CYBER CAPABILITIES AND NATIONAL POWER: A Net Assessment 161
15. Vietnam
Vietnam has put in place a suite of strategies for cyber
security and the advancement of its national power
in cyberspace, including in the military domain.
The governance structures for cyber policy operate
through the ruling Communist Party of Vietnam’s
authoritarian political system. The government has
implemented several policies that have contributed
to robust growth in the ICT sector and to signicant
progress in the construction of e-government plat-
forms. However, many government agencies still
grapple with cyber-security issues because of a lack
of funds and a huge shortage of cyber-security talent.
The Communist Party’s concerns regarding the threat
of internal subversion probably draw resources away
from technical cyber-skills training and towards ideo-
logical work and the management of public opinion,
thereby reducing investment in both defensive and
oensive cyber capabilities. While overall oensive
cyber capabilities are likely to be nascent or weak, the
covert government-linked group APT32 could prob-
ably launch relatively sophisticated cyber aacks.
Vietnam is a third-tier cyber power but it has consider-
able digital ambition and potential. If it can strengthen
its key cyber-security skills, support its ICT rms and
invest in advanced technology to protect its digital
infrastructure, it could realise that potential.
List of acronyms
AIS Authority of Information Security
ASEAN Association of Southeast Asian Nations
CPV Communist Party of Vietnam
ICT information and communications technology
MIC Ministry of Information and Communications
MND Ministry of National Defence
MPS Ministry of Public Security
NCSC National Cyber Security Monitoring Centre
NSCER National Steering Committee for Emergency Response
VNCERT Vietnam Computer Emergency Response Team
VNPT Vietnam Posts and Telecommunications Group
VPA Vietnamese People’s Army
Strategy and doctrine
Vietnam’s laws and regulations surrounding cyber
security were rather disparate until 2010, when it
released its rst national road map, ‘Approving
the National Planning on Development of Digital
Information Security’.
1
The plan was more comprehen-
sive and ambitious than those that most other countries
had produced by that point. Its four overarching goals,
aimed at addressing technical and legal weaknesses in
the country’s information security, were: to ensure the
security of network and information infrastructure; to
ensure the safety of data and applications; to train cyber-
security professionals and increase public awareness of
information security; and to enhance the legal frame-
work for information security, especially relating to
computer crime and encryption. Funding was pro-
vided to train personnel in state agencies and bolster
information security in the Ministry of Information and
Communications (MIC), the Ministry of Public Security
(MPS), the Government Cipher Commiee and the
Ministry of Industry. The road map also identied the
need to encourage research and development (R&D).
A Network Information Security Plan was launched
in 2016, aiming to augment the 2010 road map by
outlining further objectives for the period 2016–20.
2
