Vietnam has been ranked 25th out of 182 countries in Global Cyber Security Index (GCI) 2020 by the International Telecommunication Union – the UN’s ICT-specialised agency, up from the 50th and 100th positions in 2018 and 2017, respectively. This leap has exceeded Vietnam’s target to enter the GCI’s top 30 countries in 2030 (Prime Minister’s Decision No. 749/QD-TTg dated 3 June 2020), and demonstrates its determination and performance in assuring cybersecurity and tackling cybercrimes.
The Ministry of Public Security (MPS) – the central authority for cybersecurity – has been assertively investigating, detecting and prosecuting cybercrimes in the last few years. The enforcement practice has been centering on tackling illegal trade of personal data, unauthorized disclosure of personal data, and data theft. According to the MPS’s Proposal for building the Draft Personal Protection Decree, the Government’s priorities and legislative goals in crafting this instrument include tackling those three cybercrimes.
In 2019, Vietnam established the Vietnam Cybersecurity Emergency Response Teams/Coordination Centre (VNCERT/CC). This agency is dedicated to coordinating responses to security incidents and verifying information security nationwide. The establishment of VNCERT/CC was timely, considering a growing number of cyberattacks in Vietnam. Another body responsible for addressing major cybercrimes is Department of Cyber Security and Hi-tech Crime Prevention (A05 Department) under the MPS. Both VNCERT/CC and A05 Department have had great impact on cybersecurity assurance activities. Vietnam’s law requires the information system administrators promptly report cybersecurity incidents to the Vietnam Cybersecurity Emergency Response Team/Coordination Centre (VNCERT/CC). Online service providers must also report the risk of data breach to service users and the cybersecurity task forces.
In a similar vein, the Government issued Decision No. 942/QD-TTg on 15 June 2021 approving the e-Government development strategy towards the digital Government in the 2021 – 2025 period, with a vision to 2030. The strategy aims to bring Vietnam to the top 30 countries in E-Government Development Index in 2030. Notably, they set out specific responsibilities for national cybersecurity assurance. In particular, the government planned to develop systems for cybersecurity assessment, supervision and response to cybersecurity incidents for information systems related to national security pursuant to Cybersecurity Law. Developing a big data processing and analytics system to protect national cyber information security and establishing a response system for cyber information security incidents are among the national key tasks.
Building a safe cyberspace will protect social order, defend national sovereignty, and ensure sustainable development. Vietnam has progressed well to achieve that end as shown in the Global Cyber Security Index. However, businesses should be mindful of the everchanging landscape of cybersecurity in Vietnam with more laws in the pipeline. For example, Vietnamese current laws and practice focus on penalizing those who directly conduct the crimes as opposed to data controllers. Opinions that liabilities of data controllers should be heightened have been raised recently.