In the inaugural meeting of the Interest Group “CAN cyber security” from CiA (CAN in Automation), two Tasks Forces have been installed.
CiA has established the Interest Group (IG) “CAN cyber security”. The inaugural meeting was participated by about 20 companies. The IG harmonizes CAN-related cyber-security terminology including definitions of attack scenarios (e.g. remote attack, local attack, and attacks by system-owners). Additionally, the IG collects all known security attacks on CAN-based networks and evaluates them. The results are reported on the CiA website. It is not intended to develop application end-to-end solutions. Holger Zeltwanger who manages the IG as interim chairman said: “Optional security measures on each OSI layer can improve the security and make it harder for attackers to hack the communication compared with just an end-to-end protection.” The IG considers remote and local attacks as well as manipulations by the system owner.
The IG has established two task forces: one for lower-layer (physical and data link layer) measures and another one for higher-layer (in particular for transport and application layers) measures. Sharika Kumar (Cummins) respectively Gianpiero Costantino (CNR) lead these TFs. The results should be suitable for all embedded network application, not just for in-vehicle networks.