Skip to main content

Cybersecurity Threat Analysis & Risk Assessment (TARA)

Learn how to use Saphira to perform comprehensive cybersecurity threat analysis and risk assessment (TARA) for automotive systems! Saphira implements the complete ISO/SAE 21434:2021 cybersecurity workflow, enabling automated threat identification, risk assessment, and security requirement generation.

What is TARA?

TARA (Threat Analysis and Risk Assessment) is a systematic process for identifying and evaluating cybersecurity threats to automotive systems according to ISO/SAE 21434:2021. Saphira provides an AI-powered workflow that guides you through the complete cybersecurity engineering process following Clause 9 (Concept) and Clause 15 (TARA Methods):
  • Item Definition: Define your system, interfaces, and operational context
  • Asset Identification: Identify cybersecurity-critical assets and their properties
  • Damage Scenarios: Determine potential damage if assets are compromised
  • Threat Scenarios: Discover threat scenarios and attack vectors using STRIDE
  • Attack Path Analysis: Map attack paths from entry points to target assets
  • Attack Feasibility Rating: Evaluate attacker capability requirements
  • Impact Rating: Assess safety, financial, operational, and privacy impacts
  • Risk Value Determination: Calculate risk levels using the ISO 21434 matrix
  • Risk Treatment Decision: Decide on risk treatment options (avoid, reduce, share, retain)
  • Cybersecurity Goals: Define goals to mitigate identified risks
  • Cybersecurity Claims: Document claims supporting your cybersecurity case
  • Cybersecurity Requirements: Generate detailed technical security requirements

Getting Started with TARA

Start by defining your system (item definition). This foundational step captures:
  • System name and primary function
  • Hardware and software components
  • Communication interfaces (CAN, Ethernet, USB, wireless, diagnostic)
  • Operating modes (normal, degraded, maintenance, update)
  • System boundary definition
A comprehensive item definition leads to more complete asset and threat identification.
Saphira analyzes your item definition to automatically identify cybersecurity assets:
  • Data Assets: Authentication tokens, cryptographic keys, personal data
  • Function Assets: Safety-critical functions, control algorithms
  • Hardware Assets: ECUs, sensors, actuators, communication modules
  • Software Assets: Application software, firmware, bootloaders
  • Communication Assets: Network protocols, message formats, interfaces
Each asset is classified by cybersecurity properties (CIA: Confidentiality, Integrity, Availability).
Saphira generates comprehensive threat scenarios using STRIDE methodology:
  • Spoofing: Identity attacks, credential theft
  • Tampering: Data or code modification
  • Repudiation: Denial of actions
  • Information Disclosure: Data leakage, eavesdropping
  • Denial of Service: Resource exhaustion, system disruption
  • Elevation of Privilege: Unauthorized access escalation
Each threat includes attack vectors, prerequisites, and technical exploitation details.
For each identified threat, Saphira evaluates:
  • Impact Rating: Potential damage across safety, privacy, financial, and operational dimensions
  • Attack Feasibility: Required expertise, time, equipment, and opportunity
  • Risk Value: Automatic calculation based on ISO 21434 risk matrix
  • Risk Treatment: Recommendations to avoid, reduce, share, or retain risk

