Draft regulations on ensuring national cybersecurity.

The Ministry of Public Security is drafting a Decree stipulating regulations on ensuring national cybersecurity.

Illustrative image

Cyberspace has become an indispensable part and plays a crucial role in building an information society and developing a knowledge-based economy, bringing immense benefits to humanity. Alongside these benefits, cyberspace also creates serious threats to national security, such as cyberattacks, cybercrime, cyberespionage, cyberintelligence, and cyber warfare. Globally, numerous large-scale cyberattacks have occurred, targeting military secrets, security, political, economic, and social information, as well as critical national infrastructure, causing immeasurable consequences. Examples include the "Panama Papers" scandal, the "Snowden" affair, the Bushehr nuclear power plant attack in Iran, and the attack on Ukraine's power grid.

For Vietnam, the risk of cyberattacks is a real and present threat to the country's national defense, security, economy, society, and foreign relations. In fact, there have been many organized cyberattacks on critical state information systems. Statistics show that from 2010 to the present, over 18,000 websites with the “.vn” domain, including over 1,000 websites with the “.gov.vn” domain belonging to Vietnamese state agencies, have been attacked. Many cases have been discovered where spyware has bypassed antivirus software, spreading and infecting the computers of officials working in key Party and State agencies.

Therefore, the Ministry of Public Security has drafted a Decree stipulating regulations on ensuring national cybersecurity.

According to the draft, the Ministry of Public Security will take the lead and coordinate with other ministries, ministerial-level agencies, government agencies, and People's Committees at all levels to organize and direct the dissemination of information and education to ensure national cybersecurity.

Education on national cybersecurity is a national education component. The Ministry of Education and Training is responsible for incorporating national cybersecurity education into the curriculum of schools and other educational institutions, in accordance with the subject area and educational level.

The agency in charge of information systems is responsible for reviewing and identifying information systems critical to national security within its scope of management as prescribed; preparing dossiers and proposing to the Ministry of Public Security and the Ministry of National Defense for assessment and inclusion in the list of information systems critical to national security.

Authorities will apply preventive measures, coercive measures, evidence gathering measures, and other measures as prescribed by the law on criminal procedure against legal entities and individuals who violate national cybersecurity. Simultaneously, operational and technical measures will also be employed.

The subjects to which measures for detecting, preventing, combating, and handling activities that violate national cybersecurity include: 1- Organizations and individuals engaging in activities that violate or threaten to violate national cybersecurity; 2- Organizations and individuals showing signs of engaging in activities that violate national cybersecurity; 3- Critical information systems related to national security.

The Ministry of Public Security is currently seeking feedback on this draft on the Ministry's electronic portal.

According to Infonet