General review of network information security system after VNDirect was attacked

According to the Department of Information Security, through monitoring and supervising cyberspace, the Department of Information Security (Ministry of Information and Communications) has discovered an increasing trend of cyber attacks, especially ransomware attacks. Recently, a number of information systems of agencies, organizations and enterprises in Vietnam have been attacked, causing disruptions in operations and material and image damage to agencies, organizations and enterprises, as well as activities to ensure national cyberspace security.

The Department of Information Security recommends that agencies, organizations and enterprises review and implement network information security assurance for information systems under their management. Specifically: Units shall review and strengthen network information security assurance solutions for information systems, prioritizing monitoring and early warning solutions; assess information security assurance for information systems under their management; in case of detecting risks, vulnerabilities and weaknesses, it is necessary to immediately implement remedial measures, especially for information systems that store and process personal information and personal data and complete before April 15, 2024 and ensure information security at level 1.

Units and enterprises shall carry out related tasks according to Directive No. 09/CT-TTg dated February 23, 2024 of the Prime Minister on compliance with legal regulations and strengthening information system security by level, especially organizing statistics and classifying information systems under their management; develop a plan to complete regulations on ensuring information system security by level (according to monthly progress), ensuring that 100% of information systems in operation must be approved for information system security level by September 2024 at the latest and fully implement information security assurance plans according to the approved level proposal file by December 2024 at the latest.

Units and enterprises shall effectively, substantially, regularly and continuously implement information security assurance work according to the 4-layer model, especially improving the capacity of the professional monitoring and protection layer and maintaining continuous and stable connections and information sharing with the National Cyber Security Monitoring Center under the Department of Information Security, Ministry of Information and Communications; prioritize the use of network information security products, solutions and services produced or mastered by Vietnamese enterprises.

At the same time, units and enterprises develop incident response plans for information systems under their management according to the provisions of Circular No. 20/2017/TT-BTTTT on coordination and response to network information security incidents nationwide. Implement a plan to periodically back up systems and important data to promptly restore when data encryption attacks occur and report incidents to the Information Security Department according to regulations; participate in the national network for responding to network information security incidents according to the provisions of Article 7 of Decision No. 05/2017/QD-TTg dated March 16, 2017 of the Prime Minister.

Organizations and enterprises review and implement related tasks according to Directive No. 18/CT-TTg dated October 13, 2022 of the Prime Minister on promoting the implementation of activities to respond to information security incidents in Vietnam. Periodically conduct threat hunting to promptly detect signs of system intrusion. For systems that have detected serious security vulnerabilities, after fixing the vulnerability, it is necessary to immediately conduct threat hunting to determine the possibility of previous intrusion; check and update information security patches for important systems according to warnings from the Information Security Department and related agencies and organizations; periodically check, evaluate, and review to promptly detect information security vulnerabilities and weaknesses that exist on the system; Regularly and continuously use information security platforms developed and provided by the Department of Information Security (Ministry of Information and Communications) to support agencies, organizations and businesses: Use the National Cyber Security Incident Coordination Platform (IRLab) to receive guidance, early warnings and support for early handling of risks and incidents; use the Digital Investigation Support Platform (DFLab) in appropriate cases to organize incident response and receive support from state agencies and leading experts in information security.

Organizations and enterprises are requested to review, assign focal points for professional exchange and report implementation results to the Department of Information Security before April 20, 2024 for synthesis and reporting to competent authorities.