Thailand’s Cyber Resilience Journey: Understanding Obstacles and Uncovering Remedies

Professor Pawee Jenweeranon, Lecturer in Law at Thammasat University, shares his insights and reflections on how Thailand can adapt to the rapidly evolving threat landscape. This article builds on Tech For Good Institute’s (TFGI) latest research on cyber resilience.

This copy is also available in Thai, click here to read

By Professor Pawee Jenweeranon, Lecturer in Law at Thammasat University, Thailand 

The study “Towards a Resilient Cyberspace in Southeast Asia” proposes a Cyber Resilience Framework to foster a safe, secure, and resilient digital economy in the region. It defines cyber resilience, identifies areas for improvement, and recommends increased investments in people, processes, and technology. The framework can be used as a reference to shape future cyber roadmaps and support long-term strategies. In the context of Thailand, the paper can be leveraged to develop practical policies that promote a secure and resilient digital economy.

Landscape of Cyber Resilience in Thailand 

As with other countries in the region, Thailand is not spared from the risks and challenges as posed by cyber threats. According to the Bank of Thailand (BOT), there are vulnerabilities in Thailand’s cyber resilience posture, primarily due to staffing issues. While the banking and finance sector has made significant progress in resiliency, there are sectors such as the healthcare industry that are still in the early stages of developing their defenses. To address gaps, there are initiatives such as the Cyber Resilience Assessment Framework (CRAF) and upskilling programmes that aim to boost Thailand’s capabilities. However, to propel Thailand forward on its journey towards cyber resilience, immediate priorities for action can be considered by key stakeholders in the digital economy. 

1. Developing a robust cybersecurity policy and regulatory framework

Developing an efficient and adaptable cybersecurity strategy is of utmost importance for Thailand. The strategy should align with global norms, facilitate the role of IT service providers in combating cyber threats, and create an ecosystem that encourages innovation and the offering of effective cybersecurity solutions to critical infrastructure providers and market participants. This challenge is not unique to Thailand but affects many countries worldwide. 

Formulating laws to promote cybersecurity presents a significant challenge. It is crucial to address concerns regarding government access to data and ensuring a strong system of checks and balances to prevent unauthorised and potentially illegal data access. Striking a careful balance is necessary to grant authorities sufficient power for national security and law enforcement objectives while preventing potential abuse.

Hence, a solid foundation for the digital economy lies in a comprehensive regulatory framework. Industries need clear understanding and assurance regarding the government’s implementation of laws and measures. Transparency through the issuance of regulations, rules, or guidelines is essential. Policy maturity takes time, and regular assessments are necessary to ensure their ongoing relevance and effectiveness.

Besides, Thai authorities should consider incorporating globally accepted practices or standards, such as the NIST Cybersecurity Framework (CSF) and TFGI’s resilience Framework, into the development of their own framework. This will enable the creation of a comprehensive public sector resilience framework and assessment tools.

Implementing these frameworks would provide Thai public authorities with a consistent method to assess their cyber resilience measures and identify areas of concern. In addition, it is crucial to align the framework with other cyber-related requirements and standards, including those under the General Data Protection Regulation (GDPR), the Security of Network and Information Systems (NIS) Directive, and other applicable standards, in addition to the NIST Cybersecurity Framework (CSF) and TFGI’s resilience Framework.

While there are existing legal instruments developed over the years reflecting cybersecurity policies (e.g the Electronic Transactions Act, the Personal Data Protection Act, the Cyber Security Act, etc.) and being applied in different sectors, there has been no effort to harmonise these legal instruments as part of promoting Thailand’s overall national cyber security strategy.

To enhance Thailand’s overall national cybersecurity posture, it is imperative to integrate and harmonise the existing legal instruments into a unified framework. Additionally, leveraging globally accepted practices is essential to avoid duplication of efforts, fill gaps in cybersecurity practices, and enhance their cyber resilience capabilities.

2. Strengthening public-private partnerships and fostering domestic and international collaboration.

Thailand must create a receptive market environment for technology providers offering dependable security solutions for both governments and critical infrastructure.

Collaboration is the key to progress. This requires regulations that align with industry business models to strengthen security and resilience. The government needs to establish a cooperative relationship with market participants, seeking their expertise and understanding their capabilities and willingness to contribute. This is crucial as the government implements measures to protect against future cyberattacks, including deploying digital infrastructure, enhancing threat intelligence, and improving endpoint protection.

Additionally, interdepartmental collaboration among government bodies and ministries is essential. Regulations for sectors like banking, finance, transportation, and utilities may vary, while IT and cloud service providers often operate across sectors and jurisdictions. Ensuring compatibility among these regulations is vital to avoid potential conflicts.

Finally, international cooperation among like-minded nations, alliances, and partners is vital. Given that cybersecurity solutions and threats transcend borders, collaboration on an international level is crucial.

3. Promoting digital skills and enhancing cyber literacy.

Thailand’s high demand for skilled professionals in the cybersecurity sector highlights the need to nurture digital expertise and enhance cyber literacy. Bridging the skills gap through well-implemented cybersecurity training programs is essential and offers valuable investment opportunities.

In addition, promoting greater female participation in computer science studies can help expand the workforce. There should also be opportunities for mid-career individuals to transition their careers towards technology, similar to trends observed in the United States.

To achieve these goals, the Thai government should invest in training and development programs to enhance the proficiency of the IT workforce across government agencies and Critical Information Infrastructure (CII). Collaborating with third-party service providers and fostering knowledge sharing among relevant agencies are also critical for digital skills development and improving cyber literacy. 

In the realm of cyber security, three critical skills have emerged as paramount. Firstly, proficiency in cloud computing is a must-have, given the increasing reliance on digital storage. The second most critical skill is threat intelligence analysis, which equips professionals to anticipate and counter cyber threats effectively. Lastly, risk assessment is vital in cyber security to understand and mitigate potential vulnerabilities and threats.

4. Providing budgetary allocation to strengthen the nation’s cybersecurity.

The government must allocate funds for various tasks essential to achieving the mentioned objectives. These tasks include but are not limited to expanding the cybersecurity workforce, enhancing data science and intelligence capabilities within the public sector, and establishing a dedicated entity or defense agency to counter cyberattacks. Prioritising investments in cybersecurity measures should be a crucial focus for the Thai government.

To comprehensively address this issue, the Thai government should consider amending its public procurement act to provide authorities with more flexibility in implementing effective development programs. Clear guidelines are also necessary to ensure consistent law enforcement practices and provide reassurance to IT service providers.

In conclusion, Thailand’s cyber resilience journey necessitates a comprehensive approach. This involves developing strong cybersecurity policies and frameworks, fostering collaboration between public and private sectors, focusing on nurturing digital skills and prioritising investments in cyber resilience. By implementing these measures and fostering a cooperative ecosystem, Thailand can work towards a secure digital economy which can help enable a confident digital society. 

About the writer

Professor Pawee Jenweeranon is a Lecturer in Law at Thammasat University, Thailand. He is also a Research Affiliate at the Cambridge Centre for Alternative Finance (CCAF) at Judge Business School, University of Cambridge. Previously, he served as a Regulatory Specialist for the Digital Economy at the World Bank Group and as a Project Consultant at the Electronic Transaction Development Agency of Thailand (ETDA) for projects concerning the governance of emerging technologies (Blockchain technology) and digital ID services. Additionally, he was a Committee Member of the Thai Fintech Association.

The views and recommendations expressed in this article are solely of the author/s and do not necessarily reflect the views and position of the Tech for Good Institute.

Download Report

Download Report

Latest Updates

Latest Updates​

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.