New committee plans broad strokes

New committee plans broad strokes

The newly appointed National Cybersecurity Committee (NCSC) is expected to hold its first meeting this month to map out guidelines for the protection of the Critical Information Infrastructure (CII) in response to the Cybersecurity Act.

The act was published in the Royal Gazette in May last year. It will be fully enforced starting in May following a one-year grace period, Paiboon Amonpinyokeat, an NCSC member, told the Bangkok Post.

Mr Paiboon is among seven members appointed to the NCSC on Jan 3.

The other six are Col Mano Nuchkasem for ICT; Prinya Hom-anek for cybersecurity; Pol Col Yanapol Yungyuen for engineering; Bordin Sapsomboon for healthcare; Panitan Wattanayagorn for international relations; and Vichet Tantivanij for finance.

The NCSC is chaired by the prime minister. Its members also comprise the defence minister, digital economy and society minister, police chief, secretary-general of the National Security Council as well as permanent secretaries for justice and finance.

The legislation enables the prime minister to oversee and respond to cyber-attacks on critical infrastructure in the public and private sectors such as utilities and hospitals.

"I expect the first NCSC meeting will be held this month, chaired by the prime minister or his representative," said Mr Paiboon.

Three levels of cybersecurity threats are laid out under the act: non-severe, severe and critical. Only critical levels allow seizure of the computer system or assets without a court order.

The act also ushers in two sub- committees.

The first will be responsible for overseeing the national cybersecurity agency (CSA) and promoting national information technology, including proposing tax incentives for organisations to improve cybersecurity measures. Another panel will pivot towards actions to guard against cyberthreats.

"The NCSC will appoint members of these two subcommittees and expedite the roll-out of regulations required under the act," he said.

The CSA, which must be established under the act, will have employees transferred from the Thailand Computer Emergency Response Team.

Under the law, the NCSC needs to define the characteristics of organisations whose operations could be termed as CII.

They need to be associated with one of these segments: national security, banking and finance, public service, information technology and telecommunication, transport and logistics, energy and utilities, public health, or other segments defined by the NCSC.

These organisations have various obligations under the act.

Mr Paiboon said he was most concerned about the public health sector, particularly small and medium-sized health service units in provinces that may need assistance to comply with the law.

"The unprepared groups, especially small financial and public health service providers, may need a grace period of 1-2 years," he said.


Do you like the content of this article?
COMMENT

BoI steps up efforts to woo Tesla

The Board of Investment (BoI) is stepping up efforts to encourage newly established Tesla Thailand to invest in the electric vehicle (EV) business, part of efforts to grow the local EV industry.

10:01

Thai Union to go ahead with B6bn investment

Thai Union Group Plc, a global leading seafood company, has repledged its intention to invest 6 billion baht to expand its business over the coming year, despite the ongoing global economic challenges, including runaway inflation and rising interest rates.

09:39

Analysts see Fed rate hike of 0.5%

Analysts expect the Federal Reserve to raise interest rates by 0.5% in the middle of this month, putting pressure on stocks, gold and oil to continue their freefall.

09:09