Cambodia, a new emerging market among lower middle-income economies in the region, has enjoyed its growing middle class of young active populations who are quite inceptive to new trends of culture and technology, in particular, the use of cyberspace in this digital era. The government, acquainted of the situation, has put forth in its Industrial Development Policy 2015-2025, with emphasis on ICT as a driving factor towards the realization of its shift from agricultural to industrial based economy (World Bank Group & Konrad Adenauer Stifstung, 2018).
To ensure the safety of the use of ICT in reaching its goals, the government has laid out the framework for the nation to defend against cyber-crimes.
Currently, the Ministry of Posts and Telecommunications (MPTC) is the leading institution on the nations cybersecurity. The Ministry of Interior (MOI) works on cybercrime; whereas the Ministry of Foreign Affairs and International Cooperation (MFAIC) performs cyber diplomacy and matters related to cybersecurity at the ASEAN Regional Forum (ARF). Under the Ministry of Posts and Telecommunications, there is the Information and Communications Technology (ICT) Security Department that houses Cambodias Computer Emergency Response Team (CamCERT) (Australian Strategic Policy Institute, 2017) whose missions include awareness and outreach, quality assurance and digital forensics, standard and risk, and digital authentication (public key infrastructures).
One of the roles of CamCERT is the incident report, where public and private individuals can report any security breach that they have encountered and in turn, they will receive technical assistance from CamCERT to help them mitigate the issues. Incident coordination, security advisory and tips and alerts are also services that CamCERT offered and they should not be taken for granted (Cambodia Computer Emergency Response Team, 2017). On the flip side, CamCERT is still not part of APCERT groups unlike Laos, Myanmar and Vietnam.
As of today, Cambodia has not passed the cybercrime law yet. There are the Penal Code that went into force on December 2010 and the 2015 Telecommunications Law that contain provisions in handling cybercrimes. A Sub Decree on Digital Signature approved in December 2017 will become one more component to improve the security in the cyber world. The government has also laid out the framework for the enhancement of cybersecurity, namely the ICT Masterplan 2020, where the government introduces measures and initiatives to further improve its cybersecurity capacity (KOICA, 2014). In addition to this Masterplan, the Telecom-ICT Development Policy 2020, which was adopted in April 2016, is another instrument to boost cybersecurity initiatives in Cambodia.
To boost its capacity, Cambodia implemented several activities, including Cambodia Cyber Angkor, which is the code name for cyber exercise for government CIOs across all government ministries and related parties; Cambodia Cyber Challenge (CCC) which targeted for young talents, mostly university students, to show their cyber capability locally and regionally through Singapore Cyber Conquest and ASEAN Cyber Sea Game and the Stay Safe Online Cambodia awareness campaign. In addition to the above mentions, Cambodia also took part at ASEAN-JAPAN Cybersecurity Capacity Building Center as well as ASEAN Cyber Capacity Program (ACCP) from Singapore. Cambodia participated regularly in ASEAN Cyber Drill (ACID) and ASEAN-JAPAN Cyber Exercise. The nation also improves its incident response framework through the establishment of CSIRT-Network that provides trainings for its officials and private sectors (Ou, 2018).
Cambodia has made progress in developing their cybersecurity. However, the nation still has multiple challenges that it needs to address in order to further bolster its cyber-security system. As laid out in the ICT Masterplan 2020, to further develop the nations cybersecurity, Cambodia needs to address its limitations, including outdated cyber security infrastructure; absence of laws and regulations as well as policies, standards and norms; and the need to raise public awareness on the subject matter. According to the Director of ICT department, MPTC, Mr. Ou Phannarith, one thing that is common for most developing countries is the priority on the budget allocation. Physical infrastructure is still the critical sector that the government needs to heavily focus on and it also answers to the demand of the people. Talking about the budget, it is by far the most challenging problem that keeps limiting the capacity and capability of the nation to develop a strong cyber-security infrastructure. Human resource in the area of cyber-security is something that not only Cambodia is lacking, but most ASEAN members are striking to deal with (Ou, 2018).