The Hon. Ravi Karunanayake

¶ 01 Hon. Speaker, I seek permission to ask this Question of urgent national importance from the Minister of Technology under Standing Order 27(2).

¶ 02 In recent months, Sri Lanka’s digital backbone—the infrastructure sustaining governance, commerce and citizen services—has come under severe strain. The sudden collapse of the Lanka Government Cloud (LGC) on 14 October 2025, crippling eight major State institutions including the Registrar of Companies, the Department of Commerce and the Police Clearance System, has exposed alarming fragility. SLCERT termed it an “internal technical issue”, but lack of transparency has deepened public anxiety.

¶ 03 Over the last six to ten months, we faced unprecedented cyber intrusions targeting banks, State agencies and financial intermediaries. Even the Chairman of BOI, Mr. Arjuna Herath, was intercepted. These attacks shake confidence in protecting sensitive data. Yet there has been no comprehensive cyber audit, national digital risk assessment, or unified crisis command. This is not merely a tech failure but one of governance and foresight.

¶ 04 ICTA and SLCERT, entrusted to safeguard the digital ecosystem, appear unsynchronized. Citizens deprived of essential digital services—birth, marriage, death certificates, e-revenue licences—had to revert to manual processes, a regression for a nation aspiring to be a South Asian digital hub. Conflicting signals further erode trust.

¶ 05 What is at stake is data sovereignty. A breach at this scale would devastate national security, financial integrity and international confidence. In an era of cyber warfare, this must be a wake-up call. Digital government infrastructure is a strategic national asset requiring vigilance and oversight equivalent to physical borders.

¶ 06 Accordingly, I ask:

¶ 07 1. What specific technical or administrative failure led to the LGC collapse on 14 Oct 2025, and have preliminary investigations or a forensic audit identified accountability within ICTA or service providers? 2. Was it purely an internal failure as SLCERT stated, or is there evidence of external intrusion or data compromise? 3. How many similar breakdowns or cyber incidents occurred on key government digital platforms over the past 12 months, and what corrective actions followed? 4. What was the total financial and economic loss to the nation, including disruptions to e-Revenue Licences, police clearance, and other revenue streams? 5. What is the Government’s fallback or disaster-recovery mechanism for such failures? Is there a secure, real-time onshore/offshore backup for citizen and institutional data? 6. Can the Government assure that all sensitive data on LGC remain intact and uncompromised, and will a cyber security audit report be tabled? 7. What steps are taken to restore public and international confidence in e-Government systems given increased cyber attacks in the last six to ten months? 8. Will the Government establish a legally-empowered National Cyber Security Command Authority to coordinate and defend all national digital assets? 9. As we accelerate digital governance, what legislative, policy and institutional safeguards are being introduced to prevent such cyberattacks or collapses? When will a comprehensive Digital Transformation Act and Cyber Security Protection Law be presented? 10. Finally, what assurance can be given that such a collapse will not recur and that the Government has the readiness, expertise and resilience to withstand threats of this magnitude?