Challenges and Solutions for Automotive

Threat Analysis and Risk Assessment (TARA)

Challenges and Solutions for Automotive
Threat Analysis and Risk Assessment (TARA)

Challenges

The automotive world today is a complex ecosystem of vehicles, connected devices inside and outside the vehicle, and IT/OT systems playing together. Cybersecurity is no longer a nice-to-have feature for the vehicle, e.g., to avoiding unauthorized coding of the motor ECU for getting more power, but an enabler for modern, connected vehicles. The importance of cybersecurity for allowing the digital transformation of the automotive industry has been identified by the industry and society, and leveraged through recent regulations across the world.

The United Nations Economic Commission for Europe (UNECE) has published the regulation No. 155 (UNR155) for including cybersecurity for the type approval of vehicles in the contracting countries of the 1958 Agreement. A Cybersecurity Management System (CSMS) is mandatory for OEMs, and it shall cover cybersecurity over the complete vehicle lifecycle (development, production, and post-production.) A CSMS is a holistic approach for cybersecurity, including areas such as cybersecurity governance, cybersecurity culture, monitoring of data for forensic analysis, and supplier management, among others. One of the fundamental pieces of a holistic cybersecurity management system is risk management.

It is of upmost importance to identify the cybersecurity risks of a vehicle, in order to provide cost-efficient countermeasures. The international standard ISO/SAE 21434, published in 2021, has been released in parallel to the UNR155 in order to provide a systematic approach for achieving risk management. The method for identifying and evaluating risks is known as Threat Analysis and Risk Assessment (TARA), at it is applied at different levels (i.e., vehicle or “system” level, component level) over the product development.

OEMs and suppliers face several challenges for performing TARA. First, OEMs have to provide TARA for all vehicle platforms. TARAs can be initial TARAs, at the beginning of the development, “intermediate” TARAs during the vehicle development, and TARAs after new vulnerabilities are discovered, or changes on the product are done. Secondly, suppliers have to provide TARAs to the OEMs for analyzing the risks at their products. Performing TARA demands an intensive engineering work, demanding cybersecurity experts and system experts of several areas (e.g., SW, HW, IT.)

TARA in Production

The production of a vehicle, or part of it, is also in the scope of cybersecurity management. Indeed, the ISO/SAE 21434 standard specifies that it shall be prevented to introduce vulnerabilities during production. The very same TARA approach for vehicles, i.e., for embedded systems, and architectures, can be applied for the manufacturing ecosystem. Typical threats at manufacturing systems can compromise the IT systems, production machinery (usually OT systems), and production data. Logistics data, such as bill of materials (BOM), applications, Ethernet and FieldBus networks, back-end servers, storage systems, or the power supply, among others, can be disrupted affecting not only the production, but the product as well.

Solutions

Particularly for the automotive industry, we at secunet have been developing TARAs since more than 10 years, much before it was a regulated action. Previous TARAs were based on the earlier standard EVITA, on the standard ETSI TVRA and the ISO 27000-familiy. Until today, we have developed more than 100 TARAs for automotive and industry customers. For this reason, we not only master the methodology, but also know the challenges that are present for the different systems evaluated. We combine state-of-the-art threat catalogs, such as MITRE ATT&CK®, OWASP® Top 10, UNR155, with brainstorming and STRIDE methodology using the engineering capabilities of our cybersecurity experts. We help defining and understanding the attack paths for each threat scenario identified, and we know how to consolidate them into damage scenarios, according to the evaluated system.

Furthermore, we have an own well-proven TARA template for performing the risk calculation, and well as for providing documentation. Each work package and requirement concerning TARA of the ISO/SAE 21434 is explicitly mentioned in the template. Beside our template, we also work with commercial tools specific for automotive TARA. For OT systems in particular, we adapted our TARA methodology for the well-established international standard ISA/IEC 62443.

Kontaktanfrage
Sie haben Fragen oder benötigen Beratung?
Sie haben Fragen oder benötigen Beratung?

Schreiben Sie uns und wir melden uns schnellstmöglich bei Ihnen!

Seite 1