SlideShare a Scribd company logo

TARA- Automotive Cybersecurity.pptx

Download as PPTX, PDF
S
Shriya Rai

TARA: Threat Assessment and Remediation Analysis Originally developed in 2010, TARA is an “engineering methodology used to assess and identify cyber threats and select countermeasures effective at mitigating the vulnerabilities”

Technology
1 of 8
TARA- Automotive Cybersecurity S U B M I T T E D B Y - S H R I Y A R A I
• Evolution of vehicles from the stone age to the digital age • Defence security points • Automotive risk-oriented security measures • TARA – Threat Assessment and Remediation Analysis • Phases of TARA assessment • Deep analysis of all the phases of the TARA assessment Content
Evolution of vehicles from the stone age to the digital age Technological disruptions in the Automotive industry Autonomous systems used in emergency braking, and lane assistance in vehicles enhance road-safety Connected vehicles on road generate data which enables strong predictive analysis of fleet management & maintenance Electric mobility empowers clean energy and less consumption of fossil-based combustion engines Shared service is a part of the MaaS (Mobility-as-as-service) contributing to the shared economy aspect of smart cities Like every industry entering into the digital ecosystem, the automotive industry is also transforming its products and services by leveraging digital offerings and making them more customer-centric
Defence security points End-to-end security Secure external interfaces In-vehicle secure network architectures Hardware security modules People awareness and training Secure supply chain Security Framework based on defence depth strategy External interfaces such as driver-dedicated applications, Bluetooth, OBD, OTA Physical segregation and isolation using secure gateways & communication buses such as Ethernet HSM provides security functions such as secure boot, key generation, active memory protection Involving all the stakeholders in the supply chain and ensuring cybersecurity risk mitigations at every end Establishing chain-of-trust from the car architecture to the servers and the cloud
Automotive risk-oriented security measures Cybersecurity Privacy • Goal: Protect assets • Risk: External threats, driven by humans • Governance: ISO 21434 etc • Methods: • TARA, … • Cryptography • Key management • Goal: Protect intellectual property • Risk: data threats, driven by humans • Governance: ISO 27001 etc • Methods: • TARA, … • Cryptography • Explicit consent TARA: Threat Assessment and Remediation Analysis Originally developed in 2010, TARA is an “engineering methodology used to assess and identify cyber threats and select countermeasures effective at mitigating the vulnerabilities”
Phases of TARA assessment Define scope and assessment Cyber threat susceptibility analysis Cyber risk remediation analysis TARA Scope Susceptibility matrix Mitigation recommendations • TARA Assessment • Catalog Development • Toolset development Workflows
Deep analysis of all the phases of the TARA assessment TARA Scope Susceptibility matrix Mitigation recommendations • Evaluate the target • Assess the range of threats • Analyse the threat actor’s capabilities and intent • Prepare the phase of the system acquisition lifecycle • Prepare TARA assessment and scope brief • Model the attack surface • Perform the catalog search to identify candidate AVs • Eliminate implausible Avs • Define a scoring model to rank plausible Avs • Construct the susceptibility matrix • Select AVs to mitigate • Use mitigation mappings to identify candidate countermeasures (CMs) • Eliminate implausible CMs • Define a scoring model to rank CMs • Select the best CM solution set • Develop well-formed recommendations Vector Groups Attack Vectors Countermeasures TARA Data model Vector groupings Countermeasure mappings
• https://www.arm.com/blogs/blueprint/aces-future-mobility • https://www.youtube.com/watch?v=H_J41yopxvE&t=1808s • https://www.mitre.org/sites/default/files/2021-11/pr-20-0272-tara-training-workshop.pdf • https://capgemini-engineering.com/as-content/uploads/sites/27/2021/04/compressed_cybersecurity-in-automotive-how-to-stay-ahead-of-cyber-threats_v8.pdf • This Photo by Unknown Author is licensed under CC BY • This Photo by Unknown Author is licensed under CC BY-SA-NC: photo used in the introduction slide References *author’s intent is not “content generation”

Recommended

Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Priyanka Aash
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringBryan Len
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsOnBoard Security, Inc. - a Qualcomm Company
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 

Recommended

Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Automotive Security (Connected Vehicle Security Issues)
Automotive Security (Connected Vehicle Security Issues)Priyanka Aash
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
AUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTAUTOMOTIVE CYBER SECURITY PPT
AUTOMOTIVE CYBER SECURITY PPTVinayakSharma609332
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringBryan Len
 
Automotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesAutomotive Cybersecurity Best Practices
Automotive Cybersecurity Best PracticesBamboo Apps
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsOnBoard Security, Inc. - a Qualcomm Company
 
Connected Car Security
Connected Car SecurityConnected Car Security
Connected Car SecuritySuresh Mandava
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
ISO21434_public2.pdf
ISO21434_public2.pdfISO21434_public2.pdf
ISO21434_public2.pdfMdZahirulIslamPhD
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsVidyalankar Institute of Technology
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car Real-Time Innovations (RTI)
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceAmazon Web Services
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelAshwin Patil, GCIH, GCIA, GCFE
 
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk ManagementQuadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk ManagementQuadrant_Knowledge_Solutions
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 

More Related Content

What's hot

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilienceaccenture
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 

What's hot (20)

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
ISO21434_public2.pdf
ISO21434_public2.pdfISO21434_public2.pdf
ISO21434_public2.pdf
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program10 Steps to Building an Effective Vulnerability Management Program
10 Steps to Building an Effective Vulnerability Management Program
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Cyber Security for the Connected Car
Cyber Security for the Connected Car Cyber Security for the Connected Car
Cyber Security for the Connected Car
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations Center
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
From Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber ResilienceFrom Cybersecurity to Cyber Resilience
From Cybersecurity to Cyber Resilience
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
 

Similar to TARA- Automotive Cybersecurity.pptx

Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk ManagementQuadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk ManagementQuadrant_Knowledge_Solutions
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Security and Compliance Topics Covered in CloudMASTER IT Training
Security and Compliance Topics Covered in CloudMASTER IT TrainingSecurity and Compliance Topics Covered in CloudMASTER IT Training
Security and Compliance Topics Covered in CloudMASTER IT TrainingCarver Technology Consulting LLC
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...TelecomValley
 
Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsTonex
 
Industry's Best Automotive Cybersecurity Training Course
Industry's Best Automotive Cybersecurity Training CourseIndustry's Best Automotive Cybersecurity Training Course
Industry's Best Automotive Cybersecurity Training CourseBryan Len
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slidesKenji Taguchi
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentationAhmad El Tawil
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesHARMAN Connected Services
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment Ahmad El Tawil
 
Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultantdcs HH
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
 

Similar to TARA- Automotive Cybersecurity.pptx (20)

Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk ManagementQuadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
Quadrant Knowledge Solutions - Cyber Security, Network Security, Risk Management
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution Demo
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution Demonstration
 
Security and Compliance Topics Covered in CloudMASTER IT Training
Security and Compliance Topics Covered in CloudMASTER IT TrainingSecurity and Compliance Topics Covered in CloudMASTER IT Training
Security and Compliance Topics Covered in CloudMASTER IT Training
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
Cyber-menaces et cyber-préjudices : regards croisés par Gilles DESOBLIN & Red...
 
Network Security for Automotive Embedded Systems
Network Security for Automotive Embedded SystemsNetwork Security for Automotive Embedded Systems
Network Security for Automotive Embedded Systems
 
Industry's Best Automotive Cybersecurity Training Course
Industry's Best Automotive Cybersecurity Training CourseIndustry's Best Automotive Cybersecurity Training Course
Industry's Best Automotive Cybersecurity Training Course
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
 
Automotive Cyber Security.pdf
Automotive Cyber Security.pdfAutomotive Cyber Security.pdf
Automotive Cyber Security.pdf
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
 
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected VehiclesWebinar - Automotive SOC - Security Data Analytics for Connected Vehicles
Webinar - Automotive SOC - Security Data Analytics for Connected Vehicles
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment
 
Information Security Audit Consultant
Information Security Audit ConsultantInformation Security Audit Consultant
Information Security Audit Consultant
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
 

More from Shriya Rai

Vulnerability_Management.pptx
Vulnerability_Management.pptxVulnerability_Management.pptx
Vulnerability_Management.pptxShriya Rai
 
Best cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CKBest cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CKShriya Rai
 
Amul’s partnership with IBM
Amul’s partnership with IBMAmul’s partnership with IBM
Amul’s partnership with IBMShriya Rai
 
Security posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeSecurity posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeShriya Rai
 
An inspiring and humble tale of 7 women
An inspiring and humble tale of 7 womenAn inspiring and humble tale of 7 women
An inspiring and humble tale of 7 womenShriya Rai
 

More from Shriya Rai (6)

Vulnerability_Management.pptx
Vulnerability_Management.pptxVulnerability_Management.pptx
Vulnerability_Management.pptx
 
Best cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CKBest cloud security practices with MITRE ATT&CK
Best cloud security practices with MITRE ATT&CK
 
Amul’s partnership with IBM
Amul’s partnership with IBMAmul’s partnership with IBM
Amul’s partnership with IBM
 
Security posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeSecurity posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through Wireframe
 
An inspiring and humble tale of 7 women
An inspiring and humble tale of 7 womenAn inspiring and humble tale of 7 women
An inspiring and humble tale of 7 women
 
Network Setup
Network SetupNetwork Setup
Network Setup
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

TARA- Automotive Cybersecurity.pptx

  • 1. TARA- Automotive Cybersecurity S U B M I T T E D B Y - S H R I Y A R A I
  • 2. • Evolution of vehicles from the stone age to the digital age • Defence security points • Automotive risk-oriented security measures • TARA – Threat Assessment and Remediation Analysis • Phases of TARA assessment • Deep analysis of all the phases of the TARA assessment Content
  • 3. Evolution of vehicles from the stone age to the digital age Technological disruptions in the Automotive industry Autonomous systems used in emergency braking, and lane assistance in vehicles enhance road-safety Connected vehicles on road generate data which enables strong predictive analysis of fleet management & maintenance Electric mobility empowers clean energy and less consumption of fossil-based combustion engines Shared service is a part of the MaaS (Mobility-as-as-service) contributing to the shared economy aspect of smart cities Like every industry entering into the digital ecosystem, the automotive industry is also transforming its products and services by leveraging digital offerings and making them more customer-centric
  • 4. Defence security points End-to-end security Secure external interfaces In-vehicle secure network architectures Hardware security modules People awareness and training Secure supply chain Security Framework based on defence depth strategy External interfaces such as driver-dedicated applications, Bluetooth, OBD, OTA Physical segregation and isolation using secure gateways & communication buses such as Ethernet HSM provides security functions such as secure boot, key generation, active memory protection Involving all the stakeholders in the supply chain and ensuring cybersecurity risk mitigations at every end Establishing chain-of-trust from the car architecture to the servers and the cloud
  • 5. Automotive risk-oriented security measures Cybersecurity Privacy • Goal: Protect assets • Risk: External threats, driven by humans • Governance: ISO 21434 etc • Methods: • TARA, … • Cryptography • Key management • Goal: Protect intellectual property • Risk: data threats, driven by humans • Governance: ISO 27001 etc • Methods: • TARA, … • Cryptography • Explicit consent TARA: Threat Assessment and Remediation Analysis Originally developed in 2010, TARA is an “engineering methodology used to assess and identify cyber threats and select countermeasures effective at mitigating the vulnerabilities”
  • 6. Phases of TARA assessment Define scope and assessment Cyber threat susceptibility analysis Cyber risk remediation analysis TARA Scope Susceptibility matrix Mitigation recommendations • TARA Assessment • Catalog Development • Toolset development Workflows
  • 7. Deep analysis of all the phases of the TARA assessment TARA Scope Susceptibility matrix Mitigation recommendations • Evaluate the target • Assess the range of threats • Analyse the threat actor’s capabilities and intent • Prepare the phase of the system acquisition lifecycle • Prepare TARA assessment and scope brief • Model the attack surface • Perform the catalog search to identify candidate AVs • Eliminate implausible Avs • Define a scoring model to rank plausible Avs • Construct the susceptibility matrix • Select AVs to mitigate • Use mitigation mappings to identify candidate countermeasures (CMs) • Eliminate implausible CMs • Define a scoring model to rank CMs • Select the best CM solution set • Develop well-formed recommendations Vector Groups Attack Vectors Countermeasures TARA Data model Vector groupings Countermeasure mappings
  • 8. • https://www.arm.com/blogs/blueprint/aces-future-mobility • https://www.youtube.com/watch?v=H_J41yopxvE&t=1808s • https://www.mitre.org/sites/default/files/2021-11/pr-20-0272-tara-training-workshop.pdf • https://capgemini-engineering.com/as-content/uploads/sites/27/2021/04/compressed_cybersecurity-in-automotive-how-to-stay-ahead-of-cyber-threats_v8.pdf • This Photo by Unknown Author is licensed under CC BY • This Photo by Unknown Author is licensed under CC BY-SA-NC: photo used in the introduction slide References *author’s intent is not “content generation”