Each control answers one specific failure mode; combined, they form depth.

CAN Security Solutions

The catalog of in-scope defensive controls for CAN and CAN FD systems. The entries cover frame-level prevention and detection, application-layer access control, audit logging, authenticated firmware update, and the system-level zoning that decides where each control lives. See Defense in Depth for how to layer them into a posture that meets your IEC 62443 security level, and Threats for what each one defends against.

Solutions Available Today

Each entry below is a defensive control on the CAN side of the system. Click through for the technical depth, the IEC 62443 mapping, and references to the implementations that realize each control. The per-node shells each fit a single column on the threats matrix; Zoning / Segmentation and Secure Bootloader are system-level measures applied selectively, treated separately in the prose below the matrix.

Solution × Threat Matrix

Coverage of each defensive shell against threats and CRA / IEC 62443 requirements.

Coverage of each defensive shell against threats and requirements.
Threat Bus Load
Monitoring
Local Injection
Detection*
Frame
Security
Anomaly Event
Monitoring
Secure Object
Fieldbus Access
Sniffing
Injection or Replay partial partial
Node Spoofing partial partial
Bus Flooding partial
Configuration Tampering partial partial partial
Requirement Bus Load
Monitoring
Local Injection
Detection*
Frame
Security
Anomaly Event
Monitoring
Secure Object
Fieldbus Access
Confidentiality
Integrity partial partial
Node Authentication partial
Configuration Protection partial partial
Bus Flooding Detection partial
Security Event Log partial partial
IEC 62443 SL1
IEC 62443 SL2 partial partial partial partial partial
IEC 62443 SL3 partial partial

Legend: ✓ primary fit · partial contributes but not standalone · dash not applicable.

* Local injection detection raises an alarm on the node whose ID was spoofed. Acting on that alarm requires a channel that reaches beyond the local node; regular CAN communication does not provide one, so the alarm has to be reported via Anomaly Event Monitoring or an equivalent out-of-bus path.

Secure Object Fieldbus Access covers only the Object Dictionary entries that are marked as security-protected, not every object.

Zoning / Segmentation is a system-level architectural pattern from IEC 62443 rather than a per-node defensive shell. The CAN system is divided into separate segments by risk profile, with controlled bridges between them. The pattern is applied selectively: classical CAN stays where wiring is physically protected, while CAN FD with frame protection covers segments where connectors or wires are more exposed.

Secure Bootloader is a composite control: depending on the implementation, it combines several of the security methods and shells listed above. It is a separate operation mode, typically diagnostic or maintenance, and does not run during regular operation; in industrial systems, firmware updates are not installed while the device is operating normally.

Frequently Asked Questions

What is the difference between Solutions and Defense in Depth on this site?

Solutions is the catalog of individual defensive controls and what each one does at the protocol or application level. Defense in Depth is the strategy layer that explains how to combine those controls into layered protection for a given threat profile and IEC 62443 security level. Use Solutions to look up what a specific control does; use Defense in Depth to decide which combination fits your system.

Which solution do I need for IEC 62443 SL3?

Reaching SL3 typically requires cryptographic frame authentication. Frame Security is the primary control. Pair it with Anomaly Event Monitoring for SR 6.x audit logging and, where the application layer matters, Secure Object Fieldbus Access for object-level integrity and confidentiality.

Can these solutions be combined?

Yes, and most non-trivial deployments combine several. The catalog entries are deliberately complementary: detection controls (Bus Load Monitoring, Local Injection Detection, Anomaly Event Monitoring) surface attacks that the cryptographic controls (Frame Security, Secure Object Fieldbus Access) are designed to prevent; Zoning and Segmentation partitions the system so the right control applies at the right exposure level; Secure Bootloader gates what code runs in the first place. See Defense in Depth for guidance on which combinations match a given IEC 62443 security level.