Answers to the 2019 Cybersecurity Law Study Contest

Buzz

Content

Answers to the 2019 Cybersecurity Law Study Contest

Answer suggestions for the 2019 Cybersecurity Law Study Contest not only help you improve your knowledge of the Cybersecurity Law but also make it easier for you to write the 2019 Cybersecurity Law Study Contest.

The 2019 Cybersecurity Law Study Contest is a meaningful contest to learn about the Cybersecurity Law, helping everyone enhance their knowledge and better protect cybersecurity. To complete the 2019 Cybersecurity Law Study questions, please refer to the answers below.

Cybersecurity Law Q&A

Answers to the 2019 Cybersecurity Law Study Contest

Question 1. When was the Cybersecurity Law passed by the National Assembly of the Socialist Republic of Vietnam, and when did it come into effect? What are the basic contents of the Cybersecurity Law?

Answer suggestions

- The Cybersecurity Law was passed by the National Assembly of the Socialist Republic of Vietnam at the 5th session of the 14th National Assembly, on June 12, 2018; it came into effect on January 1, 2019.

- The law consists of 7 chapters, 43 articles, regulating cybersecurity for systems containing important national security information; prevention and handling of cybersecurity violations; implementation of cybersecurity protection activities; and responsibilities of agencies, organizations, and individuals.

Question 2. The necessity of constructing and promulgating the Cybersecurity Law? According to comrade, what issue is most necessary, and why?

Suggestions for answer

The necessity of constructing and promulgating the Cybersecurity Law:

1. Meet the requirements of cybersecurity in protecting national security, ensuring social order and safety.
2. Prevent and respond to cybersecurity threats.
3. Address and limit existing issues related to cybersecurity protection.
4. Institutionalize the Party's comprehensive and timely directions and policies on cybersecurity.
5. Specify the provisions of the 2013 Constitution regarding human rights, basic rights of citizens, and national defense.
6. Establish a legal basis for international integration.

According to comrade, which issue is most necessary, and why? (Participants choose 01 out of 06 necessities to present)

Question 3. Article 2 of the Cybersecurity Law stipulates “Cybersecurity is to ensure activities on the cyberspace that do not harm national security, social order and safety, and legitimate rights and interests of organizations, individuals.” Comrade, please analyze this concept to demonstrate its relevance to the current reality?

Suggestions for answer

- Subjects protected by cybersecurity include: Independence, unity, territorial integrity of the Fatherland; Political regime, economic regime, culture; National defense, security, social order and safety; State secrets; Life, health, honor, dignity of individuals; Rights and legitimate interests of organizations, individuals.

Protected objects of cybersecurity are: Political regime and State of the Socialist Republic of Vietnam; national cyberspace and national cyberspace infrastructure; important information systems related to national security; Information systems of state agencies, political organizations at the central and local levels; Organizations, individuals participating in activities on cyberspace.

Cybersecurity is a non-traditional security issue with global, non-governmental, relative, transformative, dynamic, intangible, and difficult-to-define nature; it has mutual impacts with other non-traditional security issues, such as economic security, information security, cultural-ideological security.

- The Cybersecurity Law has contributed to enhancing the effectiveness of protecting sovereignty, interests, national security, rights, and legitimate interests of organizations, individuals participating in activities on cyberspace, building a healthy cyberspace environment. It establishes a solid legal framework for relevant functional forces to apply, deploy synchronously, consistently, and on the basis of struggle against cyber activities that violate the law. It enhances the ability to protect cybersecurity for the national information network, especially important information systems related to national security, against risks from cyberspace, ensuring state management in this area. The Cybersecurity Law is also the first policy document to enhance self-reliance in cybersecurity, improve policies for research, development of cybersecurity strategies, and sharing of cybersecurity information. Citizens are given important legal tools to protect their image, information on cyberspace. Children have the right to access, participate in activities on cyberspace but are also specially protected against bad, harmful, inappropriate information in the environment and culture of Vietnam. Businesses, organizations inside and outside the country are equal in obligations, responsibilities, and rights. Many provisions of the Cybersecurity Law clearly define the responsibilities to the community of agencies, organizations, businesses in managing information systems and providing services on cyberspace.

The issues mentioned above are completely relevant to the current situation.

Question 4. What is the important information system about national security? Why is it necessary to develop, promulgate regulations on cybersecurity protection for the important information system about national security? How is the protection of the important information system about national security expressed? Compare the similarities and differences between the “National important information system” stipulated in the Law on Cyber Security 2015 and the “Important information system about national security” in the Law on Cybersecurity 2018.

