A CAN controller safe against a CAN-communication-based hacking attack includes each CAN controller that filters a message to be transmitted to a CAN bus. A corresponding CAN controller filters only a message having a valid transmission ID to be transmitted. The CAN controller safe includes a transmission buffer, a transmission filter unit, a protection memory and a filter value setting unit. The transmission buffer unit temporarily stores transmission data to be transmitted to a CAN bus. The transmission filter unit has message IDs allowed to be transmitted as a transmission filter, configured to search for a message ID of the transmission data in the transmission filter, and filter the transmission data. The protection memory stores one or more filter values of the transmission filter and the filter value setting unit is configured to fetch the filter value stored in the protection memory.