I’m in an adjacent industry, with less risk of death or commercial loss, and the compressor backups only output to SCADA. The pressure regulation is all relay based and the on switch is a manual secondary contactor.
I absolutely admit I dont know all the fine points (I'm a diesel engine mechanic by trade) but ive worked on large diesels for tankers. Theyre a mechanical Goliath, and they cost nearly as much as the tanker. The shipyard that contracted us frequently ganged engines together to a single controls system from Siemens/Fischer or part of a larger command system with a small "service mode" override you could patch a laptop into for diagnostics. Newer ships just send that diag data straight to us over satellite or wifi (sending techs is costly)
Also another problem I noticed is the engines are often on the ships controls (network maybe?) As the manufacturer name. Something like MANN1 and MANN2 or MITSU1 is a dead giveaway: thats propulsion.
You probably still have a better perspective than me; at least having worked on these specifically.
I suspect that at least some ships/designs are done right ‘right’.
(1) the engine controllers are internal safety limits and have very controlled input ranges. Cummins engines as an example.
(2) the network has a ‘Battlestar’ mode where you can just cut the wire. People would still need to connect laptops or jumpers locally to control devices in anything beyond a ‘max’ vs ‘idle’ vs ‘off’ mode… but 100%, ready, and off should be enough in an emergency.
I’m in an adjacent industry, with less risk of death or commercial loss, and the compressor backups only output to SCADA. The pressure regulation is all relay based and the on switch is a manual secondary contactor.