On November 19, 2015, the tenth session of the 13th National Assembly approved the Law on Cyberinformation Security project with 424/425 votes in favor.
This is a completely new draft, unprecedented in Vietnam, having undergone more than 4 years of formulation, completion and many rounds of discussion and comments. The law addresses many new, "hot" issues in the field of Information Security today, concretizing many issues that are causing public concern such as spam; illegally collecting and distributing personal information, etc.
Specifically, 6 groups of acts strictly prohibited are specified in Article 7 of the Law on Cyberinformation Security of Vietnam, including:
1. Blocking the transmission of information in cyberspace, or illegally intervening, accessing, harming, deleting, altering, copying or falsifying information in cyberspace.
2. Illegally affecting or obstructing the normal operation of information systems or the users’ accessibility to information systems.
3. Illegally attacking, or nullifying cyberinformation security protection measures of, information systems; attacking, seizing the right to control, or sabotaging, information systems.
4. Spreading spams or malware or establishing fake and deceitful information systems.
5. Illegally collecting, utilizing, spreading or trading in personal information of others; abusing weaknesses of information systems to collect or exploit personal information.
6. Hacking cryptographic secrets and lawfully enciphered information of agencies, organizations or individuals; disclosing information on civil cryptographic products or information on clients that lawfully use civil cryptographic products; using or trading in civil cryptographic products of unclear origin.
The representative of the Information Security Department, the unit directly developing the draft Law, emphasized that these regulations come entirely from reality. For example, recently, many websites of state agencies and many businesses have been attacked and vandalized, causing billions of dong in damage. For example, on October 13, 2014, the data center of VCCorp, a large online service provider in Vietnam, had a problem. This incident affected hundreds of Vietnamese electronic information sites, including a number of e-commerce systems and several large electronic newspapers with millions of people using their services. Hackers do not exclude any country, organization or individual. Even the United States, one of the most developed countries in the world in terms of IT, also has many problems with them.
Another phenomenon that also causes great frustration in society is the situation where mobile phone numbers and personal information of users are being sold as "vegetables" on many websites. By spending just 200,000 VND, bad guys can own a database of personal information of thousands of people. Partly because users' personal information and phone numbers are "exposed" so much, therefore, the situation of spam messages and advertising messages bombarding mobile subscribers is also rampant without a thorough solution to stop them.
According to analysis by experts, online information has now become a valuable asset for each individual, organization and even the entire country. There are many individuals and organizations whose online assets are much greater than their tangible assets. Administrative reform, e-government, e-commerce and a series of major national programs will not be possible if information security is not guaranteed. An individual will also suffer losses if personal information is stolen, falsified or technology application programs crash, etc.
In that context, each individual and organization with "soft assets" first needs to take responsibility, be more fully aware and take appropriate protection measures for this type of asset. Thus, Article 4 of the Law on Cyberinformation Security of Vietnam stipulates principles of ensuring cyberinformation security, of which the 2 most fundamental ones are: (1) All organizations and individuals shall ensure cyberinformation security and (2) Organizations and individuals may not infringe upon cyberinformation security of others.
Focus on technical factors
The representative of the Department of Information Security emphasized that the Cyber Information Security Law is similar to the Road Traffic Law or Food Safety Law, that is, focusing only on technical issues to ensure the information transmission process is intact, without modification, disclosure, or interruption. The law does not regulate issues related to information content, because they have been and are being regulated by other legal documents such as the Press Law.
"This is the same as in traffic safety, only focusing on technical issues such as vehicles participating in traffic must have brakes, driving at night must have lights on, have appropriate emission standards, do not drive vehicles that are overloaded, oversized, etc.," he compared.
The viewpoint of the Law on Cyberinformation Security of Vietnam is that in order to effectively protect, it is necessary to first classify and determine the level according to the importance of information and information systems. Second, if we cannot fight against illegal hackers ourselves, we can hire services provided by third-party businesses and organizations. And third, in many cases, the "soft assets" of one individual or organization are being stored in the system of another individual or organization. For example, articles on Dan Tri electronic newspaper are being stored in the data center of VCCorp company; Millions of users' personal information are being stored at telecommunications businesses. When an organization stores the "soft assets" of one or more other organizations or individuals, this organization must have some minimum legal responsibility in applying measures to ensure the safety of these “soft assets”.
According to the current hierarchy (from 1 to 5), Level 1 is the lightest level, which when vandalized will harm the legitimate rights and interests of organizations and individuals but will not harm public interests, social order, safety, national defense or security; Level 5 is the most severe level, and when sabotaged, it will seriously damage national defense and security.
According to the Law on Cyberinformation Security of Vietnam, the Government will regulate in detail the criteria, authority, order and procedures for determining the level of information system security and responsibility for ensuring information system security at each level, from which corresponding protection measures will be taken.
Source: Vietnamnet.vn
- Key word:
- Law on Cyberinformation Security