Môi giới chuyên nghiệp
Đăng xuất
|
PRIME MINISTER
OF VIETNAM |
SOCIALIST
REPUBLIC OF VIETNAM |
|
No. 964/QD-TTg |
Hanoi, August 10, 2022 |
THE PRIME MINISTER
Pursuant to the Law on Government Organization dated June 19, 2015; the Law on amendment to the Law on Government Organization and the Law on Local Government Organization dated November 22, 2019;
Pursuant to the Law on Cybersecurity dated June 12 ,2018;
Pursuant to the Law on Cyberinformation Safety dated November 19, 2015;
Pursuant to Resolution No. 30-NQ/TW dated July 25, 2018 of the Politburo on National Strategy for Cybersecurity;
Pursuant to Resolution No. 22/NQ-CP dated October 18, 2019 of the Government on Action program for implementation of Resolution No. 30-NQ/TW dated July 25, 2018 of the Politburo on National Strategy for Cybersecurity;
At request of the Minister of Public Security and Minister of Information and Communications.
HEREBY DECIDES:
Article 1. Approve the Strategy for national cyber safety, security, active response to challenges from cyberspace until 2025 and vision to 2030 (hereinafter referred to as “Strategy”) as follows:
1. Ensure comprehensive leadership of the Communist Party, management of the Government in maintaining cyberinformation safety and cybersecurity (hereinafter referred to as “cyber safety and security”), actively responding to challenges from cyberspace. Develop professional, modern forces for maintaining cyber safety and security with sufficient high-quality personnel to meet practical demands.
2. Cyber safety and security is the focus of digital transformation, an important pillar in establishing digital trust and prosperous development in digital era. Cyber safety and security is a vital, recurrent, and long-term task which serves to initiate and maintain a safe, healthy, and credibility on the internet for agencies, organizations, enterprises, and the general public. Investing in cyber safety and security is to invest in sustainable development and value creation.
3. Promptly acknowledge, effectively utilize opportunities brought by cyberspace to implement socio-economic development, actively prevent and readily respond to negative effects, ensure national defense, sovereignty, national interests and security, social order and safety, and sustainability of national development process in the Fourth industrial revolution.
4. Utilize strength of the entire political organization and society, prematurely and remotely respond to risks, challenges, and activities that harm sovereignty, national interest and security on cyberspace, and national cyberinformation safety where state authorities coordinate, connect, and share information. Identify state resources as decisive, strategic, and long-term; participation of organizations, enterprises, and strength of the general public as important and ground-breaking. The Ministry of Public Security, Ministry of National Defense, Ministry of Information and Communications shall share cyberspace monitoring information to maintain cyber safety and security and protect national sovereignty on cyberspace.
5. Make essential transition regarding awareness and method of operation in order to actively, flexibly adapt and minimize risks threat to cyber safety and security (cyber resilience): Moving from decentralized protection model to centralized protection model; from passively responding to incidents to actively warning, predicting, preventing, and effectively responding; from unilaterally protecting, hiding information subject to cyber attack to actively cooperating, sharing information in order to prevent and remediate incidents, restore normal operation of information system.
6. Promoting expertise, studying, developing independence regarding Vietnamese technology, products, services pertaining to cyber safety and security are essential solutions for maintaining national cyber safety and security; developing market, enterprises, and competitiveness regarding cyber safety and security, turning Vietnam into a country high-capable of cyber safety and security.
7. Actively implement international integration in cyber safety and security on the basis of becoming a friend and a reliable and responsible partner in international community, respect national sovereignty of other countries on cyberspace, adhere to international laws and multilateral, bilateral agreements which Vietnam participates.
Become a nation independent in terms of cyber safety and security to protect Vietnam’s prosperity on cyberspace.
1. General objectives
National cyberspace is developed to achieve civilization and healthiness and is the drive for participation in the Fourth industrial revolution. National capability to ensure cyber safety and security is improved, actively and readily responds to risks and challenges from cyberspace in order to protect sovereignty, national interest, defense, security, social order and safety; protect national sovereignty on cyberspace, national digital transformation, legitimate rights and benefits of Vietnamese organizations and individuals on cyberspace.
2. Specific objectives for 2025
a) Maintain Global Cybersecurity Index (GCI) ranking of 25 to 30 according to evaluation of the International Telecommunication Union.
b) Develop People-level security formation on cyberspace that can coordinate, connect, share information, receive and process information that harms national cyberspace sent from ministries, central departments, local governments, telecommunication enterprises, internet service providers, digital service providers.
c) Establish cyber safety and security forces in ministries, central departments, state authorities, socio-political organizations, state-owned groups, state-owned corporations; establish at least one department acting as contact point responsible for cyber safety and security in each agency, organization, and state-owned enterprise. Encourage other enterprises to establish their own department responsible for cyber safety and security.
d) Ministries, ministerial agencies, Governmental agencies, People’s Committees of provinces and central-affiliated cities (hereinafter referred to as “provincial People’s Committees”), socio-political organizations, state-owned enterprises, enterprise associations shall implement cyber safety and security in accordance with information safety and cybersecurity.
dd) Protect infrastructures of national cyberspace, primarily important national security information system in accordance with regulations on cybersecurity. Protect information system of 11 important fields that require cyber safety and security priority (according to Decision No. 632/QD-TTg dated May 10, 2017 of the Prime Minister).
e) Aim to enable 80% of Internet users to access activities that raise their awareness, skills, and provide tools for ensuring cyber safety and security.
g) Set the foundation for cybersecurity industry and cyberinformation safety industry. Develop policy foundation suitable for cyber safety and security start-up.
h) Develop three to five leading information safety products and services that dominate domestic market and compete internationally.
i) Annual revenues of cyber safety and security market increases from 20% to 30%.
k) Establish Vietnam National Cybersecurity Association.
l) Establish a center for research, renovation, and creativity regarding cybersecurity, attract worldwide and repatriating Vietnamese scientists for product research, creation, and production.
m) Establish a Research and development (R&D) center for cyberinformation safety, facilitate research and testing of new products and services serving cyberinformation safety.
n) Expenditure on cyber safety and security equals at least 10% of expenditure on science and technology, digital transformation, and information technology application.
