The Government has recently required the intensification of response to cyberinformation security threats so as to build digital trust and protect the country’s prosperous development in the digital era, thus contributing to successfully completing the national digital transformation.
Under Directive 18 dated October 13, the Prime Minister requests ministers, heads of ministerial-level agencies, chairpersons of the People’s Committees of provinces and centrally-run cities, presidents and general directors of corporations, state corporations or economic groups, and enterprises that are members, or have affiliated units being members, of the National Cyber Information Security Incident Response Network, to employ active approaches in responding to cyberinformation security threats.
Specifically, they will be obliged to proactively identify threats and scan for vulnerabilities in their managing information systems at least once every six months; issue emergency response plans and scenarios for their information systems before the end of this year, and promptly update changes to these systems; and organize combat drills at least once a year for these systems at level 3 or higher levels in order to promptly assess the capability to prevent intrusion and detect weaknesses in system processes, technology or personnel.
Upon detecting security risks or threats that might lead to cyber attacks or unauthorized control of the system, they have to simultaneously handle risks and respond to threats.
Until the end of the year, incident response teams will be organized and consolidated in a professional and flexible manner, with at least five experts specialized in cyberinformation security, including outsourced experts, who have standard information security skills.
The agencies are also required to announce their contact information including telephone numbers, email addresses or other modes of communication for receipt of cyberinformation security incident reports on their web portals before the end of October.
The Ministry of Information and Communications will be responsible for providing guidance on organization of regular activities of incident response teams and combat drills for cyberinformation security staffs in agencies, organizations and enterprises; and using results of such drills as criteria for annual assessment of maturity and profession of such teams.
Enterprises providing telecommunications and Internet services are required to warn their customers about the risk of wide-range cyberinformation security incidents or upon detecting such risk that may affect customers, and guide them in reporting cyberinformation security incidents upon their occurrence.- (VLLF)