Agency constructs 40 new rules to bolster law

The National Cyber Security Agency (NCSA) aims to roll out 40 subordinate regulations of the Cybersecurity Act this year to strengthen the country's systems.
Roughly 100 organisations linked with critical information infrastructure (CII) stipulated by the act will also be directed to comply with the standard framework of security requirements this year to guard against cyberthreats, said the agency.
The act stipulates NCSA is responsible for providing assistance to prevent and mitigate risks from cyberthreats to seven aspects of CII: national security, public service, banking and finance, information technology and telecoms, transport and logistics, energy and public utilities, as well as public health.
Gen Prachya Chalermwat, secretary-general of NCSA, said the agency established in January 2021 will ramp up cybersecurity skill-building for sectors related to the seven CII aspects through intensive capacity-building programmes targeting 2,250 attendees, including 400 specialists and executives, in 2022.
He said the move should enhance the country's capacity to defend against escalating cyberthreats, particularly as more organisations shift their work online during the pandemic, relying more on online applications.
According to Section 44 of the Cybersecurity Act, NCSA is tasked with formulating a code of practice and standard framework of cybersecurity as a guideline for state and private agencies linked to CII to comply with.
The agency is also expected to develop cybersecurity skills and competence for state and private agency workers to meet international standards, as well as create a digital economy and society action plan spanning from 2018 to 2022.
According to Gen Prachya, NCSA will enforce security standard requirements, including for software and operating systems, for state agencies and CII-linked enterprises by the end of this year.
The requirements include daily monitoring of threats to ensure the security of their databases, he said.
Many government and private organisations are linked to the seven CII sectors, but around 100 are in the first batch subject to enforcement by this year, said Gen Prachya.
NCSA plans to work with various sector regulators on the tasks, such as the Thailand Banking Sector Computer Emergency Response Team, the Securities and Exchange Commission, the National Broadcasting and Telecommunications Commission and the Telecommunications Association of Thailand.
Each of the seven CII sectors is expected to have cybersecurity coordination centres by the end of this year, he said.
In August 2021, NCSA established a national computer emergency response team (National CERT), which was transformed from ThaiCert (Thailand Computer Emergency Response Team) under the Electronic Transactions Development Agency.
National CERT has five staff members.
"Public health is the most critical sector as it involves patient records, which could be a threat to people's lives," Gen Prachya said.
NCSA has around 60 staff, half of them recruited under contract agreements.
The agency received a budget of 40 million baht in its first year of operation, which was raised to 140 million in fiscal 2022.
NCSA also secured another 200 million baht from the Digital Economy and Society Ministry's Digital Fund for its operations and management in fiscal 2022.
"We are a new agency with several limitations, but we are eager to achieve our missions," he said.
NCSA aims to have 480 staff for its full-scale operations, but it may take 10 years to reach that level, said Gen Prachya.