Quyết định 898/QD-TTg

DECISION

APPROVING THE ORIENTATION, OBJECTIVES AND DUTIES TO ENSURE THE CYBER INFORMATION SECURITY FOR THE PERIOD 2016-2020

PRIME MINISTER

Pursuant to the Law on organization of Government dated 19/6/2015;

Pursuant to the Law on Cyber Information Security dated 19/11/2015;

Pursuant to Decree No. 132/2013 / ND-CP dated 16/10/2013 of the Government regulating the functions, tasks, powers and organizational structure of the Ministry of Information and Communications;

Pursuant to Decision No. 63/QD-TTg dated 13/01/2010 of the Prime Minister approving the National Digital Information Security Development Planning by 2020;

Considering the recommendation of the Minister of Information and Communications;

DECIDES:

Article 1. Approving the orientation, objectives and duties to ensure the cyber information security for the period 2016-2020 with the following information:

I. ORIENTATION

1. Reforming and creating the powerful change in awareness and consciousness of compliance with the law on cyber information security of the whole society; mobilizing the social resources, especially from businesses involved in ensuring the cyber information security.

2. Promoting the development of product market and information security services; focus resources to ensure the information security for important information systems; deploying activities to ensure the cyber information security towards harmonious combination between the equipment investment and the application of management measures in accordance with appropriate technical regulations and standards.

3. Strengthening the national cyber information security and developing the adaptability proactively, flexibly and reducing the risks and threats of loss of cyber information (cyber resilience).

II. OBJECTIVES

In addition to the objectives in the National Digital Information Security Development Planning by 2020, the target for the period 2016-2020 is as follows:

1. Creating the powerful change in awareness of information security and the rate of incidents of cyber information security loss because the poor awareness, subjectiveness and carelessness of people is below 50%.

2. Improving the reputation of electronic transactions of Vietnam and removing Vietnam from the list of 20 countries with the highest rate of malware and spam infection in the world as ranked by international organizations.

3. Basically forming the technical regulation and standard system and the inspection and assessment system of information security.

4. Developing at least 5 information security products with Vietnamese brand widely used in domestic market. The Vietnamese enterprises shall play the leading role in the information security services market in the country.

III. DUTIES

1. Ensure the cyber information security on a national scale

a) Develop the requirements for ensuring the minimum cyber information security for the national important information system; strengthen the investment to ensure the cyber information security; make periodical inspection and assessment of cyber information security towards the national important information system.

b) Develop and update the national technical regulation and standard system on cyber information security; develop and guide the framework model of cyber information security management system in line with the international practices.

c) Invest in developing the platform systems to improve the technical capacity to ensure the cyber information security, including: Vietnam Internet attacking processing system; information security assessment and inspection system; electronic national authentication system.

d) Improve the capacity and effectively operate the incident rescue coordination network of cyber information security on a national scale.

dd) Organize periodical exercises to ensure the cyber information security and participate in international exercises.

e) Improve the capacity to prevent and control malware, improve the reliability of the nation in electronic transaction activities towards socialization.

2. Ensure the cyber information security in activities of organizations and bodies.

a) Develop, issue and regularly update regulations and policies to ensure the cyber information security in activities of organizations and bodies.

b) Apply the cyber information security management system in line with the technical regulations and standards in activities of organizations and bodies.

c) Assign the leadership to take charge and establish or appoint the key department to take responsibility for cyber information security.

d) Raise the awareness of information security for leadership and officials; provide the training in knowledge and skills of information security for officials with relevant responsibilities.

dd) Make investment to improve the technical capacity to ensure the cyber information security for information systems under management.

e) Develop the plan for response to the incidents of cyber information security and carry out the periodical inspection, assessment and exercises in cyber information security for the information systems under management; participate and coordinate in national training and exercise programs.

g) Develop and make plans for contingency and data backup to ensure the continuous activities of bodies and organizations; be ready to restore the normal activities of system after the incident of loss of cyber information security.

