Argus Cyber Security, a world leader in automotive cyber security, today announced that it has completed a vehicle-level penetration testing project on the new Ford Trucks F-MAX heavy-duty truck. Aligned with the UNR 155 cyber security regulation, the vehicle-level pentesting was a critical milestone for Ford Trucks in achieving type approval certification for the F-MAX model.
To meet its go-to-market plan for the F-MAX, Ford Trucks sought a partner that could conduct a comprehensive vehicle-level pentest per UNR 155 requirements within the shortest possible time frame. UNR 155 has established a mandatory cyber security framework for vehicle manufacturers (OEMs) to follow in order to receive type approval for all new vehicles (i.e., cars, trucks, and buses). Vehicle-level pentesting is one of the methods used to validate that the vehicle E/E architecture and software are protected against the various threats detailed in the regulation.
“We chose Argus to conduct the vehicle-level pentest based on its proven experience, knowledge, methodology and expertise,” said Emrah Duman, Ford Trucks Leader.
Argus’s ability to complete the testing and submit the required documentation to the auditors in an extremely short time frame with top quality results was critical for enabling us to meet our business goals.”
The vehicle-level pentest conducted by the Argus Consulting Services team covered all of the UNR 155 requirements for identifying potential threats that could be exploited to compromise critical components. The scope consisted of in-vehicle testing of components (e.g. ECUs) and network interfaces, as well as bidirectional communications with backend servers.
Argus’ unique testing approach enabled it to execute multiple testing activities in parallel and to complete the full scope of testing expeditiously. Following the test execution, Argus prepared a detailed report and mitigation plan which Ford Trucks submitted to the auditors for type approval.
“Argus is committed to working with world-leading vehicle brands to raise the level of cyber security and to streamline their regulatory compliance efforts,” said Yehuda Kaufman, VP Consulting and Research at Argus. “Our cyber security consultants bring a deep understanding of the compliance needs of OEMs, together with well-defined pentesting processes that have been acknowledged by multiple auditors. These capabilities provide OEMs with the peace of mind they need to achieve type approval certification quickly and meet their production timeline goals.”
Source: Argus Cyber Security