About Issues in Building the National Strategy for Cybersecurity in Vietnam

Similar documents
Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

National Policy and Guiding Principles

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Bradford J. Willke. 19 September 2007

Promoting Global Cybersecurity

Cybersecurity Strategy of the Republic of Cyprus

OAS Cybersecurity Capacity Building Efforts

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Provisional Translation

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

National Cyber Incident Response - Architectural Concepts

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

The Office of Infrastructure Protection

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Directive on security of network and information systems (NIS): State of Play

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Cyber Security in Europe

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

COUNTERING IMPROVISED EXPLOSIVE DEVICES

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

CIRT: Requirements and implementation

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Legal and Regulatory Developments for Privacy and Security

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Cyber Security Technologies

ISAO SO Product Outline

Caribbean Cyber Security: Not Only Government s Responsibility

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

RESOLUTION 130 (Rev. Antalya, 2006)

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

The NIST Cybersecurity Framework

Control Systems Cyber Security Awareness

Cybersecurity, safety and resilience - Airline perspective

Statement for the Record

NIS-Directive and Smart Grids

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Commonwealth Cyber Declaration

Global cybersecurity and international standards

HPH SCC CYBERSECURITY WORKING GROUP

RESOLUTION 45 (Rev. Hyderabad, 2010)

Critical Infrastructure Sectors and DHS ICS CERT Overview

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

ENISA EU Threat Landscape

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

California Cybersecurity Integration Center (Cal-CSIC)

RESOLUTION 130 (REV. BUSAN, 2014)

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Critical Infrastructure Analysis and Protection - A Case for Secure Information Exchange. August 16, 2016

Florida Regional Domestic Security Task Forces

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

STRATEGIC PLAN. USF Emergency Management

Cyber Management for Ports Results of Small Port Cyber Security Workshops

Best Practices in Public Information Management in Sri Lanka. Presented by Nimal Athukorala D.C. Dissanayake

Why you should adopt the NIST Cybersecurity Framework

Critical Infrastructure Resilience

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

Call for Expressions of Interest

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Cyber Security Strategy

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

G7 Bar Associations and Councils

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Medical Device Cybersecurity: FDA Perspective

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Panel 1 National CSIRT Experience

Member of the County or municipal emergency management organization

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Directive on Security of Network and Information Systems

Lao PDR Practice for Information Security

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Regional Development Forum For the Arab States(RDF-ARB) 2018

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

ENISA Cooperation in the EU / NIS Directive

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Mississippi Emergency Management Agency. Brittany Hilderbrand & Kamika Durr. Office Of Preparedness

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

Office of Infrastructure Protection Overview

Collaboration on Cybersecurity program between California University and Shippensburg University

Introduction to the National Response Plan and National Incident Management System

Cyber Security and Cyber Fraud

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

Cybersecurity for ALL

Department of Management Services REQUEST FOR INFORMATION

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Legal Foundation and Enforcement: Promoting Cybersecurity

Transcription:

Vietnam Computer Emergency Response Team - VNCERT About Issues in Building the National Strategy for Cybersecurity in Vietnam Vu Quoc Khanh Director General

Outline Internet abundance Security situation National Strategy

Fast-growing Internet Usage Million 90 80 70 60 50 40 30 20 10 0 14.68 10.71 6.35 3.1 0.2 2000 2003 2004 2005 2006 Internet exchange service Providers: 4 Internet access Service providers: 21 Internet Online Service Providers: 19 Year Internet users Population

Fast-growing Internet Usage High speed Internet subscribers 600,000 516,569 500,000 400,000 300,000 200,000 100,000 0 210,024 52,705 9,180 2003 2004 2005 2006 Year

Some statistics Internet Usage Statistic (12/2006) Number of convert subscribers 4.059.392 Internet Users 14.683.783 Penetration Ratio 17.67 % Total Internet bandwidth Total flow volume exchanged by VNIX (IPX) 7.076 Mbps 6.011.634 Gbytes Total number of.vn domains 34.924 Total number IP addresses issued 1.862.400 Number of high speed internet subscribers 516.569

Trends in near future New technologies: Broadband, Wireless and Wimax, NGN, IP-Phone, Phone, IP-TV TV Convergent services E-Government E-Business, E-commerceE

