Automotive Threat Analysis and Risk Assessment in Practice

The surge in automotive cybersecurity regulations necessitates a structured risk management method. This work examines these regulations, details the European cybersecurity legal framework, and explores the ISO/SAE 21434's threat analysis and risk assessment (TARA) approach. Implementing TARA in real-world scenarios presents challenges, such as identifying the correct assets or performing accurate threat modeling. This book employs a pragmatic approach to TARA across three domains: electrical and electronic systems within the vehicle, the vehicle's connected ecosystem, and manufacturing plants, integrating insights from ISO/IEC 27000 and IEC 62443 standard series without seeking to harmonize them. This book offers a technical guideline for TARA, presenting detailed case studies across these domains and emphasizing technical rigor while ensuring efficiency. About the Authors: Dr.-Ing. Rodrigo do Carmo holds degrees in telecommunications engineering and computer science. He has held cybersecurity roles at Continental AG and secunet Security Networks AG, where he leads TARA projects and contributes to ISO/DIN automotive cybersecurity committees. Dipl.-Phys. Alexander Schlensog with a background in physics and extensive experience in information security since 2001, leads the consulting business for the Industry division at secunet. He specializes in critical infrastructures and plays an active role in ISO/DIN standards committees for information security and data protection.