A Process to Facilitate Automated Automotive Cybersecurity Testing
This addresses the need for more thorough and quicker cybersecurity testing in the automotive industry, but it is incremental as it builds on existing standards.
The paper tackles the lack of standardized methods for verifying and validating automotive cybersecurity by outlining a structured testing process, which is flexible to allow implementers to use their own toolsets.
Modern vehicles become increasingly digitalized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and interconnected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow implementers to utilize their own, accustomed toolsets.