SL becoming potential cyber attack target by terror groups ?

16 July 2019 12:07 am Views - 1753

 

The repression of insurgency and terrorism are hard to achieve, yet what is even more difficult is the containment and sustainability of the victories. In Sri Lankan context, in 2009 Sri Lankan government claimed an emphatic victory by defeating the LTTE who were engaged in a 30-year conflict with the Government. That victory had been sustained over the ten years that passed. The deadly multiple terrorist attack on Easter Sunday (21/4), believed to have been carried out by an ISIS affiliated local group, and tranquillity of the country has once again been disrupted. It is clear that there were lapses in security despite early intelligence warnings provided by various sources, and such warnings had not been heeded. Questions are being asked about the complacency of the government and soul searching has begun seeking answers to crucial failures in the provision of security.   


The use of hard power, the military option, in the first instance of a dispute has shifted from battle field to the cyber space. That has made the use of Cyber space by individual state actors and groups an effective means to engage in espionage and a wide range of criminal activities. The terrorists are one particular group that have taken advantage of cyber space. And the world has been put on alert from potential cyber threats, not only to powerful nations but also to vulnerable smaller nations alike. The use of sophisticated Information and Communication Technology (ICT) is playing a part in combating these security threats, but the terrorists have been too smart in using weaknesses in technology to remain a step ahead.  


Following the 21/4 attack there were series of cyber-attacks believed to have been launched by the LTTE. These types of attacks are not a new phenomenon to SL. The LTTE had used cyber-attacks during the Sri Lankan conflict, and has carried out cyber-attacks on Sri Lankan government websites. In doing so, the group has proven their capability in the use of new Information Technology for the purpose of creating threat perceptions in the minds of the target users. That has compelled the Sri Lankan government to be more concerned and focus on informational security.   


The LTTE also conducted propaganda campaigns to raise funds from the Tamil diaspora and international sources using social media platforms. That was not all, criminal activities such as cloning of credit cards and credit card fraud had been carried out using ICT. In an examination of the LTTE’s military operations against the Sri Lankan state it became apparent that the LTTE had launched cyber-attacks on the country’s websites and its missions abroad.  


In order to counter the LTTE’s cyber activities at that time, the Sri Lankan Government had adopted an online cyber strategy which included coercive and preventive methods of countering the cyberspace of the LTTE. The Government had imposed a local ban on the www.tamilnet.com during the start of the Eelam War IV signalling that government was offensive against the LTTE’s media space on the Internet.   


Against that background, Sri Lankan government and the military sought technological support from experts to prevent LTTE attacks on Government websites. In addition, at the organizational level, the Ministry of Defence took measures to revive its armed forces and police websites and provided 24-hour news updates. By taking coercive and preventive measures, the government had been successful in averting potential cyber threats. These measures enabled to counter the LTTE propaganda news reports internationally, and whilst at the same time attracting Sinhalese diaspora as well.   


Soon after Easter Sunday terror attacks, Sri Lanka computer emergency response team reported that few local websites with .lk or.com domains including that of the Kuwaiti Embassy in Sri Lanka had been subjected to cyber-attacks. Among the websites affected were private companies as well as the Rajarata University and Sri Lanka Tea Research Institute (TRI) in Talawakelle. This attack occurred as Sri Lanka marked the tenth anniversary since the war against the LTTE ended, and the report further suggested that perpetrators were a group identified as the Tamil Eelam Cyber Force. This pattern of attacks raise serious questions whether the attacks could have been avoided had the security services been aware of the capabilities and capacities of LTTE and remained vigilant on post conflict threats from the LTTE. However, the TechCERT suggests that LTTE has intentionally picked vulnerable websites equipped with minimum cyber security measures. If that was the case, general public and security services should work together to tackle cyber-attacks by raising public awareness on preventive measures to safeguard against future threats.   


The Easter Sunday attack has created another dimension to cyber threats. The country is facing a new threat from ISIS, and Islamic fundamentalists affiliated to them. The ISIS blow back from Iraq and Syria is similar to Afghanistan when Al Qaeda was dismantled. Despite the battlefield losses and losing ground in Iraq and Syria, the multiple suicide bombings in Sri Lanka demonstrated that the so-called ISIS is entering a new phase of global expansion. Reviewing the capabilities of ISIS, it becomes apparent that there were instances when it has used their cyber capacities to disrupt the stability of countries. Number of questions that need to be asked are, whether the nation is ready to face any potential cyber threat in the aftermath of recent incidents, and the challenges that it would have to face in the future. Furthermore, does Sri Lanka possess sufficient capacities and the right capabilities? In a global dimension, no country can sit back and be complacent about the threats from cyber-criminals because of unimaginable consequences that may even bring the entire country to a standstill. Therefore, taking preventive measures either individually or collectively must be a priority for all.   


The ISIS used social media platforms to spread propaganda mostly through social media radicalising a minority of Sri Lankans. Furthermore, social media sites, mainly face-book, were used to spread hate speeches online to provoke anti-Muslim violence. In the aftermath of Easter Sunday attack, Sri Lanka took action to block social media sites, including Facebook, WhatsApp, YouTube and Snapchat. The over-riding intention of this action was to prevent further inflammatory disinformation being posted, reduce tensions, avoid escalation of sporadic incidents and incitements for violent retaliations in potential flash points. Prior to this, social media platforms in the country came under government scrutiny last year and a ban was imposed then. Recent banning orders appear to be temporary measures to quell public fears and anxiety, and to bring the current situation under control.   


Sri Lanka CERT|CC (Computer Emergency Readiness Team | Co-ordination Centre) which directly comes under the Ministry of Digital Infrastructure and Information Technology acts as the focal point for cyber security. Its responsibility is to provide advice on potential risks, latest threats, vulnerabilities of computer systems, and to assist the nation in responding to, and recovering from cyber attacks. The next are the Computer Emergency Response Teams (CERTs) and the Finance Sector Computer Security Incident Response Team (FINCSIRT). These are specialised service units responsible for receiving, reviewing, processing and responding to computer security alerts, and incidents affecting the banks and other licensed financial institutions in the country.  


These three outfits currently work largely within their own client domains apparently with little coordination. However, faced with a national security threat ahead, they would have been expected to work together pooling all their technical resources. Failure to do so would make the country prone to cyber-attacks, and it would not be easy to prevent cyber-attacks as the source of the attacks would be hard to trace. In addition, a review of cyber-security aspects and a new Cyber Security Bill are necessary for setting up a National Cyber Security Agency (NCSA) with delegated responsibility for all cyber security activities.   


Cyber threats have gone beyond boundaries and therefore, international cooperation plays a vital role in countering cyber threats. Cyber threats often come as both internal and external threats, and those against the states could affect the financial sector, industrial sector, and tourism sector; or, the military and assets. Therefore, the states need to have well collaborated and coordinated mechanisms comprised with both military and civilian organizations. In support of that, Sri Lanka has already demonstrated its desire to engage by signing the Commonwealth Cyber Declaration, agreed in 2018. In doing so it is reported that members of the Commonwealth agreed to support a cyberspace that supports economic and social development and rights online, to build an effective national cyber security response, and to promote stability in cyberspace through international cooperation.   

 

Cyber threats have gone beyond boundaries and therefore, international cooperation plays a vital role in countering cyber threats


Furthermore, The European Union (EU) and its member countries are at the forefront of this international effort to deal with global cyber security issues. According to the reports, the EU is committed to helping countries like Sri Lanka to address the challenges of cyber security and pave the way for a more robust, resilient and reliable cyber infrastructure. Initiating this collaboration between the EU and the Ministry of Digital Infrastructure and Information Technology, the Cyber Resilience for Development (CYBER 4DEV) Project has been launched. The British, Dutch and Estonian governments are the partners for the implementation of the project. These EU funded project aims to increase the security and resilience of information infrastructure and networks supporting public and private enterprises, infrastructure and utility services. Through these initiatives, it would be possible for Sri Lanka to obtain technical and financial support in implementing projects and increase awareness of decision makers on cyber security issues to increase organizational capacities to prevent cyber security incidence.  
Vibushinie Bentotahewa - BSc (Colombo), MA (Buckingham University-UK) is currently pursuing her PhD in Cyber diplomacy at Cardiff Metropolitan University. Her research interests are Nation state attacks, regulations and laws affecting cyber security.


Dr. Chaminda Hewage – BSc Eng. (Hons) (Ruhuna), PhD (Surrey – UK) is an Associate Professor in Data Security at Cardiff Metropolitan University – UK. He is an expert in data security and research on human/social factors and emerging threats in cyber security. He is the principal investigator of a number of EU funded projects looking at various frontiers of cyber security.