IACS published 9 of its 12 recommendations on cyber safety, in order to facilitate the delivery of cyber resilient ships, in order to maintain their resilient throughout their working lives. The first report recommended procedures for software maintenance of shipboard equipment and systems. The second one focuses on control of software dependent systems.
- How to conduct proper software maintenance
- Efficient control of software dependent systems
- Contingency plan for onboard computer based systems
- Guidelines on ship board network architecture
- Data assurance of computer-based system onboard
IMO requires through SOLAS that local control of essential machinery to be available in case of failure in the remote and unattended machinery spaces control systems. For traditional mechanical propulsion machinery, this design principle is well established.
To help operators adhere to these requirements, IACS made the following recommendations, which splits in two parts. The first part is ‘Design recommendations for propulsion control and related auxiliary systems’. These include:
- Local control should be provided for;
- Local control systems should include necessary Human Machine Interface (HMI) for effective local operation;
- Local control systems should be of a robust design suitable for the environmental exposure and the intended operation;
- Local control systems should be self-contained and not depend on other systems or external communication links for its intended operation;
- A single failure in a local control system should not cause loss of the propulsion function. For single-engine plants, this implies that component redundancy shall be arranged. For multiple engine plants with independent local control systems, the goal could be achieved provided minimum manoeuvrability for the safe operation of the vessel is maintained after a single failure;
- Failure in remote control systems should not prevent local operation;
- Unused communication ports should be disabled;
- Facilities for selecting “local” at or near the machinery shall be provided for. When local control is selected, any control signal(s) from the remote control system shall be ignored.
The second part regards ‘Auxiliary services’ and includes the following suggestions:
- For electrically driven units in auxiliary services, the local control should normally be arranged at the motor starter in MCC’s and, if applicable, also near the EUC;
- For machinery systems which require continuous automatic control, manual control of the individual EUC’s may not be possible. In such cases, local means should be provided to both monitor the concerned process- and to enable/disable any automatic functions / modes.
In addition to these recommendations, testing also plays an important role. Tests should be carried out periodically to demonstrate the necessary independence, functionality and operability before delivery.
See more information in the PDF herebelow