The importance of Information Security (IS) in the banking industry has grown exponentially over the past few years due to a combination of factors, namely regulatory requirements mandating information protection, the growth of electronic banking and the increasing number of individuals (employees, customers and third parties) with access to enterprise data.
Some banks are probably more advanced at adopting defensive measures in building resilient IT systems, having established sophisticated processes with latest technology to protect data and related infrastructures. These select institutions have the resources to manage their own special security systems to maintain security networks and to continuously improving their platforms.
Although most Sri Lankan banking and financial institutions are taking initiatives to establish information security measures, there is presently no formal collaboration between these institutions to pool critical information and knowledge for greater synergies in fighting threats and attacks, which are more often similar by nature.
Security is a dynamic process. Attacks against systems are evolving, as hackers and fraudsters continuously identify new ways to break through corporate security shields. Thus, the most important part of an information security program is implementing processes to continuously assess security risks in order to allow them to respond as quickly as possible with stronger controls if necessary.
In view of the above, Sri Lanka CERT|CC (Computer Emergency Readiness Team | Coordination Center), the national CERT of Sri Lanka devised a concept of setting up critical sector based CSIRTs for Banking, Military, Education and Internet Services.
As a result a sector-specific CSIRT (Computer Security Incident Response Team) for the Banking and Finance sector named ’Bank CSIRT‘ was launched on 1st of July 2014 , at the Central Bank with the auspices of the Chief Guest Mr. Lalith Weeratunga – Secretary to His Excellency the President. Whilst, Mr. Weeratunga delivered the Keynote Address at this occasion, Mr. Ajith Nivard Cabraal – Governor of The Central Bank of Sri Lanka, Mr. B D W A Silva – Deputy Governor of the Central Bank of Sri Lanka, Mr. Lal Dias – CEO Sri Lanka CERT and Mr. Sunimal Weerasooriya – GM/CEO of LankaClear addressed the entire banking community who were present at the event. Mr. Weeratunga launched the Bank CSIRT Web Site by sending out the first Informational Alert to all Member Banks.
This critical innovative service is hosted and managed by LankaClear under the guidance of the Central Bank of Sri Lanka and the support of Sri Lanka Cert|CC with the blessings of the Sri Lankan Banks Association (SLBA).
The CEO of Sri Lanka CERT|CC, Mr. Lal Dias commenting on the initiative stated; “Bank CSIRT will be one of many sector-specific CSIRTs established under the umbrella of Sri Lanka’s National CERT - Sri Lanka CERT|CC. The formation of a centralized trusted body to handle Information Security related incidents in the Banking and Finance sector will undoubtedly help address most of the sector-specific issues. Additionally, knowledge gained by resolving an incident of one particular bank can be utilized to resolve other affected banks and enable the issuance of early warnings and alerts in order that the other banks can take preventive measures. Bank CSIRT can also disseminate information received from international Computer Emergency Response Teams (CERTs)/ (CSIRTS) relating to new cyber security threats enabling individual banks and financial institutions to take proactive action.”
GM/CEO LankaClear - Mr. Sunimal Weerasooriya added; "We at LankaClear are proud that we were invited to host and manage the Bank CSIRT, which is a pioneering initiative for the financial sector. With every innovation we have introduced over the past decade, LankaClear has moved Sri Lanka towards a digital era of transactions and with it we have introduced complementary information security services. In 2009 the National Payments Council (NPC) convened by the Central Bank of Sri Lanka invited LankaClear to be the Financial Sector Certification Service Provider (CSP) in Sri Lanka, and as a result a range of services were introduced to the market under the brand name of “LANKASIGN” in accordance with the Electronic Transactions Act. “Bank CSIRT” is another mantle in our security product portfolio and we are proud to be part of this futuristic national initiative that will reap true benefits to our country. Mr Weerasooriya thanked the Central Bank, Sri Lanka CERT and the Sri Lanka Banks Association for the initiative taken to establish the Bank CSIRT and the valuable work that was put in to structure this unique entity.”
About Sri Lanka CERT|CC
Founded in 2006, the Sri Lanka Computer Emergency Readiness Team | Coordinating Centre (Sri Lanka CERT|CC), a fully owned subsidiary of the ICT Agency of Sri Lanka, is mandated with the protection of Information and Information Systems in Sri Lanka. Its services range from responding to and investigating information security breaches, to preventing security breaches by way of awareness creation, security assessments and security capability building. It is a member and the national point of contact, for both the Asia Pacific Computer Emergency Response Team (APCERT) and the Forum of Incident Response Security Teams (FIRST), which are regional and global associations respectively, formed to coordinate security efforts between nations. Learn more at www.cert.gov.lk
LankaClear (Pvt) Limited, one of the country’s most successful public-private partnerships, is Sri Lanka’s national payment infrastructure provider. The company is jointly owned by the Central Bank of Sri Lanka and all Commercial Banks. LankaClear’s product offering include the Cheque Imaging And Truncation System (CITS), “LankaPay” - Common Payment Network: Common ATM Service / SLIPS Electronic Money Transfer Service and LankaSign Certification Service Provider among several other critical payment system infrastructure offerings.
« Back to News Index