VPTaaS: Cyber Penetration Test as a Service for Future Vehicles

The automotive industry is facing an ever-growing threat from cybercrime, as evidenced by the 1.4 million vehicles recalled in 2015 due to security-related issues, and the halt in production across North American plants in June 2020 due to ransomware attacks. Thus, it is essential for vehicle manufacturers as well as vehicle owner to take proactive steps to protect their vehicles from cyber threats, such as implementing robust security measures and procedures, performing periodic cyber health-checks as part of vehicular servicing, and conducting penetration testing.

However, current penetration testing services often have incomplete coverage, limited testing environments, time constraints, high costs, false positives and negatives, and limited scope of testing. To address this need, this proposal puts forth a Penetration Test as a Service (VPTaaS) specialized only for vehicles, designed to detect and respond to cybersecurity events in and around vehicles, including the collection and analysis of log event data, responding to security events, and investigating root causes of anomalies. Additionally, VPTaaS will offer implementation support, assessment, attestation, and certification services with respect to cybersecurity and software-update practices and their respective industry standards, as well as incentive and reward programs to encourage white-hat hackers to report vulnerabilities they discover.