Threat Analysis and Risk Assessment | ISO/SAE 21434 and WP.29 CSMS


For WP.29, as part of the CSMS requirement, it’s required to apply TARA throughout the vehicle lifecycle. When you build a vehicle, you need to apply TARA on the critical vehicle components and as a result of this TARA, you need to apply mitigation inside the vehicle.

But, you also need to emit logs, that will later be used in the post-production detection system, and, you also need to secure the supply chain.

In post-production, you need to leverage these logs and additional logs, to apply post-production detection.

And, over the entire lifecycle of the vehicle, you need to have a process to assess risk, categorize risk, and apply risk treatment decisions, as part of your TARA process.

WP.29 also provides a specific list of threats in Annex Five of the regulation, that actually outlines a comprehensive list of attacks that cover many of the interfaces of the vehicle.

This list of attacks is used as a baseline for securing the vehicle, both in development and in post-production.


Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Embracing Next-Gen API Security with Upstream

Upstream has introduced the next-generation solution for API Security, purpose-built for the transportation and mobility ecosystem.

More Details

Automotive Cybersecurity Data Sheet

More Details

ABeam & Upstream webinar: Emerging cybersecurity risks in automotive, manufacturing & smart mobility

The introduction of connected and Software Defined Vehicles is introducing many digital and business opportunities. Yet at the same time it’s leaving the door open…

More Details

Watch: ABeam & Upstream Webinar: Emerging Cybersecurity Risks in Automotive, Manufacturing & Smart Mobility

Join our webinar to hear industry experts Giuseppe Serio from Upstream and Jonathan Vargas Ruiz from ABeam Consulting discuss the cybersecurity challenges in the automotive and smart mobility ecos

More Details

Turbocharging API security to combat car hacking

Attacks targeting APIs are among the most serious threats facing connected vehicles and fleets. API-based attacks often result in large-scale business disruptions, data leakage, and…

More Details

Watch: Turbocharging API security to combat car hacking

Listen to the webinar where APISec and Upstream experts provide insight into the latest high-profile API cyber attacks and discuss the fundamentals of turbocharging your…

More Details