Скачать или смотреть Offensive Security Engineering Why your TARA needs a reality check

The Threat Analysis and Risk Assessment (TARA) is a central element of the cybersecurity engineering process in the automotive domain, as mandated by ISO/SAE 21434. It defines the rationale for security controls and documents system-level risks and assumptions, serving as the foundation for regulatory compliance and engineering decisions.

A commonly used method for risk quantification within TARAs is the attack potential-based approach, adapted from evaluation schemes like Common Criteria. In theory, it enables a structured assessment of feasibility and attacker effort. In practice, however, its reliability hinges on the evaluator’s understanding of real-world attack scenarios and techniques.

Based on observations from multiple development projects across OEM and supplier environments, this paper highlights a critical gap: most TARAs are authored by engineers with limited or no hands-on experience in penetration testing, software exploitation, or hardware attack techniques. As a result, the calculated attack potentials often suffer from false precision, giving a misleading impression of analytical rigor. The consequence is a systemic underestimation or misprioritization of threats.

This paper calls for a re-evaluation of current practices, advocating for deeper integration of offensive security expertise into the TARA process to ensure its outputs reflect realistic threat feasibility.


About the Speaker:

Jannis Kelter is Head of Cybersecurity at Holon, bringing over a decade of experience in product cybersecurity, cloud security, and application security. He is passionate about creating pragmatic security architectures and processes that withstand real-world threats while meeting the highest industry standards. His focus is on advancing cybersecurity practices that enable the secure deployment of autonomous mobility solutions and resilient, high-availability cloud infrastructures.