INNOSEA joins JIP consortium on Floating Solar

first_imgOther established members to the consortium include: BayWa, Blue C Engineering, Carpi Tech/Makor Energy, Ciel & Terre International, Compagnie Nationale du Rhone, Noria Energy, EDF – Électricité de France, EDP – Energias de Portugal, Equinor, Isigenere, Mainstream Renewable Power, Scatec Solar, Seaflex and Statkraft. Other new members include: Total SA, Acciona and SolarMarine Energy. Led by DNVGL, the consortium is aiming to develop the first recommended practice for the development of floating solar power projects; creating the first commonly recognized standard. Félix Gorintin, head of Floating Solar at INNOSEA, said: “Being invited to join such a leading consortium is a testament to the work INNOSEA has been doing in the sector. Creating a commonly recognised standard is a key part of the industry’s development. Not having common standards in place makes it difficult for investors to have confidence in projects and for standards to be enforced. We are looking forward to working with such a highly regarded collection of fellow members and to support the development of an industry, which is a key part of the future energy mix.” The standard will be based on a defined list of technical requirements for developing safe, reliable and sustainable projects. INNOSEA, a part of LOC Group, has been invited to join the Floating Solar JIP consortium, a group of 23 leading companies in the renewable energy arena. Joining the consortium is on an invitation only basis, requiring the approval of all existing members. Areas that INNOSEA will focus specifically include site characterization, energy yield, floaters, mooring and anchoring design. The invitation to join the Floating Solar JIP consortium, comes on the back of extensive work in the area, covering 30 projects and 690MWp. Projects included engineering and design work for 15 floating offshore developments, across 6 countries, Strategic Advisory Services for site investigation, mooring EPCI and owner’s engineering services. INNOSEA is supported by the wider LOC Group renewables team.last_img read more

Security Architecture AntiPatterns by UK Government National Cyber Security Centre

first_imgThe National Cyber Security Centre of the UK Government recently published a white paper on the six design anti-patterns that should be avoided when designing computer systems.The first anti-pattern is ‘browsing-up’ for administration. This refers to administrating a system from a computer/terminal that is less trusted than the system itself. Essentially, the administrator computer is the weakest link and can be an easier target in attacks. A better approach to this is ‘browsing-down’, keeping administration computers clean by using safeguards such as not browsing the web or opening email attachments.A second pattern that should be avoided is short-cutting layered defences in a network, via management access. This can be identified when, for example, a user request has to traverse through a Web Application Firewall (WAF), an application server and some logic in order to access the database, whereas management access grants the administrator direct access to the database, bypassing all the intermediate layers. The recommended solution to this is to use a similar layered defences in management interface as is used for user access.Another pattern to be avoided is having multiple firewalls back-to-back for the same set of controls. The reasoning behind using multiple firewalls for the same controls (often from different vendors) is that an exploit in one of them would stop the attacker in the second one. The counter argument by NCSC is that an exploit in a firewall would rarely be a result of data payload, but most probably would be because of a vulnerability in the administration interface, which should not be connected to public Internet anyway. Also, effective patching should mean that only 0-day exploits would be able to be used by the attacker. Finally, proper defence-in-depth design of the network should minimise the effects of such a breach anyway. The recommendation by NCSC is to implement a firewall once, and do it well. Adminstrators should actively maintain the firewall and its configuration.Lifting and shifting an ‘on-premises’ solution to the cloud is another pattern to be avoided. This usually means that the on-premises infrastructure components are replicated into the cloud, without proper architecture design or consideration of whether they are still the best components to use. For example, spinning up an AWS EC2 instance, only to install an open source SQL database and use it as a database server, will have to be weighed against using the native AWS RDS solution. In general, using higher order services can both free up resources from patching and updating these systems, which will typically result in a more secure system.Having third party access that is not controlled and/or monitored is another pattern to avoid. This typically results from outsourcing support to a third party organisation. This third party may have direct access to a system, an access that bypasses many security layers. Avoiding this anti-pattern relies on following the principles mentioned above, allowing access based on the least privilege principle, and ensuring that there is an audit trail for every action in the system. Organisations should also choose third parties carefully, and perform appropriate due diligence.The last pattern to avoid is the “un-patchable system”. Systems that have to be operational 24/7 and can only be patched with downtime measured in hours (or even days) are very difficult to patch. Usually these are systems that have no redundancy in their subsystems, but systems should always be designed for easy maintainance, and patching should ideally be instant, continuous and incur zero downtime.The whitepaper itself goes to great lengths for each anti-patterns, and also suggests further reading.last_img read more