By Professor Pawee Jenweeranon, Lecturer in Law at Thammasat University, Thailand
The study “Towards a Resilient Cyberspace in Southeast Asia” proposes a Cyber Resilience Framework to foster a safe, secure, and resilient digital economy in the region. It defines cyber resilience, identifies areas for improvement, and recommends increased investments in people, processes, and technology. The framework can be used as a reference to shape future cyber roadmaps and support long-term strategies. In the context of Thailand, the paper can be leveraged to develop practical policies that promote a secure and resilient digital economy.
Landscape of Cyber Resilience in Thailand
As with other countries in the region, Thailand is not spared from the risks and challenges as posed by cyber threats. According to the Bank of Thailand (BOT), there are vulnerabilities in Thailand’s cyber resilience posture, primarily due to staffing issues. While the banking and finance sector has made significant progress in resiliency, there are sectors such as the healthcare industry that are still in the early stages of developing their defenses. To address gaps, there are initiatives such as the Cyber Resilience Assessment Framework (CRAF) and upskilling programmes that aim to boost Thailand’s capabilities. However, to propel Thailand forward on its journey towards cyber resilience, immediate priorities for action can be considered by key stakeholders in the digital economy.
1. Developing a robust cybersecurity policy and regulatory framework
Developing an efficient and adaptable cybersecurity strategy is of utmost importance for Thailand. The strategy should align with global norms, facilitate the role of IT service providers in combating cyber threats, and create an ecosystem that encourages innovation and the offering of effective cybersecurity solutions to critical infrastructure providers and market participants. This challenge is not unique to Thailand but affects many countries worldwide.
Formulating laws to promote cybersecurity presents a significant challenge. It is crucial to address concerns regarding government access to data and ensuring a strong system of checks and balances to prevent unauthorised and potentially illegal data access. Striking a careful balance is necessary to grant authorities sufficient power for national security and law enforcement objectives while preventing potential abuse.
Hence, a solid foundation for the digital economy lies in a comprehensive regulatory framework. Industries need clear understanding and assurance regarding the government’s implementation of laws and measures. Transparency through the issuance of regulations, rules, or guidelines is essential. Policy maturity takes time, and regular assessments are necessary to ensure their ongoing relevance and effectiveness.
Besides, Thai authorities should consider incorporating globally accepted practices or standards, such as the NIST Cybersecurity Framework (CSF) and TFGI’s resilience Framework, into the development of their own framework. This will enable the creation of a comprehensive public sector resilience framework and assessment tools.
Implementing these frameworks would provide Thai public authorities with a consistent method to assess their cyber resilience measures and identify areas of concern. In addition, it is crucial to align the framework with other cyber-related requirements and standards, including those under the General Data Protection Regulation (GDPR), the Security of Network and Information Systems (NIS) Directive, and other applicable standards, in addition to the NIST Cybersecurity Framework (CSF) and TFGI’s resilience Framework.
While there are existing legal instruments developed over the years reflecting cybersecurity policies (e.g the Electronic Transactions Act, the Personal Data Protection Act, the Cyber Security Act, etc.) and being applied in different sectors, there has been no effort to harmonise these legal instruments as part of promoting Thailand’s overall national cyber security strategy.
To enhance Thailand’s overall national cybersecurity posture, it is imperative to integrate and harmonise the existing legal instruments into a unified framework. Additionally, leveraging globally accepted practices is essential to avoid duplication of efforts, fill gaps in cybersecurity practices, and enhance their cyber resilience capabilities.
2. Strengthening public-private partnerships and fostering domestic and international collaboration.
Thailand must create a receptive market environment for technology providers offering dependable security solutions for both governments and critical infrastructure.
Collaboration is the key to progress. This requires regulations that align with industry business models to strengthen security and resilience. The government needs to establish a cooperative relationship with market participants, seeking their expertise and understanding their capabilities and willingness to contribute. This is crucial as the government implements measures to protect against future cyberattacks, including deploying digital infrastructure, enhancing threat intelligence, and improving endpoint protection.
Additionally, interdepartmental collaboration among government bodies and ministries is essential. Regulations for sectors like banking, finance, transportation, and utilities may vary, while IT and cloud service providers often operate across sectors and jurisdictions. Ensuring compatibility among these regulations is vital to avoid potential conflicts.
Finally, international cooperation among like-minded nations, alliances, and partners is vital. Given that cybersecurity solutions and threats transcend borders, collaboration on an international level is crucial.
3. Promoting digital skills and enhancing cyber literacy.
Thailand’s high demand for skilled professionals in the cybersecurity sector highlights the need to nurture digital expertise and enhance cyber literacy. Bridging the skills gap through well-implemented cybersecurity training programs is essential and offers valuable investment opportunities.
In addition, promoting greater female participation in computer science studies can help expand the workforce. There should also be opportunities for mid-career individuals to transition their careers towards technology, similar to trends observed in the United States.
To achieve these goals, the Thai government should invest in training and development programs to enhance the proficiency of the IT workforce across government agencies and Critical Information Infrastructure (CII). Collaborating with third-party service providers and fostering knowledge sharing among relevant agencies are also critical for digital skills development and improving cyber literacy.
In the realm of cyber security, three critical skills have emerged as paramount. Firstly, proficiency in cloud computing is a must-have, given the increasing reliance on digital storage. The second most critical skill is threat intelligence analysis, which equips professionals to anticipate and counter cyber threats effectively. Lastly, risk assessment is vital in cyber security to understand and mitigate potential vulnerabilities and threats.
4. Providing budgetary allocation to strengthen the nation’s cybersecurity.
The government must allocate funds for various tasks essential to achieving the mentioned objectives. These tasks include but are not limited to expanding the cybersecurity workforce, enhancing data science and intelligence capabilities within the public sector, and establishing a dedicated entity or defense agency to counter cyberattacks. Prioritising investments in cybersecurity measures should be a crucial focus for the Thai government.
To comprehensively address this issue, the Thai government should consider amending its public procurement act to provide authorities with more flexibility in implementing effective development programs. Clear guidelines are also necessary to ensure consistent law enforcement practices and provide reassurance to IT service providers.
In conclusion, Thailand’s cyber resilience journey necessitates a comprehensive approach. This involves developing strong cybersecurity policies and frameworks, fostering collaboration between public and private sectors, focusing on nurturing digital skills and prioritising investments in cyber resilience. By implementing these measures and fostering a cooperative ecosystem, Thailand can work towards a secure digital economy which can help enable a confident digital society.
About the writer
Professor Pawee Jenweeranon is a Lecturer in Law at Thammasat University, Thailand. He is also a Research Affiliate at the Cambridge Centre for Alternative Finance (CCAF) at Judge Business School, University of Cambridge. Previously, he served as a Regulatory Specialist for the Digital Economy at the World Bank Group and as a Project Consultant at the Electronic Transaction Development Agency of Thailand (ETDA) for projects concerning the governance of emerging technologies (Blockchain technology) and digital ID services. Additionally, he was a Committee Member of the Thai Fintech Association.
The views and recommendations expressed in this article are solely of the author/s and do not necessarily reflect the views and position of the Tech for Good Institute.