ioSENTRIX partnered with a passenger rail provider to assess the security of their Communication-Based Train Control (CBTC) system, which had been operational for several years. A successful cyberattack on the system could result in major downtime, financial losses, and passenger safety risks. Through a comprehensive penetration test, ioSENTRIX identified several vulnerabilities in the segmented network and proprietary software used within the CBTC system. These insights allowed the rail provider to implement critical security controls, enhance their incident response plan, and better protect their infrastructure from potential future cyberattacks.