenders offline.

He further revealed: “We are going to build the NCSOC, which will have real-time detection facilities. For that, we will be procuring software solutions to monitor in real time the security and threats to platforms of all the critical systems in Sri Lanka.”