At a recent seminar on the TCVN 14423:2025 National Standard, Senior Lieutenant Colonel Le Xuan Thuy, the Director of the National Cybersecurity Center (A05) in Vietnam, highlighted escalating cybersecurity challenges faced by sectors such as energy, healthcare, and media. Held in Hanoi on June 19, the seminar focused on the need for enhanced cybersecurity measures to protect sensitive information.
Thuy emphasized that patient data privacy is of utmost importance, stating, “No patient wants their private information exposed online.” He pointed out that while hospitals are aware of the risks, the absence of legal requirements hampers proactive measures to mitigate vulnerabilities. Thuy noted an alarming increase in ransomware attacks, particularly targeting governmental and health institutions as well as media organizations that have increasingly fallen victim to coordinated cyber campaigns.
Major Tran Trung Hieu from A05 disclosed that hackers had successfully infiltrated three significant Vietnamese media organizations in April 2025, compromising their data systems and extracting sensitive documents. Once hackers breach a system, they can manipulate or delete content, leading to considerable disruption and damage to the reputation of affected organizations. The interconnected nature of media platforms means a single vulnerability can impact multiple agencies, further underlining the urgency for media outlets to fortify their cybersecurity defenses.
Nguyen Van Han, Deputy Head of VNPT’s Information Security Center, highlighted the risks associated with the journalistic profession. Journalists frequently utilize computers, networks, and data storage solutions, which expose them to potential breaches. Many tools employed for media production, especially free or pirated software, are inadequately secured, making journalists’ devices susceptible to malware that can facilitate unauthorized access.
In response to these rising threats, Thuy announced the implementation of the TCVN 14423:2025 cybersecurity standard, aimed at providing essential guidance for securing critical information systems. Notably, Thuy remarked, “The standard is not solely intended for compliance; it is designed to aid organizations in reinforcing their cybersecurity infrastructure.”
Despite recognizing the existing cybersecurity threats, many organizations lack concrete action plans. Larger tech firms like VNPT or MobiFone can leverage global best practices, but smaller enterprises often find it challenging to initiate cybersecurity improvements. A Vietnam-specific standard is crucial to provide a structured approach for cybersecurity enhancement.
Thuy noted, “We offer standards shaped by the most secure practices, yet we acknowledge that immediate full compliance is unrealistic for all organizations.” He equated this situation to health regimens, where not everyone can maintain rigorous daily exercise. The purpose of the new standard is to facilitate gradual improvements, advancing organizational maturity in cybersecurity.
TCVN 14423:2025 marks a premier step in the establishment of national cybersecurity standards. It empowers agencies to integrate cybersecurity mechanisms comprehensively. While A05 has introduced non-mandatory standards to allow flexibility, Thuy indicated that organizations holding substantial personal data should face regulatory enforcement.
Moreover, A05 is currently developing a roadmap to consolidate the Law on Cybersecurity with existing regulations, thereby addressing varying levels of security concerns among organizations. Thuy clarified that once an organization is classified as seriously compromised, adherence to the standards would become mandatory, supported by specific legal documentation.
In conclusion, the establishment of TCVN 14423:2025 signifies not only a technical advancement in cybersecurity protocols but also reflects the state’s commitment to cultivate a legal framework, empowering organizations to safeguard their systems effectively and contributing to national security in the cyberspace domain.
Ha Thuong
