FKFS Events

2025 Stuttgart International Symposium
on Automotive and Engine Technology

2 - 3 July 2025

Session: Cyber Security | | 14:00 - 14:30

Protecting Passengers and Data: The Importance of a Consistent Process from TARA to the Attack

Harald Petschnik, AVL List GmbH

The automotive vehicle cybersecurity threat landscape is rapidly evolving, with new and sophisticated attack vectors emerging all the time. As a result, it is imperative for companies to keep up to date with the latest cybersecurity regulations and best practices. TARA (Threat Analysis and Risk Assessment) is a mandatory method under ISO/SAE 21434 for vehicle security, as it helps identify potential threats in the vehicle`s internal network, interfaces with the outside world and ecosystems, such as inter-vehicle or charging station communications. TARA enables manufacturers to identify realistic threats and take proactive measures to mitigate them. At AVL, we have further developed TARA in a tool approach that enables a high degree of automation. Based on the cybersecurity-relevant EE architecture model and a comprehensive database of threats and rules, TARA could be fully automated and up to attack tree analysis. Attack tree analysis is a critical component of TARA as it provides a comprehensive and structured approach to identifying potential attacks and vulnerabilities in the system. Overall, attack tree analysis is a critical input to testing because it provides a comprehensive and structured approach to identifying potential attack scenarios and vulnerabilities. By leveraging this information, cybersecurity testers can design effective test cases for functional testing and exploits for real-world attack scenarios to validate the effectiveness of security measures.