Table of Content
Introduction
In today’s automotive industry, the security of connected vehicles is of paramount importance. Implementing a comprehensive Threat Assessment and Risk Analysis (TARA) system is critical to identifying and mitigating cyber threats. This blog post introduces six leading TARA tools developed for the automotive industry specifically for ISO/SAE 21434.
AVL ThreatGuard
- Automated security assessment and impact analysis: Automated threat analysis and risk assessment throughout the development process.
- Web-based E/E architecture modeling: Efficient modeling of system architectures.
- Automated generation and visualization of attack paths: Rapid identification of vulnerabilities.
- Import of existing system models: Support for MBSE tools such as Enterprise Architect.
- Modeling toolbox with predefined cyber security elements: Easy expansion and customization.
- Guided definition of customer-specific threat rules: Continuous updating of the threat catalog.
- Version management: Support for version merging.
- Maintenance and support: Regular updates and customer service.
- Licenses: Annual license for named users.
ESCRYPT CycurRISK
- Workflow-oriented guidance: User-friendly GUI to support the entire TARA process.
- Direct comparison of initial and residual risks: Clear presentation of the risk assessment.
- Integrated attack path editor: Support of the attack potential method.
- Configurable PDF report generation: documentation of threat scenarios and risks.
- Catalog function: Reuse and exchange of knowledge from previous analyses.
- Collaboration on on-premise servers: Working together on TARAs.
- Threat library: Using ATM as a starting point for robust threat modeling.
itemis SECURE
- Cross-life cycle support: Full compliance with ISO/SAE 21434 and UNECE WP.29 R155.
- Standardized documentation: Creation of audit-proof documentation.
- Visual models: Support for component and data flow diagrams as well as attack trees.
- Version control and change tracking: Minimize errors when managing large models.
- Risk analysis: Simple calculation of risk values and prioritization of weak points.
Ansys medini analyze for Cybersecurity
- Comprehensive security analysis: Support for TOE modeling, attack trees, threat analysis and risk assessment.
- Efficient implementation of safety-related activities: conformity with standards such as SAE J3061, HEAVENS and ISO 21434.
- Teamwork and integrated task management: support for collaboration and traceability.
- Customizable reports: Create and customize reports as needed.
Vultara
- Automation tool: Specially developed for the cyber security of automotive products.
- Customizable rules: Possibility to customize threat and risk rules.
- Change management: Direct adaptation of the architecture diagrams and updating of the results in the event of design changes.
AUTOThreat PRO
- Investigations in the deep and dark web: Identification of threats and vulnerabilities.
- Customized threat models: Creation of threat models based on specific assets and business models.
- Full visibility of the attack surface: Comprehensive risk analysis of the supply chain.
- Real-time alerts: Notifications on IOCs and IOAs with actionable recommendations.
Conclusion
The TARA tools presented offer a variety of features and benefits to ensure cyber security in the automotive industry. Each tool has its unique strengths, from automated threat analysis to collaboration and threat library integration. The choice of the right tool depends on the specific requirements and preferences of the company.