Answer guide

4.1 What is the important information system about national security?

Clause 1, Clause 2 Article 10 of the Cybersecurity Law stipulates:

The important information system about national security is the information system that, when it encounters incidents, intrusion, usurpation of control, distortion, interruption, cessation, paralysis, attack, or destruction, will seriously compromise cybersecurity.

The important information system about national security includes:

- Military, security, diplomatic, and core information systems;
- Information storage and processing systems for state secrets;
- Information systems for the preservation and management of valuable artifacts and documents;
- Information systems for the preservation of materials, substances that are particularly dangerous to humans and the ecological environment;
- Information systems for the preservation, production, and management of other particularly important material facilities related to national security;
- Important information systems serving the activities of central agencies and organizations;
- National information systems in the fields of energy, finance, banking, telecommunications, transportation, resources and environment, chemicals, health, culture, and media;
- Automatic control and monitoring systems at important facilities related to national security, important targets related to national security.

4.2 Why is it necessary to establish and issue regulations on protecting cybersecurity for important information systems about national security?

- Because these are the information systems of important national targets, national critical infrastructure, agencies holding state secrets. If these systems are attacked, intruded, destroyed, or information is stolen, it can have serious consequences, affecting sovereignty, interests, national security, and disrupting public order and safety. Therefore, it is necessary to have stringent, proportionate protection measures, at a higher level than for less important targets. Protecting these information systems includes not only activities such as monitoring, evaluating operational processes, and applying appropriate cybersecurity standards but also conducting assessments from the design phase to the operation of the information systems to early detect and eliminate cybersecurity threats.

- Current regulations on cybersecurity are not strong enough to deter and prevent violations on the Internet, nor do they meet the practical requirements of cybersecurity collaboration in the new context. This situation has created difficulties in organizing and implementing information security and cybersecurity measures, as well as in the prevention and combat against the use of the Internet to infringe upon national security, public order, and safety.

4.3 How is the content of protecting important information systems about national security expressed?

Includes: Important national security information systems; cybersecurity assessment for important national security information systems; cybersecurity condition assessment for important national security information systems; cybersecurity inspection for important national security information systems; cybersecurity monitoring for important national security information systems; cybersecurity incident response and handling for important national security information systems.

4.4 Compare the similarities and differences between the “national important information system” stipulated in the Law on Cybersecurity 2015 and the “important information system about national security” in the Cybersecurity Law 2018.

(Participants in the competition do it themselves)

5. According to the Comrade, how does the Cybersecurity Law regulate the protection of human rights?

Answer suggestion

The Cybersecurity Law protects human rights when participating in activities on the Internet. The Cybersecurity Law directly protects the following 05 human rights:

- The right to life, personal freedom, and security; the right to equality before the law and legal protection.
- The right not to be interfered with in privacy, family, residence, or correspondence;
- The right not to be violated in honor or personal reputation;
- The right to freedom of thought, belief, and religion of citizens;
- The right to freedom of speech, freedom of expression of citizens.

The Cybersecurity Law also helps prevent and deal with acts using cyberspace to infringe upon the legitimate rights and interests of organizations and individuals.

(Participants in the competition should find the provisions on the protection of human rights in the Cybersecurity Law and present them specifically corresponding to the human rights mentioned)

Example: Article 1, Article 29 stipulates that “Children have the right to be protected, access information, participate in social activities, play, entertain, keep personal secrets, privacy, and other rights when participating in cyberspace.”

Question 6. What are the main contents of the work of preventing and combating cyber security violations? Please specify the roles and responsibilities of enterprises providing services on telecommunications networks, the Internet, value-added services on cyberspace in preventing and combating cyber security violations?

Answer suggestion

The main contents of the work of preventing and handling cyber security violations are regulated in Chapter III of the Cybersecurity Law, including:

1. Preventing and handling information on cyberspace with content propagating against the Socialist Republic of Vietnam; inciting riots, disrupting security, disrupting public order; defaming, falsely accusing; violating economic management order.
2. Preventing and combating cyber espionage; protecting information classified as state secrets, work secrets, business secrets, personal secrets, family secrets, and privacy on cyberspace.
3. Preventing and combating the use of cyberspace, information technology, electronic media to violate laws on national security, order, and social safety.
4. Preventing and combating cyber attacks.
5. Preventing and combating cyber terrorism.
6. Preventing and handling dangerous situations regarding cyber security.
7. Struggling to protect cyber security.

Please specify the roles and responsibilities of enterprises providing services on telecommunications networks, the Internet, value-added services on cyberspace in preventing, handling cyber security violations.

