Pursuant to the law of information technology on June 29, 2006;
Pursuant to the law on telecommunications December 4, 2009;
Pursuant to Decree No. 64/2007/ND-CP dated 10 April 2007 by the Government on the application of information technology in the activities of State bodies;
Pursuant to Decree No. 97/2008/ND-CP on August 28, 2008 on management, supply, use of Internet services and electronic information on the Internet;
Pursuant to Decree No. 187/2007/ND-CP on December 25, 2007 of the Government functions, tasks, powers and organizational structure of the Ministry of information and communications;
At the suggestion of the Director of the Center for Vietnam computer emergency response, regulation: chapter I GENERAL PROVISIONS article 1. The scope and subjects of application this circular regulates incident response network, coordinated the rescue activity breakdown Internet; the responsibilities of the organizations and individuals involved in rescue activity breakdown the Internet in Vietnam.
Article 2. Explain the term 1. The problem is the Internet events have, are or have the potential to cause loss of safety information on the Internet is detected through the monitoring, assessment, analysis of the agencies, organizations, individuals or are warnings from experts, the Organization in the field of information security in the country and in the world (hereinafter referred to as the incident).
2. The problem of a serious nature is the problem has one or more of the following: nature likely to occur on a fast lan, wide area; capable of undermining the system of computer networks and the Internet; could damage or major consequences for the network information system; requires the coordination many of the great resource of national or international's to solve.
Chapter II INCIDENT RESPONSE NETWORK article 3. Incident response network 1. Incident response network is a collection of organs, organizations, enterprises joining rescue activity breakdown have coordination in Vietnam (hereinafter referred to as network, agency, organization, called business network members and referred to as members). Network members have the obligation to join the network of voluntary membership and sign up to join the network.
2. Members have the obligation to participate in the network include: a) coordination;
b) specializes in the technology of the information Ministry, ministerial-level agencies, government agencies; Department of information and communications of the province, central cities;
c) enterprises providing Internet services (ISP);
d) Vietnam Internet Centre (VNNIC).
3. Members who voluntarily join the network's bodies, organizations or businesses voluntarily participate in this network have the affidavit of registration according to the model in annex 1 to send to the coordinating agency and accepted. Encourage the organizations active in the field of security of information to establish the Division functions rescue incidents and join the network.
4. Rescue Center Vietnam computer emergency (VNCERT) is the coordinating agency. VNCERT function Centre coordinated the rescue activity breakdown across the country and has the right to other organizations in the network coordination to prevent, handle and fix the Internet in Vietnam; have the right to decide the form of coordination of rescue operations and was responsible for coordinating requests; is the clue to exchange information about rescue cooperation problems with emergency response organizations, international computer. The Agency's coordination activities in order to maneuver the network members to coordinate handling, incident response called rescue coordination problems.
5. detailed contact information address, telephone number, fax number, e-mail address, website of the network members are publicized on the website of the coordination agency (www.vncert.gov.vn).
Article 4. Incident response clue 1. Clue rescue incidents as personal or Department be allowed to network members to communicate and exchange information with other network members in rescue activity breakdown.
2. incident response clue must have qualification and professional skills to make coordinated rescue operations.
3. Clues must ensure incident response capability through continuously (24 hours a day and 7 days a week).
Article 5. The principle of operation of the network of rescue incidents 1. Information to be exchanged, provided during troubleshooting, coordination must be secret at the request of the Organization, individuals experiencing unless an issue is related to many other user objects that required coordination agency warned, reminding.
2. The exchange of information in the network must be made by one or more forms as: dispatch, electronic mail, telephone, fax. Network members receive information must actively authenticate the sending object to ensure that the message received is reliable.
3. Network members have the right to share information, experiences, participate in rescue rehearsal activities, participation in training courses, the fostering of rescue activity breakdown.
Article 6. Report mode 1. Network members are responsible for periodic reports 6 months for the coordination of the activity of receiving and handling the issue.
a) report content in the form of periodic reports in annex 2. Report form instructions posted on the Center's website VNCERT;
b) time: before the report on June 15 and December 15 of every year;
c) form of the report: by electronic mail and dispatch;
d) report sent to VNCERT Center: 18 Nguyen Du, Hanoi; e-mail address: email@example.com.
2. Network members have the responsibility to report irregular when required by the Agency for the coordination or when discovered the serious nature of the incident. The form and the address to send the report as specified in paragraph 1 of this article.
Chapter III COORDINATION of RESCUE ACTIVITY BREAKDOWN article 7. Notice the problem 1. That incident did not resolve themselves, organizations or individuals to use the Internet to announce to one or more of the following: network members a) network member responsible for incident response organization, that individual (if any);
b) Isps are Internet service providers directly for the Organization, that individual;
2. When the serious nature of the incidents, organizations, individuals must notify the Agency Coordinator.
3. content reported incidents include: a) information described the incident as the incident notification form in annex 3;
b) other information required by the unit receiving notice.
4. Detailed Guide reported the incident posted at website of the coordinating agency.
5. organizations and individuals who submitted the notification of incidents must coordinate closely, providing full and accurate information on the issue for the network members receive notification of incidents and create all favorable conditions for membership and the agency coordinated research approach, the system related equipment, to collect, analyze information troubleshooting.
Article 8. To receive and handle notifications of incidents 1. Network members receive notification of incidents to make: a right and feedback) does not exceed 24 hours for the organization or individual submitting the notification to confirm about the received notifications of incidents;
b) troubleshooting in capabilities and their responsibilities;
c) announced the issue of coordination in the case unresolved.