3. Specific objectives for 2030
a) Maintain and improve Vietnam’s capability, rank regarding cyber safety and security on global ranking.
b) Develop People-level security formation on cyberspace with active and full participation of the general public.
c) Reinforce and improve forces for cyber safety and security.
d) Aim to enable 90% of Internet users to access activities that raise their awareness, skills, and provide tools for ensuring cyber safety and security.
dd) Establish regionally and internationally prestigious centers for research, renovation, creativity regarding cybersecurity.
e) Establish two to three Research and development (R&D) centers for cyberinformation safety, facilitate research and testing of new products and services serving cyberinformation safety.
g) Vietnam becomes one of Asia’s leading cyber safety and security centers. Establish a market for cyber safety and security that asserts competition and influence on a region-wide and worldwide level.
h) Maintain growth of annual revenues of cyber safety and security market from 10% - 20%.
1. Improve leadership of the Communist Party and management of the Government.
a) Unify awareness from central government to local government which dictates cyber safety and security as responsibility of the whole political system, where the Steering Committee for National Cyber Safety and Security coordinates cooperation of forces affiliated to Ministry of Public Security, Ministry of National Defense, Ministry of Information and Communications, and Communist Party Central Committee’s Publicity and Education Commission. These forces shall actively cooperate within their functions and tasks.
b) Regularly publicize and communicate policies of the Communist Party, policies, regulations of the Government regarding cyber safety, cybersecurity and consider this an important mission of the entire political system.
c) Emphasize awareness and responsibilities of Communist Party Committees of all levels, governments of all levels, the Vietnamese Fatherland Front, socio-political organizations, the general public, and enterprises in ensuring cyber safety and security. Heads of committee-level of Communist Party shall direct, coordinate, and be responsible for cyber safety, security, review and identify core, vital issues in order to effectively coordinate implementation.
d) Utilize effective participation of the general public in maintaining cyber safety and security and actively responding to risks and challenges from cyberspace.
dd) Establish People-level security formation on cyberspace closely connected with the People-level national defense formation on cyberspace.
e) The Government prioritizes transfer and extensively apply technology and techniques for cyber safety and security; promote research, create favorable environment, and provide specific, goal-oriented support to enable organizations and individuals to participate in development of cyberinformation safety industry and cybersecurity industry. Develop regulations on cooperation between the Government and enterprises, enterprise associations in developing and implementing policies regarding cyber safety and security. Promote skills in safely participating in cyberspace.
a) The Ministry of Public Security shall
- Develop uniform policies and regulations on cybersecurity from central to local government by adjusting all fields where the use of cyberspace violates national security, social order and safety; improve protection to national sovereignty on cyberspace within their functions and tasks.
- Develop policies and regulations on protection of national data, personal data, regulations on collection, storage, and processing of data of Vietnamese nationals and responsibilities of domestic and foreign organizations, enterprises in protecting national sovereignty and security of Vietnam on cyberspace.
- Research, review, propose amendments to legislative documents on cybersecurity in order to synchronize, unify, improve, and satisfy the need for fighting and punishing violations regarding cyber security.
- Develop documents guiding the Law on Cybersecurity, legislative documents on conditions for selling cybersecurity products and services, especially those that are used in national security information system, information system of state authorities.
- Take charge and cooperate with the Ministry of Information and Communications and Ministry of Science and Technology in studying, applying payment contracts for science schemes relating to cyber safety and security.
b) Ministry of Information and Communications shall
- Develop and finalize regulations, policies on cyberinformation safety, especially penalties for violation of cyberinformation safety laws.
- Study, review, propose development and amendments to legislative documents and guiding documents on maintaining cyberinformation safety for electronic transactions, digital transformation, digital infrastructures, digital platform, digital data, protection of online personal information.
c) The Ministry of National Defense shall
Develop regulations and policies pertaining to national defense and protection on cyberspace, national sovereignty protection on cyberspace within their functions and tasks.
d) Relevant ministries and agencies, within their functions and powers, assigned to protect experts, intellectual, and leading personnel of the field to participate in development of regulations, policies, and law regarding cyber safety and security and operator teams of important information system of the Communist Party and the Government.
3. Protect national sovereignty on cyberspace
a) Study and propose promulgation of policies, regulations, and law pertaining to national sovereignty protection on cyberspace appropriate to Vietnam's situation and functions, powers of relevant ministries, central departments.
b) Develop capability to stay independent and respond to violation of national sovereignty on cyberspace.
c) Actively participate in multilateral and bilateral forums, organizations, international documents and treaties pertaining to national sovereignty protection on cyberspace.
d) The Ministry of National Defense, Ministry of Public Security, Ministry of Information and Communications, and relevant ministries, central departments shall cooperate in protecting national sovereignty on cyberspace within their functions and tasks.
a) Protect infrastructures of national cyberspace
- Ensure cyber safety and security during selection and implementation of services and technology for national cyberspace infrastructures; prioritize Vietnamese cyber safety and security products.
- Maintain cyber safety and security in designing, developing, operating national cyberspace infrastructures. Monitor and issue early warning for violation of the law and national cyberspace infrastructures on cyberspace.
- Improve independence regarding cyber safety and security.
- Maintain cyber safety and security during implementation of e-Government and digital transformation.
- Develop criteria for assessing cybersecurity risks and ranking cybersecurity capability for important national security information system.
b) Protect digital infrastructures
- The Ministry of Information and Communications shall:
+ promulgate technical standards, regulations, and criteria pertaining to cyberinformation safety in regard to cloud computing infrastructures, 5G devices, and Internet-of-Things devices.
+ develop and harness Make-in-Vietnam cloud computing technologies. Assess and evaluate cloud computing service providers meeting cyberinformation safety criteria.
+ coordinate, examine, and assess digital infrastructure enterprises exercising national cyberinformation safety tasks and responsibilities within their functions and powers.
+ develop centralized cyberinformation safety operation and command platform in a manner that satisfy requirements below:
. Capable of receiving and analyzing big data from more than 100 security operation centers (SOC) of ministries, central departments, local governments, digital infrastructure enterprises, and foreign organizations.
. Capable of forecasting and issuing early warnings for risks on Vietnamese cyberspace, large-scale security loopholes, serious data leak in order to enable Vietnamese agencies, organizations, and enterprises to promptly intercept cyber attacks and minimize large-scale damage.
. Capable of operating, coordinating, and supervising constant compliance with cyberinformation safety on a nationwide scale.
+ within their functions and tasks, collect, consolidate, and analyze Internet access in Vietnam in order to detect signs, risks, issue early warnings, and promptly intercept cyber attack.
+ develop national domain name system that is safe and ready for 5G, Internet of Things (IoT), IPv6, application of technologies and standards that ensure safety for national Internet domain name system of “.vn”.
+ organize campaigns for reviewing and removing malware on a nationwide scale.
- The Ministry of National Defense shall
+ actively coordinate and inspect affiliated entities, enterprises engaging in operations relating to national defense.
+ coordinate, examine, and evaluate digital infrastructure enterprises which exercise responsibilities and tasks of protecting national sovereignty on cyberspace, prevent information warfare and cyberwarfare within their functions.
+ cooperate with Ministry of Public Security, Ministry of Information and Communications, and relevant ministries, central departments in coordinating, examining, and evaluating digital platform service providers which exercise responsibilities and missions for cyber safety and security.
- The Ministry of Public Security shall: coordinate, examine, and evaluate digital infrastructure enterprises which exercise responsibilities and missions for cyber safety and security within their functions and tasks.
- Digital infrastructure enterprises shall:
+ provide telecommunication internet services that are security by default.
+ ensure cyberinformation safety for 5G network and subsequent network generations throughout design, development, and operation process, including:
. Examine and evaluate cyberinformation safety (Pentest) and conduct threat hunting. Develop test bed for training, skill and knowledge improvement for cyberinformation experts of enterprises.
. Examine and evaluate cyberinformation safety of terminal devices prior to supplying users. Prioritize terminal devices produced by domestic enterprises and examined, evaluated, declared for cyberinformation safety.
+ rectify, remediate, or replace terminal devices provided to users (modem, router, surveillance camera, IoT devices,...) suspected of cyberinformation safety violation.
+ implement security operation enters (SOC).
+ develop IoT network infrastructures, including:
. Evaluate and declare fulfillment of cyberinformation safety technical criteria of IoT devices. Select IoT devices that have been evaluated and declared to have met cyberinformation safety technical criteria when establishing IoT infrastructures.
. Develop products and solutions for Make-in-Vietnam IoT gateway to maintain cyberinformation safety of IoT devices.
+ maintain cyberinformation safety for cloud computing infrastructures, including: Develop Make-in-Vietnam cloud computing infrastructures; connect Vietnam’s cloud service platforms (multi cloud), ensure coherence, safety, effectiveness.
+ publicize cyberinformation safety level of digital infrastructure services.
+ prioritize Make-in-Vietnam cyber safety and security products.
- Service users shall:
+ select telecommunication services, internet services, and digital infrastructure services with public cyber safety and security level. Prioritize Make-in-Vietnam cyber safety and security products.
+ inform the authority about violations of the law on cyberspace; implement or inform, cooperate with digital infrastructure enterprises in rectifying, dealing with, or replacing terminal devices suspected of cyberinformation safety violation.
c) Protect digital platform
- Enterprises governing digital platforms shall:
+ determine information safety level and implement solutions for level-based information system safety for digital platforms.
+ develop digital platforms capable of self-defense; tools for screening, detecting, processing, and removing information violating regulations and law on digital platform.
+publicize policies on management and use of user information, data on digital platforms. Ensure safety of personal information, information regarding account and password of messages and transaction history of service users on digital platforms.
+ allow users to file a complaint, feedback, verify false information, information violating regulations and law, and take actions as per the law.
+ actively detect, intercept, deal with, remove false information, information violating regulations and law or provide evidence to enable tracing and verification of information sources; deal with and remove information violating regulations and law at request of competent authority.
+ refuse or stop providing services for organizations and individuals that upload information violating regulations and law on cyberspace.
+ develop Make-in-Vietnam digital platforms with million Vietnamese and international users.
- The Ministry of Information and Communications shall: Coordinate, examine, and evaluate enterprises providing digital platform services which exercise responsibilities and mission for cyberinformation safety for national network within their functions and tasks.
- The Ministry of Public Security shall: Coordinate, examine, and evaluate digital infrastructure enterprises which exercise responsibilities and missions for cyber safety and security within their functions and tasks.
- The Ministry of National Defense shall:
+ actively coordinate and inspect affiliated entities, enterprises engaging in operations relating to national defense.
+ coordinate, examine, and evaluate digital infrastructure enterprises which exercise responsibilities and tasks of protecting national sovereignty on cyberspace, prevent information warfare and cyberwarfare within their functions.
+ cooperate with Ministry of Public Security, Ministry of Information and Communications, and relevant ministries, central departments in coordinating, examining, and evaluating digital platform service providers which exercise responsibilities and missions for cyber safety and security.
- Ministries, central departments, and local governments shall: Supervise, detect, and publicize violations of Vietnam’s regulations and law under their management on digital platforms. Take actions within competence or cooperate with the Ministry of Public Security, Ministry of Information and Communications in taking actions against violating organizations and individuals and removing violating information from digital platforms.
- Service users shall:
+ select safe and healthy digital platform services.
+ practice caution when providing personal information, data on digital platforms; secure accounts and password to prevent leak or being used to violate regulations and law.
+ adhere to code of conduct, do not upload, spread contents violating regulations and law on the internet.
+ share positive information; issue warnings, report, and denounce violations of the law.
d) Protect data of organizations and individuals
- Develop policies, regulations on data protection in order to protect legitimate rights and benefits of organizations, individuals, especially data of national importance.
- Develop data centers of international standards in Vietnam and encourage organizations and individuals to use services of these data centers.
- Examine and evaluate enterprises providing transboundary services regarding compliance with Vietnamese regulations and law on data storage and processing of Vietnamese organizations, individuals.
- Maintain cybersecurity and cyberinformation safety depending on level of national database and important database of fields and sectors.
- Establish centralized, effective, and competent data security risk assessment; report, share information, supervise, issue early warnings; improve collection, analysis, study, prediction, and early warning regarding data security risk. Develop emergency response mechanisms in case of data security risk.
5. Protect information system of authorities of the Communist Party and the Government
a) Entities governing information system
- Emphasize responsibility for protecting their information system. Associate responsibilities of heads of entities governing information system with responsibilities for cyber safety and security.
- Develop, update, operate information system in accordance with technical standards and regulations on cyber safety and security.
- Review, list all important information system to be added to the List of important national security information system.
