Since 2013, EVNHCMC has been developing its cybersecurity system and working to expand and upgrade it to meet security requirements for both its information and operational technology (IT and OT) systems in the context of the digital transformation progress in EVNHCMC and EVN.
As a step in its long-term security strategy, EVNHCMC has adopted and maintained the ISO 27001:2013 standard for information security management system (ISMS) and was certified by DAS Certification Ltd., in July 2017. Plans are in place for the standard to be applied in subsidiaries operating critical information systems across the organization.
The Corporation has issued an Internal Guideline on Cybersecurity regarding investment, management and operation of its cybersecurity system in compliance with Decision No.99/QD-EVN dated January 18, 2021 of the Vietnam Electricity Group (EVN) regarding information security within EVN and related state regulations.
EVNHCMC has deployed an IT security system as a means to protect the information systems under its operations, which is designed following the principles of network partitioning and multi-layered defense using a wide variety of technologies. Accordingly, the IT network system is divided into different areas such as central server area, branches network area, Internet-connected area, public information area and partner connection area. Demilitarized zones (DMZ) are also designed to ensure safety for connections to external networks such as the Internet and the OT network. Security Operations Center (SOC) and Network Operations Center (NOC) networks are isolated for administration and operation security activities.
Many different security technologies have been deployed in combination for the effectiveness of IT Security, such as the Next-gen firewall, IDS-IPS, Database protection, DLP, WAF, Email/Internet Gateway, NAC, APT and DDOS, etc. End-user security is enhanced through Active Directory (AD) combined with Endpoint Protection for all personal computers. Privileged accounts are strictly managed through PIM, and IT network activities are recorded through SIEM services.
OT security has been developed to protect SCADA/DMS, DAS, and SAS systems based on the principles of network partitioning combined with multi-layered defense. The OT network is also isolated from the Internet and its communications with the IT network are made through Data Diode devices.
The OT network system is divided into different areas such as the SCADA/DMS Center network area, DAS network area, independent SAS network areas, and OT-IT communication DMZ. Similar to IT security, OT security also applies multiple security technologies such as the Next-gen Firewall, Industrial UTM, IDS-IPS, Active Directory authentication mechanism, RSA 2FA combined with Endpoint Protection for workstations at the SCADA/DMS Center. The OT Security has a dedicated SIEM system, and privileged accounts are also strictly managed with PIM.
Security Operations Center (SOC)
The EVNHCMC IT & OT SOC was built to quickly detect threats and unusual behaviors in the system, provide quick analysis and diagnosis of security events for accurate prioritization and react quickly to assessed threats, thereby minimizing damage caused by attacks.
EVNHCMC SOC includes three main groups of functions: Visibility, Analysis, and Action-Response with the core solution being the SOAR (Security Orchestration, Automation and Response) system combined with existing IT and OT Security solutions to form two comprehensive IT SOC and OT SOC solutions consolidated into a single system managed by the EVNHCMC’s security experts team.
Disaster Recovery Plan (DRP)
EVNHCMC has issued a DRP for its OT and IT networks, establishing the organization for disaster responses, specific sequences to manage multiple incident scenarios, and the mechanism of reporting, data synthesizing, and statistical work. EVNHCM has been holding annual cyber security drills, participating in cyber security drills organized by EVN as well as other institutions at national and regional levels.
Securing Customer’s information
Data protection is an increasingly important focus for EVNHCMC, as with most businesses globally, EVN HCMC has been maintaining full compliance with EVN’s regulations on securing customer’s information as well as securing registration data of customers visiting the EVNHCM’s Customer Service website. Several security solutions such as data encryption, transmission encryption, database protection, DLP, and customer data access monitoring are deployed for the process of storing and managing these types of information.