SEMI Consortium to Develop Cybersecurity Strategy and Roadmap for the Semiconductor Industry in NIST Framework

2 weeks ago 96
LIKE WEBLYF.COM ON FACEBOOK

MILPITAS, Calif., Sept. 30, 2024 /PRNewswire/ -- Seeking to strengthen the semiconductor industry's resilience to cybersecurity threats, the global association SEMI today announced the creation of a strategic roadmap for cybersecurity implementation throughout the industry. The SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC) has partnered with the National Institute of Standards and Technology (NIST) to develop a semiconductor manufacturing industry profile for NIST Cybersecurity Framework 2.0 (CSF 2.0) that will serve as the foundation for the aforementioned roadmap. NIST plans to publish the profile in mid-2025. 

According to research by the Identity Theft Resource Center, cyberattacks rose by 72 percentage points in 2023 over the previous all-time high in 2021. As semiconductor factories become increasingly connected and autonomous, the industry must respond to the growing security vulnerabilities associated with this next level of digital reliance and align with broader government efforts to secure the building blocks of technologies vital to society.

"Semiconductors are integral to both national security and the global economy – we need to do everything in our power to protect the industry," said Cherilyn Pascoe, Director of the National Cybersecurity Center of Excellence (NCCoE) at NIST. "NIST is pleased to partner with SEMI SMCC for the development and adoption of a NIST Cybersecurity Framework 2.0 Profile for Semiconductor Manufacturing. This collaboration is important to identify and reduce cybersecurity challenges in semiconductor manufacturing."

"It's important to recognize and address the unique cybersecurity challenges facing the semiconductor industry," said Jennifer Lynn, SMCC Working Group Chair and Semiconductor Cybersecurity Lead at IBM Research. "This community profile could allow us to better identify and execute a path forward."

In support of the 2023 National Cybersecurity Strategy's strategic objective to secure global supply chains for information, communications and operational technology products and services, the White House Office of the National Cyber Director (ONCD) included a Cybersecurity Framework Profile as part of initiative 5.5.5 in the National Cybersecurity Strategy Implementation Plan Version 2. SMCC recognized the need for a cybersecurity community profile specific to semiconductor manufacturing and worked with the federal government to develop one.

"Unlike air, space, land, and sea, cyberspace is the only battle domain created entirely by human hands," said Anjana Rajan, Assistant National Cyber Director for Technology Security at ONCD, during the Global Executive Cybersecurity Forum at SEMICON West 2024. "This means we have both the power and the responsibility to shape it. The future of cyberspace where defenders have an inherent advantage over attackers starts with preparation, and that preparation must begin with securing the building blocks."

Prior to completion, the community profile will open for public review and commentary in accordance with NIST's official process. The review period has yet to be announced. The community profile is part of a broader NIST strategy to further standardize cybersecurity protocols for the semiconductor sector, in line with profiles for other industries.

"With the committed resources and support from NIST to support SMCC working groups, we'll be able to accelerate the development of this semiconductor manufacturing industry community profile creation," said Brian Korn, Director for SMCC and Staff Technologist focused on Cybersecurity and Automation at Intel Foundry.

SMCC will provide cybersecurity recommendations for semiconductor manufacturing equipment, information on implementation, and updates on the development of the community profile. For more information, visit the project webpage or contact cybersecurity@semi.org.

SMCC working groups are engaged with the SEMI Standards program to create a standards-based approach supporting the semiconductor ecosystem by leveraging the program's 50-year history of industry alignment. SMCC is currently working on developments to two cybersecurity standards:

E187: Specification for Cybersecurity of Fab Equipment E188: Specification for Malware-Free Equipment Integration

About SMCC 

The Semiconductor Manufacturing Cybersecurity Consortium (SMCC) is a SEMI technology community founded in 2024 to develop and promote a standard based, semiconductor industry wide approach to improve cybersecurity and accelerate implementation of actionable solutions. The vision of SMCC is to strengthen cyber resilience and protection of the global semiconductor supply chain against evolving threats. SMCC's reach extends all over the world and enables our members to connect and collaborate on specific cybersecurity issues and challenges affecting different regions. It focuses on important key topics and seeks to find solutions that will benefit the entire industry. 

About SEMI

SEMI® is the global industry association connecting over 3,000 member companies and 1.5 million professionals worldwide across the semiconductor and electronics design and manufacturing supply chain. We accelerate member collaboration on solutions to top industry challenges through Advocacy, Workforce Development, Sustainability, Supply Chain Management and other programs. Our SEMICON® expositions and events, technology communities, standards and market intelligence help advance our members' business growth and innovations in design, devices, equipment, materials, services and software, enabling smarter, faster, more secure electronics. Visit  www.semi.org, contact a regional office, and connect with SEMI on LinkedIn and X to learn more. 

About NIST 

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany and other economic rivals.  

The National Cybersecurity Center of Excellence (NCCoE) under NIST is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses' most pressing cybersecurity challenges. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges. Working with technology partners—from Fortune 50 market leaders to smaller companies specializing in IT security— the NCCoE develops modular, easily adaptable example cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology. 

About ONCD

The Office of the National Cyber Director (ONCD) advises the President of the United States on cybersecurity policy and strategy. Established by Congress in 2021, ONCD is a component of the Executive Office of the President at the White House. The Office spearheaded the development of the President's National Cybersecurity Strategy, which President Biden issued on March 2, 2023. ONCD coordinates a whole-of-government approach to implement the National Cybersecurity Strategy.

ONCD's mission is to advance national security, economic prosperity, and technological innovation through cybersecurity policy leadership. In carrying out its directive, ONCD works closely with White House and interagency partners, as well as with all levels of government, America's international allies and partners, non-profits, academia, and the private sector, to shape and coordinate federal cybersecurity policy. Guided by the President's vision, as articulated in the National Cybersecurity Strategy, ONCD is working to create a more equitable, safe, and resilient interconnected world in which every American can thrive and prosper.

Association Contact 
Samer Bahou / SEMI
Phone: 1.408.943.7870
Email: sbahou@semi.org

 

Source