software integrity and cyber security namepa: managing change in a changing world jim watson...

Software Integrity and Cyber Security

NAMEPA: Managing Change in a Changing World

Jim WatsonDivision President & COO, Americas Division Management

New York, NYOctober 28, 2015

2

Software Integrity

3

Cost to repair defectsReduce costs by preventing or repairing software defects early in the development process

Software Repair Costs Over Asset Lifecycle

Cost of poor quality – repairs to defects in software increase exponentially through the vessel life cycle

Industry standard – 5 bugs per every thousand lines of code at a cost of about $5 for every line

Major Korean shipyard estimates that each error costs an average of $3,000 to find and fix

On average, 30% of errors on drilling units are interface issues, requirements errors or software defects

4

Software & Control System Complexity

5

Software Quality Engineering Services

Supporting Software Quality initiatives globally, our uniquely qualified software engineers and project managers help train, prepare and guide your team through the ISQM process in order to facilitate efficient and successful conformity to the notation with ABS

What we do Documentation and process review and recommendations Factory acceptance and commissioning witnessing Failure Modes, Effects and Criticality Analysis (FMEA/FMECA) support

(facilitation, subject matter expert, scribe) Implementation review and consulting on notation related processes

– Gap Analysis

– Remediation Plan

Train on the notation concepts, processes and success factors Certified project management training

6

Software & Control System Integrity

Existing AssetNewbuild

Software Verification and Validation, 3rd Party Witness – HIL, SIL, Field Verification, Project Mgt., Incident Investigation, Troubleshooting, Root Cause Analysis

Software Quality Engineering – ISQM Services, FAT/FMECA Expert and/or Facilitator, Training, Project Mgt.

Cybersecurity – Assessments, Backup/Restore, Incident Investigation, Disaster Recovery, Data Destruction

ConceptRequirements / Design

Construction

V&V / Transitio

n

Operations /

Maintenance

Upgrade / Retrofit

Asset Buy / Sell

Decommissioning

Control System Expertise

• Drilling Control System• Dynamic Positioning• BOP Software control• Power Management• Vessel Management

7

Cybersecurity & Software Integrity

Cybersecurity Relationship with Software Integrity Software integrity includes management of FUNCTIONAL ASSURANCE, with a direct

relationship to safety – both human and system Risk assessment process from ISQM indicates critical components and failure modes Information technology (IT)

and operational technology (OT) both depend on assurance in software, from build process through operational monitoring

Cybersecurity Dependencies on Software Determine System Reliability, Availability,Maintainability

Resilience against attack or failure requires both technical testing and risk assessment

Source: http://control.ee.ethz.ch/~viking/

8

Cyber-Physical Incident: What It Can Mean

Illustration source: http://128.143.136.29/~stankovic/cps.ht1.jpg

Cyber-Physical systems provide data for environmentand advanced warning

Health Information Systems- Dispatch- Tracking- Billing

Health Management Systems- Real-time

records- History &

lessonslearned

Health Monitoring Systems- Telemetry- Metered drug

administration- Alerts & warnings

9

Maritime Cyber-Physical Environment

Source: http://www.shippipedia.com/wp-content/uploads/2010/10/monitoring-and-control-system-2.png

www.eagle.org