In recent times, as the national coordinating agency for cyber security incident response, the Department of Information Security (Ministry of Information and Communications) has chaired and coordinated many cyber attack and defense drills nationwide as well as at the level of ministries, branches, localities and enterprises.

The goal is to support agencies, organizations and businesses through drills to review the system, detect and fix security vulnerabilities, enhance rapid response capacity and be ready to restore the system after an incident.

The long-term goal is to form a team of professional and trustworthy 'white hat hackers' to help organizations and businesses detect early and promptly handle information security risks.

Mr. Tran Quang Hung, Department of Information Security.jpg
Mr. Tran Quang Hung said: Through international forums, the Department of Information Security has invited all ASEAN countries to send their representative teams to participate in Vietnam's 3rd national combat exercise in 2024. Photo: M. Tuan

Speaking at the CYSEEX 2014 Conference held on November 13, Acting Director of the Department of Information Security (Ministry of Information and Communications) Tran Quang Hung said that in the past 3 years, instead of formal drills, agencies, organizations and enterprises in Vietnam have switched to implementing real-life drills.

Through improving the quality of drills, the capacity to respond to information security incidents of agencies, organizations and individual experts participating in the drills is enhanced.

Along with that, each time the drill was conducted, the units also discovered many loopholes and weaknesses in the information systems under their management, contributing to early warning of risks, helping to protect the systems of agencies and organizations better and more securely.

According to statistics from the Vietnam Cyber ​​Emergency Response Center - VNCERT/CC, with the goal of improving the ability to respond to cyber attacks, last year, the Department of Information Security promoted and supported the organization of more than 100 different combat exercises with the participation of ministries, branches, localities, organizations and enterprises.

Notably, through drills in 2023 with information systems in operation of agencies and units across the country, more than 1,200 vulnerabilities were discovered. Of these, 548 were of a serious impact level and 366 were of a high level.

“Assuming that the 1,200 vulnerabilities mentioned above were discovered by hackers before the exercise, the risk of data loss and system destruction for hundreds of Vietnamese systems would be enormous. That shows the value and benefits of real-life exercises for agencies, organizations and businesses,” the representative of the Information Security Department further analyzed.

W-information security training 01.jpg
Since the end of 2022, information security drills of agencies and units in Vietnam have basically been converted to a combat drill model. Illustration photo: Van Anh

Organizing at least one annual combat exercise is one of the key tasks on information security that ministries and provinces have recommended.

The future direction of the Information Security Department is to professionalize drill activities, focusing on building response capacity and flexible recovery capabilities.

Accordingly, from 2024 onwards, in addition to system testing, drills will focus more on training human resources capacity - a key factor in information security and safety work in each agency and organization.

“We will conduct more in-depth drills, applying more complex and realistic situations to ensure comprehensive response capabilities,” shared a representative of the Information Security Department.

At the national level, from 2022 to present, each year the Department of Information Security has presided over the organization of 3 major combat exercises. This year, the first and second national combat exercises took place in August and September respectively.

The third national-scale combat exercise was held from November 4 to November 15, with the special feature that in addition to agencies and units in Vietnam, other ASEAN countries were invited to send expert teams to participate.

Vietnam has had a comprehensive change in information security drills since the end of 2021, with the requirement for drills of agencies and organizations to switch to a combat model.

The live exercise incorporates the exercise into the incident response team's own protection system, thereby enhancing the response team's experience in handling incidents with operating systems.

Ministry of Information and Communications will promote practical exercises on information security

Ministry of Information and Communications will promote practical exercises on information security

The Ministry of Information and Communications will promote national-scale information security drills and introduce cyber training grounds for businesses to send their teams to participate.
Nearly 50 banks and financial institutions 'train' to respond to cyber attacks

Nearly 50 banks and financial institutions 'train' to respond to cyber attacks

The DF Cyber ​​Defense 2024 cyber attack and defense exercise is an opportunity for 46 financial and banking organizations to "practice their troops", contributing to improving the cyber attack response capacity of IT and information security personnel.
National information security drill on 3 operating systems

National information security drill on 3 operating systems

Through the national cyber security drill on three systems of the Departments of Information and Communications of Hai Phong, Ninh Binh and Quang Ninh, the information security personnel of the units have gained more experience in handling cyber attacks.