The establishment of the programs under the eSri Lanka Development Project necessitated the implementation of a security program to ensure the confidentiality availability and integrity of information and the integrity of transactions. The Information Security Working Group was established in January 2004.

The Working Group also agreed on the necessity for the following: the Creation, maintenance and dissemination of our ICT security body of knowledge (best practices, standards, procedures and threats) for Sri Lanka, including the setting up of a CERT center; Public Key infrastructure; Development of ICT security professionals in Sri Lanka; Awareness and training; Privacy issues.

A comprehensive training program for Government Officers on the standard ISO/IEC 17799 was implemented. Under this area the information Security Policy for the Government and for industry in compliance with ISO/IEC 17799 was developed. Information Security Guidelines for end-users was also drafted.

Consequently ICTA set up the Sri Lanka Computer Emergency Readiness Team (Sri Lanka Computer Emergency Readiness Team | Coordination Center (SLCERT|CC)) in 2006 to proactively protect the information infrastructure of Sri Lanka.

Sri Lanka CERT is now a member of FIRST (Forum of Incident Response Security Teams) and APCERT (Asia Pacific CERT). Sri Lanka CERT collaborates internationally, and receives regular threat information feeds from Shadowserver USA, collaborates with Facebook, Google and US-CERT to remove fake accounts and disable phishing sites. Amongst the key national level initiatives undertaken by Sri Lanka CERT were the setting up of the National Certification Authority and the setting up of sector based Computer Security Incident Response Teams (CSIRTs) to further improve the incident response capabilities and to strengthen the information security stance of Sri Lanka. The first of the sector based CSIRTs was launched on 1st July 2014 for the banking sector.


ICTA has helped draft major ICT laws and key policy reforms have been undertaken for facilitating e-transformation and ICT Development Institutional arrangements, such as Sri Lanka CERT, were also put in place. Further, strategic linkages and partnerships helped position Sri Lanka’s ICT development at an international level.

  • The Computer Crimes Act no. 24 of 2007 provides for the identification of computer crimes and provides the procedure for investigation and enforcement of such crimes.
  • The Electronic Transactions Act no. 19 of 2006 is based on the standards established by United Nations Commission on International Trade Law (UNCITRAL) Model Law on e-commerce (1996) and Model Law on e-Signature (2001).