Powering the Future: Why Thermal Management Defines the Future of Electronics
Standard of Excellence: Engineering Is the New Sales—How Technical Collaboration Wins Business
SMT Perspectives & Prospects: Artificial Intelligence, Part 7—Data Module 2
SEMI Consortium to Develop Cybersecurity Strategy and Roadmap for the Semiconductor Industry in NIST Framework
October 1, 2024 | SEMIEstimated reading time: 3 minutes
Seeking to strengthen the semiconductor industry’s resilience to cybersecurity threats, the global association SEMI today announced the creation of a strategic roadmap for cybersecurity implementation throughout the industry. The SEMI Semiconductor Manufacturing Cybersecurity Consortium (SMCC) has partnered with the National Institute of Standards and Technology (NIST) to develop a semiconductor manufacturing industry profile for NIST Cybersecurity Framework 2.0 (CSF 2.0) that will serve as the foundation for the aforementioned roadmap. NIST plans to publish the profile in mid-2025.
SEMI & SMCCAccording to research by the Identity Theft Resource Center, cyberattacks rose by 72 percentage points in 2023 over the previous all-time high in 2021. As semiconductor factories become increasingly connected and autonomous, the industry must respond to the growing security vulnerabilities associated with this next level of digital reliance and align with broader government efforts to secure the building blocks of technologies vital to society.
“Semiconductors are integral to both national security and the global economy – we need to do everything in our power to protect the industry,” said Cherilyn Pascoe, Director of the National Cybersecurity Center of Excellence (NCCoE) at NIST. “NIST is pleased to partner with SEMI SMCC for the development and adoption of a NIST Cybersecurity Framework 2.0 Profile for Semiconductor Manufacturing. This collaboration is important to identify and reduce cybersecurity challenges in semiconductor manufacturing.”
“It’s important to recognize and address the unique cybersecurity challenges facing the semiconductor industry,” said Jennifer Lynn, SMCC Working Group Chair and Semiconductor Cybersecurity Lead at IBM Research. “This community profile could allow us to better identify and execute a path forward.”
In support of the 2023 National Cybersecurity Strategy’s strategic objective to secure global supply chains for information, communications and operational technology products and services, the White House Office of the National Cyber Director (ONCD) included a Cybersecurity Framework Profile as part of initiative 5.5.5 in the National Cybersecurity Strategy Implementation Plan Version 2. SMCC recognized the need for a cybersecurity community profile specific to semiconductor manufacturing and worked with the federal government to develop one.
“Unlike air, space, land, and sea, cyberspace is the only battle domain created entirely by human hands,” said Anjana Rajan, Assistant National Cyber Director for Technology Security at ONCD, during the Global Executive Cybersecurity Forum at SEMICON West 2024. “This means we have both the power and the responsibility to shape it. The future of cyberspace where defenders have an inherent advantage over attackers starts with preparation, and that preparation must begin with securing the building blocks.”
Prior to completion, the community profile will open for public review and commentary in accordance with NIST’s official process. The review period has yet to be announced. The community profile is part of a broader NIST strategy to further standardize cybersecurity protocols for the semiconductor sector, in line with profiles for other industries.
“With the committed resources and support from NIST to support SMCC working groups, we’ll be able to accelerate the development of this semiconductor manufacturing industry community profile creation,” said Brian Korn, Director for SMCC and Staff Technologist focused on Cybersecurity and Automation at Intel Foundry.
SMCC will provide cybersecurity recommendations for semiconductor manufacturing equipment, information on implementation, and updates on the development of the community profile. For more information, visit the project webpage or contact cybersecurity@semi.org.
SMCC working groups are engaged with the SEMI Standards program to create a standards-based approach supporting the semiconductor ecosystem by leveraging the program’s 50-year history of industry alignment. SMCC is currently working on developments to two cybersecurity standards:
- E187: Specification for Cybersecurity of Fab Equipment
- E188: Specification for Malware-Free Equipment Integration
Share on:
Testimonial
"We’re proud to call I-Connect007 a trusted partner. Their innovative approach and industry insight made our podcast collaboration a success by connecting us with the right audience and delivering real results."
Julia McCaffrey - NCAB GroupSuggested Items
Microchip Earns IEC 62443-4-1 ML2 Industrial Automation and Control System Certification
04/08/2026 | MicrochipAs connected systems spread across residential, industrial and commercial environments, the need for independently verified cybersecurity assurance is becoming a core requirement.
FIH Achieves ISO 26262 and ISO/SAE 21434 Dual Certifications from DEKRA
12/29/2025 | FoxconnFIH, a subsidiary of Hon Hai Technology Group (Foxconn) announced that its key automotive electronics product, the Telematics Control Unit (TCU), has successfully passed DEKRA process certification and obtained both ISO 26262 Functional Safety certification and ISO/SAE 21434 Automotive Cybersecurity certification.
CMMC 2.0: What You Need to Know
12/29/2025 | Marcy LaRont, PCB007 MagazineTenets of the Department of Defense's (DoD) Cybersecurity Maturity Model Certification Program (CMMC) 2.0 went into effect on Nov. 10. What are the primary differences between 1.0 and 2.0 compliance, and what exactly must be in place now? CMMC 2.0 is now being written into DoD contracts and enforced through DFARS (Defense Federal Acquisition Regulation Supplement), with a three-year phased rollout. For PCB and electronics manufacturers in the defense supply chain, this is now a real gate to doing business with the DoD, not a “nice to have.”
Real Time with... SMTA International 2025: Navigating Cybersecurity and Compliance in Manufacturing with Integris
11/04/2025 | Real Time with...SMTAIMarcy LaRont introduces Michael Doucette from Integris at the SMTAI show, where they discuss the significance of networking and the new CMMC level 2.0 compliance requirements for manufacturers with DOD contracts. Integris shares their approach to technology assessments and highlights common cybersecurity risks. They emphasize the shift to cloud services and provide practical cybersecurity tips, underscoring the increasing importance of cybersecurity in IT strategies.
TTM Technologies Achieves CMMC Level 2 Certification
08/11/2025 | TTM Technologies, Inc.TTM Technologies, Inc. announced that it has been officially appraised at Final Cybersecurity Maturity Model Certification (CMMC) Level 2, demonstrating the company’s strong commitment to safeguarding Controlled Unclassified Information (CUI) and to meeting the Cybersecurity requirements of the U.S. Department of Defense (DoD).