During recent years, penetration testing on the full-vehicle (system) level has become a standard and practical validation method for car makers to prove conformity with cybersecurity regulation, specifically UN-R155 in conjunction with ISO/SAE 21434. The witnessing of cybersecurity tests and the analysis of result reports by Technical Service Providers (TSP) became the defacto standard for Vehicle Type Approval (VTA) of new and existing car models, especially for the EU market. In this article, we will give an overview of how cybersecurity attestation has been set up on a global scale among the UN-R 155 member states. In a next step, we share our insights as a provider of cybersecurity verification & validation (V&V) and will demonstrate why penetration and fuzz testing at the vehicle level can serve as a final checkpoint for testing. We show that this cannot be a stopgap for tests omitted on an item level. We investigate how and to which extent cybersecurity testing for road vehicles provides a reasonable dimension in the overall VTA process. On one hand, weshare our experience about efficient test setups as well as powerful tools for vehicle testing, and, on the other hand, we point out test steps better covered byadditional tests during vehicle type approval, e.g., on the component level.
Irmscher et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: