Microsoft expands cybersecurity commitment in Thailand with ETDA partnership under Government Security Program agreement

 |   Thornthawat Thongnab

Online threat intelligence data shared under nationwide agreement to raise cybersecurity standard in Thailand’s era of digital transformation


Bangkok – October 13, 2016 – Microsoft Corporation is building upon its long-term commitment to security and privacy in the digital space with the signing of a Government Security Program (GSP) agreement with Thailand’s Electronic Transactions Development Agency (Public Organization) (ETDA). Under this agreement, ETDA will receive information from Microsoft on internet safety, cybersecurity threats, vulnerabilities, and related guidance to strengthen digital security on a nationwide level.

“Throughout Microsoft’s four decades of history, we have proven beyond doubt that security, transparency, and trust are matters of the highest priority,” said Toni Townes-Whitley, Corporate Vice President, Worldwide Public Sector, Microsoft Corporation. “However, it takes more than just advanced technology to make all three a reality in the digital space. Through GSP, we have a legal framework developed to achieve this through stronger public-private partnerships across the globe.”

First established in 2003, GSP is a worldwide information-sharing initiative that supports the efforts of national governments and international organizations to protect their citizens and national infrastructure from threats and vulnerabilities. Today, GSP is a central component in Microsoft’s efforts to build trust with governments around the world through a single legal and programmatic platform that allows nations around the globe to make better, more informed decisions on technological matters.

In addition to direct and indirect impact on cybersecurity standards for signatory governments, GSP fulfills a key requirement in Thailand’s Digital Economy and Society Development Plan, whose 6th strategic pillar concerns the fostering of trust in the use of digital technology through a standardized and effective regulatory framework for secure, trustworthy online activities and digital transactions.

This partnership with ETDA expands the scope of GSP to cover over 60 agencies from 36 governments worldwide as Thailand joins the ranks of Asia-Pacific GSP signatories – including Australia, China, Japan, South Korea, New Zealand, Singapore, and Taiwan.

“Out of over 8.8 million IP addresses in use in Thailand, we have found evidence of malware infection tied to over 2 million IPs,” said Surangkana Wayuparb, Executive Director, ETDA. “This makes Thailand one of the top nations in the world in terms of malware prevalence. To address the situation, ETDA is working with Microsoft and a wide spectrum of partners to establish stronger defensive measures for the country and pave the way for the establishment of a full-fledged national cybersecurity center in the future.”

ETDA’s agreement with Microsoft under the Government Security Program is expected to grow in scope in 2017 with the addition of source code access for Microsoft products and services.

Keshav Dhakad, assistant general counsel and regional director of the Microsoft Digital Crimes Unit (DCU), Microsoft Asia, added, “The GSP agreement with ETDA represents the logical next step in our commitment to cybersecurity in Thailand. Through this program, ETDA will be able to better respond to online threats and raise public awareness on cybersecurity in a timely, effective manner.”

As part of the GSP agreement, the Cyber Threat Intelligence Program (CTIP) – conceived and operated by the Microsoft Digital Crimes Unit (DCU) –provides GSP signatories with actionable information on devices compromised by malware. With full legal permission, DCU severs communications between infected devices and the malware’s command and control center, which neutralizes the threat and renders the criminals powerless. Any attempted malware communication is then redirected to the CTIP “sinkhole” database and shared with program participants for further action.

“In line with our commitment to privacy, we only provide personally non-identifiable information – such as IP address and Internet service provider gateway geolocation – to CTIP and GSP partners,” Dhakad noted. “Furthermore, any action to eliminate the malware threat can only be undertaken with explicit permission from the device owner.”

The GSP agreement with ETDA is part of Microsoft’s latest investments in cybersecurity for the Asia-Pacific region, which now plays host to the world’s first combined Microsoft Transparency Center and Cybersecurity Center in Singapore. The joint facility will enable enterprises and organizations in the region to gain access to Microsoft’s industry-leading security expertise and technological resources.