- Strictly comply with regulations and law on cybersecurity; identify safety level and responsibilities for ensuring information system safety by level and implement 4-layer protection model before introducing into use.
- Actively supervise, promptly detect cyber safety and security risks during construction and installation of devices in information system. Prioritize Make-in-Vietnam cyber safety and security products and solutions.
- Invest in resources, regularly upgrade system, update copyright, improve awareness and skills regarding cyber safety and security of public officials, officials, public employees, and employees. Organize drills, guidance, examination, response and rescue of cyber safety and security risks at least once every year.
- Cooperate with competent authorities in charge of cybersecurity of the Ministry of Public Security in connecting to the National Cyber Security Center to implement cybersecurity supervision.
b) The Ministry of Public Security shall
- Develop procedures for examining and evaluating cybersecurity for technical equipment, electronic devices, and software used in important national security information system before introducing into use, especially equipment and devices sponsored, gifted, or awarded by foreign countries or enterprises.
- Develop regulations on cooperation and participation in counseling, assessing cybersecurity in regard to important national security information system.
- Actively develop plans and organize cybersecurity examination in regard to important national security information system and other information systems of authorities of the Communist Party and the Government at request of entities governing the information systems. Organize cybersecurity assessment and ranking for information systems of state authorities.
- Organize national-level cybersecurity drills participated by entities governing important national security information system, agencies, organizations, and enterprises maintaining cybersecurity.
- Develop and establish Cybersecurity risk response and remediation network revolving around specialized forces for cybersecurity protection and closely cooperating with agencies, organizations, and individuals in responding to and remediating cybersecurity risks.
- Take charge and cooperate with the Ministry of National Defense, Ministry of Information and Communications, relevant ministries and central departments in developing regulations on cooperating and sharing information on cyber safety and security monitoring of information systems of ministries, central departments, local governments, organizations, and important enterprises.
- Cooperate with entities governing information systems in rectifying and dealing with threats to cybersecurity, cybersecurity incidents, security weaknesses, loopholes, malicious hardware.
- Implement solutions for preventing, combating, dealing with violation of cybersecurity, operation of opposing entities and forces which utilize cyberspace to violate national security, sovereignty, benefits, social order or safety.
c) The Ministry of National Defense shall
- Actively and promptly detect, prevent risk to cyber safety and security in order to protect national sovereignty on cyberspace, prevent information warfare and cyber warfare.
- Organize cyber safety and security forces for information systems of authorities of the Communist Party, the Government, important national security information system, and military information systems within their functions and tasks.
- Counsel and propose development of professional technical systems, implement solutions for preventing and combating operations of opposing forces which utilize cyberspace to violate national defense and sovereignty on cyberspace.
d) The Ministry of Information and Communications shall:
- Implement dedicated cloud computing platform of the Government satisfying cyberinformation safety requirements, acting as safe infrastructures for common applications of e-Government.
- Develop centralized cyberinformation safety operation and command platform, connect, analyze big data, share cyberinformation safety risks with 100% SOCs of state authorities in order to forecast, issue early warnings, prevent, and promptly resolve cyberinformation safety risk and prevent large-scale damage.
- Develop platform for scanning security loophole to prevent loss of cyberinformation safety of e-Government applications of ministries, central departments, and local governments.
- Develop online platform for training and examining basic information safety knowledge and skills for users.
- Develop laboratories for simulation and reconstruction of cyberinformation safety incidents.
- Evaluate and apply network credibility labels to websites.
- Evaluate and rank information safety level of agencies, organizations, state-owned enterprises, and organizations, enterprises operating in important sectors that require cyberinformation safety priority.
- Develop National cyberinformation safety emergency response network in order to promptly coordinate, synchronously and effectively cooperate with other forces in maintaining cyberinformation safety, especially 11 important sectors that require cyberinformation safety priority (sectoral CERTs).
- Develop other technical systems to serve national cyberinformation safety, secure information safety for the process of national digital transformation, development of e-Government, digital economy, digital society.
dd) Vietnam Government Certificate Authority (VGCA) shall
- Implement password-based solutions to protect information in important national information systems of authorities of the Communist Party and the Government.
- Provide services and manage specialized digital signature authentication system for authorities within the political system; implement security for information technology applications of authorities of the Communist Party and the Government; satisfy cyberinformation safety and security requirements for e-Government.
- Cooperate with relevant agencies in monitoring information safety of important national information systems of authorities of the Communist Party and the Government.
e) The Ministry of Public Security, Ministry of National Defense, Ministry of Information and Communications shall supervise and issue early warnings for information systems of authorities of the Communist Party and the Government within their functions and tasks.
6. Protect information systems of important sectors that require information safety priority
a) Entities governing information system shall
- Implement level-based information safety solutions and four-layer protection models for information systems of important sectors.
- Prioritize Make-in-Vietnam cyberinformation safety products and solutions in information systems of national importance.
- Invest and raise awareness of organizations and individuals related to assurance of cyberinformation safety for information systems of important sectors.
- Organize drills, guidance, examination, response and rescue of cyberinformation safety risks at least once every year for important sectors that require information safety priority and information systems of national importance.
- Develop emergency response teams for 11 important sectors that require cyberinformation safety priority (sectoral CERT) under coordination of the Ministry of Information and Communications, participate in National cyberinformation safety emergency response network.
b) Authorities in charge of cyber safety and security (the Ministry of Public Security, Ministry of National Defense, Ministry of Information and Communications) shall share information pertaining to cyberinformation safety risks for entities governing information systems within 11 important sectors that require cyberinformation safety priority.
c) The Ministry of Public Security shall guide, encourage, and examine assurance of cyberinformation safety for important information systems within their management.
d) The Ministry of National Defense shall guide, encourage, and examine assurance of cyberinformation safety for important information systems within their management.
dd) The Ministry of Information and Communications shall guide, encourage, and examine assurance of cyberinformation safety and emergency response for information systems within 11 important sectors that require cyberinformation safety priority (other than information systems under management of Ministry of Public Security, Ministry of National Defense).
a) The Ministry of Public Security shall
- Develop regulations, establish hotline and system for receiving, processing information on cybercrime in order to enable the general public to promptly and direct communicate, report violations of the law on cyberspace to competent authority.
- Renovate details, format, and solutions for developing all people's national defense appropriate to digital transformation situation. Exercise People-level security formation on cyberspace in order to establish people-level protection of national security model on cyberspace.
