Digital transformation in the way of Artificial Intelligence (AI), machine learning, predictive analytics, the Internet of Things (IoT), and more has drastically impacted the semiconductor industry — allowing for increased production efficiency, quality control, and cost reductions. However, as these companies leverage more digital technologies, the attack surface for cybercriminals grows exponentially. Understanding the need to fortify cybersecurity measures to protect the semiconductor industry from growing threats, Semiconductor Equipment and Materials International (SEMI) has introduced two key standards: SEMI E187 and E188.
Due to the frequency and severity of cyberattacks to critical infrastructure in recent years, SEMI cybersecurity standards were developed to neutralize supply chain attacks, insider threats, and other potential attack vectors. SEMI E187 specifically focuses on the development of new equipment and covers four fundamental elements including operating system security, network security, endpoint protection, and security monitoring. This standard applies to entities who provide equipment or services to semiconductor fabrication plants such as equipment suppliers and system integrators. Its overarching goal is to ensure efficiency, reliability, and interoperability in high-volume manufacturing environments, especially in the semiconductor industry.
SEMI E188 differs from SEMI E187 in that it was developed to improve semiconductor fab defenses against cyber threats and mitigate the spread and proliferation of malware on semi- conductor fab production lines. SEMI E188 also has a broader scope, which is applicable not only to new but also to existing equipment and all computational components such as computers, controllers, and PLCs. It focuses on three key steps which include malware scanning, vulnerability scanning, and network security. The goal of E188 is to provide an industry-agreed framework for how to mitigate the propagation of malware to manufacturing facilities during capital equipment delivery and support activities. This standard applies to equipment suppliers, equipment users, and hardware and software component suppliers.
SEMI E187 and E188 work together to create a formidable defense against cybersecurity threats in the semiconductor industry by establishing a proactive and thorough approach to protecting critical infrastructure. SEMI E187 requires the adoption of robust cybersecurity measures including secure access to equipment firmware, enforcement of access controls to restrict system privileges, as well as scanning for malware and vulnerabilities before the equipment leaves the OEM to limit exposure to potential threats. This standard also emphasizes the importance of applying security updates and patches to address vulnerabilities and exploits in equipment firmware and software before delivery. SEMI E188 on the other requires the implementation of network security, access controls, and a deeper understanding of cybersecurity best practice among personnel. E188 also necessitates practical application of malware and vulnerability scanning standards. Overall, by implementing these standards, organizations can ensure not only the security of new equipment but also reinforce the standing defense of existing devices. However, many organizations may be unsure of where to begin.
A surge in malicious cyber activity has prompted the response of national governments and international organizations to create and expand regulations surrounding the protection of critical infrastructure – much like SEMI E187 and E188. With this increased adoption of standards and frameworks, organizations must transform their cybersecurity programs to remain compliant, enhance their resilience, and, as a result, avoid operational downtime. Claroty is here to help you get started with a platform that provides the broadest solution set in exposure management, network protection, secure access, and threat detection.
Although critical infrastructure organizations may have existing vulnerability and risk management solutions in place, they may fall short of what is required to meet the SEMI E187 & E188 standards. That’s because traditional vulnerability management tactics tend to be ill-suited to the unique needs of cyber-physical systems (CPS) present in critical infrastructure environments. By evolving to a broader, more dynamic exposure management program, organizations can proactively address weaknesses in critical systems, networks, and applications to reduce the risk of exploitation by threat actors. Claroty xDome enables your organizations to create an exposure management program that takes into account asset complexities, unique governance, and the business critical operational outcomes of CPS environments — all allowing you to align with SEMI specifications.
Monitoring and ensuring compliance with regulatory and organizational measures is a challenging task, requiring granular, properly tuned policies that many organizations lack. Without the proper network protection capabilities in place, organizations will find it difficult to meet the network security requirements of SEMI E187 and E188. Claroty xDome solves this challenge by providing recommended segmentation policies that can be easily and automatically enforced via your existing infrastructure. We also enable continuous monitoring to understand how assets communicate under normal circumstances – allowing for automatic alerts to any policy violations. Finally, we simulate network policies to show the potential impact to the environment and risk posture before they are enforced through your existing infrastructure.
Enforcement of access controls is key to meeting SEMI E187 & E188 standards; however, many traditional access solutions are unsuitable for the unique needs of CPS environments. Claroty xDome Secure Access solves this challenge by balancing frictionless access and secure control over third-party interactions with CPS. Our solution enhances productivity, reduces risks and administrative complexities, and ensures compliance in complex and unique architectures across a variety of CPS environments — including meeting SEMI E187 & E188 standards. xDome Secure Access also provides users with the necessary controls for real-time logging and auditing of user identities, which are crucial for maintaining comprehensive audit trails and meeting regulatory requirements.
The proprietary protocols in critical infrastructure environments are not compatible with traditional threat detection tools, rendering them ineffective and potentially disruptive. Critical infrastructure environments are also extremely complex, making it difficult to identify potentially malicious deviations from accepted baselines. Due to this complexity, organizations may find it difficult to align with some requirements of SEMI E187 & E188. Claroty xDome can help by providing advanced analytics and anomaly detection to identify potential cyber threats and provide real-time alerts. With multiple detection engines that automatically profile all assets, communications, and processes in industrial networks, organizations will receive a behavioral baseline that characterizes legitimate traffic to weed out falses positives. These advanced features enable security practitioners to detect emerging threats and then respond to them promptly, which is key for compliance with SEMI E187 & E188.
The semiconductor industry is essential to the global economy, national security, and pivotal to technological advancement. As we’ve seen, the industry has become increasingly targeted by cybercriminals leveraging the interconnectedness of digital supply chains. The only way to prevent these threats is through the establishment of a robust cybersecurity strategy and adherence to industry standards and regulations — and Claroty is here to help.
To learn more about how Claroty can help your organizations comply with SEMI E187 & E188 standards, chat with one of our experts.
Interested in learning about Claroty's Cybersecurity Solutions?