Software Maintenance from the System Manufacturer s Perspective. Richard Doherty Chief Technical Officer CIRM

Similar documents
CYBER SECURITY INDUSTRY GUIDELINES

Skibsteknisk Selskab. Standard on Software Maintenance of Shipboard Equipment. Chief marine technical officer Aron Sørensen

e-navigation and Geospatial Intelligence for Maritime Operations; Developing a Strategic Vision Digital Ship Athens 2014

GUIDELINES ON THE DESIGN AND USE OF PORTABLE PILOT UNITS

E-navigation, process, results, status and delivery

Maritime cybersecurity using ISPS and ISM codes

Industry Recommendations for ECDIS Familiarisation

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

REPUBLIC OF. Marine Notice THE MARSHALL ISLANDS No OFFICE OF THE MARITIME ADMINISTRATOR Rev. 8/06

MARITIME AND PORT AUTHORITY OF SINGAPORE SHIPPING CIRCULAR TO SHIPOWNERS NO 10 OF 2014

Implementing a Ship Energy Efficiency Management Plan (SEEMP) Guidance for shipowners and operators

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

The Guidelines on Cyber Security onboard Ships

A guide to THE COMPLETE ECDIS SOLUTION FROM TRANSAS

Are you ready for the new ECDIS regulations? Your nine stage guide to meeting the revised SOLAS requirements

Sperry Marine Fleet Management Enterprise Solution

A guide to. the complete ecdis solutions from transas

Voyage Data Recorder. Long term performance and reliability. jrceurope.com/vdr

ANNEX 7 DRAFT E-NAVIGATION STRATEGY IMPLEMENTATION PLAN

ALLIED MARITIME COMMAND

The Impact of GPS Jamming on the Safety of Navigation

Electronic Chart Systems the portable approach

1.1 The primary function of the ECDIS is to contribute to safe navigation.

3. It must be emphasized that these guidelines are intended as a practical resource that can be used by any government that finds them helpful.

Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes

CONCEPT FOR ACTIVITY 1: DYNAMIC & PROACTIVE ROUTES OR GREEN-ROUTES

Link 2 Vehicle Maintenance System

All your fleet needs. All in one place.

PANAMA MARITIME AUTHORITY General Directorate of Merchant Marine. Merchant Marine Circular No. 193

IEC TECHNICAL COMMITTEE 80: MARITIME NAVIGATION AND RADIOCOMMUNICATION EQUIPMENT AND SYSTEMS

The Concept of Apps as a Tool to Improve Innovation in e-navigation

Committees Date: Subject: Public Report of: For Information Summary

INTERNATIONAL STANDARD

Get more efficient voyage planning and chart management in a single service

Cadets Careers at Sea

Delivering Excellence in Insurance Claims Handling

Jeppesen is a Boeing company

FOR MAC. Quick Start Guide. Click here to download the most recent version of this document

Process Improvement Plan

An overview of the Maritime Cloud proposed information exchange infrastructure for e-navigation

AIS Overview. Evans Starzinger

UNIVERSITY OF CEBU Maritime Education and Training Center SHIPBOARD TRINING OFFICE

ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY

E-Navigation Infrastructure: Communications and the Maritime Cloud. David Camre Software Developer Danish Maritime Authority


Marine Training Courses available from B & M Marine Services

New Requirements for Security Training for Shipboard Personnel

Customer Onboarding Guide. How to successfully set up your service 2-9 users

Vessel Operations Cooperative Solutions

Introduction to AIS White Paper

IMO. RESOLUTION A.817(19) adopted on 23 November 1995 PERFORMANCE STANDARDS FOR ELECTRONIC CHART DISPLAY AND INFORMATION SYSTEMS (ECDIS)

INFORMATION SECURITY California Maritime Academy

LP News. New ECDIS mandatory requirements Part 2: A key to safe operation UK P&I CLUB

When a Process Diagram is not Enough

STCW A GUIDE FOR SEAFARERS Taking into account the 2010 Manila amendments

Notice to all Ship Owners and Operators; Masters, and Deck Officers of Merchant Ships; Manufacturers, and Suppliers of Voyage Data Recorders.

DPC - Strategy and Project Delivery Unit Project Management Methodology. Updated April 2010

INTERNET VPN SETUP GUIDE

Organization. Project Name. Project Overview Plan Version # Date

The only navigation information management system you need now and for the future

Preparing yourself for ISO/IEC

WINS QMS Quality Management System Manual. WINS PROPRIETARY INFORMATION Rev.12.0

World Vessel Traffic Services Guide - Australia - Melbourne

The Most Powerful Tool In Your Belt

Technical Information

AIS (Automatic Identification System)

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

White paper: How to implement a Quality Management System

Prof. Pietro del Rosso

ESET SMART SECURITY 9

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

ST. VINCENT AND THE GRENADINES

Roadmap for Remote Controlled Ships

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

NAVI-PLANNER A guide to the markets fastest and most powerful voyage planning and chart management application

Isle of Man Regulations implementing the STCW Manila Amendments

First Data Global Gateway iphone App User Manual

STCW 78,as amended in 2010: concepts and trends

ANNEX 11. RESOLUTION MSC.128(75) (adopted on 20 May 2002) PERFORMANCE STANDARDS FOR A BRIDGE NAVIGATIONAL WATCH ALARM SYSTEM (BNWAS)

ISO 9001 and ISO Quality Management Guidance for CM Relative to CMII (Rev B)

Project Management Manual

Sound Transit Internal Audit Report - No

Manchester City Council Role Profile. Service Desk Analyst, Grade 6. ICT Service, Corporate Core Directorate Reports to: Team Lead (Service Support)

Spikes Security Isla Browser Isolation System. Prepared for Spikes Security

Technology and Cyber Resilience Benchmarking Report December 2013

AVCS Folio for - ADMIRALTY Chart Agent PAYS Services

Control and management of privileged users

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Frequently Asked Questions

PRODUCT SPECIFICATION for RASTER NAVIGATIONAL CHARTS (RNC)

ECDIS COMPLETE. A guide to the complete ECDIS solution from Transas

ESET SMART SECURITY 6

MageFence. User manual

TRANSERV GLOBAL SERVICE & SUPPORT MAINTENANCE CONTRACTS

History of the IMO Effort to Improve Container Safety

How To Use Ansch\U00Fctz'S Intelligent Bridge Control System

HELCOM perspective on clean Baltic Sea shipping. Helsinki Commission

Version 4.0 November Admiralty e-navigator Service. Fleet Manager User Guide 1

Safe Navigation Support System based on e-navigation Concept

IT Baseline Management Policy. Table of Contents

Transcription:

Software Maintenance from the System Manufacturer s Perspective Richard Doherty Chief Technical Officer CIRM

Introducing CIRM

Who are CIRM? CIRM (Comité International Radio-Maritime) is a non-profit trade association We are an NGO in consultative status to the International Maritime Organisation 100 members from across marine electronics industry Our technical scope is navigation and radiocommunication equipment and systems Our current Board members:

Technical Scope of Interest Navigational equipment and systems Radiocommunications and GMDSS Electronic charts and systems, ECDIS Automatic Identification System (AIS) Voyage Data Recorders (VDR) LRIT and satellite-enabled tracking systems

Structure Technical Steering Committee Chief Technical Officer CIRM Working Groups Output Papers

CIRM s active Working Groups E-navigation Type Approval ECDIS CIRM/BIMCO Joint Working Group

Member Profile Types of members Manufacturers System integrators Member locations 32 countries Across 6 continents Service providers Equipment servicing companies Software companies

System manufacturers and software maintenance

Background SW Maintenance of critical importance to CIRM members Grandfather clause tradition is falling away as systems become SW dependent, requiring maintenance Increasing complexity of integrated systems plus developments in e- Navigation increase need for effective SW maintenance Development of updates is not seen as the major issue operation phase of SW lifecycle most problematic for quality assurance

What are the concerns? Lack of awareness / visibility about situation on board Which software versions are installed? Are they the appropriate versions? Are SW updates available? Are available updates compulsory or voluntary? What were the outcomes of previous service visits? How to obtain/monitor this information in a convenient way?

What are the concerns? Competencies of service personnel How to ensure that qualified people are coming on board to perform maintenance? How to ensure service personnel are adequately trained and supported by makers? How to ensure consistency & continuity of service between different service companies?

What are the concerns? Cyber security threats How to secure internal networks / equipment against potential attacks during software maintenance performed on board? How to secure internal networks against potential attacks during remote connection?

What are the concerns? Other concerns How can the Shipowner effectively communicate a SW problem so that the maintenance can be properly planned? What to do if a SW update fails, so that a system can continue to be used? As systems become increasingly interdependent, how to understand the ramifications of updating one system on the functionality on another?

Standard on Software Maintenance of Shipboard Equipment

Background BIMCO initially approached CIRM in 2013 CIRM/BIMCO Joint Working Group (JWG) established 2014 Aim: to develop a standard before we are given one by the regulators CIRM has specific area of interest (nav/comms) but software is software Work of the JWG has been transparent IMO has been informed/updated Group developed 14 drafts before producing Version 1

How will the standard help the current situation? Identifies stakeholders across SW maintenance lifecycle; groups into Roles Producer System Integrator Data Provider Service Shipowner (e.g. company that manufacturers the ECDIS) (e.g. company that installs the integrated bridge) (e.g. company that produces the ENCs) (e.g. company responsible for servicing the ECDIS) (e.g. shipping company that owns the ship) Provides requirements for each of these Roles Fulfilling the requirements of this standard will take a major change in thinking by all stakeholders The following slides identify some of the key requirements that we feel will improve the situation

Increasing awareness/visibility of situation on board Electronic Service Report (Appendix 3) Completed by Service Role at the conclusion of SW maintenance Standard specifies minimum content Onboard software log (Appendix 4) Shipboard repository of electronic service reports Implemented and maintained by Shipowner Role on ship PCs Availability of software updates Producer Role must make information available when updates ready Awareness of software versions Equipment must display on demand the current SW version

Ensuring effective planning of SW maintenance Checklist for communicating a software problem (Appendix 2) To be communicated by the Shipowner to other stakeholders Producer requirements If update to be performed by crew, detailed instructions to be provided Service requirements When planning SW maintenance a Plan of Approach must be created providing a description of work expected to be undertaken Before arriving on board service must agree time, place and maintenance requirements with Shipowner Shipowner requirements Comprehensive update plan to be prepared in advance of SW maintenance

Ensuring competencies of service personnel Software maintenance competency requirements (Appendix 1) Indicates required competencies for different levels of SW maintenance Producer requirements Must specify maintenance requirements in maintenance manuals Service requirements Must have auditable QA system covering competence management Must meet Producer s maintenance requirements Train-the-trainer model allowed; for certain types of equipment technicians may require additional testing/certification by the Producer

Improving the execution of SW updates Requirements for the Producer Role Shipboard equipment must support procedures to roll back to a previous software version & configuration (in case of failure) Where applicable equipment should include ability to generate on-the-spot diagnostic report after maintenance has been performed Equipment should provide means to check that interfaces and functionality are operating as expected after update performed (System Integrator) - New updates must be assessed to determine impacts on software installed on connected equipment

Improving the security of SW maintenance General cyber security requirements QA systems of all Roles must cover cyber security Producer requirements Equipment must provide protection against unauthorized access (e.g. IEC 60945) Service requirements Maintenance operations must not lead to malware infection Requirements on use of removable storage devices and malware checks Restrictions on connection of uncontrolled equipment to controlled networks Shipowner requirements Procedures must be in place to protect equipment against malicious or unintentional security threats

Next steps

Trial CIRM Technical Steering Committee agreed to promote a trial of the standard Producer and Service Roles to implement the standard on a pilot project basis Outcomes to be fed back into the Joint Working Group to improve standard

Thank you Richard Doherty Chief Technical Officer CIRM rd@cirm.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information