UNR155 Archives - AUTOCRYPT

14 August, 2025 . 6 mins read

An Integrated Approach to Automated Driving System (ADS) Validation

As we enter an era increasingly populated by highly autonomous vehicles, there is a vast range of dynamic driving scenarios that Automated Driving Systems (ADS) may encounter. From hazardous environmental conditions to internal system failures and external cybersecurity risks, ensuring ADS safety across diverse operating situations is essential for enabling safe autonomous driving experiences.

The recent release of “ISO 34505: 2025” underscores this need by providing a structured framework for generating, evaluating and managing test scenarios that reflect real world driving conditions. By standardizing how test scenarios should be defined and tested, the initiative aims to enable consistent, repeatable validation practices across the industry and thereby support development of robust ADS provision.

As autonomous systems grow more complex, the need for robust, scalable validation practices become increasingly critical. In response, an integrated approach — combining regulatory audits, system-level testing and adversarial simulations — provides OEMs and Tier 1 suppliers a structured path for both vehicle safety and regulatory compliance. Focusing on cybersecurity, this blog outlines the key components and methodologies of ADS Validation, and demonstrates how an integrated approach can be effectively executed.

Automated Driving System (ADS) Validation: Approach & Methodology

According to “SAE J3016: 2021”, Autonomous Driving System (ADS) refer to the collective technology stack responsible for performing dynamic driving tasks (DDT) at SAE Level 3 and above. With the system taking full responsibility for autonomous decision-making and vehicle control, validating ADS safety calls for identifying diverse validation targets and a multidisciplinary process for executing them.

I. Approach

The UNECE WP.29 Working Group emphasizes ADS Validation should be approached from multiple angles, including audit and assessment, simulation and virtual testing, real-world testing and more. Drawing on key industry whitepapers (e.g. The Autonomous Working Group, Association for Standardization of Automation and Measuring Systems, Mercedes-Benz), validation efforts can be broadly categorized into three core pillars: functional performance, internal system reliability and external cybersecurity resilience.

The first pillar, Functional Performance, focuses on ensuring the embedded vehicle system behaves as expected across a full range of driving conditions — particularly under abnormal scenarios such as complex environments or sensor limitations. In alignment with the “ISO 34505: 2025” standard, which outlines scenario-based ADS testing, this pillar evaluates system capabilities in perception, decision making and control execution under realistic conditions.

The second pillar, Internal System Reliability, addresses resilience against system-level faults. This includes the inspection of fault detection mechanisms, hardware failure mitigation strategies, and adherence with Automotive Safety Integrity Level (ASIL) grades. Relevant to the “ISO 26262: 2018” standard defining the framework around electrical/electronic (E/E) system failures, this pillar assesses the system’s ability to maintain safety in the presence of internal malfunctions.

The third factor, External Cybersecurity Resilience, evaluates the system’s tolerance against external cybersecurity threats. Verification over secure communication and data integrity under potential attacks such as vehicle hacking, spoofing and denial-of-service (DoS)) is a key objective of this pillar. Associated with the “ISO/SAE 21434: 2021” standard illustrating cybersecurity risk management for vehicle E/E systems across the lifecycle, this phase assesses the system’s ability to proactively mitigate attack vectors targeting sensors, ECUs and OTA updates.

II. Techniques

While various techniques exist to evaluate functional performance, system reliability and external attack resilience, this blog focuses on three core cybersecurity validation methods — Compliance Auditing, Software-in-the-Loop (SiL) Module Testing, Hardware-in-the-Loop (HiL) Penetration Testing — to better illustrate the differences across diverse validation approaches.

The first technique, Compliance Auditing, focuses on verifying whether development practices and system architectures align with established safety and cybersecurity regulations (e.g. ISO/SAE 21434, UN R155). This method is widely used by OEMs and Tier 1 suppliers to conduct gap analyses during early-development stages or in preparation for CSMS Certification audits, to check whether internal processes conform to regulatory requirements.

AutoCrypt CSTP Compliance serves as a representative tool to accommodate these needs by validating vehicle vulnerabilities on a unified platform. It supports multiple testing domains including Security Validation, Functional Testing, Penetration Testing, Fuzz Testing and Vulnerability Testing and consolidates results into a comprehensive report suitable for regulatory submission. By combining testing execution and documentation, it reduces redundant tasks and streamlines the compliance process.