- Develop regulations on interdisciplinary cooperation between ministries, central departments, local governments, cybersecurity forces and relevant organizations, enterprises as per the law in preventing, detecting, investigating, and taking actions against violations of the law on cyberspace and preventing cyberterrorism.
- Upgrade and develop National Cyber Security Center capable of supervising, consolidating, collecting, analyzing big data of operation process, violations of the law on cyberspace, cyberattack, and taking timely actions against risks, challenges, violations of cybersecurity.
- Associate planning and implementation of socio-economic development policies with cybercrime prevention and combat. Improve education and training for national defense and cybersecurity.
- Develop national early warning system in order to promptly detect, dispatch, and respond to cybersecurity emergencies; collect and share information on cybersecurity between the Government and enterprises, between Vietnam and other countries; develop and operate platform for jointly operating and supervising cybersecurity.
b) Ministry of Information and Communications shall
- Promote development of safe Internet applications in order to protect users on the internet.
- Develop applications for propagating, raising awareness, and publicizing knowledge regarding information safety for users.
- Develop child protection platform on the internet.
- Guide organizations and individuals to change their habits and behaviors on the internet to adhere to safety standards.
- Renovate solutions for propagating, raising awareness, educating, and changing attitude of the general public towards information safety in a matter that revolves around the community such as: mobile phone applications, social media. Enable organizations and individuals to inform, report, and receive answers for questions pertaining to cyberinformation safety at ; provide tools, utilities, and guidelines on dealing with cyberinformation emergencies.
- Establish communication and operating channels in order to encourage, assist, and develop instruction manuals to enable organizations and enterprises (especially medium and small enterprises) to implement cyberinformation safety solutions.
- Implement the Program for protecting and assisting healthy, creative interaction of children on the internet for 2021 - 2025.
- Request digital platform enterprises to develop and implement mechanisms that allow users to report and deal with false information, misinformation pertaining to Vietnam and Vietnamese people.
c) The Ministry of National Defense shall
- Study details and methods for developing People-level national defense formation on cyberspace associated with People-level security formation on cyberspace.
- Develop systems for supervising, detecting, and issuing early warnings for risks of violation of national defense and sovereignty on cyberspace in order to develop safe and healthy cyberspace.
- Detect and deal with acts of illegally uploading, storing, exchanging information, documents containing state secrets within their management.
- Cooperate with ministries, central departments, and local governments in preventing, detecting, and dealing with cyberattack, attempts against the Communist Party and the Government; preventing and combating terrorism attempts in regard to information systems under management.
d) Ministries, central departments, and local governments shall
- Supervise, detect, and cooperate with state authorities and digital platform enterprises in dealing with false information, information violating regulations and law within their management.
- Develop websites, social medial, and accounts on credible networks in order to propagate, correct any and all information, public opinion, and effectively deny negative information pertaining to Vietnam and Vietnamese people.
a) Harness and possess technologies
- The Ministry of Information and Communications shall:
+ Implement research and development:
. Request 2 to 3 major ICT enterprises to develop R&D centers for cyberinformation safety, facilitate study and experimentation of new cyberinformation safety products and services.
. Develop information safety evaluation and inspection system, publicize products satisfying cyberinformation safety standards.
. Assist several enterprises and research facilities capable of harnessing and creativity regarding technological solutions in developing cyberinformation safety solutions for vital networks.
. Promote excellent start-up ideas that serve national benefits.
+ Promote public-private partnership:
. Direct and assign enterprises to resolve national issues pertaining to cyberinformation safety.
. Encourage telecommunication enterprises to solve the country’s largest problem regarding cyberinformation safety.
- Ministry of Public Security shall
+ develop strategies to slowly receive, inherit cybersecurity technologies, products, and services from other countries via technology investment and transfer. Encourage and honor creativity in terms of cybersecurity technologies, products, and services.
+ develop regulations promoting selective harnessing and possession with appropriate roadmap regarding cybersecurity, moving towards harnessing core technologies regarding science technology in order to resolve cybersecurity risks and challenges and serve socio-economic development.
+ identify and select nationally strategic and long-term cybersecurity technology with regulations on civil - security cooperation:
. Study and develop Space surveillance network based on information processing technologies that operate in all weather conditions and at all time with high transmission and processing capacity, combine with sensory, monitoring, analysis, identification technology, real-time application, and high definition.
. Establish cybersecurity information system consisting of: command system, strategic communication system, warning systems for space, coastal areas, digital space, new weapons, airspace protection system, ocean protection system, biology environment protection system, and national cyberspace protection system within functions and tasks.
. Invest in projects that guarantee cybersecurity in artificial intelligence, big data processing, smart devices, quantum cryptography, and high-performance computing network, operating systems for structures integrated with quantum computing, brain simulation, and regular computer, error processing technologies, components, peripherals, quantum sensors.
. Promote parallel application of cybersecurity products and services in national economic development such as: developing and protecting smart urban planning, urban planning, resolving of traffic, social security issues, solutions for sensory, monitoring, optimizing, forecasting, data processing, early warning; ensuring cybersecurity in application of new science technology achievements regarding recreation and media industry.
. Develop and position cybersecurity research institutes into a research network sharing the same infrastructures in order to jointly research and develop cybersecurity products, services, and technologies. The institutes must have sufficient capability and be invested in infrastructures and advanced laboratories in order to integrate technologies, scientific knowledge and transfer from training facilities to enterprises.
. Develop and operate advanced national cybersecurity laboratories following a service-based principles and an open and shared basis. Develop policies on fair and reasonable shared ownership in regard to laboratory research results regarding cybersecurity, use of budget capital and use of combination of budget and investment from enterprises.
. Develop regulations to attract enterprises and institutes to participate in developing cybersecurity-related technologies. Invest in basic research projects or develop core cybersecurity technologies of strategic importance from funding sources for national defense and security under special financial regulations.
. Mobilize and implement research, creative activities of enterprises member of the “Vietnam National Cybersecurity Association”, including Vietnam's leading individuals and organizations regarding core technologies in order to become “an extended arm” in the process of possessing, harnessing, and strengthening of the country.
. Develop list of cybersecurity technologies, products, and services prioritized to be harnessed and possessed.
