Cybersecurity has never been more important. The advances in artificial intelligence (AI) that are generating new business opportunities and fueling people’s imaginations are also creating new risks. Hackers will want to take advantage of the increase in the volume and value of data that’s being shared, processed and stored in the cloud and at the edge. That means organizations are under even more pressure to safeguard their devices and data, alongside protecting their AI models from theft or misuse.
Many businesses know they’ll have to step up security to successfully deploy AI at scale. Sixty-nine percent of the more than 1,200 technology decision makers we surveyed for the PSA Certified 2024 Security Report said they’re placing more importance on security now as a result of AI. However, most respondents also felt that what they’re doing won’t be enough. Seventy-eight percent agreed there’s a need to do more to prepare for AI. The question is, what else can they do?
Industry and Governments Address Security Concerns
To address growing security concerns, eighty-five percent of the people we surveyed believed that AI will, increasingly, be deployed at the edge. There are advantages in processing, analyzing and storing data at the edge of the network or on the device itself. It’s more efficient, responsive, reliable and secure. However, the costs of any weaknesses in security may also be substantial.
The increase in the number of edge AI devices being deployed is one of two important developments that will continue to have an impact on the ecosystem in 2024 and beyond. The second is the increasing number of security laws and baseline requirements that the electronics industry is expected to meet.
Governments are now demanding that product manufacturers comply with security best practice. New requirements are being introduced in several countries including the UK and Europe, and a voluntary scheme is being developed for the USA. I compare the process of navigating all the legislation and requirements to eating a bowl of spaghetti. Whenever we speak with the device manufacturers (OEMs) and design manufacturers (ODMs) responsible for this, they tell us it can be very difficult to manage!
Security Framework and Certification Scheme for Connected Devices
Thankfully, help is available. Just over five years ago, Arm and six other founding partners developed PSA Certified, a four-step security framework and independent certification scheme that walks people through the process of building the right level of security into a connected device. We started with analyzing the threats to a product, then selecting and implementing trusted components, and finally putting the silicon, software, system or device forward for evaluation by a third party.
The PSA Certified framework makes securing connected products quicker, easier and more cost effective for everyone in the supply chain. It also unravels the complexity of current and emerging regulations by mapping to major security requirements worldwide. That means companies will know where to start their security journey and there’s a simple path to follow to compliance. Product manufacturers that go on to achieve security certification can also assure their customers and regulators that cybersecurity risks have been addressed.
Quote
Building trust in the ecosystem is essential. Without trust you won’t be able to build collaboration, which is really at the heart of what we do in PSA Certified.
Over the years, support for PSA Certified and its approach to security has continued to grow. The seven PSA Certified founders have grown to eleven companies that meet weekly to maintain the scheme. They are joined by more than 200 PSA Certified product certifications. That includes over 90 PSA Certified chips, more than 30 certified devices and 30 software platforms. There are also Root of Trust components and APIs.
I’m incredibly proud to be able to say that most of the certified components mentioned above are built on Arm, which reflects our own ongoing commitment to security, which includes decades of designing CPU architecture security features into our products, which are deployed by our partnership from the ground up. We’ve always believed that it would take a collaborative effort to protect connected devices from the increasing number of cyberattacks, and we’re proud to be at the centre of an ecosystem doing exactly that. We can go further now and say that the success of new technologies including AI will also depend on our ability to build trust within the ecosystem, with consumers and regulators. I speak about the importance of trust in this video.
The industry is already moving in the right direction but there’s more work to do. Our Security Report shows that more than two-thirds of respondents (68%) believe the rapid advances in AI could outpace the industry’s ability to secure products, devices and services. That means increasing our investment in security now, so it scales alongside AI. One won’t be successful without the other.