On the afternoon of September 30, the Center for Information Technology and Cyber ​​Security Monitoring, Government Cipher Committee coordinated with a number of agencies and units inside and outside the Organizing Committee to close the practical exercise program to ensure network information security for IT systems at the Government Cipher Committee in 2024.

episode 2 1.jpg
Major General Nguyen Dang Luc, Deputy Head of the Government Cipher Committee, spoke at the closing ceremony of the 2024 combat exercise program. Photo: Organizing Committee

The system chosen as the target of the attack and defense teams in this live-fire exercise is the public service portal of the Civil Cryptography Administration and Cryptographic Product Inspection Department.

This is one of the important systems of the Cryptography industry, responsible for providing licensing services for exporting and importing civil cryptographic products for businesses.

In addition to the defense team of the Government Cipher Committee, this year's combat exercise program of the Committee also has the participation of attack teams including units within the Committee such as the Academy of Cryptography Techniques, the Institute of Cryptography Science and Technology, the Center for Information Technology and Network Security Monitoring as well as external businesses and partners such as VNPT, Kaspersky...

According to statistics from the Organizing Committee, for 3 consecutive days from September 25 to September 27, the defense team had to deal with tens of thousands of scans and attacks on the system from the attack teams.

Four attack teams were highly appreciated in the 2024 combat exercise program of the Government Cipher Committee, including: the VNPT Information Security Center team won the first prize, the Cryptography Engineering Academy team received the second prize; 2 teams from the Institute of Cryptography Science and Technology, the Center for Information Technology and Network Security Monitoring won the third prize.

Through the exercise program, agencies and units in the Government Cipher Committee had the opportunity to self-assess and evaluate their response capacity to threats and cyber attacks.

W-dien tap 001.jpg
Through practical exercises, technical staff improved their skills in preventing attacks and handling network security incidents. Illustration photo: TM

In particular, from the process of attacking and defending the system, units in the Government Cipher Committee have discovered weaknesses and security holes that still exist in the process of using people and technology to promptly take measures to overcome and handle them; at the same time, there are orientations and plans to improve the effectiveness of ensuring security for information systems under their management in the coming time.

Speaking at the closing ceremony of the exercise, Major General Nguyen Dang Luc, Deputy Head of the Government Cipher Committee, requested that agencies and units in the Committee clearly understand the importance of ensuring network safety and security for their units' information systems.

“Agencies and units are not allowed to be negligent or subjective in this work. They must promptly advise the leaders of the Digital Infrastructure Development Board and the digital environment of the department or sector to meet the requirements of safety and security,” Major General Nguyen Dang Luc emphasized.

Along with the request to strengthen cooperation and information exchange between agencies and units inside and outside the Government Cipher Committee, Major General Nguyen Dang Luc also directed the Center for Information Technology and Cyber ​​Security Monitoring to continue to coordinate, advise, and propose organizing similar drills to re-evaluate the safety level of all systems in the department and sector.

In addition, the representative of the Government Cipher Committee also noted that before putting an information system or a security solution into practical use, agencies and units in the Committee must conduct an in-depth assessment of information security and network security to find and fix security vulnerabilities in the source code or in the system design model, to ensure safety against the ever-present risks of cyber attacks.

In Directive 60 on organizing and implementing practical exercises to ensure network information security issued in September 2021, the Prime Minister pointed out: In order for incident response teams to have sufficient capacity to handle incidents occurring in their systems, the exercise needs to be converted to a practical exercise form, with new methods, scope, and nature.

Real-life exercises are conducted on real systems, without a pre-script but with regulations on objectives, participants, tools used, level of exploitation and duration to minimize risks.

Real-life exercises tie the drill activity to the very system that the incident response team is responsible for protecting, thereby further enhancing the incident response team's experience in handling incidents with operating systems.

The platform to support real-life exercises will be launched this year . With the platform to support real-life exercises, the implementation of exercises at agencies and organizations will be easier and of higher quality, synchronized and gradually narrowing the gap between units as well as with national exercises.