Information Security in the context of Thailand ICT Master
Download
Report
Transcript Information Security in the context of Thailand ICT Master
Seminar on
Information Security Technologies
Towards e-Government
November 19, 2003, Bangkok, Thailand
Thaweesak Koanantakool
Director,
National Electronics and Computer Technology Center
National Science and Technology Development Agency
Ministry of Science and Technology
[email protected]
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
1
Presentation Outline
•
•
•
•
•
•
Thailand ICT status
ICT Policy and Master Plan
CyberLaws
eGovernment progress
Bridging the Digital Divide Programs
Security issues
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
2
Thailand
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
3
Thailand ICT Indicators
Population
62.80
GDP Growth (2002)
5.2
GDP (2002)
5,430
Number of Commercial ISPs
18
Number of non-commercial ISPs
5
Internet Exchanges
2
Total International Bandwidth (Oct, 03) 1.44
Total Domestic Bandwidth (Oct, 03)
8
PC Users (June, 03)
11.3
Domains registered under “.th”
13,116
Internet Users (June, 03)
6.0
Fixed line subscribers
12.9
Mobile phone users
30.6
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
million
%
Billion Baht
ISPs
ISPs
exchanges
Gbps
Gbps
million
domains
million
/100 population
/100 population
4
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
5
ICT Development
Policy Framework
for 2000-2010 (IT 2010)
Information Economy
Sectors
Crosscutting
issues
e-Industry
e-Commerce
Information Society
e-Government
e-Society
e-Education
Science and Technology, R&D, Knowledge
Information Development, IT Literacy, IT HR
Telecommunication Infrastructure
Quantity
Quality
ICT Policy Development
Policies
eIndustry e-Government e-Society
eCommerce
e-Education
National ICT Masterplan
2002-2006
IT 2000 Policy
IT 2010 Policy
Ministry of ICT
.
National IT Committee (established 1992)
^1992 ^1993 ^1994 ^1995 ^1996 ^1997 ^1998 ^1999 ^2000 ^2001 ^2002 ^2003 ^2004 ^2005 ^2006
Introduction of Internet
SchoolNetThailand
Software Industry Promotion Agency
Software Park Thailand
Government Information Network
Activities
Government CA Service
Government CIO Program
E-Commerce Resource Center
IT Law Development
Electronic
.
Transactions Act
NII, CompCrime, DP Acts
e-Thailand
TIS-620 Thai
Character set in
UNICODE
TIS-620 Thai Character set
registered with IANA
e-Government Project
English-Thai Web Translation
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
7
IT Law Development
• Electronic Transaction Law (incorporating
Digital Signature) since April 2002
• Information Infrastructure Law
(a Universal Access Law to ensure
accessibility and equitably to all citizens)
• Data Privacy Law
• Computer Crime Law
• Electronic Fund Transfer Law
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
8
Cybercrime Law
• Cybercrime is recognized as a significant
problem requiring the cooperation among the
government and law enforcement agencies.
• The new threats challenges existing law.
Thailand therefore drafted the Computer Crime
Bill, one of ICT law, as guided by the framework
of Cybercrime Convention of Council of Europe
since a common purpose of those Convention
aims principally at harmonozing the national
laws.
• With respect to the scope of the Bill, it contains
three chapters.
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
9
Cybercrime Law
• Chapter one covers the criminalisation
provisions, namely, illegal access; illegal
interception; data interference; system
interference; and misuse of devices.
• Chapter two is to criminalise the
computer-related offences, computer
related forgery, computer-related fraud
and offences-related to child pornography.
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
10
Cybercrime Law
• Chapter three is intended to set up the
criminal procedural law powers in order to
enable a fast and effective investigation and
prosecution. In the course of a criminal
investigation, preservation of stored data,
disclosure of traffic data and search as well as
seizure of computer data are needed.
• The Bill is currently approved in principle by the
Cabinet and now under consideration of the
Council of the State.
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
11
National ICT Master Plan
(2002-2006)
Approved by the Cabinet on
September 25, 2002
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
12
ICT Master Plan(2002-2006)
Vision:
Thailand will be the regional center of
ICT development and business,
particularly in software.
Thailand is to have strong and competitive
economy as well as knowledge-based
society, given that entrepreneurs and
majority of people can access the
information.
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
13
ICT Master Plan(2002-2006)
Mission:
Enhance continuous collaboration
between public and private sectors
as a development network of
information and infrastructure.
Reform ICT management
including plans for research,
education, and training in ICT.
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
14
Strategies in the ICT Master Plan
1. Development
of ICT
Industry
4. Society
Capability
Leverage for
future
Competition
7. ICT for
ก ับการ
Public
Sector
3. R&D
Reform
6. ICT for SMEs
2. Quality of Life
and Society
Enhancement
5. Entrepreneurs
Capability
Development
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
15
Strategy 7: (ICT Master Plan)
ICT Utilization for Public administration and Services
Government to set up central organization to oversee ICT development and utilization
within the public sector. Emphasis will be on the unity and integration of database
system, planning, coordination, budget allocation and transparency in procurement, to
meet the reauirement of each agency, as well as reduce investment duplication. This will
enable public sector to accumulate, exchange and share information among themselves,
based on secured and open standard platform.
1. Setting up new ministry responsible for the development of ICT
nationally.
2. Structural reform within organization in related to ICT, such as
setting up CIO office as well as improving laws and regulations.
