Vietnam's Prime Minister, Pham Minh Chinh, has sounded the alarm on cybersecurity, issuing an directive 33/CD-TTG aimed at shoring up the country's defenses against mounting cyber threats.

Recent attacks, especially ransomware incidents, have highlighted the widespread vulnerabilities of information systems used by both the Vietnamese government and businesses providing essential public services.

In his order, PM Chinh criticized a lack of focus and resource allocation in some sectors regarding cybersecurity. He stressed that safeguarding cyberspace is a top priority in the face of increasingly sophisticated attacks that could undermine Vietnam's socioeconomic development.

Demanding Accountability, Setting Deadlines

The Prime Minister's directive sets out a roadmap for swift action. He holds ministers, heads of government agencies, and local officials directly responsible for any cybersecurity failures within their jurisdictions. They must conduct thorough risk assessments and submit results to the Ministry of Information and Communications by the end of April.

Furthermore, the directive demands that 100% of information systems be classified by security level in line with previous government mandates. Organizations must submit security plans based on the designated levels and fully implement them with strict deadlines.

Focus on Prevention and Response

The order underscores the importance of allocating at least 10% of information technology budgets to cybersecurity products and services, a proportion previously mandated in an effort to shift away from a reactive approach. This investment is essential for establishing proactive defenses.

Mr. Chinh also mandates strict adherence to incident response protocols if attacks do occur. Organizations must immediately report breaches to relevant authorities and coordinate closely with the National Coordinating Agency to contain the damage and identify the attackers.

Sector-Specific Action

The directive emphasizes the need for heightened vigilance across key sectors. Ministries like Transport, Industry, and Natural Resources, as well as agencies focused on health, finance, and communications, face specific deadlines to review the security posture of systems that provide crucial public services.

Local authorities in Hanoi and Ho Chi Minh City are also singled out for their role in ensuring businesses within their jurisdictions meet robust security standards.

A Coordinated National Effort

The Ministry of Information and Communications is tasked with a central role in this cybersecurity push. It will monitor compliance with the directive, assess risks in priority sectors, and lead incident response efforts. Close coordination with the Ministries of Public Security and Defense is essential for a unified response to cyber attacks.

The Prime Minister's directive underscores Vietnam's growing awareness of the economic and security risks posed by cyber attacks. This reflects global trends, as governments worldwide scramble to adapt to evolving threats targeting both critical infrastructure and the private sector.

The focus on businesses providing public services signals recognition of the interconnected nature of Vietnam's digital economy. Weaknesses in one area can have cascading effects. Experts believe the directive's success rests heavily on enforcement, as well as a shift in mindset among leaders who may yet need to be convinced of the necessity for robust cybersecurity investments.