Article 26, Clauses 2 and 3 of the Cybersecurity Law stipulate:

- Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and value-added services on cyberspace in Vietnam have the following responsibilities:

a) Authenticate information when users register for account numbers; secure information and user accounts; provide user information to specialized cyber security forces under the Ministry of Public Security upon written request to assist in investigating and handling violations of cyber security laws;

b) Prevent the sharing of information, delete information with content specified in Articles 1, 2, 3, 4, and 5 of Article 16 of this Law on services or information systems directly managed by agencies, organizations no later than 24 hours from the time of request from the specialized cyber security forces under the Ministry of Public Security or authorized agencies of the Ministry of Information and Communications, and keep system logs for investigation and handling of violations of cyber security laws within the time specified by the Government;

c) Not provide or cease providing services on telecommunications networks, the Internet, and value-added services to organizations, individuals posting information on cyberspace with content specified in Articles 1, 2, 3, 4, and 5 of Article 16 of this Law upon request from the specialized cyber security forces under the Ministry of Public Security or authorized agencies of the Ministry of Information and Communications.

- Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and value-added services on cyberspace in Vietnam engaged in the collection, exploitation, analysis, and processing of personal information, data on user relationships, and data generated by users in Vietnam must store this data in Vietnam for the specified period by the Government.

Foreign enterprises specified in this clause must establish branches or representative offices in Vietnam.

Question 7.How does the Cybersecurity Law regulate the assurance of information security in cyberspace? How do you assess the situation when hostile, reactionary, opposing forces distort operations to handle fake news, misinformation, and malicious information, which violate human rights and freedom of speech?

Answer Hint

What does the Cybersecurity Law stipulate regarding ensuring information security in cyberspace?

Article 26 of the Cybersecurity Law stipulates the assurance of information security in cyberspace, including the following contents:

1. Electronic information pages, electronic portals, or specialized pages on social networks of agencies, organizations, and individuals shall not provide, post, or transmit information that violates national security as specified in Articles 1, 2, 3, 4, and 5 of this Law, and other information that infringes national security.

2. Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and value-added services on cyberspace in Vietnam shall have the following responsibilities:

a) Authenticate information when users register for an account; secure user information and accounts; provide user information to the specialized cybersecurity force under the Ministry of Public Security when requested in writing to serve the investigation and handling of violations of cybersecurity laws;

b) Prevent the sharing of information, delete information with content specified in Articles 1, 2, 3, 4, and 5 of Article 16 of this Law on services or information systems directly managed by agencies, organizations no later than 24 hours from the time of request of the specialized cybersecurity force under the Ministry of Public Security or the competent authority of the Ministry of Information and Communications and keep system logs to serve the investigation and handling of violations of cybersecurity laws within the time limit prescribed by the Government;

c) Not provide or stop providing telecommunications services, Internet services, value-added services for organizations, individuals posting on cyberspace information with content specified in Articles 1, 2, 3, 4, and 5 of Article 16 of this Law when requested by the specialized cybersecurity force under the Ministry of Public Security or the competent authority of the Ministry of Information and Communications.

3. Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and value-added services on cyberspace in Vietnam engage in the collection, exploitation, analysis, processing of personal information, data on user relationships, data created by users of the service in Vietnam must store this data in Vietnam for the period prescribed by the Government.

Foreign enterprises specified in this clause must establish branches or representative offices in Vietnam.

4. The Government details this clause.

How do you assess when hostile forces distort, process fake news, misinformation, and malicious information, violating human rights, freedom of speech?

The Cybersecurity Law does not prohibit foreign service providers from operating in Vietnam; does not hinder the freedom of speech, the right to express the views of citizens; does not prohibit citizens from using social networking services such as Facebook, Google; does not prohibit citizens from participating in activities on cyberspace or accessing, using information on cyberspace; does not prohibit citizens from starting up, creating, or exchanging and implementing their creative ideas on cyberspace. Vietnamese citizens are protected when participating in activities on cyberspace against malicious information that infringes upon their dignity, reputation, and human rights, cyberattacks, cyber espionage, cyber terrorism, or other acts that affect their legitimate rights and interests. The Cybersecurity Law only restricts acts that harm national security, social order, safety, rights, and legitimate interests of organizations and individuals...

Therefore, citizens have the full right to use, operate on cyberspace for personal purposes provided that they do not violate the provisions of the Law on prohibited acts (Article 8 of the Cybersecurity Law). The above issues completely refute the distorted arguments that the Cybersecurity Law violates human rights, freedom of speech of citizens on cyberspace, prohibits the use of Facebook, Google, creates barriers to business... Clearly, this is just a trick of exploiting democratic and human rights issues of opposing forces to distort and sabotage the issuance of the Cybersecurity Law of our country.

