• SLCERT and ICTA passing the buck over investigation
• Reports of SLCERT seeking ‘global anti-virus software leader’ support

The vulnerability of the Sri Lankan State’s critical digital infrastructure, which was laid bare following the recent events where the ‘gov.lk’ domain (State email domain) was subjected to a ransomware incident, continues to worsen, with two key State institutions, SLCERT and ICTA, saying that the ongoing investigation into the serious breach is being handled by the other.

When contacted about the investigation into the massive ransomware attack, Sri Lanka Computer Emergency Readiness Team (SLCERT) Chairman Rohan Muttiah told The Sunday Morning that the incident was being managed by the Information and Communication Technology Agency (ICTA) and that only it could comment on the matter.

However, when The Sunday Morning contacted ICTA CEO and Director General Mahesh Perera, he said the investigation had been handed over to SLCERT and that ICTA did not have an update on it.

The disconnect between two key agencies, which Sri Lanka’s national digital infrastructure and State communication is reliant on, over this national cyber security incident, paints a poor picture of the state of affairs and casts a shadow on Sri Lanka’s proposed digitalisation drive.

This, amidst reports that the Government has sought assistance from an international antivirus development company for the ongoing investigation.

Meanwhile, according to the Police, the Computer Crimes Division (CCD) of the Police has launched a criminal inquiry into the ransomware attack, following a complaint by a State agency. 

According to Police Spokesperson SSP Nihal Thalduwa, the technical aspect of the investigation is being handled by SLCERT. This raises questions about who is really in charge and accountable for the national cyber security mechanism.

With President Ranil Wickremesinghe, who is the Minister of Digital Infrastructure and Information Technology, overseas on an official visit, The Sunday Morning tried to contact Acting Minister Kanaka Herath on the matter, but failed to reach him.

Following the acknowledgment of the ransomware incident which may have even affected email communication of the Cabinet office, there was an admission by officials that industry standard backup methodologies were not used due to administrative “errors”. 

As such, the current disconnect regarding the investigation only raises questions on the integrity of the Government’s digital infrastructure, ultimately eroding public trust in eGovernment systems and initiatives.