Thailand is poised to enhance its cybersecurity framework with new draft standards for cloud computing security. The National Cybersecurity Committee has prepared these standards, which have already been approved by the committee and are now awaiting publication in the Royal Gazette.

This draft regulation, titled “Announcement of the National Cybersecurity Committee on Cloud Cybersecurity Standards B.E. ….”, marks a significant step in Thailand’s efforts to safeguard its digital infrastructure while promoting the adoption of cloud technologies across various sectors.

The proposed regulations, set to be implemented one year after their official publication, are primarily aimed at government agencies, regulatory bodies, and organizations managing critical information infrastructure. These standards are designed to mitigate cybersecurity risks associated with the use of public cloud services, a growing concern as more entities shift their operations to cloud-based systems.

The decision to establish these standards stems from alarming cybersecurity statistics revealed by the National Cybersecurity Agency of Thailand (NCSA) for the year 2023. Educational institutions were the most targeted, facing 632 attacks, followed by other government agencies with 145 attacks. The private sector, particularly Thai-owned commercial enterprises, also saw a significant number of incidents, with 148 recorded attacks.

Under the proposed standards, organizations using public cloud services must adhere to guidelines that take into account the impact level of the data or information systems they handle. These impact levels are defined in a separate announcement by the National Cybersecurity Committee regarding the standardization of cybersecurity characteristics for data and information systems.

Notably, the draft standards mandate that personal data stored in cloud systems must be classified at minimum as having a “medium” level of confidentiality. This requirement underscores the government’s commitment to protecting individual privacy in the digital sphere.

The drafting of these standards aligns with Thailand’s “Cloud First Policy,” which was approved in a meeting of the National Digital Economy and Society Committee in December 2023. This policy sets out a five-year roadmap for cloud service implementation across various sectors, demonstrating Thailand’s commitment to digital transformation.

Once the standards come into effect, organizations affected by these new regulations will be required to submit summary reports of their compliance to the NCSA within 30 days of completing the implementation. This reporting mechanism aims to ensure accountability and allow the government to monitor the effectiveness of the new measures.

The introduction of these draft standards reflects Thailand’s proactive approach to addressing the evolving landscape of cybersecurity threats. As cloud computing continues to play an increasingly crucial role in both public and private sectors, these measures aim to create a more secure digital environment, fostering trust and enabling the country to fully leverage the benefits of cloud technologies while mitigating associated risks.

As Thailand moves forward with its digital transformation agenda, these pending cybersecurity standards for cloud computing will play a pivotal role in shaping a resilient and secure digital infrastructure for the nation. The cybersecurity community and affected organizations are now eagerly awaiting the official publication of these standards in the Royal Gazette, which will set in motion the one-year countdown to their implementation.

Key Takeaways:

1. Thailand’s National Cybersecurity Committee has drafted new standards for cloud cybersecurity.
2. The draft standards aim to reduce cybersecurity risks for government agencies and critical information infrastructure organizations using public cloud services.
3. The regulations will come into effect one year after their publication in the Royal Gazette, which is pending.
4. Personal data in cloud systems must be classified at least at the “medium” level of confidentiality.
5. The draft standards are part of Thailand’s broader “Cloud First Policy” initiative.