Transport

We help aviation, maritime, rail, and automotive organisations reduce cyber risk across connected transport systems, OT, IT, and cloud. Transport estates are increasingly digital, but they still have long lifecycles, safety constraints, and heavy third party dependence, so the security risk often sits in the interfaces between domains rather than in a single component.

Speak to an expert

Related services
Related blogs

Who we work with

Airlines, airports, and ground handling organisations
Ship owners, operators, and maritime service providers
Rail operators, infrastructure owners, and rolling stock suppliers
Automotive manufacturers, suppliers, and mobility providers
Logistics, freight, and last mile delivery networks
Public sector and regulators that need sector expertise

Why this sector is different

Transport systems are distributed, interconnected, and operationally constrained. Remote access is common, supplier support is baked in, and legacy and modern systems have to coexist. That means realistic security testing needs to respect safety and uptime while still answering the key question: what can an attacker reach, control, or disrupt through real operational paths.

Where we focus

Connected transport systems testing

We test the interfaces between onboard or operational systems, corporate IT, cloud services, and third party platforms. This includes the boundaries that tend to drift over time: remote support, integration links, management networks, and the parts of the estate that were never designed to be exposed.

Remote access and supplier connectivity

Transport environments rely heavily on remote access for maintenance and support. We focus on the practical routes attackers use most often, including identity, access control, segmentation, and how third parties are onboarded and managed over time.

OT, ICS, and safety constrained environments

Where transport systems include operational technology, we design testing approaches that reduce operational risk. That can mean validating OT exposure indirectly, using representative environments, controlled testing, and evidence led assessment rather than high risk intrusive testing on live systems. PTP has written explicitly about this approach in maritime contexts, including the need to avoid destabilising operations.

Hardware, embedded, and wireless attack surface

Transport systems depend on specialist hardware and embedded components. We test devices, interfaces, and communications paths where weaknesses can create outsized impact, especially when they affect segregation between domains or enable pivoting from lower trust environments.

Sub sectors

Aviation

We assess aviation environments across avionics and ground systems, focusing on assets, interfaces, data flows, and trust boundaries, including separation between passenger accessible systems and other aircraft domains.

Automotive

We test connected vehicle technology, including in vehicle networks, ECUs, and the wider platform and tooling that supports modern mobility services. We also publish practical research in this space, including work that demonstrates real control paths via vehicle data networks.

Maritime

We secure vessels, ports, and marine networks across both new build and existing fleets. PTP’s maritime guidance and research covers real operational constraints, including segmentation between IT and OT, and frameworks used in shipping such as MSC.428(98), BIMCO, and IACS UR E26 and E27.

Automotive Security
Security Blog

Smart car chargers. Plug-n-play for hackers?

10 Min Read

Jul 30, 2021

Aviation Cyber Security
Security Blog

Hacking Electronic Flight Bags. Airbus NAVBLUE Flysmart+ Manager

6 Min Read

Feb 01, 2024

Aviation Cyber Security

Pen testing avionics under ED-203a

3 Min Read

Feb 21, 2025

Cyber Regulation
Maritime Cyber Security

IACS UR E26 and E27 guidance

30 Min Read

Nov 14, 2024

Test and Simulate

Detect and Respond

Improve and Protect

Comply