E169 – Guide for Equipment Information System Security
By Mitch Sakamoto, System Development Center, Tokyo Electron
Recently, security incidents such as computer viruses, cyber-attacks, IP leaks, information system intrusion, and destruction of information have become increasingly prevalent. In the 1990s, information security was not a high priority for the equipment controllers used in semiconductor manufacturing, as the biggest challenge of the era for computer systems was to support higher performance in processing wafers. Entering the 2000s, however, the industry began to experience information security incidents in manufacturing facilities, and today, information security is an indispensable requirement for semiconductor fabs, and measures should be taken for the security of equipment control systems as well as for factory computer systems.
In implementing the information security measures in semiconductor manufacturing equipment operations, we have faced several difficulties. One is implementation of the anti-virus capabilities to the equipment controller. The concern is that the anti-virus activities consume computer resources to the level of degrading equipment performance. To address this problem, the Information & Control Committee’s Equipment Interface System Security (EISS) Task Force developed SEMI E169-0414 - Guide for Equipment Information System Security which suggests the “whitelist” method that is now getting well known as a better choice for mission-critical systems that should be non-stop and real-time in the operation.
Equipment has an abundant amount of information on products and process specifications which should be treated as classified and protected against illegal operation from the access control. However, in reality, much equipment may not be providing well-designed access control. This standard recommends implementation of well-designed access control to all equipment, to assure the security. As a solution for the access control, the standard is suggesting application of the role-based access control.
The log contains comprehensive information related to process, equipment activity/behavior, or manufactured product. Since the log contains such significant information, however, in some cases the log is not permitted to be used for the troubleshooting. The challenge is to make the log information available for troubleshooting purposes in a secure manner. E169 addresses this problem and contains a description of how to make the logged information available for the troubleshooting.
We have had many discussions on how security measures should be implemented among users and suppliers, which has led to many different solutions. This process is inefficient in terms of cost, quality, and delivery time, and there are concerns that the robustness and sustainability of these solutions. In developing E169, we strove to provide a common baseline for information security of semiconductor manufacturing equipment.
In developing E169, the Equipment Information System Security (EISS) Task Force outlined best practices and policies for security, effectively sharing industry knowledge of widespread problems and measures currently taken in the industry. This information was compiled into E169, which is not intended to define any required specifications but rather suggest technologies or options to increase awareness.
The standard addresses the following security measures for the equipment layer:
- Malware Protection
- Deactivation of redundant services
- Access Control
- Classifying and Separating Information
- Providing information for Audits
While this standard addresses only the solutions for the equipment layer, we should recognize, as a matter of fact, that this alone will not achieve security. Security in the entire factory should be managed by the factory system layer. The solutions implemented on the equipment should be integrated and managed by the factory system.
Although E169 has been published, it might be just the start of the discussion. This standard has not deeply addressed the details of the technology. Nor it has covered the entire security scheme, as it has been compiled with only the knowledge of the security we had.
We need to continue being conscious about emerging new problems to build truly secure information systems, while being conscious about the tradeoffs to feasibility and cost. The standard can be revised to capture the emerging new security issues and the Information and Control Committee is expected to discuss these issues in the future.
The EISS task force was established at the Information and Control Japan TC Chapter meeting in December 2011, and the SNARF for the EISS Guide (Doc. 5422) was approved at the same meeting. Major semiconductor equipment suppliers and relevant software suppliers in the Japan TC Chapter joined to discuss the ballot. The ballot was discussed mainly in the Japan TC Chapter but the task force actively worked to get attention from all over the world, with progress frequently reported at meetings in the Information and Control the North America TC Chapter, before it was issued globally to all members of the Information & Control Committee for review and comment.
The authors would like to thank all members of the EISS Task Force for their contribution in the ballot development, as well as the members of the SEMI North America TC Chapter for support, especially in regards to writing in English.
SEMI, Standards Watch - June 2014