Country still lacks IoT-specific rules
Mr Sutisak reiterated that amid growing usage of connected devices and apps, privacy and cybersecurity remain among the challenges facing 5G adoption.
The telecom regulator and academics have expressed concerns about privacy and cybersecurity issues linked with 5G infrastructure, connected devices and apps due to the lack of specific regulations for Internet of Things (IoT) devices and standards for cybersecurity measures.
The National Broadcasting and Telecommunications Commission (NBTC) expects to roll out a new regulation to ensure privacy protection for telecom services early next year, in line with the full enforcement of the Personal Data Protection Act (PDPA) scheduled to take place in mid-2022.
NBTC deputy secretary-general Sutisak Tantiyotin said amid growing usage of connected devices and apps, there are three challenges for 5G adoption, comprising spectrum availability, real 5G usage cases as well as privacy and cybersecurity.
The privacy and cybersecurity issue is the most pressing as it is difficult to rein in, he said.
The country still lacks IoT-specific rules to accommodate related services and ensure consumer privacy, he said.
“Different technologies may be used in security systems so there needs to be the standard for cybersecurity to secure the use of 5G applications,” Mr Sutisak said.
He was speaking on the sidelines of a seminar on 5G cybersecurity recently held by the NBTC and Thammasat University’s College of Innovation.
The NBTC has been developing a series of regulations and frameworks related to 5G adoption, including the numbering and identification of IoT devices, security and privacy, data arrangement structure and data interoperability.
These regulations are needed to be prepared for the boom in machine-to-machine connectivity across industrial sectors, he said.
He said the NBTC plans to issue a new regulation for telecom service privacy early next year, which will come in line with the full enforcement of the PDPA.
The regulation should clearly define customer data, separating general data which can be leveraged for public benefit from what should be strictly protected personal data, he said.
General data includes the amount of time spent by a customer on data usage per day and locations. This data can be analysed to enhance service efficiency.
“The regulatory framework for security and privacy will involve telecom operators, consumers as well as data arrangement structure for telecom operations,” Mr Sutisak said.
The IoT-related regulation is being studied and drafted, he said.
The draft indicates the numbering of IoT devices will run in a 14-digit system in line with the International Telecommunication Union’s standard.
It also takes into account device registration and methods of IoT usage.
To support cybersecurity system, close cooperation is needed among those in computer emergency response teams (CERT), such as Thailand Telecom Computer Emergency Response Team (TTC-CERT) and Thailand Banking Computer Emergency Response team (TB-CERt), he said.
Chayakrit Asvathitanont, dean of the College of Innovation at Thammasat University, pointed out the academic community gives significant importance to security standard in relation to 5G adoption in the digital age.
Academics, he said, want to see a close collaboration between related parties in driving 5G cybersecurity efficiently.
Source: Bangkok Post