The challenge of scaling up security for a whole country
By Chong Jinn Xiung June 28, 2018
- Combination of training and awareness crucial
- Critical infrastructure sectors assisted by individual security teams
THE digital economy is growing across Southeast Asia but very few countries prioritise cyber-security and this, unfortunately, makes them susceptible to cyber-threats. Thailand is no different but one man has a bold plan to scale up cyber-security throughout the country.
Martijn van der Heide may not be of Thai by blood but he is very passionate about ensuring the safety and security of Thailand’s digital landscape. Hailing from the Netherlands, van der Heide found his way to Southeast Asia when he met and married a Thai woman at the FIRST Conference 2013 and moved to Thailand.
Incidentally, he is back at the 30th Annual FIRST Conference in Kuala Lumpur as a consultant with ThaiCERT, the national Computer Security Incident Response Team (CSIRT) of Thailand.
van der Heide explained the many challenges he faced with the thinly staffed National CERT (Computer Emergency Readiness Team) team that is tasked with solving all manner of computer security incidents in the kingdom.
Despite facing a lack of manpower, tools and procedures to establish teams across all levels of organisations in the kingdom, ThaiCERT has implemented a central government protection solution to combat a large number of incidents that include website defacements and infections.
They established sector-based CERT teams within critical infrastructure areas that included government, finance, healthcare, ICT, energy and transportation. According to van der Heide, this was proposed as they were unable to hire so many security experts to be embedded in all these sectors.
Since its implementation, he noticed that the pace in enacting security in individual organisations has improved with the smaller teams set up.
“Thus far we have seen the sectors responding well and wanting to implement security measures within their company. The commitment is there, especially in the Thai banking sector,” he said.
Sharing security information is critical for Thai security teams and relevant stakeholders so ThaiCERT has organised its own annual security conference Thailand Cybersecurity Week to help inform the security community.
At the same time, van der Heide highlighted that sharing information with government ministries helps keep them in-the-know about the latest threats.
Beyond ensuring companies and organisations are informed about cyber-security matters, van der Heide believes that the next step is to improve awareness among students at a young age. He explained how ThaiCERT has teamed up with Japan’s Line Corporation to organise workshops and training programmes in schools in Bangkok with plans to spread to other cities.
ThaiCERT also has grand ambitions to steeply increase the security workforce in Thailand, by creating more professional training programmes with the assistance of Carnegie Mellon University (CMU) and the International Information System Security Certification Consortium (ISC2) that aims to train 1,000 professionals within a year.