Content uploaded by Kasun Rukmaldeniya
Author content
All content in this area was uploaded by Kasun Rukmaldeniya on Feb 20, 2020
Content may be subject to copyright.
LAWS IN SRI LANKA TO PREVENT THE CYBER-ATTACKS
AND ANALYZE WHETHER THESE LAWS ARE SUFFICIENT
TO PREVENT A CYBER-WARFARE IN FUTURE
KASUN RUKMALDENIYA
13/01/2020
1
Contents
Chapter one ................................................................................................................................ 3
1.0 Introduction ................................................................................................................. 3
1.1 Background of the study ............................................................................................. 3
1.2 Research problem statement ........................................................................................ 4
1.3 Aim .............................................................................................................................. 5
1.4 Objective ..................................................................................................................... 5
1.5 Research questions ...................................................................................................... 5
1.6 Chapter summary ........................................................................................................ 5
Chapter two ................................................................................................................................ 6
2.0 Introduction ................................................................................................................. 6
2.1 Cyber-crimes explained by various researchers .......................................................... 6
2.2 Types of Cybercrimes ................................................................................................ 6
2.2.1 Espionage ............................................................................................................. 6
2.2.2 Sabotage ............................................................................................................... 7
2.2.3 Cyber terrorism .................................................................................................... 7
2.2.4 Electric power grid ............................................................................................... 7
2.2.5 Economic disruption ............................................................................................ 7
2.2.6 the other types of cyber-crimes ............................................................................ 7
2.3 How cyber-crimes lead to a cyber-warfare ................................................................. 8
2.4 Chapter summary ........................................................................................................ 8
Chapter Three ............................................................................................................................. 9
3.0 Introduction ................................................................................................................. 9
3.1 Theory of research ...................................................................................................... 9
3.2 Methodology ............................................................................................................... 9
3.2.1 Sources of data ..................................................................................................... 9
3.2.2 Research approach ............................................................................................... 9
2
3.3 Reliability of the research ........................................................................................... 9
3.4 validity of the research ................................................................................................ 9
3.5 Limitations of the research ........................................................................................ 10
3.5.1 Limitation of time .............................................................................................. 10
3.5.2 Being fully dependent on secondary data .......................................................... 10
3.6 Areas for further research ......................................................................................... 10
3.7 Chapter summary ...................................................................................................... 10
Chapter Four ............................................................................................................................ 11
4.2 Analysis of Computer Crimes ACT No. 24 of 2007 ................................................. 11
4.1 Analysis of Intellectual Property ACT No.36 of 2003 ............................................. 11
4.3 Analysis of Cyber Security Bill ................................................................................ 11
4.4 Electronic transactions act 19 of 2006 ...................................................................... 12
Chapter Five ............................................................................................................................. 13
Opinions ............................................................................................................................... 13
Suggestions .......................................................................................................................... 13
Chapter Six ............................................................................................................................... 13
Conclusion ........................................................................................................................... 13
Chapter Seven .......................................................................................................................... 14
Bibliography ......................................................................................................................... 14
3
Chapter one
1.0 Introduction
‘Cyber warfare is as much about psychological strategy as technical prowess ’
- James Scott, Senior Fellow, . Institute for critical infrastructure technology -
We are living in a period where ‘Bytes are replacing bullets in the crime world’.
Cyberwarfare is a huge issue that is being highly discussed in the world at present. Even the
developed countries have identified this as a big security problem.
Within this technology era, there is a need of having a sound cybersecurity law in order to
cope up with the issues that arise in the state. While most of the users see cyberspace as a
source of technology advancement to create innovations, another set of people see it as an
opportunity for looting the rights and privacy of others, which ultimately drives towards
several issues and create the atmosphere towards a cyber-warfare in future. To deal with
these issues and in order to prevent the occurrence of cyber-warfare in future, the possibility
of the Sri Lankan laws and regulations is questionable.
