|
National Information and cyber
security strategy

| |
Previously discussed
topics:
1.
Cyber Security Landscape in Sri Lanka
2.
Overview of the National Information
and Cyber Security Strategy
3.
Thrust #2: Legislation, Polices, and
Standards
4.Thrust
#3: Development of a Competent Workforce
5.Thrust #4: Resilient Digital Government Systems and Infrastructure
The Fifth pillar of the
strategy:
Thrust #5: Raising Awareness and Empowerment of Citizens
Our Strategy
The Internet has become important for all aspects of daily life
including education, work, and participation in society. A
considerable segment of society is becoming more and more dependent on
the Internet thereby becoming more vulnerable to cybercrime. A major
reason for such vulnerabilities to cybercrime is lack of awareness
among citizens about possible cyber threats and their consequences.
Theft of identity, stealing of credit card numbers, and privacy
violation and unauthorized access on social media for example are
commonly caused due to the lack of awareness of citizens. It is,
therefore, essential to raise citizens� awareness about emerging cyber
threats and empower them with the knowledge and skills necessary to
defend themselves against evolving cyber threats.
Some facts on the
disclosure of identity and privacy by Sri Lankan youth through social
media

Frequency of changing the password of social media by Sri Lankan youth


Our Initiatives
5.1. National Information and Cyber Security Readiness
Survey
In collaboration with the Department of Census and Statistics, we will
conduct a National Baseline Survey to assess Sri Lankan citizens�
awareness, attitudes and behaviors on information and cyber security
related activities.
5.2. Public�s Awareness of Social Media and Cyber Security
5.2.1. We will extend the services of CERT website to provide a
comprehensive collection of materials and activities relating to
cybersecurity, and incorporate a comprehensive complaints reporting
system to assist victims.
5.2.2. We will increase information and cyber security awareness among
the public through hosting awareness campaigns, organizing public
conferences, street dramas, and so forth.
5.2.3. We will pay special attention to most vulnerable communities in
the society including youth, women and elderly people.
5.2.4. We will use printed and electronic media to reach a broader
population. Content shall be in trilingual format. We will also use
social media as a tool for increasing the information security
awareness of citizens.
5.2.5. We will also enhance the content of well-known government web
sites (e.g. www.gov.lk,www.news.gov.lk, www. defence.gov.lk) with
information and cyber security related materials (e.g. presentations,
and webinars). The Government Call Center (1919) will be also enhanced
to provide basic information on cyber security related matters.
5.3. Introduction of Information and Cyber Security into Curriculums
5.3.1. We will facilitate the Ministry of Education and the National
Institute of Education to include information and cyber security as an
essential part of the informatics curriculum at schools.
5.3.2. We will facilitate the Ministry of Education to increase school
children�s awareness on cyber security. We will also continue to
publish the Cyber Guardian (newsletter on cybersecurity) and circulate
among school and university students to increase their awareness on
latest cyber threats.
5.4. Lifelong Learning Opportunities
With the involvement of Open University of Sri Lanka and Vocational
Training Institutes we will design basic information and cyber
security learning modules for adults. We aim to deliver these courses
through the Open University�s distance learning centers, Nenasala
Centres, vocational training institutes and accredited training
institutes scattered around country.
5.5. Security Ratings for ICT Equipment and Create Awareness Among
Citizens
We will facilitate the Sri Lanka Standards Institute to develop
Security Ratings for ICT products which will enable citizens to have a
clear idea of the level of security that a product offers. We will
also work with ICT product suppliers� associations to supply products
into the market by enabling security settings by default. Through
effective communication channels we will make citizens aware of
security ratings and security features of ICT products.
To be continued....
By:
Dr. Kanishka Karunasena,
Research and Policy
Development Specialist, Sri Lanka CERT|CC
| | | | | |
References | |
1 Statistics on the Internet
growth in Sri Lanka | |
http://www.trc.gov.lk/images/pdf/ | |
statis_sep_2012.doc | |
2.The Dragon Research Group (DRG) | | |
http://www.dragonresearchgroup.org/ |
3.TSUBAME (Internet threat
monitoring system) from JPCERT | CC | |
https://www.jpcert.or.jp/english/tsubame/ | |
4.Shadowserver Foundation | | | | | | | | | |
http://www.shadowserver.org/wiki/ | |
5. Team Cymru | |
http://www.team-cymru.com | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| | | | | | |
| |  | | | |
 | |  |
Phishing anniversary: Here�s a free $50/month
subscription | | |
 | | |
"...The message suggests that
Adidas is offering 2,500 pairs of shoes to celebrate its 69th anniversary,
followed by a link from which to obtain the promised item. If you take a
closer look at the link in the image, you can see that there�s no dot above
the short vertical line that should be the letter �i�. This is a homoglyph
(often referred to as homograph) attack, incorporating a link that looks
legitimate but is actually spoofed by replacing one character with another
that looks the same to the unwary eye. This kind of attack is not new, with
several articles covering the subject such as welivesecurity,
thecomputerperson and Doron Segal on Medium. The structure of the message is
not new either. A few similar campaigns were observed in 2016......" | |  |
Facebook�s Fight Against Bad Content Is a Mess | | |