3. Develop the market of products and services of cyber information security.

a) Order the study, development and pilot production and make domestic information security products from the science and technology budget.

b) Support the investment promotion, training and development of human resources for medium and small-sized enterprises in the field of cyber information security.

c) Support the trade promotion, market expansion, brand development and promote the use of products and solutions to cyber information security with Vietnamese brand.

d) Support the development of some domestic products and services of cyber information security.

dd) Promote the application of public digital signature in social – economic activities; strengthen the outsourcing of cyber information security services provided by enterprises.

IV. SOLUTIONS

1. Complete the legal framework, mechanisms and policies.

a) Continue reviewing and issuing the legal normative documents, complete the legal framework of cyber information security.

b) Develop and issue the preferential policies to management experts and technicians of high level directly involved in ensuring the cyber information security.

2. Promote domestic and international cooperation

a) Develop mechanisms to coordinate and share information, experience lessons and interdisciplinary coordination between the relevant state bodies and domestic and foreign enterprises to ensure the cyber information security.

b) Participate in regional and international organizations and forums in the field of cyber information security; promote the cooperation and experience exchange with the countries in the world, especially the countries which are the comprehensive strategic partners, strategic partners, traditional partners of Vietnam.

3. Strengthen the apparatus and develop the human resources.

a) Establish the inter-ministry, sector and locality operation and coordination mechanism to implement the cyber information security activities.

b) Organize and maintain group of experts of cyber information security to support, consult and give recommendations to the competent authorities about response plans to ensure the national overall cyber information security.

c) Provide the training and develop the human resources of information security of Vietnam.

4. Propagate, disseminate and raise the awareness.

Carry out the activities of propagation, dissemination and raise of awareness and responsibility for information security.

V. FUND FOR IMPLEMENTATION

1. Capital

The central budget, local budget, Vietnam Public-utility Telecommunication Service Fund – VTF, the revenues of bodies and units permitted for use according to regulations, non-refundable aid capital and other legal funds.

2. Capital structure

a) The development investment capital from the central budget for the public investment program of the group of information technology development objective program is allocated to carry out the projects of the List mentioned in the Appendix I issued with this Decision.

b) The non-business capital from the central budget to carry out the tasks specified in the List of Appendix II issued with this Decision.

c) The local budget to ensure the fund for other projects and tasks of this Decision shall be implemented by the local bodies.

3. Prioritize the scientific and technological fund and the fund from national programs to develop high technology and national product development program to develop the domestic products, services and solutions and other tasks and projects under this Decision.

VI. IMPLEMENTATION

1. Ministry of Information and Communications

a) Coordinates with the ministries, sectors and People’s Committee of provinces and centrally-run cities and the relevant bodies and organizations to deploy, urge, inspect and make periodical summary and assessment of implementation result of this Decision; reports to the Prime Minister on the implementation result and recommends the modification or addition of content of this Decision in case of necessity.

b) Establishes the Executive Committee to coordinate, urge, inspect and guide the activities to ensure the cyber information security with a leader of the Ministry of Information and Communications as the Head of Executive Committee and the standing department of Executive Committee is a part-time unit of the Ministry of Information and Communications.

c) Coordinates with the Ministry of Defense and Ministry of Public Security to establish the interdisciplinary working group for annual inspection over the cyber information security of the ministries, sectors and localities; coordinates with the ministries, sectors and enterprises to establish the rapid response Group for analysis and response to the malwares.

d) Coordinates with the Vietnam Information Security Association to classify and assess the quality of products and services of information security and makes survey and assessment of level of cyber information security in bodies and organizations on the annual basis.

2. Ministry of Public Security

a) Carries out the cyber information security in activities of the Ministry of Public Security.

b) Coordinates with the relevant bodies to carry out the cyber information security for the important information systems of the country as per assigned functions and duties.

