Solid Security for the Connected World

Security Problems and Challenges

With an estimated 14 billion devices connected to the Internet today and an estimated 50 billion connected devices by 2020, the Internet of Things (IoT) offers a tremendous market opportunity. But it also presents a major security risk. Why? First and foremost, the vast majority of all connected devices in use today have inadequate security. This can either be down to the lack of training for security in embedded systems or the product’s security level not being sufficiently tested. For example, in the healthcare industry, problems and chaos created by the rising barrage of malicious hacking events make it clear that achieving solid cybersecurity protection should be a top priority for OEMs developing connected medical devices.

Regulations and Guidelines in Each Industry

Until recently, the regulatory process mainly focused on quality, safety and basic essential performance.

It did not take into account—or screen for—security related controls. Fortunately, technical standards and regulatory thinking concerning cybersecurity issues seem to be converging and maturing. For instance, the National Highway Traffic Safety Administration (NHTSA) released guidance to the automotive industry for improving motor vehicle cybersecurity. In the healthcare industry, the FDA released pre- and post-market guidance for medical device cybersecurity based on the NIST cybersecurity framework. VDMA (Verband Deutscher Maschinen- und Anlagenbau, Mechanical Engineering Industry Association) released the “Industrie 4.0 Security Guidelines”.

Security Regulations and Guidelines

With security now deeply embedded in the regulatory process, everyone must address the issue directly and effectively. Therefore, planning for compliance and implementing best practices have to proceed hand-in-hand.

Security Principles

Security regulations and guidelines establish basic security principles. These principles include:

Design for Security

There are many existing design processes for embedded systems, all of which establish threat analysis, security requirements, secure design, implementation, test/verification for security, and a response plan in the event of any issues following the release of the product.

Multiple Protection Layers (Defense in Depth)

In security applications, protection is most often implemented in multiple layers to prevent different types of attacks and provide redundancy and traceability.

Protection across the Product Lifecycle

Lifecycle management is vital to an OEM’s ability to maintain the security and integrity of their products from production, to shipment, to deployment, and ultimately to their end-of-life.

Hardware Root-of-Trust

Roots of Trust (RoTs) are the foundation of assurance of the trustworthiness of a device. As such, RoTs are security primitives composed of hardware, firmware, and/or software that provide a set of trusted, security-critical functions. (NIST SP-800-164, Hardware Roots of Trust)

Layered Security Solutions Illustration
Layered Security Solutions
protection across the product lifecycle block diagram
Protection across the Product Lifecycle


类型 日期 升序排列
Automotive Security 基本页面 2021年2月19日
Renesas PSIRT 基本页面 2020年11月4日
Smart Living 基本页面 2020年7月9日
保障物联网安全的 MCU 解决方案 基本页面 2020年8月18日
Smart Infrastructure 基本页面 2020年7月9日
Smart Factory 基本页面 2020年7月9日
IoT Security: Renesas Mission and Commitment 基本页面 2020年7月9日