TARA — Threat Analysis & Risk Assessment

Overview

The TARA (Threat Analysis and Risk Assessment) pillar implements the complete ISO/SAE 21434 threat analysis and risk assessment methodology. It covers asset identification, threat modeling, damage scenario analysis, attack path definition, risk calculation, and risk treatment — with built-in security catalogs, AI-assisted recommendations, and rich visualizations.

Key Concepts

Assets

Assets represent the cybersecurity targets within the vehicle system. Each asset carries one or more cybersecurity properties (Confidentiality, Integrity, Availability, Authenticity) and links to components defined in the Design pillar. Assets are categorized by domain and type.

Threats

Threats are potential attack scenarios classified using the STRIDE methodology:

Threats can be created manually, imported from the security catalog, or generated via AI recommendations.

Damage Scenarios

Damage Scenarios assess the potential impact of a realized threat across four dimensions:

The highest impact across all dimensions determines the overall impact rating for risk calculation.

Attack Paths

Attack Paths define how a threat can be realized, including:

• Attack Vector (ISO 21434): Physical, Local, Adjacent, Network
• Feasibility Metrics: Expertise, Knowledge, Equipment, Window of Opportunity, Elapsed Time
• Attack Feasibility Rating: Very Low, Low, Medium, High
• Cybersecurity Assurance Level (CAL): CAL 1–4, calculated from impact × attack vector per ISO 21434 Table G.4

Risks

Risks are the central entity combining all TARA elements:

• Linked asset with cybersecurity property
• Associated threat and attack path
• Linked damage scenarios
• Computed risk score (Impact × Feasibility matrix)
• Risk level: Very Low (1), Low (2), Medium (3), High (4), Critical (5)
• Status: Untreated, Accepted, Mitigated
• Treatment strategy: Acceptance, Mitigation, Avoidance, Transfer
• Source: Threat Analysis, Vulnerability, Incident

Risk Calculation

Risk scores are computed via a standard matrix:

CAL Determination (ISO 21434 Table G.4)

The Cybersecurity Assurance Level is determined by combining Impact Rating and Attack Vector:

• Severe + Network = CAL 4 (highest)
• Negligible + any vector = CAL 1 (lowest)
• Higher impact and more remote attack vectors increase the CAL

Risk Treatment

Treatment is structured through four entity types:

Security Goals

Strategic objectives that address the root causes of risks. Each goal references a framework standard and can be linked to multiple requirements and controls.

Requirements

Specific, measurable security needs derived from goals. Each requirement has a type, validation method, and acceptance criteria. Requirements can be exported in ReqIF format for tool integration.

Controls

Concrete technical or organizational measures that implement requirements. Each control tracks:

• Control type and validation method
• Cost of implementation
• Maturity level
• Framework standard and reference
• Linked goals

Claims

Security assertions that argue a risk has been adequately addressed. Each claim includes:

• Claim statement and type
• Confidence level (Low, Medium, High)
• Status (Draft, Review, Validated, Challenged)
• Version tracking
• Evidence media attachments
• Linked risks and test cases

Security Catalogs

The platform provides a two-tier catalog system:

• Global Catalogs: Organization-wide libraries of threats, damages, controls, goals, requirements, and claims — versioned and framework-tagged
• Project Catalogs: Project-specific instances linked back to global catalog items for consistency and reuse

AI-Assisted Features

• Threat Recommendations: AI suggests threats based on asset profiles with confidence levels (High, Medium, Low)
• Damage Scenario Suggestions: AI generates damage scenarios based on identified threats
• Chat-Based Analysis: Interactive AI assistant for TARA questions, risk analysis, and general CSMS queries
• Feedback Tracking: Users can accept or decline recommendations with reasons, improving future suggestions

Visualizations

Risk Relationship Graph — Interactive React Flow graph showing a single risk with its full entity chain across 8 columns: System Component → Software → Asset → Threat/Damage → Risk → Security Goal/Claim → Requirement/Control → Test Case. 14 color-coded entity types with labeled edges.

Risk Heat Map — Impact vs. Feasibility matrix plotting all project risks for portfolio-level visibility. Quick identification of critical-severity clusters.

Risk Register — Filterable, sortable table with columns for Risk ID, Title, Score, Status, Impact, Feasibility, Source, Assignee, and Last Updated. Supports bulk actions, inline editing, and warning indicators for deleted or unlinked entities.

Risk Interconnection Graph — D3-based force-directed graph showing multiple risks with their interconnections for cross-risk pattern analysis.

Integration with Other Pillars