Software Maintenance from the System Manufacturer s Perspective Richard Doherty Chief Technical Officer CIRM
Introducing CIRM
Who are CIRM? CIRM (Comité International Radio-Maritime) is a non-profit trade association We are an NGO in consultative status to the International Maritime Organisation 100 members from across marine electronics industry Our technical scope is navigation and radiocommunication equipment and systems Our current Board members:
Technical Scope of Interest Navigational equipment and systems Radiocommunications and GMDSS Electronic charts and systems, ECDIS Automatic Identification System (AIS) Voyage Data Recorders (VDR) LRIT and satellite-enabled tracking systems
Structure Technical Steering Committee Chief Technical Officer CIRM Working Groups Output Papers
CIRM s active Working Groups E-navigation Type Approval ECDIS CIRM/BIMCO Joint Working Group
Member Profile Types of members Manufacturers System integrators Member locations 32 countries Across 6 continents Service providers Equipment servicing companies Software companies
System manufacturers and software maintenance
Background SW Maintenance of critical importance to CIRM members Grandfather clause tradition is falling away as systems become SW dependent, requiring maintenance Increasing complexity of integrated systems plus developments in e- Navigation increase need for effective SW maintenance Development of updates is not seen as the major issue operation phase of SW lifecycle most problematic for quality assurance
What are the concerns? Lack of awareness / visibility about situation on board Which software versions are installed? Are they the appropriate versions? Are SW updates available? Are available updates compulsory or voluntary? What were the outcomes of previous service visits? How to obtain/monitor this information in a convenient way?
What are the concerns? Competencies of service personnel How to ensure that qualified people are coming on board to perform maintenance? How to ensure service personnel are adequately trained and supported by makers? How to ensure consistency & continuity of service between different service companies?
What are the concerns? Cyber security threats How to secure internal networks / equipment against potential attacks during software maintenance performed on board? How to secure internal networks against potential attacks during remote connection?
What are the concerns? Other concerns How can the Shipowner effectively communicate a SW problem so that the maintenance can be properly planned? What to do if a SW update fails, so that a system can continue to be used? As systems become increasingly interdependent, how to understand the ramifications of updating one system on the functionality on another?
Standard on Software Maintenance of Shipboard Equipment
Background BIMCO initially approached CIRM in 2013 CIRM/BIMCO Joint Working Group (JWG) established 2014 Aim: to develop a standard before we are given one by the regulators CIRM has specific area of interest (nav/comms) but software is software Work of the JWG has been transparent IMO has been informed/updated Group developed 14 drafts before producing Version 1
How will the standard help the current situation? Identifies stakeholders across SW maintenance lifecycle; groups into Roles Producer System Integrator Data Provider Service Shipowner (e.g. company that manufacturers the ECDIS) (e.g. company that installs the integrated bridge) (e.g. company that produces the ENCs) (e.g. company responsible for servicing the ECDIS) (e.g. shipping company that owns the ship) Provides requirements for each of these Roles Fulfilling the requirements of this standard will take a major change in thinking by all stakeholders The following slides identify some of the key requirements that we feel will improve the situation
Increasing awareness/visibility of situation on board Electronic Service Report (Appendix 3) Completed by Service Role at the conclusion of SW maintenance Standard specifies minimum content Onboard software log (Appendix 4) Shipboard repository of electronic service reports Implemented and maintained by Shipowner Role on ship PCs Availability of software updates Producer Role must make information available when updates ready Awareness of software versions Equipment must display on demand the current SW version
Ensuring effective planning of SW maintenance Checklist for communicating a software problem (Appendix 2) To be communicated by the Shipowner to other stakeholders Producer requirements If update to be performed by crew, detailed instructions to be provided Service requirements When planning SW maintenance a Plan of Approach must be created providing a description of work expected to be undertaken Before arriving on board service must agree time, place and maintenance requirements with Shipowner Shipowner requirements Comprehensive update plan to be prepared in advance of SW maintenance
Ensuring competencies of service personnel Software maintenance competency requirements (Appendix 1) Indicates required competencies for different levels of SW maintenance Producer requirements Must specify maintenance requirements in maintenance manuals Service requirements Must have auditable QA system covering competence management Must meet Producer s maintenance requirements Train-the-trainer model allowed; for certain types of equipment technicians may require additional testing/certification by the Producer
Improving the execution of SW updates Requirements for the Producer Role Shipboard equipment must support procedures to roll back to a previous software version & configuration (in case of failure) Where applicable equipment should include ability to generate on-the-spot diagnostic report after maintenance has been performed Equipment should provide means to check that interfaces and functionality are operating as expected after update performed (System Integrator) - New updates must be assessed to determine impacts on software installed on connected equipment
Improving the security of SW maintenance General cyber security requirements QA systems of all Roles must cover cyber security Producer requirements Equipment must provide protection against unauthorized access (e.g. IEC 60945) Service requirements Maintenance operations must not lead to malware infection Requirements on use of removable storage devices and malware checks Restrictions on connection of uncontrolled equipment to controlled networks Shipowner requirements Procedures must be in place to protect equipment against malicious or unintentional security threats
Next steps
Trial CIRM Technical Steering Committee agreed to promote a trial of the standard Producer and Service Roles to implement the standard on a pilot project basis Outcomes to be fed back into the Joint Working Group to improve standard
Thank you Richard Doherty Chief Technical Officer CIRM rd@cirm.org