Automotive Cybersecurity Standards and Frameworks

What is a Cybersecurity Management System?

A Cybersecurity Management System (CSMS) is a comprehensive framework used by organizations, particularly in the automotive industry, to manage cybersecurity risks throughout the lifecycle of a vehicle or automotive product. It ensures that cybersecurity is embedded into all phases of product development, from concept to post-production, and helps in complying with relevant industry standards and regulations, such as ISO/SAE 21434 and UNECE WP.29 (UN Regulation No. 155).

Key Functions of a CSMS:

  1. Risk Management: Identifying, assessing, and mitigating cybersecurity risks associated with automotive systems and components.
  2. Threat Analysis: Performing detailed threat modeling to evaluate potential cybersecurity threats and vulnerabilities.
  3. Security by Design: Incorporating cybersecurity considerations into the design, development, and deployment phases of automotive systems.
  4. Incident Response: Ensuring there are procedures in place to detect, respond to, and recover from cybersecurity incidents, including post-production issues.
  5. Compliance and Auditing: Managing and documenting compliance with cybersecurity standards, and ensuring continuous auditing and monitoring for maintaining security levels.
  6. Continuous Monitoring: Keeping up-to-date with evolving threats and vulnerabilities, ensuring that systems remain secure post-deployment.

A CSMS is essential for automakers, suppliers, and other stakeholders in the automotive ecosystem to address cybersecurity challenges in connected and autonomous vehicles.

Introduction to ISO/SAE 21434: Road Vehicles – Cybersecurity Engineering

ISO/SAE 21434 is an international standard developed collaboratively by the International Organization for Standardization (ISO) and the Society of Automotive Engineers (SAE) to address cybersecurity risks in road vehicles throughout their lifecycle. Published in August 2021, it provides guidelines for identifying and mitigating cybersecurity threats, ensuring that security is built into automotive systems from the concept phase through development, production, operation, maintenance, and decommissioning.

Purpose and Importance

The automotive industry is increasingly embracing connected and autonomous vehicles, which are more vulnerable to cybersecurity threats. ISO/SAE 21434 helps manufacturers, suppliers, and stakeholders protect road vehicles against these cyber risks by outlining a systematic approach to managing cybersecurity throughout the product lifecycle.

Key Objectives

ISO 21434’s key objectives include:

  1. Risk Management: Offering a comprehensive framework for identifying and addressing cybersecurity risks in automotive systems.
  2. Security by Design: Ensuring cybersecurity is embedded into every phase of product development, from concept to decommissioning.
  3. Collaboration: Facilitating collaboration across the automotive supply chain to ensure that all stakeholders meet cybersecurity requirements.
  4. Regulatory Compliance: Assisting automotive companies in meeting regulations such as UNECE WP.29 R155, which mandates that manufacturers have a certified Cybersecurity Management System (CSMS).

Scope of ISO/SAE 21434

The standard covers the entire lifecycle of automotive systems:

  1. Concept Phase: Identifying cybersecurity goals, potential risks, and overall security needs for vehicle systems.
  2. Development Phase: Incorporating cybersecurity measures into system architecture and software design.
  3. Production Phase: Ensuring secure manufacturing and assembly processes.
  4. Operation and Maintenance: Managing cybersecurity threats during the operational phase, including vulnerability monitoring and incident response.
  5. Decommissioning: Safeguarding against potential security risks during system decommissioning or end-of-life activities.

Key Components of ISO/SAE 21434

  1. Threat Analysis and Risk Assessment (TARA): The standard emphasizes performing TARA to identify potential threats, vulnerabilities, and associated risks. Based on this analysis, mitigation strategies are developed.
  2. Cybersecurity Goals: Defining security objectives aligned with the risk assessment results, focused on protecting critical vehicle components and functions.
  3. Security Controls: Implementing technical and organizational controls to address identified risks. This includes encryption, access control, secure communication protocols, and intrusion detection systems.
  4. Cybersecurity Assurance Levels (CALs): Classifying systems based on the required level of cybersecurity assurance, which defines the rigor of cybersecurity activities applied.
  5. Post-Production and Incident Response: Managing and addressing potential vulnerabilities or incidents that arise after the vehicle is in the market, including regular updates and patches.

