Questions & Answer
Publish 05/01/2021
QUESTION:
Please let me know what kind of national security information systems includes? How is the response to and troubleshooting of security issues for important national security information systems implemented?
ANWSER:
v National security information systems
A national security information system is an information system which will cause serious cybersecurity issues if is broken down, infiltrated, overridden, interfered with, disrupted, paralyzed, attacked or sabotaged.
According to Clause 2 Article 10 of Law on Cybersecurity 2018, the national security information systems include:
– Military, security, diplomacy and cryptography information systems;
– Systems for archiving and processing state-secret information;
– Information systems serving storage of particularly important items and documents;
– Information systems serving storage of materials or substances that are particularly harmful to humans or the environment;
– Information systems serving storage, manufacturing and management of other facilities relevant to national security;
– Important information systems serving operation of central organizations;
– National information systems serving energy, finance, banking, telecommunications, transport, resources and environment, chemical, health, culture and press authorities;
– Automatic monitoring and control systems at important works relevant to national security or national security targets.
The Prime Minister shall promulgate and revise the list of national security information systems for each specific period.
v Response and remediation of cybersecurity incidents occurring to National security information systems.
Response and remediation of cybersecurity incidents occurring to National security information systems include the following activities:
– Discovery and identification of cybersecurity incidents;
– Scene protection and evidence collection;
– Limiting the scope of and damage caused by the incident;
– Determination of the scope of response and subjects that need assistance;
– Verification, analysis, assessment and classification of the cybersecurity incident;
– Execution of the response and remediation plan;
– Identifying causes and origins of the incident;
– Investigation and handling;
The responsibility of individual, organization in response and remediation of cybersecurity incidents occurring to National security information systems including:
- Administrators of national security information systems shall devise plans for responding to and remediating cybersecurity incidents that occur to their systems; implement such plans in case a cybersecurity incident occurs and promptly inform the competent cybersecurity force.
- Coordinating response and remediation of cybersecurity incidents occurring to national security information systems:
– Professional cybersecurity forces of the Ministry of Public Security shall coordinate response and remediation of cybersecurity incidents that occur to national security information systems other than those mentioned in Point b and Point c of this Clause; participate in cybersecurity incident response and remediation activities on request; inform the system administrators whenever a cyberattack or cybersecurity incident is discovered;
– The professional cybersecurity force of the Ministry of National Defense shall coordinate response and remediation of cybersecurity incidents that occur to military information systems;
– Vietnam Government Certificate Authority shall coordinate response and remediation of cybersecurity incidents that occur to their cryptography systems.
- Other organizations and individuals are responsible for participating in response and remediation of cybersecurity incidents that occur to national security information systems at the request of the coordinating authority./.