3. Ministry of Defense

a) Carries out the cyber information security in activities of the Ministry of Defense.

b) Coordinates with the relevant bodies to carry out the cyber information security for the important information systems of the country as per assigned functions and duties.

c) Coordinates with the Ministry of Information and Communications and the relevant ministries and sectors to promote the application of specialized digital signature and information security on the cyber system of the bodies and organizations of political system in accordance with regulations of law on cipher.

d) Coordinates with the relevant bodies to effectively deploy the monitoring system of information security on key information technology network of state bodies and organizations.

4. The Ministry of Science and Technology shall coordinate with the Ministry of Information and Communications to perform the tasks specified under Point a, Clause 3, Section III and the solutions under Point dd, Clause 5, Section IV of this Article; coordinate with the Ministry of Information and Communications to perform the tasks specified under Point b, Clause 1, Section III of this Article.

5. The Ministry of Finance, Ministry of Planning and Investment shall balance the state budget, recurrent expenditure, development investment expenditure under regulation to perform the tasks and solutions of this Decision.

6. The ministries and ministerial bodies, governmental bodies, People’s Committee of provinces and centrally-run cities.

a) Coordinate with the Ministry of Information and Communications, Ministry of Public Security and Ministry of Defense to carry out the cyber information security for the important information system of the country under the management of ministries, sectors and localities specified under Point a, Clause 1, Section III of this Article.

b) Direct the groups, corporations and enterprises under their management to review, assess and take measures to strengthen the cyber information security for information infrastructure systems, industrial control systems and other important information systems managed, operated and exploited by the enterprises.

c) Perform tasks to ensure the cyber information security in activities of the ministries, sectors and localities; link the activities of cyber information security to the application of information technology, development of e-Government specified in Clause 2, Section III of this Article.

d) Coordinate with the Ministry of Information and Communications to carry out the relevant activities specified in this Decision as per their assigned functions and duties.

7. The Party Central Office, Office of the President, Office of the National Assembly, Supreme People's Court, Supreme People's Procuracy, State Audit, Central Committee of the Vietnam Fatherland Front, Vietnam General Confederation of Labour, Ho Chi Minh Communist Youth Union Central Committee, Vietnam Women's Union Central Committee, Vietnam War Veteran Association, Vietnam Farmers’ Association shall, based on the contents of this Decision, carry out the cyber information security in their bodies and organizations.

8. Vietnam Information Security Association, Vietnam Software and IT Services Association, Vietnam Association for Information Processing Vietnam Internet Association, Vietnam E-Commerce Association.

a) Coordinate with the authorities of the Ministry of Information and Communications in implementing the contents of this Decision.

b) Mobilize the members and enterprises to actively study, develop, produce and provide products and services and solutions to cyber information security; mobilize the bodies and organizations to prioritize the use of products, services and solutions to cyber information security provided and produced by the enterprises.

9. Groups, corporations, state-owned enterprises, telecommunications enterprises, enterprises providing Internet services and enterprises operating in the field of information technology and communications shall, based on the content of this Decision, carry out the activities of cyber information security in the enterprises’ activities.

Article 2. This Decision takes effect on its signing date.

Article 3. The Ministries, Heads of ministerial bodies, Heads of governmental bodies, Chairmen of People’s Committee of provinces and centrally-run cities and the relevant organizations and bodies are liable to execute this Decision./.

APPENDIX I

LIST OF INVESTMENT PROJECTS GIVEN PRIORITY TO USE THE DEVELOPMENT AND INVESTMENT FUND SUPPORTED BY THE CENTRAL BUDGET
(Issued with Decision No. 898/QD-TTg dated 27/5/2016 by the Prime Minister)

APPENDIX II

LIST OF TASKS WITH PRIORITIZED USE OF NON-BUSINESS CAPITAL SUPPORTED BY THE CENTRAL BUDGET
(Issued with Decision No. 898/QD-TTg dated 27/5/2016 by the Prime Minister)