Threat Analysis and Risk Assessment | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

For WP.29, as part of the CSMS requirement, it’s required to apply TARA throughout the vehicle lifecycle. When you build a vehicle, you need to apply TARA on the critical vehicle components and as a result of this TARA, you need to apply mitigation inside the vehicle.

But, you also need to emit logs, that will later be used in the post-production detection system, and, you also need to secure the supply chain.

In post-production, you need to leverage these logs and additional logs, to apply post-production detection.

And, over the entire lifecycle of the vehicle, you need to have a process to assess risk, categorize risk, and apply risk treatment decisions, as part of your TARA process.

WP.29 also provides a specific list of threats in Annex Five of the regulation, that actually outlines a comprehensive list of attacks that cover many of the interfaces of the vehicle.

This list of attacks is used as a baseline for securing the vehicle, both in development and in post-production.

 

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Sécuriser et renforcer l’avenir de la mobilité et de l’IoT

Upstream libère le potentiel des véhicules connectés, de l’IoT et des données de la mobilité intelligente. 
 Sa plateforme de gestion des données est spécialement…

More Details

Études de cas : Comment l’IA permet de détecter plus tôt les problèmes de qualité véhicule

La détection proactive de la qualité (PQD) d’Upstream en action, accélérant l’analyse des causes premières (RCA), l’évaluation de la gravité et la priorisation des problèmes…

More Details

Beyond the Cyber Resilience Act: Building
Cyber Resilience for the EV Charging Ecosystem

The CRA places broad obligations on manufacturers, including those who design, develop, or brand charge points, backend systems, and embedded communication software used throughout the…

More Details

Beyond the Cyber Resilience Act: Building Holistic Cyber Resilience

A decade ago, the value of connected vehicle data was associated with new revenue streams for OEMs. Fast forward to today, a more effective and…

More Details

Tech Talk: Securing the Commercial Fleet Ecosystem with IVECO’s CISO

The commercial vehicle industry is undergoing a seismic shift. The convergence of connectivity, electrification, and software-defined vehicles is unlocking unprecedented efficiency but also exposing f

More Details

Unmasking the Blind Spot: Why API Security Is the Weak Link in Automotive Cybersecurity

In this session, recorded during the Auto ISAC Partners Week, Upstream's Dr. Matthias Lenk and Fabian Stahl explain why API security remains a critical yet…

More Details
Skip to content