Supporting IEC 62443 and Protecting Industrial Control Systems Against Cyberattacks
Renesas Electronics Corporation today announced plans to release a security solution based on the Renesas RZ/G Linux Platform that will reduce the amount of time required for users to obtain certification under IEC 62443-4-2, a new international standard for security technologies used to protect industrial control systems from cyberattacks.
In today’s connected world, robust security measures are essential. Cyberattacks on industrial control systems for infrastructure facilities such as manufacturing plants and power stations pose the risk of serious disruption to people’s lives and to the economy.
For this reason, the IEC established the IEC 62443 international security standard covering all layers (operators, system integrators, and equipment suppliers) engaged in the manufacturing of industrial control systems and all players (enterprises and organizations involved in industry and public infrastructure). Within this standard, endpoint devices such as sensors and programmable logic controllers (PLCs) must be certified under IEC 62443-4.
The certification process imposes a significant burden on developers. It requires them to interpret the difficult standard, to prepare the software and documentation required for certification, and to execute a procedure that requires specialized expertise.
To help developers overcome these certification challenges, Renesas is developing an industrial security solution that supports IEC 62443-4. Together with deliverables through the activities in Civil Infrastructure Platform (CIPTM) Project, the Renesas RZ/G Linux Platform security solution will enable users to reduce the time required for obtaining IEC 62443-4-2 certification by as much as six months.
“At the end of February 2019, the international standard version of IEC62443-4-2 was officially released,” said Shigeki Kato, Vice President of Renesas’ Enterprise Infrastructure Business Division, Industrial Solution Business Unit. “Renesas supports the adoption of IEC 62443 across the entire industry and is working to roll out this solution as soon as possible as part of an all-out effort to support our customers’ efforts to acquire certification.”
Within the IEC 62443-4 standard, IEC 62443-4-1 deals with development process compliance and IEC 62443-4-2 deals with the technical compliance of the devices themselves. Renesas is working through the newly established CIP Security Working Group to develop secure open source software (OSS) that complies with IEC 62443-4-2, to establish guidelines for implementing security functions and applications using OSS, and to help create the testing procedures and testing environments necessary for obtaining IEC 62443-4-2 certification.
“By promoting the widespread adoption of OSS, CIP aims to make secure civil infrastructure systems a reality. IEC 62443-4 is a key role in this as industry priority, which is why CIP is aligned with supporting and promoting it,” said Urs Gleim, CIP Governing Board Chairman and Head of Smart Embedded Systems for Siemens AG. “I am confident that the new Security Working Group led by Renesas will advance the adoption of OSS in industrial machinery and contribute to the realization of secure smart factories and infrastructure.”
Renesas supports embedded Linux devices in the industrial field with the RZ/G Linux Platform, a one-stop solution combining a high-performance RZ/G microprocessor (MPU) and a fully-verified Linux package with a guaranteed, ultra-long-term support. The new security solution will include all the software and documentation necessary for obtaining IEC 62443-4-2 certification, providing an optimal development environment for products employing the RZ/G Linux Platform.
The new security solution was developed combining Renesas’ efforts made through the CIP Security Working Group and the RZ/G Linux Platform, and will enable users to reduce their IEC 62443-4-2 certification time by up to six months. Moving forward, Renesas will continue to provide solutions with IEC 62443-4 support while working to advance enhanced endpoint intelligence in the OT field to develop shared technologies such as security technology and functional safety technology.
The new IEC 62443-4-2-compliant security solution is scheduled to be available by the end of 2019, starting with the RZ/G2M MPU. The solutions for other RZ/G2 MPUs will be available over time. (Availability subject to change)