1.1 Background of the study
Cyber-attacks and the laws to prohibit them are explained by previous researches in
different ways. According to IEEE Security and Privacy (Langner, 2011) cyber warfare
concerns the use of cyber-attacks as an instrument of warfare. Cyber-attacks are related to
the. use of cyber militias in cyber warfare, policy and legal issues concerning. state use of
cyber capabilities, military principles for conducting. cyber warfare and strategic deterrence of.
cyber-attacks against. national infrastructure. (Jayasekara & Rupasinghe, 2015) explained
that the advancement of. technology such. because the web has provided. people. and
organizations with. a method to each commit new sorts of. crimes and adopt new strategies
of. committing. ancient. street crimes From on-line fraud to cyber-stalking to viruses,
countless individuals worldwide ar tormented by on-line deviant behaviour. everyday web
crime is quickly turning into one. of the most importantst} and most threatening issues for
each enforcement and also the public at large. “The computer is rapidly increasing society’s
dependence upon it, with the result that society becomes progressively more vulnerable to
computer malfunction, whether accidental or deliberately induced, and to computer
manipulation and white-colour law-breaking” (Weeramantry, 1998)
In Sri Lanka, during the recent years, a considerable number of cyber-crimes have been
reported to the SLCERT - Sri Lankan Computer Emergency Readiness Team as well as to
the Cyber-Crime Unit in Sri Lankan police. Although some cases were properly solved, in
4
some cases the fair solution have not gained due to the unavailability of cyber laws for some
special cases.
Through. this study. the researcher. aims to identify and analyze whether the existing Sri
Lankan cyber law is powerful enough to protect the nation from a warfare which might be
happening in future.
1.2 Research problem statement
As a developing country Sri Lanka, the consideration about the matters related to
cybersecurity is relatively lower. During past few years many cyber-crimes were recorded
within Sri Lanka. Even though there are a set of rules and regulations to manage them, there
influencing capacity is questionable. There is a considerable gap between the law
requirement to prevent a cyber-warfare in future and the existing cyber law framework in Sri
Lanka.
This study aims to give a clear understanding about;
Laws in Sri Lanka to prevent the Cyber-attacks and whether these laws are sufficient
to prevent a cyber warfare in the future.
5
1.3 Aim
Understand and analyze the issues related with cybersecurity and the capacity of the Sri
Lankan legal framework to withstand the cyber-warfare by eliminating the gaps in the law.
1.4 Objective
The main. objective. of this. study is to analyze and understand about the laws in Sri Lanka to
prevent the Cyber-attacks and the possibility of those laws to prevent a cyber-warfare in
future
1.5 Research questions
• Is the Sri Lankan law powerful to prevent the future cyber-crime warfare?
• What are the strengths of existing laws in Sri Lanka to prevent a cyber-warfare in the
future?
• Is there a gap in the existing legal framework and the required legal standard to
prevent a cyber-warfare in the future?
1.6 Chapter summary
This chapter simply explains the expected outcome of the researcher. The existing literature
regarding this matter and will be explained with the arguments available in various existing
studies. The data collected by various sources will be used for the study and this will help to
understand the capacity of the Sri Lanka law to prevent cyber-warfare and recommendations
will be given by analyzing the conclusions that emerge.
6
Chapter two
2.0 Introduction
All most all the sectors in a state are becoming highly depending on technology in this
technological era. Even the sensitive data are shared among individuals via the
technological media. When these data of others falls into wrong hands, it may cause for
many privacy and security issues. With the increasing use of technology, the impact of
cybersecurity also has increased. Many cyber-crimes have been happened during past
years in Si Lanka.
2.1 Cyber-crimes explained by various researchers
During a conference on Cyber-warfare, which was held in 2011, former Lieutenant general
Jagath Jayasuriya explained that now the entire world is facing a threat of a cyberwar as the
cyberspace is acting as an information superhighway across entire world, making the
concept of ‘Global village’ a reality. Within this global village, several cyber issues have
arisen causing many disturbances to the society. The researchers have identified several
cyber issues in the world.
2.2 Types of Cybercrimes
“Cybercrime refers to any illegal activity that occurs in the virtual world of cyberspace.”
(Reyns, Bradford; Henson, Billy; Fisher, Bonnie, 2011)
Cybercrimes include Espionage, Sabotage, Cyber terrorism, Electric power grid, Economic
disruption, Cyberbullying, Cyber Stalking, Sexting,violation of privacy, violation of intellectual
property, scams, malware, social media related issues etc. Among these crimes, fake
account crimes are highly reported from Sri Lanka. The cyber-crimes have been increased
up to 5831 during the period of 2008 to 2018. (CERT|CC, 2017). (Goonathilaka, 2011) has
termed the cyber crimes as the internet related crimes. According to (Thananchayan, 2017)
the digital violations (cyber-crimes) can't be controlled without a transnational ward and a
solitary state can't battle against a PC wrongdoing or cybercrime
2.2.1 Espionage
Espionage is the Cyberattack of illegal access to the sensitive and confidential data and
information to obtain an advantage over an individual, organization or a country. David
(Weissbrodt, 2013) has explained that while computers increase the efficiency of work, it
also vulnerable to the attacks like espionage.According to Merriam Webster, Espionage is
‘’the practice of spying or use of the spies in order to gain information about the future plans
and actions of another person, company or an state. (Wangen, 2015) has emphasized that
7
the recent rise of the aimed use of malware in the cyber espionage versus the industry
needs a proper revies for the clear understanding of its influence and the process.
2.2.2 Sabotage
Cyber sabotage is another wrinkle that is in the cyberspace. (Coleman, 2008) has explained
sabotage as the willful and malicious acts that causes a disruption of the general processes
and the activities or the destruction or the damage of the equipment or the data and
information.
2.2.3 Cyber terrorism
(James, 2002) has explained cyber terrorism as ‘’the use of computer network tools to shut
down critical national infrastructure or to coerce or intimidate a government or civilian
population’’. It is the mix of cyberspace and terrorism . The cyberspace is used as the
platform of the terrorist functions. This type of terrorist activities results violence against the
public and the property of the state.
2.2.4 Electric power grid
According to (Raja & Sajid, 2015), Electric power grid technology has to be highly
supervised because if an issue arise in transforming the electric grid into smart devices, it
affects the entire work process. The excess power systems prone regularly with new and
developing cybersecurity threats. Cyber threats might generate from direct attack on the
electrical grid or other infrastructure that could affect the grid’s performance or safety.
2.2.5 Economic disruption
An economic cyber disruption is the long term impairment of a critical capability that can lead
to loss of life, health or safety, disrupt local, regional or national economic, basic public and
private infrastructure and services and interfere. Information/security – the protection of
computer systems and the dignity, confidentially and availability of the information contain in
them has long been recognized as a critical issue of national policy.
2.2.6 the other types of cyber-crimes
According to (Sooriyabandara, 2017) , the cyber-crimes against persons are; cyberstalking,
hacking, cracking and deformation. The cyber-crimes against property are; internet time
theft, intellectual property crimes, cyber trespass and internet time theft. Cyber-crimes
against government includes distribution of pirated software and the possession f the
unauthorized information. The cyber-crimes against the society comprises of cyber
trafficking, forgery, online gambling and child pornography.
8
2.3 How cyber-crimes lead to a cyber-warfare
With the increase of cyber-crimes, there are more opportunities to arise a cyber warfare in
near future. (Jayasekara & Rupasinghe, 2015) state that ‘In Sri Lanka, there is a challenge in
preventing cyber-crimes. The growth of network-based crime has raised difficult issue in
respect of appropriate balance between the needs of those investigating and prosecuting
such crime, and the rights of users of such networks. Also, Sri Lankan legal system needs to
be modified.’
Due to the unethical use of computer technology and internet, the cyber-crimes are
expanding to every corner creating a global challenge for everyone in safeguarding the
security of the people.
2.4 Chapter summary
Sri Lanka is currently facing the challenge of eliminating cyber-crimes. Although cyber-
attacks done by creating a fake recognition is high within Sri Lankan context, defamation is
not considered as criminal offence in Sri Lanka. It is a matter of fact to be argued further as it
has recorded as the ultimate issue in many malpractices. There are many there cyber-
attacks that exist within the state and they should be properly analyzed in order to enact
laws to act against them.
9
Chapter Three
3.0 Introduction
This chapter will give a brief introduction about the procedure followed within the study and
how the data collected and analyzed for getting the conclusion.
3.1 Theory of research
Through this research, the usage and the strength of the cyber laws within Sri Lanka to face
a future cyber warfare is theoretically investigated.
3.2 Methodology
The researcher has collected data from the relevant laws and previous studies and has
explained their possibility in preventing a future cyber warfare in Sri Lanka.
3.2.1 Sources of data
Only secondary data have been used for this study. No details have been collected
through primary sources like interviews. Only the secondary data sources like previous
articles, publications, cyber laws in Sri Lanka have been taken into consideration.
3.2.2 Research approach
The research is a qualitative study with subjective explanations and a theoretical basis of
study.
3.3 Reliability of the research
The secondary data, which were the outcomes of earlier investigations, are used for the
study to ensure the reliability. Other than that, the cyber laws existing in Sri Lanka are
investigated to examine the practical usage of them in future cyber warfare.
3.4 validity of the research
This is a purely a new study done by the researcher with the light of existing local and
foreign literature. This contains subjective judgments validated after analyzing the collected
information.
10
3.5 Limitations of the research
3.5.1 Limitation of time
Due to the limited time, a narrow investigation has been done on the existing cyber laws.
This can be further enhance with more studies and deep investigations.
3.5.2 Being fully dependent on secondary data
This study is a purely new work done by the researcher with the light of existing local and
foreign literature. This contains the subjective judgments validated after analyzing the
collected information.
3.6 Areas for further research
This study can be further developed by analyzing both primary and secondary data. Without
limiting to find whether the existing cyber laws are sufficient to prevent a cyber-warfare in
future, the modifications needed within Sri Lankan cyber law system also can be researched
further.
3.7 Chapter summary
Through this chapter, a brief explanation about the type of research, data sources and
collection and the hypothesis that is going to be tested, reliability and validity of the study as
well as the limitations and further investigation areas have been emphasized to give a clear
understanding.
11
Chapter Four
4.2 Analysis of Computer Crimes ACT No. 24 of 2007
The computer crime act has been established to identify the computer crimes and if it
happens, the procedures to be followed including supervision prevention and the penalties for
the action. This is applicable when a law has been breached, a computer or related facilities
has been used with the process, or a loss has been happened to a person or a state. The
penalties include a fine, imprisonment or both of these actions.
According to this law, the following types of cybercrimes are fined in the below-mentioned
ways.
Unauthorized access to data fines not less than 100000 or imprisonment of not less than 5
years. Unauthorized access to commit an offence fines not less than 200000 or
imprisonment of not less than 5 years. Offences against the state and national security
causes for an imprisonment mot less than 5 years. Dealing with unlawfully obtained data
fines 10000-300000 fines with an imprisonment between 6 months to 3 years. In this manner
the actions mentioned to be an infringement of the laws will fine or imprison according to the
situation.
Sri Lanka Computer Emergency Readiness Team (CERT) and the Information and
Communication Technology Agency (ICTA) are great forward leaps that emerged with this
act.
4.1 Analysis of Intellectual Property ACT No.36 of 2003
Intellectual property. act no.36. of 2003 was enacted for the process of registration, control
and administration of the intellectual property and safeguarding their ownership of the
original work. It covers the areas like protection of patent right of the inventors, protection of
the trade names and trademarks, protection of the trade designs and integrated circuits as
well as the copyright ownership.
The industrial designs, trademarks as well as the trade names has been protected by the
intellectual property act and it acts as a safety net for the designers in the ICT industry. The
intellectual property right is vested for a person for a period of ten years.
4.3 Analysis of Cyber Security Bill
The cybersecurity act was enacted with the aim of establishing the cybersecurity within the
cyberspace and to take actions against the people who violate the ethics of computer
networking and handling. According to the cybersecurity act, cybersecurity is a set of
activities intended to make the cyberspace more safe and secure. The. main. objectives. of
this. act are; to ensure the effective and proper implementation of the Sri Lankan National
12
cybersecurity, To eliminate the threats to the cybersecurity in an efficient and effective
manner, to commence the cybersecurity agency of Sri Lanka with the aim of providing a
safer and secured cybersecurity environment to the users as well as to protect the critical
information infrastructure.