Another key validation technique is Software-in-the-Loop (SiL) Module Testing, which assesses robustness of embedded security components in virtualized test environments before hardware integration. Commonly applied to TEE (Trusted Execution Environment) based key management testing and V2X certificate handling simulation, this technique enables rapid iteration and early validation of security logic in controlled conditions, before advancing to high-cost hardware testing.

In accordance with these needs, the AutoCrypt CSTP Functional Tester validates hardware-dependent security functions using virtual ECU models in a Software-in-the-Loop (SiL) environment. By integrating communication interfaces, debugging tools, ECU source code and test code, this solution facilitates early detection of design flaws and integration issues well before mass production.

Another core testing approach is Hardware-in-the-Loop (HiL) Penetration Testing, which evaluates cybersecurity resilience of physical ECUs by simulating real-world attack vectors in controlled HiL testing environments. Often applied for in-vehicle network fuzz testing and Telematics Control Units (TCUs) penetration testing, this technique identifies system vulnerabilities under actual runtime configurations, moving beyond theoretical scenarios.

Serving this purpose, the AutoCrypt CSTP Fuzzer solution actively injects malformed, unexpected inputs into in-vehicle networks to test ECU-level resistance to cyber intrusions. Covering a broad spectrum of communication layers including the Network Layer (e.g. CAN, CAN-FD, Automotive Ethernet), Application Layer (e.g. UDSonCAN, UDSonCAN-FD) and Transport/Data Layer (e.g. VehicleCAN, VehicleCAN-FD), the tool enables precise testing of vehicle systems under a wide range of adversarial conditions.

Effective ADS Validation through an Integrated Approach

With a wide range of checkpoints to address and multiple techniques available, establishing a cohesive and effective strategy for ADS validation is essential. To meet this need, a structured progression — from Compliance Auditing to Software-in-the loop Testing and finally to Penetration Testing — offers a practical pathway for comprehensive and efficient ADS validation.

At the first stage, Compliance Auditing defines the baseline and sets the strategic direction through regulatory compliance and process control.
Next, software design implementation and testing activities are supported through Software-in-the-Loop (SiL) Module Testing, which enables validation before hardware integration.
Lastly, Hardware-in-the-Loop (HiL) Penetration Testing technique can be utilized to observe real-world cybersecurity readiness under adversarial conditions.

This layered approach demonstrates how each phase builds upon and reinforces the next, enabling a robust and scalable validation framework.

With AUTOCRYPT being an authorized Vehicle Type Approval (VTA) Technical Service (TS) Provider , the firm is uniquely positioned to integrate diverse testing techniques and facilitate comprehensive ADS validation through the AutoCrypt CSTP Platform. From the AutoCrypt CSTP Compliance, which ensures design-level safety, to the AutoCrypt CTSP Functional Tester, which verifies correct functional behavior and the AutoCrypt CSTP Fuzzer able to test attack resilience, the platform enables a unified security analysis by consolidating all validation layers into a single, integrated platform.

Supporting a streamlined process for Vehicle Type Approval from ADS validation to export of results into compliance documents (e.g. TARA Report, Cybersecurity Test Report), the whole approval process can be effectively managed.

To learn more about the Autocrypt CSTP platform, check this page. For more information about our comprehensive suite of our automotive products & offerings, check this page.

27 June, 2025 . 5 mins read

Relationship between UN R155, UN R156 and ISO/SAE 21434, ISO 24089

As autonomous, connected vehicles evolve, so do risks associated with cybersecurity and software update management. Maintaining public safety being a top regulatory priority, certain regions like the European Union have introduced stringent compliance requirements for vehicle manufacturers and suppliers. Most notably, the UNECE Regulation No. 155 and UNECE Regulation No. 156 now mandate that automotive stakeholders demonstrate their ability to manage cyber risks and ensure secure software update processes.

To meet these legally binding requirements, industry players increasingly turn to internationally recognized standards such as ISO/SAE 21434 and ISO 24089 that delineate technical implementation measures. This blog post explores how ISO standards help translate UNECE requirements into actionable steps – focusing on the relationship between UN R155, UN R156 and technical standards, ISO/SAE 21434 and ISO 24089.

UN R155, UN R156 Regulation

As the name denotes, the UN R155, UN R156 “regulations” are legally binding requirements developed by UNECE WP.29, defining what must be done for vehicle type approval for passenger cars (M category), commercial vehicles (N category) and certain trailers (O category).

