No. 10 - July 12, 2024

A word from the CiA Managing Director

Steve Morgan, the editor-in-chief of the Cybercrime Magazine wrote already in 2020: “If it were measured as a country, then cybercrime – which is predicted to inflict damages totaling 6 trillion US-$ globally in 2021 – would be the world’s third-largest economy after the U.S. and China. Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching 10,5 trillion US-$ annually by 2025, up from 3 trillion US-$ in 2015.”

In the meantime, national, regional, and international authorities have released regulations to protect potentially attackable systems and subsystems. Most important is the European Cyber Resilience Act (CRA): This is a legal framework that describes the cybersecurity requirements for hardware and software products with digital elements placed on the market of the European Union. Manufactures are now obliged to take security seriously throughout a product’s life cycle. Details and impacts what manufacturers and users need to do are still unclear. There are many uncertainties. CAN networks comprise digital hardware and software, implying that CAN-based products are affected by the European CRA.

CAN networks are in general not cybersecure. Cybersecurity needs to be added. In other words, a CAN interface is a door with no lock. Depending on the application and risks of attacks, you need to apply appropriate cybersecurity measures. The OSI (Open Systems Interconnection) model describes a cross-layer security add-on function (ISO 7498-2:1989). It models the secure communication between networked entities. Theoretically, each of the seven layers can provide security add-on functions.

Within the CiA organization, we have two activities related to cybersecurity. The IG (interest group) 04 SIG (special interest group) 01 CAN XL develops a data link layer (DLL, OSI layer 2) cybersecurity add-on function for CAN XL. It is intended that this approach can be implemented in hardware. Additionally, on July 24 CiA is going to inaugurate the IG06 SIG02 HLP (higher-layer protocol) cybersecurity. The aim of this SIG is the specification of security add-on functionality for OSI layers above the data link layer i.e. for OSI layer 3 (network layer) to OSI layer 7 (application layer) for CAN based networks, in particular for CAN CC and CAN FD based protocols that will not directly profit from the CAN XL security add-on functionality. CiA is calling for cybersecurity experts to work within this SIG. Interested parties may contact secretary(at)can-cia.org.

The CiA Technical Committee (TC) task force (TF) Modeling accompanies these cybersecurity-related specifications to model them as specified in ISO 7489-2 and related standards.

There is also a need to discuss the political dimension of cybersecurity measures for different applications. Which measures are necessary? It might be that in some applications a mechanical access protection is sufficient, e.g. for deeply embedded networks. In other applications, an end-to-end protection might be appropriate. If an attacker has access to the CAN network lines, OSI layer cybersecurity add-on functions might be required. As such, CiA is currently considering to establish a Marketing Group (MG) to discuss and to develop design guidelines and recommendations for applying technical cybersecurity measures for different use cases.
 

CAN Newsletter magazine

The CAN Newsletter magazine established in June 1992, is published quarterly. It provides technical in-depth articles and product trend features. The June issue contains reports about the Logimat, the Passenger Terminal Expo, and the Embedded World tradeshows.

The September issue will be distributed as hardcopy on the following tradeshows: Innotrans in Berlin (Germany), Embedded World in Austin, Texas (U.S.A), and SPS in Nuremberg (Germany). Interested parties are welcome to submit an article about their CAN-based developments, solutions, and applications by 2024-07-22 to pr(at)can-cia.org.

Commercial road vehicle standardization

ISO plans to reorganize the working group (ISO/ TC22/ SC31/ WG4) responsible for this topic. The proposed new name is “commercial vehicle communication” (formerly “network applications”). In the future, the WG is responsible for the ISO 25200 (body application network, formerly standardized in DIN 4630), ISO 11992 (link between towing and towed vehicle) as well as ISO 16844 (tachograph systems). The ISO 25200 standard includes the in-vehicle gateway specification. Additionally, the WG convened by Holger Zeltwanger is expected to develop an ePTO (electrical power take-off) standard communication for high-voltage supply as well as a standard for an app interface, e.g. secondary display for body applications.

Interested parties may contact CiA office for further information. The ISO/ TC22/ SC31/ WG4 organizes a workshop on September 16, 2024 in Berlin to discuss the future of the ISO 11992 series.

Joint CiA stands in 2025

The CiA Business Committee has decided to offer all members the opportunity to be a sub-exhibitor on CiA stands in 2025. Next year, CiA plans to participate in following tradeshows: Embedded World in Nuremberg (Germany), Bauma in Munich (Germany), IVT (Germany), Embedded World in Shanghai (China), Embedded World in Austin (U.S.A.), Interlift in Nuremberg (Germany), Agritechnica in Hanover (Germany), and SPS in Nuremberg (Germany). The deadline for indicating your interest to be a sub-exhibitor by email is August 31, 2024.

Call for papers: Embedded World Conference 2025

The next Embedded World Conference takes place in Nuremberg from March 11 to 13, 2025. The organizers are calling for papers. Additionally, CiA cooperates with them in preparing a CAN technology session. The papers for this session are preselected by CAN in Automation. Deadline for abstract submissions is October 18, 2024.

The cooperation covers also the Embedded World Conferences 2025 in U.S.A and China. Related call for papers will follow.
 

New CiA members since the last CCN

  • Power Research Electronics (NL)
  • Salient Motion (US)
  • Xeryon (BE)

CiA has 744 members (July 12, 2024)

CiA Product Guides

Renewed entries:
  • CANopen: Dunkermotoren, Port Industrial Automation, Sick, Sontheim Industrie Elektronik, Sys Tec electronic

Follow us on social media

LinkedIn    YouTube

Editors: Olga Fischer, Holger Zeltwanger (responsible according to the press law)
Advertising: Birgit Ruedel (responsible according to the press law)

CAN in Automation (CiA) e. V.
Kontumazgarten 3
90429 Nuremberg (Germany)
Tel. +49-911-928819-0
www.can-cia.org
AG Nuremberg VR 200497