Hi, I’m Kazunari Matsuoka, Senior Manager for Automotive Security at Renesas. I’ve been working in the automotive system security team at Renesas for 4 years and I’m leading the Automotive Security process activity which has been working to establish a robust cybersecurity process of automotive products in Renesas and has been supporting PSIRT (Product Security Incident Response Team) activities for Renesas automotive products. Before that, I belonged to the team responsible for the development of Secure MCUs for over a decade.
Renesas is ready to support ISO/SAE 21434
On October 2021, Renesas announced its full commitment to meet ISO/SAE 21434 road vehicles cybersecurity engineering international standard for its automotive microcontrollers (MCUs) and system-on-chip (SoC) solutions effective with new developments from January 2022. This is part of the company’s continued commitment to implement robust automotive cybersecurity management systems (CSMS) as part of the new UN Economic Commission for Europe (UNECE) regulation UN R155.
Why ISO/SAE 21434 at Renesas?
Renesas has been preparing to establish the cybersecurity process that complies with ISO/SAE 21434 since 2019. In 2019, Renesas was certified by TÜV Rheinland as compliant with the IEC 62443-4-1 standard, which specifies the requirements for the security development process of industrial products. At the same time, Renesas joined the ISO/SAE 21434 constitution working group and internally started establishing the Renesas cybersecurity process for automotive products by referring to the ISO/SAE 21434 drafts. After ISO/SAE 21434 IS was issued in Aug. 2021, we refined our automotive cybersecurity process to comply with the released ISO/SAE 21434 IS, then internally released it in Renesas. All future Renesas automotive MCUs and SoCs, with developments starting from January 2022, will sequentially follow ISO/SAE 21434 standard. This includes the company’s 16-bit RL78 and 32-bit RH850 MCUs as well as Renesas’ popular R-Car SoC Family.
How will Renesas support customers’ cybersecurity development?
To make our products compliant with ISO/SAE 21434, Renesas will develop work products during product development in accordance with ISO/SAE 21434.
To support our customers’ (OEMs and Tier1s) UNR 155 compliance activities, Renesas will provide customers four (4) standard deliverables (Work Products) described in Table.1. The names of deliverables and the reason for provisioning them to customers are described in Table.1.
Renesas to support customer’s cybersecurity maintenance for vehicle life cycle
After the product release, Renesas PSIRT (Product Security Incident Response Team) will continuously support customers. Renesas PSIRT was organized to address security issues (Incidents and Vulnerabilities) that may emerge in Renesas products. Renesas wishes to be proactive in addressing any potential security issues within our products. We have created a dedicated product security point of contact as part of our process. Please visit Renesas PSIRT.
Renesas is ready to develop semiconductor products that comply with ISO/SAE 21434. We will support our customers’ developments by providing cybersecurity-related deliverables and will continuously support customers through our PSIRT activities for the life cycle of the vehicle.