MAIN HEAD Dependable systems review BODY With an unhealthily large proportion of maritime accidents caused by failure or inappropriate use of shipboard power and control systems, Lloyds Register has a launched a consultancy service "Dependable Systems Review" to help improve the reliability IMAGE smm Imtech.jpg Caption "Shipboard systems - how can they be more reliable? Photo courtesy Imtech BODY Failure of shipboard computer systems and software, including operating systems, control systems and alarms, probably causes a fair proportion of all shipping accidents. Class society Bureau Veritas has calculated 32 per cent of major oil spills / near misses are caused by machinery failure, 34 per cent by navigation error; and 15 per cent by fire and explosion. Ships are fitted with various electronic devices and control systems to make sure the engine keeps running, the steering works, there is enough water under the vessel, the ship is in safe distance from other vessels, there is are explosive vapour mixtures and sparks, there is no flooding in the engine room, the water cooling and fuel oil systems are working properly. So why are there so many failures? The answer is probably that very little research has ever been done into how well different components from different manufacturers work together - the result often summarised many times as "plug and pray" rather than "plug and play". Shipyards buy components from separate manufacturers, without testing if they work well together. Engineers are given the task of building products which solve specific problems, not making sure their products work well with other people's products. Many equipment "type approval" procedures do not test how well the equipment interoperates with other equipment - it just tests if the equipment works well running by itself. Meanwhile individual components are becoming more complex and more automated - bugs can occur when they are interfaced with other components which would never show up when they are being tested on their own. When problems do occur, the amount of expertise required to identify the specific problem and fix it is enormous - often involving an engineer from each of the companies which might be involved in the problem, together with the ship superintendent to force them to sit down together and stop blaming each other. Some of the problems can be attributed to seafarers expecting the equipment to work better together than it actually does, not appreciating that it has all been put together by engineers not talking to each other in different parts of the world. For example, a seafarer might expect different equipment to have similar interfaces, or similar shut down procedures, or expect the ship alarm system to notify them adequately of any problem - as all readers of this magazine are too well aware, this is rarely the case. Another cause of problems is the ship using software or systems which are unlikely to be supported in 20 years time when problems arise. SUBHEAD Examples of problems On example of a failure of systems to work well together is the grounding of cruise ship Royal Majesty near Massachusetts in 1997 - the antenna connection into the GPS failed, sending the GPS into "estimation" (dead reckoning) mode - the DGPS set off an alarm because the data from the GPS was not right, but the alarm was not noticed by the bridge team. The ship carried on what it thought was the right course, but which was actually 17 miles off it, eventually running aground several hours after the initial fault occurred. An example of a false expectation of a system is a ship fitted with a low-exhaust engine but which did create large amounts of exhaust if the ship was accelerated quickly. Fast acceleration was required for certain tricky port manoeuvres, which led to the ship producing more exhaust than the local regulations allowed - as a result the ship was not able to enter a specific port. Another example is the year 2000 bug - which proved to be a false alarm but the threat was real - ships were fitted with systems designed many years before, and no-one had considered if they would still work when the year turned 2000. SUBHEAD Dependable systems review Class society Lloyds Register has set up a consultancy service, Dependable Systems Review (DSR) to help shipyards and others involved in building ships make sure the systems onboard ships work well together. The service is independent of LR's normal class activities, but available as a consultancy service to anyone who wants it. It builds on LR's ten-year work in the EU-funded ATOMOS project, which led to its involvement in developing ISO standard 17894 standard (Advanced Technology for the Optimisation of Maritime Operational Safety - Interface and Integration). The Lloyds Register service can be applied at any stage of the design cycle - from specification, applying its knowledge as to which systems work well together or are the easiest to use, or later. Lloyds Register's general idea is that problems can be alleviated the earlier they are spotted, managing the risk at source before it leads to problems. The ship can be assessed for overall "dependability," the extent to which it can be relied upon to perform tasks correctly under given conditions over a given time interval. Lloyds Register looks at the ship as a whole, rather than looking at the coherent parts. Lloyds Register builds up a large amount of in-house expertise about equipment configurations which can lead to problems so it can spot them at the ship design stage. The DSR approach is supposed to be applied through the whole life of the ship - so that any change to one piece of equipment can be assessed for its potential impact on the whole ship system, to check no failure possibilities are being introduced. If any problem does occur, and engineers start tweaking things, LR can make sure that this doesn't affect the overall ship system as well. "However the earlier we get involved the better," says Bernard Twomey, head of electrical and control engineering, with Lloyds Register. "We look at all the systems, the proposal, the specification."