The Prime Minister has issued many documents directing ministries, sectors and localities to strengthen network information security. However, some sectors and fields have not yet thoroughly grasped and prioritized resources for implementation, leading to incidents causing network information insecurity and potentially affecting the security of Vietnam's cyberspace. In addition, many information systems deployed by organizations and enterprises to provide online services for people and businesses have a wide scope and impact on society. Therefore, information systems of state agencies and organizations and enterprises need to be concerned and deployed to ensure network information security at the highest level.

In the context of cyber attacks, especially ransomware, which have increased sharply recently and may continue to develop complicatedly in the coming period, with the risk of seriously affecting socio-economic development activities, and at the same time, to overcome shortcomings and limitations, and strengthen discipline and order in ensuring network information security, the Prime Minister requested the implementation of the following urgent tasks:

1. Ministers, Heads of ministerial-level agencies, Government agencies, Chairmen of People's Committees of provinces and centrally run cities, organizations, agencies and enterprises:

a) Continue to resolutely and effectively implement the Prime Minister's direction, focusing on the following key contents:

(1) Directly direct and be in charge of ensuring network information security; be responsible before the law and the Prime Minister if the information system under management fails to ensure network information security, causing serious incidents to occur.

(2) Direct a general review and assessment of the network information security situation for information systems under the management scope according to the guidance of the Ministry of Information and Communications; send the results to the Ministry of Information and Communications before April 30, 2024.

(3) Strictly implement the deadline for completing the approval of the security level proposal dossier for 100% of information systems under management, fully implement and deploy the information security assurance plan according to the approved level proposal dossier as directed by the Prime Minister in Directive No. 09/CT-TTg dated February 23, 2024.

(4) Regularly use information security support platforms provided by the Ministry of Information and Communications to improve the effectiveness of management and law enforcement activities on network information security.

(5) Arrange information security items when developing and implementing annual information technology application plans, 5-year plans and information technology projects; ensure that the budget for network information security products and services reaches at least 10% of the total budget for implementing these plans and projects according to the direction of the Prime Minister in Directive No. 14/CT-TTg dated June 7, 2019.

b) In case of a cyber attack, strictly comply with the regulations and instructions in Decision No. 05/2017/QD-TTg dated March 16, 2017, Directive No. 18/CT-TTg dated October 13, 2022 of the Prime Minister, Circular No. 20/2017/TT-BTTTT dated September 12, 2017 of the Ministry of Information and Communications, noting the following key contents:

(1) Promptly report incidents to the competent authority, the specialized incident response unit at the same level, the National Coordination Agency, and agencies and enterprises with the function of managing network security.

(2) Comply with the incident response coordination of the National Coordination Agency and relevant authorities in: collecting and analyzing information; handling and troubleshooting incidents; verifying the cause and tracing the origin; speaking and publishing information...

(3) Report full information on incidents, damages and related information to the National Coordinating Agency, and summarize, analyze, evaluate, draw lessons and report to the National Coordinating Agency for synthesis and dissemination.

c) Every quarter, send the Ministry of Information and Communications a report on the status of ensuring network information security for information systems under its management before the 20th of the last month of the quarter.

2. Ministers, Heads of Ministries, Agencies: Transport, Industry and Trade, Natural Resources and Environment, Information and Communications, Health, Finance, Government Office, State Bank of Vietnam, People's Committees of Hanoi and Ho Chi Minh City, in addition to strictly implementing the Prime Minister's direction in Clause 1 of this Official Dispatch, must focus on directing the immediate implementation of the following specific tasks:

a) Preside over and coordinate with the Ministry of Information and Communications, the Ministry of Public Security, and the Ministry of National Defense to direct organizations and enterprises in charge of information systems providing online services to serve people and enterprises (hereinafter referred to as organizations and enterprises):

(1) Conduct review, assessment and report on information security situation according to the guidance of the Ministry of Information and Communications and relevant ministries and branches with the function of managing network safety and security.

(2) Complete approval of security level proposal documents for 100% of information systems in September 2024 and fully implement information security assurance plans according to approved level proposal documents in December 2024 (in sync with the deadline stated in Directive No. 09/CT-TTg).

(3) Periodically check and evaluate information security according to regulations (at least once every 2 years for level 1 and level 2 systems; once every year for level 3 and level 4 information systems; once every 6 months for level 5 information systems), hunt for and eliminate threats to the information systems of organizations and enterprises.

(4) In case of a cyber attack, follow Point b Clause 1 of this Dispatch.

b) Coordinate with the Ministry of Information and Communications, ministries and branches with the function of managing network safety and security to guide, inspect and examine the work of ensuring information security of organizations and enterprises.

3. Minister of Information and Communications:

a) Instruct ministries, branches and localities to review and assess the situation of ensuring network information security for information systems of state agencies, organizations and enterprises before April 11, 2024; synthesize the results and report to the Prime Minister before April 30, 2024.

b) Instruct agencies in charge of important areas that need priority in ensuring network information security to review, evaluate and report on the information security situation of organizations and enterprises before April 20, 2024; synthesize the results and report to the Prime Minister before May 10, 2024.

c) Preside over and coordinate with the Ministry of Public Security, the Ministry of National Defense and relevant agencies to organize the implementation of monitoring, detection, early warning and response to network information security incidents. Synthesize the results of analysis, evaluation, and draw lessons from incident response activities; publish and warn on mass media to disseminate experiences, help organizations and individuals recognize, proactively prevent and respond to similar incidents and raise awareness of network information security.

d) Preside over and coordinate with relevant ministries and agencies to organize inspections and examinations of compliance with legal regulations on network information security at state agencies, organizations and organizations and enterprises providing online services to serve people and enterprises. Strictly handle violations that cause network information security incidents.

d) Develop, operate, and guide ministries, branches, localities, organizations, and enterprises to use information security support platforms to manage and enforce laws on network information security.

e) Direct media and press agencies to coordinate with ministries, branches and localities to strengthen the organization of propaganda and dissemination of network information security laws, and raise awareness of ensuring network information security.

g) Quarterly report to the Prime Minister on risks and dangers of information security loss to information systems of ministries, branches, localities, organizations and enterprises.

4. The Ministry of Public Security and the Ministry of National Defense shall strengthen the assurance of network information security according to their assigned functions and tasks and in the areas under their management; direct organizations and enterprises managing information systems providing online services to serve people and enterprises under their management as prescribed in Decision No. 632/QD-TTg dated May 10, 2017 to implement tasks and solutions similar to Clause 2 of this Official Dispatch; coordinate with the Ministry of Information and Communications to organize inspections, examinations and handle violations of the law on network information security.

5. Ministries, branches and localities shall proactively coordinate with the Ministry of Information and Communications, the Ministry of Public Security and the Ministry of National Defense to direct organizations and enterprises providing online services to serve people and enterprises under state management to strengthen network information security, fully comply with legal regulations on network information security, especially regulations on ensuring information system security at all levels.

6. Assign Deputy Prime Minister Tran Luu Quang to direct and monitor this field; the Government Office and the Ministry of Information and Communications, according to their assigned functions and tasks, monitor and urge the implementation of this Official Dispatch; synthesize and report to the Prime Minister on the implementation results.