Bangkok, Thailand – May 28, 2024 – Microsoft Thailand today announced a collaboration with the National Cyber Security Agency (NCSC) to join the Government Security Program (GSP) to exchange cybersecurity information, knowledge, and insights in a transparent manner, aiming to strengthen cybersecurity in Thailand.
The Government Security Program (GSP) is a global initiative where Microsoft partners with governments and public institutions worldwide to foster transparency, enabling government agencies to access and receive cybersecurity information from Microsoft to better protect their personnel, data, and infrastructure from various cyber threats. The program has been running since 2003, emphasizing collaboration between Microsoft and governments under a single legal and operational framework that empowers each country to make better decisions on technology issues. Currently, the program encompasses partnerships in over 40 countries and 100 international organizations.
Under the GSP, Microsoft will share critical cybersecurity information with the NCSC, including:
- Advance Notice of Security Vulnerabilities: Microsoft will provide the NCSC with advance notice of security vulnerabilities in its software, along with patch notes to address these vulnerabilities, five days before public disclosure. The NCSC will also receive full disclosure information and a vulnerability exploitation guide 24 hours before public disclosure.
- Malicious URLs: Microsoft will share a list of malicious URLs and other cybersecurity threats identified by Bing Crawlers, which are updated every three hours.
- Clean File Meta Data: Microsoft will provide metadata of files that have not been modified or tampered with, allowing the NCSC to compare files on government computers to identify those that have been compromised and infected with malware.
- CTIP Botnet Feeds: Microsoft will provide botnet feeds of IP addresses and other indicators of compromised systems, command and control servers, IoT devices, and domains.
- Partnership: Microsoft and the NCSC will exchange cybersecurity information with partners and establish a dedicated forum for discussion on cybersecurity matters.
Strengthening Cybersecurity with AI
Microsoft believes that security is a shared responsibility and that collaboration is essential in combating cyber threats. The company is investing heavily in cybersecurity, with a global commitment of $20 billion. Thailand is a key target for cyberattacks, ranking among the top five countries in the Asia Pacific region (APAC) for nation-state cyber threats, behind only South Korea, Taiwan, India, and Malaysia.
Microsoft employs a layered approach to security, encompassing the Microsoft Secure Future Initiative (SFI), which consists of:
- Secure by design: Security is prioritized from the outset in the design of all Microsoft products and services.
- Secure by default: Security features are enabled by default, eliminating the need for users to manually configure them.
- Secure Operations: Microsoft continuously enhances its security operations to address current and emerging threats.
Upskilling and reskilling are crucial in the cybersecurity industry, as AI can be used by both good and bad actors. Microsoft emphasizes the importance of educating individuals on AI and cybersecurity, particularly for government organizations and infrastructure custodians.
Collaboration for Enhanced Cybersecurity
Under this agreement, Microsoft and the NCSC will exchange information and knowledge on various cybersecurity aspects, including technical details of security threats, vulnerabilities, anomalies, malware information, and critical security issues related to Microsoft products and services. In the future, the parties may consider expanding their collaboration to include access to technical documentation or source code for Microsoft products and services, or conduct in-depth technical and source code reviews at one of Microsoft’s five Transparency Centers worldwide.
Microsoft and the NCSC will also jointly promote and foster awareness, understanding, and skills in governing AI usage safely and responsibly. This will be achieved through training activities on Copilot for Security and AI applications to support cybersecurity efforts for government agencies and personnel responsible for critical information infrastructure (CII).
A Strategic Partnership for a Secure Thailand
The collaboration between Microsoft and the NCSC is not the first of its kind, but rather a shift in the organization responsible for overseeing and collaborating on the use of Microsoft’s GSP data in Thailand. This partnership is expected to enable more proactive cybersecurity measures and further enhance AI for Security initiatives in the future.
Key Takeaways:
- Microsoft and the NCSC are collaborating to strengthen cybersecurity in Thailand through the Government Security Program (GSP).
- Microsoft will share critical cybersecurity information with the NCSC, including advance notice of vulnerabilities, malicious URLs, and botnet feeds.
- Microsoft and the NCSC will jointly promote AI for Security training and awareness initiatives.
- The collaboration is expected to enable more proactive cybersecurity measures and further enhance AI for Security initiatives in Thailand.