TARA process


TARA process

The TARA (Threat Assessment and Risk Assessment) process is described in Chapter 15 of ISO/SAE 21434:2021. It is a methodology used to identify and assess cyber security threats and vulnerabilities beginning with the design phase of a product.

The following is the standard procedure followed in TARA:

  1. Define the items you want to study. These items are components or sets of components of the considered system.
  2. For each item identify the following:
    • The assets to be protected. Allocate CIA (Confidentiality, Integrity, and Availability) properties for each asset.
  3. Define any damage scenarios that can affect a vehicle system/function or a road user. After identifying those damage scenarios, you need to rate their impact in terms of Safety, Financial, Operational, and Privacy.
  4. Create threat scenarios that can lead to the identified damage scenarios and rate them in terms of feasibility. Threat scenarios that lead to an asset compromise can be described by one or several attack paths. Each attack path is rated with an attack feasibility value.
  5. Assess the risks. The risk is the probability that the threat will occur and entails the damage scenario impact. The risk value is automatically computed based on this formula from ISO/SAE 21434:2021, Annex H: Risk = 1 + Impact x Feasibility.
  6.  According to the computed risk value, we decide the risk treatment for each threat scenario: Retain, Reduce, Share, or Avoid. Depending on the risk treatment decision, we determine cybersecurity claims or goals that will eventually be detailed in the cybersecurity requirements (functional, technical, hardware, or software type).

An Item is a part of the system architecture to be protected. An Item with a Functional Cybersecurity Concept (output of the study) is the system architecture with additional requirements and claims that ensure a secure system.