Damage Scenarios

A "damage scenario" is a core concept within the Threat Analysis and Risk Assessment (TARA) methodology defined by the international standard ISO/SAE 21434, "Road vehicles — Cybersecurity engineering." It provides a plausible narrative describing the potential adverse consequences for a road user or stakeholder resulting from a compromise of a cybersecurity property (confidentiality, integrity, availability) of an asset within a vehicle, such as an Electronic Control Unit (ECU). According to Clause 15.5 of the standard, the impact of each damage scenario must be systematically evaluated across four categories: Safety, Financial, Operational, and Privacy (S.F.O.P.). This structured assessment helps quantify the severity of potential harm. It is distinct from a "threat scenario," which details the methods an attacker might use, focusing instead on the ultimate consequences of a successful attack.

In practice, enterprises apply damage scenarios by following the TARA process outlined in ISO/SAE 21434. The process begins with Step 1: Asset Identification, where critical components and their assets, like an ADAS ECU, are identified. Step 2: Damage Scenario Derivation involves brainstorming potential negative outcomes if an asset's cybersecurity properties are compromised. For example, "Corruption of the ADAS camera's firmware integrity leads to the Lane Keeping Assist system malfunctioning, causing the vehicle to drift." Step 3: Impact Rating involves systematically rating the severity of each scenario across the S.F.O.P. dimensions. The vehicle drifting scenario would receive a "Severe" rating for Safety. A global Tier 1 supplier used this method to identify over 50 damage scenarios for a new braking system, ensuring compliance with UN Regulation No. 155 and reducing potential vulnerabilities by 30%.

Taiwanese enterprises, often component suppliers, face three primary challenges. First, Siloed Expertise: Functional safety (ISO 26262) and cybersecurity (ISO/SAE 21434) teams often work in isolation, hindering a holistic assessment of how a cyber attack could cause physical harm. Second, Information Asymmetry: Suppliers lack vehicle-level information from OEMs, making it difficult to accurately assess the final impact of a component-level vulnerability. Third, Resource Constraints: Many SMEs lack dedicated TARA tools and skilled personnel. To overcome this, they should establish cross-functional teams (CFTs), sign Cybersecurity Agreements (CAs) with OEMs to formalize information exchange, and leverage expert consulting to implement standardized templates and tools, accelerating compliance.

Winners Consulting specializes in damage scenarios for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact