The establishment of the programs under the eSri Lanka Development Project necessitated the implementation of a security program to ensure the confidentiality availability and integrity of information and the integrity of transactions. The Information Security Working Group was established in January 2004.
The Working Group also agreed on the necessity for the following: the Creation, maintenance and dissemination of our ICT security body of knowledge (best practices, standards, procedures and threats) for Sri Lanka, including the setting up of a CERT center; Public Key infrastructure; Development of ICT security professionals in Sri Lanka; Awareness and training; Privacy issues.
A comprehensive training program for Government Officers on the standard ISO/IEC 17799 was implemented. Under this area the information Security Policy for the Government and for industry in compliance with ISO/IEC 17799 was developed. Information Security Guidelines for end-users was also drafted.
Consequently ICTA set up the Sri Lanka Computer Emergency Readiness Team (Sri Lanka Computer Emergency Readiness Team | Coordination Center (SLCERT|CC)) in 2006 to proactively protect the information infrastructure of Sri Lanka.
Sri Lanka CERT is now a member of FIRST (Forum of Incident Response Security Teams) and APCERT (Asia Pacific CERT). Sri Lanka CERT collaborates internationally, and receives regular threat information feeds from Shadowserver USA, collaborates with Facebook, Google and US-CERT to remove fake accounts and disable phishing sites. Amongst the key national level initiatives undertaken by Sri Lanka CERT were the setting up of the National Certification Authority and the setting up of sector based Computer Security Incident Response Teams (CSIRTs) to further improve the incident response capabilities and to strengthen the information security stance of Sri Lanka. The first of the sector based CSIRTs was launched on 1st July 2014 for the banking sector.