2022幎1æãSEMIã¯SEMI E187 - Specification for Cybersecurity of Fab EquipmentãåºçããŸããããã®ä»æ§ã¯ãSEMIã¹ã¿ã³ããŒã å°æ¹Ÿå°åºInformation Control æè¡å§å¡äŒãFab Equipment Information Security TFã«ãŠ3幎ã«ããã£ãŠéçºããã 3åã®é»åæç¥šãçµãŠåºçããããã®ã§ããããŠãSEMI E187ã¯æçµçã«ã©ã®ãããªãµã€ããŒã»ãã¥ãªãã£ã«é¢é£ããäŒæ¥ã顧客ãçŽé¢ããŠããåé¡ã課é¡ã«å¯Ÿå¿ããã®ã§ããããã
ã¬ã¬ã·ãŒãœãããŠã§ã¢ã¯ãäžçã®åå°äœæ¥çå
šäœã«ãããŠã»ãã¥ãªãã£äžã®è匱æ§ãšãªã£ãŠããŸããããŒããŠã§ã¢ã«åé¡ããªããŠãããœãããŠã§ã¢ãææ°ãããã®ãµããŒããåããªããŸãŸè£œåã©ã€ããµã€ã¯ã«ã®çµäºãè¿ãããœãããŠã§ã¢æ¥çã§ããèŠãããEoLïŒEnd of LifeïŒãEoSïŒEnd of ServiceïŒãšåŒã°ããç¶æ
ã«é¥ããŸããããããäžåºŠã ã賌å
¥ããæ§æ¥ã®ãœãããŠã§ã¢è²©å£²ã¢ãã«ã§ã¯ãEoLã®æç¹ã§ããã¡ãè£
眮ã®ãœãããŠã§ã¢ã¯æ©èœçã«åäœããŠãããããããããžã¡ã³ãã¯ãè£
眮ã«åé¡ã¯ãªãããããã£ãŠã¢ããã°ã¬ãŒãããªãã¬ãŒã¹ã®å¿
èŠã¯ãªãããšèããã¡ã§ãã
åå°äœè£
眮ã®ã©ã€ããµã€ã¯ã«ã¯æé·ã§40幎ã«åã¶
åå°äœè£
眮ã®ã©ã€ããµã€ã¯ã«ã¯æå€§40幎ã«éããããããµã€ããŒã»ãã¥ãªãã£ã®æžäŸ¡ååŽåé¡ã¯è»œèŠã§ããŸãããéåžžãåå°äœå·¥å Žã«ã¯å°ãªããšã20ã®ããŒãžã§ã³ã®OSãã€ã³ã¹ããŒã«ãããŠãããå¹³åããŠæ¯å¹Ž1ã€ã2ã€ã®OSãEoLã®åé¡ã«çŽé¢ããããšã«ãªããŸããäŸãã°ã2001幎ã«çºå£²ãããWindows XPã¯ã2014幎ã«ãããã¢ããããŒããçµäºããŸããããæ°ããåå°äœè£
眮ã«ã¯ããã®ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ïŒOSïŒãã€ã³ã¹ããŒã«ããç¶ããŠããŸããä»ã®OSã¯ããã«ã©ã€ããµã€ã¯ã«ãçããå¹³åããŠ4ïœ6幎ã§ãããæŽæ°ãµãŒãã¹ãçµäºããŠããŸãããã®ããã«ãåå°äœè£
眮ã¯ãããŒããŠã§ã¢ã®æžäŸ¡ååŽãé²ãã§ããªã段éã§ãOSã®æžäŸ¡ååŽãšãããµã€ããŒã»ãã¥ãªãã£ã®åé¡ã«ããªãæ©ãããçŽé¢ããŠããããšãå€ãã§ãã
ãã®ãããªè£
眮ã®ãµã€ããŒã»ãã¥ãªãã£åé¡ã¯ãäžäŒæ¥ã ãã§ã¯è§£æ±ºã§ãããOSãããã€ãã ãã§ãªããåå°äœè£
眮ã®ãµãã©ã€ãã§ãŒã³ã«ããã¢ããªã±ãŒã·ã§ã³ãããã€ããŒãå·»ã蟌ãã§ãéšééãäŒæ¥å
šäœã§åãçµãããšãå¿
èŠã§ããSEMI E187ã¯ããšã³ããã€ã³ãä¿è·ãOSããããã¯ãŒã¯ã»ãã¥ãªãã£ãã»ãã¥ãªãã£èšé²ãšç£èŠãã«ããŒããŠããããããã¯åå°äœè£
眮ã·ã¹ãã ããã³ã¢ããªã±ãŒã·ã§ã³ã«ãããŠé·å¹ŽèŠéããããŠãããµã€ããŒã»ãã¥ãªãã£ã®åé¡ã§ããSEMI E187ã¯ãè£
眮ãããã€ããæ°ãã補é è£
眮ã®ç ç©¶éçºäžã«ã»ãã¥ãªãã£ãŒãã€ãã¶ã€ã³(Security by Design)ãåãå