3. Develop governmental database for information exchange
4. Apply GIS for socio-economic development
5. Encourage effective use of ICT network among government
agencies
6. Devise mechanisms to build up ICT-related capability for public
sectors employees
7. Develop monitoring and evaluation system for national ICT
development
Source: National ICT Master
8. Develop National Digital Nervous System
Plan(2002-2006)
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
16
Thailand e-Government Development
Beneath the Iceberg
Civil Servant
Attitudes
Political will
And support
- Ministry of ICT
- National IT Committee
Computer and
Network
Infrastructur
e
National
Operation
Center
Information
Infrastructur
e
HRD
CIO/CEO
Program
E-Commerce
Infrastructur
e
- CIO Training
- CIO Forum
- CIO Conference
- e-Commerce
Resource Center
- G to C
- G to B
- e-Procurement
- e-Tax
- e-Citizen
- e-Marketplaces
- Government IT Services
Rules &
Security
- Government Information
Regulations
& Policy
Network
- Govt Data Infrastructure
Legal
- SchoolNet
- Govt News Exchange
Infrastructur
PKI
- Govt Data Exchange
e
ThaiCERT
Information
- Government
- Electronic Transactions Act
in every
Interoperability Standard Computer Crime Law
- Data Protection Law
organizatio
Gov CA Service
- NII Law, EFT Law
n
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
17
IT2000
Policy
DOT Force
UN ICT Task Force
eASEAN (e-Society)
ITU, APT, etc.
Challenges:
Telecommunication
infrastructure
Affordability
Local contents
Human Resource
Legal frameworks
Bridging
the Digital
Divide:
Programs
in
Thailand
WSIS
2003
Public – Private
Partnerships
Benchmarking
surveys
Active monitoring of
ICT indicators
SchoolNet
Thailand
Equal access everywhere
Roadshow, Linux SIS
Community
telecenters
20 pilot centers in 2002
best practice models
Development of
local contents
Digital Library Toolkit
Digital Archive, Learning objects
Development of
IT Laws
National Information
Infrastructure Bill
human capacity
building
Teachers training,
Government CIO program
Accessibility and
lowering costs
Wireless local-loop research
Nationwide IP Network (TOT)
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
18
Four main tracks of
Thailand e-Government services
Track 1. Information Services
Standard online information
services to public, business
sectors, and government sectors
Track 2. Transaction Services
Online services: car registration
renewal, taxation, business
registration,...
Track 3. Payment Gateway
Financial management gateway
for government and business
sectors
Track 4. E-Procurement
Electronic Procurement for
government sectors
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
19
Recent Development (2002-2003)
• Government PKI Service Launched
• E-Auction Trials (all government agencies)
• National Operation Center Project
–
–
–
–
PMOC:
MOC:
DOC:
POC:
Prime Minister’s Operation Center
Ministerial Operation Center
Departmental Operation Center
Provincial Operation Center
• Government Information Technology Service
(GITS)
• Annual Government IT Awards
• Government Data Exchange (GDX)
• eCitizen Portal (www.ecitizen.go.th)
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
20
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
21
Technology handling of Threat
General Staff Practices
(การปฏิบ ัติงานของเจ้าหน้าที)่
Security Architecture and
Design
(การออกแบบและโครงสร้างของ
การร ักษาความมน
่ ั คง
Encryption
(การเข้ารห ัส)
Physical Security
(การร ักษาความมน
่ ั คงทางกายภาพ)
Contingency Planning/
Disaster Recovery
(แผนสารองฉุกเฉิน/
การกูภ
้ ัย)
Incident Management
(การร ับมือก ับเหตุการณ์)
Monitoring and Auditing
(การเฝ้าดูและตรวจสอบ)
Authentication and
Authorization
ิ ธิ)์
(การพิสจ
ู น์ต ัวตนและการให้สท
System and Network Management
(การจ ัดการระบบและเครือข่าย)
(แหล่งข ้อมูล: http://www.cert.org)
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
22
Management handling of threat
Security Practice Areas
(การดาเนินการด้านการร ักษาความมน
่ ั คง)
Institutional Knowledge
้ นะนา)
(ความรูท
้ ใี่ ชแ
Collaborative Security
Management
(การจ ัดการด้านการร ักษา
ความมน
่ ั คงร่วมก ัน)
Security Policies and Regulations
(ระเบียบและนโยบายด้านการร ักษา
ความมน
่ ั คง)
Security Management
(การจ ัดการด้านการร ักษา
ความมน
่ ั คง)
Security Strategy
(กลยุทธ์ในการร ักษา
ความมน
่ ั คง)
(แหล่งข ้อมูล: http://www.cert.org)
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
23
Priority areas for WSIS
Concerns of
developing
countries
and LDC
Concerns of
developed
countries
And
industrial
leaders
Basic Telecommunications
Basic Access to the Internet
Human Capacity Building
Affordable Access Devices (PCs, PDA)
National ICT Policy and Plan
Threat of Liberalization
Appropriate Software (Legal, compact, low cost)
Local Language enabled on Computers
Creation of Local Contents
Portal Sites
e-Government -- Government Facilitation
Standards in manufacturing, safety, health
IT-Laws (e-Transaction, e-Signature, Computer
Crime, Data Protection)
Security -- Information/System/Network
Authentication and Certification, PKI
Broadband Access (Corporate, home)
IT-Manpower development
Regional Networking Collaboration
Opportunities from Liberalization and
Regionalization
e-Marketplaces
e-Payment infrastructure
Consumer Protection
Cross Border Certification
Intellectual Property rights Protection
Privacy
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
Wireless Local Loop
Domestic Internet Exchange
Regional Training Center
Low Cost PC Program
Rural Empowerment
Open Source solutions
Machine Translation
Digital Archive
E-Learning
UNCITRAL Model Laws
World PKI Forum
WIPO
24
Sawasdee
Thank you
for your
attention.
NECTEC+CICC Seminar on Information Security Technologies: Towards e-Government
November 19, 2003, Bangkok, Thailand. Thaweesak Koanantakool
25