RUB » Bibliotheksportal

Thomas Liedtke

• One of the key points of the recently published cyber security standard ISO/SAE 21434 [1] is the performance of threat analysis and risk assessment (TARA). The risk assessment method (described in clause 15) is universally applicable in different phases of the development life cycle. In a chain of step-by-step identification and analysis activities, it describes how to proceed from asset identification over threat scenario identification, impact rating, attack path analysis, attack feasibility rating, risk value determination to risk treatment decision. In the last step, one of four predefined options (see also ISO 31000 [2]) is selected. Once the decision has been made to reduce the risk, cybersecurity goals, cybersecurity controls and cybersecurity requirements are specified and selected. The clauses (requirements) of ISO/SAE 21434 are mainly describing what to do, but not exactly how to do it. In our proposals different sources of knowledge are considered. Including ENISA guidelines (e.g., [3]), UNECE Regulation No. 155 [4] and associated interpretive recommendations [5], Threat modeling MS-STRIDE [6], and others. There is no such thing as 100 percent security, so that the degree of cybersecurity achieved correlates not only with the technical expertise in the project, but also with the quality of the processes used for product development. In the accompaniment in many TARA customer projects (OEM, Tier1, ...) we were able to gain practical experience on the implementation and identify pitfalls in the application of the standard. We would like to share some of them.