‘Comprehensively developing the network information security incident response team’ was the theme of the conference of the 2023 conference held by the Authority of Information Security (AIS) late last week.

AIS’s deputy head Tran Dang Khoa said at the conference that agencies, institutions and businesses need to switch over from the defensive to the offensive in early forecasting and warning incidents, effectively preventing and controlling risks. 

They need to shift from making solo attempts to protect their information system and hiding information about cyberattacks to cooperating and sharing information so as to prevent and settle incidents.

The National Cyber Information Security Incident Response Network has 226 members, coming from ministries, branches, localities, domestic institutions and businesses, divided into 11 clusters to enhance mutual support.

Many activities of the network have been organized recently, focusing on the domestic and international manoeuvre programs, thematic seminars, training courses, technical consultancy, commonly used platforms and data sharing.

Le Cong Phu, deputy director of the Vietnam Cybersecurity mergency Response Teams/Coordination Center (VNCERT/CC), said the national coordination agency this year continues to promote activities of the network under the principle of "proactively preventing incidents before they occur, so that the incident response is truly a reliable barrier, a final barrier, when all measures to ensure information security fail".

The state management in incident response has been implemented in the digital environment. Through IRLab (Information Retrieval Lab) and DFLab (Digital Forensic Lab), technology and data have been fully applied in management, coordination and sharing, reporting, troubleshooting support, analysis and investigation of network attacks.

Through IRLab, VNCERT/CC has given 24,857 warnings to institutions, coordinated to handle 2,594 incidents, mostly ones related to malware data leakage, user swindling and vulnerabilities.

As for DFLab, the digital platform analyzes and conducts digital investigations of a large scope of hundreds or thousands of computers with modest specialist resources and limited time. This has helped shorten the time needed for actions to 3-5 days instead of 2-3 weeks.

The implementation of three national-scale field exercises on important information systems this year was a test of the capacity to ensure information security of ministries, branches, localities and businesses.

The exercises discovered 440 vulnerabilities at a high seriousness level which may impact society. This shows the effectiveness of exercises in improving the capacity to protect information systems and prevent incidents.

Van Anh