These papers offer further details on the methodology and functionality of Threat Assessment and Remediation Analysis (TARA), which assesses and counters cyber vulnerabilities.
Threat Assessment and Remediation Analysis (TARA)
Threat Assessment and Remediation Analysis (TARA) is an engineering methodology used to identify and assess cyber vulnerabilities and select countermeasures effective at mitigating those vulnerabilities. TARA is part of a MITRE portfolio of systems security engineering (SSE) practices that focus on improving the cyber security hygiene and resilience of systems early in the acquisition process. TARA uses a catalog of stored attack vector and countermeasure data to inform the process of identifying attack vectors for exploiting system vulnerabilities and potential countermeasures to prevent their exploitation or mitigate its effects. TARA was originally developed in 2010 and has been used in over 30 cyber risk assessments.
In 2017, the TARA catalog was revamped to support application of TARA to ICS/SCADA systems in conjunction with the International Atomic Energy Agency (IAEA) hosted, collaborative research program J02008 on cyber incident analysis and planning for Nuclear Facilities.