Thailand cybersecurity state in 'crisis'

Thailand is ramping up efforts to improve its cybersecurity, as risk of the public sector being attacked is growing due to the wide use of social media and inadequate security systems.

The increasing number of social media users was a concern among cybersecurity experts, noted Bunjerd Tientongdee, deputy director at the Ministry of Defence's (MoD) department of Defence Information and Space Technology, in a Bangkok Post report. He was speaking at a cybersecurity conference on Thursday.

Bunjerd referred to the role of social media in the Arab Springs uprising last year, noting such a scenario would also be possible in Thailand if social media was used for political purposes.

There are already several cases of government servers being threatened, Bunjerd noted but declined to publicly disclose any names.
Low level of security certifications and recognition in country
Furthermore, only 59 public, state and private enterprises in Thailand have been granted ISO/IEC 27001--an international information security management system certification, Anudith Nakornthap, Thailand's information, communication and technology (ICT) minister, noted.

This number pales in comparison to Japan and the U.K., where 4,152 and 573 similar businesses have received the certification respectively, he pointed out.

Anudith added only about 150 Thais have been certified as information systems security professionals (CISSP), a global recognition which confirms the individual's knowledge in the field of information security. About 90,000 people worldwide are CISSP certified, with Singapore housing 1,110 of South-East Asia's 1,608 certificate holders.

WIth such a small number of certificate holders in Thailand, the cybersecurity situation the country has reached "crisis point", Prinya Hom-anek, president of cybersecurity firm Acis Professional Center, said.

"The cybersecurity systems in most state agencies are completely inadequate, mainly because of a lack of funds and awareness," he added.

Steps taken to mitigate cybersecurity issues
Bunjerd acknowledged Thailand's legal framework had not evolved to cover the online world, and was working with ICT vendors and related authorities to design laws and regulations to improve cybersecurity management.

Anudith added his ministry was working with other countries in the Association of South-East Asian Nations (ASEAN) to develop integrated legislation to suppress transnational cybercrime and improve cybersecurity systems.

The online world has no boundaries and cooperation is necessary between countries to develop effective cyberprotection policies, Anudith said.