Cybersecurity Analysis: TARA Basics

Cybersecurity Analysis: TARA Basics

Introduction

ISO 21434 outlines a litany of activities that must be performed in the design phase of a product. To list just a few, automakers must have what is known as a cybersecurity concept, defining the requirements and goals of the product’s security design. They must also consider the known weaknesses of the product from multiple levels of abstraction. For example, how the vehicle modules are networked and how the data is processed. One of the methods that can be used to identify these weaknesses, analyzing threats and the risks they carry, is the TARA. In this section, we’ll primarily be focused on the TARA portion of the design phase but will discuss the other stages in the process in later courses.

The mission of TARA (Threat Analysis and Risk Assessment) is to identify, evaluate, and manage cybersecurity risks associated with road vehicle systems, components, and functions throughout their life cycle to ensure their safety and compliance with the ISO 21434 standard.

The essence of Threat Analysis and Risk Assessment is to empower cybersecurity decisions made during the product design phase of any product. It could be software, hardware, or even processes to consider what risks are present and how to treat them. In simpler terms, we need to understand our products’ threats and define the associated risks to design the correct protections.


Why?

Ultimately we need to do this to achieve the desired product cybersecurity posture to protect the typical dimensions of risks.

  • Safety
  • Financial
  • Operational
  • Privacy

A significant driver in why we do this is the specific regulation released into law in UNECE member countries; UNR #155.

UN Regulation No. 155 defines the following definition:

Cyber Security Management System (CSMS)

“Cyber Security Management System (CSMS)” means a systematic risk-based approach defining organizational processes, responsibilities, and governance to treat risk associated with cyber threats to vehicles and protect them from cyberattacks."

The specific word choice of “systematic risk-based approach” is ultimately accomplished using the TARA methodology. The TARA aims to define threats and risks in a consistent, repeatable, and ongoing fashion to continue to manage risks even as the product continues to iterate and threats continue to evolve.

To achieve this CSMS UN Regulation No. 155 regulatory obligation, many OEMs have chosen to utilize ISO/SAE 21434: Road Vehicles — Cybersecurity Engineering as the standardized guidance on establishing an effective CSMS. In the context of TARA, ISO/SAE 21434 includes a dedicated chapter to define TARA methodology.

The objectives of a TARA according to ISO/SAE-21434 are:

  1. Identify assets, their cybersecurity properties, and their damage scenarios;
  2. Identify threat scenarios;
  3. Determine the impact rating of damage scenarios;
  4. Identify the attack paths that realize threat scenarios;
  5. Determine the ease with which attack paths can be exploited;
  6. Determine the risk values of threat scenarios; and
  7. Select appropriate risk treatment options for threat scenarios.

And this is ultimately why TARAs are required as part of an effective CSMS, which is obligated and enforced via United Nations Regulation #155.


Pit Stop — How are UNR-155 and ISO/SAE-21434 related?

  • UNR-155 is a legally enforced regulation that demands automakers implement a systematic risk-based approach to cybersecurity.
  • ISO/SAE-21434 offers a systematic risk-based approach that companies can follow

By following the guidance of 21434, automakers can demonstrate compliance with UNR-155.


What?

So we covered at a high level what a TARA is - a risk assessment that considers the definition of threats to derive impact and likelihood. Now let’s review the What at a deeper level to comprehend additional detail:

The specific elements of a TARA (Threat Analysis and Risk Assessment) process as referenced in ISO 21434 “Road vehicles - Cybersecurity engineering” standard include:

  1. Identification and assessment of the vehicle’s systems, components, and functions: This includes identifying the critical systems, components, and functions relevant to cybersecurity and assessing their potential vulnerabilities.

  2. Identification of cybersecurity threats: This includes identifying the potential cyber threats that could affect the vehicle’s systems, components, and functions and assessing their likelihood and impact.

  3. Evaluation of the vehicle’s cybersecurity controls and measures: This includes evaluating the design, development, and implementation of its cybersecurity controls and measures, such as firewalls, intrusion detection systems, and encryption, to determine their effectiveness in mitigating identified cybersecurity risks.

