cybersecurity

SEMI-MEMS Sensors Industry Group (MSIG) welcomed a global group of industry executives to its 14th annual MEMS Sensors Executive Congress (MSEC), October 29-30, 2018 in Napa, Calif. MEMS and sensors represent a robust sector of the electronic industry. Analyst firm Yole Développement expects the global market for MEMS and sensors to double in the next five years, reaching $100B by 2023, spurred by growth of autonomous mobility products such as Internet of Things (IoT) devices, autonomous cars, fitness and healthcare wearables, and agricultural sensors.“From drones that navigate any terrain in all lighting conditions, robo-taxis that ‘smell’ cigarette smoke, and sensors that monitor animal welfare and food safety, MSEC speakers shared inventive use cases representing new opportunities for MEMS and sensors suppliers,” said Carmelo Sansone, director, MEMS Sensors Industry Group. “Our keynote speakers spurred attendees to collaborate for the greater good. MITRE Corp. cybersecurity expert Cynthia Wright exhorted attendees to proactively address cybersecurity. DARPA Microsystems Technology Office (MTO) program manager Ron Polcawich invited participation in a rapid innovation and production concept that could dramatically speed design cycles for new MEMS. They exemplify the cross-pollination among commercial industry, government and academia that will continue to advance MEMS and sensors.”Getting serious about cybersecurityMITRE cybersecurity expert Cynthia Wright opened MSEC 2018 with a keynote on cybersecurity, alerting attendees to a topic that few in the industry have explored in-depth — but to which they need to pay attention.“Billions of connected mobile devices democratize knowledge, diversity and boost economies, and accelerate innovation by connecting humans to one another and to our environments,” said Wright. “At the same time, they easily create huge networks that carry operationally and personally sensitive data.”Because MEMS and sensors are deeply embedded into this vast array of connected devices, industry needs to get involved now or risk potentially grave consequences, claimed Wright. “From the destruction of critical infrastructure, cyberattacks on life-critical medical devices such as insulin pumps and heart monitors, and intrusions on autonomous vehicle safety systems, MEMS and sensors suppliers have a responsibility to help improve cybersecurity of connected devices,” she added.Allaying the potential fears of a roomful of suppliers envisioning complete redesigns of their products, Wright said that not every device requires the same level of security, and suppliers can make a difference with even “minor tweaks.” Wright suggested encryption at the edge and process authentication. She also gave MSEC attendees a list of design precepts: Build it in. Don’t bolt it on — Design your device with security in mind instead of retrofitting it after-the-fact to realize the most elegant design. Beware of shadow IT — You can’t protect what you don’t know about. Consider physical asset security; software/sensor-guided decision-making; personal or operational data collection; and key process control. Realize your points of vulnerability — because MEMS and sensors are susceptible to spoofing. Learn from cyberattacks of the past — even if they have not been tied directly to MEMS/sensors. Understand IoT software — Realizing that IoT software acts on what the hardware tells it, pay attention to altered sensor data that can lead to altered system performance. When asked about the role of US government regulation on the security of connected devices, Wright acknowledged that Europe has more restrictive cybersecurity guidelines than the US.“At the same time, it does not make sense to have two different approaches to cybersecurity of devices. US suppliers who implement more security measures can sell to both markets and to other parts of the world.”If she could leave MSEC attendees with a closing thought, it might be that companies “don’t need to put a firewall on a toaster.”“Not every chip has to be secure-foundry secure, but it would be nice if even 10% could hit that mark,” added Wright.Rapid Innovation through CollaborationIC designers typically enjoy three to four design cycles in a calendar year, leading to swift advancement of electronics over subsequent years.Designers in the MEMS community, however, generally have access to one design cycle or less per year, and typical time-to-market is four years for a new product. That slow fabrication pace has hindered deployment of innovative MEMS designs — and it’s something that MSEC closing keynote speaker, Ron Polcawich, program manager, DARPA MTO, would like to change.Polcawich’s vision of government collaboration with industry and academia spawned the investigational Rapid Innovation through Production MEMS (RIPM) Workshop, which Polcawich and his team held in May 2018. During his keynote, Polcawich shared lessons learned from the workshop while inviting MSEC attendees to get involved.Before RIPM can become a program, Polcawich knows it will require definition. What would a program concept look like? What is the best way to articulate the potential benefits to the MEMS community, and what additional inputs would be needed?“This is a daunting challenge from a program planning perspective,” said Polcawich. “In developing RIPM, we realized that we needed representatives from the entire MEMS ecosystem – integrated device manufacturers, or IDMs, equipment suppliers, foundries, and materials’ providers — to literally come to the table to tackle a common goal. Given the potential for the MEMS industry at large to benefit from rapid innovation and production, we hoped that competitors would realize that leveraging established MEMS processes could deliver significant benefits over the historically entrenched approach: one product, one process.”Polcawich believes that MEMS suppliers might relinquish the one product, one process paradigm if they knew that their IP were secure.