G2B: Cyber-Business in Myanmar, Indonesia and Thailand
Transcript of G2B: Cyber-Business in Myanmar, Indonesia and Thailand
SESSION ID:
#RSAC
G2B: Cyber-Business in Myanmar, Indonesia and Thailand
SUM-W01
Richard ClementCountry Manager, Thailand, Akamai Technologies, Inc.
Ben Doyle CISO Asia Pacific, Thales
Sunthorn LinlawanAVP, Siam Commercial Bank PCL
Henry Ng Head of Consulting Services, Thales
Dr. Hammam Riza Deputy chairman for IT Energy Material, BPPT
Dr. Tun Thura ThetFounder And Chairman, Myanmar Information Technology Pte Ltd
#RSACG2B: Cyber-Business in Myanmar, Indonesia and Thailand
Start Time Title Speaker
08.45 – 09.00 Welcome and Regional Overview Ben Doyle
09.00 – 10.20 Cyber-Business in Myanmar Dr. Tun Thura Thet
10.20 – 10.40 BREAK
10.40 – 12.00 Cyber-Business in Indonesia Dr. Hammam RizaHenry Ng
12.00 – 13.00 LUNCH
13.00 – 14.20 Cyber-Business in Thailand Sunthorn LinlawanRichard Clement
14.20 – 14.30 Wrap-Up
2
SESSION ID:
#RSAC
Dr Tun Thura Thet
Cyber-business in Myanmar
SUM-W01
Joint Secretary GeneralMyanmar Computer Federation
#RSAC
About Myanmar
China 1,375,000,000
India 1,251,695,584
Bangladesh 171,700,000
Thailand 67,959,000
Laos 6,803,6992,873,158,283
40%#39) Myanmar 676,578 km2 (261,228 miles2)
1,93
1 km
(1,2
00 m
iles)
GDP 74 BPopulation 51 MPer Capita 1,419Coastline 2,832 kmEthnic Groups 135Life Expectancy 62
of the World population
2
#RSAC
About Myanmar
The world’s fastest-growing economy, according to the IMF’s latest World Economic Outlook. The country’s GDP is projected to grow by 8.6% this year.
The Most Charitable NationWorld Giving Index
3
#RSAC
Current ICT Industry Status
Software (127)13% Services (63)
7%
Multimedia (50)5%
Education (97)10%
Hardware (465)48%
Mobile 11111%
Others6%
Types of ICT Business in Myanmar
MCF
MCIA
MCPA
MCEA
1,000 +Companies
10,000 +Professionals
100,000 +Students
Myanmar Computer Federation and Associations
4
#RSAC
Current ICT Industry Status
80%
2016 Update:80% of households have access to mobile phone80% of mobile phones are smartphones
, May 2015
, May 2015
5
#RSAC
ICT Master Planning: 9 Key Areas
•Youth, Woman, Rural
1) E-Society
•Education, Health, Agriculture, Tourism, Transportation, Trade, Manufacturing etc.
2) Multi Sectorial Development
3) E-Government
4) E-Commerce
5) Standardization
6) ICT Industry Promotion
7) Legal Framework
8) ICT Human Resource Development
9) ICT Infrastructure
ReferencesICT Master Plans (2001-2005, 2006-2010, 2011-2015)Myanmar e-Governance ICT Master Plan – 2015
Prom
otio
nFo
unda
tion
Util
izatio
n
2016-2020
MoE Total Number of ICT Professionals Per Year(Undergrad and Post-grad: Diploma)25 Colleges
6,000
Private Total Number of ICT Professionals Per Year 1000+
Total ICT graduates per annum 7,000+
6
#RSAC
Local Information System Security Community
mmCERT – National CERT
Local Companies Creatigon (www.creatigon.com)
Kernellix (www.kernellix.com)
M.S.T Institute (www.mstinstitute.net)
Handful of certified professionalsCISSP - (ISC)2
CISA, CISM, CIRISC - ISACA
GPEN, GCIH - GIAC Certified Professionals
OWASP Local Chapter (twice a year since 2014)
Myanmar Cyber Conference (six events)
Information Security and GRC Consulting Application and Infrastructure Security Solutions Penetration Testing and Vulnerability Assessment Security Monitoring and Incidence Response Information Security Awareness Training
7
#RSAC
Banking and Financial Services Sector
Banks (4 State-owned, 22 private, 10 Foreign bank branches, 35 Representative)
Myanmar Payment Union, MPU
Finance Companies (300+ Micro financing companies)
Insurance Companies
Yangon Stock Exchange
Central Bank of Myanmar
8
#RSAC
The status of E-Commerce
Initial stage, gearing towards Mobile Commerce
Social Commerce
Business ModelsOmni channel
Pure online
Cross-border
Cash on Delivery
Local Payment Gateway, MPU
International Payment Schemes
9
#RSAC
Global Tech Companies in Myanmar
Deloitte, PWC, E&Y, KPGM
Microsoft, Oracle, SAP, CISCO, HP, Dell
US-Myanmar ICT Council led by USAID
Some Global Security Brands
10
#RSAC
Foreign Investment and Partnership models
Business Model
FDI 100%
Joint Venture, 51%
M&A Model
Reseller Model
Strategic Partnership Model
Union of Myanmar, Chamber of Commerce, UMFCCI Myanmar Computer Federation, MCF Myanmar Computer Industry Association, MCIA
11
#RSAC
Legal Framework
Related Laws
The Computer Science Development Law, 1996
The Electronic Transactions Law, 2004
Telecommunications Law, 2013
Foreign Investment Law, 2012
Other Areas
Intellectual Property Law
Cyber Crime Law
Data Protection and Privacy Law
12
#RSAC
Entity Registration
The Directorate of Investment and Company Administration (DICA) is in charge of handling company registrations for local and foreign businesses under the Companies Act.
