Security Challenges and Requirements for Control Systems in the Semiconductor Manufacturing Sector

(Extended Abstract) I. INTRODUCTION Moore's Law and the market requirements for higher perfor­ mance chips are driving the production of increasingly smaller transistors, and therefore, are forcing more stringent controls on semiconductor manufacturing processes and equipment, with a very small room for error. The second trend in the semiconductor industry is the adoption of the e-Manufacturing paradigm [1]. With the rise of fully-automated factories and the new technology size requirements for chips, new security challenges arise as the control systems are becoming increasingly more complicated. The need for high manufacturing yields using these systems is driving more Advanced Process Controls (APC). Control systems, already ubiquitous in the industry, are becoming more and more sophisticated. And complexity, as is widely acknowledged, is the enemy of security. The last trend in the industry is the tendency for manu­ facturers to form joint production ventures. The highly cyclic demand for various consumer electronic products is causing cyclical fluctuation in the manufacturing load of semiconduc­ tor factories. The high costs of development and production facilities for different technology node sizes is driving semi­ conductor companies to form join manufacturing partnerships instead of building new factories. Production of parts may be distributed among manufacturing partner facilities if the manufacturing load in one factory is too high, and part delivery deadlines cannot be met. This new manufacturing model is known the Manufacturing Grid. The goal is to utilize all the manufacturing resources that are distributed between different manufacturing partners and factories different chip parts. This paper presents threats to controls systems in the semi­ conductor manufacturing sector that are driven by the above trends in Section II. In Section III, we review recent research work related to the most important threat faced by these control systems. Section IV presents the research priorities and security requirements needed to mitigate these threats. Finally, Section V concludes the paper by summarizing its main points.