Nguyen Thanh Hai, director of the Ministry of Information and Communication’s Information Safety Department
The Hai Phong City People’s Committee has asked state agencies in the city not to use Lenovo computers following information released by the Ministry of Public Security that “software with spyware’s characteristics: has been found in Lenovo’s products.
However, many state agency officers have commented on technology forums that they were not sure if the measure could help them protect information. Products of other manufacturers are also believed to contain spyware.
Nguyen Thanh Hai, director of the Ministry of Information and Communication’s Information Safety Department, in an interview with VnExpress, admitted that there was no legal document mentioning required standards to ensure information safety at state agencies.
Calling this a ‘legal loophole’, Hai emphasized that the loophole needs to be fixed immediately.
Also according to Hai, every state agency sets regulations on information safety itself, while no national standards have been set up.
Meanwhile, many agencies have connections with specialized networks and internet with many portals. In these cases, information security is in danger.
“It is very difficult to control a house with many doors,” he commented.
|Most imported computing devices have “back doors”|
Regarding the standards for machine imports, he said Vietnam refers to international standards and specifications.
As for computers, for example, ISO 2001 standards have been applied, which include 133 requirements on devices, operation management, control and users.
However, it is not feasible to set all the requirements on all imports. Vietnam is still building up standards of its own.
However, Hai stressed that these are the standards and therefore, they are not mandatory.
How serious is the situation? An analyst said he cannot give a direct answer to the question, but noted that modern computing devices are not made in Vietnam. The devices, from software to hardware, are made overseas.
And most of the devices have back doors which allow sending of information to manufacturers and service providers. And no one knows for what purposes the information has been used.
This means that all devices used in the world contain risk of information insecurity.
Hai said his agency is considering compiling two legal documents that guide the implementation of the Information Safety Law which is expected to take place on July 1, 2016.
A report of the Vietnam Computer Emergency Response Team (VNCERT) showed that between December 21, 2014 and December 21, 2015, it discovered 31,585 information security incidents.