• Only 25–30% of critical State infrastructure currently linked to monitoring network 
• Govt. aims to connect 37 priority institutions within next quarter 

The Finance Ministry’s IT infrastructure is yet to be fully integrated into the National Cyber Security Operations Centre (NCSOC), Deputy Minister of Digital Economy Eranga Weeraratne said in the aftermath of the controversial cybersecurity breach reported last week.

Speaking to The Sunday Morning, he further revealed that the integration process was underway and had to be expedited. 

Speaking on the Government’s cybersecurity preparedness following $ 2.5 million meant for a foreign debt repayment being diverted to a hacker through fraudulent instructions, Weeraratne said that the Finance Ministry remained a priority for integration into the national monitoring platform in the wake of recent concerns surrounding the ministry. 

The NCSOC is a 24-hour monitoring facility equipped with Artificial Intelligence (AI)-enabled tools designed to detect cyber threats in real time and respond before incidents escalate. 

While the centre is already operational, the Deputy Minister said that connecting the Finance Ministry was essential to strengthen protection against future vulnerabilities. 

“We have to first integrate with these monitoring tools. It is only then that the tools generate reports identifying the vulnerabilities,” he said. 

He added that integration was essential in order to identify security gaps and direct institutions to address them promptly. 

Weeraratne said that, so far, no evidence had been found of a system hack or email breach within the ministry itself. 

Instead, authorities are probing an incident involving a foreign party allegedly impersonating a legitimate company.

He said that once institutions were linked to the NCSOC, authorities would be better placed to detect the kinds of technical loopholes that enabled such fraud or deception.

At present, only around 25–30% of the country’s critical public infrastructure has been connected to the centre. The Government has identified 37 key institutions for integration, with the remaining connections targeted for completion within the next quarter. 

The Deputy Minister said that expanding coverage across high-risk institutions was now a priority as Sri Lanka continued to digitise public services.

The NCSOC, launched in September 2025 under the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT), functions as a centralised monitoring hub to protect critical national information infrastructure.