Funny that as I've commissioned dozens of Pen tests, and you are correct that you have to specify what you want them to test.
In this case it would have been...
"We've installed this video system in this test police car using this technology, which is accessed using a 3g modem over this network - These are the IP addreses - Please attempt: Unauthorised access to data, Unauthorised Access to configuration, remote manipulation of data, DoS vulnerabilities, attempt to break encryption, brute force passwords, list open ports etc etc etc"
Any Decent Pen test company will carry out an entire glut of tests on their own too. You don't have to specify everything down to the most minute detail of what they should test, otherwise what the hell is the point of paying an external company to do it for you?
A Pen test should have been carried out on this setup in a test environment BEFORE being deployed into real police Cars...
No one suggested that the PEN test would be the first step, or that the normal project flow not be followed... what have you been drinking?
Also, this can't possibly have been the real Pen test, as information gathered by Pen Testers is confidential - he would have been in breach of his contract to release the information in such a manner. Either that of the Contract written up for him will have been like swiss cheese.