CiA workshop on CAN cyber security

On May 2, CiA has scheduled a workshop on CAN cyber security. The workshop provides some presentations, but the main purpose is discussion and brainstorming.

Cyber security is becoming dramatically important, not just for passenger cars. Cyber security is a must for IoT and a sister of functional safety. Carmakers are going to implement security on all networks. End of last year, Schneider Electric’s Triconix safety controller was attacked by a very sophisticated RAT (Remotely Accessible Trojan). Although it was an attack on a TCP/IP network, CAN-based networks could be attacked similarly.

Therefore, CiA is going to join forces: The first step is a workshop in Nuremberg (Germany) on May 2, 2018. We would like to collect the already available solutions, standards, etc., in order to find the gaps and the missing links as well as to plan the next steps. The workshop is free-of-charge for CiA members. Non-members with a dedicated interest and experience in cyber security for embedded networks may participate on invitation (please send your application to secretary(at)can-cia.org).
The detailed program is subject to be changed:
10:00 - 10:15Introduction and brief history of cyber security (CiA)
10:15 - 10:45Cyber security solutions are highly political (CiA)
Interest conflicts of stakeholders and a brief report from the U.S.-German Standards Panel 2018 on cyber security
10:45 - 11:00Coffee break
11:00 - 11:30Standardized engineering of cyber security systems (Denso, CiA)
ISO/SAE 21434 series and IEC 62443 series, Autosar Security (e.g. SecOS), ISO 15764, etc.
11:30 - 12:00Standardized CAN-based cyber security systems (CiA)
ISO 14229-1, ISO 16844 series (tachograph), ISO 26021 series (airbag), ISO 11992 series (truck/trailer networks), CiA 461 (on-board weighing), DIN 4630 (truck body applications and telematics, etc.
12:00 - 12:30Cyber security and IT security requirements on CiA 447 based networks (German Police)
12:30 - 13:15Lunch break
13:15 - 13:45Potential vulnerabilities and attack vectors on CAN-based networks (EmSA)
13:45 - 14:15CANcrypt: Generic cyber security layer for CAN-based networks (EmSA)
14:15 - 14:45Security by smart transceiver (NXP)
14:45 - 15:00Coffee break
15:00 - 15:45Brainstorming (world-café) on dedicated topics (proposals):
  1. Do we need specific cyber security solutions for the CAN data link and physical layers?
  2. Are the existing standards on cyber security engineering suitable for all CAN-based application fields?
  3. How we can test interoperability and conformity of cyber security solutions?
15:45 - 16:30Open discussion on the results of the brainstorming session and on further steps on necessary standardization/specification

CiA Managing Director, Holger Zeltwanger, hopes to welcome many members interested in cyber security solutions for CAN-based networks. Please register by email.