Thailand’s National Cybersecurity Strategy (2017-2021)
March 2017
Strategies and Action Plans
Thailand’s National Cybersecurity Strategy (2017-2021) was designed to establish a comprehensive framework for the country’s approach to cyber threats and ensure the security of its national infrastructure in the digital age. The strategy, released by the Thai government, aimed to foster a safer digital environment by enhancing cybersecurity measures, improving risk management, and responding effectively to emerging cyber threats.
1. Vision and objectives
- Vision: Thailand’s vision for cybersecurity was to create a secure and resilient cyberspace for national development and to protect critical infrastructure from cyberattacks.
- Objectives:
- Strengthen national cybersecurity governance and enhance cybersecurity laws and policies.
- Build a national cybersecurity workforce, improving skills and capabilities.
- Improve the protection of critical infrastructure and government services.
- Foster public-private collaboration and international cooperation.
2. Strategic areas
The strategy is based on four strategic pillars:
2.1 Cybersecurity governance
- Develop and implement policies, laws, and regulations to govern cybersecurity in Thailand.
- Strengthen national cybersecurity agencies like the National Cyber Security Committee (NCSC).
- Establish the Cybersecurity Operation Center (CSOC) to monitor and respond to threats.
- Create an integrated national cyber risk management framework.
2.2 Cybersecurity capacity development
- Enhance the cybersecurity capabilities of government agencies, businesses, and individuals.
- Focus on cybersecurity education, skills training, and awareness-raising campaigns.
- Invest in developing the national cybersecurity workforce, including technical, policy, and legal experts.
- Encourage public-private partnerships to improve information sharing.
2.3 Cybersecurity for critical infrastructure
- Protect critical national infrastructure such as energy, finance, healthcare, and communication systems from cyber threats.
- Implement industry-specific security standards and encourage best practices for cybersecurity.
- Strengthen the resilience of government and private sector digital services.
2.4 Cybersecurity response and coordination
- Improve national capabilities to detect, respond to, and recover from cyber incidents and attacks.
- Set up national incident response teams and establish a robust mechanism for crisis management.
- Improve coordination and information sharing between government, industry, and international partners in dealing with cyber threats.
3. Key initiatives
- Cybersecurity law and regulation: The strategy led to the creation of new legal frameworks, including the Cybersecurity Act (2019), which empowered government agencies to monitor and manage cybersecurity threats.
- National cybersecurity center: A key initiative was the creation of a central command unit to coordinate responses to cyber incidents.
- Cybersecurity awareness programs: Nationwide campaigns were launched to raise awareness of online safety for individuals and businesses.
- Private sector engagement: Businesses were encouraged to adopt cybersecurity best practices and engage in information sharing through industry forums.
4. International cooperation
- Thailand emphasised the importance of regional and international collaboration to combat transnational cyber threats.
- The country has engaged in partnerships with other ASEAN nations, international cybersecurity organisations, and major global players to share information and align strategies.
5. Challenges and future directions
- Growing threat landscape: The increasing complexity of cyber threats and the need for rapid technological adaptation have been challenges for implementation.
- Balancing security and innovation: While the government has focused on protecting national infrastructure, there has been an ongoing need to balance security with the promotion of innovation and the growth of digital businesses.
- Implementation of laws and regulations: Ensuring effective enforcement of cybersecurity regulations and building trust among stakeholders has been a priority moving forward.
6. Impact and results
The strategy contributed to:
- Increased awareness and preparedness among government agencies and businesses regarding cybersecurity risks.
- Improved legal frameworks for responding to cyber incidents.
- Enhanced collaboration between government bodies and the private sector in securing critical infrastructure.
- Ongoing development of Thailand’s cybersecurity workforce and skillset.
The National Cybersecurity Strategy (2017-2021) laid the foundation for Thailand’s long-term goals in cybersecurity, helping the country address both immediate threats and future challenges as it increasingly depends on digital infrastructure for economic and social development. The strategy has been extended and updated as part of the ongoing efforts to strengthen cybersecurity in the country.