Mr. Lal Dias is a Chartered Information Technology Professional and a Member of the British Computer Society. He was educated in the UK and Australia where he obtained a Computer Science Degree from Manchester University and an MBA from Murdoch University. He has worked for more than 25 years in the Banking Industry.
Mr. Lal Dias has extensive international experience, having worked with the French Bank Societe Generale in Europe, Africa and Asia, prior to returning home to work for Hatton National Bank. He has been instrumental in the setting up of Sri Lanka CERT and presently serves as its Chief Executive Officer.
Mr. Lal Dias has been able to use his vast international exposure to forge relationships with other National CERTs and recognized global bodies in the Cyber Security space in order to position Sri Lanka CERT as a truly professional outfit.
Video in Brief
Mr. Lal Dias is the CEO of the Computer Emergency Readiness Team | Coordination Center (Sri Lanka CERT |CC), a subsidiary of the Information and Communication Technology Agency of Sri Lanka (ICTA).
Mr. Lal Dias was educated at St. Thomas’ College, Mt. Lavinia, and subsequently studied Computer Science at the University of Manchester, UK.
After graduation in 1976, he joined the French Bank, Societe Generale. At Societe Generale he developed a banking application which was rolled out to the bank’s worldwide branches. Mr. Lal Dias returned to Sri Lanka in 1987. Hatton National Bank (HNB) was computerizing their banking applications during this time and they were seeking an IT graduate. Prof. VK Samaranayake was a Consultant to HNB and he requested Mr. Lal Dias to attend an interview, and consequently Mr. Dias joined HNB. A computer department was established at HNB and the small team there developed the banking application, Cobas (Computerized Bank Accounting System) which was rolled out to all the 30 HNB branches. When Mr. Lal Dias left HNB in 1997, the HNB network had grown from 30 to about 85.
Software Exporters’ Association
Mr. Lal Dias’ involvement in the Software Exporters’ Association commenced after he joined Informatics, a well established IT institution, started by Mr. Gamini Wickramasinghe. Mr. Lal Dias was instrumental in setting up a separate entity at Informatics, called Informatics International which intended to enter the software outsourcing business. At this period terrorism was rampant in Sri Lanka and foreign clients were not keen to come to Sri Lanka. Therefore, canvassing was necessary, not only by individual companies, but by everyone concerned. To address this issue, Mr. Dias managed to get together a group comprising both small startups and mature companies and thereby started the Software Exporters’ Association which eventually became the Sri Lanka Association of Software and Service Companies (SLASSCOM).
Computer Emergency Readiness Team | Coordination Center (Sri Lanka CERT |CC):
When Mr. Dias left Informatics, his intention had been to join the family tea business and assist his brother. But at this time the Information Security Working Group of ICTA was in the process of implementing the project on establishing a Computer Emergency Response Team as a national CERT. Prof. VK Samaranayake was Chairman of ICTA at this period, and Mr. Lal Dias was recruited through an interview to head Sri Lanka CERT.
A small capable team was also recruited to Sri Lanka CERT. This team was provided training and has acquired competency and skills in digital forensics, carrying out security assessments and penetration testing etc. Mr. Rohana Palliyaguru, the Manager Operations has been at Sri Lanka CERT since its inception. Mr. Dias recollects that during the first year there were hardly any incidents reported. But the CERT team was involved in implementing the Information Security Policy which ICTA had developed.
A policy decision was made to establish sector based CSIRTs (Computer Security Incident Response Teams) and the first such CSIRT that was set up was for the banking sector. Sri Lanka CERT is in the process of setting up CSIRTs for the sectors telecommunications, defense and education.
Mr. Lal Dias further explains that in cyberspace, cyber security vulnerabilities are global and borderless and therefore it was necessary to establish relationships with international bodies such as FIRST (Forum for Incident Response and Security Teams) which has more than 400 members. Sri Lanka CERT is an active member of FIRST and is also an active member of APCERT (Asia Pacific CERT).
Mr. Lal Dias states that Sri Lanka CERT receives about 30 to 40 phone calls daily, in addition to about 20 to 30 emails which are mostly from young people and also from adults on social media and privacy breaches, Facebook account compromises etc. The best defense for these issues, he says, is the creation of awareness. Sri Lanka CERT is working with the National Child Protection Authority in developing training programs for IT teachers in schools. This program commenced about 5 years ago. Training is carried out regionally and the CERT team regularly travels to different regions. Sri Lanka CERT develops the content for the training materials.
In order to create awareness, Sri Lanka CERT organizes an annual Cyber Security Week, which consists of a hacking challenge targeted to corporates or groups of individuals, a quiz for University students and several workshops. The main event is the National Conference, which in 2015 attracted over 300 participants.
Mr. Lal Dias emphasizes that a dire need for the country at present is a fully fledged security operations center that operates 24/7 and 365 days a year. This would not be for individuals but an early warning system for the Government and the private sector, i.e. for organizations that want their systems monitored 24/7.