Threat Analysis and Risk Assessment | ISO/SAE 21434 and WP.29 CSMS


For WP.29, as part of the CSMS requirement, it’s required to apply TARA throughout the vehicle lifecycle. When you build a vehicle, you need to apply TARA on the critical vehicle components and as a result of this TARA, you need to apply mitigation inside the vehicle.

But, you also need to emit logs, that will later be used in the post-production detection system, and, you also need to secure the supply chain.

In post-production, you need to leverage these logs and additional logs, to apply post-production detection.

And, over the entire lifecycle of the vehicle, you need to have a process to assess risk, categorize risk, and apply risk treatment decisions, as part of your TARA process.

WP.29 also provides a specific list of threats in Annex Five of the regulation, that actually outlines a comprehensive list of attacks that cover many of the interfaces of the vehicle.

This list of attacks is used as a baseline for securing the vehicle, both in development and in post-production.


Newsletter Icon

to our newsletter

Sign up to receive updates delivered to your inbox

Upstream 2023 グローバルモビリティ サイバーセキュリティ報告書


More Details

Meet the Expert: Enhancing Investigations with AutoThreat®

Daniel Blum, Product Manager at Upstream Security, shows the integration between AutoThreat® and the Upstream Platform and how this connection empowers investigation teams by providing…

More Details

Automotive cybersecurity: A pre-requisite for connected and software-defined vehicles

The automotive industry is increasingly adopting mobility and cloud technologies, which enable seamless on-the-go experiences such as improved navigation, connectivity, and safety. There is also&helli

More Details

ASRG @ Upstream’s vSOC: IT SOC vs. Vehicle SOC

ASRG’s John Heldreth challenges Upstream’s Giuseppe Serio to explain the difference between the IT SOCs and emerging Vehicle SOCs.

More Details

ASRG @ Upstream’s vSOC: Upstream’s Cloud Approach to Protecting the Connected Vehicle Ecosystem

This is the second video in this exciting series shot in Upstream’s vSOC. In this video, ASRG’s John Heldreth deep dives into Upstream’s cloud-based and…

More Details

ASRG @ Upstream’s vSOC: The Role & Impact of vSOCs

This is the first video in this exciting series shot in Upstream’s vSOC. In this video, Upstream’s Yaniv Maimon and ASRG’s John Heldreth get together…

More Details