Chương IV Quyết định 05/2017/QĐ-TTg: Biện pháp bảo đảm thực hiện ứng cứu sự cố an toàn thông tin mạng quốc gia

Chapter IV

MEASURES TO ENSURE THE IMLEMENTATION OF RESPONSE ACTIONS AGAINST NATIONAL CYBERINFORMATION SECURITY INCIDENTS

Article 15. Requisition of property and suspension of operation of means of communication to serve emergency response to national cyberinformation security incidents

In course of implementation of the emergency response plan to ensure national cyberinformation security and at the request of the Standing Committee, regulatory authorities shall, within the competence prescribed by law, discharge the following duties:

1. Postpone or suspend the operation of electronic forms of contract or other activities originated from the information system when these activities are determined to cause extremely serious harms to the public interests or serious harms or extremely serious harms to the national defense and security.

2. Requisition means of communications, means of transport and other means as well as the users or operators of such means in emergency cases so as to fulfill emergency response tasks or prevent harms or potential harms to the society.

3. Mobilize resources within the scope of their management to conduct incident response actions.

Article 16. Formulation and implementation of response plans to cyberinformation security incidents

1. Agencies and units shall formulate and implement response plans to cyberinformation security incidents (hereinafter referred to as the “incident response plan”) to ensure human, material and financial resources and other necessary conditions to implement such incident response plans. To be specific:

a) The National Coordination Center shall formulate and submit the incident response plan to ensure national cyberinformation security and the operating plan of the Incident Response Network to the Ministry of Information and Communications for approval.

b) Specialized incident response units of ministries or central-level agencies shall formulate and submit incident response plans to ensure cyberinformation security for information systems of state agencies, political organizations or socio-political organizations within the scope of their management to the heads of managing bodies of such information systems for approval.

c) Specialized incident response units affiliated to People’s Committees of provinces or central-affiliated cities shall formulate and submit incident response plans to ensure local cyberinformation security to Chairpersons of Provincial-level People’s Committees for approval.

d) Members of the Incident Response Network, organizations or enterprises managing the information systems on the List of national information systems, large-scale information systems or SCADA systems shall formulate, approve and implement incident response plans to ensure cyberinformation security for their information systems.

2. Relevant agencies and units shall formulate incident response plans to ensure cyberinformation security according to the outlines provided in the Appendix II herein with paying special importance to the following contents: Attack scenarios, risks and incidents that might occur, response plans according to attack scenarios, estimated circumstances and training activities. Where necessary, Ministry of Information and Communications shall consider adjusting certain contents of the outlines in conformity with the actual situation and requirements for response to cyberinformation security incidents.

3. The National Coordination Center shall instruct the formulation and implementation of incident response plans and backup plans for responding or handling cyberinformation security incidents; organize training or drilling activities on the regional, national and international scale; conduct regular inspection and assessment of the implementation of incident response plans by ministries, local governments and organizations/ enterprises.

Article 17. Funding

1. Funding for implementing coordination, response and recovery plans against cyberinformation security incidents is provided by: The central-government budget, local-government budgets, budget of enterprises and other legal sources of funding as regulated by law.

2. Funding for conducting response actions against cyberinformation security incidents is included in the estimates of state budget expenditures of ministries, central-level agencies and local governments (including development investment expenditure and recurrent expenditure), managed, used and recorded into accounts according to state budget levels as prescribed in the Law on State Budget and its instructional documents. Funding shall be allocated according to the following principles: Regulatory authorities shall their own sources of funding to cover expenditures for their activities or personnel. To be specific:

a) The central-government budget shall allocating funding for:

- The activities of directing, managing and inspecting incident response actions of the NSC, the National Coordination Center and the National Standing Committee;

- Funding for activities of the National Coordination Center consists of: Funding for performing relevant activities within the scope of responsibility of the National Coordination Center as prescribed in Articles 7, 11, 12, 13, 14 and 16 herein; funding for ensuring regular operations; detecting and warning activities; training and drilling activities; purchasing, upgrading and extending software copyright, equipment, facilities and tools for performing international cooperation for cyber security; funding for formulating and implementing incident response plans; provisions for responding to national serious incidents; funding for assisting ministries and local governments in coordinating and handling incidents; funding for hiring technical services, organizing and maintaining operation of incident response specialists team and incident response operations division; funding for managing and organizing operation of the Incident Response Network; disseminating, training, organizing conferences of the network, doing specialized research and maintaining technical specialists team, improving and developing operation of incident response teams; funding for inspecting, scanning and assessing information security; collecting, analyzing and sharing incident-related information; assisting in formulation and application of ISO 27xxx standards and international standards on cyberinformation security; performing specific operations to ensure cyberinformation security for the important information systems of the Government;

- Ministries and central-level agencies shall, pursuant to regulations herein, prepare annual estimates of expenditures for performing relevant activities within the scope of their management as prescribed in Articles 7, 11, 12, 13, 14 and 16 herein; funding for formulating and implementing their incident response plans; provisions for responding or handling incidents occurring on the information systems under their management; funding for training and drilling activities, and operations of the incident response teams; funding for monitoring, supervising, scanning and assessing the information security; funding for assisting in formulation and application of ISO 27xxx standards and performing specific operations to ensure cyberinformation security for the information systems under their management.

b) Local-government budget shall provide funding for activities of the Steering Board, specialized incident response units and local incident response teams, consisting of: Funding for performing relevant activities under the management of local governments as prescribed in Articles 7, 11, 12, 13, 14 and 16 herein; funding for implementing local incident response plans; provisions for responding or handling incidents occurring on the information systems under the management of local governments; funding for training and drilling activities, and operations of the local incident response teams; funding for monitoring, supervising, scanning and assessing the information security; funding for assisting in formulation and application of ISO 27xxx standards and performing specific operations to ensure cyberinformation security for the information systems under their management.

c) Enterprises shall provide funding for performing relevant activities within the scope of their management as prescribed in Clause 4 Article 7, Articles 11, 12, 13, 14 and 16 herein; funding for implementing enterprises' incident response plans and backup plans for response to incidents attacking the information systems under their management; supervision activities, providing information and participating in incident response plans; organizing training and drilling activities and maintaining operations of incident response teams and other duties assigned to enterprises. These spending items may be accounted as the enterprises’ business expenses. Telecommunications enterprises and Internet Service Providers must arrange funding for monitoring and handling incidents to ensure cyberinformation security on their Internet connections and may aggregate this funding into their business expenses.

d) The managing bodies of information systems must arrange funding for implementing incident response plans as well as backup plans for handling incidents, remedying impacts, restoring data and continuing normal operations of their information systems.

dd) The Vietnam Public-utility Telecommunication Service Fund (VTF) shall provide funding for performing coordination or response actions to ensure cyberinformation security, which are not supported or partially supported by state budget, including operations of the National Coordination Center, incident response operations divisions convened by the Standing Committee, operations of the national incident response network, hiring technical services, organizing and maintaining incident response specialists teams affiliated to the National Coordination Center, covering losses of telecommunications enterprises or Internet Service Providers from the handling, prevention or response to national serious incidents, and other relevant activities which are not supported or partially supported by state budget.

e) Ministry of Finance shall take charge and cooperate with Ministry of Information and Communications in instructing allocation of funding for performing the activities of coordination and response to ensure cyberinformation security in accordance with regulations of this Article.