By: Staff Writer
July 17, Colombo (LNW): In a bid to strengthen its digital defenses and improve cybersecurity readiness, Sri Lanka’s Cabinet of Ministers has approved a second five-year National Cyber Protection Strategy spanning from 2025 to 2029. The strategy is a continuation and upgrade of the country’s first national cybersecurity initiative that concluded in 2023, signaling a renewed focus on safeguarding the nation’s critical digital infrastructure in an era of growing cyber threats.
The new strategy, developed by the Sri Lanka Computer Emergency Readiness Team (CERT), was formulated with technical and policy support from the World Bank. It aims to reinforce the legal and regulatory frameworks while enhancing preparedness and resilience across Sri Lanka’s civilian digital systems. The strategy focuses on six core thematic areas: legal and regulatory reforms, knowledge enhancement, cyber readiness, incident response capabilities, and international and domestic cooperation.
The original 2018-2023 Cyber Protection Strategy, introduced during the previous administration, laid the foundation for a coordinated national approach to cybersecurity. It marked the first formal attempt by the government to address rising cybercrime, data breaches, and digital threats across public and private sectors. That initiative focused on creating awareness, establishing early technical standards, and initiating capacity-building programs, especially for public sector institutions.
Under the former regime, Sri Lanka CERT played a pivotal role in establishing guidelines for cyber hygiene, handling threat reports, and developing national policies aligned with global practices. However, experts noted that while significant groundwork was done, the fast-paced evolution of digital threats necessitated a broader and more adaptive framework.
The newly approved 2025–2029 strategy builds on that foundation, taking into account recent developments in digital finance, cloud technologies, AI, and geopolitical cyber risks. One of the major shifts in the current strategy is the enhanced emphasis on legal modernization, reflecting the urgent need to update outdated laws and introduce new regulations to deal with evolving cybercrime trends, including data theft, ransomware, and digital espionage.
Further, the strategy focuses on improving coordination among state institutions and enhancing public-private partnerships to foster collective resilience. It also stresses on developing a skilled cybersecurity workforce and improving knowledge dissemination through education and awareness campaigns.
Notably, the new plan continues to prioritize the protection of civilian cyberspace, deliberately excluding military or intelligence-focused domains. Officials say this civilian-focused approach will ensure transparency, inclusivity, and wider public trust in cybersecurity initiatives.
As Sri Lanka accelerates its digital transformation, this comprehensive strategy is expected to play a crucial role in protecting national data assets, ensuring secure online services, and promoting digital trust among citizens and global stakeholders.
