Threat Analysis and Risk Assessment | ISO/SAE 21434 and WP.29 CSMS

TEAM UPSTREAM

https://www.youtube.com/watch?v=XRPPtsafqlA&list=PLYBiD-sjrTgl2BMCyA27fVmlZsTiAdh6f

For WP.29, as part of the CSMS requirement, it’s required to apply TARA throughout the vehicle lifecycle. When you build a vehicle, you need to apply TARA on the critical vehicle components and as a result of this TARA, you need to apply mitigation inside the vehicle.

But, you also need to emit logs, that will later be used in the post-production detection system, and, you also need to secure the supply chain.

In post-production, you need to leverage these logs and additional logs, to apply post-production detection.

And, over the entire lifecycle of the vehicle, you need to have a process to assess risk, categorize risk, and apply risk treatment decisions, as part of your TARA process.

WP.29 also provides a specific list of threats in Annex Five of the regulation, that actually outlines a comprehensive list of attacks that cover many of the interfaces of the vehicle.

This list of attacks is used as a baseline for securing the vehicle, both in development and in post-production.

 

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Moving Minds Giuseppe Serio hosts Wulf Schlachter

Moving Minds is a new series dedicated to the visionaries, experts, and builders shaping how we move. Guided by Giuseppe Serio, it brings forward the…

More Details

Beyond the Charger – Securing Trust Across the Charging Ecosystem in Collaboration with EcoG

More Details

Moving Minds Giuseppe Serio hosts Guido Barbero

Moving Minds is a new series dedicated to the visionaries, experts, and builders shaping how we move. Guided by Giuseppe Serio, it brings forward the…

More Details

Beyond the agentic hype: Building maturity for agentic cybersecurity resilience

“Agentic AI” is the latest promise in cybersecurity, but there is no such thing as an Agentic SOC without the structural maturity to support it.…

More Details

Automotive Cybersecurity Summit 2026 – Cyber Madness

March Cyber Madness brought the full-court pressure to Upstream's booth at the Automotive Cybersecurity Summit 2026 in Ann Arbor, and the industry showed up to…

More Details

Cybersecurity in the age of connected mobility and in-cabin AI

More Details