By Chatuporn Wanichsooksombat, Director of Process Automation Business, ABB Thailand
Cyberattacks are no longer rare disruptions - they're a persistent threat. Once limited to ransomware and phishing scams, today's attacks increasingly target critical infrastructure, with the energy sector among the hardest hit. A Sophos study[1] found that 62% of critical infrastructure, including energy companies, experienced ransomware attacks, compared to 49% across other sectors, such as manufacturing, IT and construction.
But why is the energy a prime target, and how can companies respond appropriately?
The sector's rapid digitalization depends on the integration of operational technology (OT), industrial systems that run power plants, and information technology (IT) for data processing and business applications. However, many of Thailand's critical systems were not built with modern cyber threats in mind. As digital transformation accelerates, cyber security must evolve in parallel to safeguard operations and build resilience.
How the new regulation impacts the organizations Recognizing the increasing risk of cyberattacks, the Thai government has taken several decisive steps, starting with the enactment of Cyber Security Act B.E. 2562 (2019) to safeguard national security and protect Critical Information Infrastructure Organization (CIIO) across various sectors, including energy. Two related but distinct bodies were established: National Cyber Security Committee (NCSC) and National Cyber Security Agency (NCSA) - the two bodies that provide policy direction and execute the enforcement.
Effective January 2025, NCSC issued two critical notifications under this Cyber. First, Notification on Standards for Determination of the Security Category for Data/ Information System that requires organizations to classify their data and information systems based on the potential impact of a cybersecurity incident on three factors: confidentiality, integrity, and availability. Second, Notification on Minimum Standards for Data/ Information System Security that sets the minimum cybersecurity controls that organizations must implement, depending on the risk level of the system.
To meet the two 2025 NCSC notifications, CIIOs must classify all IT and OT systems by risk, apply appropriate cybersecurity measures, assign responsible staff, enable rapid incident reporting, and maintain clear documentation for audits.
Paving the way forward with cyber security solutions
Understanding how this regulation impacts the energy industry, a reliable and well-structured approach to cyber security is essential for companies operating in today's threat landscape. It begins with a comprehensive risk assessment, the first line of defense, evaluating industrial control system (ICS) networks, identifying vulnerabilities, and prioritizing mitigation strategies.
Through such assessments, companies can reduce cyber risk by prioritizing real-time threat detection through situational awareness tools and adopt a layered defence strategy. This includes network segmentation, strict firewalls, and physical safeguards. Regular assessments are essential to ensure security efforts align with critical assets and deliver maximum impact. As IT and OT systems converge, "secure integration" becomes essential, particularly in the energy sector, where safety and reliability are paramount.
Building on this foundation, organizations should develop a strong cyber security defence architecture blueprint that defines strategy, trust zones and alignment with regulations, guiding the deployment of policies, controls and procedures to maintain data confidentiality, integrity and availability.
To further enhance resilience, companies should invest in integrated IT-OT specific threat intelligence that is credible and cost-effective, thus providing context-sensitive alerts and early warning. AI and cross training between the IT and OT teams will also improve the overall ecosystem of incident response.
In the energy sector, where operations are complex and highly distributed, advanced monitoring is critical. Security information and event management (SIEM) tools deliver greater visibility and faster detection than traditional safeguards, enabling swift response to evolving threats.
Industry leaders like ABB offer tailored cyber security solutions that integrate advanced monitoring, analytics and incident response, helping companies minimize disruption and ensure operational integrity. These solutions enhance threat detection, streamline incident resolution and support long-term resilience and operational excellence.
Building a secure and sustainable energy future for Thailand
As Thailand progresses along its digital transformation journey and aims to increase the share of renewable energy in its electricity mix, ensuring cyber security is no longer optional - it's a national imperative. Protecting critical infrastructure means more than defending against attacks; it's about preserving data integrity, operational reliability and public trust.
By taking a proactive stance and investing in resilient systems, Thailand can safeguard its energy future and unlock the full potential of its digital economy. Being proactive is key, and for a company like ABB, we believe that cyber security goes beyond protecting against cyberattacks; it is equally important to safeguard the value and integrity of the data itself.
By leveraging advanced monitoring, automation, and threat detection technologies, the energy sector in Thailand can not only defend against cyber risk, but also unlock new levels of efficiency and innovation.
[1] https://news.sophos.com/en-us/2024/07/17/the-state-of-ransomware-in-critical-infrastructure-2024/