The Law on Information Security promulgated in 2015 institutionalized the Party and State's guidelines, policies and guidelines on network information security, meeting the requirements of sustainable socio-economic development, protecting information and information systems, contributing to ensuring national defense, security, sovereignty and national interests in cyberspace. Accordingly: "Network information security is the protection of information and information systems on the network from unauthorized access, use, disclosure, interruption, modification or destruction to ensure the integrity, confidentiality and availability of information".
After 35 years of innovation, Vietnam's information system has developed strongly, effectively serving the leadership, management and administration of the Party and State, meeting the information needs of society, contributing to ensuring national defense and security of the country. The fields of telecommunications, Internet, and radio frequencies have developed strongly, achieving the goal of completely digitizing the network, developing many new services, expanding the scope of service, and initially forming new services. Strong enterprise, capable of reaching regional and international levels. The postal delivery, press, and publishing systems have developed rapidly in terms of quantity, quality, and professional techniques, making important contributions to socio-economic development; ensure national defense, security and foreign affairs of the country.
However, the information security situation in Vietnam has been experiencing complicated developments. Foreign special agencies, hostile and reactionary forces strengthen intelligence, espionage, terrorist activities, and sabotage information systems; spreading bad and harmful information to influence internal politics, interfere and direct Vietnam's policies and laws. Increased cyber attack activities targeting important national information systems and information systems important for national security. According to statistics, on average each year, through inspection and control, the authorities have discovered over 850,000 psychological warfare, reactionary, international amnesty, and illegal heretical propaganda documents; Nearly 750,000 propaganda documents against the Party and State were distributed into Vietnam by post. From 2010 to 2019, there were 53,744 information portals and websites with .vn domain names attacked, including 2,393 information portals and websites of Party and State agencies. gov.vn", many political attacks appeared, causing serious consequences.
Information security content
According to the Vietnamese dictionary: Safety is understood as the state in which people, equipment, and the environment are protected and prevented from harmful agents that may arise (or are potential) due to subjective, objectivity in life.
Network information security “is the protection of information and information systems on the network from unauthorized access, use, disclosure, interruption, modification or destruction to ensure the integrity, confidentiality and availability of information”.
Cybersecurity “is the assurance that activities in cyberspace do not harm national security, social order and safety, and the legitimate rights and interests of agencies, organizations, and individuals.”
Criminals use high technology
Currently, the laws of many countries in the world such as Australia, the US, and the UK have definitions related to this crime, such as: high-tech crime, computer crime, computer-related crime, cybercrime,...
In Australian Criminal Code, high-tech crime is defined as “the illegal intrusion of a computer; Unauthorized modification of data including destruction of data; denial of service (DoS) attack; distributed denial of service (DDoS) attack; creating and distributing malware”.
According to Blacks Law Dictionary, computer crime is defined as: “a crime that requires knowledge of computer technology, such as damaging or stealing computer data or using a computer to commit some other crime”.
In Vietnam, according to Clause 1, Article 3, Decree No. 25/2014/ND-CP of the Government dated April 7, 2014 stipulates: "Crime using high technology is a socially dangerous act regulated in the Penal Code that uses high technology".
According to Clause 1, Article 3 of the 2008 High Technology Law, it is stipulated: “High technology is technology with a high content of scientific research and technological development; integrated with modern scientific and technological achievements; create products with superior quality, features, high added value, and are environmentally friendly; plays an important role in forming new manufacturing and service industries or modernizing existing manufacturing and service industries.
Current status of network information security in the world
In the 4.0 Industrial Revolution, information is a form of resource. Therefore, ensuring information security and safety is an important and urgent task. However, currently, threats from cyberspace are constantly increasing and changing rapidly.
The network information security situation is complicated, with attacks, intrusions, and data theft continuously occurring on the network systems of government agencies, national security and defense establishments, economic corporations, and agencies. media of many countries. For example, attacks on the email system of the US State Department, the computer system of the White House, the German House of Representatives, the Australian Ministry of Foreign Affairs, etc.
Finance is the biggest target motivating hackers to take action, with 73% of cyber attacks; Politics and intelligence were the second largest targets, with 21% of attacks.
Current status of information security in Vietnam
In 2011, over 1,500 Vietnamese information portals were hacked using spyware in the form of image files to infiltrate, control, and install malware to change the homepage interface.
