Automotive cybersecurity engineering starts with threat analysis and risk assessment (TARA)

As software and connectivity fundamentally transform the automotive industry — due to the advent of autonomous driving, shared mobility and electrification — cybersecurity is one of the make-or-break challenges for the industry. Regulations such as UNECE R155 demand OEMs and their suppliers to integrate cybersecurity activities into the whole project lifecycle to provide evidence of timely, end-to-end and effective cybersecurity management, which ultimately allows the system to be certified as secure against cyberattacks. One of the main aspects for automotive is to ensure that the vehicle, system and/or component is cyber resilient. For that purpose, the recently released international standard ISO/SAE 21434 provides guidance on how to perform one of the most relevant cybersecurity activities: The TARA.

In the context of automotive cybersecurity engineering, risk assessment is called “Threat Analysis and Risk Assessment (TARA).” It’s an automotive-specific risk assessment procedure aligned with the ISO/SAE 21434 standard. As with any risk assessment, TARA starts with the definition of the item that needs to be ensured for cyber resilience. Afterwards, damage scenarios and threats are identified, and their respective impact and feasibility are carefully assessed to determine a corresponding risk value .

TARA is an indispensable mechanism to driving security by design — this is proven to be the most effective and efficient way of ensuring security in the final product. Ultimately, as TARA is one of the core activities defined within the ISO/SAE 21434, customers will certainly demand its execution and maintenance throughout the product lifecycle.

Unsurprisingly, the race to devise quantum-resistant cryptography is on. The National Institute of Standards and Technology (NIST) is endeavoring to standardize post-quantum cryptographic algorithms. Fortunately, the banking industry has thrown its considerable weight behind the   initiative to ensure financial systems are in pole position for the implementation of quantum-safe encryption.

Even so, integrating cyber agility with system modernization will be a massive undertaking for top-tier banks. It will involve the entire cast of financial services players and standards bodies and will  be supported by cross-industry cooperation at all levels.

Here are three reasons for getting quantum-ready now:

• Quantum computers will transform banking value chains, enabling rapid market share gains and greater profitability.
• The learning curve is steep, so fast followers could easily overspend playing catch-up.
• An in-house center of competency will take years to establish and produce sufficient talent.

Risk treatment decisions are used to derive cybersecurity design, architecture and implementation details. Without a proper TARA, cybersecurity engineering is prone to fail because security controls might not be considered if a potential threat hasn’t been identified, or if incorrect risk values lead to a wrong priority ranking and high risks are mistakenly treated as acceptable ones.

The quality of TARA strongly depends on the knowledge and experiences of the cybersecurity engineers who perform the analyses. In addition to being familiar with the standard and method, a competent cybersecurity engineer needs to have an in-depth understanding of the automotive systems under evaluation and up-to-date knowledge of attack methods and exploitation techniques specific to the automotive domain. Additionally, he or she must be a good communicator when collaborating with development teams, architects, safety engineers and other experts in order to complete different parts of the TARA.

Details matter: In a TARA process, an experienced cybersecurity engineer knows where to focus, where vulnerabilities are likely to appear, where to look for common paths of attacks and how to produce useful information. The description of a threat needs to be precise and informative to provide sufficient understanding for deriving cybersecurity goals and effective countermeasures.

TARA is an iterative process done in tandem with project development. Often, key information is missing for TARA at the beginning of a project. One way to overcome this is to use assumptions to limit the scope of analysis and to offset the lack of information. These assumptions are then changed once more information (such as system architecture and software design) becomes available. For example, by assuming that an electronic control unit (ECU) has security access for privileged diagnostics, you can exclude threats that use direct diagnostic interface to read and write ECU data or code. If more details become available along the project development, additional threats related to bypassing or manipulating the security access implementation can be added in the analysis.

TARA excellenceTARA is a pivotal step for systematically managing automotive cybersecurity risks. Familiarity with the TARA process, method and tools, combined with knowledge in automotive cybersecurity engineering and past project experiences, are key factors to guaranteeing the quality of TARA. DXC Luxoft has a pool of automotive cybersecurity consultants with the technical expertise to steer your organization toward TARA excellence. Contact our Software Factory team to learn more about how we can support your TARA process and secure your automotive products.