More than half of the systems cannot record attacks
Vu Quoc Khanh, Director of VNCERT (the Vietnam Computer Emergency Response Team) said at a workshop on building up information security policies in developing e-government held on May 25, that the budget for information security solutions just amounts to a small proportion in the agencies’ total budget for the information technology application program.
As for state agencies, 29 percent of agencies plan to spend 10-15 percent of the budget on information security solutions, while the average level is 19 percent for the whole country. Sixteen percent of agencies plan to invest 5-9.9 percent of the total budget, lower than the average level of 19 percent, while 24 percent of agencies would pay less than 5 percent of the budget, while the whole country’s level is 38 percent.
A survey of VNCERT has found out that 53 percent of units which have information security systems cannot record attack behaviors. This means that though more than 50 percent of Vietnamese websites have houses, and their homes have been equipped with locks; however, the owners of the houses would not know if burglar broke into their houses, because they are not informed by the system.
The survey has also found out that 63 percent of units cannot calculate the financial loss caused by the attacks, while the figure is 64 percent for state agencies.
VNISA, the Vietnam Information Security Association, which carried out assessments on 100 accidental websites of government agencies (.gov.vn), has found that 80 percent of websites do not apply safeguard system against the scanning, such as the intrusion prevention system. It has also estimated that 78 percent of the websites could be attacked and collapsed at any time.
Especially, the websites have popular weak points, such as the information telltale from using ASP.NET of Microsoft (15 percent), the errors relating to SQL Injection (11 percent), or XSS (9 percent).
Vietnam nonresistant to cyber war
Nguyen Viet The, former of Head of the Informatics Agency under the Ministry of Public Security, has many times warned that cyber crimes have become more and more professional, therefore, network security would continue to be a burning problem in 2012, which may lead to a cyber war.
Khanh also thinks that Vietnamese websites comprise of many holes, and that if an attack is carried out, targeting to the websites, it would be very difficult to ensure the operation of the whole system. However, as for unimportant websites which do not need heavy investment, the administrators would be able to recover the system after a short time. Meanwhile, very important websites which must be online 24/24 all have information security measures already.
It is estimated that errors cannot be found in 20 percent of the systems which hackers would find it very difficult to attack. Meanwhile, as for DDoS attacks, one would need the support from outside, including the measure of expanding bandwidth.
To prepare to struggle against a cyber war, according to Khanh, it’d better to focus on protecting the most important objectives, instead of “trying to protect any pieces of land of the territory.”
As for unimportant websites, they should be given warnings about holes and recommendations.