Chương II Quyết định 05/2017/QĐ-TTg: Phân cấp tổ chức thực hiện ứng cứu sự cố bảo đảm an toàn thông tin mạng quốc gia

Chapter II

ASSIGNMENT OF DUTIES TO IMLEMENT EMERGENCY RESPONSE PLANS TO ENSURE NATIONAL CYBERINFORMATION SECURITY

Article 3. National Steering Committee on emergency response to ensure cyberinformation security

1. The National Steering Committee on information security shall perform functions of the National Steering Committee on emergency response to ensure cyberinformation security (hereinafter referred to as the “NSC”).

2. The NSC shall instruct Ministry of Information and Communications, Ministry of Public Security, Ministry of National Defence and relevant ministries and local governments to conduct emergency response activities to ensure the national cyberinformation security.

Article 4. Standing Committee on emergency response to ensure national cyberinformation security

1. Ministry of Information and Communications shall be the Standing Committee of the NSC (hereinafter referred to as the “Standing Committee”) and have the following duties and rights:

a) Make decisions on selection of response plans and take charge of instructing emergency response activities to ensure the national cyberinformation security;

b) Instruct the National Coordination Center to receive, collect and process information and reports on incidents that cause national cyberinformation insecurity and propose response plans;

c) Convene and instruct the Operations Division for response to national cyberinformation security incidents at the request of the National Coordination Center; instruct and assign duties to units in charge of incident response and members of the Response Network to develop response plans;

d) Take charge or assign the National Coordination Center to act as the national agency for cooperation with regulatory authorities of foreign countries or international organizations in responding to or handling incidents related to such countries;

dd) Inspect the compliance by relevant units and send reports to the NSC on emergency response to national cyberinformation security incidents.

2. Where necessary, Ministry of Information and Communications may take charge of establishing the Coordinating Board for emergency response to ensure national cyberinformation security (hereinafter referred to as the “National Response Coordinating Board”) that is comprised of: the head of Ministry of Information and Communications, who shall act as the Head of the National Response Coordinating Board, the National Coordination Center acting as the standing member and other members who are heads of Departments of relevant ministries.

Article 5. Steering Committees on emergency response to cyberinformation security incidents of ministries, ministerial-level agencies, the Government's affiliates and People’s Committees of provinces or central-affiliated cities

1. Steering Committees on Information Technology of ministries, ministerial-level agencies, the Government's affiliates and People’s Committees of provinces or central-affiliated cities shall perform functions of the Steering Committees on emergency response to cyberinformation security incidents within the scope of their management (hereinafter referred to as “Ministerial/ Provincial-level Steering Committees”).

In case of unavailability of the Steering Committee on Information Technology or depending on specific conditions, the ministry, ministerial-level agency, the Government's affiliate or the Provincial-level People’s Committee may consider establishing the Ministerial- or Provincial-level Steering Committee on emergency response to cyberinformation security incidents which shall be under the management of the head of Ministry or of the Provincial-level People’s Committee.

2. Responsibilities and rights of a Ministerial- or Provincial-level Steering Committee:

a) Instruct coordinating or response activities within the scope of its management; instruct its affiliates to cooperate and comply with orders of the National Coordination Center for coordination and/or response to incidents;

b) Convene and instruct the Incident Response Team or the Operations Division for response to cyberinformation security incidents of same level at the request of the specialized incident response unit;

c) Submit report and ask for instructions from the NSC via the Standing Committee on matters that arise during the implementation of duties beyond its competence; work under the management of the NSC via the Standing Committee and the National Cooperation Office.

Article 6. Specialized cyberinformation incident response units

1. Specialized cyberinformation incident response units are agencies in charge of information security or information technology of ministries or Provincial-level People’s Committees (hereinafter referred to as the “Specialized incident response units”).

Telecommunications or Internet enterprises and managing bodies of large-scale information systems shall establish or appoint specialized units to respond to internal cyberinformation security incidents.

2. Specialized incident response units shall propose the establishment of incident response team and organize incident response activities within the scope of their management; participate in the emergency response activities to ensure the national cyberinformation security upon the request of the Standing Committee or the Coordination Center.

Article 7. National cyberinformation security incident response network

1. The national cyberinformation security incident response network (hereinafter referred to as the “Incident Response Network”) includes the following members:

a) Units in charge of incident response, information security or information technology of ministries, ministerial-level agencies, the Government's affiliates and central-level agencies; Departments of Information and Communications of provinces or central-affiliated cities;

b) Relevant agencies/ units affiliated to the Ministry of Information and Communications; The Authority of Information Security, Vietnam Computer Emergency Response Team (VNCERT), Vietnam Internet Network Information Center (VNNIC) and the Authority of Central Posts;

c) Relevant agencies/ units affiliated to the Ministry of Public Security: Authority of Cyber Security; Police Department for High-Tech Crime Prevention;

d) Relevant agencies/ units affiliated to the Ministry of National Defence: Department of Information Technology; Governmental Cipher Committee;
dd) Telecommunications infrastructure service providers, Internet service providers (ISP); data center service providers, lessors of digital data storage space; national database managing body; units in charge of information security or information technology of banks, financial institutions, state treasuries, tax agencies and customs agencies;

e) Organizations or enterprises managing or operating important information systems or SCADA systems (industrial control systems) in the following sectors: Energy, industry, healthcare, natural resources and environment, education and training, population and urban management.

2. Voluntary participants in the Incident Response Network are organizations or enterprises which are not specified in Clause 1 of this Article, are capable of information security or information technology and permitted to join the Incident Response Network by the National Coordination Center. Organizations or enterprises operating in information security or information technology; managing bodies of large-scale information systems, or banking or financial information systems, or SCADA systems; and other entities capable of information security are encouraged to join the Incident Response Network.

3. Vietnam Computer Emergency Response Team (VNCERT) that is the National Coordination Center for Incident Response (hereinafter referred to as the National Coordination Center or the Coordination Center) shall assume responsibility to:

a) Coordinate all incident response activities nationwide; have the rights to mobilize and coordinate members of the Incident Response Network and relevant organizations or units to cooperate in preventing, handling and remedying incidents in Vietnam; have the rights to decide the methods of coordinating incident response activities and assume responsibility for coordination orders/ requests;

b) Take charge of formulating operating regulations of the Incident Response Network; organize and manage the operation of the Incident Response Network; apply for and receive and manage contributions or financial aids from members of the Incident Response Network and other organizations or individuals and other legal funding sources in order to cover operating expenditures of the Incident Response Network; act as the national center for cooperation with foreign organizations or enterprises in response to cyberinformation security incidents.

c) Ministry of Information and Communications shall establish the Managing Board of the Incident Response Network, which is comprised of a head of the National Coordination Center who holds the position of the head of the Managing Board and other members being representatives of members of the Incident Response Network, to manage, cooperate and organize operations of the Incident Response Network.

4. Members of the Incident Response Network are responsible for complying with the operating regulations of the Network and coordination orders given by the National Coordination Center, and actively participating in operations of the Network. Telecommunications enterprises and Internet service providers (ISP) shall store and provide information concerning IP address of subscribers, servers, IOT equipment, log files and logs of domain name system (DNS) within the scope of their management; provide spaces for installing monitoring/ sampling equipment and provide data flows on the Internet to serve the supervision and detection of incidents upon request of the National Coordination Center; arrange 24/7 standing team and personnel and material resources to cooperate and develop solutions for responding to and remedying consequences of incidents in cases where the source of cyberattacks is originated from subscriber(s) under the enterprise’s management or at the request of the National Coordination Center.

Article 8. Operations Division for emergency response to ensure national cyberinformation security

1. The Operations Division for emergency response to ensure national cyberinformation security (hereinafter referred to as the "Emergency Response Operations Division") is convened and directed by the Standing Committee, and comprised of:

a) The National Coordination Center (Vietnam Computer Emergency Response Team (VNCERT) – standing member);

b) Authority of Information Security affiliated to Ministry of Information and Communications;

c) Authority of Cyber Security and the Police Department for High-Tech Crime Prevention affiliated to Ministry of Public Security;

d) Department of Information Technology and General Staff affiliated to Ministry of National Defence;

dd) Specialized cyberinformation incident response units of ministries, ministerial-level agencies, the Government's affiliates, Provincial-level People’s Committees, telecommunications enterprises, Internet service providers and the managing body of the national important information system.

2. The Emergency Response Operations Division shall have the rights to:

a) Implement operational measures, technical equipment and facilities as well as other appropriate measures within the ambit of assigned functions and duties in accordance with regulations of law;

b) Request relevant authorities, organizations and/or individuals to provide information, documents and/or equipment which are discovered relating to the incident in order to facilitate the incident response;

c) Inspect the information systems of authorities, organizations and/or individuals when there are well-grounded to determine that they are related to the incident in order to facilitate the incident response;

d) Request relevant telecommunications agencies/ enterprises and Internet service providers to cooperate in performing works necessary to respond to the incident.

3. The mechanism for cooperation and sharing of information between members of the Emergency Response Operations Division shall be performed in accordance with regulations of the law and decisions by the Prime Minister.