This chapter has considered the cross-sector issues with modernisation. The key themes have been the integration of operational and information technologies, which work towards improved efficiency but introduce new and common vulnerabilities. The IoT and the adoption of AI are newer challenges, and it may be some time to come before AI is approved for safety significant applications. Indeed, safety has generally slowed down the adoption of new technologies, as increasingly complex systems may have emergent properties that do not immediately manifest as safety issues. Hence, where passenger lives are at stake, the transport sector may continue to be slow to adopt the latest technology.

This chapter has also explored technologies that are common across the transport sector, most noticeably GNSS (e.g. GPS and Galileo). The reliance on satellite positioning and timing in so many applications means that protection of the system and its 'signals in space' is vital. This is why older technology such as inertial navigation has been retained in aircraft, and ship navigators must retain their skills in celestial navigation. Systems such as Passenger Information Display Systems are also common across the transport sector, in airports, seaports, and railway and bus stations.

The examples of modernisation specific to different transport modes also show a high degree of commonality, two examples being ADS-B in aviation and AIS in maritime. Given that many of the technology principles are similar, we should be mindful of the propensity for attackers to copy and adapt attack methods from one transport mode to another.

Most readers will be familiar with project, programme or enterprise risk management. Our aim in the chapter is to promote a general understanding of risk in the context of cybersecurity, and how it is approached practically. We draw on ISO 27005 [1] but are generally not prescriptive; we reference several standards and frameworks available to organisations looking to develop a mature approach to cyber risk. A large part of the chapter is a walk-through of the risk management process, where we address the management of risks from remote keyless systems (RKS) in cars, focusing on the main steps and some of the issues that arise. We also analyse risks both quantitatively and qualitatively to highlight the relative merits of the approaches.

There has been a historic partition between safety and security risk management, which could be seen as an oversimplification as the two are becoming increasingly blurred. This is particularly the case with the increased use of automation and autonomous systems in the transportation sector. Furthermore, there is a misguided assumption that by performing a safety risk assessment, security risk is also addressed.

The distinction between accidental and deliberate causes of an unwanted event is becoming harder to distinguish, especially when nation state offensive teams or cybercriminals have developed cyberweapons that mimic more routine software or hardware bugs.

The premise of this chapter is that security and safety are inextricably linked, and organisations with safety risk management practices should begin to introduce more formalised security risk management. A key question is how these approaches to risk management differ and whether, and how, they might be integrated.

In this chapter, we address this issue, first by describing safety risk management and 'safety cases', which are used for the introduction of new systems or significant system changes and to existing operational systems. We then describe an approach to a 'security case'. The remainder of the chapter considers the extent to which safety and security can be brought together and ways of doing this.

The examples, processes and statements in this chapter are drawn from the aviation industry. Similar organisational structure and processes are defined for other transport sectors, such as the International Maritime Organisation or the European Railways Agency.

The preceding chapter focused on pre-event or 'preventative' controls, which reduce the likelihood of an attack being successful. In this chapter, we delve into a further category of control, 'detection', which assists in the discovery of both attempted and successful cyberattacks. Furthermore, we explore how threat intelligence and threat data can be used to model, understand, detect and address malicious or anomalous behaviour within networks.

This chapter aims to help readers understand how attacks are identified and the methods and models that security teams use to monitor systems, detect attacks and inhibit them. As in the previous chapter, we do not cover an exhaustive set of controls or methodologies, and those discussed are also not specific to the transport sector. By gaining an understanding of how they work in general, we hope to broaden knowledge and understanding around how detection controls can aid in securing systems.

This chapter does not endeavour to provide guidance on configuration or implementation of such detection tools, technologies, or methodologies - but rather aims to equip the reader with an overarching understanding of the concepts discussed and explore how they can be used to augment defensive needs. The chapter draws on examples to enhance the descriptions; however, these should not be considered exhaustive or definitive use cases. Implementation and utilisation of such tools require expertise and methodologies can be widely nuanced; the use of such depend heavily on a wide array of criteria, including an organisations' risk appetite as well as their unique environment or network topology.

The underlying assumption for this work is that attacks can no longer be stopped at the perimeter of a system or organisation, so to detect attacks and defend against them, we need to understand the attacker's motives, objectives and methods. This has led to informing strategies and technologies that deter and defend against attacks, as well as the continued development of security knowledge, expertise, technologies and services with an aim to defend networks and ecosystems.

With technical innovation accelerating through the beginning of the twenty-first century, it is clearly feasible that truly autonomous vehicles without human intervention will be realised in this generation. It has been shown that all fields related to autonomous vehicles, including cybersecurity and privacy, are constantly evolving, with frequent technical breakthroughs. However, cybersecurity and privacy will be critical challenges for the success of implementing autonomous vehicles. This chapter provides an overview of the current state of the art on the cybersecurity and privacy aspects of autonomous vehicles and focuses on crucial concepts and principles in cybersecurity and privacy of autonomous vehicles rather than the current technical status of each research strand. It is expected that this chapter could provide a high-level resource, through which, readers can understand the challenges and the landscape of cybersecurity and privacy of autonomous vehicles in the incredibly connected and technology-orientated world. The chapter also addresses the economics of autonomous vehicle security - a critical element in the cybersecurity domain, as well as the infrastructure investments for improving the security and privacy of autonomous vehicles. Finally, a case study of maritime vehicles further demonstrates the critical challenges of cybersecurity and privacy, as well as the need of technology advance for the safety of autonomous vehicle in maritime, which might be threatened by the cyberattacks or cybercrimes.

In this appendix to Chapter 1, we present a much more detailed exploration of the challenges of cyber security to operational transport systems, in this case rail systems.