¥ããããšãå¯èœã«ããæ¹æ³ãšããŠã補é è£
眮調éã®ãµã€ããŒã»ãã¥ãªãã£ã®èŠä»¶ãå®çŸ©ããããšã«ãããæ°ããè£
眮ã®ãµã€ããŒã»ãã¥ãªãã£ã匷åããããšãæ¯æŽããŸãã
ãŸããã©ã€ããµã€ã¯ã«å
ã®ãã¡ãè£
眮ã«ããã¬ã¬ã·ãŒãœãããŠã§ã¢ã¯ã©ãã§ããããããã®ãããªãµã€ããŒã»ãã¥ãªãã£ä¿è·ãäžååãªè£
眮ã«å¯ŸããŠã¯ãç¹å®ã®è£
眮ãèš±å¯ãªã¹ã(allow list)åããŠå¥ã®è£
çœ®ãšæ¥ç¶ããããšã解決çãšãªãå ŽåããããŸããç°¡åã«èšãã°ãèš±å¯ãªã¹ããšã¯ãããè£
眮ãäºåã«æ¿èªããããããã¯ãŒã¯ã«ã®ã¿æ¥ç¶ã§ãããã¹ãçºè¡ãããããªãã®ã§ãããã«ãŒããããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ããããšãããå°é£ã«ããŸããããããèš±å¯ãªã¹ãã«ç»é²ãããè£
眮ãå¥ã®è£
眮ã«ã€ã³ã¹ããŒã«ãããšããœãããŠã§ã¢ã®ã¢ããããŒãã«ãã£ãŠèšå®ãããã©ã«ãã«æ»ãããè£
眮ã®èšå®ãæ¶å»ãããŠããŸãããšããããŸãããã¡ã€ã¢ãŠã©ãŒã«ãå°å
¥ããŠããå Žåã¯ããã¡ã€ã¢ãŠã©ãŒã«ãã¯ã€ããªã¹ããèšå®ããããšã§ãè£
眮ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããããšãã§ããŸããSEMI E187ã«æºæ ããæ°ããè£
眮ãåŸã
ã«çšŒåããã©ã€ããµã€ã¯ã«ãçµäºãããã¡ã€ã¢ãŠã©ãŒã«ã¯åŸã
ã«çœ®ãæããããšãå¯èœã§ãã
SEMIãžã£ãã³ã§ã¯ã2022幎6æ8æ¥ã«æ¬ããŒãã®ãŠã§ãããŒã宿œããããã400åã®æ¹ã«ãèŽè¬ããã ããŸããã詳现æŠèŠã¯äžã®ç»åãã¯ãªãã¯ããŠãã ããã
SEMI E187ã®æ®åã¯ã調ééšéã ãã®è²¬ä»»ã§ã¯ãããŸãããSEMI E187ãå°å
¥ããããšããäŒæ¥ã¯ãè£
眮管çãITããµã€ããŒã»ãã¥ãªãã£ã調éãçç£ã©ã€ã³ã®ãšã³ãžãã¢ãªã©ãããŸããŸãªéšéã®æèŠãæžå¿µãèæ
®ããå¿
èŠããããŸãã
è£
眮管çè
ã¯ãè£
眮ã®ãµã€ããŒã»ãã¥ãªãã£ã¯èªåã®åœ¹å²ãéèŠæ¥çžŸè©äŸ¡ææšïŒKPIïŒã®äžéšã§ã¯ãªããšèããŠããããšãå€ããITããµã€ããŒã»ãã¥ãªãã£ãæ
åœããäœæ¥è
ãããã¡ãè£
眮ã®ãµã€ããŒã»ãã¥ãªãã£ãèªåã®è²¬ä»»ã ãšã¯èããŠããŸãããäžæ¹ã調éæ
åœè
ã¯ãITéšéããµã€ããŒã»ãã¥ãªãã£éšéã«è£
眮ã®ãµã€ããŒã»ãã¥ãªãã£ä»æ§æžãæåºããããæ±ããŠããŸãããã®ãããè£
眮ããµãã©ã€ãã§ãŒã³ã®ãµã€ããŒã»ãã¥ãªãã£ã®åé¡ã«é¢ãããµã€ããŒã»ãã¥ãªãã£å
šäœã®ç£èŠãšç·©åã®ç¶æ³ã«ã®ã£ãããçãã瀟å
ã«è²¬ä»»è
äžåšã®ç¶æ³ãç°¡åã«äœãããšã«ãªããŸãããããã£ãŠãè£
眮ã®ãµã€ããŒã»ãã¥ãªãã£èª¿éã®èгç¹ãããSEMI E187ã¯è£
眮ã®ãµãã©ã€ãã§ãŒã³å
šäœã«ãããã°ããŒãã«ãªãµã€ããŒã»ãã¥ãªãã£ã»ã³ã³ãã©ã€ã¢ã³ã¹ã®åºç€ã確ç«ããŸãã
å°å
¥æã«è£
眮ããŠã€ã«ã¹ã«ææããŠããªãããšã蚌æããããšããæåã®ã¹ãããã§ããäžéšã®ãããã€ãã¯ãåœåããSEMI Taiwanãµã€ããŒã»ãã¥ãªãã£å§å¡äŒãšã®è°è«ã«å ãã£ãŠããŸããæ¥çäž»å°ã®è°è«ã¯ãã³ã©ãã¬ãŒã·ã§ã³ãšå®è¡å¯èœãªãœãªã¥ãŒã·ã§ã³ã確ä¿ããããã®éµã§ããæèŠãåéããå§å¡äŒã®äŒè°ã«åå ããããšã§ããããã€ããæåç·ã§åé¡ãçè§£ãã解決ã«è²¢ç®ããããšãç®æããŸãã
2018幎以éãè£
眮ã¡ãŒã«ãŒã®é¡§å®¢ã¯ãæ°ããè£
眮ãçŽå
¥ããéã«ããŠã€ã«ã¹ããªãŒã®èšŒææžãæäŸããããšãæ±ããããã«ãªã£ãŠããŠããŸããè£
眮ããŠã€ã«ã¹ããªãŒã§ããããšã蚌æããããã«SEMI E187ãçšããŠç°¡çŽ åããããšã¯ãè£
眮ãããã€ããšãã®é¡§å®¢ãåé²ããããã®æåã®äžæ©ãèžã¿åºãã®ã«åœ¹ç«ã€ãšæãããŸãã
泚ïŒãã®èšäºã®äžåœèªçã¯ã2022幎2æã«Bloomberg Businessweekã«æ²èŒããããã®ã§ããäžèšã®èŠè§£ã¯Ming-Chang (Bright) Wuæ°å人ã®ãã®ã§ãããå¿
ãããéçšäž»ã®èŠè§£ãåæ ãããã®ã§ã¯ãããŸããã
åèæç®
Wu, M.C., Legacy Systems Pose Broad Security Risk for Chipmakers, EE Times (2022). https://www.eetimes.com/legacy-systems-pose-broad-security-risk-for-chipmakers/
Wu, M.C., Key Implementation Challenges on International Cybersecurity Standards and their Supportive Management Resources, ISSA Journal.(November 2021). https://www.issa.org/
Wu, M.C., âEmerging Standard Helps Address Cybersecurity,â Standards Watch (March 2021), SEMI, www.semi.org/en/standards-watch-2021March/tw-cybersecurity.
èè
ã«ã€ããŠ
Ming-Chang (Bright) Wuã¯ãSEMI Taiwanã®ãµã€ããŒã»ãã¥ãªãã£å§å¡äŒã®åµèšã¡ã³ããŒã§ããã2018幎ããSEMI187ã®éçºãè¡ãã¿ã¹ã¯ãã©ãŒã¹ã«åå ããŠããŸããå°æ¹Ÿã³ãŒãã¬ãŒãã¬ããã³ã¹åäŒã®è¬æŒè
ã§ããããŸãããŸãã圌ã®ã¬ãžãªãšã³ã¹ãªæ¬ã¯ãå°æ¹Ÿã®åœå®¶å
¬åå¡é¢ã«ãã£ãŠæšèŠããã2020幎ã®ãä»æã®æ¬ãã«éžã°ããŸããã
çŸåšãSEMI E187ãNIST CSFãISA/IEC 62443ã®å°æ¹Ÿã§ã®ããŒã«ã©ã€ãºãæ¯æŽããŠããŸããBright Wuã®LinkedInã¯ãã¡ãã
æ¬ä»¶ã«é¢ããæ¥æ¬åœå
ã§ã®ãååã
SEMIãžã£ãã³ ã¹ã¿ã³ããŒãïŒEHSéš
äžå³¶æ¬åŸïŒ[email protected]ïŒ
ååºïŒ2022幎æ6æãStandards Watch, Volume 17, Issue 2
â»æ¬çš¿ã¯ãStandards Watchã«æ²èŒãããŸããèšäºãæ¥æ¬èªèš³ãããã®ã§ãã
ãå
ã®èšäº https://www.semi.org/en/blogs/semi-news/legacy-software-is-not-an-it-issue-but-an-issue-of-cybersecurity-depreciation