Directive 14/CT-TTg on network security to improve Vietnam's ranking index

DIRECTIVE
ON ENHANCING NETWORK SECURITY
TO IMPROVE VIETNAM'S RANKING INDEX
-------------

Recently, the legal framework for safety and network security in Vietnam has been gradually improved. However, the guidance on the implementation of laws on network safety and security, personal information protection, child protection on cyberspace as well as the handling of violations remain inadequate. The construction and issuance of standards and technical regulations in the field of network information security have not met practical needs. Activities to improve capacity, awareness and responsibility for network safety and security are still limited. The cooperation between domestic and foreign agencies, organizations and enterprises to ensure network safety and security remains weak. The supervision, evaluation and protection of information systems in State agencies and organizations lack professionalism. In 2018 and the early days of 2019, there were some intentional cyber-attacks to steal state secret information, causing serious consequences. Therefore, Vietnam’s ranking in the Global Cyber security Index (hereinafter referred to as GCI) of the International Telecommunication Union (hereinafter referred to as ITU) remains low. According to the unofficial ranking in March 2019 (for the period of 2017-2018), Vietnam ranked 50 over 194 assessed countries and territories and 5 over 11 Southeast Asia countries.

In the coming time, state agencies, organizations and enterprises should implement overall solutions to ensure network security and safety to overcome the above-mentioned shortcomings and limitations, contributing to improving Vietnam's ranking in GCI. Given that context, the Prime Minister issues instructions as follows:

1. Ministries, ministerial-level agencies, Government-attached agencies, People's Committees of provinces and municipalities, State-owned corporations and commercial banks, Vietnam Development Banks, Vietnam Bank for Social Policies, Co-operative Bank of Vietnam and other State credit and financial institutions shall implement some following solutions:

a) Ministers, heads of ministerial-level and government-attached agencies, presidents of People's Committees of provinces and municipalities, presidents and general directors of State-owned corporations and commercial banks, Vietnam Development Banks, Vietnam Bank for Social Policies, Co-operative Bank of Vietnam and other State credit and financial institutions shall thoroughly grasp the principle of taking accountability to the Prime Minister for the loss of network safety and security happening or the leakage of State secrets in agencies and units under their management;

b) The bodies shall designate and arrange the specialized units on network information security to well perform the tasks of giving advices, conducting the organization, monitoring and inspecting the implementation of law provisions on ensuring network safety and security. The bodies also shall closely coordinate with the units in charge of network safety and security under the Ministry of Information and Communications, the Ministry of Public Security and the Ministry of Defense in monitoring, sharing information, inspecting and evaluating network security;

c) For the supervision and rescue of network information security incidents and the protection of information systems under their management: The bodies shall self-monitor and self-rescue the network information security incidents and self-protect the information systems under their management or select organizations and enterprises with sufficient capacity to conduct the work; report the information of units assigned to supervise and respond to network information security incidents to Ministry of Information and Communications for summarizing before December 31, 2019 and when having changes on information of the units; connecting and sharing information with the National Cyber Security Monitoring Center of the Information Security Department under the Ministry of Information and Communications;

d) For the inspection and assessment of network information security of the information systems under their management: The bodies shall select organizations and enterprises that are independent from organizations and enterprises in charge of supervising and protecting to periodically inspect and evaluate network information security of level 3 or higher-level information systems under their management or unexpectedly inspect and evaluate at request according to law provisions;

Click download to see the full text