Nothing is totally secure if it is network connected and nothing is fool proof either, but with computer security the real problem is that most companies are way, way behind the curve with it. A generation ago, a lot of hacking was based in 'social engineering' so to speak, things like dumpster diving where people had thrown things like paper with account numbers and passwords on it. The problem is companies don't see security as a major liability because they don't have to pay for it, and that is a problem. Equifax got hacked, one of the three companies that basically control access to credit, and what was their response? Free credit monitoring, not much of a penalty. The heads of the company weren't canned, they weren't fined, and there are no government standards regarding computer security at all, no minimum standards, no requirements that security risks (as other risks) be reported in accounting documents, nothing..and because of that, many business leaders, even those with huge risk, don't think of it. Car companies introduced bluetooth connectivity that allowed remote diagnostics of their cars, that could be used to hack it and they had basically no security on it. The other problem is a lot of systems are legacy systems, there are still a lot of applications out there that were written well before the internet became as big as it is, and a lot of times no one thinks of it. And of course companies hate to spend money on something they think of as non revenue producing and assume somehow that systems miraculously are safe. Doesn't surprise me things like the water supply, power grid and other infrastructure can be hacked, despite being critical systems they also tend to be run on a shoestring basis in many cases, think about when a lightening strike or a power plant shutting down can cause a surge that blows the power out in multiple states, the infrastructure is often old and outdated, including the computer systems, and the security is often 1980 levels at best (user id and password), basically with computer security like a lot of infrastructure out there, we are severely behind on addressing these risks.
It is a real concern, but the answer would be if someone wants to have self driving trains, that despite the distaste for regulation, there needs to be real standards around security and the like with penalties for non compliance. There are more regulations in the FRA that govern rebuilding steam engines I would bet, then govern computer security in things like the systems railroads now use in dispatching trains or ctc control systems, and they could be hacked and cause severe incidents.
For either security or for software resilience/system resilience, the standard should be that it can be no worse than errors caused by human frailty, if you are going to make the case for driverless trains, it cannot be worse than human controlled ones, and has to have safeguards to bring it down to whatever standard there is for such things, but the key is that if this is seriously planned, there be standards for security for the control network and for reliability that for example the military uses, not what some CIO or whatnot decides.
With jobs being created, the problem is that with computer technology the number of jobs created doing programming and network analysis and so forth, are a tiny fraction of the jobs displaced, and also are jobs requiring higher level skills that it would be very difficult to retrain people for, and the trend is even highly skilled positions are likely to fall to AI. I don't have any specific answers, but I don't think that the people displaced from all these kind of relatively routine jobs are going to end up being employed on the infrastructure side of the jobs displaced.
