The CAN in Automation (CiA) association has conducted its first controlled area network (CAN) cybersecurity interest group (IG) event.
The inaugural meeting held recently by the international users and manufacturers association for the CAN network included participants representing 20 companies.
In addition to harmonizing CAN-related cybersecurity terminology including definitions of attack scenarios (such as remote, local and system-owner attacks), the interest group also considers all security attacks on CAN-based networks and evaluates them.
Results of these evaluations are subsequently reported on the association’s website, but its function and remit does not extend to developing application end-to-end solutions.
The IG is chaired by CiA managing director Holger Zeltwanger, who said, “Optional security measures on each OSI layer can improve the security and make it harder for attackers to hack the communication compared with just an end-to-end protection.”
Two task forces have also been established by the group: one for lower layer (physical and data link) measures; and another for higher-layer (transport and application). The results from both task forces are expected to not just be suitable for in-vehicle networks but for all embedded network application.
Internationally standardized in the ISO 11898 series, the non-profit CiA was established in 1992 with the aim of providing an unbiased platform for future developments of the CAN protocol and to promote the image of the CAN technology.
Every CiA member company has one vote in the annual CiA General Assembly, regardless of the company size or their number of employees.