In 2012 - 2013, the Ministry of Public Security discovered that nearly 6,000 information portals and electronic news sites in Vietnam (including more than 300 pages of state agencies) were attacked, edited with content and installed code. poison.
In 2014, after the HD 981 oil rig was illegally placed in Vietnam's exclusive economic zone, foreign hackers attacked more than 700 Vietnamese websites and more than 400 pages during the National Day (September 2) to inserting content that distorts Vietnam's sovereignty over the Hoang Sa archipelago.
At the end of 2014, hackers also launched an attack on VCCorp's data center, causing many newspapers that this company was technically operating such as Soha, Kenh14... to be paralyzed.
In 2015, over 2,460 websites of agencies and businesses were hacked. The risk of malware and the explosion of the Internet of Things (IoT) creating a large “market” for hackers are cybersecurity risks that users must face.
Notable in 2016 was the cyber attack on a number of flight information display screens at the check-in areas of Tan Son Nhat international airports, Noi Bai international airports, and international airports. Da Nang, Phu Quoc airport. Airport screens have been inserted with distorted images and content about the East Sea.
In 2017, a ransomware called Wanna Cry became a threat. In Vietnam, more than 100 computers were infected. Wanna Cry is a type of malware that attacks victims' computers via email attachments or malicious links.
In 2018, the damage caused by computer viruses to Vietnamese users reached a record level of 14,900 billion VND, equivalent to 642 million USD, 21% more than the damage in 2017.
According to data from the Ministry of Information and Communications, out of a total of 3,159 cyber attacks on information systems in Vietnam in the first 6 months of 2019, there were 968 attacks that changed the interface, 635 attacks that installed Malware and 1,556 phishing attacks.
In 2020, a total of 1,056 cyber attacks on information systems in Vietnam resulted in incidents (553 Phishing, 280 Deface, 223 Malware). More than 73,000 IP cameras in the world, including nearly 1,000 cameras in Vietnam, are being monitored. The reason is that users are not in the habit of paying attention to the security of these devices and do not change the system's default password before connecting to the Internet. Securing IoT devices is very important, especially when users are not in the habit of paying attention to the security of these devices.
In 2019, the number of cyber attacks on Vietnamese information systems tended to decrease (about 45.9%) compared to the same period in 2018.
In 2020, the number of cyber attacks on information systems in Vietnam decreased (about 51.4%) compared to 2019.
Achieving the above results shows the improvement of awareness and skills in ensuring network safety and security for agencies, organizations and users, through conferences, seminars as well as training programs. training, rehearsal. In addition, legal regulations and sanctions are more complete and deterrent such as the introduction of the Law on Cyber Security effective from January 1, 2019. The coordination and compliance of major Internet organizations in the world with Vietnamese law is also better. In particular, the awareness of information security of organizations and individuals has been improved, proactive defense measures have been better, and information security assessment work has been carried out more.
In Directive 01/CT-BTTTT dated January 3, 2020 on the development orientation of the Information and Communications industry in 2020, the Minister of Information and Communications emphasized: "Network safety and security are conditions prerequisite for developing e-Government and digital transformation, so we must be one step ahead.”
Directive 01 clearly states the targets to be achieved in 2020 in the field of network safety and security, such as: 100% of agencies and organizations in Vietnam deploy network safety and security protection according to the 4-layer model; 100% of ministries, branches and localities deploy solutions for operating, monitoring network safety and security, preventing centralized malware, connecting and sharing information with the National Cyber Security Monitoring Center of the Ministry of Information and Communications.
The dangers of malware and some issues to keep in mind when using online applications
There have been many cyber attacks taking place worldwide, causing huge socio-economic damage. Especially when public opinion is paying a lot of attention to the developments of the Covid-19 epidemic and announcements and instructions on epidemic prevention from authorities and medical organizations, hackers have increased their forgery. These notices and instructions are used to spread malicious code and carry out phishing attacks. Furthermore, when countries around the world implement quarantine measures and reduce social contact to limit the spread of epidemics, many agencies, organizations, and businesses switch to working in an online environment during this time. Short time leads to some limitations, such as:
(1) Hackers interfere with online data such as changing content, inserting inappropriate content;
(2) The application manufacturer illegally collects users' personal data and shares it with third parties without the user's knowledge;
(3) State secret data, business secrets, and internal secrets of agencies, organizations, and businesses are exposed when users exchange through online applications;
(4) Hackers use online applications to control cameras and microphones on users' devices;
(5) The number of users increased suddenly but the manufacturer did not promptly upgrade the software and appropriate technical infrastructure, leading to a decrease in service quality.
