Automotive Cybersecurity - The Nine2Five TARA Navigator and ISO/SAE 21434
Risk assessments are at the core of automotive cybersecurity activities. The ISO/SAE 21434 international standard also requires detailed TARA - Threat Analysis and Risk Assessment - in the concept phase.
With the Nine2Five TARA Navigator, we present a proven procedure with nine steps and five goals to be achieved. For this, we prepared the procedural steps from the ISO/SAE 21434 standard in a practice-oriented manner.
If you want more detailed information, download our white paper which also contains recommendations on which methods you can particularly rely on:
➡️ Get our white paper in ENGLISH: www.kuglermaag.com/tara
➡️ Get our white paper in GERMAN: www.kuglermaag.de/tara
🎓 If you want to learn more and become an expert in Automotive Cybersecurity, check out our trainings: www.kuglermaag.com/training-a...
----------------------------------------------------------------------------------------------------------------------
00:00 Intro
00:40 Speaker
00:57 Importance of risk assessments
01:46 The Nine2Five TARA Navigator - an overview
02:46 1 - Asset identification
04:15 2 - Impact rating
04:53 3 - Threat scenario identification
05:27 4 - Attack path analysis
06:18 5 - Attack feasibility rating
07:02 6 - Risk value determination
07:54 7 - Risk treatment decision
08:44 8 - Cybersecurity goal
09:19 9 - Cybersecurity concept
10:19 Summary - Nine2Five TARA Navigator
11:53 Outro
-----------------------------------------------------------------------------------------------------------------------
This is your channel if you need knowledge on process improvement topics: Automotive SPICE, Functional Safety, Agile methods, and Cybersecurity. We're publishing videos on a regular basis.
✔️ Subscribe to this channel if you don't want to miss our videos.
👉🏼 Do you need further information or have feedback? Contact us or leave a comment below!
#cybersecurity #automotive #riskassessment
Пікірлер: 19
You are an awesome trainer man I loved it thoroughly enjoyed the presentation
@KUGLERMAAGCIE
2 жыл бұрын
Hi there, we're glad that you enjoyed the presentation and really appreciate your feedback. Stay tuned! :)
Excellent summary of TARA. Thank you
@KUGLERMAAGCIE
Жыл бұрын
Thank you very much! :)
Sehr gut gemacht, Danke !
@KUGLERMAAGCIE
3 жыл бұрын
Vielen Dank! :)
Hi. Thanks for your information... its clear for me.
@KUGLERMAAGCIE
3 жыл бұрын
than we'vew done the job right ;)
Very good lecture
@KUGLERMAAGCIE
2 жыл бұрын
Thank you very much for your feedback! :)
Hello, Thanks for the videos, it gives a lot of information. Please do the video on Front Camera Module operation and functionality in car, consider my request 😊
@KUGLERMAAGCIE
3 жыл бұрын
Hello Mr Effera, we're glad that you appreciate our videos. Currently, we've created a schedule with tutorials explaining major concerns of the standards, but not how to apply their requirements to components. But we'll think about your proposal. Might be interesting to switch to a different perspective. Cheers Your video team at Kugler Maag Cie
I dont' understand well concering S8. Cybersecurity goal. May the goal become just protection of asset ?
@KUGLERMAAGCIE
3 жыл бұрын
Hello Jake, almost. Many companies simply define as a goal "Our product shall be secure." You can't work with that generic goal. According to the standard, you use the CS goals to specify how you want to protect your asset (in case you aim to mitigate the risk). The goals are important for the next step: the CS concept. There you specify CS requirements and select Cybersecurity Controls to achieve the CS goals; then you assign these requirements to the components in your architecture or to the organizational environment. So the CS goal becomes an additional product requirement. Now you can work with this goal in your regular requirements engineering. Cheers, your video team at Kugler Maag Cie
@jakelee2533
3 жыл бұрын
@@KUGLERMAAGCIE Depending on the CS goal, it could be risk reduction or risk sharing. I was understanding that a desirable CS goal will be pursuing to take all possible countermeasure to protect assets from the product level, and then it will probably expand as a requirement. Thank you for kindly answer.
@jakelee2533
3 жыл бұрын
Additional comments, the reason why I was confused what is the CS goal because I have small understanding concerning safety. So I get some insight from safety. In safety, OEM gives safety goal and concept. This is top-down. But in security, supplier designs a product usually. So determination of security goal and concept is depended on supplier. In this case bottom-up will be adjusted.
@KUGLERMAAGCIE
3 жыл бұрын
You are right. In FS, the risk to life and limb usually lies with the system, so FS objectives are derived at the concept stage - that is the car maker job. FS is about protecting people from system failure. Cybersecurity is the opposite: to protect the car from being compromised by humans. Therefore, an inside-out approach applies here.
when will we have more videos?
@KUGLERMAAGCIE
3 жыл бұрын
We're publishing one video per month. Topics are Functional Safety, Automotive SPICE, and Automotive Cybersecurity. For the last topic, we'll release to more CS videos this year. Maybe in Autumn.