The Prime Minister's request for enhancement of network information security assurance in Vietnam

The Prime Minister's request for enhancement of network information security assurance in Vietnam (Internet image) 

Regarding this matter, LawNet would like to answer as follows: 

On April 7, 2024, the Prime Minister of Vietnam issued Official Telegram 33/CD-TTg on enhancing network information security assurance.

The Prime Minister's request for enhancement of network information security assurance in Vietnam

Considering the increasing cyber attacks, especially the rise of ransomware in recent times, which may continue to develop complexly in the coming period, posing serious risks to socio-economic development; as well as addressing existing limitations and enhancing discipline and regulations in network information security assurance work, the Prime Minister requests the implementation of the following urgent tasks:

(1) Ministers, heads of ministerial-level agencies, government agencies, chairpersons of People's Committees of provinces and centrally-run cities, organizations, agencies, and enterprises shall:

- Continuously implement resolute and effective management and direction by the Prime Minister, focusing on the following key contents:

+ Directly manage and be responsible for network information security assurance work; bear legal responsibility and accountability before the Prime Minister if the information system within the management scope fails to ensure network information security, resulting in serious incidents.

+ Directly supervise and evaluate the situation of network information security assurance for information systems within the management scope according to the guidance of the Ministry of Information and Communications; submit the results to the Ministry of Information and Communications before April 30, 2024.

+ Strictly adhere to the deadlines for completing the approval of safety levels for 100% of the information systems within the management scope, and fully implement and deploy information security measures according to the approved safety level proposal as directed by the Prime Minister in Directive 09/CT-TTg on February 23, 2024.

+ Regularly utilize the information security support platforms provided by the Ministry of Information and Communications to enhance the effectiveness of management and law enforcement activities regarding network information security.

+ Incorporate information security aspects when formulating and implementing annual information technology application plans, 5-year plans, and information technology projects; ensure that the proportion of budget allocation for network information security products and services reaches a minimum of 10% of the total budget for implementing these plans and projects as directed by the Prime Minister in Directive 14/CT-TTg on June 7, 2019.

- In the event of a cyber attack incident, strictly adhere to the regulations and directives stated in Decision 05/2017/QD-TTg on March 16, 2017, Directive 18/CT-TTg on October 13, 2022, of the Prime Minister, and Circular 20/2017/TT-BTTTT on September 12, 2017, of the Ministry of Information and Communications, paying attention to the following key contents:

+ Promptly report the incident to the managing agency, the same-level specialized incident response unit, and the National Coordination Agency, as well as to the relevant agencies and enterprises responsible for network security management.

+ Comply with the incident response coordination of the National Coordination Agency and the related functional agencies in: collecting and analyzing information; handling and resolving the incident; verifying the cause and tracing the origin; making statements and releasing information...

+ Provide full information regarding the incident, damages, and relevant information to the National Coordination Agency, and summarize, analyze, evaluate, draw lessons, and report to the National Coordination Agency for compilation and dissemination.

- Quarterly, submit reports on the network information security situation of the information systems within the management scope to the Ministry of Information and Communications before the 20th of the last month of each quarter.

(2) Ministers, heads of ministries, and agencies: Transport, Industry and Trade, Natural Resources and Environment, Information and Communications, Health, Finance, Government Office, State Bank of Vietnam, People's Committees of Hanoi and Ho Chi Minh City, in addition to strictly implementing the directions of the Prime Minister mentioned in point (1), must focus on immediately directing the implementation of specific tasks as follows:

- Chair and coordinate with the Ministry of Information and Communications, Ministry of Public Security, and Ministry of National Defense to direct organizations and enterprises managing information systems and providing online services for citizens and enterprises (referred to as organizations, enterprises):

+ Conduct reviews, evaluations, and reports on information security assurance according to the guidance of the Ministry of Information and Communications and related ministries and sectors with responsibility for network security management.

+ Complete the approval of safety level proposals for 100% of the information systems by September 2024 and fully implement and deploy information security measures according to the approved safety level proposal by December 2024 (in synchronization with the deadlines stated in Directive 09/CT-TTg).

+ Conduct periodic inspections and evaluations of information security according to regulations (at least once every 2 years for level 1 and level 2 systems; once a year for level 3 and level 4 information systems; once every 6 months for level 5 information systems), detect and eliminate threats to the information systems of organizations and enterprises.

+ In the event of a network attack incident, follow the guidelines in point B of Official Telegram 33/CD-TTg.

- Coordinate with the Ministry of Information and Communications, relevant ministries, and departments responsible for managing network security to provide guidance, inspection, and examination of the safety and security of information for organizations and enterprises.

(3) The Minister of Information and Communications shall:

- Instruct ministries, departments, and localities to review and assess the situation of network information security for the information systems of state agencies, organizations, and enterprises before April 11, 2024; consolidate the results and report to the Prime Minister before April 30, 2024.

- Guide leading agencies in important sectors to prioritize the review, assessment, and reporting of the network information security situation for organizations and enterprises before April 20, 2024; consolidate the results and report to the Prime Minister before May 10, 2024.

- Lead and coordinate with the Ministry of Public Security, Ministry of National Defense, and relevant agencies to carry out monitoring, early detection, warning, and incident response for network information security. Consolidate the results of analysis, evaluation, and lessons learned from incident response activities; publish warnings and alerts through mass media to disseminate experiences; and help organizations and individuals recognize and proactively prevent and respond to similar incidents, enhancing awareness of network information security.

- Lead and coordinate with relevant ministries and agencies to conduct inspections and examinations of compliance with the laws and regulations on network information security within state agencies, organizations, and enterprises providing online services to citizens and businesses. Take strict measures against violations to prevent incidents of compromised network information security.

- Develop, operate, and provide guidance to ministries, departments, localities, organizations, and enterprises on the use of support platforms to manage and enforce laws on network information security.

- Direct media agencies, press, and coordinate with ministries, departments, and localities to strengthen the dissemination and promotion of laws on network information security, enhancing awareness of ensuring network information security.

- Report to the Prime Minister on a quarterly basis on the risks and threats to the information systems of ministries, departments, localities, organizations, and enterprises.

(4) The Ministry of Public Security and the Ministry of National Defense shall strengthen the assurance of network information security according to their assigned functions and tasks within their management scope; direct organizations and enterprises in charge of information systems providing online services to citizens and businesses within the scope of Decision 632/QD-TTg dated May 10, 2017 to implement similar tasks and solutions as stated in clause (2); cooperate with the Ministry of Information and Communications to conduct inspections, examinations, and handle violations of laws on network information security.

(5) Relevant ministries, departments, and localities shall proactively coordinate with the Ministry of Information and Communications, the Ministry of Public Security, and the Ministry of National Defense to direct organizations and enterprises providing online services to citizens and businesses within the scope of state management to enhance network information security, fully comply with the laws and regulations on network information security, especially the regulations on ensuring the safety of information systems according to levels.

(6) Delegate Deputy Prime Minister Tran Luu Quang to oversee this field; the Office of the Government and the Ministry of Information and Communications, according to their assigned functions and tasks, to monitor and urge the implementation of this Document; consolidate and report results to the Prime Minister.

Nguyen Ngoc Que Anh

>> CLICK HERE TO READ THIS ARTICLE IN VIETNAMESE