TARA Execution Checklist for Automotive Cybersecurity

1. Identify assets in the automotive system (ECUs, CAN bus, Telematics, etc.).

2. Determine potential threat scenarios using a threat modeling technique (e.g., STRIDE, HEAVENS).

3. Assess the impact of each threat scenario on vehicle safety, privacy, or functionality.

4. Evaluate the feasibility of each attack (skills, access, time required).

5. Calculate risk level using a risk matrix or quantitative method.

6. Classify risk levels (high, medium, low) and decide treatment approach (mitigate, accept, transfer, avoid).

7. Define cybersecurity goals based on unacceptable risks.

8. Document risk assessments and decisions for traceability and audit readiness.

9. Review and validate the TARA with cross-functional teams (engineering, security, compliance).

10. Feed the results into cybersecurity concept development and safety case documentation.