Cybersecurity Gets Teeth: New Law, New Authority, LGC 2.5 Incoming for Sri Lanka

COLOMBO (News 1st); Deputy Minister of Digital Economy Eranga Weeraratne declared that no data was compromised during the unexpected collapse of the Lanka Government Cloud (LGC) on October 14, 2025.

“All sensitive citizen and government data remains fully intact and uncompromised,” the Minister stated. “The National Cyber Security Operations Centre (NCSOC) monitored the incident in real-time, and no unauthorized access or breach attempts were detected.”

The statement came in response to a series of probing questions from MP Ravi Karunanayake of the New Democratic Front, who demanded clarity on the cause of the failure, accountability, and the government’s preparedness to prevent future disruptions.

Weeraratne explained that the incident was triggered by a technical fault—a disk reaching 100% utilisation, which activated an automatic shutdown protocol designed to protect system integrity and prevent data corruption.

“This was not a system-wide failure, nor was it a cyberattack. It was a protective mechanism. Services were restored by Saturday night, and the delay was to ensure complete data protection,” he said.

Karunanayake pressed further, asking whether the government would table a cybersecurity audit report and what steps were being taken to restore public and international confidence in Sri Lanka’s digital infrastructure.

Weeraratne outlined a comprehensive national strategy:

Cybersecurity policy implementation and penetration testing across institutions.
Identification of Critical Information Infrastructure (CII) in key sectors like finance, health, and energy.
Drafting of a Cybersecurity Regulatory Authority (CSRA) with enforcement powers.
Signing of the UN Cybercrime Convention to enhance international cooperation.
Collaboration with Sri Lanka CERT, TRCSL, CBSL, and licensed banks to counter phishing and digital fraud.

Karunanayake then proposed the establishment of a National Cybersecurity Command Authority. The Minister confirmed that cabinet-level processes are underway to create such a body under new legislation.

“The National Cyber Security Operations Centre currently monitors 37 key institutions. Four are already integrated, with six more in progress,” Weeraratne added.

To prevent future incidents, the government is migrating to LGC 2.5, a more resilient cloud platform with geographic redundancy, centralized backups, and 24/7 monitoring by both NCSOC and SLT’s Network Operations Centre.

“We are also preparing to launch a second cloud platform under a multi-cloud strategy, ensuring data replication, availability, and security at the highest standards,” the Minister concluded.