downloadGroupGroupnoun_press release_995423_000000 copyGroupnoun_Feed_96767_000000Group 19noun_pictures_1817522_000000Member company iconResource item iconStore item iconGroup 19Group 19noun_Photo_2085192_000000 Copynoun_presentation_2096081_000000Group 19Group Copy 7noun_webinar_692730_000000Path

Expanding on Taiwan's SEMI E187 Development

By Dr. Ares Cho, Division Director, Information and Communication Research Laboratories of ITRI, SEMI Fab and Equipment Security TF co-leader

The evolution of SEMI E187 cybersecurity standard, since its inception in January 2022, has been nothing short of remarkable. Its swift rise to prominence as a sought-after Standard has placed it in SEMI’s top-10 Standards sold, reaching #2 in 2022 and 2023, which  underscores its critical importance in the semiconductor industry. This standard has not only garnered attention but also active engagement from global manufacturers who are diligently evaluating and enhancing their product designs to align with SEMI E187's stringent cybersecurity requirements.

The establishment of the SEMI Taiwan Cybersecurity Committee in June 2022 marked a significant milestone in Taiwan's commitment to bolstering cybersecurity measures within the semiconductor sector. This committee has played a pivotal role in providing comprehensive support for the implementation of SEMI E187, ranging from the development of reference implementation guides to the formulation of a detailed SEMI E187 checklist. These initiatives have empowered manufacturers with the necessary resources and guidelines to navigate the intricate landscape of cybersecurity compliance effectively.

The proactive stance taken by Taiwan's semiconductor giant, TSMC, in September 2023, further solidified the importance of SEMI E187. By mandating the inclusion of a SEMI E187 checklist for manufacturing equipment with internet connectivity capabilities, TSMC set a precedent for stringent cybersecurity standards across its supply chain. This move not only emphasized TSMC's commitment to cybersecurity but also catalyzed similar actions within the industry.

The collaboration between Taiwan's premier industrial research organization, ITRI, and the renowned French company, Bureau Veritas (BV), during the 2023 SEMICON TAIWAN event, highlighted Taiwan's efforts aimed to foster third-party verification of conformance for local companies further underscoring Taiwan's commitment to upholding international cybersecurity standards.

Feedback received from the initial implementation phase of SEMI E187, coupled with ongoing discussions with the SEMI Manufacturing Cybersecurity Consortium (SMCC), has paved the way for necessary adjustments to Checklist 1.0. Efforts are underway to streamline definitions and enhance operational clarity within the checklist document. Moreover, the exploration of an international certification framework signifies Taiwan's ambition to position SEMI E187 as a globally recognized semiconductor equipment cybersecurity standard.

Despite the commendable progress achieved with Checklist 1.0, certain gaps remain in addressing the cybersecurity requirements for semiconductor equipment designs of varying complexities. The generic nature of the standard poses challenges in specifying distinct cybersecurity requirements for equipment of different scales and complexities. Additionally, inconsistencies in risk definition within the checklist's coverage further underscore the need for refinement.

The initiation of SEMI E187 2.0 and its corresponding Checklist 2.0 by the SEMI Taiwan Security Task Force and SEMI Taiwan Cybersecurity Committee reflects Taiwan's commitment to continuous enhancement of supply chain resilience. Preliminary discussions have highlighted the importance of referencing established cybersecurity standards such as ISO/IEC 62443 and introducing more comprehensive compliance requirements. Specifically, emphasis is placed on regulating machine-to-fab cybersecurity for complex multi-machine interconnects and enhancing network protection measures, including defining the capabilities of in-machine firewalls.

Furthermore, considerations are underway to enhance transparency and traceability in software usage through the provision of Software Bill of Materials (SBOM) tracking management data. This initiative aims to empower enterprises in identifying and mitigating potential cybersecurity risks associated with open-source software effectively.

In conclusion, Taiwan's efforts to evolve SEMI E187 into a multi-layered cybersecurity standard underscore its commitment to fostering a secure and resilient semiconductor ecosystem. By embracing international best practices and fostering collaboration across stakeholders, Taiwan is poised to set new benchmarks in semiconductor cybersecurity and reinforce its position as a global leader in semiconductor manufacturing.

Get Involved

SEMI Standards development activities take place throughout the year in all major manufacturing regions. To get involved, join the SEMI International Standards Program at: www.semi.org/standardsmembership.

For more information, please visit our main Web site and current events page. If you have any questions regarding SEMI Standards activities, please contact your local SEMI Standards staff.

 

Standards Watch
SEMI
www.semi.org
June 13, 2024