Page History
Systems Cybersecurity Designer
Released on: July 5, 2024
In version 2024x Refresh1, Systems Cybersecurity Designer introduces many new features and enhancements for Threat Analysis and Risk Assessment analysis as per ISO/SAE 21434:2021. This release presents new enhancements, including the introduction of attack path modeling, the number of new libraries to add, customizing threat types to your requirements, generating reports, and automatic generation of cybersecurity goals.
Attack Path modeling
Attack Graphs
You can now generate a new kind of diagram (i.e.,Cybersecurity Attack Graph) to ease the creation of Simple Attack Paths, also known as Manual Attack Paths. With this diagram, you can easily create Attack Path Steps, define potential Causality relations between the steps, and automatically compute all possible Attack Paths (Manual Attack Paths) between the two steps. To learn more refer to Cyber Security Attack Graph.
Attack Graph showing possible Simple Attack Paths.
Manual Attack Paths table.
Attack Potential Based Attack Paths
In addition to Manual Attack Paths, a new flavor of Attack Path (potential-based) is available.
With these Attack Potential-based Attack Paths, Attack Feasibility Rating is automatically computed, based on the following core factors:
- Elapsed Time
- Specialist Expertise
- Knowledge of the Item/Component
- Window of Opportunity
- Equipment
To learn more, refer to Attack Potential Based Attack Path.
Attack Potential Based Attack Paths table along with the available core parameters.
OOTB Model Libraries
You can now add new model libraries introduced in this release, and can add them to any TARA project.
Following is a list of newly added libraries:
- MITRE ATT&CK Enterprise Technique Library
- MITRE ATT&CK ICS Technique Library
- NIST Control Library
MITRE ATT&CK Technique Libraries describe specific methods or approaches used by attackers to achieve their objectives. Those represent 'how' an adversary achieves a given step of an attack, by performing a specific action. When one of those techniques is used as a step of an Attack Path, the recommended requirements for that technique will be automatically proposed by the Recommend Control command on any Threat Scenario associated to that Attack Path. To learn more, refer to Libraries.
MITRE ATT&CK Enterprise Technique Library.
MITRE ATT&CK ICS Technique Library.
NIST Control Library.
Customizable Threat Types
In addition to the STRIDE classification for Threat Types, UNECE classification is now directly available in the tool. Moreover, these Threat Types are now customizable by users. A custom hierarchy of threat types can be created, and will be automatically used in the selection dialog of threat type, in addition to STRIDE and UNECE. To learn more, refer to Threat scenario.
Select Threat Type dialog showing customized threat types in the custom folder along with STRIDE and UNECE classification.
Assets creation
New commands have been added to simplify Assets creation, and to ease the selection of Asset’s Underlying Elements. To learn more, refer to Asset.
From a SysML Block Definition Diagram or from a SysML Internal Block Diagram, you can now directly:
- Create new Assets.
- Add an Underlying Element to an existing Asset.
From an Item Table, you can now select a set of Members and:
- Create a new Asset with those Members as Underlying Element.
- Add those Members as Underlying Elements of an existing Asset.
Reports
It is now possible to export your ISO 21434 project using Report Wizard capability, with a provided TARA Report Template. To learn more, refer to Generating Cybersecurity Reports.
Automatic generation of Cybersecurity Goals
In the TARA table, you may want to auto-generate the cybersecurity goals associated with a given Threat Scenario, without needing to create them one by one. We provide a dedicated command, Generate /Synchronize Cybersecurity goals, in the TARA table for the same purpose. When the command runs on a Threat Scenario, it will create a set of Cybersecurity goals, and associate those goals with the Threat Scenario. The names of the auto-generated Cybersecurity Goals will be: “[Asset Name] of the [Item Name] shall be protected against [Threat type]”.
Other improvements
Final Item with Cybersecurity Concept
ISO21424 project now provides an additional table, which gathers all Items, with associated Assets, Goals and Requirements.
Functional Cybersecurity Concept table with the item and its associated assets, goals and requirements.
ISO 21434 & 26262 convergence
Safety goals defined in a HARA analysis can be reused in a TARA analysis, and a validation rule validates that the ASIL Value & Safety RiskValue are aligned.
Enhanced Recommend control command
The Recommend control command now recursively searches for recommended requirements associated to Attack Path Steps. For example, if an Attack Path has a step, which is another Attack Path, then the steps of the second Attack Path will be considered by this Recommend control command.