2. coordinating agency received notice of the incident must be made: a) troubleshooting activities with a network of membership as defined in paragraph 1 of this article;
b the requesting Coordinator) to network members participate in rescue incidents when needed;
c) mobilize resources, invite experts to join rescue incidents when needed;
d) Organization of activities in collaboration with organizations of computer incident response to international rescue incidents have cross-border range.
Article 9. Incident response coordination 1. Coordinating agency to perform coordinated by sending the request to the Coordinator of the network members is related to your issue, use the form requires coordinated according to annex 4.
2. coordinating bodies have the right to request the network members collaborate and recommend emergency rescue organizations international join computer rescue activity breakdown.
3. coordinating agency to notify the Organization, individuals experiencing coordination requirements in the process of implementing the coordination and rescue incidents.
4. Network members receive requires coordination, proper implementation requires coordination and full response to the report, the result made for coordination.
Chapter IV RESPONSIBILITIES of ORGANIZATIONS and individuals, article 10. Network members 1. Published address of receiving notice of the incident on its website.
2. Bachelor of the clue rescue incidents and ensure proper compliance with the provisions of article 4.
3. Receive and handle notifications of incidents as defined in article 8.
4. Compliance with the requirements of agency coordination coordination as stipulated in article 9.
5. Coordination, support other network members in the rescue activity breakdown.
6. notices and updates to the Agency for the coordination of the following information: a) the address of receiving notification of incidents;
b) information about the clues incident response include: your name, position, address, telephone number, mobile phone number, fax number, e-mail address.
7. store announcements and minutes of troubleshooting, hosting coordination requirements and report the results of coordination requirements in the minimum time 1 year, include the following information: a) content of the notice of the issue, the time of receiving the message, the send time of confirmation;
b) troubleshooting results, the cause of the problem, troubleshooting time and list of organizations and individuals involved in coordinating troubleshooting (if available);
c) time report breakdowns for coordination, time received confirmation from the Agency for the coordination of cases notified for coordination.
8. implementation of the reporting regime under the provisions of article 6.
Article 11. Coordination Agency (VNCERT Center)
1. Service network members as defined in paragraph 1, 2, 3, 5, 7, article 10, of which the time limit for the data item 7 article 10 made under the State's current rules on the duration of preservation of records, documents and forms common in operation of State bodies.
2. Organization of work for the network and coordinate rescue activity breakdown, building regulations, the instructions in the network of rescue incidents.
3. Receive and handle directly or coordinate processing the message.
4. Build and deploy technical support system for communication activities, the exchange of information in the network and create conditions for the network members use the system.
5. General and published in the network of the information notices, warnings about the weaknesses, vulnerabilities, attack sources on the Internet.
6. Collection, updated and published on the Center's website VNCERT information about the address of receiving notice of the issue of the network members.
7. Gather, update and publish information about a list of clues for the network members.
8. Provide annual statistical reports on the operation of the emergency response incidents.
Article 12. Business Internet service providers 1. National service network members as defined in article 10.
2. Guide the user of Internet services or Internet subscription (hereinafter referred to as the customer) report the issue.
3. Perform troubleshooting functions for customers when receiving notice or detected the problem.
4. Provide the following information when distributing organs require: a) information about your customers is related to the problem, technical information about the customer's system is related to the problem (IP address, domain name, access log, other information if available);
b) information network structure, information monitoring, statistics on network data flows related to the problem (if any);
c) provides the software, the source code of the software causing the problem, data archives related to the issue, information about the hardware causing the problem (if any).
5. Installation connectivity ports available, redundant connection interfaces at the Internet point important to cater for yourself and for the competent State agencies implement monitoring, detecting attacks or dispersal, the spread of malicious software.
6. Facilitate the coordination approach, research systems, and related equipment to collect, analyze information aimed at troubleshooting.
7. Follow the required coordination of the following activities: a) Stopped connecting to the device, the system service causing the problem;
b) deter, divert temporarily the IP address, the domain name causing the problem;
c) remove or remove temporarily the application, the service causing the issue on the Internet.
8. resources in support of its ability and within the time period determined according to the requirements of the coordinating bodies to implement rescue activity breakdown or rescue incident rehearsal, including: a) the line connects to the Internet for the case of a denial of service attack attempted to exhaust the bandwidth or resources in need of enhanced availability for the the system provides critical services;
b) manpower on safety information to join rescue activity breakdown;
c) equipment, technology of safety information (if available).
Article 13. VNNIC Centre 1. National service network members as defined in article 10.
2. Provide the information subject to the national domain name registration (. au) units to manage IP addresses, network numbers by VNNIC-level and other information related to the incident at the request of the coordinating agency.
3. Perform the required coordination of the Agency for the coordination of the handling of incidents involving Vietnam's Internet resources.
Article 14. Specializes in the technology of the information Ministry, ministerial-level agencies, government agencies; Department of information and communications of the province of the central cities, 1. National service network members as defined in article 10.
2. Build and guide the implementation of rescue activity breakdown within the scope of responsibility of the unit.
3. coordinating, supporting emergency response issues in the scope of the responsibilities and activities of the unit when required from coordination.
Article 15. Individuals, other organizations 1. The organization provides security services a) to share information and data on rescue activity breakdown was made upon request of the coordinating agency;
b) support on manpower, technological solutions according to the capability when required by the Agency for the coordination.
2. Organizations and individuals using the Internet a) actively apply the measures, technical solutions ensure secure information, the scanning of your malicious code in the computer network incident prevention to the Internet;
b) proactively provides information and active collaboration with network members rescue activity breakdown detecting, preventing and troubleshooting.
Chapter V IMPLEMENTATION article 16. Effect 1. This circular effect since January 15, 2011.
2. In the process of implementation, if any problems arise, the Organization, the individual concerned timely reflection on the Ministry of information and communication (VNCERT Center) for review, Supplement and modify./.