A Global Survey of Standardization and Industry Practices of
Automotive Cybersecurity Validation and Verification Testing Processes and
Tools 12-07-02-0013
This also appears in
SAE International Journal of Connected and Automated Vehicles-V133-12EJ
The United Nation Economic Commission for Europe (UNECE) Regulation
155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the
development of cybersecurity management systems (CSMS) as part of a vehicle’s
lifecycle. An inherent component of the CSMS is cybersecurity risk management
and assessment. Validation and verification testing is a key activity for
measuring the effectiveness of risk management, and it is mandated by UN R155
for type approval. Due to the focus of R155 and its suggested implementation
guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly
centering on the alignment of cybersecurity risk management to the vehicle
development lifecycle, there is a gap in knowledge of proscribed activities for
validation and verification testing. This research provides guidance on
automotive cybersecurity testing and verification by providing an overview of
the state-of-the-art in relevant automotive standards, outlining their
transposition into national regulation and the currently used processes and
tools in the automotive industry. Through engagement with state-of-the-art
literature and workshops and surveys with industry groups, our study found that
national regulatory authorities are moving to enshrine UN R155 as part of their
vehicle regulations, with differences of implementation based on regulatory
culture and pre-existing approaches to vehicle regulation. Validation and
verification testing is developing aligned to UN R155 and ISO21434:2021;
however, the testing approaches currently used within industry utilize elements
of traditional enterprise information technology methods for penetration testing
and toolsets. Electrical/electronic (E/E) components such as embedded control
units (ECUs) are considered the primary testing target; however, connected and
autonomous vehicle technologies are increasingly attracting more focus for
testing.
Citation: Roberts, A., Marksteiner, S., Soyturk, M., Yaman, B. et al., "A Global Survey of Standardization and Industry Practices of Automotive Cybersecurity Validation and Verification Testing Processes and Tools," SAE Intl. J CAV 7(2):2024, https://doi.org/10.4271/12-07-02-0013. Download Citation
Author(s):
Andrew Roberts, Stefan Marksteiner, Mujdat Soyturk, Berkay Yaman, Yi Yang
Affiliated:
Tallinn University of Technology, Estonia, AVL List GmbH, Austria Mälardalen University, Sweden, Marmara Üniversitesi, Turkey, BigTRI, Turkey, AVL China, China
Pages: 15
ISSN:
2574-0741
e-ISSN:
2574-075X
Related Topics:
Risk management
Product development
Cybersecurity
Regulations
Research and development
Autonomous vehicles
Standardization
Test procedures
SAE MOBILUS
Subscribers can view annotate, and download all of SAE's content.
Learn More »