Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

Similar documents
About Issues in Building the National Strategy for Cybersecurity in Vietnam

The Implementation of National Single Window and ASEAN Single Window in Viet Nam

Towards an Egyptian Framework for CyberSecurity

Itu regional workshop

ThaiCERT Incident Response & Phishing cases in Thailand. By Kitisak Jirawannakool Thai Computer Emergency Response team (ThaiCERT)

IT Policy and Public Demand for IT in Vietnam

Regional Seminar On Costs and Tariffs of Telecommunication services

E-Signature Law of Iraq no. ( 78) of 2012

OAS Cybersecurity Capacity Building Efforts

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Broadband network initiatives and future plans in Vietnam

OVERVIEW OF VIETNAM S ICT SECTOR & EHEALTH IN VIETNAM. Geneve, 07/2012

Australian Government Cyber-security Activities in the Pacific

Resolution: Advancing the National Preparedness for Cyber Security

VNNIC UPDATE. Presented by: Oanh Nguyen Vietnam Internet Network Information Center (VNNIC) Taichung Sep, 2017

Lao PDR Practice for Information Security

Current Status and Prospect of Information Technology Development in Vietnam

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

1 History of CyberSecurity in the Philippines 2 3

Vietnam: Current status of IT Policy and IT flagship Projects

How Can NRA Contribute to the Improvement of IT Security? Rytis Rainys, Communications Regulatory Authority of the Republic of Lithuania

National Cybersecurity preparation to deal with Cyber Attacks

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

CYBERSECURITY INITIATIVES IN VANUATU

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014

The Arab ICT Organization

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

ASEAN s Cyber Confidence Building Measures

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

International Policy Division, Global Strategy Bureau

Implementing a National Strategy : the case of the Tunisian CERT

Co-operation with Law Enforcement Agencies in South Africa. 19 September 2008

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Caribbean Cyber Security: Not Only Government s Responsibility

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

CIRT: Requirements and implementation

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

ASREN Arab States Research and Education Network

Provisional Translation

Legal framework of ensuring of cyber security in the Republic of Azerbaijan

Procuring Telecommunications and ICT Solutions in China. Neil Gallagher Director of Sales - Europe 31 st October 2018

UNODC tackling cybercrime in support of a safe and secure AP-IS

Information Security of the Beijing 2008 Olympic Games. Yonglin ZHOU

Presented by: Njei Check Head, Audit Security Division, ANTIC

INTERNATIONAL TELECOMMUNICATION UNION

ITU-ACMA Asia Pacific Regulators Roundtable July 2014

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Promoting Global Cybersecurity

Republic of Indonesia. ARF Defense Officials Dialogue Seoul, April 2009

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

CTO, 26/04/2013. B.P 6170 Yaoundé Tél : (+237) Internet :

VNNIC NIR operations and present status

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

APNIC input to the Vietnam Ministry of Information and Communications ICT Journal on IPv6

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

Viet Nam. Regulatory view on OTT Services

DHS Cybersecurity: Services for State and Local Officials. February 2017

Cybersecurity Strategy of the Republic of Cyprus

ITU-IMPACT. Regional Cybersecurity Forum - CLMV

NATIONAL DISASTER MANAGEMENT FRAMEWORK IN VIETNAM

Forum. Ningbo, China 25 February

Legal and Regulatory Developments for Privacy and Security

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Cybersecurity & Spam after WSIS: How MAAWG can help

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

ENISA s Position on the NIS Directive

Cybersecurity for ALL

Also please refer to Federal Law # 99-FZ dated July 15, 2000 "On Quarantine of Plants"

Overview on the Project achievements

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Cyber Security in Europe

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

ICT PROGRESS IN AFGHANISTAN

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

ECOWAS Cyber security Agenda

RESOLUTION 45 (Rev. Hyderabad, 2010)

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

INFORMATIZATION AND COMMUNICATION DEVELOPMENT TRENDS IN ARMENIA

INDONESIA S PERSPECTIVE ON CYBER TERRORISM

Package of initiatives on Cybersecurity

Ministerial Meeting 19 th June 2015 Nuku alofa, Tonga

Valérie Andrianavaly European Commission DG INFSO-A3

ENISA Cooperation in the EU / NIS Directive

Virtual Currencies and The Commonwealth. 1 June 2016

KENYA YOUR RELIABLE PARTNER AT THE ITU. Candidate for the ITU Council in Region D

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Cybersecurity Governance Framework in Vietnam: State of Play, Progress and Future Prospects

Discussion on MS contribution to the WP2018

JOINT MEDIA STATEMENT

REGISTRATION DIVISION

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

Cyber Security in Europe and CEER s new PEER initiative

Transcription:

Vietnam Computer Emergency Response Team Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges Vu Quoc Khanh, Director General of VNCERT

Cybersecurity situation in Viet Nam 2

Million Fast-growing Internet Usage Internet exchange service Providers (IXP) : 7 Internet access Service Providers (ISP) : 15 Internet Online Service Providers (OSP) : 19 Year Source: VNNIC 3

Fast-growing Internet Usage High speed Internet subscribers Year Source: VNNIC 4

Some statistics Internet Usage Statistic (06/2008) Number of convert subscribers 5,834,289 Internet Users 19,774,809 Penetration Ratio 23.50% Total Internet bandwidth Total flow volume exchanged by VNIX (IPX) 18,188 Mbps 24,331,984 Gbytes Total number of.vn domains 74,625 Total number IP addresses issued 3,852,800 Number of high speed internet subscribers 1,614,819 5

New technologies and services New technologies: Broadband, Wireless and Wimax, NGN, IP-Phone, Phone, IP-TV TV Convergent services E-Government E-banking, finance, securities E-Business, E-commerceE Game online, TV online 6

Internet security situation Cyber security Incidents Attack incidents: virus, web hacking, DoS & DDoS attack, spam Computer crimes: ATM & credit cards theft, Mobile phone account robbery, Attack to competitive company, Slander Trends: statistics follow the common rule in the developed countries. Cyber security environment Information security services Changes in legal environment 7

Network security incidents To the end of 2007 o Serious reported incidents: 29 (2006), 49 (2007) o Types of serious incidents 2006 2007 Source: VNCERT 8

Attacks from overseas Source: Zone-H 9

Computer virus booming New viruses appearance in period 6/2006-6/2007 Month Source: BKIS 10

Computer virus booming New viruses appearance in last 12 months Month Source: BKIS 11

VNCERT activities and challenges 12

VNCERT Official Team Name: Vietnam Computer Emergency Response Team Short Team Name: VNCERT Host Organization: Ministry of Information and Communications (MIC) of Socialist Republic of Viet Nam 13

Authority for cybersecurity Not for further distribution without VNCERT s permission 1. By Prime Minister s s Decree No. 339/2005/ /2005/QĐ-TTg, dated 20 December 2005, VNCERT is - a department of the MIC (old name: MPT), - coordinating the activities in computer s s incident response, early warning, - building standards and conformity in network security, - facilitating the development of CERT/CSIRTs in Viet Nam, - being a contact point with foreign CERTs. - advising the Minister of MIC in regulation and policy of security issues in ICT areas. 2. MIC Minister s s Decision No. 13/2006/QD-BBCVT, dated 28 April 2006 defines the duties, functions and organization structure of VNCERT. 14

Role and responsibility of VNCERT 1. Coordinating all emergency activities for handling information security incidents and participating in preventing cybercrime and cyber-terrorism in Vietnam and within international framework of cooperation. 2. Collecting information of cybersecurity, collecting and analyzing cybersecurity data in Vietnam to facilitate information security management at state level. Monitoring the Internet in order to provide early warning. 3. Collecting and analyzing information security technologies and solutions in order to recommend to the internet community. 4. Carrying out research and cooperation with legislative organizations in order to build information security technical standards,. 5. Promoting the capacity of emergency incident handling and establishing the network of CERTs in the country. 15

Role and responsibility (cont ) 6. Participating in international organizations and cooperating with international CERTs. 7. Participating in state-management in the activities of information security associations and non-government organizations. 8. Having the right to provide technical security auditing service for information systems and information security products and technologies. 9. Having the right to provide other services in research, consultation, deployment, production and storage services to provide information network security. 10. Executing other Ministry s s duties. 16

Organization structure Ministry of Information and Communications VNCERT Branch in Da Nang City Branch in Ho Chi Minh City Administrative Office Division of Operation Division of System Techniques Division of Training and Consultancy 17 Division of Research and Development

Location map Head quarter: Hanoi Capital Branch 1 in Ho Chi Minh City (7/2008) Branch 2 in Da Nang City (8/2008) 18

VNCERT s s activities and challenges Activities for legal environment improvement, Incident response activities Community awareness raising activities Research and development activities Government and industry partnership 19

Changes in legal environment Electronic Transaction Law (11/2005). Start preparing technical regulations for InfoSec (3/2007) Gov Degree No63 about sanctioning of administrative IT violations (4/2007) Issuing of Gov Degree Anti - spam (2008) National InfoSec standards and Technical regulations (2009) Corrective/ supplementary version of Civil Codes (?) 2006 2007 2008 Law on Information Technology (6/2006, became effective from 01/2007). Minister s Directions about CyberSec (1/2007) Gov Degree No64 On Information Technology application in state agencies' operation (4/2007) Issuing of MIC regulation for cybersec coordination (2008) National CyberSec strategy for protecting IT infrastructures (2009) 20

Incident response 1st big coordination act (9/2006) Start ensuring cybersecurity for regular online activities (2/2007) Providing information security assessment services for organizations (8/2008) 2006 2007 2008 1st Incident handling act (6/2006) Cybersecurity Training service for organizations (12/2006 ) Start cross-border handling incidents (3/2007) Building capability for cybersecurity incident monitoring analyzing and early warning service (2009-2010) 21

Community awareness raising activities 1st training courses for government officials (12/2006) 1st bilateral International workshop (3/2007) 1st International Regional workshop (8/2007) 1st national event infosecurity day (11/2008) Cybersecurity technical courses (2009-2010) 2006 2007 2008 1st training courses for government officials (4/2007) Cybersecurity standards training courses (3/2007) Training program framework for government officials (2008-2009) 22

Research and development activities Starting cybersecurity technology researches (8/2006) Starting researches on building cybersecurity program frameworks and certificate system (5/2007) Linking to an international project on building a sensors management system (8/2008) 2006 2007 2008 1st cybersecurity drill (6/2006) Beginning cybersecurity standards researches (2/2007) Beginning of R&D project on building a NSM system (3/2008) Project for establishing a National cybersecurity technical center (2009-2010) 23

Government and industry partnership Country internal relationship (5/2006) APCERT membership( 5/2007) 1st Gov- Industry Partnership (4/2008) 1st International Cooperation MoU (6/2008) 2006 2007 2008 Contact with CERTs with national responsibility (6/2006) 1st big coordination act (9/2006) Establish of VNISA (12/2007) VNCERT- VNISA cooperation program (4/2008) 24

Activity beginning timeline Dec 05,2005, Primer Minister s Decree No 339/2005/QD-TTg 1st Incident handling act (6/2006) 1st coordination act (9/2006) Preparing technical regulations for InfoSec (3/2007) Gov Degree No64 about IT applications in gov org-s (4/2007) Establish of VNISA (12/2007) 1st Gov- Industry Partnership (4/2008) Establish of VNCERT branches (7/2008) 1st National InfoSec day (11/2008) 2006 2007 2008 1st drill (6/2006) Apr 06,2006, MPT Minister s Decision No 13/2006/QD-BBCVT Headquarter in Ha Noi running. 1st training course (12/2006) Minister s Direction about CyberSec (1/2007) 1st Inter workshop (8/2007) APCERT membership (5/2007) Beginning of R&D project on NSMsystem (3/2008) 1st Inter Coop-n MoU (6/2008) Cybersec Assessment service (8/2008) Issuing of Gov Degree Anti - spam (2008) 25

About challenges in Strengthening national incident response capability What to do ahead? Cooperation and coordination network (Need a regulation for coordination activities, internal coorperation scheme, international cooperation and collaboration) Research and security specialist training (drills, training programs, cybersecurity events, researching works ) Developing a R&D project for setting up a network security monitoring system (NSMS) Building a National cybersecurity technical center Developing a national strategy for CIIP Not for further distribution without VNCERT s permission 26

About challenges Not for further distribution without VNCERT s permission Main difficulties + Practical emptiness in legal environment + Lack of Technical cybersecurity facilities + Budget limitation + Human resources shortage. How can we overcome? + Take a advanced role in researching and drafting of legal and policy documents + Synchronous implementation of activities of all types from lower level to higher step by step + Develop continuous R&D program + International cooperation and collaboration is a short way 27

VNCERT contact Information Regular Phone Number Time-zone (relative to GMT): GMT +07:00 IDD Telephone number: +84 4 64044 23/24 IDD Facsimile Number : +84 4 64044 25/27 Days/hours of operation: 8AM-5PM Emergency Phone Number IDD Telephone number: +84 91869 9652 Days/hours of operation: 24/7 Other Communication Facilities Internet Domain Name:*.vn Email Address: office@vncert.vn, vncert@mic.gov.vn World Wide Web Server: http://www.vncert.gov.vn 28

Thank You for your attention! 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback