Semiconductor Manufacturing Cybersecurity Consortium (SMCC)—SEMI E187 Compliance Guidance Report

Cyber threats continue to increase at alarming rates, for instance according to Forbes, 2023 saw a 72% increase in data breaches since 2021, which held the previous all-time record and The Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Report further revealed an 81% rise in financial losses due to cybersecurity complaints, escalating from $6.9 billion to $12.5 billion. The FBI reported an 81% increase in losses tied to cybersecurity complaints from $6.9B to $12.5B over the same period in their 2023 IC3 Report. The semiconductor industry has become a prime target for cyberattacks due to the world’s economic dependence on its technology. As a foundation of modern innovation, semiconductor manufacturing supports critical sectors ranging from consumer electronics to defense, making it a principal objective for nation-state actors, financially motivated attackers, and supply chain disruptions.

Ransomware, data breaches and cybercrime intrusions are growing at rapid rates. The semiconductor equipment and device manufacturer environments are not immune to these threats. Hence, the global efforts to secure the semiconductor supply chain and industry are of great importance. SEMI E187-0122 specifications were released in 2022. Specifications like SEMI E187, created specifically for the semiconductor industry, are great foundational requirements intended to reduce risk, secure and protect semiconductor equipment and device manufacturer environments.

The twelve E187 cybersecurity requirements were built as foundational baselines for securing semiconductor equipment. The industry is currently working to fully understand the requirements as written and how compliance would be interpreted by Device Manufacturer’s (DM’s) individually. Compliance with each requirement has created a tremendous amount of interest, including technical and commercial discussions. This document was developed to provide additional SEMI E187-0122 compliance requirement rationale, guidance and artifacts that can be used to help meet or build upon SEMI E187 compliance. Each of the 12 requirements might have 3 sections- Rationale, Guidance and Artifacts. Rationale further explains why the requirement is needed and provides the reader with clarity on how to correlate the requirement to cybersecurity; Guidance provides the readers with details on how to comply with the requirements based on DM and OEM collaboration; Artifacts are distinct examples of complying with the requirements. The information in this document was created via direct feedback from DM’s and Supplier’s in a collaborative effort with SEMI to assist in securing the global semiconductor equipment and device manufacturer industry.

Read more here.