Automotive
TARA
TARA (Threat Analysis & Risk Assessment) is the structured risk analysis method specified by ISO/SAE 21434 for automotive cybersecurity engineering. It identifies damage scenarios, threat scenarios, and risk values for each in-scope asset of a vehicle system.
Definition
TARA (Threat Analysis & Risk Assessment) is the structured risk analysis method specified by ISO/SAE 21434 for automotive cybersecurity engineering. It identifies damage scenarios, threat scenarios, and risk values for each in-scope asset of a vehicle system.
> **Disambiguation note:** "TARA" in this context refers specifically to the ISO/SAE 21434 framework. Other uses of the word (the Buddhist deity Tara, the personal name) are unrelated.
What it means
TARA is the central risk-analysis artifact in ISO/SAE 21434 implementation. The method proceeds through: asset identification (what's in scope, what does it protect), damage scenario derivation (what bad outcomes could occur), threat scenario derivation (what attack paths could realize those damages), feasibility rating (how plausible is each threat scenario), impact rating (how severe is the damage), risk-value computation, and risk treatment decisions.
TARA outputs drive penetration-testing scope, cybersecurity case documentation, and ultimately the cybersecurity goals embedded in the system's cybersecurity-interface agreements between OEMs and suppliers. A high-quality TARA is the single most leveraged artifact in automotive cybersecurity engineering — it shapes everything downstream.
Related terms
- ISO/SAE 21434 - UN-R 155 - ECU
Authoritative sources
- ISO/SAE 21434:2021 - SAE J3061 (historical precursor)
---