By Minh Tam – Translated by Kim Khanh
|Tran Phuong Hong, IT Advisory director, KPMG Tax and Advisory Vietnam and Do Kim Hien, senior solution consultant, KPMG Tax and Advisory Vietnam|
In Vietnam, we have had vast opportunities in conducting SWIFT system security gap assessment projects for Vietnamese banks, and there are best practices that clients should consider while implementing and securing the system according to a SWIFT Customer Security Control Framework (SWIFT CSCF).
The SWIFT CSCF describes a set of mandatory and advisory security controls for users. Mandatory security controls establish a security baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure. The SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain, and risk reduction.
Advisory controls are based on good practice that SWIFT recommends. Over time, mandatory controls may change due to the evolving threat landscape, and some advisory controls may become mandatory.
All controls are articulated around three objectives: ‘Secure your Environment’, ‘Know and Limit Access’, and ‘Detect and Respond’. Controls have been developed based on SWIFT analysis of cyber threat intelligence and in conjunction with industry experts and user feedback. Control definitions are also intended to be in line with existing information security industry standards.
SWIFT CSCF version 2021 has defined 31 security controls (22 mandatory and nine advisory controls) that underpin these objectives and principles. The controls are intended to help mitigate specific cybersecurity risks that users face due to the cyber threat landscape. Within each security control, SWIFT has documented the most common risk drivers that the control is designed to help mitigate.
Addressing these risks aims to prevent or minimise undesirable and potentially fraudulent business consequences, such as unauthorised sending or modification of financial transactions; processing of altered or unauthorised SWIFT inbound transactions; business conducted with an unauthorised counterparty; and confidentiality or integrity breach of business data, computer systems, or operator details.
Ultimately, these consequences represent enterprise-level financial, legal, regulatory, and reputational risks.
During the gap assessment for the SWIFT system, we have noticed a number of common issues that financial institutions often violate compared to SWIFT CSCF requirements.
Firstly, the network micro-segmentation for applications and SWIFT systems is not carried out clearly and completely. For example, email or active directory applications still have common connections to the SWIFT system.
Secondly, security policies and procedures (for example security vulnerability management procedure, and malware prevention procedure) are not detailed, accurate, or aligned to the current situation of the system.
Next, system hardening guidelines/standards are not fully and completely developed, and they are not periodically reviewed and updated. Additionally, the security vulnerability scanning is only conducted on important applications and servers. For network devices, virtualisation platforms, or databases, the scanning is almost ignored.
Finally, the password policy is only applied to Windows servers and not applied on network devices, security devices, or Unix/Linux platforms.
In order to fully assess the security controls of the SWIFT environment, the following important points should be noted.
Understanding client’s SWIFT architecture: The current architecture of SWIFT is divided into four types – A1, A2, A3, and B. Each architecture has a difference in components and the connection from the client to SWIFT. So, understanding each type of architecture will help you identify the scope and assess the relevant systems involved that may affect the security of the SWIFT environment.
Understanding security controls: SWIFT’s security controls are only applied to a certain scope – SWIFT systems and indirect infrastructure related to it. You need to be aware of connections and determine which scope would apply security controls to avoid assessing unnecessary components that are outside the scope.
Understanding mandatory and advisory controls: SWIFT’s security controls are divided into mandatory and advisory controls. Depending on the requirements of the customer and the scope of the assessment, you should decide which controls should be reviewed and evaluated in the most appropriate way.
Understanding the objective of each control: SWIFT CSCF 2021’s security controls are divided into eight groups. Understanding the objective of each control makes it easier to identify alternative controls if they exist and avoid misjudging the customer’s current security level because during the assessment, it is realised that customers could use different security controls than required by SWIFT and still meet the final objective and ensure the safety of the system.
Understanding purpose and role of SWIFT components: SWIFT includes many components with different roles such as messaging interface, communication interface, SWIFTNet Link, connector, and more. These components connect, interact, and have mutual security relationships. Therefore, understanding the roles and functions of each component helps you determine which security controls are appropriate for which component, thereby assessing most accurately and effectively for potential risks.
As international transactions and commerce become more popular, SWIFT becomes one of the important components of financial institutions, especially banks. Therefore, its security needs to be paid close attention to properly minimise fraud in international transactions, protect user data, and safeguard the reputation of the organisation.
HÀ NỘI — The Ministry of Transport (MoT) has asked the Government to add seafarers and maritime workers to the list of frontline workers to receive COVID-19 vaccinations.
This agency also requested the Government to direct the Ministry of Foreign Affairs to help Vietnamese crew members who stuck abroad return home on repatriation flights.
Vietnamese seafarers who are quarantined in concentrated isolation areas should be prioritised at an affordable cost, the MoT said in the written request to governments and People’s Committees of provinces and cities.
At the end of March, leaders of the International Civil Aviation Organisation (ICAO), the International Maritime Organisation (IMO), the International Labour Organisation (ILO), the World Health Organisation (WHO) issued a joint statement calling on United Nations member states to put seafarers and crew members at the head of the vaccine queue to facilitate safe travel between countries.
In a letter sent to the International Maritime Organisation (IMO), Nguyễn Xuân Sang, Director of the Vietnam Maritime Administration and Deputy Secretary-General of the IMO Vietnam, asked IMO to prioritise COVID-19 vaccinations for sailors regardless of their nationality.
Sang proposed that IMO member countries include maritime workers on their priority lists , administering the vaccines to sailors and maritime workers on vessels that dock at ports under their management.
The Vietnam Shipowners’ Association the move is to keep nation supplied with vital goods and contributing to the recovery and stabilisation of the economy.
Volunteers injected with made-in-Vietnam COVID candidate vaccine
Six volunteers on Monday received the second shot of a homegrown COVID-19 vaccine, COVIVAC.
These people were injected with the first shot of COVIVAC, Việt Nam’s second candidate vaccine against SARS-CoV-2, on March 15.
The vaccine was developed by Nha Trang-based Institute of Vaccines and Medical Biologicals (IVAC).
Ninety-six volunteers have been had been given the first shot in the first phase of COVIVAC’s clinical trials, according to Phạm Thị Vân Anh, director of Centre for Clinical Pharmacology, Hà Nội Medical University.
There were no serious reactions after 24-hours and 7-days in the volunteers.
Reactions were expected, mostly mild symptoms such as pain at the injection site and headache.
It is expected that the first shot of COVIVAC vaccine’s test will be completed on April 18 for 120 volunteers. — VNS
Veggie, fruit exports fetch some US$1 billion in Jan-March
By Vu Yen
|Farmers process dragon fruit. Vietnam exported vegetables and fruits worth over US$900 million in the first quarter of 2021, up 6.1% year-on-year – PHOTO: SGT|
HCMC – Vietnam exported vegetables and fruits worth over US$900 million in the first quarter of 2021, up 6.1% year-on-year, according to data from the Import-Export Department under the Ministry of Industry and Trade.
In March, revenue from vegetable and fruit exports amounted to US$380 million, up 6.3% year-on-year, contributing to the rise in veggie and fruit export earnings in the three-month period.
The Covid-19 outbreaks were brought under control, smoothing the export operations, resulting in the growth in fruit and vegetable exports, according to the Import-Export Department.
China remained Vietnam’s largest fruit and vegetable buyer. In the first two months of the year, the country shipped fruits and vegetables worth US$350 million to China, increasing by 17.5% year-on-year and representing 62.5% of the country’s total fruit and veggie export value in the two months.
The United States, Thailand, Japan and South Korea were among Vietnam’s major fruit and vegetable importers.
Vietnam saw its shipments of fruits and vegetables during the January-March period to Taiwan, Malaysia and Australia soar by 43%, 32.5% and 30.6%, year-on-year, respectively.
The validity of some free trade pacts such as the European Union-Vietnam Free Trade Agreement, the Comprehensive and Progressive Agreement for Trans-Pacific Partnership and the Regional Comprehensive Economic Partnership has opened a wide door for local exporters.
The United Kingdom-Vietnam Free Trade Agreement will take effect on May 1, which is expected to contribute to ramping up Vietnam’s exports of farm produce.
Under the agreement, over 94% of the total of 547 tariff lines on vegetables and fruits and processed products from vegetables and fruits will be scrapped.
Vietnam has one million hectares of fruit plants, with an output of over 12.6 million tons. The country’s fruits have reached numerous markets.
Until date, the Plant Protection Department under the Ministry of Agriculture and Rural Development has granted 998 codes to areas that grow fruits for export to the United States, Australia, South Korea, Thailand, Japan and the European Union.
Meanwhile, global economic growth is also forecasted to be more optimistic, leading to an expectation about increasing demand for petrol products, having affected the global oil prices in the past time.
The global gasoline prices in the past 15 days were mixed, but the general trend was a slight decrease.
Domestically, the pandemic continues to be controlled well. The activities of production, business, and daily life of the people continue to gradually recover but still encounter many difficulties.
In recent adjustments, to support the production and business activities of enterprises and the daily life of people, and limit the increasing level in fuel prices, the ministries of Industry and Trade and Finance had used the Fuel Price Stabilization Fund at a fairly high level. From March 27 to April 12, the fund spending ranged from VND500 to VND1,900 per liter or kilogram for petroleum products.
From the beginning of the year to now, the Fuel Price Stabilization Fund has continuously been tapped with an appropriation from VND200 to VND2,000 per liter or kilogram on petroleum products.
In this adjustment, if not using the fund, the retail prices for petroleum products will surge by about VND123-VND1,755 per liter or kilogram.
To limit the increase in the retail fuel prices, contributing to stabilizing prices of goods in the market, supporting the life, production, and business activities of people and enterprises that remain difficult due to the impacts of the Covid-19 pandemic, the ministries decided not to set up the fuel price stabilization fund for all petroleum products and continue to spend the Fuel Price Stabilization Fund at high levels for all kinds of petroleum products.
This adjustment of gasoline prices continues to contribute to ensuring the implementation of the target to control inflation and stabilize the market from the beginning of this year, supporting people and businesses, and maintain the price difference between bio-fuel E5 RON92 and fossil gasoline RON95 at a reasonable level to encourage the use of biofuel to protect the environment following the policy of the Government.
Accordingly, from 4.30 p.m. on April 12, the retail prices of petrol and oil are adjusted as follows:
E5 RON92 gasoline is not higher than VND17,806 per liter, down VND45 per liter. If not using VND1,800 per liter from the fund, the price would jump VND1,755 per liter to VND19,606 per liter.
RON95 gasoline is not higher than VND18,970 per liter, down VND76 per liter. If not using VND950 per liter from the fund, the price would climb VND874 per liter to VND19,920 per liter.
Diesel oil 0.05S is not higher than VND14,141 per liter, down VND102 per liter. If not using VND250 per liter from the fund, the price would edge up VND148 per liter to VND14,391 per liter.
Kerosene is not higher than VND12,827 per liter, down VND177 per liter. If not using VND300 per liter from the fund, the price would go up VND123 per liter to VND13,127 per liter.
Fuel oil 180CST 3.5S is not higher than VND13,687 per kilogram, down VND70 per kilogram. If not using VND500 per kilogram from the fund, the price would rise VND430 per kilogram to VND14,187 per kilogram.
By Van Phuc – Translated by Gia Bao
The new site would enable Sanofi to produce innovative vaccines on a massive scale for Asia and respond to future pandemic risks, the company said in a statement.
Sanofi said it expects to start the construction of the site in the third quarter of 2021 and be fully operational in the first quarter of 2026.
The project is expected to create up to 200 local jobs, it added.
Sanofi, a global conglomerate, is a leading vaccine developer and manufacturer, offering a portfolio of vaccines to protect children, adolescents, and adults from diseases such as influenza, infectious diseases, and endemic diseases.