DICA also serves as a secretary to the Myanmar Investment Commission (MIC), which is the responsible body for investment applications.
MIC is a government-appointed body which is responsible for verifying and approving investment proposals and regularly issues notifications about sector-specific developments.
www.dica.gov.mm
13
#RSAC
Rounding Up
Myanmar, the last frontier
Fastest growing economy with many opportunities and challenges
Late comer advantage and technological leap frog
Smart investment and strategic partnership
Quick wins, sustainability and CSR obligations
14
#RSAC
Cyber Business in Indonesia- Technology Perspective DR. Hammam Riza
Deputy ChairmanAgency for the Assessment and Application of Technology (BPPT)Government of Indonesia@bppt_humas
#RSAC
Trending Topic
What is the Positive Side of This Chaotic Traffic??Population, Market and Infrastructure
2
- Enable new type of services- Cost reduction of services
(e.g. building unique unified user profile)
- Enabling innovation of transaction (trust in internet economy)
- Fight against cyber crime- Increase user confidence
Trusted Digital Identity as Fundamental Foundation
Trusted Digital Identity
Security & Privacy
Services Improvement
Economic Benefits
Source: Pratama, Security of Digital Identity
8
Card Body Electronic Functions
Electronic ID Authentication :-Visual Picture (on chip) verification-Visual biodata and hand signature (on chip) verification- Fingerprint verification 1:1
E- Voting :- Regulation pending
-E- Signing :- Regulation pending
For every one whose age > 17 or already married E-KTP Integrate the conventional ID with electronic functions
Indonesia Electronic ID Card (e-KTP)
ACT 24 2013 Population Administration
e-KTP is the key to almost every innovative e-service
ACT 7 2014 Trade
• Public services, • development planning, • budget allocation, • development of
democracy, • law enforcement and • crime prevention
Trade to e-Tradee-ID for e-Trade Services
ACT 25 2009 Public Services
Public Services to Public e-services
#RSAC
SINGLE IDENTITY
POPULATION DATABASE
(MoHA)
REGIONAL KEUA
NG-ANHUKU
M HAM
AGAMA
KEHUTANAN
BIN
BPN
POLICE
KPKBAPPEN
ASSOCIETY
HEALTH
SOCIAL
LABOUR
ELECT
BKKBN
PERBANKAN
LEMBAGA
KEUANGAN
DUNIA
USAHA
Source : MOHA
National Election
and Regional Election
Cross Border
Workers
Subsidy Program
MULTIFUNCTIONALITY OF POPULATION DATABASE
#RSAC
• Law No 11 / 2008 on Information and Electronic Transaction (UU ITE)
• Government Regulation PP No. 82 / 2012 on Electronics Services and Transaction (PPSTE)
• Presidential Decree No. 96 / 2014 on Indonesian BroadbandPlan 2014 – 2019
• E-Government, e-Procurement, e-Logistic, e-Health and e-Education will be prioritized as tools for better public services
INDONESIAN LAW for CYBER BUSINESS
#RSAC5 PRIORITY SECTORS Indonesia Broadband Plan
e-Government
(back officePemerintah)
e-Procurement
G2Ge-Education
e-Health
G2Ce-Logistic
G2B
Keterangan: G2G: Government-to-Government; G2C: Government-to-Citizen; G2B: Government-to-Business
Slide - 14
#RSAC
Infrastructure for Cyber Business
Conceptual Diagram
QoS
Internet Intranet(GSI)
Backbone
Access
HighBW
Security
Central Gov. Local Gov.
