UNDERSTANDING CYBERSECURITY: A COMPREHENSIVE OVERVIEW
Network security is the assurance of activities in cyberspace that do not harm national security, public order, social safety, and the leg...
Network security is the assurance of activities in cyberspace that do not harm national security, public order, social safety, and the legitimate rights and interests of agencies, organizations, and individuals. Protecting network security involves prevention, detection, and prevention of cyber threats.
With the advancement of technology, network security becomes increasingly crucial as smartphones, computers, and tablets are integral to our daily work and personal lives. The dependence on online tools also necessitates regulations for security and safety in each individual’s network usage.
1. What is Network Security?
Network security is the assurance of activities in cyberspace that do not harm national security, public order, social safety, and the legitimate rights and interests of agencies, organizations, and individuals. Protecting network security involves prevention, detection, and prevention of cyber threats.
Computer security, a subset of network security, utilizes hardware and software to protect data transmitted from personal computers or other devices to information network systems. Computer security functions to safeguard information technology infrastructure and counteract data interception, alteration, or theft by cybercriminals.
2. Principles of Network Security
According to the provisions of the Cybersecurity Law, adherence to the following seven principles is required:
- First Principle: Adherence to the Constitution and the law; ensuring the interests of the State and the legitimate rights and interests of organizations, individuals.
- Second Principle: Under the leadership of the Communist Party of Vietnam, unified management by the State; mobilizing the comprehensive strength of the political system and the entire people; enhancing the core role of cybersecurity forces.
- Third Principle: Tight integration between the mission of protecting network security, protecting vital information systems related to national security, and the mission of socio-economic development; ensuring human rights, citizens’ rights; facilitating the activities of organizations, individuals in cyberspace.
- Fourth Principle: Proactively preventing, detecting, preventing, dealing with, and defeating all activities using cyberspace to infringe upon national security, public order, social safety, rights, and legitimate interests of organizations, organizations, individuals; ready to prevent cyber threats.
- Fifth Principle: Implementing activities to protect network security for the national cyberspace infrastructure; applying protective measures to information systems related to national security.
- Sixth Principle: National cyberspace information systems are assessed, certified for network security conditions before being put into operation and used; regularly inspect, monitor network security during use and promptly respond to network security incidents.
- Seventh Principle: Every violation of laws on network security must be promptly and strictly handled.
3. Measures to Protect Network Security
The law details specific administrative and technical measures to protect network security, safeguarding both national security and the legitimate rights and interests of organizations and individuals in cyberspace. Stipulated in the 2018 Cybersecurity Law, measures include:
- Network security assessment.
- Network security condition assessment.
- Network security inspection.
- Network security monitoring.
- Incident response, network security incident handling.
- Cybersecurity protection and struggle.
- Use of encryption to protect network information.
- Blocking, requesting temporary cessation, suspending the provision of network information; suspending or temporarily suspending the establishment, provision, and use of telecommunications networks, the Internet, and the production and use of radio transceivers according to legal regulations.
- Requesting deletion, access to delete illegal information or information related to national security, public order, social safety, rights, and legitimate interests of organizations, organizations, individuals in cyberspace.
- Sealing off, limiting the operation of information system; suspending, temporarily suspending, or requesting the cessation of the operation of the information system, recovering the domain name according to legal regulations.
- Initiating, investigating, prosecuting, and trying according to the provisions of the Code of Criminal Procedure; Other measures according to the law on national security, laws on handling administrative violations. Additionally, the Government determines the procedures, and procedures for applying network security protection measures, except for the measures of initiating, investigating, prosecuting, and trying according to the provisions of the Code of Criminal Procedure and other measures according to the law on national security, laws on handling administrative violations.
4. Prohibited Acts Regarding Network Security
Activities that are strictly prohibited in terms of network security include:
- Inciting to cause turmoil, disrupt national security, disrupt public order; information containing content that insults, falsely accuses others; information containing content that violates economic management order; Appropriation of property; organizing gambling, online gambling.
- Organizing, participating in, colluding, inciting, bribing, deceiving, recruiting, training, and training individuals against the Socialist Republic of Vietnam.
- Acts of organizing, participating in, colluding, inciting, bribing, deceiving, recruiting, training, and training individuals against the Socialist Republic of Vietnam; distorting history, denying revolutionary achievements, undermining the great unity of the entire nation, offending religions, discriminating based on gender, racial discrimination.
- Spreading false information causing panic among the people, causing damage to socio-economic activities, causing difficulties for the activities of state agencies or persons performing public duties, violating the rights and legitimate interests of other organizations, individuals, etc.
Individuals or organizations involved in such activities will be seriously dealt with.
5. Handling Violations of Network Security
In addition to defining prohibited acts, the cybersecurity law also stipulates penalties for violations of network security. Depending on the severity of the violation, individuals and organizations may face administrative penalties or criminal liability.
The time limit for handling administrative violations in the field of network security is one year, except for cases of administrative violations in the production, purchase, import, supply, exploitation, and export of products, services, network security, in which the time limit for handling administrative violations is two years.
Forms of penalties, measures to remedy the consequences:
It can be seen that for each administrative violation in the field of network security, organizations and individuals must bear the main form of penalties, which is a warning or a fine.
In addition, based on the nature, extent of the violation, organizations, and individuals committing violations are also subject to one or more of the following additional penalties:
- Revocation of the right to use licenses, certificates, professional practice certificates with a time limit or suspension of operations with a time limit;
- Confiscation of exhibits, means, documents violating administrative violations;
- Prohibition of professional activities or related work in activities that violate network security.
In addition to the measures to remedy the consequences specified in points d, i of Clause 1, Article 28 of the Law on Handling of Administrative Violations, individuals, organizations violating network security are also subject to the following additional measures:
- Compulsory removal of programs, software; forced recovery or destruction of products, equipment, cessation of harmful services in terms of network security; or not ensuring quality or not having a license or not complying with the license;
- Forced removal of data misappropriated, bought, illegally exchanged;
- Forced removal, correction of law-violating information;
- Forced removal of harmful features, components of programs, products, equipment, services, software;
- Forced recovery of leased numbers, numbers, Internet resources, domain names, Internet addresses (IP), network code numbers (ASN); management codes, service provider numbers;
- Forced return of IP addresses, ASN, domain names, digital accounts;
- Forced conversion of the purpose of use of products, equipment, services, software;
- Forced cancellation of the results of evaluation, assessment, inspection, certification of network security;
- Forced modification of information on products, equipment, services, software;
- Forced correction of the results of evaluation, assessment, inspection, certification of network security;
- Forced evaluation, assessment, inspection, re-certification of network security;
- Forced re-publication of information on evaluation, assessment, inspection, certification, information on products, equipment, services, software.
This comprehensive framework aims to ensure the security of the digital environment while enabling individuals and organizations to use cyberspace responsibly and ethically. Violations of network security will be treated seriously, reinforcing the importance of adhering to regulations to maintain the integrity of the digital landscape.