Relation to UNECE WP.29 and CSMS

ISO/SAE 21434 aligns closely with UNECE WP.29 R155, which mandates that all vehicle manufacturers establish a Cybersecurity Management System (CSMS). ISO 21434 provides the technical and procedural foundation for implementing such a system, ensuring that all cybersecurity risks are addressed across the vehicle lifecycle.

Benefits of ISO/SAE 21434

  • Mitigating Cyber Risks: Proactively addressing cybersecurity risks to protect vehicles from cyberattacks.
  • Regulatory Compliance: Helping manufacturers comply with global regulations like UNECE WP.29.
  • Enhanced Safety: Ensuring that security and safety are treated as interconnected concerns in the design and development of vehicles.
  • Customer Trust: Providing assurance to consumers that their vehicles are secure and protected against cyber threats.

In summary, ISO/SAE 21434 offers a comprehensive framework to ensure cybersecurity is an integral part of the automotive system lifecycle, from development to decommissioning, helping the automotive industry mitigate evolving cyber risks while ensuring compliance with global standards and regulations.

Key Clauses in ISO/SAE 21434

  1. Clause 1 – Scope
    • Defines the scope of the standard, which includes cybersecurity engineering for road vehicles throughout their entire lifecycle. It applies to electrical and electronic (E/E) systems in vehicles, addressing risks during development, production, operation, maintenance, and decommissioning.
  2. Clause 2 – Normative References
    • Provides a list of documents and standards referenced within ISO/SAE 21434. These documents support the implementation and interpretation of this standard.
  3. Clause 3 – Terms and Definitions
  • Defines key terms and concepts related to cybersecurity, such as “threat,” “vulnerability,” “risk,” “cybersecurity goal,” and “Cybersecurity Assurance Level (CAL),” among others. This ensures consistency in the application of the standard.
  1. Clause 4 – General Requirements
    • Establishes overarching requirements for cybersecurity management throughout the organization. It includes aspects such as defining roles and responsibilities, ensuring competence in cybersecurity-related tasks, and establishing processes for cybersecurity engineering.
  2. Clause 5 – Cybersecurity Management
    • Focuses on the organization’s Cybersecurity Management System (CSMS). It describes the requirements for establishing and maintaining a CSMS, which ensures that cybersecurity is systematically addressed. This clause aligns with UNECE WP.29 R155 and requires regular updates to address new threats and vulnerabilities.
  3. Clause 6 – Project-dependent Cybersecurity Management
    • Defines project-specific activities required to manage cybersecurity in a particular development project. This includes activities such as cybersecurity planning, monitoring, and ensuring communication and coordination between all project stakeholders.
  4. Clause 7 – Continual Cybersecurity Activities
    • Covers ongoing activities related to cybersecurity that continue throughout the entire product lifecycle. These include vulnerability monitoring, incident response, and post-development security updates. The clause emphasizes the need for proactive monitoring and incident management after a vehicle is released.
  5. Clause 8 – Risk Assessment Methods
    • Provides detailed guidance on performing Threat Analysis and Risk Assessment (TARA). This is a core component of ISO/SAE 21434, where potential threats, vulnerabilities, and risks are identified and assessed to determine the level of protection required for different systems or components.
    • This clause outlines the processes for identifying assets, determining potential damage scenarios, assessing impact and likelihood, and defining security measures to mitigate risks.
  6. Clause 9 – Concept Phase
    • Focuses on the early stages of the product lifecycle, where the cybersecurity goals and requirements are defined. In this phase, high-level threat analysis is performed to understand the potential risks, and initial cybersecurity measures are identified.
  7. Clause 10 – Product Development: System Level
    • Provides requirements for incorporating cybersecurity into system-level design during product development. This includes defining security mechanisms and ensuring that all identified risks are mitigated by implementing security controls in the system architecture.
  8. Clause 11 – Product Development: Hardware Level
    • Describes cybersecurity considerations specifically related to the development of hardware components. It ensures that cybersecurity threats affecting the hardware are identified and addressed during the design and development of hardware components.
  9. Clause 12 – Product Development: Software Level
    • Focuses on cybersecurity requirements during software development. It covers secure coding practices, software vulnerability management, and ensuring that software components are protected against cyber threats.
    • This clause also emphasizes software verification and validation to ensure that cybersecurity controls are correctly implemented.
  10. Clause 13 – Cybersecurity Validation
    • Provides requirements for validating the effectiveness of implemented cybersecurity measures. It ensures that the system, hardware, and software have been adequately tested to confirm that the identified risks have been mitigated, and that the system is resistant to potential cyberattacks.
  11. Clause 14 – Production
    • Covers cybersecurity aspects during the production phase, ensuring that secure manufacturing processes are in place and that cybersecurity risks during production are minimized.
  12. Clause 15 – Operations and Maintenance
    • Describes the processes for maintaining the security of the vehicle after it has been released into the market. This includes monitoring for new threats and vulnerabilities, issuing security updates, and managing incident responses.
  13. Clause 16 – Decommissioning
    • Focuses on managing cybersecurity risks when a vehicle or system is decommissioned or taken out of service. This ensures that sensitive data and security-related information are properly handled and that no security vulnerabilities are introduced during decommissioning.

