Vũ Ngọc Sơn, Head of the Department of Research, Consulting, Technology Development and International Cooperation at the National Cybersecurity Association. Photo nca.org.vn

Ahead of the signing ceremony of the United Nations Convention against Cybercrime (Hanoi Convention) in Hà Nội on October 25, Việt Nam News reporter Thu Vân spoke with Vũ Ngọc Sơn, Head of the Department of Research, Consulting, Technology Development and International Cooperation at the National Cybersecurity Association, about the significance of the Convention and how it could shape Việt Nam’s cybersecurity landscape and international cooperation.

As a cybersecurity expert, what does the Hanoi Convention mean as more and more countries are facing cyber threats?

It is evident that a convention, a shared legal framework for countries to address cybercrime, is extremely important. As a professional who has worked in cybersecurity for over 25 years, I have observed how criminals increasingly exploit the borderless nature of cyberspace to commit offences. Dealing with such cases requires cooperation among many different countries.

For example, in the well-known attacks on the US and South Korean government websites years ago, I was directly involved in analysing the case alongside international rescue teams. Although the targets were in the US and South Korea, the attacking servers were based in another country, the United Kingdom. When British law enforcement examined the servers, they found that these UK servers were in fact controlled remotely by another server located in the US. This illustrates how a single incident can involve multiple jurisdictions.

When we become victims of such attacks, we realise how vital international collaboration is in investigation and response. With the Hanoi Convention, as many countries come together, there will be a smoother, more coordinated mechanism for cooperation across the world.

In recent years, several cyberattacks have occurred in Việt Nam, but the perpetrators were based abroad. One of the most recent examples involved ransomware attacks. Vietnamese enterprises had their data encrypted and were asked to pay ransoms to recover the decryption keys. Thanks to international cooperation, Việt Nam obtained those keys through law enforcement agencies of another country, allowing the businesses to restore their data without paying a single đồng.

Clearly, once the Hanoi Convention comes into effect, with countries respecting and complying with its provisions, the fight against cybercrime will be strengthened. It will not only benefit law enforcement agencies but also provide an additional layer of protection for enterprises and organisations. In the event of becoming victims, they will have grounds for faster and more effective resolution.

In the context of globalisation and the rapid advancement of digital technology, international cooperation in cybersecurity has become a key factor for countries and businesses to enhance information safety. For cybersecurity enterprises, does the Hanoi Convention create any opportunities for Vietnamese companies, particularly in international cooperation?

The Hanoi Convention is expected to bring many opportunities for cybersecurity companies and organisations in Việt Nam. The country has been making strong efforts to develop its cybersecurity industry, with the ambition of establishing a notable presence in the global market.

However, in recent years, Việt Nam’s achievements have mostly been limited to a few prizes in international cybersecurity competitions. These successes, while commendable, do not yet reflect the true potential and capacity of Việt Nam’s cybersecurity sector on the global stage.

One major reason why Vietnamese cybersecurity enterprises face challenges when introducing their products and services abroad is the legal differences between countries. We hope that the Hanoi Convention will help narrow these legal gaps. Once countries share a common legal framework, their national regulations will become more aligned. This will allow Việt Nam to access and meet international standards, making it easier for Vietnamese products and services to comply with the requirements of other markets.

This means that the export of Vietnamese cybersecurity products and services will become much more feasible. Another key objective of the Convention is to promote cooperation and information sharing among nations. Developed countries also need capable cybersecurity partners, so they will make every effort to help their allies, specifically, the countries that sign the Hanoi Convention, to grow stronger. This will be an advantage for developing nations like Việt Nam, which will gain access to new technologies and enhanced opportunities for technological cooperation and transfer.

For Vietnamese technology firms, this is immensely valuable. We will gain access to official international cooperation channels rather than relying solely on one-to-one diplomatic arrangements, enabling broader global partnerships. Technology exchange and transfer will therefore become much more accessible for Vietnamese enterprises.

For Việt Nam’s technology community, I see enormous opportunities ahead. Since the Convention will be opened for signature in Việt Nam, many international partners will come to the country, providing an excellent chance for Vietnamese businesses to introduce themselves and showcase their products and services to global counterparts. This will help open doors for international expansion and cooperation. We are very much looking forward to the signing ceremony and hope that Vietnamese tech companies will contribute meaningfully to its success.

As the bridge between regulators, businesses and the technology community, what contributions will the National Cybersecurity Association make to the implementation of the Hanoi Convention?

Being entrusted with the role of helping to organise the opening ceremony of the Hanoi Convention in Việt Nam is both a great honour and a major responsibility for the National Cybersecurity Association. We recognise that our activities must reflect the scale and significance of this historic event.

The Association has already begun outreach and awareness campaigns, encouraging its members, including enterprises and organisations in the cybersecurity field, to take an active part in the country’s collective efforts related to the Hanoi Convention. Following the signing, there will be a series of essential tasks ahead, such as completing the legal framework and strengthening technical capabilities among relevant parties.

Given our role, the Association can contribute to improving technical capacity. We have many experienced experts and organisations in Việt Nam’s cybersecurity sector who can help train and upskill professionals. At the same time, the Association will actively advise and participate in the development of legal frameworks to align national regulations with the Hanoi Convention.

Another significant area of opportunity will be international cooperation and technology transfer. The Association aims to serve as a bridge between global cybersecurity associations and organisations in Việt Nam, enabling partnerships and the adoption of advanced technologies. This will help elevate Việt Nam’s cybersecurity products and services to new heights, giving them a stronger international presence. Instead of operating solely within domestic boundaries, our cybersecurity industry will have opportunities to expand and compete globally, a very positive and encouraging prospect for the near future.

The Hanoi Convention is not only a legal instrument but also a driving force for Việt Nam to become a regional and global cybersecurity hub. What strategies does the Association have to help realise this ambition?

Clearly, Việt Nam’s goal and ambition is to accelerate the growth of its cybersecurity industry and, eventually, become a global power in this field. The Hanoi Convention will help set a common international standard for cybersecurity, and Việt Nam has been an active participant in promoting it. We have been preparing early to ensure our services and products meet global standards.

The National Cybersecurity Association is implementing concrete measures to achieve this. First, we are working to standardise the professional qualifications and technical skills of cybersecurity specialists in Việt Nam. The Association already has a plan to harmonise training and skill certification for professionals in the sector.

Second, we aim to produce and provide cybersecurity products and solutions that meet not only domestic needs but also global demand. Given today’s circumstances, ensuring cybersecurity has become a universal and urgent requirement. Việt Nam has a strong advantage in its young, dynamic and talented workforce, ready to engage in this area.

Third, in the global market, developing effective cybersecurity solutions requires real-world experience. Practitioners must understand real attacks and real damage in order to devise effective countermeasures. Việt Nam, being one of the countries most frequently targeted by cyberattacks, actually has an advantage - it provides a large, real-world testing ground for cybersecurity companies and experts. This allows us to create solutions that are not only suitable for Việt Nam but also competitive globally.

The Association is also vigorously promoting the development of expert skills and the creation of world-class products and services. In the near future, we expect more cooperation and technology transfer programmes that will help Vietnamese enterprises better understand foreign markets and needs. We strongly believe that Việt Nam can develop a cybersecurity industry that not only meets domestic requirements but also positions the country among the world’s leading providers of cybersecurity products and services.

What proposals does the Association have to promote public–private cooperation and help Việt Nam build a strong cybersecurity ecosystem?

We have already put forward several proposals to the relevant authorities.

First, we have recommended mechanisms for sharing cybersecurity intelligence between the public and private sectors. Information sharing is essential and mutually beneficial. Government agencies possess official intelligence through international cooperation, while the private sector, especially experts working directly on incidents, has access to practical, research-based insights from global partners. Connecting the two sectors will ensure that cybersecurity intelligence is shared widely and utilised effectively.

Second, we have proposed establishing online training platforms for Vietnamese specialists and officials. Such platforms would significantly reduce the cost of organising in-person training while reaching a wider audience. We hope this initiative will quickly enhance awareness and technical capacity across Việt Nam’s cybersecurity workforce.

Finally, we are proposing that the Government and relevant authorities develop policies to encourage and support private cybersecurity companies to participate directly in national projects and solutions. Currently, private firms mainly provide advice or consultation. We would like to see new mechanisms enabling them to take part in building national cybersecurity systems. This would help elevate Vietnamese products and services further, giving the private sector a greater role in strengthening the country’s overall cybersecurity ecosystem. VNS