What is the Threat analysis in automotive cybersecurity
In this video course, you will learn what the threat analysis in the context of the TARA and its role in the whole process is. Additionally, you will get to know how to identify threats using the widely used in the automotive industry STRIDE model and steps to identify threat scenarios.
Identify Threats in a Systematic Way with the Threat Analysis and STRIDE Model
As vehicles get more complex and trends like V2X and modern vehicle ecosystems become increasingly dominant in the automotive industry, so do new attack vectors and threats. Therefore, in this video course “Threat Analysis”, we will explain what the threat analysis in the context of the TARA is, what it involves, and how you can use the STRIDE model to categorize threats.
At first, we will give you an overview of the TARA, highlight where the threat analysis takes place, define what it is and its role for further activities.
Moreover, we will introduce STRIDE, as it is the most used model for classification of threats in automotive cybersecurity. Shortly after, we will define Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges and provide practical examples for each of the classifications in the context of automotive cybersecurity.
Finally, we will explain our recommended approach of five steps to threat scenario identification with the previously introduced Microsoft STRIDE model as the threat scenario model, so you will get an illustrative example of its use case.
Who the Threat Analysis video course is made for
For software engineers
As vehicles become more sophisticated amid V2X and modern vehicle ecosystem trends, new threats arise. Therefore, it is crucial to understand how threats are identified in a systematic way using the threat analysis and STRIDE model in order to mitigate them later on.
For system engineers
Understanding how the STRIDE model helps identify threats in a systematical way is crucial for system engineers. Therefore, this video course is helpful for system engineers as it is essential to identify threats to protect the system against them.
Threat Analysis – Video course content
Here, we will define what the threat analysis in the context of the TARA is and highlight its importance. Learning objectives will also be defined in this section.
II. ISO/SAE 21434 Risk Assessment Process
In a visual overview, you will get a look at the overall TARA process and identify where the threat analysis takes place and the following activities.
III. Threat Analysis: an overview
Learn the definition of the threat analysis, as well as the security properties mentioned in the “Asset Identification” video course. You will also get an overview on how the threat scenarios are created, what they should describe, as well as inputs and outputs.
Get an introduction on how the STRIDE model can help classify threats, why it is the most used model, and what the STRIDE category keywords stand for. Shortly after, we will explain and provide examples for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privileges.
V. Recommended approach to threat scenario identification
In this section, you will get an illustrative example for threat scenario identification in five steps, with the STRIDE as a threat scenario model.
VI. Threat Analysis video course – What did you learn?
To sum up, we will go over the main lessons learned on what the threat analysis is and how it is done.