Summary of Key Activities Across Clauses

  • Cybersecurity Management (Clause 5): Ensures the organization maintains a structured approach to managing cybersecurity risks.
  • Risk Assessment (Clause 8): Details methods for identifying and evaluating cybersecurity threats and vulnerabilities.
  • Development Phases (Clauses 9-12): Ensures cybersecurity is embedded into each phase of system, hardware, and software development.
  • Cybersecurity Validation (Clause 13): Validates the effectiveness of cybersecurity measures through testing.
  • Post-Production (Clauses 15-16): Focuses on maintaining security during vehicle operation and handling decommissioning securely.

Organizational Cybersecurity Management as per ISO/SAE 21434 is the structured approach that automotive companies need to implement to manage cybersecurity risks across all stages of the vehicle lifecycle, from development through decommissioning. The standard mandates that organizations establish policies, roles, processes, and resources to ensure that cybersecurity risks are consistently identified, mitigated, and monitored.

Key Components of Organizational Cybersecurity Management in ISO/SAE 21434:

  1. Cybersecurity Policy and Objectives:
    • Organizations must establish a cybersecurity policy that sets out clear objectives for managing cybersecurity risks.
    • The policy should align with the organization’s overall strategic goals and cover all phases of product development and operations, addressing regulatory and customer expectations.
  2. Roles and Responsibilities:
    • Cybersecurity tasks and responsibilities must be clearly defined at all organizational levels.
    • This includes designating a cybersecurity officer or team responsible for ensuring the successful execution of cybersecurity activities.
    • Clear responsibilities should be assigned for threat analysis, risk management, monitoring, and incident response.
  3. Cybersecurity Management System (CSMS):
    • The Cybersecurity Management System (CSMS) is central to ISO/SAE 21434. It ensures that cybersecurity is embedded into every phase of vehicle development and operation.
    • The CSMS includes processes for identifying and addressing risks, maintaining security during development, and managing incidents during the operational phase.
    • The CSMS must be continuously updated to respond to new threats, vulnerabilities, and regulatory requirements.
    • Compliance with the UNECE WP.29 R155 regulation requires manufacturers to have a certified CSMS, which ISO/SAE 21434 helps establish.
  4. Risk Management Process:
    • Organizations are required to implement a comprehensive cybersecurity risk management process.
    • This process involves Threat Analysis and Risk Assessment (TARA), which identifies potential threats, assesses the vulnerabilities of automotive systems, and evaluates the potential impact of those threats.
    • Based on TARA, organizations must define cybersecurity goals and implement controls to mitigate identified risks.
  5. Training and Competence:
    • Organizations must ensure that personnel involved in cybersecurity tasks are properly trained and competent to manage cybersecurity risks.
    • Regular cybersecurity training programs should be conducted for engineers, managers, and all relevant personnel to keep them up-to-date on the latest threats, technologies, and security practices.
  6. Cybersecurity Culture:
    • The organization should foster a cybersecurity-conscious culture, ensuring that employees at all levels understand the importance of cybersecurity and their role in protecting the company’s products and services from cyber threats.
    • Establishing cybersecurity awareness programs helps ensure that cybersecurity considerations are integrated into day-to-day business operations.
  7. Cybersecurity Lifecycle Management:
    • ISO/SAE 21434 requires that cybersecurity be considered throughout the entire product lifecycle: from concept, design, development, production, and post-production phases to decommissioning.
    • For each phase, specific cybersecurity activities must be performed to identify and mitigate risks.
    • Development Phase: Integrating cybersecurity during system, hardware, and software design.
    • Production Phase: Ensuring secure manufacturing practices to prevent vulnerabilities.
    • Post-production: Monitoring for new threats and vulnerabilities, ensuring systems are updated with patches and secure software updates.
    • Decommissioning: Safeguarding sensitive data and systems as the vehicle or component is decommissioned.
  8. Cybersecurity Incident Response:
    • Organizations must have an Incident Response Plan (IRP) in place to detect, respond to, and recover from cybersecurity incidents. This plan must detail how the organization will manage an incident to minimize damage and ensure system recovery.
    • Regular testing of the incident response process, through simulated cyberattacks or tabletop exercises, is essential to ensure preparedness.
  9. Continuous Monitoring and Improvement:
    • As cybersecurity threats evolve, organizations are required to continuously monitor their systems, perform regular vulnerability scans, and assess the effectiveness of their security controls.
    • A process of continuous improvement should be implemented to ensure that the cybersecurity management processes evolve with emerging threats,technology changes, and new regulatory requirements.
    • This includes periodic audits and security assessments to evaluate compliance with the standard and identify areas for improvement.
  10. Supply Chain Cybersecurity:
    • ISO/SAE 21434 requires that cybersecurity measures be extended to third-party suppliers and vendors who contribute components or services to the automotive system.
    • Organizations must establish cybersecurity requirements for suppliers, conduct regular security assessments of the supply chain, and ensure that third-party products do not introduce vulnerabilities into the vehicle’s systems.
    • The supply chain risk management process should be integrated into the overall CSMS.
  11. Documentation and Record Keeping:
    • Detailed documentation is critical to ensuring transparency, accountability, and traceability in managing cybersecurity risks. This includes maintaining records of cybersecurity analyses, design decisions, testing, incidents, and updates.
    • ISO/SAE 21434 emphasizes the importance of maintaining traceability between cybersecurity risks, design decisions, and implemented controls.
  12. Compliance and Regulatory Requirements: + The organization must ensure compliance with international standards and regulatory frameworks like ISO/SAE 21434 and UNECE WP.29. + This includes adhering to specific regulatory requirements, maintaining a CSMS, and regularly reporting to relevant authorities or certification bodies.

Summary of Organizational Cybersecurity Management in ISO/SAE 21434:

  • Governance: Establish clear cybersecurity policies, objectives, roles, and responsibilities.
  • CSMS: Implement and maintain a Cybersecurity Management System to ensure continuous risk management throughout the vehicle lifecycle.
  • Risk Management: Conduct thorough risk assessments and implement risk mitigation strategies based on threat analysis.
  • Training: Ensure that personnel are trained and competent in cybersecurity processes.
  • Lifecycle Integration: Manage cybersecurity risks across all phases of the product lifecycle, including development, production, operation, and decommissioning.
  • Incident Response: Have an incident response plan in place to quickly and effectively manage cybersecurity incidents.
  • Supply Chain: Extend cybersecurity requirements to suppliers and third-party vendors.
  • Continuous Monitoring: Regularly assess and improve cybersecurity processes through continuous monitoring and audits.

By following the principles outlined in ISO/SAE 21434, organizations can systematically manage cybersecurity risks, ensure regulatory compliance, and safeguard the security of their automotive systems from development to decommissioning.

Project-Dependent Cybersecurity Management as per ISO/SAE 21434 (covered in Clause 6) involves managing cybersecurity risks specific to individual projects. While organizational cybersecurity management addresses the broader, overarching processes and policies at the organizational level, project-dependent cybersecurity management focuses on how these policies are tailored, applied, and monitored within the scope of a specific vehicle, system, or component development project.

This clause ensures that cybersecurity activities are consistently integrated into each project, from concept to post-production, ensuring that every project within the organization complies with cybersecurity best practices and standards.

Key Components of Project-Dependent Cybersecurity Management

  1. Cybersecurity Planning
    • Each project must have a Cybersecurity Plan that defines the specific cybersecurity activities to be performed during the project lifecycle. This plan ensures that the project is aligned with the organization's overall cybersecurity policies and objectives.
    • The cybersecurity plan outlines how cybersecurity risks will be addressed during the project's concept, development, production, and operational phases.
    • It includes resources, timelines, roles, responsibilities, and the cybersecurity activities that will be carried out at each stage.
  2. Cybersecurity Goals and Requirements
    • During the project’s concept phase, cybersecurity goals must be defined based on a preliminary risk assessment. These goals identify what needs to be protected and set the foundation for the security measures that will be implemented.
    • The goals and requirements should be project-specific, considering the nature of the vehicle system, component, or software under development, and the associated risks and vulnerabilities.
    • These cybersecurity requirements are derived from Threat Analysis and Risk Assessment (TARA), ensuring that each project has a clear understanding of its risk profile.
  3. Risk-Based Approach
    • Projects must apply a risk-based approach to prioritize cybersecurity efforts. This involves conducting TARA to identify and assess potential threats, vulnerabilities, and risks associated with the specific project.
    • The analysis helps in tailoring cybersecurity measures to the project by focusing on the most critical threats and high-risk areas.
  4. Roles and Responsibilities
    • The project must clearly define and assign project-specific cybersecurity roles and responsibilities. This ensures that the cybersecurity activities are carried out by the appropriate individuals or teams.
    • The roles might include cybersecurity engineers, system architects, project managers, and others responsible for ensuring that cybersecurity is integrated into the project’s lifecycle.
    • The responsibilities include executing TARA, implementing security controls, testing, and ensuring compliance with cybersecurity standards.
  5. Coordination and Communication
    • Effective coordination and communication between various stakeholders involved in the project are critical for successful cybersecurity management.
    • This includes communication between cybersecurity teams, engineering teams, suppliers, and any other parties involved in the project. Clear lines of communication help in resolving cybersecurity issues, ensuring that all parties are aware of their roles and responsibilities.
  6. Tailored Cybersecurity Processes
    • The cybersecurity processes established by the organization (under the CSMS) must be tailored and applied to the specific project. For example, the risk management framework, incident response plans, and monitoring procedures are adapted based on the needs and characteristics of the project.
    • The specific security measures, such as encryption, authentication, and access controls, should be aligned with the cybersecurity goals of the project.
  7. Cybersecurity Requirements Verification
    • Throughout the project, the cybersecurity requirements must be verified to ensure that they have been correctly implemented.
    • This involves testing and validation activities to confirm that the cybersecurity controls address the identified risks effectively.
    • Each project phase should include cybersecurity verification checkpoints to ensure compliance with both the project-specific cybersecurity plan and overall organizational policies.
  8. Project-Specific Cybersecurity Risk Treatment
    • The identified risks and vulnerabilities in a specific project need to be addressed by applying appropriate risk treatment measures. These measures could include technical controls (e.g., encryption, intrusion detection), organizational measures (e.g., access control policies), or even redesigning certain components to improve security.
    • Risk treatment must be proportional to the severity and likelihood of the risks identified in the specific project.
  9. Cybersecurity Monitoring and Incident Handling
    • Project-dependent cybersecurity management also includes ensuring that each project has proper processes in place for monitoring cybersecurity risks post-production.
    • This includes mechanisms for tracking vulnerabilities, responding to incidents, and updating the system or vehicle with patches or new security measures as needed.
    • Incident handling plans must be adapted for the specific project, ensuring quick detection, containment, and recovery from cyber incidents related to the project.
  10. Compliance with Standards and Regulations + Each project must ensure compliance with relevant standards (such as ISO/SAE 21434) and regulatory requirements (such as UNECE WP.29). + This involves maintaining documentation that demonstrates how cybersecurity requirements were identified, implemented, tested, and verified in the specific project.
  11. Cybersecurity Assessment and Audits + Regular cybersecurity assessments and audits should be performed at the project level to ensure that the cybersecurity plan is being followed, and that cybersecurity controls are effective. + Audits also ensure that the project remains compliant with ISO/SAE 21434 and any applicable regulations throughout the project’s lifecycle.
  12. Supply Chain Considerations
    • For each project, the organization must extend cybersecurity management to its suppliers and third-party vendors.
    • Suppliers must meet cybersecurity requirements, and regular assessments should be conducted to ensure that they are not introducing vulnerabilities into the project.
    • This requires close collaboration with suppliers to ensure that security measures are maintained across the supply chain.

Summary of Project-Dependent Cybersecurity Management in ISO/SAE 21434:

  • Cybersecurity Planning: A detailed cybersecurity plan must be created for each project, outlining specific cybersecurity activities and responsibilities.
  • Risk-Based Approach: Conduct threat analysis and risk assessments to identify project-specific risks and prioritize cybersecurity efforts.
  • Tailored Processes: Apply and adapt organizational cybersecurity policies to the unique aspects of each project.
  • Roles and Responsibilities: Clearly define roles and assign responsibilities for cybersecurity management within the project.
  • Coordination: Ensure effective communication and collaboration between all stakeholders involved in the project.
  • Verification and Validation: Regularly verify and validate that cybersecurity requirements are being met throughout the project lifecycle.
  • Compliance: Ensure that the project complies with ISO/SAE 21434 and any regulatory requirements.
  • Incident Response: Prepare for potential incidents and ensure effective post-production monitoring and updates.

By implementing project-dependent cybersecurity management, organizations ensure that cybersecurity is not only addressed at a high level but is also systematically integrated and managed at the individual project level, ensuring that each automotive system or component meets the necessary cybersecurity standards and regulatory requirements.

Threat Analysis and Risk Assessment (TARA) as per ISO/SAE 21434 is a systematic process used to identify and assess cybersecurity threats and risks in the automotive sector. The purpose of TARA is to understand the potential cybersecurity threats to a vehicle system, evaluate the associated risks, and determine the appropriate countermeasures to mitigate these risks. This is a critical step in ensuring that automotive systems are secure throughout their lifecycle.

Key Objectives of TARA in ISO/SAE 21434:

  1. Identify Assets and Risks: Identify the critical components or systems (assets) that need to be protected.
  2. Analyze Potential Threats: Analyze possible cybersecurity threats to those assets.
  3. Assess Vulnerabilities: Identify weaknesses that could be exploited by the threats.
  4. Assess Impact and Likelihood: Evaluate the potential impact of a successful cyberattack and how likely it is to happen.
  5. Define Security Measures: Based on the assessment, determine what security controls or measures are needed to mitigate or reduce the risks.

Steps Involved in TARA as per ISO/SAE 21434:

  1. Asset Identification:
    • Identify the assets within the system that need protection. Assets can include hardware components, software systems, communication interfaces, data, and even user information.
    • Assets should be classified based on their importance or criticality. For example, critical components such as an Electronic Control Unit (ECU) that manages braking may require higher security protection compared to a non-critical infotainment system.
  2. Threat Identification:
    • Identify potential threats that could target the identified assets. Threats can come from external attackers, insider threats, or unintentional errors that could compromise the system.
    • Threats should be categorized based on their nature, such as physical attacks (e.g., tampering with the hardware), software attacks (e.g., exploiting software vulnerabilities), or communication attacks (e.g., man-in-the-middle attacks on vehicle networks).
  3. Vulnerability Identification:
    • Once threats are identified, analyze the system to identify vulnerabilities that could be exploited by these threats. Vulnerabilities are weaknesses in the system that an attacker could exploit to compromise an asset.
    • Vulnerabilities may arise from insecure coding practices, poor access control, lack of encryption, or inadequate system design.
  4. Impact Assessment:
    • Assess the potential impact of a successful attack on each identified asset. The impact is evaluated based on how much harm or damage the attack could cause.
    • This includes considering the consequences for safety (e.g., loss of control of the vehicle), financial loss, operational disruption, or damage to the company's reputation.
  5. Likelihood Assessment:
    • Assess the likelihood of a threat successfully exploiting a vulnerability. The likelihood is influenced by factors such as the complexity of the attack, the skill level required, and the availability of the exploit.
    • The higher the likelihood of an attack being successful, the greater the risk it poses.
  6. Risk Determination:
    • Once the impact and likelihood are determined, the risk level for each threat is calculated. Risk is typically expressed as the product of impact and likelihood representing the severity of the potential threat.
    • Risks are then categorized into levels such as low, medium, high, or critical, depending on the results of the assessment.
  7. Risk Treatment:
    • Based on the risk levels, appropriate risk treatment measures or security controls are determined to mitigate or reduce the risks. These could include technical solutions like encryption, authentication mechanisms, or secure communication protocols, as well as organizational measures like access control policies and monitoring systems.
    • In cases where the risk is too high and cannot be mitigated, other strategies such as risk avoidance (modifying the system design) or risk transfer (outsourcing security responsibilities) may be considered.
  8. Cybersecurity Goals and Requirements:
    • Based on the TARA results, define cybersecurity goals and requirements. These goals guide the design and implementation of security measures in the system development process.
    • For example, if a risk of unauthorized access to vehicle control systems is identified, a cybersecurity goal might be to ensure secure access control to critical vehicle functions.
  9. Risk Monitoring and Review:
    • Risks are not static, so ongoing monitoring and review are necessary to ensure that new threats, vulnerabilities, and risks are identified and managed over time.
    • This step involves updating the threat analysis and risk assessment as new information becomes available or when the system undergoes changes.

Key Concepts in TARA as per ISO/SAE 21434:

  1. Cybersecurity Assurance Levels (CALs):

    • ISO 21434 introduces the concept of Cybersecurity Assurance Levels (CALs), which classify the system based on the level of cybersecurity needed. CALs range from CAL 1 (low) to CAL 4 (very high).
    • The level is determined based on the outcome of the TARA, with higher assurance levels requiring more stringent security controls.

  2. Confidentiality, Integrity, Availability (CIA Triad):

    • The CIA Triad is often used to frame security requirements and threats. In automotive cybersecurity, it refers to:
      • Confidentiality: Ensuring that sensitive information (e.g., vehicle data, user information) is protected from unauthorized access.
      • Integrity: Ensuring that data and system functions are not tampered with or altered by unauthorized parties.
      • Availability: Ensuring that critical vehicle functions and data are available and functional when needed (e.g., braking systems must always be available).

  3. STRIDE Threat Modeling:

    • ISO/SAE 21434 often uses the STRIDE model to categorize threats. STRIDEstands for:
      • Spoofing (pretending to be someone else),
      • Tampering (modifying data),
      • Repudiation (denying an action),
      • Information Disclosure (leaking sensitive data),
      • Denial of Service (disrupting availability),
      • Elevation of Privilege (gaining unauthorized control).

  4. Damage Scenarios:

    • Damage Scenarios are used to assess the potential impact of cybersecurity incidents. Each scenario describes what could happen if a specific threat exploits a vulnerability (e.g., a remote hacker taking control of a car’s steering system).

Benefits of TARA in ISO/SAE 21434:

  • Proactive Risk Mitigation: By identifying threats and vulnerabilities early in the vehicle’s development process, organizations can mitigate risks before they become critical issues.
  • Informed Decision Making: TARA provides a clear understanding of the risks involved, allowing stakeholders to make informed decisions about which risks to accept and which to mitigate.
  • Compliance: Performing TARA ensures compliance with regulatory requirements like UNECE WP.29, which mandates cybersecurity risk assessments as part of the Cybersecurity Management System (CSMS).
Last Updated: