The Root CA of the National Certification Authority. ( https://nca.gov.lk/ ) is the highest level Certification Authority in Sri Lanka. The National Certification Authority (NCA) is the overall governance as well as the standard setting entity to facilitate the smooth and effective functioning of Certification Service Providers (CSPs).
The launch of the Nation’s first National Information and Cyber Security Strategy was a major milestone in the history of Sri Lanka CERT. The five-year implementation plan (2019-2023) of the strategy is currently in progress.
Sri Lanka CERT obtained operational independence from ICTA to function directly under the Ministry of Telecommunication and Digital Infrastructure, and Foreign Employment.
The Computer Security Incident Response Team for the Education sector (EduCSIRT) was established with a mandate to respond to cyber security related incidents in the education sector, and to conduct capacity building activities for ICT teachers in schools.
Sri Lanka became a state party to the Council of Europe’s Convention on Cybercrime (ETS 185 of 2001). This was a historic policy achievement, as Lanka became the first country in South Asia (the 2nd country after Japan, in Asia) to accede to the Convention.
Together with the Central Bank of Sri Lanka and the Sri Lanka Bankers Association, successfully established the Financial Sector Computer Security Incident Response Team (FinCSIRT), whose mandate is to receive, review, process and respond to computer security incidents affecting Banks and Financial Institutions in Sri Lanka, whilst escalating unresolved issues to Sri Lanka CERT|CC.
In order to reflect the establishment of industry sector-based CSIRT’s in the country, Sri Lanka CERT transformed itself to being a CERT Coordinating Centre by successfully applying and obtaining authorization to be included in the global CERT listing as a Coordinating Centre.
Obtained the membership of the Forum of Incident Response and Security Teams (https://www.first.org/ ) which is an international body of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.
Obtained the membership of Asia Pacific Computer Emergency Response Team (https://www.apcert.org/ ) which is a trusted network of computer security experts in the Asian region whose aim is to improve awareness and competency in relation to computer security and to develop measures to deal with large-scale security incidents.
Sri Lanka CERT was established as a subsidiary of ICTA
I have been working with Sri Lanka CERT from the beginning of 2019. All my experiences with them have been very professional and positive. Working under the Cyber4Dev project I have been worked with dozens of different CERTs all over the world and I have to say that Sri Lanka’s CERT is one of the most mature, professional and active. All agreements with them have been held, all employees are very professional and motivated. We have been achieved a lot with this short period. I know that my cooperation with them will continue with the same enthusiasm and I strongly recommend them as a trustful and efficient partner.