Modern metering systems that monitor energy consumption and operating parameters of trainsets are stand-alone devices that communicate outside the vehicle’s internal communication networks. However, the secure delivery of measured data to the traction power suppliers’ back-office servers places stringent demands on cyber resilience—both in terms of data security and operational continuity. Výzkumný Ústav Železniční a.s. (VUZ) provides professional verification of cyber resilience and issues a certificate without which the equipment cannot be offered to customers.
This step enables VUZ to broaden its service portfolio to include comprehensive penetration testing of systems, rolling stock units, and infrastructure. A recent example is the onboard electrical energy consumption metering system CEGM-3000 with an integrated energy meter of the EGM-3000 type manufactured by POLL, s.r.o., part of the ŠKODA TRANSPORTATION a.s. group. The objective of testing is not only to identify specific technical weaknesses, but above all to verify the device’s overall resilience to cyber risks in a realistic onboard environment. The test was performed based on the available interfaces and services—primarily Ethernet ports (ETH0–ETH2), USB, Wi-Fi, and the web interface. The goal was to identify active services, validate behaviour under load, and assess basic application entry points.
Why Penetration Testing Is Critical
1) Verifying security before deployment
Each metering device and its communications interfaces are tested in both laboratory conditions and simulated operational scenarios. The tests covered available interfaces (ETH0–ETH2), the web UI, application services, diagnostics, basic XXE tests, and DoS load scenarios. The purpose was to evaluate the attack surface, resilience, and the extent of information leakage without authentication. Interfaces examined typically include Ethernet ports, USB interfaces, wireless modules, and web interfaces—allowing confirmation that the device meets required security standards.
2) Identifying potential attack surfaces
Testing helps reveal areas where data availability or integrity could be at risk. Penetration tests simulate realistic operational behaviour, making it possible to estimate how the device responds to stress and unexpected operational conditions.
3) Supporting compliance and certification
Penetration test results serve not only as input for internal security improvements, but also as documentation needed to comply with regulations and standards (e.g., NIS2, ISO/IEC 27001, and EN/IEC 62443 for industrial cybersecurity). For manufacturers and operators, this translates into greater confidence in the security and resilience of the installed equipment.
Testing Methodology
Specialised penetration tests typically include the following steps:
- Reconnaissance and interface documentation – identifying exposed ports, services, and applications.
- Attack surface analysis – assessing which elements may be exploitable.
- Scanning and attack simulation – performing controlled tests at the network and application layers.
- Assessment of resilience under load and operational scenarios – validating the stability and availability of telemetry and device management functions.
- Report with recommendations – producing a clear deliverable for the manufacturer or operator, including proposals for security improvement and device hardening.
- Certificate confirming cybersecurity testing – formal confirmation that the cybersecurity test has been performed.
Benefits for Operators and Manufacturers
- Proactive protection: Penetration testing uncovers potential weaknesses before they can be exploited.
- Increased confidence: Tested devices provide operators with assurance that measurement and telemetry data are processed securely.
- Standards support: Test outputs facilitate compliance with legislative and technical cybersecurity requirements.
- Integration optimisation: Testing clarifies how to integrate the device correctly into the vehicle network, segment access appropriately, and minimise risk.
The Future of Cybersecurity in Trains
With the ongoing digitisation of railway vehicles, cyber-resilience testing will become a standard part of both development and operations. In this direction, VUZ positions itself as a partner to operators and manufacturers, helping them deploy modern technologies securely and with a high degree of reliability.
Penetration testing of onboard metering systems is no longer a matter of “advanced experimentation.” It is an essential part of safe and efficient modern railway operations, where digital technology and cybersecurity go hand in hand.
Conclusion
Penetration testing of the CEGM-3000 onboard electrical energy metering system manufactured by POLL, s.r.o. (ŠKODA TRANSPORTATION a.s. group) showed that, when correctly installed and integrated into the vehicle network, the device is technically reliable and functionally sound. The analysis identified potential areas for improving cyber resilience, enabling operators and manufacturers to implement preventive measures, increase data security, and minimise the risk of operational degradation.
Overall, the testing delivered valuable insights to support secure operation of metering systems, strengthen confidence in correct functionality, and promote standardised security practices when introducing new equipment into railway vehicles. As installed and integrated, the device meets operational and security requirements and is ready for deployment in live service.
Prepared by: Jaroslav Brabec, VUZ
POLL, s.r.o. team
