Cybergovernance in Cambodia: A Risk-Based Approach to Cybersecurity

To understand cyber risk in Cambodia and equip policy leaders to oversee it, this paper assesses the successes and challenges of current cyber risk management efforts in Cambodia and throughout the Association of Southeast Asian Nations (ASEAN) region. The findings suggest that there is a large gap between the rapid implementation of new technologies in Cambodia and the capacity to govern consequent cyber threats. Further, current efforts in Cambodia lag behind those in other ASEAN member states, and there have been multiple cyberattacks in the past five years. Policy action must be taken to protect the people and critical information infrastructure of Cambodia. An effective cybergovernance framework requires four key elements: transparent governance systems, adequate human and technical resources, regional collaboration, and clearly defined metrics. Transparent government systems provide means for subject matter experts to help develop and express their views on cybersecurity policy as well as promote a democratic process whereby citizens can share their input freely. It is the government’s obligation to use cyber policy to protect its people from cyberattacks while also keeping civil liberties intact. The protection of Cambodia’s critical information infrastructure cannot be left to one person or organisation alone as any cyberattack directly threatens Cambodia’s vision for becoming a fully developed country by 2050, an ambitious goal Prime Minister Hun Sen has emboldened the country’s policymakers, business leaders, academics and citizens to achieve. Thus, strengthening collaboration and developing cyber capacity across the ASEAN region are necessary to develop baseline skills and knowledge to implement cyber systems and processes. Currently, Cambodia does not have enough resources to tackle cybersecurity alone. Cambodia must not only train internal resources but also engage in collaborative efforts with other ASEAN member states and use regional and international frameworks, including ISO27001, the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which have already been proved effective at enhancing, strengthening and improving cybersecurity framework.