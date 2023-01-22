Successfully reported this slideshow.
Jan. 22, 2023
TARA: Threat Assessment and Remediation Analysis
Originally developed in 2010, TARA is an "engineering methodology used to assess and identify cyber threats and select countermeasures effective at mitigating the vulnerabilities"

TARA: Threat Assessment and Remediation Analysis
  1. 1. TARA- Automotive Cybersecurity S U B M I T T E D B Y - S H R I Y A R A I
  2. 2. • Evolution of vehicles from the stone age to the digital age • Defence security points • Automotive risk-oriented security measures • TARA – Threat Assessment and Remediation Analysis • Phases of TARA assessment • Deep analysis of all the phases of the TARA assessment Content
  3. 3. Evolution of vehicles from the stone age to the digital age Technological disruptions in the Automotive industry Autonomous systems used in emergency braking, and lane assistance in vehicles enhance road-safety Connected vehicles on road generate data which enables strong predictive analysis of fleet management & maintenance Electric mobility empowers clean energy and less consumption of fossil-based combustion engines Shared service is a part of the MaaS (Mobility-as-as-service) contributing to the shared economy aspect of smart cities Like every industry entering into the digital ecosystem, the automotive industry is also transforming its products and services by leveraging digital offerings and making them more customer-centric
  4. 4. Defence security points End-to-end security Secure external interfaces In-vehicle secure network architectures Hardware security modules People awareness and training Secure supply chain Security Framework based on defence depth strategy External interfaces such as driver-dedicated applications, Bluetooth, OBD, OTA Physical segregation and isolation using secure gateways & communication buses such as Ethernet HSM provides security functions such as secure boot, key generation, active memory protection Involving all the stakeholders in the supply chain and ensuring cybersecurity risk mitigations at every end Establishing chain-of-trust from the car architecture to the servers and the cloud
  5. 5. Automotive risk-oriented security measures Cybersecurity Privacy • Goal: Protect assets • Risk: External threats, driven by humans • Governance: ISO 21434 etc • Methods: • TARA, … • Cryptography • Key management • Goal: Protect intellectual property • Risk: data threats, driven by humans • Governance: ISO 27001 etc • Methods: • TARA, … • Cryptography • Explicit consent TARA: Threat Assessment and Remediation Analysis Originally developed in 2010, TARA is an “engineering methodology used to assess and identify cyber threats and select countermeasures effective at mitigating the vulnerabilities”
  6. 6. Phases of TARA assessment Define scope and assessment Cyber threat susceptibility analysis Cyber risk remediation analysis TARA Scope Susceptibility matrix Mitigation recommendations • TARA Assessment • Catalog Development • Toolset development Workflows
  7. 7. Deep analysis of all the phases of the TARA assessment TARA Scope Susceptibility matrix Mitigation recommendations • Evaluate the target • Assess the range of threats • Analyse the threat actor’s capabilities and intent • Prepare the phase of the system acquisition lifecycle • Prepare TARA assessment and scope brief • Model the attack surface • Perform the catalog search to identify candidate AVs • Eliminate implausible Avs • Define a scoring model to rank plausible Avs • Construct the susceptibility matrix • Select AVs to mitigate • Use mitigation mappings to identify candidate countermeasures (CMs) • Eliminate implausible CMs • Define a scoring model to rank CMs • Select the best CM solution set • Develop well-formed recommendations Vector Groups Attack Vectors Countermeasures TARA Data model Vector groupings Countermeasure mappings
  • https://www.arm.com/blogs/blueprint/aces-future-mobility • https://www.youtube.com/watch?v=H_J41yopxvE&t=1808s • https://www.mitre.org/sites/default/files/2021-11/pr-20-0272-tara-training-workshop.pdf • https://capgemini-engineering.com/as-content/uploads/sites/27/2021/04/compressed_cybersecurity-in-automotive-how-to-stay-ahead-of-cyber-threats_v8.pdf

References

