Security AutoDesigner leverages years of experience from dozens of automotive TARA projects, a comprehensive threats DB, and state-of-the-art AI technology to enable OEMs and Tier-1 suppliers to automatically create a detailed Threat Analysis & Risk Assessment report to secure vehicles and ECUs and comply with ISO 21434 and UNR 155.
Automotive regulation and international standards such as UN R155 and ISO/SAE 21434 require threat analysis and risk assessment. This is a manual, time consuming task that requires extensive cyber security knowledge. Unless done efficiently and accurately, it can have a significant impact on the cyber security posture and time-to-market of vehicles or their components.
For vehicles and components subject to cyber security regulation and standards such as UNR 155 and ISO/SAE 21434
Based on dozens of TARA projects with OEMs and Tier-1s
With new automotive specific threats from the PlaxidityX research team
With automated TARA creation based on ECU or vehicle design
Can integrate with PlaxidityX DevSecOps holistic platform
Based on product architecture changes
Supports both vehicle level and component (ECU) level TARA
Simple connection to most common requirements management tools
Over 100 automotive threats prioritized from very low risks to critical risks
What is the automotive TARA process (Threat Analysis & Risk Assessment)?
TARA is a systematic methodology to identify cybersecurity threats, assess their likelihood/impact, and prioritize mitigation strategies for vehicle systems. It involves asset identification, threat modeling, attack path analysis, and risk scoring, aligned with ISO/SAE 21434 requirements
Is TARA a one-time process?
No. TARA must be repeated whenever:
New components are added.
Software is updated.
New threats are identified (e.g., zero-day vulnerabilities)
Is TARA required by automotive cyber security regulations and industry standards?
Yes. TARA is mandatory under UNECE WP.29 R155 regulation for vehicle type approval. It is also a core requirement of the ISO/SAE 21434 international standard. It ensures compliance with lifecycle cybersecurity risk management obligations
Does TARA apply to automotive components (e.g. ECUs) or to the entire vehicle?
TARA is applied to both vehicle components as well as to vehicles. At the vehicle level TARA assesses system-wide risks (e.g., CAN bus attacks). At the component-level it analyzes specific elements like ECUs, sensors, or communication interfaces
Can you integrate vulnerability management into the TARA
Yes. Vulnerability data (e.g., CVE/NVD feeds) should impact TARA’s feasibility ratings and risk treatment decisions. Automated tools like PX SW Supply Chain Security enable dynamic TARA updates when new vulnerabilities are discovered by integrating into TARA management tools such PX Security AutoDesigner
What are the key benefits of introducing automation into the TARA process?
Some key benefits of introducing automation into the TARA process include:
Efficiency: Reduces manual effort by 60–80%.
Time-to-market: reduces delays and accelerates product time to market.
Consistency: Eliminates human bias in threat scoring.
Real-time adaptation: Updates risk assessments as threats evolve.
Audit readiness: Auto-generates ISO 21434-compliant reports.
Code Security Manager integrates static application security testing (SAST) and dynamic application security testing (DAST) into early development stages, offering developer centric CI/CD integration and source code support for robust pre-production security.
SW Supply Chain Security performs automatic binary SBOM scanning for public and private vulnerabilities to comply with regulations and assure product security.
Security AutoTester utilizes PlaxidityX’s extensive knowledge and domain expertise in automotive cyber security based on hundreds of customer projects to enable enterprise level security testing such as fuzz and penetration testing to automotive software developers, both OEMs and suppliers