(Contestants may supplement other arguments to present in their exams)

Question 8.How is the issue of data storage, establishment of branches or representative offices in Vietnam regulated in the Cybersecurity Law? Comrade, please present the arguments proving that this regulation is consistent with international practices, international conventions that Vietnam participates in, does not impede economic development, and does not hinder foreign enterprises from participating in the Vietnamese economy?

Suggested answer

How is the issue of data storage, establishment of branches or representative offices in Vietnam regulated in the Cybersecurity Law?

Clause 3, Article 26 of the Cybersecurity Law stipulates: Domestic and foreign enterprises providing services on telecommunications networks, the Internet, and value-added services on cyberspace in Vietnam are required to collect, exploit, analyze, and process data on personal information, data on the relationships of service users, and data generated by service users in Vietnam, which must be stored in Vietnam for a period specified by the Government.

Foreign enterprises are required under this provision to establish branches or representative offices in Vietnam.

Comrade, please present the arguments proving that this regulation is consistent with international practices, international conventions that Vietnam participates in, does not impede economic development, and does not hinder foreign enterprises from participating in the Vietnamese economy.

The content of the Cybersecurity Law can be affirmed to be in line with international practices regarding data storage and establishment of branches or representative offices in Vietnam, without hindering economic development and impeding foreign enterprises from participating in the Vietnamese economy.

Firstly, there are currently 18 countries with regulations requiring foreign enterprises to store important data within the national territory, such as the United States, Canada, Germany, China, Indonesia, Denmark, Finland, Sweden, and others.

The European Union's data protection regulation is officially effective, allowing citizens to control their personal data when participating in social networking forums by searching, changing, deleting personal information, and service providers must publicly disclose the use of personal information to customers, committing not to transfer personal data to third parties. Violations could result in fines of up to 20 million euros or 4% of global revenue.

Secondly, the provisions in the Cybersecurity Law are in line with the capacity of enterprises, as Google has about 70 representative offices, and Facebook has 80 offices in countries around the world. In Southeast Asia, Google and Facebook have representatives in Singapore, Indonesia, and Malaysia.

Tuesday, the content stipulated in the Cybersecurity Law is in line with the domestic legal system, including the 2005 Commercial Law, the 2017 Foreign Trade Management Law, and the guiding documents of foreign trade promotion organizations requiring foreign businesses such as Google and Facebook, which are profitably operating in Vietnam, to establish representative offices in Vietnam.

Wednesday, it aligns with the international conventions of which Vietnam is a member, such as the International Declaration of Human Rights, the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights, WTO's basic agreements, CPTPP, specifically the General Agreement on Tariffs and Trade (GATT) 1994, the General Agreement on Trade in Services (GATS), agreements on aspects related to trade, intellectual property rights, the Comprehensive and Progressive Agreement for Trans-Pacific Partnership, and has exceptions regarding security, respecting and prioritizing national security in any commercial activity mentioned in those commitments; it complies with the 2013 Constitution and meets the requirements of the current reality, not hindering economic development and obstructing foreign businesses from participating in the Vietnamese economy.

(participants can add more arguments to present in their exam)

Question 9. Clarify the responsibilities of relevant agencies, organizations, and individuals in protecting cybersecurity. According to comrade, what do the State and citizens need to do to “build a healthy cyberspace” as stipulated in Clause 2, Article 3 of the Cybersecurity Law.

Suggested Answer

Clarify the responsibilities of relevant agencies, organizations, and individuals in protecting cybersecurity?

The Cybersecurity Law from Article 36 to Article 42 stipulates the responsibilities of agencies, organizations, and individuals. Specifically as follows:

Article 36. Responsibilities of the Ministry of Public Security

The Ministry of Public Security is responsible to the Government for implementing state management of cybersecurity and has the following tasks, powers, except for matters under the responsibility of the Ministry of National Defense and the Government's key agencies:

1. Issuing or proposing to competent state agencies to issue and guide the implementation of legal normative documents on cybersecurity;
2. Developing, proposing strategies, orientations, policies, plans, and measures to protect cybersecurity;
3. Preventing, combating activities using cyberspace to infringe upon sovereignty, interests, national security, order, social safety, and preventing cybercrimes;
4. Ensuring information security on cyberspace; building mechanisms to authenticate information for registering digital accounts; warning, sharing cybersecurity information, cyber threat risks;
5. Advising, proposing to the Government, the Prime Minister for consideration, decision on assigning, coordinating the implementation of measures to protect cybersecurity, prevent, handle acts infringing upon cybersecurity in cases where the state management content involves the management scope of many ministries, branches;
6. Organizing exercises for cyber defense; conducting exercises to respond to and overcome cybersecurity incidents regarding important information systems for national security;
7. Inspecting, supervising, settling complaints, denunciations, and handling violations of laws on cybersecurity.