- Ministry of National Defense shall
+ establish information systems serving military and national defense tasks on cyberspace, including: command system, strategic communication system, warning systems for threats from space, ocean, digital space, new weaponry, airspace protection system, sea protection system, biology protection system, and national cyberspace protection system within their functions and tasks.
+ promulgate favorable regulations, policies, and investment in order to enable research institutes regarding cyber safety and security products, services and performance of national defense tasks on cyberspace.
+ encourage affiliated agencies, entities, and enterprises to research, produce cyber safety and security products, services appropriate to national defense industry development orientation.
- Cyber safety and security enterprises shall
+ research, develop, receive, and harness cyber safety and security technologies.
+ encourage study, decryption, development, and harnessing of cyber safety and security technologies, products, and services, including: products and services for telecommunication transmission and internet, provision of content services on the internet; products, services, and solutions for cyber safety and security; prevention and combat of cyberterrorism; large-scale cyber safety and security supervision system; products and services for cyber safety and security and resolution of social problems.
b) Set foundation for cyberinformation safety industry, development of cyberinformation safety products
- Cyber information safety enterprises shall:
+ make the transition to depth: focus on 3 - 5 leading products with national brand name. Develop products and services maintaining safety for the general public on the internet.
+ make the transition from major products, specialized products to universal products: “popularize” cyberinformation safety products towards the general public and households.
+ develop telecommunication, internet, safe digital platform services: cyberinformation safety services integrated with telecommunication, internet, digital platform services.
- Ministry of Information and Communications shall
+ assist in developing 2 leading groups of cyberinformation safety enterprises:
. Major enterprises potential to play a leading role in the market.
. Start-up enterprises with excellent ideas and solutions.
+ coordinate and promote establishment of Centers for research, development, and experimentation of cyberinformation safety for national networks at major ICT enterprises.
+ promote implementation of model of security as a service.
c) Develop cybersecurity industry with advanced cybersecurity technologies, products, and services.
- Promote and transfer intellectual property technology regarding cyber security.
- Develop service network regarding cybersecurity technology. Establish organizations for assessment, evaluation, appraisal, and inspection of cybersecurity technology and intellectual property, counseling, brokerage of transfer of cybersecurity technology.
- Establish network for transfer of cybersecurity-related technology, capable of searching and identifying technologies, partners, analyzing market demand, connecting demand between developers and users.
- Carry out pilot establishment of venture capital fund to assist start-up enterprises and new technology projects regarding cybersecurity. Develop policies mobilizing venture investment from private sector and enterprises.
- Establish leading enterprises regarding cybersecurity technologies, products, services, capable of researching, manufacturing, producing cybersecurity products and services, focus primarily on 2 groups: group of enterprises with big potentials and capability, capable of initiating research and manufacturing of cybersecurity services, products, and group of start-up enterprises with high-quality and creative personnel, with excellent and practical solutions.
- Identify list of central cybersecurity products and services in digital transformation and the Fourth industrial revolution to provide support in order to develop, qualify for international standards, Vietnamese standards, become an export market of cybersecurity products and services, expand and dominate domestic and international market.
- Develop regulations on cooperation between national defense, security and civil use, public sector and private sector in order to enable research, development, application, and transfer of cybersecurity technology.
- Promote research and manufacturing of cybersecurity products and services in start-up enterprises, education institutions, research institutes, formal education and university, especially students, learners, small and medium enterprises.
- Focus investment on major schemes and projects regarding cybersecurity independence. Invest in and implement the Scheme for “Center for research, decryption, production, and manufacturing of products and services pertaining to cyber safety and security technology".
9. Provide training and develop human resources
a) The Ministry of Information and Communications shall
- Implement the Scheme for “Training and developing information safety human resources for the period of 2021 - 2025”; study and propose solutions for promoting activities in this field for the period of 2026 - 2030.
- Develop teams of distinguished experts in cyberinformation safety to deal with difficult issues of Vietnam.
- Develop and connect information safety personnel in digital technology enterprises and cyberinformation safety enterprises.
- Provide guidance and encourage implementation of regulations on standard skills for cyberinformation safety.
- Promptly praise and commend agencies, organizations, enterprises, and individuals dedicating to cyberinformation safety of national networks.
b) The Ministry of Public Security shall
- Develop regulations, policies pertaining to human resource training for cybersecurity.
- Develop teams of cybersecurity scientists with high quality, international credibility, and benefits appropriate to cybersecurity efforts. Encourage domestic cybersecurity scientists to participate in multilateral or bilateral international cybersecurity projects, especially projects and tasks which Vietnam is incapable of investing in.
- Develop teams of high quality cybersecurity engineers capable of researching, developing, and manufacturing cybersecurity products, services that play a vital role in receiving and transferring security knowledge and receive appropriate benefit policies.
- Find and train young talents regarding cybersecurity. Develop policies on priority training for young talents, enable them to study and research abroad and return to Vietnam to develop national cybersecurity. Organize international conventions and seminars regarding cybersecurity in Vietnam in order to utilize cybersecurity scientists and create development environment for young talents.
- Promote reform of education program which renovates, popularizes, and updates knowledge about cybersecurity in education institutions.
- Create competitive and equal development environment for domestic and foreign cybersecurity enterprises.
- Study, improve regulations and law on use of funding from state budget to invite or hire international cybersecurity experts for long-term, especially experts of Vietnamese origin or connected to Vietnam, working, teaching, studying, and carrying out tasks regarding cybersecurity in Vietnam.
- Implement the Scheme for “Training cybersecurity human resources until 2025 and vision towards 2030”.
- Promptly praise and commend agencies, organizations, enterprises, and individuals dedicating to cybersecurity.
c) The Ministry of National Defense shall
- Take charge and cooperate with relevant ministries, authorities in developing and organizing implementation of human resource training and development programs, schemes for cyberspace taskforce.
- Invest in facilities and techniques serving training, professional training, and scientific research regarding cyberspace warfare; study, develop regulations and policies for cyberspace taskforce and forces protecting the country on cyberspace.
10. Publicize, popularize, raise awareness and skills regarding cyber safety and security
a) The Ministry of Information and Communications shall
- Implement the Scheme for “Publicizing and raising cyberinformation safety awareness for the period of 2021 - 2025”.
- Publicize, raise awareness, and popularize cyberinformation knowledge and skills to Internet users; implement activities to prepare skills for vulnerable individuals in society.
- Inform users about basic cyberinformation safety products and services.
