Renesas Electronics Corporation is planning to release its first IEC 62443-4-2 compliant secure MPU solution by the end of 2019, as part of its efforts to enable developers to reduce the amount of time needed to obtain security certification of connected industrial control systems based on its RZ/G Linux platform.
The IEC 62443 set of standards, developed by the International Society of Automation (ISA) as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS). With the proliferation of internet of things (IoT), the risk of cyberattacks on industrial control systems for infrastructure facilities, such as manufacturing plants and power stations, also grows. Hence, IEC 62443 covers all layers (operators, system integrators, and equipment suppliers engaged in the manufacturing of industrial control systems) and all players (enterprises and organizations involved in industry and public infrastructure).
Within this standard, endpoint devices such as sensors and programmable logic controllers (PLCs) must be certified under IEC 62443-4. However, the certification process imposes a significant burden on developers, requiring interpretation, preparation of the software and documentation required for certification, and executing a procedure that requires specialized expertise. Within this standard, IEC 62443-4-1 deals with development process compliance and IEC 62443-4-2 deals with the technical compliance of the devices themselves.
To help developers overcome these certification challenges, Renesas is developing an industrial security solution that supports IEC 62443-4. Together with deliverables from their activities in the Civil Infrastructure Platform (CIP) Project, Renesas claims its RZ/G Linux platform security solution will enable users to reduce the time required for obtaining IEC 62443-4-2 certification by as much as six months.
Renesas is working through the newly established CIP Security Working Group to develop secure open source software (OSS) that complies with IEC 62443-4-2, to establish guidelines for implementing security functions and applications using OSS, and to help create the testing procedures and testing environments necessary for obtaining IEC 62443-4-2 certification.