The Prime Minister has issued many documents directing ministries, branches and localities on enhancing network information security. However, some industries and fields have not thoroughly grasped and prioritized deployment resources, allowing incidents to occur that cause network information insecurity and potential risks affecting Vietnam's cyberspace safety. In addition, many information systems deployed by organizations and businesses provide online services to serve people and businesses with a wide range and impact on society. Therefore, the information systems of state agencies, organizations and businesses need to be paid attention and implemented to ensure network information security at the highest level.

In the face of the situation of cyber attack activities, especially ransomware, which has increased sharply recently and may continue to become complicated in the coming period, there is a risk of serious impact on development activities. socio-economic situation, and at the same time to overcome shortcomings and limitations and strengthen discipline in ensuring network information security, the Prime Minister requested the implementation of a number of urgent tasks.

1. Ministers, Heads of ministerial-level agencies, Government agencies, Chairmen of People's Committees of provinces and centrally-run cities, organizations, agencies, and enterprises:

a) Continue Drastically and effectively implement the Prime Minister's direction, focusing on the following key contents:

(1) Directly direct and be in charge of ensuring network information security; Be responsible before the law and the Prime Minister if the information system under its management does not ensure network information security, allowing serious incidents to occur.

(2) Direct the general review and assessment of the situation of ensuring network information security for information systems under its management according to the guidance of the Ministry of Information and Communications; Send results to the Ministry of Information and Communications before April 30, 2024.

(3) Strictly comply with the deadline for completing and approving safety level proposals for 100% of information systems under management , fully implement and deploy the plan to ensure information security according to the approved level proposal as directed by the Prime Minister in Directive No. 09/CT-TTg dated February 23, 2024.

(4) Regularly use information security support platforms provided by the Ministry of Information and Communications to improve the effectiveness of management and law enforcement on network information security.

(5) Arrange information security items when developing and implementing annual information technology application plans, 5-year periods and information technology projects; Ensure the proportion of funding spent on network information security products and services reaches at least 10% of the total funding for implementing these plans and projects according to the Prime Minister's direction in Directive No. 14/ CT-TTg June 7, 2019.

b) In case of a cyber attack incident, strictly comply with the regulations and directions in Decision No. 05/2017/QD-TTg dated March 16, 2017, Directive No. 18/CT-TTg dated March 13 October 2022 of the Prime Minister, Circular No. 20/2017/TT-BTTTT dated September 12, 2017 of the Ministry of Information and Communications, noting some of the following key contents:

(1) Timely reporting Report the incident to the governing agency, specialized incident response unit at the same level and the National Coordinating Agency, agencies and businesses with the function of managing network security.

(2) Comply with the incident response coordination of the National Coordinating Agency and relevant authorities in: collecting and analyzing information; handle and fix problems; verify the cause and trace the source; statements and information disclosure...

(3) Report full information on incidents, damages and related information to the National Coordinating Agency, and summarize, analyze, evaluate and draw conclusions. Lessons and reports to the National Coordinating Agency for synthesis and dissemination.

c) Every Quarter sends the Ministry of Information and Communications a report on the situation of ensuring network information security for information systems under its management before the 20th of the last month of the Quarter.

2. Ministers, Heads of Ministries and Agencies: Transport, Industry and Trade, Natural Resources and Environment, Information and Communications, Health, Finance, Government Office, State Bank of Vietnam , the People's Committees of Hanoi and Ho Chi Minh City, in addition to strictly implementing the Prime Minister's direction in Clause 1 of this Official Telegram, must focus on directing the immediate implementation of the following specific tasks:

a ) Preside and coordinate with the Ministry of Information and Communications, the Ministry of Public Security, and the Ministry of National Defense to direct organizations and enterprises managing information systems to provide online services to serve people and businesses (referred to as are organizations and businesses):

(1) Review, evaluate and report on the situation of information security assurance according to the guidance of the Ministry of Information and Communications and relevant ministries and branches with management functions. safety management, network security.

(2) Complete approval of the security level proposal for 100% of information systems in September 2024 and fully implement the information security assurance plan according to the approved level proposal. in December 2024 (synchronized with the deadline stated in Directive No. 09/CT-TTg).

(3) Periodically check and evaluate information security according to regulations (at least 01 time/02 years for level 1 and level 2 systems; 01 time/year for level 3 information systems , level 4; 01 time/6 months for level 5 information systems), hunts down and eliminates threats on information systems of organizations and businesses.

(4) In case of a cyber attack, comply with Point b, Clause 1 of this Official Telegram.

b) Coordinate with the Ministry of Information and Communications, ministries and branches with the function of managing network safety and security to guide, inspect and examine the work of ensuring information security of organizations and businesses.

3. Minister of Information and Communications:

a) Guide ministries, branches and localities to review and evaluate the situation of ensuring network information security for information systems of agencies, organizations and businesses state before April 11, 2024; Summarize the results and report to the Prime Minister before April 30, 2024.

b) Instruct agencies in charge of important areas that need to prioritize ensuring network information security to organize reviews and assessments and report on the information security situation of organizations and businesses before April 20, 2024; Summarize the results and report to the Prime Minister before May 10, 2024.

c) Preside and coordinate with the Ministry of Public Security, the Ministry of National Defense and relevant agencies to organize the implementation of monitoring and detection work. , early warning and response to network information security incidents. Synthesize results of analysis, evaluation, and draw lessons from incident response activities; Announce and warn on mass media to disseminate experience, help organizations and individuals recognize, proactively prevent and respond to similar incidents and raise awareness of information security network.

d) Preside and coordinate with relevant ministries and agencies to organize inspections and tests of compliance with legal regulations on network information security at state agencies, organizations and organizations and businesses. provides online services to serve people and businesses. Strictly handle violations that lead to incidents of network information insecurity.

d) Develop, operate, and guide ministries, branches, localities, organizations, and businesses to use information security support platforms to manage and enforce laws on network information security .

e) Direct media and press agencies to coordinate with ministries, branches and localities to strengthen propaganda and dissemination of network information security laws, raise awareness of ensuring information security. network news.

g) Every Quarter reports to the Prime Minister on threats and risks of information insecurity to the information systems of ministries, branches, localities, organizations and businesses.

4. The Ministry of Public Security and the Ministry of National Defense strengthen the assurance of network information security according to assigned functions and tasks and in the fields under their management; Direct organizations and enterprises managing information systems to provide online services to serve people and businesses under their management as prescribed in Decision No. 632/QD-TTg dated May 10, 2017. Declaring similar tasks and solutions in Clause 2 of this Official Telegram; Coordinate with the Ministry of Information and Communications to organize inspections, tests and handle violations of the law on network information security.

5. Ministries, branches and localities proactively coordinate with the Ministry of Information and Communications, the Ministry of Public Security and the Ministry of National Defense to direct organizations and businesses to provide online services to serve people and businesses within the scope of the law. State management strengthens the assurance of network information security, fully complying with legal regulations on network information security, especially regulations on ensuring information system security by level.

6. Assign Deputy Prime Minister Tran Luu Quang to direct and monitor this field; The Government Office, Ministry of Information and Communications, according to its assigned functions and tasks, monitors and urges the implementation of this Official Dispatch; synthesize and report to the Prime Minister on implementation results./.