By: Staff Writer
May 25, Colombo (LNW): As Sri Lanka pushes forward with its ambitious digital economy agenda, the National People’s Power (NPP) Government has unveiled plans for a sweeping AI-powered national cybersecurity system aimed at tackling the country’s rapidly expanding cybercrime threat. Yet despite the bold rhetoric, questions remain over whether the administration can effectively implement such a large-scale initiative amid persistent institutional lethargy and fragmented policymaking.
Speaking at the “SL Scam Shield” Executive Breakfast Forum in Colombo, Deputy Minister of Digital Economy Eranga Weeraratne declared that cybersecurity should now be treated as a matter of national security rather than a routine technical responsibility. His comments come at a time when Sri Lanka is witnessing an alarming rise in online financial scams, identity theft, phishing attacks, and AI-driven cyber fraud targeting both citizens and businesses.
The Government’s proposed solution is the creation of a “Unified National Shield” — a centralised cybersecurity architecture capable of integrating banks, telecommunications providers, government institutions, and digital service platforms into a single coordinated defense network. Officials claim the system would use artificial intelligence to identify suspicious activity in real time and respond to threats before damage occurs.
Weeraratne warned that conventional security systems are no longer sufficient against modern cyber threats. The increasing use of AI-generated voice cloning, fake digital identities, and sophisticated scam networks has exposed major vulnerabilities in Sri Lanka’s digital infrastructure. According to the Deputy Minister, only an AI-powered “Autonomic Security” framework can effectively counter the scale and speed of emerging cybercrime operations.
However, cybersecurity experts remain cautious about the Government’s ability to convert vision into reality. Sri Lanka’s public sector has historically struggled with delays in digital reforms, weak inter-agency coordination, and inconsistent execution of technology policies. Critics argue that despite repeated promises of modernization, many state institutions still rely on outdated systems with limited cybersecurity preparedness.
A major concern is the fragmented nature of the country’s current cybersecurity environment. Financial institutions, telecom operators, and government agencies largely operate in isolation, often without proper information sharing or coordinated incident response mechanisms. The absence of a unified regulatory structure has created loopholes that cybercriminals increasingly exploit.
The Government has also heavily promoted public-private partnerships to accelerate implementation. Technology firm Google Cloud and Sri Lankan tech company NCINGA are collaborating on the “Scam Shield” initiative, which aims to engineer local AI-driven cybersecurity capabilities tailored to Sri Lanka’s needs. While officials describe the partnership as a milestone in technological cooperation, critics warn that announcements alone will not strengthen cyber resilience without clear timelines, legislation, and operational accountability.
The urgency of the issue continues to intensify as Sri Lanka expands digital banking, e-governance services, and online commerce. Without swift and coordinated action, analysts warn that cybercrime could undermine public trust in the country’s digital transformation drive. For now, the NPP Government’s cybersecurity ambitions remain significant on paper — but whether they evolve into an effective national defense system will depend entirely on execution rather than promises.