The newly released PSA Certified Security Report 2021: Bridging the Gap gave a unique view of where we are with IoT security today. Although there is growing awareness of the importance of security, the report highlighted a huge gap in the industry’s security expertise and practices. We found that under half of the companies are carrying out threat models for new products, and only 41% of respondents from small companies are happy with their in-house security expertise. With the number of hacks on the rise and IoT becoming more prevalent, it’s more important than ever to achieve an agreed baseline of security.

The report also highlighted that 85% of tech decision-makers are looking for a collaborative approach to IoT security, building a framework and industry-led set of guidelines to improve security. All of this builds on the PSA Certified mission, set two years ago, to transform embedded security and defragment the ecosystem.

Looking back over the last two years, the PSA Certified ecosystem has gone from strength to strength, with silicon vendors, software providers and device manufacturers, all working with PSA Certified to navigate the complexities of IoT security – we now have a total of 60 PSA Certified products from over 30 partners. Together we are ensuring that our partners are implementing best practice security at every stage of product development.

In this blog we look at some of our major achievements over the last year, demonstrate how the ecosystem has revolutionized embedded security and share some hints at what is coming in 2021 and beyond.

A Strong Year for Certifications

In our second year, we have seen more industry leaders choosing to certify their products using the PSA Certified framework, in order to demonstrate their commitment to security best practice.

Silicon Providers Ease the Certification Route for OEMs

Commitment from silicon and software providers puts the Root of Trust (RoT) right at the heart of devices, enabling OEMs to leverage security in their products. Silicon providers have backed PSA Certified from the very beginning of the journey, and continue to choose the PSA Root of Trust (RoT) as their secure foundation.

  • In 2020, we had new PSA Certified Level 1 certifications from long-term partners Renesas, NXP, Nordic and Infineon, plus a certifications from new partners Xiamenshi C-CHIP and GigaDevice.
  • Following our announcement of PSA Certified Level 2 in 2019, we have seen a wave of certifications from silicon vendors eager to demonstrate increased robustness and achieve PSA Certified Level 2 including STMicroelectronics, NXP, Renesas, Unisoc, NXM Labs, Nuvoton and Silicon Labs.
  • PSA Certified Level 2 Ready is open to vendors who can’t meet all the criteria for PSA Certified Level 2 but want to help fast track certification for their partners. This year we had certifications from Winbond and Arm.
  • New for 2020 was PSA Certified Level 3 which showcases substantial security robustness of the PSA-RoT. This is a high bar for silicon vendors to reach and we’re pleased to announce that Silicon Labs are officially the first ever chip to be PSA Certified Level 3.

Commitment from Silicon and Software Vendors Building in Best Practice with Common APIs

PSA Certified also places importance on software vendors to implement security best practice and adopt common APIs to make it easier to extend the RoT services throughout systems.

PSA Certified Level 1: Critical Uptake from Device Manufacturers

It’s critically important that the RoT foundation created by the silicon vendors and software providers is consumed and utilized in end-devices. The composition of our scheme allows device manufacturers (OEMs) to leverage existing silicon and software certifications, further easing the security journey at the device level. In 2020 we saw more certifications from industry-leading OEMs including Embedded Planet, Flex, SDT Inc., Veridify and InGeek.

Evolving PSA Certified to Break Down IoT Security Complexities

The PSA Certified founders have taken some fundamental steps this year to reduce fragmentation in the industry.

  • Regulation alignment: Our survey identified that the fragmentation of standards and regulations is a top challenge. We are continuing to monitor emerging IoT security standards to ensure that PSA Certified Level 1 aligns with most major guidelines. This includes ETSI 303 645, NISTIR 8259 and California State Law SB-327. Alignment helps all members of the value chain navigate a traditionally complex regulatory environment and facilitates the global applicability of products.
  • Easing certification with composite evaluation: Version 2.1 of the PSA Certified Level 1 questionnaire, released in 2020, provides flexible composition of certificates. This allows device makers to use a certified chip and certified system software that have showcased correct use of the PSA-RoT, meaning the device manufacturer only needs to answer the device level questions to achieve certification.
  • Collaboration to ease fragmentation in certification: This year we celebrated a strategic new partnership with IoXT Alliance where they recognize PSA Certified and the PSA-RoT in their product evaluations, helping to align silicon-level security across the industry. We’re also working with UL to consider how PSA Certified fits in with their UL Secure Component Qualification.
  • Choice in protection profile: We also believe that choice is crucial for IoT security, as it offers more flexibility to our partners. That’s why at PSA Certified Level 2 and PSA Certified Level 3 we’re now offering two choices of methodology: a common language protection profile, plus a GlobalPlatform SESIP protection profile. You can find all versions of the protection profiles here.
  • PSA Certified Foundational Training Course: A training course to guide all members of the value chain through their certification has been developed by the world-class training team at Arm, one of the PSA Certified co-founders. The course has been designed for decision makers and architects, providing them with an overview of the PSA Certified scheme, why it’s important and how it can be used.

Embedded World 2021: Back Where It All Began

We’re excited this week to be taking part in Embedded World, the event where we first launched PSA Certified two years ago. This year we have a PSA Certified virtual booth with exclusive roundtables from our world-leading evaluation labs, plus an update on PSA Certified from Rob Coombs, Business Development Director at Arm and PSA Certified co-founder, live in the conference track.

Join the PSA Certified ecosystem at Embedded World as we discuss the challenges of IoT security, the opportunities that lie ahead and how we can work together to take steps today to secure tomorrow. Learn more about our presence at the event here.

Looking to the Future

Thanks to the hard work of the PSA Certified founders and our partners, we have overcome obstacles and celebrated a hugely successful year. PSA Certified is committed to embracing a collaborative approach to bridge the gap and secure the future of the IoT. Our momentum will continue to grow this year and for years to come with more partners joining our ecosystem and helping to heal IoT security fragmentation.  Join the ecosystem that is revolutionizing embedded security and deploy with confidence today.