- Develop, improve regulations and policies, establish communication channels to enable users to conveniently reflect, share, and protect cyberinformation safety for national networks.
- Implement massive open online courses to propagate basic information safety skills to users.
b) The Ministry of Public Security shall
- Development implement the Scheme for “Propagating and raising cybersecurity knowledge and awareness”.
- Organize annual large-scale campaigns to publicize, raise awareness and knowledge regarding cybersecurity across the country with participation of mass media, press, agencies, organizations, and enterprises from central level to local level.
- Establish social channels and networks to publicize, raise awareness of the general public regarding cybersecurity and evil attempts, schemes, efforts, and violation of cybersecurity, increase resistance to misinformation and evil schemes of hi-tech crimes.
- Develop and promulgate skills for maintaining cybersecurity when using cybersecurity.
c) Agencies, organizations, and enterprises shall
- Promptly provide official information to enable the general public to acknowledge and reject false information, information violating regulations and law on cyberspace.
- Organize implementation of plans for publicizing, popularizing habits, responsibilities, and skills regarding cyber safety and security for officials, public officials, employees, public employees using cyberspace.
- Education and training facilities shall develop programs and plans training critical thinking skills for students and learners regarding false information on cyberspace.
- Domestic and foreign service providers shall publicize, raise awareness and knowledge regarding cyber safety and security; develop technical solutions for limiting false information, misinformation on their services and platforms.
- Press and media organizations shall increase communication regarding worldwide and Vietnamese trends, knowledge, situation, risks, and consequences of cyber safety and security.
11. Increase national credibility and implement international cooperation
a) The Ministry of Public Security shall
- Actively expand international cooperation in maintaining cybersecurity with other countries, especially strategic partner countries with advanced science and technology level in order to protect national security, social order and safety. Actively engage in global network for innovation which includes research and innovation in cybersecurity.
- Promote attraction and effective use of resources from foreign countries and international partners in research, application, innovation, start-up, and transfer of technology regarding cybersecurity.
- Review and amend regulations and policies on international cooperation in maintaining cybersecurity in order to adhere to international regulations and practices. Actively advise participation in international agreements and treaties on cybersecurity in order to acquire international legal grounds in protecting national benefits, legitimate rights and benefits of enterprises in the field.
- Implement and expand cooperation programs, plans in order to develop, establish Vietnam’s position and role regarding cybersecurity in strategic areas directly related to Vietnam’s national security and protect national security and benefits preemptively.
- Increase cooperation in crime prevention via international channels such as the INTERPOL and ASEANAPOL. Assign public officials to participate in international forums and organizations regarding prevention and combat of cybercrime in order to improve knowledge, skills, technical solutions, and experience in preventing and fighting new crimes.
- Participate in development of international laws, standards, rules, international rule sets, global guidance regarding cybersecurity.
- Participate in international and regional organizations, forums regarding cyberspace, cybersecurity; cooperate with other countries, especially countries in the region and countries acting as Vietnam’s strategic partners, comprehensive partners regarding cybersecurity.
- Participate in United Nations’ taskforce, organizations, international organizations, and teams of experts regarding cyberspace and cybersecurity.
b) Ministry of Information and Communications shall
- Improve bilateral cooperation with other countries regarding cyberinformation safety. Participate in developing international laws and international standards, rules, principles regarding cyberinformation safety.
- Participate in international, regional organizations and forums; cooperate with other countries, especially countries in the region and countries acting as Vietnam’s strategic partners, comprehensive partners in sharing information and providing mutual assistance in detecting, handling, and responding to transboundary cyberattack. Exercise the role of founding member of the GFCE (Global Forum on Cyber Expertise) extensively.
- Participate in Technical taskforce of the ITU (SG13, SG17, SG20), Internet Governance Forum (IGF), the GFCE, the Joint technical committee of ISO/IEC regarding Information Technology (JTC1).
- Pioneer in research, participate in resolving of new and difficult international issues pertaining to policies and techniques regarding cyberinformation safety.
c) The Ministry of National Defense shall
- Increase and promote international cooperation regarding cybersecurity and cyberinformation safety within their functions and tasks in order to increase effectiveness of information warfare, cyberwarfare and protect national sovereignty on cyberspace.
- Cooperate with the Ministry of Public Security, Ministry of Information and Communications, and Ministry of Foreign Affairs in cooperating with other countries regarding cyber safety and security.
d) The Ministry of Foreign Affairs shall
Cooperate with the Ministry of Public Security, Ministry of National Defense, and Ministry of Information and Communications in promoting international cooperation with leading countries in cyber safety and security as per the law.
12. Invest resources and ensure expenditure on implementation.
a) Assign sufficient personnel in charge of cyber safety and security in state authorities and organizations.
b) Invest resources in developing technical systems, tools, implementing cyber safety and security activities, and maintaining operation of authorities and organizations.
c) Develop regulations on specific salaries for forces in charge of cyberinformation safety and cybersecurity in state authorities and organizations
d) Prioritize resources for implementation of Schemes and develop technical systems for maintaining cyber safety and security on a nationwide scale.
dd) Allocate expenditure on maintaining cyber safety and security which accounts for at least 10% of expenditure on science and technology, digital transformation, and application of information technology.
e) Recurrent expenditure from central government budget shall fund tasks of the Strategy implemented by central authorities.
g) Local government budget shall fund execution of tasks of the Strategy implemented by local authorities.
h) Prioritize funding sources for science and technology, funding sources from national programs for advanced technology development, programs for national product development in order to develop domestic products, services, and solutions, and tasks of technology research, development, transfer in the Strategy.
1. Steering Committee for National Cyber Safety and Security shall
a) assist the Prime Minister and director of the Steering Committee for National Cyber Safety and Security in assessing and concluding the implementation of this Strategy.
b) request the Prime Minister to coordinate and take actions against new, important, interdisciplinary issues that have not been regulated or are being overlapped, complicated regarding cyber safety and security under this Strategy and issues that require cooperation between ministries, central departments, and authorities.