“While technical challenges to realizing RIPM abound, we knew that we could tap the MEMS industry’s vast knowledge base to address them,” he said. “IP protection is an equally complex issue, and one that may bear a range of approaches. One model could ensure that each IDM owns their IP while the foundry owns the process technology, which it licenses to other companies through process development kits. In addition to speeding innovation, it also provides new revenue sources for the industry.”Polcawich sees RIPM as a win-win for both commercial industry and for the DoD. Speeding design-to-deployment of new MEMS devices could open new and larger markets to MEMS suppliers. It could also support greater product-line diversification and new revenue streams for foundries and other ecosystem members. The DoD could tap new MEMS devices for strategically important applications like tactical radios, unmanned aircraft systems such as drones, and image autofocus for cameras. Polcawich encouraged SEMI-MSIG members to get involved by emailing his group: [email protected] Hall of Fame MembersThree new industry leaders joined the SEMI-MSIG Hall of Fame, first established in 2011 as a means of honoring those who have made a substantial contribution to SEMI-MSIG. Selected by members of the Governing Council, 2018 Hall of Fame inductees include: Michelle Bourke, strategic marketing director, Customer Support Business Group, Lam Research Eric Pabo, business development manager, MEMS, EV Group Yoshio Sekiguchi, senior strategic advisor, TDK InvenSense Technology Showcase WinnerMSEC recognizes the latest advancements in applications enabled by MEMS and sensors — including those demonstrated by entrepreneurs competing in the Technology Showcase. Selected by a committee of industry experts, five finalists did their best to impress attendees with their technical approach and go-to-market strategies. The 2018 Technology Showcase winner, Alertgy, presented a biosensor-based wristband device that provides non-invasive, real-time blood glucose monitoring for people with type 2 diabetes, which affects more than 20 million Americans and hundreds of millions more worldwide. MSEC 2018 Sponsors MSEC 2019 Location and DatesMSEC 2019 will take place October 22-24, 2019, at the Coronado Island Marriott Resort Spa in Coronado, Calif., just minutes from downtown San Diego.For more information on MSEC 2019 and other SEMI-MSIG events and programs, please follow @MEMSgroup on Twitter, visit MSIG at SEMI and subscribe to SEMI’s weekly newsletter, SEMI Global Update.Maria Vetrano is a public relations consultant at SEMI.

Cynthia Wright, a retired military officer with over 25 years of experience in national security and cyber strategy and policy, now Principal Cyber Security Engineer at The MITRE Corporation, will give the opening keynote at the upcoming MEMS Sensors Executive Congress, October 29-30, 2018 in Napa, Calif. SEMI’s Maria Vetrano interviewed Wright to give MSEC attendees an advance look at Wright’s highly anticipated presentation.SEMI: MEMS and sensors suppliers provide intelligent sensing and actuation to hundreds of billions of autonomous mobility devices – but historically, our community has not been at the forefront of cybersecurity. Why is now a good time for us to get involved?Wright: From wearables, smartphones, refrigerators and agriculture to medical devices and military hardware, autonomous mobility devices pervade our lives. At the same time, Internet of Things (IoT) botnet attacks like Mirai — and other demonstrated cyberattacks on home devices, vehicles and infrastructure — highlight the increasingly urgent need to address cybersecurity and privacy in MEMS/sensors-enabled devices.As building-block players in autonomous devices, MEMS and sensors suppliers have several good reasons to get involved.The number of IoT cyber security bills before state and federal legislatures suggest that regulation is coming, and it is in everyone’s best interest to prepare. While original equipment manufacturers (OEMs) would generally be held liable in cases of component malfunction or data breach, if insecurity stems from a microelectromechanical component, OEMs would most likely choose component suppliers with secure products.Beyond legislation and competitive advantage, we must consider that people’s well-being, even lives, could be at stake. Imagine what could happen if someone hacks into an insulin pump, the accelerometer on a train, or the LIDAR of an autonomous car. Intrusions of this sort could prove catastrophic.SEMI: Where do you perceive the biggest potential threats to consumers, industry, government?Wright: In good military fashion, I would say that it depends. If a person is a consumer of medical implants, that’s a big threat. On the government side, we could be talking about networked devices involved in military situational awareness. In industry, it could be sensors governing critical manufacturing or safety processes.I am not saying that every sensor must be secure. In every sector, there are areas of greater or lesser vulnerability, depending on context. SEMI: What is security or privacy by design?Wright: Addressing security flaws is cheaper and more easily accomplished at the design stage and not after the vulnerabilities are discovered. At MITRE, we practice systems- and design-oriented thinking as we consult with people doing development. We help them to develop security standards and approaches that are broadly applicable, rather than focusing on a specific product.For example, MITRE looks at the ways that a person might hack into a car to steal location and life history data — or alter its functions — to facilitate general standards and approaches that will help manufacturers better ensure the privacy and security of autonomous vehicles. Hackers have demonstrated that they can interfere with vehicle transmissions and brakes. Ignition, steering and other critical systems are theoretically accessible through the same types of attacks. To what degree can MEMS/sensors suppliers help automotive manufacturers ensure the privacy and security of autonomous cars, and the safety of their drivers? SEMI: What would you like MSEC attendees to take away from your presentation?Wright: MEMS/sensors suppliers are on the leading edge of computing and should take some responsibility for considering cybersecurity and privacy, for the safety of their customers and their own competitive advantage. Recognize which devices should be secure and act accordingly. Get involved at the design stage. The market for secure microelectronics is only going to grow, and this will benefit suppliers who take secure design seriously.Cynthia Wright will present Cyber Security and Privacy in the Age of Autonomous Sensing on Monday, October 29 at MEMS Sensors Executive Congress in Napa, Calif.Register today to connect with her at the event. Maria Vetrano is a public relations consultant at SEMI.