Government staff is getting cybersecurity training

The Sri Lankan government will be conducting cyber security training for its workforce as part of its Digital Economy 2030 plans, as per a recent Memorandum of Understanding signing. The MoU with the Sri Lanka Computer Emergency Readiness Team Ministry of Technology (SLCERT), Federation of Information Technology Industry Sri Lanka (FITIS), and ISC2 Colombo Chapter will see 1,000 government officers undergo training over a two-year period.

The agreement states that the program will build awareness on a range of cybersecurity topics including basic security principles, access control concepts, security operations, network security, Business Continuity, Disaster Recovery, and Incident Response concepts. Here, the ISC2 Colombo Chapter is charged with providing the training curriculum as per SLCERT’s requirements and a virtual learning platform with course material. ISC2 will also help evaluate each participant through a final exam.

The training program is set to be conducted in 50-100 batches where SLCERT will select participants from different government institutions. The organization will also conduct physical/virtual workshops to aid the trainees with the content of the course. Additionally, the MoU stipulates that FITIS will liaise with SLCERT and ISC2 Colombo Chapter on keeping track of the participants’ progress along with administrative and resource requirements.

The announcement comes at a time when the Sri Lankan government sets its ambitions for its National Digital Economy Strategy 2030. Under its “Cybersecurity, Safety, and Privacy” section, the government lists improving the Global Cybersecurity Index (ITU) ranking from 83rd to 60th as one of the government’s targets for 2025. Other targets for the same time frames include a fully staffed and operational Data Protection Authority and the “implementation of 30 community-focused cyber security awareness raising programs available in all three languages, with at least 30% female participation.”

Cybersecurity has often taken the backseat at the state level, particularly when it comes to the government’s digital infrastructure. It’s not uncommon to see government websites get compromised regularly. Some of these websites even operate without an SSL certificate. It also doesn’t help that the state’s incident responses often lack meaningful preventive measures pertaining to the sector.

In any case, the launch of the training program for 1,000 government officers is an encouraging sign for national cybersecurity. It’s a step in the right direction, though it will be interesting to see how far the government’s efforts will carry.

The full summary of the triparty MoU

Objectives of the tripartite collaboration

• To train one thousand (1,000) Government Officers in the field of cybersecurity.
• To provide an awareness of the following topics in cybersecurity through virtual & in-person training, study groups, and mentoring sessions:
  • Security Principles
  • Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
  • Access Controls Concepts
  • Network Security
  • Security Operations
• To evaluate the knowledge level of the participants through a standard evaluation process.

Responsibilities of SLCERT

• Select the participants from the Government Institutions for this training
• Ensure that the participants are suitable for the training
• To provide participants in batches of 50 – 100
• Encourage participants to complete the training course
• Monitor the progress of the participants based on the progress information provided by FITIS and ISC2 Colombo Chapter
• To arrange physical or virtual seminars/workshops to assist the participants in understanding the contents of the training course
• Coordinate with the relevant government agency of the participant to ensure that the participant takes up the final examination of the training course
• Issue a certificate of completion with the logos and organizational details of the three parties

Responsibilities of FITIS

• Coordinate the conduct of the training course by collaborating with Sri Lanka CERT and ISC2 Colombo Chapter
• To ensure that each participant is provided with the correct credentials to access the training platform
• Coordinate with ISC2 Colombo Chapter in case of any technical issues faced by the participants
• Keep track of details of the number of participants in each batch of training
• Liaise with ISC2 Colombo Chapter to monitor the progress of the participants
• Provide information related to the progress of the participants to Sri Lanka CERT periodically
• Assist Sri Lanka CERT in the form of resource personnel from FITIS and ISC2 Colombo Chapter Members for seminars/workshops if required

Responsibilities of ISC2 Colombo Chapter, Sri Lanka

• Provide a training curriculum meeting the requirements of Sri Lanka CERT
• To provide a virtual learning platform with course material (text-based, audio, and video) to enable the participants to carry out self-paced learning
• Coordinate with FITIS to provide credentials for the participants
• Provide a mechanism to both FITIS and Sri Lanka CERT to monitor the progress of each participant
• To evaluate the knowledge gained by the participants through assessments
• To arrange a final assessment through a standard evaluation mechanism to grade the participants
• To issue a certificate of completion for participants who successfully complete the course requirements
• To offer training for each participant free of cost for the duration of the MoU or renewed at the expiry for a mutually agreed time period

Duration

This MoU shall be deemed to have commenced on the date of signing and shall continue to be binding and in full force and effect for a period of two (2) years or the completion of training of one thousand (1000) participants whichever comes first.