2026-06-16 · Compliance
If you manage a commercial fleet, port state control (PSC) inspections are a fact of life. In the last two years, virtually every major PSC regime has added cyber security to their checklist.
Paris MoU (Europe and Atlantic Canada): Since 2024, inspections include cyber security as a specific focus area — evidence of cyber risk management, network segmentation, and access controls.
Tokyo MoU (Asia-Pacific): Following Paris MoU's lead, members have added cyber indicators to inspection matrices.
US Coast Guard: Integrated cyber security into standard inspections since 2023, focusing on IMO's Maritime Cyber Risk Management framework.
Other regimes: Australia (AMSA), Canada (TC), and several flag states have issued their own guidelines.
1. Documented Cyber Risk Management. A written policy covering who's responsible, what systems are critical, how updates are managed, and incident response. Most common gap: nothing on paper, or a generic template.
2. Basic Security Measures. Default passwords changed, USB port restrictions, crew training records. Most common gap: no records of implementation.
3. Network Segmentation. Are operational systems separated from crew networks and the internet? Most common gap: no network diagram exists.
4. Incident Response. Does the vessel have a procedure? Most common gap: the procedure says "contact the office" with no further detail.