Open search


Strengthen automotive data security

The security software solution CAN Guard by Mercury Systems (USA) was designed to protect vehicle data networks.

CAN Guard hardware variant overview (Photo: Mercury Systems)

Addressing the need for tighter in-vehicle security, Mercury Systems has announced the CAN Guard security suite. It is a software solution designed to protect automotive vehicle data networks. The company also announced that it has entered into a licensing agreement with an automotive electronics manufacturer to enable the integration of CAN Guard software into existing vehicle control units as well as future units.

Security breaches of in-vehicle onboard computers and networks are becoming more prevalent. Recent demonstrations range from remotely shutting down an engine to causing vehicle brakes to malfunction. Such attacks are enabled by the lack of built-in security for the vehicle’s CAN network - the technology linking most onboard computers. CAN has been a reliable workhorse for the automotive industry for decades, yet it was developed before the Internet, so its inventors never considered malicious remote actors having access to the network. By compromising a network-enabled onboard computer, a sophisticated hacker can gain access to other critical vehicle systems via CAN, leading to the dangerous security breaches recently reported in the media.

“Security is paramount to the safe operation of an automotive vehicle, and there is no safety without security,” said Scott Orton, Mercury’s Vice President of Secure Processing Solutions. “Mercury’s unique security intellectual property applied to automotive infrastructure denies malicious intrusion attempts from propagating to safety-critical vehicle functions.”

At its core, the CAN Guard suite is a security layer installed within an automotive computer (an “ECU”) attached to a vehicle’s CAN. This security layer defends against nefarious actions by blocking malicious data traffic before it can have an impact on the target vehicle - and does so in a manner transparent to the ECU control programs. Unlike alternative solutions, such as bus monitoring or gateway firewalls, this software requires no architectural changes to the vehicle, nor additional hardware. The solution can be applied on a per-ECU basis, retaining complete interoperability with non-CAN-Guard-aware ECUs. This enables the software to be retrofitted into various existing vehicles in addition to new designs.


Publish date

Mercury Systems