"...Facebook is trying to
have it both ways.
As a private company, it can ban whatever bad content it wants from its
site, so it outlaws nudity and hate speech. But it also says that it doesn�t
want to be the arbiter of truth, so it doesn�t remove patently false
information that plagues its platform.
Its convoluted�often seemingly arbitrary�policies leave Facebook performing
mental gymnastics to decide what should be banned, and what should remain.
On a day-to-day level, the confusing rules�in addition to the sheer amount
of content uploaded to the platform�mean that a lot of illegal or harmful
content lingers, for countless more eyes to see......" | | | | | |  |
Cyberbullying awareness and prevention | |
|

'...By allowing us to share our stories and communicate with friends,
family, and strangers all across the world, the internet has changed
forever. It would be impossible for many of us to regress to a
pre-wired-in age. Yet, the shift towards a social media-centered
existence hasn�t been without its downsides, and the increasing
prevalence of cyberbullying is one of the most alarming.
Cyberbullying is bullying -- period -- and we must work together to
minimize its negative impact on our society.
Defined by Dictionary.com as, �the act of harassing someone online by
sending or posting mean messages, usually anonymously�, cyberbullying
comes in many forms. It affects adolescents the hardest, but also all
age groups....' | | |
| |  |
IoT Robot Vacuum Vulnerabilities Let Hackers
Spy on Victims | | | |
 | |
| |
'...Researchers have uncovered vulnerabilities in a connected vacuum
cleaner lineup that could allow attackers to eavesdrop, perform video
surveillance and steal private data from victims.
Two vulnerabilities were discovered in Dongguan Diqee 360 vacuum cleaners,
which tout Wi-Fi capabilities, a webcam with night vision, and smartphone-controlled
navigation controls. These would allow control over the device as well as
the ability to intercept data on a home Wi-Fi network.
�Like any other IoT device, these robot vacuum cleaners could be marshaled
into a botnet for DDoS attacks, but that�s not even the worst-case
scenario, at least for owners,� Leigh-Anne Galloway, cybersecurity
resilience lead at Positive Technologies, said on Thursday....' | |  |
D-Link, Dasan Routers Under Attack In Yet
Another Assault | | |
 | | |
'....Dasan and D-Link routers running GPON firmware are being targeted
by hackers in an attempt to create a botnet.
Unpatched D-Link and Dasan GPON router vulnerabilities are being
targeted by hackers attempting to build a botnet army, according to
research published Friday by eSentire Threat Intelligence.
Researchers observed on Thursday a massive uptick in exploit attempts
from over 3,000 different source IPs targeting model D-Link 2750B and
Dasan GPON routers running a version of the GPON firmware....' | | |
| |
|
|
Month in Brief | |
Facebook Incidents
Reported to Sri Lanka CERT|CC in June 2018 | |
 | |
| |
Statistics - Sri Lanka CERT|CC | |
|
| | |
| | |  |
Google is bringing its human-like
conversational AI to the contact centre | |
 | |
'...WaveNet is �a deep generative model of raw audio waveforms�
developed by the Google's UK subsidiary DeepMind and announced in
2016. It promises the ability to �generate speech which mimics any
human voice and which sounds more natural than the best existing
Text-to-Speech systems, reducing the gap with human performance by
over 50 percent.�
In a blog post, Fei-Fei Li, chief scientist at Google AI wrote: �When
we studied the challenges faced by real contact centres every day, we
found that customers often have simple transactional or informational
requests....' |  |
Mining Cryptocurrency: Everything You Need To
Know | |
 | |
"...The easiest way to
understand cryptocurrency mining is that it isn�t mining in the traditional
sense of the word.
Mining is a way of validating transactions on the blockchain.
Instead of someone at a bank or a clearing house making sure transactions
are legitimate, people who run mining software (miners) do this job instead.
While someone at a bank might get paid a salary, miners are rewarded for
their work in the form of cryptocurrency.. .." |  |
How to handle Windows 10 updates | |
 | |
�...Confused about how updates work in Windows 10? Join the club. In
this latest version of its operating system, Microsoft has transformed
what was once a straightforward procedure into a seemingly complicated
process that varies according to whether you have Windows 10 Home,
Windows 10 Pro or an enterprise or education edition. As a result, there
have been lots of misperceptions about how Windows 10 Update works, and
how to best use it......� |  |
Facebook plans to enter China by setting
up local subsidiary: Report | |
 | |
."...Facebook has set up a subsidiary in Hangzhou, China, with
registered capital of $30 million, Chinese technology website 36kr.com
reported on Tuesday, citing an official business registration filing.
According to the report, the new company, fully owned by Facebook Hong
Kong Limited, completed the business registration this month at the
local government of Hangzhou, where Chinese ecommerce giant Alibaba is
headquartered. ...." |
|