Alan Weber

The SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC) Work Group 3 (Supply Chain Cybersecurity) just released a major work product that will have a significant and lasting positive impact on the industry: the “Standardized Semiconductor Cyber Assessment (SSCA)” questionnaire. Creating a common security assessment process for device makers, equipment suppliers, software suppliers and other members of the global manufacturing value chain has been one of the principal focus areas for the SMCC from its outset. Its aim is to replace the plethora of company-specific questionnaires that are maintained, distributed, filled out, evaluated, and discussed. Given the breadth and importance of this objective, the work group involved expert stakeholders from across the globe, and the quality of their collective efforts reflects the robustness of this approach.This first-of-its-kind resource helps companies:Evaluate cyber readiness and reduce supply chain riskStreamline compliance with one standardized assessmentBuild trust and share results across multiple clientsAlign with NIST CSF 2.0 and industry best practicesHow is the SSCA structured?The questionnaire takes its basic structure from the Capability Maturity Model Integration (CMMI) framework, which is designed to improve and integrate processes across multiple disciplines, such as software development, system engineering, system testing, and even people management. It defines five distinct maturity levels for the relevant parts of an organization or aspects of a major topic (see figure below) with general explanations of what it means to be at a particular level.Source: WikipediaWorkgroup 3 tailored this model to the unique cybersecurity challenges faced by the semiconductor manufacturing supply chain, identifying six activity areas inspired by the NIST Cybersecurity Framework 2.0—Govern, Identify, Protect, Detect, Respond, and Recover. Within each area, there are specific descriptions of the attributes an organization must exhibit to be at a certain level.What does the SSCA include?The SSCA is delivered in multi-tab spreadsheet form with a tab of instructions and a tab of questions. Some of the questions are multiple choice (“Which CMMI maturity level are you, based on the attributes listed?”) and many are Yes/No (“Does the organization use secure technologies to share sensitive data with suppliers?”). In total, there are 165 questions across the six activity areas.The latter is already offered in five languages: English, Korean, Traditional and Simplified Chinese, and Japanese.How can I get the SSCA?Click here and fill out the form to download the SSCA.“Remembrance of Things Past” or has this ever been done before?No… and sort of.Those of you who remember the state of the semiconductor manufacturing industry in the early 90s will recall that one of the biggest problem areas was the poor and inconsistent quality of the embedded equipment control and communication interface software. SEMATECH and its member companies saw this as an ideal pre-competitive domain for the consortium’s focus, so the Manufacturing Systems Division evaluated best practices in the software engineering community of that era and selected the Capability Maturity Model (CMM) of Carnegie-Mellon’s Software Engineering Institute. Sound familiar?While wholly adopting the CMM at that time was beyond the reach of most equipment suppliers, the nugget that emerged was the decision to standardize on a set of “4-Up” charts that conveyed the most basic of software quality metrics. This got everyone using the same vocabulary, definitions, and visualization techniques to compare progress across process areas and timeframes, which was instrumental in identifying and addressing the root causes of the software issues. An example of a typical software quality “4-Up” chart appears below.Source: Techno-pmAnd in related news!Given the WG 1,2 recent (mid-July) release of the SEMI E187 Compliance Guidance document and the formation of the new South Korea Cybersecurity Work Group (WG9), the SMCC is poised to realize its vision of accelerating the adoption of SEMI Cybersecurity standards while creating vital complementary material.For more information or to participate in the cybersecurity working groups at SEMI SMCC, please contact Mayura Padmanabhan at [email protected] Weber is the VP, New Product Innovations at PDF Solutions and a long-time SEMI Standards participant, currently co-leader of the Equipment Data Publication Task Force and Computer and Device Security Task Force.