2. Ministry of Public Security shall
a) take charge and cooperate in guiding, encouraging, examining agencies, organizations, and enterprises organizing implementation of provisions relating to cybersecurity under this Strategy; organize assessment, conclusion, consolidation, and reports submitted to the Prime Minister pertaining to implementation situation and recommendation for new tasks adhering to practical situations in regard to provisions pertaining to cybersecurity under the Strategy.
b) take charge and cooperate with ministries, central departments, local governments, and relevant organizations, enterprises in implementing tasks assigned to the Ministry of Public Security under Part IV; tasks under Section 1, Point d Section 2, Section 3, Points a and d Section 4, Point e Section 5, Point b Section 6 Part IV within their functions and tasks.
c) develop solutions for maintaining internal political security and economic security in ministries, central departments with cyberspace infrastructures, digital infrastructures, important platforms serving digital transformation, development of digital economy, digital society within their functions and tasks.
3. Ministry of Information and Communications shall
a) take charge and cooperate in guiding, encouraging, examining agencies, organizations, and enterprises organizing implementation of provisions relating to cybersecurity under this Strategy; organize assessment, conclusion, consolidation, and reports submitted to the Prime Minister pertaining to implementation situation and recommendation for new tasks adhering to practical situations in regard to provisions pertaining to cyberinformation safety under the Strategy.
b) take charge and cooperate with ministries, central departments, local governments, and relevant organizations, enterprises in implementing tasks assigned to the Ministry of Information and Communications under Part IV; tasks under Section 1, Point d Section 2, Section 3, Points a and d Section 4, Point e Section 5, Point b Section 6 Part IV within their functions and tasks.
4. Ministry of National Defense shall
a) prevent, respond, and deal with risks, challenges from cyberspace within their functions and tasks.
b) take charge and cooperate with ministries, central departments, local governments, and relevant organizations, enterprises in implementing tasks assigned to the Ministry of National Defense under Part IV; tasks under Section 1, Point d Section 2, Section 3, Points a and d Section 4, Point e Section 5, Point b Section 6 Part IV within their functions and tasks.
5. Ministry of Science and Technology shall
Take charge and cooperate with the Ministry of Public Security, Ministry of Information and Communications, and relevant agencies, organizations, and enterprises in researching, implementing technology transfer, and developing, promulgating technical standards pertaining to cyber safety and security.
6. The Ministry of Home Affairs shall
Take charge and cooperate with Ministry of Public Security, Ministry of Information and Communications, and Ministry of Finance in developing regulations on specific salaries for forces in charge of cyberinformation safety and cybersecurity in state authorities and organizations.
7. Ministry of Foreign Affairs shall
Cooperate with the Ministry of National Defense, Ministry of Public Security, and Ministry of Information and Communications in researching, developing, and requesting competent authority to sign international cooperation agreements regarding cyber safety and security with leading countries in the field of cyber safety and security; increase bilateral cooperation with other countries regarding cyber safety and security; implement diplomatic, international cooperation solutions pertaining to cyber safety and security.
8. The Ministry of Planning and Investment and Ministry of Finance shall prioritize fundings from state budget to implement tasks of the Strategy in accordance with public investment and state budget laws.
9. Ministries, ministerial agencies, Governmental agencies, and provincial People’s Committees shall
a) take charge and cooperate with the Ministry of Public Security and Ministry of Information and Communications in organizing implementation of tasks under the Strategy.
b) promote cyber safety and security within their management; adhere to technical standards and regulations, professional guidance of the Ministry of Public Security, Ministry of Information and Communications, and the law; prioritize Make-in-Vietnam cyberinformation safety and independent cybersecurity products, solutions, and services. Associate assurance of cyber safety and security with digital transformation, application of information technology, development of e-Government, transition to digital Government, development of smart cities, digital economy and digital society.
c) actively review, detect, take actions or cooperate with competent authorities in taking actions against information violating regulations and law on cyberspace under their management. Increase examination, inspection, declaration, and actions against violation.
d) request groups, corporations, and enterprises under their management to review, evaluate, adopt solutions for cyber safety and security in regard to information system infrastructures, industrial control system, and other important information systems managed, operated, and used by the enterprises.
dd) prioritize resources (human resources and expenditure) and conditions in order to implement cyber safety and security within internal operation of agencies, organizations, and sector.
e) examine, assess, and produce annual or irregular reports in accordance with instructions of the Ministry of Public Security, Ministry of Information and Communications regarding implementation and results of the Strategy in order to consolidate, report to the Prime Minister as per reporting laws.
10. Vietnam Government Certificate Authority (VGCA) shall
a) develop national cryptographic infrastructure in order to protect information serving leadership, coordination of the Communist Party, the Government, and armed forces stored, transmitted on cyberspace.
b) take charge and cooperate with the Ministry of Information and Communications and relevant authorities in promoting the application and use of specialized Government digital signature and information security in network systems of agencies and organizations in the political system in accordance with cryptography laws.
11. Groups, corporations, and state-owned enterprises shall
Rely on this Strategy and organize implementation of cyber safety and security in operation of the enterprises in accordance with guidance of the Ministry of Public Security and Ministry of Information and Communications.
12. The Vietnam National Cybersecurity Association and the Vietnam Information Security Association shall
a) strictly cooperate with the Ministry of Public Security and Ministry of Information and Communications in organizing implementation of tasks under the Strategy.
b) mobilize members and enterprises to actively research, develop, produce, provide high quality cyber safety and security products, services, and solutions; mobilize agencies and organizations to prioritize Make-in-Vietnam cyberinformation safety products, services, and solutions and independent cybersecurity solutions.
13. Telecommunication enterprises, Internet enterprises, and enterprises governing digital platform shall
a) take charge and cooperate in organizing implementation of cyber safety and security in their operations.
b) adhere to guidelines and request of the Ministry of Public Security and Ministry of Information and Communications in developing digital infrastructures, digital platforms, and protecting digital data.
c) produce annual or irregular reports on implementation and results of tasks to the Ministry of Public Security and Ministry of Information and Communications.
Article 2. This Decision comes into force from the date of signing.
Article 3. Ministers, heads of ministerial agencies, heads of Governmental agencies, Chairpersons of provincial People’s Committees, and heads of relevant agencies, organizations, and enterprises are responsible for the implementation of this Decision.
|
|
PP. PRIME
MINISTER |
------------------------------------------------------------------------------------------------------
This translation is made by THƯ VIỆN PHÁP LUẬT, Ho Chi Minh City, Vietnam and
for reference purposes only. Its copyright is owned by THƯ VIỆN PHÁP LUẬT
and protected under Clause 2, Article 14 of the Law on Intellectual Property.Your comments are always welcomed
