The SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC), in partnership with the National Institute of Standards and Technology (NIST), advanced a semiconductor industry community profile for NIST Cybersecurity Framework 2.0 (CSF 2.0), opening it for public commentary. Originally announced in September of 2024, the community profile will provide a strategic cybersecurity roadmap specific to semiconductor manufacturing, focused on bolstering the industry’s resilience to cybersecurity threats.
The commentary period runs from February 27 through April 14, 2025, with a public workshop to review comments and plan the next steps to follow on March 13, 2025. NIST and SMCC request feedback from stakeholders interested in securing the semiconductor supply chain including cybersecurity professionals, equipment manufacturers, engineers, architects, operations professionals, representatives from fabs, fabless companies, and other semiconductor or electronic system providers.
NIST is planning to release the final draft of the profile in Q3 of fiscal year 2025. To review and comment, visit the National Cybersecurity Center of Excellence (NCCoE) website and join the Community of Interest to receive updates on the profile.
“Society’s reliance on electronic devices demands quality and security as the industry grows closer to reaching $1 trillion in annual revenue,” said Melissa Grupen-Shemansky, Ph.D., CTO and Vice President of Technology Communities at SEMI. “This collaboration between NIST and SEMI member companies is helping to foster cybersecurity resilience within the industry, while serving the technology needs of the public.”
“NIST, in collaboration with industry leaders through SEMI and government agencies, has developed and is releasing a comprehensive framework designed to safeguard semiconductor manufacturing from emerging threats and vulnerabilities,” said Sanjay Rekhi, group leader of the Security Components and Mechanisms Group at NIST. “This initiative is part of a broader, multi-year effort to strengthen the security of critical infrastructure, with a particular focus on the security of semiconductors and their supply chain.”
In support of the 2023 National Cybersecurity Strategy’s strategic objective to secure global supply chains for information, communications and operational technology products and services, the White House Office of the National Cyber Director (ONCD) included a Cybersecurity Framework Profile as part of initiative 5.5.5 in the National Cybersecurity Strategy Implementation Plan Version 2. SMCC recognized the need for a cybersecurity community profile specific to semiconductor manufacturing and assigned a working group (WG4) to develop one with the federal government. WG4 authors of the profile include representatives from Advanced Energy Industries, Applied Materials, ASML, IBM, Intel, PEER Group, Texas Instruments, Tokyo Electron Limited and TxOne Networks.
“This community profile is demonstrating the power of collaboration to solve complex challenges spanning the semiconductor supply chain,” said Doug Suerich, Director of Marketing for PEER Group and SMCC governing council member. “Thanks to committed resources from NIST, the efforts of our collaborators, SEMI’s strong leadership, and SMCC’s dedicated governing council, we can strengthen the resilience of our industry.”
“As the semiconductor industry continues its evolution, the adoption of NIST semiconductor profile can help address the industry’s growing cybersecurity challenges,” said Raj Potturi, Senior Director Information Security & Risk Management for Applied Materials, and SMCC WG4 Co-chair. “As the first community profile developed from scratch under initiative 5.5.5, its creation validates the importance of the semiconductor industry and the need to keep it safe from cyberattacks.”
“The next step is to promote broad adoption of this NIST CSF 2.0 Community Profile to reduce cybersecurity risks for the semiconductor manufacturers,” said Daniel Pletea, SMCC WG4 Co-chair. “This will be achieved by creating an implementation guide through a similar NIST and SEMI collaboration.”
SMCC will provide cybersecurity recommendations for semiconductor manufacturing equipment, information on implementation, and updates on the development of the community profile. For more information, visit the project webpage or contact cybersecurity@semi.org.