ISO 21434 TARA Workflow Steps

Saphira guides you through a systematic 12-step cybersecurity analysis workflow aligned with ISO/SAE 21434:2021:
Define your system including:
  • System Name: Name of the item under analysis
  • Primary Function: Core functionality of the system
  • Components: Hardware and software components
  • Interfaces: Communication channels (CAN, Ethernet, USB, wireless, diagnostic ports)
  • Operating Modes: Normal operation, degraded mode, maintenance mode, update mode
  • System Boundary: What’s included and excluded from analysis
Standard Reference: ISO 21434 Clause 9.3, RQ-09-01 through RQ-09-04
Identify cybersecurity assets according to ISO 21434 RQ-09-05:
  • Asset Types: Data, function, hardware, software, communication channel
  • Cybersecurity Properties: Confidentiality, integrity, availability
  • Location: Physical or logical location within the item architecture
  • Interfaces: Access points for each asset
  • Rationale: Why this asset requires cybersecurity protection
Each asset includes source justification with document references for traceability.Standard Reference: ISO 21434 Clause 9.3, 15.3, RQ-09-05
Define damage scenarios that could result from asset compromise:
  • Safety Damage: Physical harm to vehicle occupants or road users
  • Financial Damage: Monetary losses to stakeholders
  • Operational Damage: Loss of vehicle functionality or availability
  • Privacy Damage: Exposure of personal or sensitive information
Each scenario links to specific assets and quantifies potential impact.Standard Reference: ISO 21434 Clause 15.4, RQ-15-01
AI-powered threat identification generates comprehensive threat scenarios:
  • Threat Agents: External attackers, malicious insiders, automated tools
  • Attack Methods: Injection, reverse engineering, DoS, physical access
  • Entry Points: Network interfaces, diagnostic ports, wireless connections
  • Prerequisites: Required knowledge, access, and equipment
  • STRIDE Category: Classification using STRIDE methodology
Threats are linked to specific assets and damage scenarios.Standard Reference: ISO 21434 Clause 15.5, RQ-15-02
Map attack paths from entry points to target assets:
  • Attack Trees: Hierarchical breakdown of attack steps
  • Entry Points: Initial access vectors
  • Intermediate Steps: Lateral movement and privilege escalation
  • Target Assets: Final objectives of the attack
  • Attack Vectors: Specific techniques at each step
Visualize attack paths using interactive DAG (Directed Acyclic Graph) view.Standard Reference: ISO 21434 Clause 15.6
Assess attack feasibility according to ISO 21434:
  • Elapsed Time: Time required to develop and execute attack
  • Specialist Expertise: Required technical knowledge and skills
  • Knowledge of Item: Understanding of target system needed
  • Window of Opportunity: Access time and conditions required
  • Equipment: Tools and resources required
Feasibility ratings: Very Low, Low, Medium, HighStandard Reference: ISO 21434 Clause 15.7, RQ-15-03
Evaluate threat impact across multiple dimensions:Safety Impact (S0-S3):
  • S0: No impact on safety
  • S1: Light injuries possible
  • S2: Severe injuries possible
  • S3: Life-threatening/fatal injuries possible
Financial Impact (F0-F3): Negligible to severe financial lossOperational Impact (O0-O3): No impact to severe operational disruptionPrivacy Impact (P0-P3): No violation to severe privacy breachStandard Reference: ISO 21434 Clause 15.8, RQ-15-04
Calculate risk values using the ISO 21434 risk matrix:Risk Matrix: Impact × Feasibility → Risk Value
  • Risk values range from 1 (lowest) to 5 (highest)
  • Automatic CAL (Cybersecurity Assurance Level) derivation
CAL Levels:
  • CAL QM: Quality Management sufficient
  • CAL 1: Low cybersecurity requirements
  • CAL 2: Medium cybersecurity requirements
  • CAL 3: High cybersecurity requirements
  • CAL 4: Very high cybersecurity requirements
Standard Reference: ISO 21434 Clause 15.9, RQ-15-05
Decide on risk treatment options for each identified risk:
  • Avoid: Eliminate the risk by removing the threat source
  • Reduce: Implement controls to lower impact or feasibility
  • Share: Transfer risk through insurance or contracts
  • Retain: Accept the risk with documented rationale
Each decision includes justification and residual risk assessment.Standard Reference: ISO 21434 Clause 15.10, RQ-15-06
Define cybersecurity goals to address identified risks:
  • Goal Statement: Clear objective for risk mitigation
  • Target Assets: Assets protected by this goal
  • Associated Threats: Threat scenarios addressed
  • Required CAL: Cybersecurity Assurance Level for this goal
  • Verification Criteria: How goal achievement will be verified
Goals form the basis for deriving cybersecurity requirements.Standard Reference: ISO 21434 Clause 9.4, RQ-09-06
Document claims supporting your cybersecurity case:
  • Claim Statement: Assertion about cybersecurity properties
  • Supporting Evidence: Evidence types required
  • Linked Goals: Cybersecurity goals supported
  • Verification Status: Current verification state
Claims provide the argumentative structure for your cybersecurity case.Standard Reference: ISO 21434 Clause 9.5
Generate detailed technical requirements to achieve cybersecurity goals:
  • Authentication: Identity verification mechanisms
  • Authorization: Access control requirements
  • Cryptography: Encryption and key management
  • Secure Communication: Protocol security requirements
  • Intrusion Detection: Monitoring and alerting
  • Secure Boot: Boot integrity verification
  • Input Validation: Data sanitization requirements
Each requirement includes:
  • Specific technical implementation guidance
  • Traceability to goals and threats
  • Verification methods
  • Required CAL level
Standard Reference: ISO 21434 Clause 9.4, RQ-09-07 through RQ-09-09

