Japan International Cooperation Agency
  • 日本語
  • English
  • Français
  • Espanol
  • Home
  • About JICA
  • News & Features
  • Countries & Regions
  • Our Work
  • Publications
  • Investor Relations

Outline of the Project

Project Name

Project on Capacity Building for Cyber Security in Vietnam


Socialist Republic of Vietnam

Date R/D Signed

March 8, 2019

Project Site

Hanoi, Ministry of Information Communication (MIC)

Term of Cooperation

From June 26, 2019 to November 25, 2021

Implementing Organization

Ministry of Information Communication (MIC), Authority of Information Security(AIS)


(1) Development status (current status) and issues of the cyber security sector in the country

Cyber risk has become enormous rapidly and it is spreading on a global scale. In many countries, "cyber attacks" on critical information infrastructure (e.g. transportation, energy, medical, finance, etc.) has become a reality. Cyber security has become a national issue especially in developing countries where sufficient preventive measures against cyber attacks have not been taken.

In the Socialist Republic of Vietnam, the number of incidents has increased sharply since 2014, especially, illegal incursions, DoS / DDoS attacks and Advanced Persistent Threats attack are on the rise. Also, information systems of governmental agencies and organizations have many vulnerabilities and it is becoming clearly that the risk of cyber security is getting higher. Furthermore, malware infection and the threats of malicious software are increasing year by year, especially victims through social networks are increasing. Online phishing is still prevalent and many users suffer from economic loss from overconfidence and negligence on information security. The leakage of personal information is remarkable, and caused economical loss to users in banking, finance, and e-commerce has increased.

(2) Cybersecurity sector development policy in this country and positioning of this project

In Vietnam, the Law on Information Technology (No. 67/2006/QH11), so-called National IT Law stipulating the rights and responsibilities of government, organization was enacted in 2007 together with the concerning decrees for information security on the Internet. In 2010, the criminal law on information security has been revised, stipulating detailed definitions and penalties for DDoS attack, intentional spread of computer virus, online fraud, etc. and Vietnam is focusing on information security measures as a national policy.

National strategies and plans for cyber security have been formulated. Prime Minister's Decision No.63 in 2010 and No.898 in 2016 approved development of a national plan, objectives, activities, etc. for cyber security by 2020. Prime Minister's Decision No. 893 in 2015 approved a plan for propagation, dissemination and enhancement of awareness of cyber security by 2020.

AIS has been able to perform a certain extent of its functions such as awareness activities, incident handling, cyber attack prevention, etc. However, further strengthening of its security engineers is critical for network monitoring of the government, defence against cyber attacks, enhancement of reactive service to incidents. as cyber attacks are expected to increase in future.

The Project aims to enhance capacity of AIS which has a function to formulate policies and equipped with cyber attack mitigation system for cyber security by providing assistance to enhance capacity of security quality management, reactive service and proactive service then contributes to increase cyber resilience for Vietnamese government.

The Overall Goal

Cyber resilience for Vietnamese government is increased.

Project Purpose

Capacity of AIS for cyber security is enhanced.


  1. Capacity of security quality management is enhanced.
  2. Capacity of reactive service is enhanced.
  3. Capacity of proactive service is enhanced.

Project Activities

Output1) Capacity of security quality management and policy making is enhanced

1-1 Clarify the required roles defined in SecBoK framework
1-2 Develop a CDP for each staff based on SecBoK Framework
1-3 Develop a training course plan for high prioritized roles defined in SecBoK Framework (e.g. CISO, Commander)
1-4 Conduct training
1-5 Review CDP (e.g. every six months)
1-6 Plan and conduct training for policy maker
1-7 Develop/localize awareness raising materials

Output2) Capacity of reactive service is enhanced

2-1 Develop a training course plan for high prioritized roles defined in SecBoK Framework (e.g. Incident manager, Incident handler, Triage)
2-2 Conduct training
2-3 Review CDP (e.g. every six months)
2-4 Expand reactive infrastructure (e.g. DDoS attack mitigation) in AIS

Output3) Capacity of proactive service is enhanced

3-1 Develop a training course plan for high prioritized roles defined in SecBoK Framework (e.g. Researcher, Solution analyst, Vulnerability diagnostic consultant, Information security auditor)
3-2 Conduct training
3-3 Review CDP (e.g. every six months)
3-4 Expand proactive infrastructure (e.g. network monitoring) in AIS


[Japanese side]

  • Japanese Experts(Chief Advisor, Cybersecurity/Project Coordinator, Cybersecurity/Career Development Plan)
  • Training: Training in Vietnam, Training in Japan
  • Equipment: Servers, Network equipment, Software, etc.
  • Mission team dispatch


[Vietnamese side]

  • Counterpart personnel
  • Facilities and equipment (including office space)


Copyright © Japan International Cooperation Agency