downloadGroupGroupnoun_press release_995423_000000 copyGroupnoun_Feed_96767_000000Group 19noun_pictures_1817522_000000Member company iconResource item iconStore item iconGroup 19Group 19noun_Photo_2085192_000000 Copynoun_presentation_2096081_000000Group 19Group Copy 7noun_webinar_692730_000000Path

Fab & Equipment Security Standards Development Continues

By Michelle Sun, SEMI and Cher Wu, SEMI Taiwan

FEBRUARY 2021 UPDATE:

Ballots for both Security Task Forces are now available for voting. Visit https://www.semi.org/en/products-services/standards/ballots and select Ballot Period "02-2021" and Ballot Committee "Information and Control".

  • Ballot 6506B, Specification for Cybersecurity of Fab Equipment
  • Ballot 6566A, Specification for Malware Free Equipment Integration

Not yet a Standards Member? Register at http://www.semi.org/standardsmembership

In recent years the number of cyberattacks has increased rapidly, affecting companies in all sectors. Among them is the semiconductor sector, where a major foundry was forced to pause production lines to investigate machines infected by ransomware in 2018. In order to prevent further cyberattacks on factory equipment, SEMI has taken the initiative to develop standards which will tighten cybersecurity measures. This initiative has been divided into multiple activities with different areas of emphasis.

The North America Fab & Equipment Computer Device Security (CDS) Task Force led by Ryan Bond (Intel) and Richard Howard (Cimetrix) is focused on developing SEMI Draft Document 6566, Specification for Malware Free Equipment Integration, which defines a protection system for preventing malware infections at different points of the equipment life cycle. The document will outline protocols for pre-shipment scans of equipment as well as various types of ongoing support, including file transfers, maintenance patches, and component replacement. In addition, the document will introduce steps to “harden” equipment software and make it less vulnerable to cyberattacks, which will be measured against third party frameworks such as the National Vulnerability Database (NVD) and Common Vulnerability Scoring System (CVSS).

quote Leon Chang TSMC

Similarly, the Taiwan Fab and Equipment Information Security Task Force led by Leon Chang (TSMC) and Ares Cho (ITRI) is focused on developing SEMI Draft Document 6506, Specification for Cybersecurity of Fab Equipment. This Document, which defines a common, minimum set of security requirements for Fab equipment, will serve as a baseline for security for fab equipment. The requirements will focus on four major components of fab equipment: its operating system, network security, endpoint protection, and security monitoring. Over time the requirements are expected to scale as malware threats evolve.

Both Task Forces issued their initial ballots earlier this year and received extensive feedback from the global supply chain. Based on the industry response, both ballots failed committee adjudication. The Task Forces are currently updating their documents to incorporate voter input and will be issuing their next ballots later this summer.

A future activity will be SEMI Draft Document 6565, Specification for Application Whitelisting, a method which will enable technologies to adapt to ever-changing viruses by whitelisting certain applications while preventing the execution of others. Individuals with experience in application whitelisting are encouraged to join the Fab & Equipment Computer Device Security (CDS) Task Force.

Get Involved

SEMI Standards development activities take place throughout the year in all major manufacturing regions. To get involved, join the SEMI International Standards Program at: www.semi.org/standardsmembership.

For more information please visit our main Web site and current events page. If you have any questions regarding SEMI Standards activities, please contact your local SEMI Standards staff. 

 

Standards Watch
SEMI
www.semi.org
June 11, 2020