Even for someone who has been in this industry since the days of the TI Datamath 4-function calculator and the TMS1100 4-bit microcontroller (yes, that’s been a LONG time – the movie Grease premiered the same year!), it is sometimes hard to grasp the scope and complexity of what happens in today’s leading-edge semiconductor gigafabs. In fact, the only way to comprehend the enormous volume of transactions that occur is to consider what happens in a single minute – this is illustrated in the infographic we have labeled “The Gigafab Minute.”* It’s amazing enough to think that a single factory can start 100,000 wafers every month on their cyclical journey through 1500 process steps… and have 99%+ of them emerge 4 months later to be delivered to packaging houses and then on to waiting customers. It’s quite another to realize that all of this happens continuously (24 x 7) and automatically. “How is this possible?” you ask.Well, a big part of the solution is the body of SEMI standards which have evolved since the early 80s to keep pace with the ever-changing demands of the industry. From an automation standpoint, many of these standards deal with the communications between manufacturing equipment and the factory information and control systems that are essential for managing these complex, hyper-competitive global enterprises.A significant characteristic of these standards is that they have been carefully designed to be “additive.” This means that new generations of SEMI’s communications standards do not supplant or obsolete the previous generations, but rather provide new capabilities in an incremental fashion. To appreciate the importance of this in actual practice, consider how the GEM, GEM300, and EDA/Interface A standards support the transactions that occur in a single Gigafab Minute.Starting at 1:00 o’clock on the infographic and moving clockwise, you first notice that 2.31 wafers enter the line. Of course, these are actually released in 25-wafer 300mm FOUPs (Front-Opening Unified Pod), but 100K wafers per month translates to 2.31 per minute. Since these factories run continuously, once the line is full, it stays full. And with an average total cycle time of 4 months, this means that there are 400K wafers of WIP (work in process) in he factory at any given time. This number, and the total number of equipment (5000+), drive the rest of the calculations.GEM (Generic Equipment Model) – SEMI E30, etc.The GEM messaging standards were initially defined in the early 90s to support the factory scheduling and dispatching applications that decide what lots should go to what equipment, the automated material handling systems that deliver and pick-up material to/from the equipment accordingly, the recipe management systems that ensure each process step is executed properly, and the MES (Manufacturing Execution System) transactions that maintain the fidelity of the factory system’s “digital twin.”Every minute of every day, GEM messages support and chronicle the following activities: 240 process steps are completed (i.e., 240 25-wafer lots are processed), 300 recipes are downloaded along with a set of run-specific adjustable control parameters, and 600 FOUPs are moved from one place to another (equipment, stockers, under-track storage, etc.). For each of these activities, the factory’s MES is notified instantaneously.GEM300 – SEMI E40, E87, E90, E94, E157With the advent of 300mm manufacturing in the mid-to-late 90s, a global team of volunteer system engineers from the leading chip makers defined the GEM300 standards to support fully automated manufacturing operations. Starting at 5:00 o’clock on the infographic, the number of transactions per minute jumps almost 3 orders of magnitude, from the monitoring of 900 control jobs across 4000 process tools to the tracking of 360,000 individual recipe step change events. This level of event granularity is essential for the latest generation of FDC (Fault Detection and Classification) applications, because precise data framing is a key prerequisite for minimizing the false alarm rate while still preventing serious process excursions. In this context, more than 6000 recipe-, product- and chamber-specific fault models may be evaluated every minute.Simultaneously, the applications that monitor instantaneous throughput to prevent “productivity excursions” and identify systemic “wait time waste” situations depend on detailed intra-tool wafer movement events. In a fab with hundreds of multi-chamber, single-wafer processes, 75,000 or more of these events occur every minute. EDA (Equipment Data Acquisition) – SEMI E120, E125, E132, E134, E164, etc.Rounding out the SEMI standards in our example gigafab is the suite of EDA standards which complement the command and control functions of GEM/GEM300 with flexible, high-performance, model-based data collection. The EDA standards enable the on-demand collection of the volume and variety of “big data” required from the equipment to support the advanced analysis, machine learning, and other AI (Artificial Intelligence) applications that are becoming increasingly prevalent in leading semiconductor manufacturers. As EUV (Extreme Ultraviolet) lithography moves from pilot production to high-volume manufacturing at the 7nm process node and beyond, the litho process area will become a major source of process data by itself, generating 10 GB of data every minute. This is in addition to the 100 GB of data collected from other process areas. The End ResultThe final wedge (12:00 o’clock) in our infographic highlights the real objective – which is producing the millions of integrated circuits that fuel our global economy and provide the technologies that are an integral part of our modern way of life. Assuming a nominal die size of 50 square mm (typical of an 8 GB DRAM), the 2.31 wafers we started at 1:00 o’clock result in almost 3200 individual chips. But none of this would be possible without the pervasive factory automation technology we now take for granted. So, as you finish reading this posting on whatever device you happen to be using, take a micro-moment to acknowledge and thank the hundreds of standards volunteers whose insights and efforts made this a reality!You may not be responsible for running a gigafab anytime soon, but the SEMI standards used in this setting are no less applicable to any Smart Manufacturing environment. Give us a call if you’d like to know more about how these technologies can benefit your operations for many years to come.Alan Weber is Vice President, New Product Innovations, at Cimetrix Incorporated. Previously he served on the Board of Directors for eight years before joining the company as a full-time employee in 2011. Alan has been a part of the semiconductor and manufacturing automation industries for over 40 years. He holds bachelor’s and master’s degrees in Electrical Engineering from Rice University. For more information on SEMI Standards, please click here.