Validation testing
ISO/SAE 21434 defines validation as an activity to be performed at the vehicle level. The objective of this clause is to validate that the cybersecurity goals that were identified during the concept phase have truly been fulfilled now that the item has been integrated within the actual vehicle environment. A component supplier may perform cybersecurity goal validation by applying tests to an environment that emulates the vehicle. While it is not mandatory to do so, it is generally a good practice to validate that the cybersecurity goals that you’ve placed on your product are satisfied before the OEM discovers that they aren’t. Validation is usually carried out through penetration testing by attempting to violate cybersecurity goals through the discovery of unknown vulnerabilities. An OEM who is trying to prioritize ECUs for penetration testing may want all externally facing ECUs, such as telematics or infotainment, to be tested by a third party before...
