May 17, 2020

World's Top 5 Ports

worlds-top-5-ports
Freddie Pierce
4 min
The world's five biggest ports

Sea freight and port operations form a vital part of the supply chain. In fact, more than 90 percent of the worlds trade is carried by sea, according t...

Sea freight and port operations form a vital part of the supply chain. In fact, more than 90 percent of the world’s trade is carried by sea, according to the Maritime and Port Authority of Singapore. Elsewhere in this issue, industry expert Liz Wells takes a closer look at the state of the global shipping industry. In this article though, we identify the world’s five largest ports based on container traffic: Singapore (Singapore), Shanghai (China), Hong Kong (Hong Kong), Shenzhen (China) and Busan (South Korea).

1. Port of Singapore

Established in 1996, the Port of Singapore has since become a global hub port and international maritime center. The Maritime and Port Authority of Singapore is the driving force behind port operations and is responsible for regulating port activities. On average, the Port of Singapore attracts 140,000 vessel calls annually. In terms, of shipping tonnage, it is the busiest port in the world.

Vital statistics
> 2-3 ships arrive or leave Singapore every minute.
> There are 1,000 vessels in the port at any one time.
> It is connected to more than 600 ports worldwide.
> 120,000 ships call at Singapore every year.
> 5,000 maritime companies contribute approximately 7 percent to Singapore’s gross domestic product.

2. Port of Shanghai

The Port of Shanghai is one of China’s most vital gateways for foreign trade, as its location suggests. Situated in the center of the country’s coastline, it sits where the Yangtse River meets the sea. According to the Shanghai International Port Group (SIPG), which operates all public terminals at the port, annual import and export trade through Shanghai accounts for a quarter of China’s total foreign trade.

Vital statistics
> Container throughput reached 21.71 million TEUs in 2006, which saw it ranked the third largest container port in the world for three consecutive years.
> Over 2,000 container ships depart from the port every month.
> SIPG operates 125 berths on a total quay length of about 20km.
> SIPG also owns 5,143 units of cargo handling equipment.

3. Port of Hong Kong

One of the busiest international container ports in the world, Hong Kong is the location for major cargo handling facilities. It is more commonly known as the “fragrant harbor” and is situated in close proximity to the Pearl River Delta Region. The Hong Kong Port Development Council (PDC) was started in 2003 and is focused on port planning and promotion. The port is vital to the economic growth of both Hong Kong and southern China, and handles 89 percent of Hong Kong’s total cargo throughput.

Vital statistics
> The port handled 21 million 20 foot TEUs.
> In 2009, 205,510 ships visited the Port of Hong Kong.
> It provided about 400 container liner services per week last year, which connected to over 500 destinations globally.
> The Kwai Chung-Tsing Yi Container Terminals handled 15.2 million TEUs in 2009, accounting for 72 percent of the port’s total container throughput.

4. Port of Shenzhen

Shenzhen Port is adjacent to Hong Kong and south of the Pearl River Delta. Over 30 billion Yuan was invested in the port between 1979 and 2004 in order to construct port infrastructure facilities. By 2004, cargo throughput reached 135 million tons, an increase of 20.33 percent on 2003. While the port serves the Shenzhen area and makes an important economic contribution, it is also a vital hub for Guangdong Province, South China, Hong Kong and international container transhipment.

Vital statistics
> Annual handling capacity is 83.764 million tons, including 6.2 million TEUs.
> The total length of the port’s coastline amounts to 22,149.7 meters.
> On a monthly basis, 560 ships call at the port.

5. Port of Busan

The largest transhipment port in northeast Asia, Busan Port has been developed by Busan Port Authority (BPA) since 2004. It is located on the main trunk route and has a feeder network connecting to ports in China, Japan and Russia. The BPA has overseen the implementation of technologies such as the U-Port system and speedy screening system at the port. It is also investing heavily in overseas projects, including Russia’s Nakhodka Port and logistics projects in Hunchun and Zarubino in China.

Vital statistics
> Busan Port handles over 13 million TEUs annually.
> The port is deep enough to accommodate more than 10,000 TEU container vessels.
> It is also in active echange with 500 ports in 100 countries.

Share article

Jun 21, 2021

Google and NIST Address Supply Chain Cybersecurity

Google
NIST
SLSA4
Sonatype
Elise Leise
3 min
The SolarWinds and Codecov cyberattacks reminded companies that software security poses a critical risk. How do we mitigate it?

As high-level supply chain attacks hit the news, Google and the U.S. National Institute of Standards and Technology (NIST) have both developed proposals for how to address software supply chain security. This isn’t a new field, unfortunately. Since supply chains are a critical part of business resilience, criminals have no qualms about targeting its software. That’s why identifying, assessing, and mitigating cyber supply chain risks (C-SCRM) is at the top of Google and NIST’s respective agendas. 

 

High-Profile Supply Chain Attacks 

According to Google, no comprehensive end-to-end framework exists to mitigate threats across the software supply chain. [Yet] ‘there is an urgent need for a solution in the face of the eye-opening, multi-billion-dollar attacks in recent months...some of which could have been prevented or made more difficult’. 

 

Here are several of the largest cybersecurity failures in recent months: 

 

  • SolarWinds. Alleged Russian hackers slipped malicious code into a routine software update, which they then used as a Trojan horse for a massive cyberattack. 
  • Codecov. Attackers used automation to collect credentials and raid ‘additional resources’, such as data from other software development vendors. 
  • Malicious attacks on open-source repositories. Out of 1,000 GitHub accounts, more than one in five contained at least one dependency confusion-related misconfiguration. 

 

As a result of these attacks and Biden’s recent cybersecurity mandate, NIST and Google took action. NIST held a 1,400-person workshop and published 150 papers worth of recommendations from Microsoft, Synopsys, The Linux Foundation, and other software experts; Google will work with popular source, build, and packaging platforms to help companies implement and excel at their SLSA framework

 

What Are Their Recommendations? 

Here’s a quick recap: NIST has grouped together recommendations to create federal standards; Google has developed an end-to-end framework called Supply Chain Levels for Software Artifacts (SLSA)—pronounced “Salsa”. Both address software procurement and security. 

 

Now, here’s the slightly more in-depth version: 

 

  • NIST. The organisation wants more ‘rigorous and predictable’ ways to secure critical software. They suggest that firms use vulnerability disclosure programmes (VDP) and software bills of materials (SBOM), consider simplifying their software and give at least one developer per project security training.
  • Google. The company thinks that SLSA will encompass the source-build-publish software workflow. Essentially, the four-level framework helps businesses make informed choices about the security of the software they use, with SLSA 4 representing an ideal end state. 

 

If this all sounds very abstract, consider the recent SolarWinds attack. The attacker compromised the build platform, installed an implant, and injected malicious behaviour during each build. According to Google, higher SLSA levels would have required stronger security controls for the build platform, making it more difficult for the attacker to succeed. 

 

How Do The Proposals Differ? 

As Brian Fox, the co-founder and CTO at Sonatype, sees it, NIST and Google have created proposals that complement each other. ‘The NIST [version] is focused on defining minimum requirements for software sold to the government’, he explained, while Google ‘goes [further] and proposes a specific model for scoring the supply chain. NIST is currently focused on the “what”. Google, along with other industry leaders, is grappling with the “how”’. 

 

Share article