Customizing Your TARA Workflow

Saphira provides powerful workflow customization through the Manage Workflow modal. Access it by clicking the “Manage Workflow” button in the TARA view.
The Workflow Management modal has three tabs:
  1. Outputs: View and create output section templates
  2. Workflow: Configure which sections appear in your TARA and their order
  3. Inputs: Manage input configurations (coming soon)
Changes are saved per-project, allowing different projects to have customized workflows.
To add a section to your TARA workflow:
  1. Go to the Workflow tab
  2. Click Add Section button
  3. Select from available output sections, or click + Add new output section to create a custom one
  4. The section appears at the bottom of your workflow
  5. Use the up/down arrows to reorder sections as needed
To remove a section from your workflow:
  1. Find the section in the Workflow tab
  2. Click the trash icon next to the section
  3. The section is removed from your workflow but remains available in the output library
Note: Removing a section doesn’t delete its definition—you can add it back later.
To change the order of sections:
  1. Use the up/down arrow buttons next to each section
  2. Sections higher in the list are generated first
  3. Order matters for dependencies—sections can only depend on sections above them
Dependencies control the data flow between sections:
  1. Click Manage Dependencies for a section
  2. Select which upstream sections this section depends on
  3. During generation, data from dependency sections is passed as context
Best Practices:
  • Asset Identification should depend on Item Definition
  • Threat Scenarios should depend on Assets and Damage Scenarios
  • Requirements should depend on Goals
Link reference documents to specific sections for grounded generation:
  1. Click Manage Documents for a section
  2. Select documents from your project’s document library
  3. Optionally configure field-level document mappings
  4. AI will extract relevant information during generation
Documents can be:
  • System specifications
  • Architecture diagrams
  • Previous TARA assessments
  • Regulatory requirements
Create entirely new output section types:
  1. Go to the Outputs tab
  2. Click New output section
  3. Define:
    • Section Name: Descriptive name (e.g., “Supply Chain Threats”)
    • Description: Purpose of this section
    • JSON Schema: Structure of the output data
    • Prompt Body: Instructions for AI generation
    • Example Output: Sample data for the AI to follow
Custom sections can be added to any workflow and shared across projects.
Import section definitions from CSV or Excel:
  1. Click the Import button in the Outputs tab
  2. Select a CSV or Excel file with column definitions
  3. Each sheet becomes a separate output section
  4. Columns define the schema fields
CSV Format:
  • First row: Header names
  • Include columns: name, type, description, required, enum_values
  • Types: string, number, boolean, array, enum
Export your workflow configuration for reuse:
  1. Click Export in the Workflow tab
  2. Download the JSON configuration file
  3. Import into other projects using the Import function
Templates include:
  • Section definitions with schemas
  • Dependency configurations
  • Document mappings
Load a predefined workflow template:
  1. Click Load Predefined Workflow in the Workflow tab
  2. Select from available templates:
    • ISO/SAE 21434 TARA: Full 12-step ISO 21434 compliant workflow
    • HARA: Functional safety hazard analysis (ISO 26262)
    • FMEA: Failure Mode and Effects Analysis
  3. The template sections are created and configured automatically
View the dependency graph for your workflow:
  1. Click View Dependency Graph in the Workflow tab
  2. Interactive visualization shows:
    • All sections as nodes
    • Dependencies as directed edges
    • Data flow direction
  3. Identify circular dependencies or missing links

Advanced TARA Features

Saphira supports running functional safety (FuSa) and cybersecurity (TARA) workflows in parallel:Functional Safety Path (ISO 26262):
  • Item Definition → Fault Model → HARA → FSC → Failures → TSC
Cybersecurity Path (ISO 21434):
  • Item Definition → Assets → Damage Scenarios → Threats → Attack Paths → Risk Assessment → Goals → Requirements
Both workflows share the same item definition and can be executed simultaneously for comprehensive safety and security analysis.
Review and refine AI-generated artifacts:
  • Click any item to edit details inline
  • Provide feedback on specific threats or requirements
  • AI learns from your feedback and regenerates improved results
  • Track feedback history and iterative improvements
Saphira maintains context across feedback loops for continuous refinement.
For complex systems with multiple components:
  • Perform TARA for each component separately
  • Load and analyze existing component assessments
  • Import functions and interfaces from other components
  • Generate integrated threat scenarios across components
Perfect for systems with multiple ECUs or distributed architectures.
Import existing documentation to seed your TARA:
  • Upload system specifications, architecture documents, or previous assessments
  • AI extracts relevant information automatically
  • Populates item definition, assets, and known threats
  • Accelerates TARA creation with existing knowledge
Supported formats: PDF, Word, Excel, CSV
Visualize relationships across your cybersecurity analysis:
  • Asset → Threat → Goal → Requirement traceability
  • Interactive graph view with filtering
  • Identify coverage gaps and missing links
  • Ensure complete traceability for audits
Automatically generated traceability matrix for compliance documentation.
Visualize attack paths as a Directed Acyclic Graph:
  • Entry points shown as root nodes
  • Attack steps as intermediate nodes
  • Target assets as leaf nodes
  • Interactive exploration of attack chains
Helps identify critical paths and defense-in-depth opportunities.