The foundational requirements for UN R155 and UN R156 differ based on their primary objectives. Under UN R155, vehicles with networked electronic components are required to establish a Cybersecurity Management System (CSMS), an organizational-level risk-management framework designed to maintain vehicle cybersecurity throughout the lifecycle. In contrast, UN R156 mandates the implementation of Software Update Management System (SUMS) for vehicles capable of receiving software updates, ensuring updates are secure, traceable and properly managed.

While these regulations give guidance on what to do, how to execute the guidelines is not provided, which is where technical standards like ISO/SAE 21434 and ISO 24089 come into play as implementation blueprints.

ISO/SAE 21434, ISO 24089 Standard

Unlike “regulations,” ISO/SAE 21434 and ISO 24089 are voluntary “standards” developed by ISO and SAE working groups. While not legally binding, they are widely adopted as technical frameworks to demonstrate compliance with UNECE requirements.

ISO/SAE 21434 focuses on managing cybersecurity risks across the vehicle lifecycle, detailing methods for identifying, evaluating and mitigating threats. Aligned with UN R155 which mandates the establishment of a Cybersecurity Management System (CSMS), the standard outlines core system capabilities, including governance, resource management and organizational responsibility. While the UN R155 regulation defines what must be established for vehicle cybersecurity, the ISO/SAE 21434 standard provides the framework for how to implement it.

Similarly, the ISO 24089 standard centers on the secure management of software updates, ensuring both functional performance and cybersecurity integrity are maintained. Following the mandate of UN R156 to establish a Software Update Management System (SUMS), the standard illustrates methods for software configuration tracking, secure update delivery, and validated installation procedures. Parallel to the relationship between UN R155 and ISO 21434, the UN R156 regulation defines what components are required for secure software updates, while the ISO 24089 standard outlines how to structure it.

Mapping ISO Standards to Cybersecurity and Software Update Requirements

Although ISO/SAE 21434 and ISO 24089 were not legally derived from UN R155 and UN R156, they share a common foundation. Both the standards and regulations emerged from the same regulatory push to mitigate cybersecurity threats associated with increasingly software-driven vehicles, which explains their current alignment. However, due to natural overlaps between cybersecurity and software update management, it would be an oversimplification to claim that ISO/SAE 21434 solely supports UN R155, or vice-versa.

ISO/SAE 21434 Support for UN R156

While ISO/SAE 21434 is not specifically a software update standard, it addresses cybersecurity considerations that arise in software update processes, particularly where secure deployment and threat mitigation intersect. This can be observed in ‘Clause 13. Operations and maintenance’ which covers cybersecurity activities during vehicle operation, including incident response, vulnerability monitoring, and post-production software updates. In this way, ISO/SAE 21434 partially supports components of a Software Update Management System (SUMS) relevant to UN R156, while primarily serving the requirements of UN R155.

ISO 24089 Support for UN R155

Similarly, ISO 24089, though not a cybersecurity standard, acknowledges the critical role of cybersecurity in software update workflows. For example, ‘Clause  5. Project level’ outlines roles, responsibilities, and planning processes that overlap with Cybersecurity Management System (CSMS) framework principles. As such, ISO 24089 partially supports operational requirements of the Cybersecurity Management System (CSMS) aligned with UN R155, and cannot be viewed in isolation from cybersecurity needs.

Taken together, while ISO/SAE 21434 is closely aligned with UN R155 for cybersecurity control and ISO 24089 with UN R156 for software updates, the distinction between the two is not clear-cut. Given the interconnected nature of both domains, areas of overlap exist where the two standards work in tandem to support shared regulatory objectives.

Streamlining Automotive Compliance

While the range of standards and regulations in automotive cybersecurity may seem complex, understanding how they interconnect allows stakeholders to navigate compliance with greater clarity and control.

AUTOCRYPT’s suite of in-vehicle cybersecurity solutions covering testing and consulting services is designed to align with the requirements of UN R155 and UN R156 and technical guidelines set by ISO/SAE 21434 and ISO 24089 standards. Supporting secure software update processes and cybersecurity control across the vehicle’s lifecycle, our services are positioned to help simplify compliance and improve informed decision-making.

Visit our UNECE WP.29 Consulting page to learn more about how OEMs and Tier suppliers can control cybersecurity measures for vehicle type approval.

To contact our team about how your company can get started, contact global@autocrypt.io.

