Meet GI's Cybersecurity Champion: H.E. Sam Sethserey, Director General of the General Department of the ICT Department, Ministry of Post and Telecommunications (MPTC), Cambodia

This interview is part of GovInsider's inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.

Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does. 

I am the Director General of the General Department of ICT (GDICT) under the

Ministry of Post and Telecommunications (MPTC) of Cambodia. MPTC oversees and regulate the country’s Post, Telecom and ICT sector; and support the government in digital transformation.

GDICT is mandated to governance and regulate the ICT sector and promote digital startups, and participate in the implementation of cybersecurity protection for MPTC.

Moreover, GDICT manages CamCERT which acts as a government lead in implementing ICT security strategy and a contact point for handling Cybersecurity incident reported in Cambodia.

GDICT has expanded its capabilities to aligned with “Cambodia Digital Economy and Society Policy Framework 2021 – 2035”, which handles Cybersecurity implementation, Cybersecurity Awareness Campaign, Cybersecurity Protection, Law and Regulation and Policy Frameworks.    

What kind of cyber threats does your organisation face on a regular basis? 

I think every ministries and organizations should be asking themselves this question regularly because as we can see cyber threats are no longer rare events, they are happening every day.

One of the most common attacks is DDoS (Distributed Denial of Service) Attacks which is an attack technique used by attackers to overwhelm online services and take them offline.

In addition, we can see the rise of AI which could enhance phishing attack to trick users to input sensitive information. Another concern is the illegal use of satellite internet services, which serve illegal activities such as online gambling and online scams.   

In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally? 

There are many threats and challenges in the public sector cybersecurity scene globally.

One of the biggest threats is supply chain attacks because most public sectors rely on third-party software and services, so if a vendor is compromised (e.g., SolarWinds attack), attackers could compromise the entire ICT infrastructure or gain access to critical systems.

To subscribe to the GovInsider bulletin, click here. 

Another cyber threat, spear phishing or Business Email Compromise (BEC), is an effective technique used to aim for a specific target within the public sector and with the help of AI makes it very easy to fall into a victim of this kind of attack.

The last one is geopolitical cyberwarfare and disinformation which is used by most nation state adversaries aiming to disrupt, cause chaos, steal secrets, or erode public trust of one’s country. For example, we are seeing more operations where attackers breach a system, then leak or manipulate information for political or social influence. 

Globally, the public sector is a high-value target due to the sensitive data, critical infrastructure, and broad digital services it manages.

Some key challenges in cybersecurity protection for public sectors include the requirement of significant investment for implementing cybersecurity protection and monitoring, limited user awareness, and inconsistent security standards and information sharing across agencies.  

What are some of the biggest cybersecurity challenges faced by Cambodia? 

Cambodia is currently facing key cybersecurity challenges, notably a shortage of skilled professionals, limited funding and resources, and limited public awareness. We anticipate that the forthcoming Cybersecurity Law will help address these issues. 

Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view? 

We are seeing more and more of AI-driven cyberwarfare. It is a double-edged sword. The scale, speed, and sophistication of both attacks and defenses are being transformed. AI can be used as a weapon and a shield in cybersecurity.  

From the perspective of attackers, AI has helped them tremendously in launching a sophisticated phishing campaign that can generate convincing phishing emails, texts, or even voice deepfakes that are hyper-personalised using data scraped from social media.

Moreover, AI tools can help attackers to perform automated reconnaissance by scanning and profiling a company’s entire attack surface in minutes (something that used to take humans hours or days). More dangerously, AI tools enable even small attacker groups to access advanced capabilities that used to be reserved for nation state adversaries.  

On the other hand, I believe Cybersecurity professionals are also levering AI as a powerful defense tool.​ One important area is the ability to detect threats and monitor anomalies faster and more accurately to identify a potential breach.

For example, in sectors like banking, AI systems are catching abnormal transactions/potential fraud much faster than humans can. At the same time, cybersecurity professionals can design an automated incident response where AI can isolate infected devices, shut down suspicious processes, and notify the right people instantly.

It is also important to mention that AI can identify vulnerabilities in code and help organisations to prioritise what systems are more at risk and which threats are the most likely to be exploited. 

The rise of AI-driven cyberwarfare is not speculative; it is already unfolding in practice.

Thus, we should be proactive, act urgently and collaboratively to share knowledge and best practices across the region and globally, and to develop regional or international norms and agreements on AI use in cyber operations, including “red lines.”  

Cybersecurity is often described as a team sport whereby a network's vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?

A team sport in Cybersecurity is very important because let’s face it, no organization, ministry, agency, or business could operate by themselves.

Governments, private companies, infrastructure providers, and even individuals are interconnected, often through shared systems, data, and supply chains. A vulnerability in one sector (e.g. healthcare or energy) can ripple across the entire country, so if one entity does not train, get ready, or does not show up to the game, everyone loses.

We must ensure we can work as a group to come up with a way to share threat intelligence across agencies, find unified response strategies, create common frameworks and standards, have interagency training and exercises.

As cyber threats, such as ransomware, espionage, critical infrastructure attacks, do not respect borders or bureaucracies, it needs everyone’s efforts and involvement.

Ranging from private sector (often owns the critical infrastructure), academia and research (innovation, talent development), media (public awareness) to citizens (cyber hygiene and reporting), everyone has a role and responsibility and the more integrated the effort, the stronger the posture.  

An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?

The idea of Plan B in Cybersecurity is crucial.

The assumption that a breach is inevitable; not if but when, has become a foundational mindset for modern cyber strategy. One important thing is to have a resilience strategy in place because it is not just about reacting to a breach, but it is about resilience, recovery, and continuity.

It’s a part of the strategy that answers: "When the attackers get in, how do we limit damage, respond fast, and keep critical systems alive?". In Cambodia, we have a lot of cross border cyber security collaborations; especially, “JICA project Cyber Resilience Project by JICA, Japan”.

Having a strong plan B means we are well prepared by having critical plans in place such as Incident Response Plan (IRP), Business Continuity & Disaster Recovery (BC/DR), Threat Intelligence and Detection, Communication Plan. 

Having firewalls, encryption, and strong access controls are important, but just like buildings still have fire exits and evacuation plans despite sprinkler systems, cyber defenses need contingency thinking.

Plan B is not failure - it's preparedness. So having a robust, realistic Plan B is not optional, it's essential and it is a strategic asset. 

If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?

Having layered security architecture such as Zero Trust model and segmentation & micro-segmentation; plus, top-notch security technologies like AI-driven Extended Detection & Response (XDR) platforms that correlate data across endpoints, networks, clouds, and applications is very important.

Moreover, having a strong red team to constantly simulate attacks to find gaps and improve security posture and threat hunting team to actively search for advanced persistent threats.

Lastly, I would spend the budget on hiring elite cybersecurity experts, threat hunters, red teamers, and blue teamers and provide continuous advanced training in threat intelligence, incident response, and offensive tactics.  

The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?

The global shortage of qualified cybersecurity professionals is a serious issue.

According to the 2024 ISC2 Cybersecurity Workforce Study, the demand for cybersecurity professionals has surged, resulting in a workforce gap of about 4.8 million unfilled positions. I think one thing we can do about it is to incentivise cybersecurity careers.

Following “Cambodia's pentagonal strategy and Digital Economy and Society Policy Framework 2021-2035”, Cybersecurity contains 2 Sub-Tracks, covering 5 occupations in Cambodia digital skill development roadmap 2024-2035. This shows the need for cybersecurity in the future, though it can attract more people into the field.

Moreover, the government should encourage students to study cybersecurity/digital skills by providing scholarships and student loans. Second is to continue to expand education and training. Case in point, MPTC will launch Cambodia National Cybersecurity Competition event in May to find the winners and equip them with training and get them ready for ASEAN Round & ASEAN Cyber SEA Game in Thailand.

Cambodia has 2 universities that provide degree related to Cybersecurity such as American University of Phnom Penh (Cyber Security BSc & Master of Laws in Cybersecurity) and De Montfort University Cambodia (Cyber Security BSc).

In conclusion, we cannot forget about global collaboration and public-private partnerships.

It is essential to have a platform cybersecurity knowledge sharing platform among governments, academia, and private companies to collaborate and share best practices (e.g., ISC2 Cambodia Chapter).

In addition to international training programs, countries can establish exchange programs to train cybersecurity professionals across borders (e.g., ASEAN-Japan Cybersecurity Capacity Building Centre - AJCCBC).