Export and Documentation

Generate comprehensive cybersecurity documentation:
  • Complete TARA report with all 12 workflow sections
  • Asset inventory and classification
  • Threat scenario catalog
  • Risk assessment matrix with CAL assignments
  • Traceability matrix (Asset → Threat → Goal → Requirement)
  • Residual risk analysis
Export formats: PDF, Excel, CSV, JSON
Export TARA data to CSV for integration with:
  • Requirements management tools (DOORS, Jama, Polarion)
  • Risk management platforms
  • Issue tracking systems (Jira, Azure DevOps)
  • Custom compliance databases
Includes all attributes, relationships, and metadata.
Saphira generates ISO 21434-compliant documentation:
  • Cybersecurity Case structure
  • Work products for each lifecycle phase
  • Evidence of threat analysis completeness
  • CAL justification and rationale
  • Traceability documentation
Ready for internal reviews and external audits.

Best Practices

A comprehensive item definition is critical for effective TARA:
  • List all interfaces explicitly (CAN, Ethernet, diagnostic ports, wireless)
  • Include all operating modes (normal, degraded, maintenance, update)
  • Define system boundaries clearly
  • Specify hardware and software components
Better item definition leads to more complete asset and threat identification.
TARA is an iterative process:
  • Review AI-generated threats and provide feedback
  • Refine and add missing threat scenarios
  • Adjust impact and feasibility ratings based on expertise
  • Regenerate downstream artifacts after updates
Each iteration improves accuracy and completeness.
Effective TARA requires multiple perspectives:
  • Security experts: Identify attack vectors and vulnerabilities
  • System architects: Understand interfaces and data flows
  • Safety engineers: Assess safety-related impacts
  • Software developers: Evaluate implementation feasibility
Use Saphira’s feedback and comment features for team collaboration.
Combine TARA with functional safety analysis:
  • Run both workflows in parallel from same item definition
  • Identify security-safety interactions
  • Address combined ASIL/CAL requirements
  • Ensure holistic system protection
Saphira automatically manages both workflows simultaneously.
Ensure your TARA is complete:
  • Verify all interfaces have associated threat scenarios
  • Check that all high-value assets are protected
  • Ensure each threat has mitigating goals and requirements
  • Review traceability for gaps
  • Document residual risks and acceptance rationale
Use Saphira’s traceability visualization to identify gaps.
Adapt the TARA workflow to your needs:
  • Add custom sections for organization-specific requirements
  • Configure default threat categories
  • Define organization-specific security requirements templates
  • Save and reuse workflow configurations across projects
Use Workflow Management to save and apply configurations.

Common Use Cases

Perform TARA for automotive electronic control units:
  • Domain controllers (ADAS, infotainment, powertrain)
  • Gateway ECUs with multiple network interfaces
  • Telematics and connectivity modules
  • Over-the-air (OTA) update systems
Identify threats from external connectivity and inter-ECU communication.
Analyze vehicle-to-everything (V2X) communication security:
  • Identify threats to V2V (vehicle-to-vehicle) messaging
  • Assess V2I (vehicle-to-infrastructure) vulnerabilities
  • Evaluate message authentication and integrity
  • Consider privacy of location and identity data
Particularly critical for autonomous and connected vehicles.
TARA for backend services and cloud platforms:
  • Mobile app security and authentication
  • Cloud data storage and processing
  • Remote diagnostics and vehicle control
  • User account and privacy protection
Consider both vehicle-side and cloud-side threats.
Comprehensive cybersecurity for autonomous driving:
  • Sensor spoofing and manipulation
  • ML model poisoning and adversarial attacks
  • Vehicle control system compromise
  • Map and localization data integrity
Critical for achieving safe and secure autonomous operation.

Next Steps

After completing your TARA:
  1. Implement Security Controls: Use generated requirements to design and implement security measures
  2. Verification & Validation: Create test plans to verify security controls (see Verification & Validation)
  3. Safety Case Generation: Integrate TARA results into your safety case (see Safety Case Generation)
  4. Ongoing Monitoring: Update TARA as system evolves and new threats emerge
Saphira maintains version history and traceability throughout the development lifecycle, ensuring your cybersecurity analysis stays current and compliant.