12 April, 2024 . 4 mins read

Cybersecurity Management System for UNECE Regulation 155

The automotive industry is entering an important stage of cybersecurity implementation. In July of 2024, UNECE Regulation 155 (UN R155) about vehicle cybersecurity and Cybersecurity Management Systems (CSMS) is coming into full force. What does this mean for the larger automotive industry?

Vehicle manufacturers across the 64 WP.29 member countries will be required to adhere to regulatory compliance measures outlined in UNECE Regulation 155. Vehicles that do not comply with the regulations will not be eligible for registration starting July 2024. We can already see how the regulation is affecting the industry in the recent Porsche announcement. The company stated that they will be discontinuing the combustion-powered 718 Boxster convertible and the 718 Cayman models in certain countries, due to not meeting the cybersecurity standards outlined in UN R155 legislation.

UN R155 is a set of regulations developed by the United Nations Economic Commission for Europe (UNECE) pertaining to cybersecurity in vehicles. The regulation establishes cybersecurity requirements for the vehicle manufacturing process and vehicle type approval, aimed at enhancing the security of connected vehicles and increasing resilience against cyber threats.

Essential Approval Requirements

The essential UN R155 approval requirements for automotive cybersecurity, address standards and protocols for securing connected vehicles against cyber threats. However, UN R155 does not only focus on vehicle cybersecurity. The regulation oversees the entire vehicle manufacturing process, enforcing cybersecurity measures to be incorporated on an organizational level and throughout the vehicle’s entire lifecycle.

OEMs wishing to receive UN R155 approval must implement a cybersecurity management system that verifies secure operations throughout the vehicle development, production, and post-production phases.

Upon CSMS implementation OEMs must go through a CSMS assessment process, also known as a CSMS audit, that will be conducted by an appointed Approval Authority. During a CSMS audit, the Approval Authority assesses and verifies the manufacturer’s compliance with the requirements outlined in UN R155. If the assessment deems cybersecurity management system implementation successful, the OEM obtains the Certificate of Compliance for CSMS. The Certificate of Compliance is valid for three years and can be extended upon expiration.

Requirements for CSMS

The requirements for the Cybersecurity Management System are holistic in nature and call for vehicle manufacturers to follow cybersecurity-by-design principles. From a grander organizational perspective to granular vehicle attack vector assessments, the CSMS requirements seek appropriate cybersecurity measures that continuously monitor, detect, and respond to cyber threats across the vehicle development lifecycle According to UN R155, vehicle manufacturers should ensure that their Cybersecurity Management System complies with the following stipulations:

1. The vehicle manufacturer shall demonstrate that their CSMS applies to the vehicle development, production, and post-production stages.

2. The vehicle manufacturer shall demonstrate that the processes used within their CSMS to ensure security is adequately considered and implemented continuously. This requirement entails cybersecurity management processes, risk identification, assessment, and mitigation.

3. OEMs are expected to stay on top of new cyber threats and vulnerabilities, keeping their security measures current.

4. Vehicle manufacturers must be able to provide relevant data to support analysis of attempted or successful cyberattacks to their designated Approval Authority.

5. OEMs shall demonstrate that the processes used within their CSMS will ensure that cyber threats and vulnerabilities are addressed and mitigated within a reasonable time frame.

6. Vehicle manufacturers must be able to demonstrate how their CSMS will manage dependencies that may exist with suppliers, service providers, or manufacturer’s sub-organizations. This means that OEMs are accountable for implementing and verifying cybersecurity practices along their supply chains.

Requirements beyond the CSMS

Meeting cybersecurity management system requirements and obtaining the CSMS Certificate of Compliance is the first step of the regulatory compliance process. UN Regulation 155 also includes an array of cybersecurity requirements for vehicle type approval. The type approval process focuses on the effectiveness of the security measures implemented in the actual vehicle and its components.

Our latest ebook delves into the key vehicle components to focus on for UN R155 type approval and can offer insight into how different vehicle components require different types of cybersecurity measures.

Download eBook

Automotive cybersecurity implementation cannot be done in a one-size-fits-all manner. Different OEMs will have different cybersecurity and testing needs based on their organizational structures, vehicle manufacturing processes, and supply chains. With industry-leading expertise accumulated through years of experience in cybersecurity implementation, AUTOCRYPT offers professional consulting services for automotive OEMs and suppliers in establishing the CSMS.

To learn more about our CSMS Consulting Services and cybersecurity regulation compliance, contact global@autocrypt.io.

22 February, 2024 . 4 mins read

The Role of Penetration Testing in the Automotive Industry

The esteemed hackathon Pwn2Own has had its first ever automotive-focused event in Tokyo, Japan this January. At the end of the three-day hackathon, hackers identified 49 unique zero-day exploits, accumulating over a million dollars in awarded bounties. Hackathons like this have been common practice in the tech industry for years, however, they are just getting popular in the automotive sector.

During these hackathons, white-hat hackers gather to uncover zero-day vulnerabilities in vehicles and their systems. While hacking may have its negative connotations, ethical hacking performed in these events is better defined by the term penetration testing.

As technology advances, vehicles become increasingly vulnerable to cyber threats. Securing vehicles from these cyber threats requires extensive and proactive cyber security practices that not only protect vehicles but also actively search for new vulnerabilities in constantly developing systems. In this blog, we delve into the realm of automotive penetration testing, a critical practice aimed at identifying weaknesses in vehicle security systems.

Understanding Automotive Penetration Testing

Automotive penetration testing, or pentesting, is a process designed to identify vehicle vulnerabilities by means of hacking into specific components of a vehicle. This proactive way of cybersecurity testing allows for the uncovering of security gaps in a controlled environment.

Penetration tests can be conducted internally by cybersecurity experts employed by an OEM, as well as externally, by independent ethical hackers. Upon successful identification of a vehicle vulnerability, hackers share their findings with an OEM for further investigation and remediation.

Besides vulnerability assessment, penetration testing provides positive feedback that can be used for attack surface analysis and compliance assessment.

Attack surface analysis allows cybersecurity experts to evaluate potential entry points that malicious actors could exploit to breach a vehicle’s system. The adoption of connected features in vehicles, such as IoT devices, telematics systems, and infotainment units, has opened up new avenues for cyber attacks. The exponential growth in vehicle technology multiplies the avenues hackers can exploit to gain unauthorized access to vehicle systems, compromise safety features, or steal sensitive data. Hence, penetration testing can be used to uncover the vulnerabilities within the system and also the various entry points and attack vectors that can be used to exploit said vulnerability.

For instance, to identify security gaps in a vehicle’s external communications a hacker may conduct a penetration test on ECUs responsible for a vehicle’s connectivity functions like Wi-Fi or V2X. Hacking into these individual ECUs allows cybersecurity experts to generate a threat model that lays out the potential entryways, threats, and influences that may impact an ECU.

Why Automotive Penetration Testing Matters

By conducting thorough security assessments manufacturers can identify vulnerabilities in vehicle systems and address them proactively. This not only enhances the overall security of vehicles but also helps meet regulatory obligations effectively.

Vehicle security regulations have evolved to include robust cybersecurity measures as compliance requirements. UN Regulation No. 155 (UN R155), aimed at ensuring the cybersecurity of vehicles, mandates manufacturers to implement measures to protect against unauthorized access, manipulation, and theft of data.

To comply with the regulations manufacturers must conduct and document risk assessment tests, implement appropriate cybersecurity measures, detect, and respond to possible cyber attacks, as well as log data to support the detection of cyber attacks. Considering the extent of risk assessment required, it is clear that automotive penetration testing serves as a crucial tool in achieving and maintaining compliance with UN R155 requirements.

The Importance of Collaboration for Cybersecurity Testing

Compliance with regulations may be time-consuming and costly for vehicle manufacturers. Therefore, collaboration between automotive manufacturers, cybersecurity experts, and regulatory bodies is essential for effective security assessments. Comprehensive solutions that allow for continuous testing, threat intelligence gathering, and integrating security measures into the development process are crucial to ensure cybersecurity best practices.

AutoCrypt CSTP serves as a comprehensive cybersecurity testing platform that enables automotive OEMs to conduct cybersecurity testing for regulatory compliance and share integrated results for vehicle type approval. The newly launched platform runs a variety of vulnerability testing techniques, like penetration testing, engineering specification testing, and fuzz testing, using test cases mapped out for UN R155/156 and GB (GB/T).

As vehicles become increasingly connected, securing them against cyber threats is paramount. Automotive penetration testing emerges as a vital practice in safeguarding vehicles and ensuring the safety and security of drivers and passengers. By adhering to best practices, collaborating with industry stakeholders, and staying on top of regulatory requirements, automotive manufacturers can build resilient vehicles capable of withstanding the challenges of the digital age.