Internet security situation Network security Incidents Attack incidents: virus, web hacking, DoS & Ddos attack, spam Computer crimes: ATM & credit cards thieft, Mobile phone account robbery, Attack to competitive company, Slander Trends: statistics follow the common rule in the developed countries. Network security environment Information Security Services Changes in legal environment

Network security incidents Serious reported incidents: 29 Types of serious incidents 7% 17% 14% DDoS Disperse virus Deface website 38% Fraud 24% Phishing

Attacks from overseas 250 234 200 150 100 50 0 89 41 28 39 8 18 25 7 12 2002 2003 2004 2005 2006 Total Gov

Computer virus booming New viruses appear in 6-11/2006 180 160 140 120 100 80 60 40 20 0 155 101 102 70 49 27 6 7 8 9 10 11 New viruses Month

Existing legal environment Legislation Electronic Transaction Law had been passed by the National Assembly on 29/11/2005. This Law regulates electronic transactions within government agencies, civil and business activities. Law on Information Technology were promulgated at 9th Session of the National Assembly's Legislature XI on 29 June 2006, became effective from 1st January 2007. A series of Decrees for both these Laws is continuing to be promulgated. To prepare some directives on network security. Lask of Laws applicable to cybersecurity Civil Code of Vietnam don t consider practically many types of cybercrimes. Other laws concern cybersecurity only in general, so some additional degrees or regulations for explaining are required.

Main Problems Cyberspace and Internet today are full of Threats and Vulnerabilities. Main Problems today are to: Define critical infrastructures. Intensify legislation and update the legal environment. Establish the National Strategy for Cybersecurity. Set up all necessary conditions for implementation of the National Strategy.

Information critical infrastructures Example from the US definition Sector Sector-specific agencies 1 Agriculture Department of Agriculture 2 Banking and finance Department of the Treasury 3 Chemicals and hazardous materials Department of Homeland Security 4 Defense industrial base Department of Defense 5 Emergency services Department of Homeland Security 6 Energy Department of Energy 7 Food Department of Agriculture and Department of Health and Human Services 8 Government Department of Homeland Security 9 Information technology and telecommunications Department of Homeland Security 10 Postal and shipping Department of Homeland Security 11 Public health and healthcare Department of Health and Human Services 12 Transportation Department of Homeland Security 13 Drinking water and water treatment systems Environmental Protection Agency

Information critical infrastructures in Viet Nam What are criteria to help defining a National critical infrastructure to be critical in cyberspace? What is in Viet Nam? All have to be defined? The answers are open. Sector 1 Banking and finance? 2 Government? 3 Information and telecommunications? 4 Defense? 5 Transportation? 6 Energy? 7 What else?

National Strategy for CyberSecurity Viet Nam needs to develop it s s own strategy for cybersecurity. There are many issues concerning the national strategy for cybersecurity need to be discussed for working out it s s frameworks. Strategic Objectives Prevent cyber attacks against national critical infrastructures; Reduce national vulnerability to cyber attacks; Minimize damage and recovery time from cyber attacks.

National Strategy for CyberSecurity (2) The Government Role and Public-private partnerships? The industries and private sector are best equipped and structured to respond to an evolving cyber threat. A government role in cybersecurity is warranted in cases: Requiring ensuring the safety of its own cyber infrastructure government essential missions and services high transaction costs or legal barriers lead to significant coordination problems; Operating in the absence of private sector forces; raising awareness.

National Strategy for CyberSecurity (3) Government actions are warranted for purposes: forensics and attack attribution, protection of networks and systems critical to national security, indications and warnings, protection against organized attacks capable of inflicting debilitating damage to the economy. Public-private partnerships can usefully confront coordination problems, take a variety of forms and will address awareness, training, technological improvements, vulnerability remediation, and recovery operations. Government activities should also support research and technology development.

National Strategy for CyberSecurity (4) Department of CyberSecurity (DCS) The Viet Nam government consider establishing in MIC a department playing role of DCS with important responsibilities in cybersecurity: Developing a comprehensive national plan for securing the critical infrastructure of the country; Providing crisis management for critical information systems; Providing technical assistance to the private sector and other government entities with respect to emergency recovery plans; Coordinating with other agencies of the government to provide warning information and advice about protective measures & countermeasures Performing and Promoting research and development A national center of excellence for cybersecurity and provide a focal point for outreach to government & nongovernmental organizations. A national POC with oversea cyberresponse forces.

