IACS Acts on Software Safety
Ships depend more and more on complex computer systems. When each system is isolated and serving only one function then a software failure can have only limited consequences. But when the systems become integrated the risk of a software failure bringing down the entire ship system or the risk of failures due to the integration itself rises. Classification societies are now focusing on managing and limiting that risk.
Philippe Donche-Gay, Executive Vice-President and Head of the Marine & Offshore Division of Bureau Veritas, is currently Chairman of IACS (International Association of Classification Societies). When he took over the chair last year he made the issue of complex system integration a new focus for IACS.
“We class a lot of very sophisticated vessels, especially the new generation offshore service vessels,” explains Donche-Gay. “They have tremendously complex software systems for power management, maneuvering, navigation, communication, on-board management, energy-saving, cargo handling, heavy lifting, cargo work and pumping and management of specialist tasks such as deepwater mining, dredging or underwater construction. We would benefit from having common standards and a defined baseline against which we can check the safety and reliability of the software and most importantly, the way in which the different software on board can interact.”
Donche-Gay says this is not about cyber attacks, although shipboard software, like any other system, has to be protected from malicious external intrusion. “This is about managing the risks that are designed and built into the ship as part of the process of making it more effective and efficient to run. Nothing designed and built today runs efficiently without reliance on complex systems. We want to encourage moves to integration by showing how it can be made safe and properly checked and controlled.”
IACS has set up a working group to tackle the issue, led by Alasdair Anderson of LR and joined by members from ABS, BV, DNV-GL and other IACS members. So far the group has identified the main issues under the headings of system integration/systems approach, software issues, management of change, training related to complex systems and human factors/ergonomics.
“We’ve looked at what else is going on, and for example BIMCO is developing guidance on software maintenance. But several maritime industry associations have urged classification societies to take a leadership role in this,” says Donche-Gay.
The IACS work group is focusing on developing a new unified requirement on system integration for safety critical shipboard systems and exploring the option of potential certification of software providers for essential systems by IACS members. A project team has also been set up in order to revise the existing IACS UR E 22, covering On Board Use and Application of Programmable Electronic Systems, led by Arnault Pedemay of BV, and this will deliver the update as early as July 2015.
“The Unified Requirement is how IACS sets a baseline standard,” explains Donche-Gay. “It is up to each member then to incorporate that into their rules and of course they may if they wish set higher standards or additional requirements.”
The proposed IACS UR on system integration could be developed by mid-2016 and may require a ship integration file which would be a well-structured informational file of the shipboard systems. This will not only assist the owners and operators to better understand the systems on board their ship but also assist class to verify the safety critical shipboard systems. There will be requirements to manage any changes to any part of the shipboard integrated system and requirements for fall back options in case of failure. System self-diagnostics is being looked at as is the production of guidance to manufacturers and system integrators.
“Initially we think these requirements will only refer to certain more complex ship types,” says Donche-Gay, “but it is also a chance to revise our requirements for software systems applicable to all ships in areas such as engine management and e-navigation and ensure we are consistent and coherent throughout.”
IACS is also looking at potential certification of software providers for essential systems. Software assurance and system software certification is an area class could move into and as a step towards that approach there is a proposal in IACS to explore the option of potential certification of software providers to create a database of approved suppliers.
“We don’t want to reinvent the wheel,” says Donche-Gay. “So of course we are looking hard at what other industries do, and what we as major certification bodies in other industries already provide in the areas of software and system integration risk management. We are not talking about the automated ship of the future, it is the ship of today which is increasingly reliable on black boxes, and we need to make sure that is safe.”