Internet
Data Management
Center
Data RecoveryCenterGIX
Grand Design NCS-CIPP
Risk Business Impact Analysis
Critical Information Infrastructure
Critical Infrastructure Protection
CentralGovernment Agencies
RegionalGovernment Agencies
Public Infrastructure and Utilities
Citizen and Business
National Critical Infrastructure Protection Plan
National Information System
#RSAC
Prepare Online Identity for Cyber Business
Complete the “equation”:
Educate + Learn = Apply
Digital Transformation on every e-Services
Multifunctionality of e-ID!
Use verified identity as the basis for e-servicesKTP-el as Online Identity
17
#RSAC
Cyber businesses in Indonesia 2020
Apply ItemsWorking toward the goal to have 200 new startups across
the 10 cities emerge from the funnel each year, starting
now – which would amount to 1,000 startups by the end of
2020
Establish Single Identity KTP-el as Online Identity
The Government is also looking into revising its UU No.
11/ITE Information and Telematics laws especially to
revoke articles on the ‘negative investment list’ when it
comes to startups
18
#RSAC
NATIONAL CYBER BUSINESS FRAMEWORK is much needed for Indonesia (PEOPLE, PROCESS AND TECHNOLOGY)
Assessing cyber business MEANS IDENTIFYING, understanding and developing national information infrastructure and its cyber interdependency
Effective organization for cyber business is key success factor toward national broadband economy
TAKE AWAY POINTS
SESSION ID:
#RSAC
Henry Ng
Session Title: Cyber Business in Indonesia
SUM‐W01
CISSP‐ISSAP CISAHead of Consulting Services, APACCritical Information Systems and CybersecurityThales
#RSAC
About Thales Group
2
AEROSPACE SPACEGROUND
TRANSPORTATION DEFENCE SECURITY
▌ Revenues: 14 billion euros▌ 62,000 employees
▌ Operations in 56 countries▌ Over 20,000 engineers and researchers
Wherever safety and security are critical, Thales delivers. We innovate with our customers to build smarter solutions. Everywhere.
#RSAC
Critical Information Systems and Cyberscurity
3
5,000 IT and security engineers, including 1,500 cybersecurity expertsMajor European leader in cybersecurity and worldwide leader in data protection3 Cybersecurity Operation Centers CSOC (France, the Netherlands and the United Kingdom)1 CERT‐IST (Computer Emergency Response Team – Industry, Services and Tertiary sector)5 high‐security data‐centers in France and in the United KingdomHigh‐grade security products (confidential or top secret) for 50 countries, including NATO countriesEnterprise solutions and products for 200 customers, including protection of 80% of the world’s banking transactions. Security for 19 of the world’s 20 largest banks Operation and cybersecurity of critical information systems for 130 customers
UKCanada France
Norway
Australia
ItalyHong Kong
USA
BelgiumNetherlands
Germany
#RSAC
End‐to‐End Security Protection
4
Systems
Products
Services
…spanning
the information
system life cycle
Full‐service partner
ConsultingRisk Analysis
Test &Evaluation
24/7 Cybersecurity
SupervisionManaged Security Services
Rapid Reaction TeamManagement
Crisis
Critical IT Design,
Development, integration and
Deployment
TrainingCrisis
Management Training
Complex Project
ManagementCybersecurity
Products
Critical IT Operation
Cloud ComputingSecure IT
Outsourcing
#RSAC
Thales in Indonesia
5
Thales has been established in Indonesia for close to 40 years
Thales has been the appointed supplier of combat systems for all warships in service with the Indonesian Navy for
more than 20 years
Thales has installed close to 50% of Indonesia’s Air Traffic Management infrastructure, supplying control centers, radars and navaids
40 20 50%
Critical Infrastructure Protection (CIP)‐ Oil & Gas‐ Airport‐ Port
Homeland Security‐ Urban Security‐ Crisis Management
Cyber Security‐ Data Protection and
Encryption Solutions‐ Consulting‐ CSOC
#RSAC
Interesting Facts about Indonesia
6
4th largest population
6th most Internet users ‐ over 80M
Top 3 sources of cyber attacks
36.6M cyber attacks from 2012 to 2014
50,000 cyber attacks every day
Second most targeted country for cyber attacks, following Vietnam
#RSAC
APAC Cybersecurity Dashboard
7
I. Legal Foundation
II. Operational Entities
III. Public‐Private Partnerships
IV. Sector Specific Cybersecurity Plans
V. Education
VI. Additional Cyberlaws Indicators
Source: http://www.bsa.org/APACcybersecurity
#RSAC
Regulatory Requirements
9
Banking and Financial Services IndustryFinancial Services Authority “OJK” / Bank Indonesia defines requirements (e.g. yearly PT) and monitors implementation by members
GovernmentIT security is addressed primarily by the Telecommunications Act 1999 and the Information and Electronic Transaction Act 2008
Lack a comprehensive framework and details about implementation / enforcement how Government ministries and agencies should adhere
#RSAC
Challenges
10
1. Lack of a cybersecurity reference framework and supporting legal framework
BFSI relies on OJK/BI; Government relies on MCIT; some organizations such as Army, MoD, Ministry of Finance setup their own scheme
Difficult to push down cybersecurity without establishing a relevant framework, its applicability of usage, and enforcement details
2. Uncertainty about BCNWhat will be the functions and authorities of BCN? What will be scope of industries to be covered?
