Sri Lanka National Capacity Building Initiative in Cybercrime Forensics, Cybersecurity and Cyber Intelligence

Dr Abhaya Induruwa delivers the keynote address at the Cybersecurity Industry Forum in Sri Lanka

abhayaSL3_1

Dr Abhaya Induruwa, Director of the Centre for Cybercrime & Security Innovation (CCSI) recently delivered the keynote address at the Cyber Security Industry Forum organised by Sri Lanka Telecom in collaboration with the Sri Lanka CERT|CC (Computer Emergency Readiness Team| Coordination Centre).  The theme of Abhaya’s address was the importance of National Capacity Building Initiative in Cybercrime Forensics, Cybersecurity and Cyber Intelligence in Sri Lanka. The event held at Hotel Hilton Residencies, Colombo, Sri Lanka was attended by more than 150 CIOs, CISOs, CEOs and other security industry personnel.

abhayaSL3_2

In the introduction Abhaya talked about Morris worm which appeared in 1988 that alerted United States DARPA (Defence Advanced Research Projects Agency) to set up the first Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburgh.  Today every country has a CERT|CC (Coordination Centre).   He then went on to talk about ‘The Cuckoo’s Egg’, the first ever comprehensively documented case of catching a spy in 1989 by Astronomer turned Systems Administrator Clifford Stoll.   In order to catch the hacker Cliff implemented the first known Intruder Detection System (IDS), however basic that may be.  He then turned to STUXnet, world’s first digital weapon designed to cause physical damage to equipment controlled by computers.  STUXnet was launched against Iran in 2010 and crippled their Uranium enrichment facilities by damaging the centrifuges connected to SCADA (Supervisory Control And Data Acquisition) controllers.

abhayaSL3_3.jpg

In the next part of the talk Abhaya focused on the six major cyber threats as identified by the industry.  They are:

  • Growth of new Malware (18 million new malware samples Q3 of 2016)
  • Rise and impact of Ransomware (volume and frequency)
  • Ransomware in combination with Phishing (email containing some form of ransomware grew to 97.25% in Q3 of 2016, up from 92% in Q1 of 2016)
  • Overconfidence users and phishing (a study indicated that a higher percentage of users actually clicked than the percentage who admitted that they clicked)
  • Dark Web (web sites that exits on Darknets – encrypted networks built using TOR (The Onion Router) protocol. These web pages are not indexed by traditional search engines)
  • Cryptocurrencies – a distributed, decentralised, digital cash system that permits permission less, irreversible, untraceable transactions.

The Darkweb combined with Cryptocurrencies provide a strong platform for cybercriminals to thrive and cybercrime to flourish, and thus presents a major challenge to investigators of cybercrime.  Our limited understanding of Darknets makes it difficult to control crime committed using these platforms.  However there are three further areas that are seen by the industry as major challenges.  They are:

  • Big Data – Our connected, digital world produces data at an accelerated pace. The volume of data that is 4.4 zettabytes (1 ZB is 10^21 bytes or 1 billion TB) in 2013 is projected to grow to 44 zettabytes by 2020.
  • Data Centres in the Cloud – while giving flexible architectures to provide storage and computational power solutions, the fact that data may reside in multiple jurisdictions that hinders forensic examination and the vulnerabilities that exist due to the way the data is stored, transported, used and discarded cause major concerns.
  • Internet of [Every]Things – several billions of connected devices that are inherently insecure because they are not capable of supporting elaborate security mechanisms. Generate humongous amounts of data (adding onto Big Data problem).  Large battalions of IoT devices have been reported to have launched massive DDOS attacks.  Smart vehicles/smart homes/smart cities will pose their own set of threats, dangers and challenges.

After setting the stage Abhaya then went onto outline his proposal to establish the Sri Lanka 3CENTRE – Cybercrime & Cybersecurity Centre of Excellence in Teaching, Research & Education.

abhayaSL3_4.jpg

He argued that suitably trained and educated manpower is needed in every country to:

  • combat crime;
  • collect intelligence;
  • understand how cybercrime is committed;
  • judge progressing cybercrime;
  • undertake advanced research;
  • investigate and bring the perpetrators to books;
  • understand the future of cybercrime;
  • how to carryout forensics;
  • how to protect our networks, services and users.

He drew the attention of the audience to a number of similar national capacity building initiatives in the UK, USA and countries in Asia & Europe.   He emphasised the need for Law Enforcement, Industry and Academia to work together in providing suitable platforms for training, education and research.  He also emphasised the importance of public/private sector partnership in realising the objectives of 3CENTER project.  The training provision should look after short term, highly specialised training & certification and provide CPD and updates whereas the education angle should cover long duration courses at undergraduate (BSc) and taught postgraduate (MSc) levels.  The latter is best delivered by the universities.  The 3CENTRE proposes to undertake specialised/classified training and research while the more general research leading to MSc by Research, MPhil, PhD qualifications is left to the university sector.

Abhaya concluded his keynote by summarising Sri Lanka’s preparation in terms of enacting legislation to combat cybercrime through Computer Crime Act of 2007 and noted that Sri Lanka has ratified The Convention on Cybercrime of the Council of Europe (Budapest Convention) in 2015 and the United Nations Convention on the Use of Electronic Communications in International Contracts the same year.  A panel discussion followed.

Abhaya and colleagues of the School of Law, Criminal Justice and Computing, who have long experience in implementing similar projects in Europe and in the UK, are hoping to play a leading role in making the Sri Lankan 3CENTRE project a success.

 

Bibliography

Ceylon Today. (2017) SLT holds industry forum on cyber security. Available at: http://www.ceylontoday.lk/print20170401CT20170630.php?id=25109 (Accessed: 14 July 2017)

The Island. (2017) SLT holds industry forum on cyber security. Available at: http://www.island.lk/index.php?page_cat=article-details&page=article-details&code_title=168015 (Accessed: 14 July 2017)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s