Why do cars need security tests?

Over the past few years, I think that the word UNECE* WP.29 has become more common in topics related to automotive cybersecurity. UNECE WP.29 became the World Forum for Harmonization of Vehicle Regulations, which was established for the purpose of international harmonization of vehicle safety and environmental standards. The United Nations Economic Commission for Europe was established with the aim of harmonizing safety and environmental standards internationally, improving the efficiency of standards creation and examination work, and promoting the spread of safe and environmentally friendly vehicles. subordinate organization.

*United Nations Economic Commission for Europe

Regarding security testing, UNECE WP.29 states that “both the OEM and the certification body (or technical service) must conduct security testing,” and the OEM must request Tier-1 to comply with this requirement. becomes.

In addition, UNECE WP.29 (5.1.2) agreed on two regulations relating to in-vehicle cybersecurity, UN-R155 and UN-R156, which specify additional requirements for obtaining vehicle type approval. covers requirements for in-vehicle cybersecurity and its management system, and UN-R156 deals with requirements for software updates and its management system. various testing techniques and test examples (penetration testing, vulnerability scanning, fuzzing, etc.) are described, and penetration testing is mentioned as a specific SHOULD requirement [RC-11-01] in ISO21434.

Summarizing the above points, OEMs, Tier-1s, certification bodies (or technical services) require security testing and a security testing strategy is defined as part of the CSMS* and must be implemented by the organization. ETAS can offer a total security test service covering the entire vehicle lifecycle.

*Cyber Security Management System

Wp.29 Please take a look at the page that explains more about UN-R115/UN-R156.

Service contents

Inquiry