Vulnerability Assessment at PKP Cargo International HU Zrt. – Preparing for NIS2

Athalie Consulting – in partnership with Gill & Murry – conducted a comprehensive vulnerability assessment at PKP Cargo International HU Zrt. to support compliance with the NIS2 directive. The aim of the assessment was to map the security status of the IT systems, identify potential vulnerabilities, and thus strengthen the information systems of the railway logistics company.

NIS2 Directive – Why It Applies to PKP Cargo HU Zrt.

NIS2 (Network and Information Security Directive 2) is the European Union’s updated cybersecurity directive, which imposes stricter cybersecurity requirements on operators in essential sectors – including transportation. As a railway freight service provider, PKP Cargo International HU Zrt. falls under the scope of this directive, and is therefore required to implement technical and organizational measures, including conducting vulnerability assessments.

You can find more information about NIS2 here: click here or here.

Vulnerability Assessment Methodology

The vulnerability assessment was conducted in accordance with best industry practices and the provisions of Government Decree 271/2018 (XII. 20.), Section 24. The assessment covered the following NIS2-related areas:

• External Vulnerability Assessment: Mapping internet-facing systems (e.g., open ports, services), gathering information, and identifying security flaws.

• Web Assessment: Manual and automated analysis of web applications.

• Automated Scanning: Scanning internal systems (e.g., Windows servers, file servers, MSSQL) using vulnerability scanners.

• Internal IT Security Assessment: Greybox analysis from internal network endpoints.

• Wireless Network Assessment: Checking the company’s WiFi encryption protocols and segmentation.

Systems and Assets Assessed During the NIS2 Vulnerability Audit

In line with the NIS2 directive, the vulnerability assessment focused on the key IT assets of PKP Cargo International HU Zrt.:

• Windows-based servers and clients: Identification of configuration issues, outdated software versions, and vulnerabilities based on CIS Benchmarks and Microsoft recommendations.

• File server and MSSQL environment: Analysis of access control, availability settings, and patch management.

• NAS devices: Evaluation of security advisors (e.g., Security Advisor), checking encryption of services and network protocol settings.

• WiFi network: Examination of encryption protocols, access levels, and logical segmentation.

Findings and Recommendations

As a result of the vulnerability assessments, PKP Cargo International HU Zrt. received a detailed technical report that included identified vulnerabilities, their risk classifications, and specific remediation recommendations. Based on the report, the company can systematically begin building defense measures in line with NIS2 compliance requirements.

Prepare for NIS2 in Time!

Don’t wait until non-compliance becomes a business risk. Athalie Consulting’s experts will help identify and fix the weak points in your IT systems – in accordance with industry standards and legal requirements.

📩 Get in touch with us today to request a consultation or a quote for a NIS2-tailored vulnerability assessment!