Preparing CAN Devices for the EU Cyber Resilience Act: Our New Security Reference
The EU Cyber Resilience Act does not make an exception for a device because it speaks CAN rather than Ethernet. If you build or integrate industrial control units on CAN or CAN FD, you now have to show that your product resists tampering, updates itself safely, and manages its keys with care. We have gathered what that takes into a new and free reference at https://cansecurity.net/.
The pressure comes from regulation: the Cyber Resilience Act and the Machinery Regulation turn security into a legal obligation for products with digital elements, and IEC 62443 sets the technical bar an assessor will measure you against. On some CAN nodes based on constraint microcontrollers, clearing that bar is an engineering problem rather than a checkbox.
The reference works through that problem in the order an engineer meets it. It names the threats a broadcast bus exposes, walks a risk assessment built on CVSS v4.0 and IEC 62443-3-2, and catalogs the controls that fit a fieldbus: bus-load monitoring, local injection detection, cryptographic frame security, anomaly and event monitoring, secure object access for CANopen, zoning and
segmentation, and an authenticated secure bootloader. A separate section covers key management, from the choice between symmetric and asymmetric keys through per-device diversification, the manufacturer-to-integrator-to-operator handover, and the point where a minimal public-key infrastructure is enough.
A few resources stand on their own. There is a Cyber Resilience Act Annex I requirements matrix and an IEC 62443 SL2 component-requirements table, a maintained list of CAN FD microcontrollers that pair the interface with on-chip security such as a true random number generator, secure key storage or cryptographic accelerators. Plus a set of measured benchmarks showing what SHA-256, HKDF, AES-128-GCM, Ed25519, and X25519 cost in flash, RAM, stack and time on real parts. When a datasheet claims a hardware accelerator, the benchmark page shows what improvements you can expect.
Take a look at https://cansecurity.net/ and tell us what you are missing. We will keep adding to it.
Deutsch
English












Embedded Networking with CAN and CANopen. Your technology guide for implementing CANopen devices.
Implementing scalable CAN security. Authentication and encryption for higher layer protocols, CAN and CAN-FD