  4. Risk assessment: This includes evaluating the likelihood and impact of identified cybersecurity risks and the effectiveness of the implemented controls and measures. It also includes determining the level of risk and making the appropriate risk treatment decisions.

  5. Communication and documentation: This includes documenting the TARA process, including the results of the threat analysis, risk assessment, and risk treatment decision. It also includes communicating the results of the TARA process to all relevant stakeholders, such as vehicle manufacturers, suppliers, and regulatory authorities.

  6. Ongoing maintenance and monitoring: This includes continuous monitoring and maintenance of the vehicle’s cybersecurity controls and measures to ensure they continue effectively mitigating identified cybersecurity risks.

By conducting a TARA process, vehicle manufacturers and suppliers can identify, evaluate, and manage cybersecurity risks throughout the vehicle’s life cycle and ensure that the vehicle is safe to operate and meet the standard’s requirements.


Challenges

There are several challenges to performing high-quality TARAs (Threat Analysis and Risk Assessment) as referenced in ISO 21434 “Road vehicles - Cybersecurity engineering” standard. Some of these challenges include:

  1. Lack of expertise: Cybersecurity is a complex and rapidly evolving field, and it can be challenging for organizations to have the necessary knowledge to perform a TARA.

  2. Identifying all potential threats: As cyber threats are constantly evolving, it can be challenging to identify all potential threats to the vehicle’s systems, components, and functions.

  3. Evaluating the effectiveness of cybersecurity controls and measures: It can be challenging to determine the effectiveness of cybersecurity controls and measures, particularly when new and emerging technologies are involved.

  4. Assessing the likelihood and impact of identified cybersecurity risks: It can be challenging to accurately evaluate them, particularly when new and emerging technologies are involved.

  5. Identifying all relevant stakeholders: It can be challenging to identify all relevant stakeholders, such as vehicle manufacturers, suppliers, and regulatory authorities, and to communicate the results of the TARA process to them.

  6. Ensuring ongoing monitoring and maintenance: It can be challenging to continuously monitor and maintain the vehicle’s cybersecurity controls and measures, particularly when new and emerging technologies are involved.

  7. Complying with regulations and standards: It can be challenging to comply with them, such as ISO 21434, which is constantly evolving and changing.

  8. Finding the right balance between security and functionality: It can be challenging to find the right balance between security and functionality, particularly when new and emerging technologies are involved.

  9. Making the right risk treatment decision: Determining whether to avoid, reduce, transfer, or share the risk.

Despite these challenges, conducting a TARA is a critical step in ensuring the cybersecurity of road vehicles, and organizations should take the necessary steps to overcome these challenges to execute high-quality TARAs.

Solutions to this challenge are being developed, and this is an area Block Harbor is passionate about. Examples of Block Harbor’s solutions include:

  1. Awareness and Training - you are taking it now 🙂
  2. Standardized methodologies and tools.
  3. Standardized and iteratively improved threat databases.
  4. Collaboration across industry players - enable effective communication and sharing of information to be efficient and effective at performing TARAs. Based on the partnership, continue to build standardized data sets (to be defined from #3 above).

How?

Performing a TARA involves a systematic and structured process of identifying, evaluating, and managing cybersecurity risks throughout the vehicle’s life cycle and ensuring that the vehicle is safe to operate and meets the standard’s requirements.

Performing a TARA (Threat Analysis and Risk Assessment) at a high level involves several steps, as referenced in ISO 21434 “Road vehicles - Cybersecurity engineering” standard:

  1. Identification and assessment of the vehicle’s systems, components, and functions: This includes identifying the critical systems, components, and functions relevant to cybersecurity and assessing their potential vulnerabilities. This step helps to understand the scope of the assessment and define the boundaries of the systems, components, and functions that will be evaluated.

  2. Identification of cybersecurity threats: This includes identifying the potential cyber threats that could affect the vehicle’s systems, components, and functions and assessing their likelihood and impact. This step helps to understand the potential risks the systems, components, and functions are exposed to and how they could affect the vehicle’s security.

  3. Evaluation of the vehicle’s cybersecurity controls and measures: This includes evaluating the design, development, and implementation of its cybersecurity controls and measures, such as firewalls, intrusion detection systems, and encryption, to determine their effectiveness in mitigating identified cybersecurity risks. This step helps to understand the level of security that the systems, components, and functions currently have.

  4. Risk assessment: This includes evaluating the likelihood and impact of identified cybersecurity risks and the effectiveness of the implemented controls and measures. It also includes determining the level of risk and making the appropriate risk treatment decisions. This step helps to understand the level of risk the systems, components, and functions are exposed to and what actions should be taken to mitigate them.

  5. Communication and documentation: This includes documenting the TARA process, including the results of the threat analysis, risk assessment, and risk treatment decision. It also includes communicating the results of the TARA process to all relevant stakeholders, such as vehicle manufacturers, suppliers, and regulatory authorities. This step helps to provide evidence of the TARA process and to share the results with relevant parties.

  6. Ongoing maintenance and monitoring: This includes continuous monitoring and maintenance of the vehicle’s cybersecurity controls and measures to ensure they continue effectively mitigating identified cybersecurity risks. This step helps to ensure that the systems, components, and functions remain secure over time.

TARAs are performed at different levels of vehicle architecture. There are three main categories of TARA.

Vehicle - System - Component

At each level, the TARA procedures are conducted with different contexts in mind. As a part of the TARA process, the team performs an item definition, identifying the subject of the analysis and the operational environment. The operational environment determines the category of TARA. A vehicle-level TARA considers all vehicle functions and how they interact with external services. A system-level TARA considers only the modules in that system and how they interact. A component-level TARA looks exclusively at a single component and the threats and risks it is subject to.


Shared Responsibility

So now that we know what TARAs are and who is responsible for performing them:

According to ISO 21434 “Road vehicles - Cybersecurity engineering” standard, performing a TARA (Threat Analysis and Risk Assessment) falls on the manufacturer or the supplier. The manufacturer or supplier is responsible for identifying and assessing the cybersecurity risks associated with their systems, components, and functions and ensuring that their products meet the standard’s requirements. This includes conducting a TARA at the component, system, and vehicle levels.

However, the responsibility for performing a TARA may also be shared among different parties, such as the vehicle manufacturer, the supplier, the system integrator, and the final assembly stage. This is particularly true in cases where a vehicle’s systems, components, and functions are integrated from multiple sources. In such cases, the vehicle manufacturer should perform a TARA or integrator in coordination with the suppliers, system integrator, and final assembly stage.

It’s important to note that regulatory authorities may also perform TARAs by performing audits or inspections to ensure that manufacturers and suppliers comply with the standard.

Overall, the responsibility for performing a TARA is shared among the vehicle manufacturer, the supplier, the system integrator, and the final assembly stage, and it’s a collaborative effort that aims to ensure the cybersecurity of road vehicles throughout their life cycle and that they meet the requirements of the standard.


Summary

ISO 21434 “Road vehicles - Cybersecurity engineering” is the standard that provides guidelines for developing and maintaining cybersecurity in road vehicles, including light-duty and heavy-duty vehicles.

In the context of ISO 21434, TARA refers to the “Threat Analysis and Risk Assessment” process. This process identifies and assesses the cybersecurity risks associated with a vehicle’s systems, components, and functions. The TARA process is intended to be carried out during the development, production, and maintenance of road vehicles, and it should be used to evaluate the cybersecurity risks to the vehicle, its occupants, other road users, and the environment.

The TARA process is divided into two main parts:

  1. Threat Analysis: it’s focused on evaluating the design, development, and implementation of the vehicle’s cybersecurity controls and measures.
  2. Risk assessment focuses on evaluating the likelihood and impact of identified cybersecurity risks and the effectiveness of the implemented cont-rols and measures.

The TARA process is critical in the context of ISO 21434 because it helps vehicle manufacturers and suppliers to identify, evaluate, and manage cybersecurity risks throughout the vehicle’s life cycle and to ensure that the vehicle is safe to operate and meets the standard’s requirements.


Intro to Automotive Cybersecurity - Course Completion 77%
Last updated on