SEMI E169 - Guide for Equipment Information System Security
This Standard was technically approved by the Information & Control Global Technical Committee. This edition was approved for publication by the global Audits and Reviews Subcommittee on February 10, 2015. Available at www.semiviews.org and www.semi.org in June 2015; originally published April 2014.
Incidents, such as the destruction of information by computer virus, confidentiality infringement due to leaked information, and limited information availability due to the denial of service, are reported daily throughout the world. Semiconductor manufacturing equipment information systems are also exposed to these threats.
Accordingly, security measures have become an inevitable requirement for semiconductor manufacturing equipment.
There are requirements for the security of semiconductor manufacturing equipment, such as:
- Malware (virus) protection that does not harm equipment performance
- Confidentiality protection of recipes that does not degrade equipment operation efficiency
- Availability of equipment operation log files for troubleshooting without compromising confidentiality security
- Availability of equipment design information for the user without compromising confidentiality security
Security measures are tailored to management plans for semiconductor manufacturing lines by individual equipment users. Negotiations of the security policies for equipment information system between equipment users and suppliers are inefficient because they vary by customer. Furthermore, the robustness and sustainability of these deals has not been substantiated. Guidelines for information security on semiconductor manufacturing equipment are required.
The purpose of this Standard is to establish a common basis for equipment information system security. This can be shared among users and suppliers of semiconductor manufacturing equipment, suggesting concepts and measures of information security.
This Standard is expected to:
- Provide guidelines of applying appropriate security measures for equipment to optimize cost, delivery, and reliability.
- Make the design of user security systems easier and more robust by providing knowledge of the role and responsibility of equipment in the factory.
- Provide a common language to express the needs and evaluation methods of, and gain a consistent understanding within, the industry.
- Promote an open standard to provide a portable and interoperable implementation.
This Standard covers the domain of semiconductor manufacturing equipment operation.
The domain includes:
- Entities (person, process, system) that interact with the equipment
- Data objects of the equipment operation
- Embedded information system components inside the equipment
Entities external to the equipment domain (e.g., factory or company) will be addressed only when that entity is related to the equipment information security.
This Standard addresses the following subjects in the creation of guidelines for information security related to equipment operation:
- The goal of information security (Confidentiality, Integrity, Availability)
- Assets to be secured (Equipment Information Asset)
- Roles to be supported by the equipment information system
- Significant security requirements (e.g. malware protection, illegal access protection on networks, local operation, hardware, disposing of components, etc.)
Referenced SEMI Standards
SEMI E5 — SEMI Equipment Communication Standard 2 Message Content (SECS-II)
SEMI E30 — Generic Model for Communication and Control of Manufacturing Equipment (GEM)
SEMI E37 — High-Speed SECS Message Service (HSMS)
SEMI E40 — Standard for Processing Management
SEMI E87 — Specification for Carrier Management
SEMI E90 — Specification for Substrate Tracking
SEMI E94 — Specification for Control Job Management
SEMI E116 — Specification for Equipment Performance Tracking
SEMI E120 — Specification for the Common Equipment Model (CEM)
SEMI E125 — Specification for Equipment Self Description (EQSD)
SEMI E132 — Specification for Equipment Client Authentication and Authorization
SEMI E134 — Specification for Data Collection Management
SEMI E139 — Specification for Recipe and Parameter Management (RaP)
SEMI E147 — Guide for Equipment Data Acquisition (EDA)
SEMI E148 — Specification for Time Synchronization and Definition of the TS-Clock Object
SEMI E157 — Specification for Module Process Tracking