Focusing in on how the microelectronics industry has proved capable of proceeding apace during the COVID-19 pandemic, SEMI today highlighted the role of industry standards and emerging developments around cybersecurity at the annual West Views Media Conference at SEMICON West 2020.
Broad adoption of uniform SEMI standards is providing the foundation for factory automation and is making it possible for thousands of tech staff to keep working through shutdowns – and whatever happens next – should another pandemic hit. James Amano, senior director of International Standards for SEMI, shared lessons gleaned during the pandemic and announced candidate standards proposed for approval and release in the coming months.
“The pandemic has put a spotlight on the fact that a lot of chipmaker suppliers can use tablets and virtual reality headsets or goggles to do work that once required traveling engineers,” Amano said. “Thanks to SEMI and committees comprised of more than 5,000 Standards volunteers, there is no hodgepodge of differing remote connectivity solutions across different platforms, nor the accompanying accidental cybersecurity threats.”
Amano indicated that invaluable preparation has become readily apparent during the past few months, when fab operations hummed along despite COVID-19. For example, between February and April 2020, the use of software for remote diagnosis and management of semiconductor manufacturing tools by semiconductor suppliers more than doubled, and usage remained at record-high levels in May and June. He said that with the groundwork established by standards, a lot of technicians have continued to handle vital diagnostics and control, but from home.
Dave Anderson, SEMI Americas president and host organizer for SEMICON West, noted the opportunity to share learning on standards between industries.
“Automobiles now contain hundreds of microchips, so carmakers are big proponents and users of industry standards,” Anderson observed. “The global auto industry can teach other businesses new lessons about how standards can strengthen and advance industries. And at the same time, the auto industry can learn more about machine interface and data communications standards from the semiconductor industry.”
Meanwhile, chipmakers welcome technology that limits people within their cleanrooms.
“You want to minimize how often people come close to wafers, much less touch them – especially at leading-edge fabs where semiconductor recipe changes can occur every few months,” Anderson said.
Anderson also predicts the COVID-19 crisis will accelerate widespread interest in standards.
What’s next for cybersecurity and standards
Among takeaways surfaced during the pandemic is the need for accelerated development of standards with ever-more comprehensive cybersecurity specifications. In an increasingly competitive world, such standards will help to sustain uninterrupted progress during a next crisis, including another quarantine. Underscored by the pandemic, two draft SEMI standards are underway.
- Intel and Cimetrix are leading SEMI Draft Document 6566, Specification for Malware-Free Equipment Integration, refining it to define protocols for pre-shipment scans of equipment as well as various types of ongoing support including file transfers, maintenance patches, and component replacement. Importantly, the team’s aim is for the desired standard to introduce steps to “harden” equipment software and make it less vulnerable to cyberattacks. The measures will be evaluated against third-party frameworks, such as the National Vulnerability Database (NVD) and Common Vulnerability Scoring System (CVSS).
- TSMC and Industrial Technology Research Institute (ITRI) are leading SEMI Draft Document 6506, Specification for Cybersecurity of Fab Equipment, which defines a common, minimum set of security requirements for fab equipment. The standard will provide a baseline focusing on four major components of fab equipment: operating systems, network security, endpoint protection, and security monitoring. Once approved by the global SEMI Information and Control Committee, the goal will be to scale requirements as malware threats evolve.