Hon. Ravi Karunanayake

¶ 01 Hon. Speaker, I raise the following under Standing Order 27(2) to the Minister of Finance, Planning and Economic Development or the Ministry of Digital Economy.

¶ 02 Given recent incidents and attempted intrusions involving the Ministry of Finance, banking sector, Registrar of Persons, Registrar of Companies, CBSL, RDA and the General Post Office, and public concerns regarding institutions like Inland Revenue, Customs, Excise, Immigration and Emigration, CEB, CPC, Bank of Ceylon, People’s Bank, NSB and SriLankan Airlines, please state:

¶ 03 1. The total number of cyberattacks, attempted breaches, ransomware incidents, phishing, hacking attempts and digital fraud complaints from 2023 to date, for: (a) government institutions; (b) state and private banks; and (c) critical public infrastructure. 2. Whether these institutions faced intrusions or unauthorized access in the past three years, year by year. 3. What cybersecurity systems, monitoring, encryption, backups and defence protocols are operational, and whether they meet international standards. 4. Whether many institutions still operate outdated legacy systems, exposing the country to financial fraud, identity theft, service disruption and cyber-espionage. The current impact is Rs. 64 billion. 5. Whether annual cybersecurity audits, penetration testing and independent risk evaluations are mandatory for government institutions; and who has not complied. 6. Who is directly accountable for cyber breaches, data theft or cyber fraud within government institutions. 7. Financial losses and operational disruptions from 1 January 2025 to date. 8. Urgent measures to protect Sri Lanka from future cyber warfare and organized cybercrime.

¶ 04 I note today’s Daily News says the CBSL and the Ministry of Finance, Planning and Economic Development will be held responsible. If the Central Bank is independent, why are they not doing their job?