Thailand’s cabinet approved the creation of a National Cyber Defense Command on 8 May 2025, giving the armed forces a single headquarters to shield military networks after a 42 % jump in hostile intrusions since January. Prime Minister Paetongtarn Shinawatra signed the order in Bangkok, placing the new unit under the defence ministry with an initial budget of 3.6 billion baht (US $98 million) and a staff of 450 drawn from the army, navy and air force.
Why the military moved now
Defence officials began drafting the command structure late last year when sensors run by the National Cyber Security Agency (NCSA) logged 3,800 “high-grade” attacks against government IP addresses in December alone, triple the monthly average for 2023. Most probes originated from IP ranges traced to Eastern Europe and Southeast Asia, according to NCSA telemetry shared with reporters on 7 May. “The volume crossed a threshold,” said Defence Minister Phumtham Wechayachai after the cabinet vote. “We can no longer rely on scattered IT cells inside each service.”
The new headquarters will sit beside existing cyber crime police and civilian agencies, but its legal charter limits it to defending .mil domains and classified intranets. Offensive digital operations remain the preserve of the armed forces’ Royal Thai Signals Department, a distinction officials say keeps the command compliant with the constitution’s ban on military action against civilians.
Structure and first-year tasks
A three-star general will lead the command, reporting directly to the defence minister rather than the chiefs of staff. Three directorates, Threat Intelligence, Network Security and Digital Resilience, will rotate round-the-clock watches from a joint operations floor built inside the army’s Chaeng Watthana compound. The air force will supply the first commander, Air Chief Marshal Panpakdee Pattarakul, who previously headed the service’s cyber warfare wing.
The 2025-26 work plan prioritises patching legacy logistics software that still runs on Windows XP and isolating weapons-control LANs from administrative email. “Our first audit found firewalls older than the junior officers managing them,” ACM Panpakdee told state broadcaster Thai PBS. The command will also stand up a red-team squad of 40 ethical hackers to probe frontline units, starting with the 15-day “Cyber Krait” exercise scheduled for October.
Industry and international links
Bangkok has quietly sought foreign help. U.S. Cyber Command sent a liaison officer in February, while Israel’s Rafael Advanced Defense Systems signed a memorandum on 3 May to supply endpoint-detection tools and train 60 Thai analysts in Tel Aviv this summer. Domestic firms are lobbying for a slice of the budget. Advanced Info Service (AIS), the kingdom’s largest mobile operator, has offered dark-web monitoring feeds; defence officials say contracts will be awarded through fast-track tenders in July.
Academia is also being folded in. Chulalongkorn University’s Faculty of Engineering will host a new cyber defence research institute funded by a 200 million baht endowment from the defence ministry. Students who complete a one-year reserve-officer course can count their lab work toward military service, an incentive recruiters hope will ease the talent crunch.
Privacy concerns and opposition pushback
Civil-liberties groups warn the command’s surveillance reach could widen. The enabling decree allows it to “request” traffic logs from any domestic ISP when a threat is declared, a power presently limited to civilian regulators. Internet Law Reform Dialogue (iLaw), a Bangkok-based NGO, says the wording is vague enough to cover political dissent. “We fear mission creep,” said iLaw researcher Arthit Suriyawongkul. “Today it is .mil, tomorrow it could be .go.th or even .co.th.”
Prime Minister Paetongtarn dismissed the concern, noting that data requests must be approved by a civilian oversight board that includes the digital economy minister and the national human-rights commissioner. She also pointed to the separate Cybersecurity Act of 2019, which already lets the state order emergency data access during critical incidents. Still, opposition Move Forward Party lawmakers plan to question the command’s budget in parliamentary hearings next month, arguing the money would be better spent upgrading civilian hospitals and schools.
Regional context
Thailand follows Indonesia and Vietnam in standing up a unified military cyber command. Singapore’s Digital and Intelligence Service has operated since 2022, while Malaysia is debating a similar move. Analysts say the Mekong region is becoming a contested bandwidth as more manufacturing and logistics shift from China. “Whoever controls the routers controls the supply chain data,” said NCSA deputy director-general Chaiwut Thanakamanusorn. The agency’s latest threat report predicts ransomware aimed at ports and airports will double year-on-year, making a hardened military backbone a “strategic necessity.”
The command’s formal activation ceremony is set for 1 August, when the first class of 150 conscripts trained as network defenders will graduate. Until then, temporary task forces pulled from each service will continue 12-hour shifts watching colour-coded dashboards inside a guarded Bangkok data centre.