How will it strategize cybersecurity with various stakeholders?
#RSAC
Challenges (cont.)
11
3. Unclear Public‐Private Partnership strategyWhile ID.SIRTII works with private sector and academic organizations, there is no defined strategy in terms of public‐private partnership to work on cybersecurity
4. Immature level of awarenessCybersecurity is often regarded as an IT issue and has not reached to the corporate management level, resulting in lack of budget and management support of cybersecurity initiatives
False sense that security products will be the silver bullets to solve issues
#RSAC
Challenges (cont.)
12
5. Resourcing issuesInsufficient people in the cybersecurity domain (need of 7,000 expertise according to Budi Rahardjo from Bandung Institute of Technology)
Lack of cybersecurity skills and experience to protect organizations and responding to incidents
Unclear plan how to work with Universities and academics to train up more people in the field
Lack sufficient budget / funding to put in place appropriate technologies
#RSAC
“Apply” Slide ‐ Closing Thoughts
13
Need to develop a national cyber security
plan, reference framework and supporting legal
framework
Leverage public‐private partnership to foster an eco‐system to build up
awareness
Work with academics, institutions and security community to develop initiatives and training
programs
#RSAC
Thank You
Henry Ng, CISSP-ISSAP CISAHead of Consulting, APAC
Critical Information Systems and [email protected]
+852 2534 6625 (office)+852 9317 6844 (mobile)
SESSION ID:
#RSAC
Richard Clement
Cyber-business in Thailand
SUM-W01
General Manager – ThailandAkamai Technologies
#RSAC
About Thailand
Second Largest Economy in ASEAN
GDP (2015) $395.3 billion
GDP growth (2015) 2.8%
GDP growth 3.2% year-on-year in Q1-16 & 2.8% from previous quarter.
Eyeballs Dominated by FB, Youtube & LINE.
Source: Digital Advertising Association of Thailand
2015
5
#RSAC
Digital Evolution Index
All Sources: Digital Planet, c2014
Change in Scores Over Time(2008-2013)
Ranked on Demand, Supply, Institutional Environment & Innovation
Full Rankings (2013)
6
#RSAC
Mobility First .. so many DISTRACTIONS
Source: Immobi~7 Hours per Day Consuming Media
>25% Spent on Mobile Devices
Internet channels eroding traditional channels
8
#RSAC
Characterisation of Thailand ICT sector
Second Largest Buyer of ICT Products in ASEAN
Typically 7% of GDP, >US$21 billion in 2015
65% Consumer led ICT Spending, Smart Device Led
Soft Growth in Enterprise Spend Expected - Shifting Landscape from Traditional IT
Businesses investing in higher-value data services
FSI leads the way with next-gen technology adoption
All Sources: IDC, 2016 9
#RSAC
Fintech Outlook
Highlights Thailand Transaction Value in the "FinTech" market amounts to USD 6,465M in 2016.
Transaction Value is expected to show an annual CAGR between 2016-2020 of 20% totalling USD 13,402M by 2020.
The market's largest segment is the segment "Digital Payments" with a total transaction value of USD 6,441M in 2016.
From a global comparison perspective it is shown that the highest transaction value is reached in the United States (USD 769,323M in 2016).
10
#RSAC
E-Commerce Outlook
Central Group Acquires zalora.co.th
Rakuten pulls out of SE Asia
DHL to Double Depot Capacity
Military Coup
Apparel set to lead the way
Graph Data Source: Statista 11
#RSAC
Medical Tourism Insights
Affordable Top Class Procedures & Aftercare
Attractive for Overseas Travellers
Brochureware Available Online along with Appointment Scheduling
Easy target for Data Theft and application attacks.
12
#RSAC
Opportunities & Challenges
Cyber Vulnerability
Political Landscape
User Experience & Confidence
Cloud Adoption
13
#RSAC
Cyber Vulnerability
“Cyber Five” 9x more vulnerable to cyberattack than other Asian economies.
Thailand is World’s #2 target for Cybercrime*
Thailand’s increasing reliance on Internet will invite incremental vulnerabilities.
*Source: Allianz Global Corporate and Speciality SE (AGCS).
“Cyber Five”
Source: Deloitte c2016
14
#RSAC
… Opportunities & Challenges …
Political Landscape
User Experience & Confidence
Cloud Adoption
15
#RSAC
Market Insights … from the Field
Localisation, Localisation, Localisation
Gradual shift from DIY Approach
Content is King, Application is Queen …
User Experience is Everything
16