THE MINISTRY OF INFORMATION AND COMMUNICATIONS | | THE SOCIALIST REPUBLIC OF VIETNAM Independence - Freedom - Happiness |
No. 20/2017/TT-BTTTT | | Hanoi, September 12, 2017 |
CIRCULAR
Prescribing the coordination in response to cyber security incidents nationwide[1]
Pursuant to the November 19, 2015 Law on Cyberinformation Security;
Pursuant to the Government’s Decree No. 85/2016/ND-CP of July 1, 2016, on assurance of information system safety at all levels;
Pursuant to the Government’s Decree No. 17/2017/ND-CP of February 17, 2017, defining the functions, tasks, powers and organizational structure of the Ministry of Information and Communications;
Pursuant to the Prime Minister’s Decision No. 05/2017/QD-TTg of March 16, 2017, prescribing the national system of plans on emergency response to ensure cyber security;
At the proposal of the Director of the Vietnam Computer Emergency Response Center;
The Minister of Information and Communications promulgates the Circular prescribing the coordination in response to cyber security incidents nationwide.
Chapter I
GENERAL PROVISIONS
Article 1. Scope and subjects of application
1. This Circular prescribes activities of coordination in response to cyber security incidents nationwide (excluding activities of coordination in response to serious cyber security incidents prescribed in the Prime Minister’s Decision No. 05/2017/QD-TTg of March 16, 2017, prescribing the national system of emergency response plans to ensure cyber security (below referred to as Decision No. 05/2017/QD-TTg)).
Incidents in the information systems managed by the Ministry of National Defense and Ministry of Public Security are not subject to this Circular.
2. This Circular applies to agencies, organizations and individuals involved in activities of coordination in response to cyber security incidents.
Article 2. Interpretation of terms
1. Cyber security incident means an attack against or a harm caused to information or an information system, thus affecting its integrity, confidentiality or usability (below referred to as incident).
2. Response to cyber security incident means activities aimed to deal with and remedy an incident causing cyber insecurity, including monitoring, collecting and analyzing signs of, detecting, making warnings about, investigating, verifying and stopping the incident, recovering data and restoring normal operation of the information system.
3. Incident response focal point means a section or an individual designated by a member of the national network of response to cyber security incidents to represent such member in contacting and exchanging information with the national coordinating agency for responding to incidents or with other members in incident response coordination activities.
Article 3. Assignment of powers to organize response to cyber security incidents nationwide
Powers to organize response to cyber security incidents nationwide are assigned to the agencies, organizations and units responsible for responding to cyber security incidents nationwide defined in Decision No. 05/2017/QD-TTg. Agencies and organizations taking part in the incident response coordination nationwide include:
1. The Ministry of Information and Communications, which shall act as the Standing Agency for Cyber Security Emergency Response nationwide (below referred to as the Standing Agency) and the National Coordinating Committee for Cyber Security Emergency Response (below referred to as the National Response Coordinating Committee); and the Vietnam Computer Emergency Response Center (VNCERT), which shall act as the National Incident Response Coordinating Agency (below referred to as the National Coordinating Agency).
2. The steering committees for emergency response to cyber security incidents of the ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees (below referred to as ministerial- or provincial-level incident response steering committees).
3. Specialized units in charge of response to cyber security incidents (below referred to as specialized incident response units); incident response units or incident response sections of the ministries, ministerial-level agencies, government-attached agencies and provincial-level People’s Committees (below referred to as incident response teams).
4. The National Cyber Security Incident Response Network (below referred to as the Incident Response Network) and its executive board.
5. Information system owners; units operating information systems; specialized agencies, organizations and units designated or summoned by the Standing Agency, National Coordinating Agency or ministerial- or provincial-level incident response steering committees to take part in incident response.
Click download to see the full text