4.4 Electronic transactions act 19 of 2006
This is a demonstration to perceive and encourage the development of agreements, the
creation and trade of information messages, electronic reports, electronic records and
different correspondences in electronic structure in Sri Lanka. The principle objective of this
act are to advance residential and global electronic trade by dodging lawful hindrances and
building up legitimate conviction and to persuade the utilization of solid and safe types of
electronic business.
13
Chapter Five
Opinions
In my opinion, the existing cyber law system is not adequate to have control over the cyber-
attacks and to prevent a future cyber-warfare. During past period, the authorities had to
block the Facebook and other social media even to control the people from spread of
rumours. So it is suspicious whether the responsible authorities will be able to manage a
situation like cyber-warfare even when they failed to control the community at a minor issue.
In my point of view, the best experts of the ICT field who are having both theoretical and
practical knowledge should be gathered and a sound set of laws and acts should be
implemented by updating the existing cyber laws and acts.
Suggestions
My suggestions after analyzing this study are
- A separate act should be introduced covering all the types of cyber crimes and
the fines for the illegal actions.
- There. should. be a. legal framework to regulate the CCTV operations too.
- A well developed legal system is needed regarding the software privacy like in
the developed countries like UK and USA.
- The public should be make aware about the cyberspace and the cyber-attacks
especially to the students through the ICT subject.
- The duties of the relevant regulatory authorities should be well supervised.
Chapter Six
Conclusion
Although there are some cyber-laws to control the cyber-warfare, there are some limitations
within the existing framework. The available acts have to be modified further in a way that
suits the current state of the technology. The level of understanding of the public regarding
this matter is also not in a satisfactory level. The practicability of the existing laws,
regulations and acts should be more reliable. Accordingly it can be concluded that the
existing cyber laws are not adequate to prevent a cyber-warfare in future.
14
Chapter Seven
Bibliography
Ariyadasa, A., 2019. Computer Crime Legislation in Sri Lanka: Comparative Analysis.
SSRN.
CERT|CC, S. L., 2017. Sri Lanka CERT. [Online]
Available at: https://www.cert.gov.lk/stats.php
Coleman, K., 2008. DefenseTech. [Online]
Available at: https://www.military.com/defensetech/2008/02/06/cyber-sabotage
Goonathilaka, 2011. Cybercrimes in Sri Lankan perspective, s.l.: s.n.
James, L., 2002. Assessing the Risks of Cyber Terrorism. Cyber War and Other Cyber
Threats.
Jayasekara, D. & Rupasinghe, W., 2015. Cybercrime in Sri Lanka. Journal of US China
Public Administration.
Langner, R., 2011. Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy, 9(3).
Reyns, Bradford; Henson, Billy; Fisher, Bonnie, 2011. Being Pursued Online: Applying
Cyberlifestyle–Routine Activities Theory to Cyberstalking Victimization. Criminal Justice and
Behavior - CRIM JUSTICE BEHAV.
R. L. & S. Q., 2015. Smart Grid Technologies in Power Systems: An Overview. Research
Journal of Applied Sciences, Engineering and Technology.
Sooriyabandara, V., 2017. An analysis of the legitimate coverage to minimize the
cybercrimes in Sri Lanka. Advances in Social Sciences Research Journal.
Thananchayan, V., 2017. Computer crimes and cybercrimes. a critical analysis focusing on
Sri Lanka.
UKEssays, 2018. Computer Crime in Sri Lanka. [Online]
Available at: https://www.ukessays.com/essays/information-technology/computer-crime-sri-
lanka-6692.php
[Accessed 12 January 2020].
Wangen, G., 2015. Te role of malware reported cyber Espionage. A review of the impact and
mechanism information.
15
Weeramantry, 1998. Justice without frontiers: Protecting human rights in the age of
technology. The Hague: Kluwer Law International, Volume Vol. 2.
Weissbrodt, D., 2013. Cyber-conflict. Cyber-crime and cyber-espionage.