Vietnam's Securitisation of Cybersecurity Under Growing Chinese Cyber Threats

The Vietnamese government has framed the problem as a security threat and adopted wide ranges of exceptional measures to safeguard cybersecurity.

In seeking the status of a regional and global power, China has taken advantage of technological advances to expand its influence in cyberspace. Many Chinese military strategists regard the use of information warfare as a pre-emptive weapon, before military conflicts, and a core component of modern warfare.

During peacetime, China has leveraged its technological power to conduct cyber intrusions into the national critical systems of countries with a view to collecting important information (also known as cyber espionage), promoting disinformation, and destroying cyber systems and other national important systems in the cyberspace. Many countries like the US, the UK, Canada, Germany, Australia, India, Taiwan, Vietnam, and the Philippines have raised their voices about Chinese cyberattacks against their public and private-sector networks. China is seen as the largest state sponsor of cyberattacks in the world.

Vietnam’s vulnerabilities towards China-based hackers

Chinese hackers with the support of the Chinese government have conducted numerous attacks on Vietnamese governmental agencies’ websites and other national information systems. The cybersecurity concern emerged in Vietnam in 2011 when Chinese vessels wrecked the cable system of a Vietnamese hydro graphic research vessel, followed by an outbreak of cyberwarfare between Chinese and Vietnamese hackers. Some of the outcomes included the database of a news agency being deleted, and the Chinese national flag being displayed on one Vietnamese governmental website.

On 30 and 31 May 2015, when the Shangri-La summit was being organised, a small group known as “1937cn,” a leading Chinese hacker group, conducted cyberattacks against one thousand Vietnamese websites, most of which were governmental and educational websites. Another incident occurred in July 2016 when the 1937cn hacked the operating systems of Ho Chi Minh City’s Tan Son Nhat Airport, Hanoi’s Noi Bai Airport, and Vietnam Airlines, and revealed messages propagating China’s claims to the “nine-dash line.” That hacker group also published online private information of more than 41,000 Vietnam Airlines customers—showing Chinese cyber aggression towards Vietnam. In 2018 and 2019, the information systems of Vietnamese border offices were attacked by a Chinese hacker group named “Mustang Panda.’”

In January 2023, Vietnam publicly identified some Chinese advanced persistent threat (APT) groups as hacker groups, underscoring the growing concerns in the area of cyber security. Sophisticated threat actors, or APTs, are frequently supported by nation-states or state-sponsored organisations. Vietnam has identified the following specific China-backed groups: APT31, APT41, Grayling, Mustang Panda, and SharpPanda.

Vietnam’s perception of and responses to cyberattacks

In the Directive on Enhancing the Capability to Defend and Counter Against Malicious Software issued in May 2018, Prime Minister Nguyen Xuan Phuc expressed his serious concerns about cyber intrusions into governmental agencies to destroy information systems and collect confidential data: “In 2016 and 2017, some cyberattacks using malicious codes seriously affected agencies and organizations in Vietnam …. The current situation of transmitting malicious codes in Vietnam is at an alarming rate.”

In the 2019 Defence White Paper, Vietnam regarded cyberattacks, cyber espionage, and disinformation as “have[ing] seriously threatened national sovereignty in cyberspace, intensely affecting the political stability, socio-economic development, national defence and security of Vietnam.” At the second meeting of the Steering Committee of Cyber Safety and Cybersecurity in August 2023, Prime Minister Pham Minh Chinh claimed that cyberspace had become a strategic space, therefore making cybersecurity a pivotal, constant, and long-time task.

In response to increasing threats from cyberattacks, urgent measures have been taken by the Vietnamese government. Firstly, the country has begun to set up legal frameworks on protecting the country from cyber threats. In 2015, the Law on Securing Cyber Information was enacted to increase awareness of and solutions to protect information of individuals, organisations, and governmental agencies in cyberspace. The Vietnamese government also passed the Law on Cybersecurity in 2018 with seven chapters and 43 articles. The law aims to safeguard the national interests of Vietnam and set up cooperation between people, businesses, cyber organisations, and the government in responding to cyber threats. In November 2018, the Vietnamese National Assembly released the Law on Protecting National Secrets to set up a legal framework against acts of sharing, stealing, and publicising national secrets and cyberattacks or illegal activities of cyber espionage from foreign spies. In 2022, Nguyen Minh Chinh ratified the National Cybersecurity Strategy with objectives for 2025 and a vision for 2030. One of the main aims of the strategy is to maintain Vietnam’s ranking in the global security index between the 25th and 30th positions.

Secondly, Vietnam has founded cyber agencies to enhance cybersecurity protection and safeguard national interests in cyberspace. Accordingly, the Cyberspace Operations Command (also known as the 86 Command) and Force 47 were founded under the Ministry of National Defence in 2018. Meanwhile, the Department of Cybersecurity and Preventing Criminals Using High Technology under the Ministry of Public Security was established in 2018. These agencies are involved in preventing cyber espionage from collecting and transmitting national secrets and information of individuals and businesses in cyberspace, blocking cyber threats to the government, businesses, and people, controlling illegal content that opposes the Vietnamese government or activities or crimes which would cause violent disturbances or disrupt security or public order, and swiftly addressing consequences of cyberattacks.

Thirdly, due to rising concerns about cyberattacks by Chinese state-sponsored hackers, Vietnam declined Huawei’s investment in providing 5G networks and developed its own 5G infrastructure. In stark contrast to the Philippines and Thailand, in which Huawei’s equipment and devices are still utilised by mobile carriers for their 5G networks, regardless of security risks, Viettel, which is the largest mobile carrier in Vietnam, has developed its own chips and devices for providing 5G networks. Apart from self-developed devices and chips, Viettel has imported equipment produced by other suppliers. In doing so, Hanoi has made it clear that it will not use Huawei’s technologies for building 5G network infrastructure in Vietnam, and even its 4G networks were not linked to Huawei’s equipment.

Fourthly, training cyber personnel has been one of the focal points of Vietnam’s attempt to address cybersecurity. The project “Raising Awareness, Universalizing Skills, and Developing Human Resources for National Digital Transformation by 2025, with Orientations to 2030,” endorsed in 2022 by Pham Minh Chinh, aims to train 5000 digital technology graduates annually. This number will increase to 10,000 cyber personnel each year by 2030.

It is worth noting that to counter cyber threats posed by China and securitise cyber space Vietnam has also implemented cyberattacks against its giant neighbour. For example, between January and April 2020, the suspected Vietnamese hacker group APT 32 conducted cyber intrusion activities into the websites and other information systems of the Chinese Ministry of Emergency Management and the municipal authorities of Wuhan to collect intelligence information on the Corona virus and the problems and consequences of this pandemic in China.

After mounting cases of cybercrime and cyberattacks and the urge from the Vietnamese government to enhance protection systems against cyberattacks, Vietnamese businesses, organisations, and individuals have shown increasing awareness of cybersecurity. A report in 2023 indicated that 75 percent of Vietnamese people have increasing awareness of cyber threats to their privacy and individual interests in cyberspace. In the 2022 National Strategy of Cybersecurity, the Vietnamese government proposed to establish a model of all Vietnamese people participating in protecting the Fatherland in cyberspace based on the hotline between the people and professional cyber forces of the Ministry of Public Security to inform them about cybercrimes.

This analysis was adapted from a larger article published in the Australian Journal of International Affairs. Access the article here.

VIEW ORIGINAL ARTICLE HERE