Cyber security of national importance | Bangkok Post: tech

Information security experts are urging the government to set up an independent office of national cyber security responsible for national data security issues.

Prinya Hom-anek, ACIS Professional Centre president and founder.

The unrest in Bangkok and several other provinces nationwide last week raised concerns that cyber security has become of paramount importance to the kingdom.

The internet and other methods of digital communication have the potential to be used to conduct cyber warfare. For example, attacks could be launched against critical infrastructure, government and communications systems, but there is not yet any neutral organisation responsible for national security issues, said security expert Prinya Hom-anek, ACIS Professional Centre president and founder.

He told Database that cyber warfare signified how technology can be abused when there are no appropriate regulations or controls. Yet the government has not yet established a national-level cyber security policy in terms of human resources, budget allocation and threat understanding, especially in the matter of Information Operation (IO) and Information Assurance (IA).

"If we'd had an agency to take care of national cyber security, the arson and street riots across Bangkok last week may not have been so harsh," he said, pointing out that cable, satellite and Internet TV (IPTV) had all been used to encourage people to join the protests.

Prinya noted that US president Barack Obama announced cyber security as an item on the national agenda by having executive officers examine the country's readiness to deal effectively deal with any such problems.

President Obama appointed Prof Howard Schmidt to the position of cyber security coordinator. Prof Schmidt oversees the vast task of protecting the nation's computer systems in both the public and private sectors.

Many countries, including Singapore, South Korea, Australia, Malaysia, Japan, Singapore, the US and Hong Kong, already have such agencies. Singapore's National Infocomm Security Committee defines the national cyber security policy and strategy, whereas Singapore Infocomm Technology Security Authority was founded to specifically run the cyber security operation. Meanwhile, CyberSecurity Malaysia is responsible for cyber security expertise under the Ministry of Science and Technology. In Australia, the Cyber Security Policy and Coordination Committee is responsible for the national policy and strategic plan.

According to PTT ICT Solutions chief security officer Chaiyakorn Apiwathanokul, the expert group has suggested the government address cyber security as an item for the national agenda, in order to tackle ever-more sophisticated cyber issues. The group proposed that the Office of National Cyber Security should set up a centre of excellence to advise on policy and strategy matters to improved the level of information security in Thailand and co-ordinate with similar agencies in other countries.

The office should be an independent public organisation that directly reports to the prime minister and which is responsible for information security policy, regulation and promotion. The framework of the office should cover the national cyber security critical infrastructure, which includes the electricity, energy, waterworks, telecommunications, healthcare and financial sectors.

"We suggest that the agency must be totally independent and neutral, not aligned to any ministry, and set the blueprint and best practice model for other agencies," said Prinya, who added that committee members should include the police chief, permanent secretary of defence, director-general of the Department of Special Investigation, director of the National Intelligence Agency, chairman of the Public Sector Development Commission, chairman of the National Telecom Commission, secretary-general of the National IT Committee, and the president of the Thai Information Security Association.

The office budget should be funded by income tax from internet service providers and the capital funds of public telecommunications, according to Article 56 of the Supervising Radio/Television Broadcasting and Telecommunication Business Act, B.E. 2543 (2000).

Relate Search: Prinya Hom-anek, ACIS Professional Centre, Information Operation, Information Assurance