Vishal Gauri is the chief strategy officer at Seclore. All opinions are the author’s own.
In the spring of 2021, the topic of semiconductors reached the mainstream. Google searches skyrocketed and every major media outlet was covering the topic as semiconductor shortages were being felt around the world, exacerbated by COVID-19 and its disruption to global supply chains. People previously unfamiliar with semiconductors soon began to realize that those little chips were in everything — cars, computers, smartphones, washing machines, medical devices, etc.
That shortage, and the impact it had on everyday consumers, coupled with an increasingly tense relationship with China, forced the United States’ hand in figuring out how to onshore chip manufacturing.
In August 2022, President Biden signed the CHIPS and Science Act into law, which promised to strengthen American manufacturing, supply chains and national security, and invest in research and development, science and technology. CHIPS also aimed to help keep the U.S. a leader in emerging industries, including nanotechnology, clean energy, quantum computing, and artificial intelligence. Since being signed, the U.S. has seen investments in and openings of chip facilities in North Carolina, New York, Arizona, Utah, Kansas and California.
Accelerating domestic chip production is a good thing. The U.S. currently only produces around 10% of the world’s supply of semiconductors, with roughly 75% of semiconductor manufacturing occurring in China and East Asia. These ongoing investments will help the U.S. maintain a competitive technological edge by lowering the cost of chips and creating new American jobs. Additionally, the more the U.S. can depend on tools and technology within its borders, the less risk they have when there are disruptions or disturbances in the global supply chain.
But, there are also incredible risks.
The cybersecurity implications of onshoring chip production
In the chip industry, data security has now become synonymous with national security. The chip designs, product roadmaps, IP, process equipment and other proprietary information of these U.S. fabs are of incredible interest to adversaries.
Last fall, the Biden administration enacted new rules to curb China’s access to certain U.S. chips, for fears that they could be used as components across China’s military infrastructure. Earlier this summer, the administration considered even more restrictions on the export of U.S. AI chips to China to further protect the United States’ critical technology.
The expectation from national security experts is that U.S. chips and chip fabs will be increasingly big targets for foreign hacks. So, what should manufacturers do to bolster their cybersecurity posture and mitigate the risks?
1. Ensure your own cybersecurity hygiene is exemplary
It’s imperative that semiconductor manufacturers prioritize the cybersecurity basics from the jump. Often, breaches occur because organizations lack foundational cybersecurity hygiene: requiring password updates, installing software updates and patches expeditiously, backing up data, ensuring an accurate inventory of all devices across the enterprise, and training employees about cybersecurity awareness and policies. Those practices are table stakes — manufacturers must ensure their house is in order.
2. Manage third-party risks across the supply chain
One of the greatest vulnerabilities chip manufacturers face is even tricker to solve than the first because it comes from the risks of third parties.
U.S. chip manufacturers work with a slew of third-party vendors every day, often sharing sensitive data — including chip IP and designs — with those parties. Collaboration is necessary and constructive, but the more hands that sensitive information passes through, the greater likelihood of negligent or malicious leakage of intellectual property, which could seriously threaten a manufacturer’s competitive edge and put their secrets at risk. To ensure that data is thoroughly protected, manufacturers must extend their security and risk management infrastructure to their vendors, advisors, sub-contractors and partners.
When vetting security solutions, especially with an eye towards ones that can mitigate third-party risks, there are a number of things to look out for. First, manufacturers need the ability to implement protections and controls over their data, wherever it travels. It’s important to note that semiconductor manufacturers face a unique challenge in that air gapping — a measure in cybersecurity where a sensitive network or computer is isolated and prevented from connecting with the internet and other devices — is a common and necessary practice. Fabs thus need solutions that afford secure access to critical and high value information, even when offline.
They’ll also need tooling that allows them to prevent unauthorized users from accessing and misusing the information, and the ability to revoke access at a moment’s notice. Finally, they need a way to maintain complete visibility over all activities performed by all users on sensitive information regardless of where it is stored.
3. Don’t get blinded by the shiny object
A well-meaning head of a manufacturing plant could very easily read the latest cybersecurity blogs and be led to believe that the answer to their cybersecurity disaster fantasies is implementing something like zero trust or an AI-based defense. But just because a technology or concept is hyped does not mean it will drive impact.
Zero trust as a concept has incredible potential, and as AI continues to mature, it will be crucial in helping detect anomalous behavior with precision and accuracy. But I’d still caution manufacturers to myopically and relentlessly focus on the most important and foundational pieces, which more often than not is data. Data and IP are the lifeblood of a chip fab, so start there. Formulate a clear cybersecurity strategy that focuses on a secure exchange of data. From there, it’s a crawl-walk-run. You can begin to layer on other technologies and protections that further build your fortress.
4. The path forward
The U.S. is in the midst of a semiconductor renaissance. The impact this will have on the economy, jobs, and geopolitics is hard to understate. This is an incredible opportunity for the country’s manufacturing industry. But with this opportunity comes responsibility, so let’s tread carefully, confidently and securely into this new era.