This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Delivering Threat Analysis and Risk Assessment Based on ISO 21434: Practical and Tooling Considerations
Journal Article
11-03-02-0008
ISSN: 2572-1046, e-ISSN: 2572-1054
Sector:
Topic:
Citation:
Svancara, K. and Thompson, M., "Delivering Threat Analysis and Risk Assessment Based on ISO 21434: Practical and Tooling Considerations," SAE Int. J. Transp. Cyber. & Privacy 3(2):127-150, 2020, https://doi.org/10.4271/11-03-02-0008.
Language:
English
Abstract:
Automotive cybersecurity engineers now have the challenge of delivering Risk Assessments of their products using a method that is described in the new standard for automotive cybersecurity: International Organization for Standardization/Society of Automotive Engineers (ISO/SAE) 21434. The ISO standards are not treated in the same way as regulations that are mandated by governing bodies. However, the new United Nations (UN) Regulation No. 155 “Cyber Security and Cyber Security Management” actually drives a need to apply ISO/SAE 21434. This article investigates the practical aspects of performing such a Threat Analysis and Risk Assessment (TARA) from system modelling and asset identification to attack modelling and the consequences an attack will have. The processes involved contain complex interactions, meaning that the support of software tools is beneficial; while not aiming to provide a review of the state-of-the-art of TARA tooling, this article provides observations based on the real-world use of two software tools that support the development of TARAs.
Recommended Content
Aerospace Standard | Software Supportability Program Standard |
Technical Paper | A Structured Assurance Case for Commercial Off-The-Shelf (COTS) Airborne Electronic Hardware (AEH) |
Research Report | Unsettled Topics Concerning Airworthiness Cybersecurity Regulation |