At SEMICON West, NY CREATES provided a deep examination of data security risks across semiconductor fabrication ecosystems. Their perspective reflected a reality that is becoming increasingly clear across the industry: in semiconductor manufacturing, data is both an invaluable asset and a critical vulnerability.
As fabs have embraced automation, cloud analytics, advanced modeling, and cross-organizational collaboration, the volume and sensitivity of data have grown exponentially. But visibility, governance, and segmentation practices have not always kept pace. NY CREATES’ session illustrated how data now travels through a complex mesh of tools, partners, and workflows—creating numerous opportunities for exposure.
1. Fab Data Is One of the Most Valuable Assets in the Technology Economy
Semiconductor fabrication data includes:
- Design and layout files
- Process recipes and metrology parameters
- Equipment telemetry
- Engineering change records
- Yield models
- Supplier-shared datasets
NY CREATES characterized this information as the lifeblood of semiconductor competitiveness.
If compromised, IP can be stolen, processes altered, or product integrity undermined. The stakes are not theoretical; they extend into national security realms given the strategic importance of advanced semiconductors.
2. OT/IT Convergence Introduces New Forms of Risk
Historically, semiconductor fabs relied on isolated systems, but modern manufacturing demands tighter integration. As NY CREATES noted, engineering environments, OT equipment, R&D infrastructure, and enterprise IT now intersect regularly.
This interconnection introduces systemic risks:
- Tools may rely on data from both OT and IT networks
- Engineering desktops can serve as bridges across segments
- Legacy systems store sensitive data without modern protection
- Cloud-enabled workflows introduce external dependencies
In short, the attack surface has grown dramatically. The risks are magnified by the fact that many legacy OT systems were never designed to manage data securely.
3. Vendor Access Represents One of the Highest-Risk Exposure Points
A notable highlight from NY CREATES’ presentation was the emphasis on third-party access risk. Vendors often require elevated access privileges to maintain, calibrate, or troubleshoot equipment.
However, speakers illustrated that:
- Remote access tools may lack adequate security
- Vendor accounts can be compromised
- Visibility into vendor actions is often limited
- Privilege levels frequently exceed what is necessary
NY CREATES urged fabs to view vendor interactions not simply as operational processes, but as cybersecurity dependencies requiring continuous oversight.
4. Mapping Data Flows Is Critical for Reducing Exposure
NY CREATES emphasized that organizations cannot secure what they cannot see. Many fabs do not maintain accurate maps of:
- Where sensitive data is stored
- How it moves between systems
- Which users and vendors can access it
- How data is aggregated for reporting or analytics
Understanding these flows allows organizations to:
- Identify high-risk aggregation points
- Implement data classification and tagging
- Design secure enclaves
- Reduce unnecessary exposure
This structured approach to data governance strengthens both security and operational reliability.
5. Building Strong Security Programs Requires Cross-Functional Alignment
NY CREATES emphasized that securing fab data requires cooperation between cybersecurity teams, process engineers, R&D groups, vendor managers, and manufacturing leadership.
Effective programs must include:
- Identity governance
- Continuous monitoring
- Access controls aligned to data sensitivity
- Enforcement of least privilege
- Governance workflows for vendor interactions
By aligning these groups, fabs can reduce risk while maintaining operational efficiency.
Source: “Secure Together: Building Cybersecurity Resilience Through Industry Alliances,” SEMICON West 2025. Speakers: James Kaplan (McKinsey & Company); Quentin Kantaris (TXOne Networks); Bradford Hegrat (Accenture); Nijaz Velic and Richard Morris (NY CREATES); Tom Palmaers and Giselle M.H. Van Tornout (imec); SZ Lin (Sun Square); Ross Mahler and Marty Wachi (Moxa); Simon Davies (Renesas); Jennifer Lynn (IBM); Prabhu Jayanna (AMD); Anusha Annapareddy (Applied Materials); Bertrand F. Cambou (High Entropy Security); Daniel O'Loughlin (Qualcomm). Panel moderator: Andrew M. Seward (Tokyo Electron America).