Skill Guide

ISO/SAE 21434 automotive cybersecurity engineering and threat analysis (TARA)

ISO/SAE 21434 is the international standard that defines the requirements for cybersecurity engineering in the design, development, production, and post-production of road vehicles, with TARA being its core risk assessment methodology.

It is the mandatory compliance framework for automotive cybersecurity, enabling organizations to systematically identify, assess, and mitigate cyber threats throughout a vehicle's lifecycle, which is now a prerequisite for vehicle type approval in key markets like the EU (UN R155).

1 Careers

1 Categories

9.2 Avg Demand

15% Avg AI Risk

How to Learn ISO/SAE 21434 automotive cybersecurity engineering and threat analysis (TARA)

Begin by mastering the foundational lexicon: understand the concepts of Cybersecurity Management System (CSMS), Cybersecurity Assurance Level (CAL), and the six phases of the TARA process (Asset Identification, Threat Scenario Identification, Impact Rating, Attack Path Analysis, Attack Feasibility Rating, Risk Determination). Study the standard's clause structure, focusing on clauses 8 (Risk Assessment) and 9 (Concept Phase).

Apply TARA to a specific ECU (e.g., an in-vehicle infotainment system) or communication protocol (e.g., CAN FD). Use the MITRE ATT&CK for Automotive matrix to map realistic attack techniques. The common mistake is treating TARA as a one-time document rather than a living process integrated with change management (Clause 10).

Architect an organization-wide CSMS that integrates with existing automotive SPICE and functional safety processes. Develop risk assessment methodologies that scale for complex systems (e.g., ADAS domain controllers, V2X). The focus shifts to strategic security trade-offs, defining risk tolerance criteria aligned with business objectives, and leading cross-functional teams (engineering, legal, quality).

Practice Projects

Beginner

Project

TARA for a Telematics Control Unit (TCU)

Scenario

You are tasked with conducting a preliminary TARA for a vehicle's TCU, which handles remote connectivity, diagnostics, and OTA updates.

How to Execute

1. Identify critical assets (e.g., vehicle location data, firmware integrity, remote command interface). 2. For each asset, brainstorm threat scenarios using STRIDE or a threat library (e.g., 'An attacker intercepts the OTA update connection'). 3. Rate the impact on Safety, Financial, Operational, and Privacy (SFOP) scales per ISO 21434. 4. Draft a preliminary risk determination table.

Intermediate

Case Study/Exercise

Attack Path Analysis for a Diagnostic Port

Scenario

A vulnerability is discovered in the legacy diagnostic protocol (e.g., UDS) accessible via the OBD-II port. Your team must analyze the attack path to the braking system's ECU.

How to Execute

1. Define the asset: 'Integrity of brake ECU commands.' 2. Map the attack path using a diagram: OBD-II Port -> Gateway ECU -> CAN Bus -> Brake ECU. 3. Assign attack feasibility ratings (e.g., Attack Potential) for each step based on required expertise, knowledge, window of opportunity, and equipment. 4. Propose specific cybersecurity controls (e.g., ECU firewall, message authentication) for each critical node in the path.

Advanced

Case Study/Exercise

Defining Risk Tolerance and CSMS Integration

Scenario

As the lead cybersecurity architect, you must present to executives the organization's risk tolerance criteria for cybersecurity threats that could impact safety and data privacy, and show how this integrates with the existing ISO 26262 safety process.

How to Execute

1. Develop a matrix defining unacceptable, tolerable, and acceptable risk levels based on combined SFOP impact and attack feasibility. 2. Create a process flow diagram showing TARA inputs to/from system design (e.g., cybersecurity goals derived from TARA feeding into system architecture). 3. Define interface protocols with the safety team (e.g., co-analysis for dependent failures, shared hazard log). 4. Draft a policy for managing residual risks that fall outside tolerance, including acceptance criteria.

Tools & Frameworks

Standards & Methodologies

ISO/SAE 21434 StandardMITRE ATT&CK for AutomotiveSAE J3101 (Requirements for Hardware Protected Security)HEAVENS Security Model (for impact rating)

The standard provides the normative process. MITRE ATT&CK is used to populate realistic threat scenarios. SAE J3101 informs hardware-level security requirements. HEAVENS provides a complementary model for impact rating often used in practice.

Software & Platforms

Threat Modeling Tools (e.g., IriusRisk, ThreatModeler)TARA Document Management Platforms (e.g., IBM DOORS, Polarion)Vulnerability Databases (e.g., NVD, Auto-ISAC portal)Penetration Testing Frameworks (e.g., Kali Linux, CANalyzat0r)

Threat modeling tools automate asset and threat identification. Requirements management tools (DOORS, Polarion) are used to manage and trace cybersecurity requirements from TARA. Vulnerability databases and pen-test tools are used for validation and attack feasibility assessment.

Interview Questions

Answer Strategy

Structure the answer following the TARA phases. For C-V2X, key assets include message integrity, system availability, and privacy (location tracking). A critical threat scenario is 'Message Spoofing or Manipulation' affecting cooperative awareness. The answer should demonstrate systematic thinking and knowledge of specific communication threats.

Answer Strategy

Tests negotiation, risk management, and understanding of business constraints. The answer should involve: 1) Re-evaluating the risk assessment (impact/feasibility) for accuracy. 2) Exploring alternative, cost-effective controls or architectural changes. 3) Escalating with a clear, data-driven risk statement to management for a formal risk acceptance decision per the CSMS policy.