Since PSA Certified was founded, we have been supporting the technology ecosystem across the world to adopt a security by design approach that helps protect consumers data and privacy. We know from our own PSA Certified 2023 Security Report, that we’re now beyond a place where consumers actively expect it security to be built into devices. As consumer awareness of security standards have increased, we’ve seen that industry investment in security features, experts and certification has continued to grow, with expenditure on every facet of security up year-on-year. Our own research has shown that 70% say that the value consumers place on security has increased in the past 12 months.
Despite a lot of work and investment from the technology ecosystem to build security into devices, it’s almost invisible to the consumer. When a consumer buys a connected device today either in a retail store or online, there is no visible way for them to know if it has followed best practice security by design, such as securing communications and using validated updates. It is also difficult for a consumer to understand how their data will be shared or protected.
This is why the announcement from the White House of the creation by the Federal Communications Commission (FCC) of a voluntary, consumer facing security label is a significant and positive step for consumers. The US Cyber Trust Mark has the future potential to help fix this for millions of consumers by providing an external mark to show the device has been designed with security in mind and a means to access live, online, information on those security features. It is anticipated that the FCC will launch the label in 2024 based on NIST requirements.
Since 2019, PSA Certified has been operating as an independent certification scheme, measuring the robustness of products at different levels. Our entry level scheme, PSA Certified Level 1, has since seen over 130 products certified. It’s designed to be a business-to-business stamp as a measurement of security best practice for chips, software and devices. PSA Certified Level 1 version 2.2 is already aligned with NIST cybersecurity baseline requirements which is important for the USA market, and therefore well positioned to prepare for this new scheme. It also is aligned to EN 303 645, PSA Certified Security Model Goals and, in the next version, EU Cybersecurity Resilience Act and UK PSTI legally enforceable security requirements for Europe.
The catalogue of products with PSA Certified Level 1 certificates, already showcase alignment to some of the most fundamental and foundational security requirements, while the products at PSA Certified Level 2 and PSA Certified Level 3 showcase documented lab investigation to resisting remote software and physical attacks respectively. This catalogue represents the proactive steps that the PSA Certified technology ecosystem has taken to meet these cybersecurity baseline requirements and deploy hardware-based security for higher security robustness.
We are proud of the proactive effort from the PSA Certified partnership who are collectively working to continuously raise the bar on device security. We are committed to helping the electronics industry by defragmenting security requirements and being a foundational security by design scheme that can be used globally. We look forward to seeing the technology ecosystem embrace this new voluntary scheme and the advantages it will bring for consumers.