Legal basis, Solutions to prevent and combat violations of the law in cyberspace
The 2015 Penal Code, amended and supplemented in 2017 (hereinafter referred to as the Penal Code), took effect from January 1, 2018 (consisting of 26 Chapters and 526 Articles), in which violations of the law in cyberspace are regulated in Section 2. Crimes in the field of information technology and telecommunications networks, Chapter XII includes Articles 285 to 294.
The Law on Information Security 2015 takes effect from July 1, 2016 (including 8 Chapters and 54 Articles).
The Cyber Security Law 2018 takes effect from January 1, 2019 (including 7 Chapters, 43 Articles) [6].
Measures:
First: Education to raise awareness about protecting national sovereignty, the benefits and dangers of cyberspace.
Today, the concept of a country's territory, sovereignty, and borders is not only the land, islands, seas, and airspace, but also cyberspace territory and cyberspace sovereignty. Accordingly, cyber territory is an integral part of national territory, where cyber borders are determined and national sovereignty is exercised in cyber space.
Second: Propaganda, dissemination and education of legal regulations on cyberspace management.
Forms of education need to be applied diversely, richly and flexibly, such as: coordination between authorities and agencies, localities, units, businesses, and educational institutions to organize specialized talks. , dissemination of law; Propagating the Law on Cyber Security; competitions to learn about information security; Contribute to the development of cyber security education programs for educational institutions or participate in compiling documents related to cyber security.
Third: Foster skills to identify cyber attack plots, tricks and forms arising in cyberspace.
Cyber attacks are diverse and sophisticated, such as: losing Internet connection, crashing websites of governments, agencies, units, schools, and businesses; impersonating websites for fraud purposes; installing on personal computers or stealing accounts and passwords; stealing personal data (images, files, videos); attacking with malware (via email attachments or hidden in Skype ads); anonymous attacks with malicious software (antivirus software, browsers); attacking via USB, CD, IP address, server, etc.
Fourth: Raise awareness of prevention, self-defense and use of technical measures to overcome consequences in case of cyber attacks.
Raise political awareness, responsibility, and civic duty for the task of protecting national cyberspace. Comply with legal regulations on cybersecurity protection; promptly provide information related to network security, threats to network security and other infringements, comply with requests and instructions of competent state management agencies; Help and create conditions for responsible people to take measures to protect network security.
Fifth: Promote the role and responsibility of specialized cybersecurity agencies, leaders and managers of localities, agencies, units, enterprises and schools in educating and raising awareness of mastering and protecting cyberspace.
Conclude
In the era of the 4.0 industrial revolution, information security is increasingly becoming an important content of national security. Researching information security and ensuring information security is always an urgent requirement. Today, information security is gradually becoming an important part of national security. The risk of information insecurity is a major and increasing threat to national security. The article focuses on analyzing and clarifying the information security situation in Vietnam under current conditions, clearly pointing out the current problems in ensuring information security and key solutions to improve efficiency. ensure Vietnam's information security in the coming time.
References:
Le Van Thang (2019), "Vietnam's information security in current conditions: Current status, problems and solutions", State-level scientific project, Hanoi.
Ministry of Public Security (2018), Report No. 403/BC-A68-P1 dated March 13, 2018 "Preliminary report on 04 years of implementing Directive No. 28-CT/TW of the Secretariat on strengthening security work" Ensuring security and network information safety in the new situation".
People's Police Academy - Theoretical Council of the Ministry of Public Security (2019). Professional dictionary of the Vietnam People's Public Security, People's Public Security Publishing House.
People's Police Academy, (2015). Textbook: Basic issues on preventing and combating crimes using high technology, People's Public Security Publishing House.
People's Public Security University of Technology and Logistics, (2020). Network Service Security Textbook, People's Public Security Publishing House.
National Assembly (2015), Law on Network Security 2015.
National Assembly (2018), Cyber Security Law 2018.
Politburo (2018), Resolution 30-NQ/TW dated July 25, 2018 on National Cyber Security Strategy.
Government (2019), Resolution 22/NQ-CP dated February 18, 2019 on promulgating the Action Program to implement Resolution No. 30-NQ/TW dated July 25, 2018 of the Politburo on the National Cyber Security Strategy.
Government (2018), Directive 02/CT-TTg dated July 4, 2018 on the protection of state secrets in cyberspace.