Article 37. Responsibilities of the Ministry of National Defense

The Ministry of National Defense is responsible to the Government for implementing state management of cybersecurity within its management scope and has the following tasks, powers:

1. Issuing or proposing to competent state agencies to issue and guide the implementation of legal normative documents on cybersecurity within the management scope;
2. Developing, proposing strategies, orientations, policies, plans, and measures to protect cybersecurity within the management scope;
3. Preventing, combating activities using cyberspace to infringe upon national security within the management scope;
4. Coordinating with the Ministry of Public Security to organize exercises for cyber defense, conduct exercises to respond to and overcome cybersecurity incidents regarding important information systems for national security, and implement cybersecurity protection work;
5. Inspecting, supervising, settling complaints, denunciations, and handling violations of laws on cybersecurity within the management scope.

Article 38. Responsibilities of the Ministry of Information and Communications

1. Coordinating with the Ministry of Public Security, the Ministry of National Defense in cybersecurity protection.
2. Coordinating with relevant agencies to organize propaganda, refute information that opposes the Socialist Republic of Vietnam as stipulated in Clause 1, Article 16 of this Law.
3. Requesting enterprises providing telecommunications services, Internet services, value-added services on cyberspace, owners of information systems to remove information violating laws on cybersecurity on services, information systems managed directly by enterprises, organizations, and agencies.

Article 39. Responsibilities of the Government's key agencies

1. Advising, proposing to the Minister of National Defense to issue or propose competent authorities to issue and organize the implementation of legal normative documents, programs, plans on cryptography to protect cybersecurity within the scope of the Government's key agencies management.
2. Protecting cybersecurity for critical information systems under the management of the Government's key agencies and cryptographic products provided by the Government's key agencies as regulated by this Law.
3. Unifying the management of cryptographic scientific research, technology; producing, using, providing cryptographic products to protect information classified as state secrets stored, exchanged on cyberspace.

Article 40. Responsibilities of Ministries, branches, Provincial People's Committees

Within the scope of their tasks, powers, Ministries, branches, Provincial People's Committees are responsible for implementing cybersecurity protection for information, information systems under their management; coordinating with the Ministry of Public Security in implementing state management of cybersecurity of Ministries, branches, and localities.

Article 41. Responsibilities of enterprises providing services on cyberspace

1. Enterprises providing services on cyberspace in Vietnam have the following responsibilities:

a) Warn of the possibility of cybersecurity loss in using services on cyberspace provided by themselves and guide preventive measures;

b) Develop plans, solutions to quickly respond to cybersecurity incidents, immediately address security vulnerabilities, loopholes, malicious code, cyber attacks, network intrusions, and other security risks; in case of cybersecurity incidents, immediately deploy emergency plans, appropriate response measures, and report to specialized cybersecurity forces as required by this Law;

c) Apply technical solutions and other necessary measures to ensure security for the information collection process, prevent the risk of information disclosure, leakage, damage, or loss; in case of or risk of information disclosure, leakage, damage, or loss of user data, immediately provide coping solutions, inform users, and report to specialized cybersecurity forces as required by this Law;

d) Coordinate, facilitate specialized cybersecurity forces in cybersecurity protection.

2. Enterprises providing services on telecommunications networks, the Internet, value-added services on cyberspace in Vietnam are responsible for complying with the provisions of Clause 1 of this Article, Clause 2, and Clause 3 of Article 26 of this Law.

Article 42. Responsibilities of organizations, individuals using cyberspace

1. Comply with cybersecurity laws.
2. Timely provide information related to cybersecurity protection, cybersecurity threats, cybersecurity violations to competent authorities, cybersecurity protection forces.
3. Implement the requirements and guidance of competent authorities in cybersecurity protection; assist, facilitate agencies, organizations, and individuals responsible for implementing cybersecurity protection measures.

According to the comrade, what should the State and citizens do to 'build a healthy cyberspace' as stipulated in Clause 2, Article 3 of the Cybersecurity Law. (Participants in the competition do it themselves)

The answers to the competition writing 'Understanding the Cybersecurity Law 2019' are all compiled by Mytour here, you can refer to them to prepare for the competition.

The content is developed by the Mytour team with the aim of customer care and solely to inspire travel experiences. We do not take responsibility for or provide advice for other purposes.

If you find this article inappropriate or containing errors, please contact us via email at [email protected]