New committee plans broad strokes

New committee plans broad strokes

The newly appointed National Cybersecurity Committee (NCSC) is expected to hold its first meeting this month to map out guidelines for the protection of the Critical Information Infrastructure (CII) in response to the Cybersecurity Act.

The act was published in the Royal Gazette in May last year. It will be fully enforced starting in May following a one-year grace period, Paiboon Amonpinyokeat, an NCSC member, told the Bangkok Post.

Mr Paiboon is among seven members appointed to the NCSC on Jan 3.

The other six are Col Mano Nuchkasem for ICT; Prinya Hom-anek for cybersecurity; Pol Col Yanapol Yungyuen for engineering; Bordin Sapsomboon for healthcare; Panitan Wattanayagorn for international relations; and Vichet Tantivanij for finance.

The NCSC is chaired by the prime minister. Its members also comprise the defence minister, digital economy and society minister, police chief, secretary-general of the National Security Council as well as permanent secretaries for justice and finance.

The legislation enables the prime minister to oversee and respond to cyber-attacks on critical infrastructure in the public and private sectors such as utilities and hospitals.

"I expect the first NCSC meeting will be held this month, chaired by the prime minister or his representative," said Mr Paiboon.

Three levels of cybersecurity threats are laid out under the act: non-severe, severe and critical. Only critical levels allow seizure of the computer system or assets without a court order.

The act also ushers in two sub- committees.

The first will be responsible for overseeing the national cybersecurity agency (CSA) and promoting national information technology, including proposing tax incentives for organisations to improve cybersecurity measures. Another panel will pivot towards actions to guard against cyberthreats.

"The NCSC will appoint members of these two subcommittees and expedite the roll-out of regulations required under the act," he said.

The CSA, which must be established under the act, will have employees transferred from the Thailand Computer Emergency Response Team.

Under the law, the NCSC needs to define the characteristics of organisations whose operations could be termed as CII.

They need to be associated with one of these segments: national security, banking and finance, public service, information technology and telecommunication, transport and logistics, energy and utilities, public health, or other segments defined by the NCSC.

These organisations have various obligations under the act.

Mr Paiboon said he was most concerned about the public health sector, particularly small and medium-sized health service units in provinces that may need assistance to comply with the law.

"The unprepared groups, especially small financial and public health service providers, may need a grace period of 1-2 years," he said.

Do you like the content of this article?

Philippines protests China’s ‘provocative acts’ in disputed sea

The Philippines has protested “provocative” actions by Chinese government vessels in the South China Sea, in yet another sign of continuing tensions between the two nations in the disputed waters.

20 Oct 2021

Thailand Post tests parcel delivery by drone

Thailand Post tested drone delivery for the first time on Wednesday with a plan to start delivering medicines to patients difficult to reach by regular mail carriers.

20 Oct 2021

Myanmar's economic woes due to gross mismanagement since coup - US official

SINGAPORE: Myanmar's economic turmoil is due to political instability and mismanagement following a February coup, a US official said on Wednesday after a junta minister blamed the crisis partly on foreign backers of its opponents.

20 Oct 2021