National Strategy for CyberSecurity (5) Six Critical Priorities for Cybersecurity I. A National Cybersecurity Response System; II. A National Cybersecurity Threat and Vulnerability Reduction Program; III. A National Cybersecurity Awareness and Training Program; IV. Securing Governments Cyberspace; V. National and International Cybersecurity Cooperation. VI: Improving National legal environment and policy for cybersecurity

National Strategy for CyberSecurity (6) Priority I: A National Cyberspace Security Response System Needs a partnership between government and industry Major actions for cyberspace security response: 1. Establish a public-private private architecture for responding to national-level level cyber incidents; 2. Provide for the analysis of cyber attacks and vulnerability assessments; a 3. Promote CERT/CSIRT network establishment in the country (the policy, standards, conditions for this CSIRT Network). 4.. Expand the cyber warning and information network to support coordinating crisis management for cybersecurity; 5. Improve national incident management; 6. Coordinate processes for development of national public-private private continuity and contingency plans; 7. Exercise cybersecurity continuity plans for national systems; 8. Improve and enhance public-private private information sharing involving cyber attacks, threats, and vulnerabilities.

National Strategy for CyberSecurity (7) Priority II: A National Cybersecurity Threat and Vulnerability Reduction Program Vulnerabilities result from weaknesses in technology and because of improper implementation and oversight of technological products. Major actions to reduce threats and related vulnerabilities: 1. Enhance law enforcement s s capabilities; 2. Create a process for national vulnerability assessments; 3. Apply the secured mechanisms of the Internet and appropriate standards; 4. Foster the use of trusted digital control systems/supervisory control and data acquisition systems; 5. Reduce and remediate software vulnerabilities; 6. Understand infrastructure interdependencies and improve the physical p security; 7. Prioritize cybersecurity research and development agendas; 8. Assess and secure emerging systems.

National Strategy for CyberSecurity (8) Priority III: A National Cyberspace Security Awareness and Training Program Major actions and initiatives for awareness, education, and training: 1. Promote a comprehensive national awareness program to empower all organizations, businesses, the general workforce, and the general population - to secure their own parts of cyberspace; 2. Foster adequate training and education programs to support the cybersecurity needs; 3. Promote government and private-sector (Public-private partnerships) support for well-coordinated, widely recognized professional cybersecurity certifications.

National Strategy for CyberSecurity (9) Priority IV: Securing Governments Cyberspace Major actions for the securing of governments cyberspace: 1. Continuously assess threats and vulnerabilities to government cyber systems; 2. Authenticate and maintain authorized users of cyber systems; 3. Secure government networks, especially wireless LANs; 4. Improve security in government procurement and outsourcing; 5. Encourage governments to consider establishing information technology security programs and participate in information sharing and analysis centers with governments- partners.

National Strategy for CyberSecurity (10) Priority V: National and International Cybersecurity Cooperation Major actions to strengthen the national and international cooperation: 1. Strengthen cyber-related related counterintelligence efforts; 2. Improve capabilities for attack attribution and response; 3. Improve coordination for responding to cyber attacks within the t national security community; 4. Facilitate dialogue and partnerships among international public and private sectors focused on protecting information infrastructures and promoting a culture of security ; 5. Foster the establishment of national watch-and and-warning networks and international information sharing 6. Encourage international drills, conference, workshop

National Strategy for CyberSecurity (11) Priority VI: Improving National legal environment and policy for cybersecurity Major actions to improve the national legal environment and policy for securing cyberspace: 1. Ensure the laws and procedures are comprehensive. - Update or approve new laws with respect to cybersecurity (especially in Civil Codes) - Intensify legislation process by promulgating new acts and degrees ees concretizing existing laws. 2. Promote application of well-nationally nationally-coordinated cybersecurity policies widely among all organizations and businesses in country. 3. Strengthen S standardization process Intensify information security standard building (firstly, apply the general ISO standards as important as standards about Information security management system and Information security management implementation)

Thank You for attention! Vietnam Computer Emergency Response Team 18 Nguyen Du, Hanoi Vietnam Phone: 084-4-945 945-55065506 Fax : 084-4-944 944-5307 Email vncert@mpt.gov.vn, office@vncert.vn

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback