Ensuring the safety, resilience and security of waterborne digital systems

ExpectedOutcome:

Project outputs and results are expected to contribute to the following expected outcomes:

• Increased safety and resilience of waterborne digital systems, including system of systems and their functions and considering both malicious intervention and system failure with particular regard to the application of artificial intelligence methodologies, networks of sensors and the onshore on-board communications.
• Improved system design addressing human factors issues in the changing levels of human/automated system interactions
• Assurance of the resilience, safety and security of waterborne digital and connected systems is undertaken on the basis of robust methodologies to a similar standard to that applied within other sectors which apply safety critical digital technology and their application in safety critical conditions including the safety of navigation and its systems.
• Robust by design waterborne digital and connected systems for safety and resilience (incl. reliability regimes such as fail safe, fail secure, fail to operation etc., HAZOP, system of systems, security, hardware and equipment data, etc.)
• Methodologies to enable effective HAZOP analysis and validation of waterborne digital systems are developed and disseminated, increasing the use of common approaches, also when using artificial intelligence applications.
• Increased software safety (incl. functional analysis and reliability assessment).
• Increased cyber security for operation and maintenance (incl. software maintenance).

Scope:

Increasingly, modern waterborne transport relies upon smart digital and connected systems to ensure safe and efficient operation. Within large complex vessels, system of systems approaches are used together with Internet of Things and Artificial Intelligence approaches to integrate diverse systems ranging from sensors, business and cargo management systems, power and engine management, electronic navigation and situational awareness. System integration of systems with proprietary digital control systems has become more and more critical in terms of ensuring safety and efficiency. The complexity and foundation upon software, makes assurance of the resilience of such systems challenging and requires a different to that applied to hardware- based systems. Waterborne digital system can be vulnerable to both malicious intervention and the consequences of system failure. Examples have included the spoofing of navigational GPS signals, ransom wear attacks on integrated container management systems, complete power shutdown and the helicopter evacuation of a large passenger ship when engine protection systems identified a common fault across all engine waterborne systems. The challenge to assure the safety and resilience of digital systems is particularly important within large complex vessels where the level of integration and connectivity is high and where the consequences of failure can be particularly severe.

In the domain of power generation and management the vastness of new technological solutions, often driven by environmental regulations, poses new challenges in ships’ design and management, where the need for integration of diverse energy converters (ICEs, batteries, fuel cells, wind, capacitors, etc.) confront designers and operators with systems based on profoundly different operating principles coming together with different requirements and control and digital systems. Integration for harnessing the full potential in a safe and secure frame is key to their implementation.

Furthermore, the capability of integrating different systems (and their dynamics) involve an always increased number of sensors, whose data, fused, should become available for optimisation and increased awareness during normal and safe critical operations.

Comprehensive HAZOP (Hazard Operability) studies are essential for such vessels, yet the methodologies are poorly established within the waterborne sector whilst other sectors operating safety critical digital systems (aerospace, nuclear, medical automotive etc.) have well established practices. Furthermore, applying “hardware in the loop” to simulation and validation of digital systems in dependent on the quality of the digital simulation model. This can be difficult for waterborne transport due to the variability of ship designs, complexity and lack of relevant data concerning the integrated components. Pre-delivery testing and sea trials could include fault simulation and digital testing founded upon the identification of critical digital systems identified by the HAZOP, yet such trials focus on hard-ware or subsystems such as rudder control rather than addressing the entire integration. For safety critical systems, reliability regimes need to be established to identify the safe default state in case of system failure or the identification of malicious intervention. In this respect the best system state could be: “fail operational”, “fail soft”, “fail safe”, “fail secure”, “fail passive”, “be fault tolerant”.

Activities will address the development of a HAZOP methodology for whole system assessment of highly digitised, connected complex vessels. The methodology should include system, system of systems designed for specific function or sets of functions and/or a methodology for the entire vessel, including when application of artificial intelligence algorithms is foreseen. The methodology will be developed with relevant stakeholders including shipbuilders, system designers and equipment providers, IT professionals, operators, class societies, regulators. The acceptability of the methodology to all stakeholders will be assessed and an implementation roadmap will be developed to account for any identified barriers. Work will draw upon the expertise of other sectors with more developed procedures for the assessment and assurance of digital safety.

On-board systems and functions integration by design, for safe and secure operation should be used to test and demonstrate the safety and security of the applications.

The developed methodology will be applied to a representative complex highly digitised vessel, safety critical systems and functions will be identified, and appropriate reliability regimes and mitigation measures will be established with consideration of both malicious intervention and system failure.

Cost effective methodologies for validating the safety, resilience and correct functioning of digital and connected safety critical ship systems, including system of systems, will be developed and demonstrated.

• In case of validation on the basis of a theoretical digital models and/or digital twinning (e.g. hardware in the loop) then the validity of the model should be proven as well as its flexibility to be applied towards a range of vessel designs.
• In case of validation on the basis of physical testing of the responses of the final system to a range of fault conditions and malicious interventions during the final trials, there should be assurance that test conditions are representative of the identified risks.

Guidance should be produced and disseminated concerning the recommended methodology for assuring the safety and resilience of complex digitalised and connected shipping.

The safety assessment should be developed by using methodologies suitable for being assessed in international fora such as the International Maritime Organisation.

Specific Topic Conditions:

Activities are expected to achieve TRL 5-6 by the end of the project – see General Annex B.