Raising the Security Baseline for the Semiconductor Industry

Introduction

In today’s semiconductor manufacturing environment, cybersecurity isn’t optional — it’s essential. As fabs become more automated and globally interconnected, the risk of cyberattacks targeting tools, controllers, and supply chains continues to rise.

To address this, SEMI introduced the E187 Standard — Specification for Cybersecurity of Fab Equipment — a framework defining the minimum cybersecurity requirements for semiconductor manufacturing equipment. This standard aims to ensure that tools entering a fab are secure by design, not retrofitted after the fact.

What is SEMI E187?

SEMI E187-0122 establishes a cybersecurity baseline for fab tools and Automated Material Handling Systems (AMHS) that run on Windows® or Linux® operating systems. It does not currently cover PLCs, SCADA systems, or devices connected via sensor-actuator networks like PROFIBUS, MODBUS®, or DeviceNet®.

View the official SEMI Standard: https://store-us.semi.org/products/e18700-semi-e187-specification-for-cybersecurity-of-fab-equipment

The standard defines overarching requirements in four core areas:
– Supported Operating Systems and Patch Management
– Network Security and Access Controls
– Endpoint Protection and Malware Prevention
– Security Logging and Monitoring

For OEMs and fabs, E187 provides a shared vocabulary for defining, testing, and validating equipment cybersecurity.

Why It Matters

Semiconductor tools are deeply interconnected — between the fab’s IT and OT networks, vendor update servers, and field service systems. A single weak point in a tool’s configuration can expose the entire production line.

Key drivers behind E187:
– Rising cyber incidents targeting global manufacturing and fab automation networks.
– Procurement adoption — leading fabs like TSMC now require E187 compliance in supplier contracts.
– Alignment with global frameworks such as ISA/IEC 62443, making compliance more universal.
– Competitive advantage — OEMs demonstrating E187 compliance stand out in fab procurement.

The Four Pillars of E187 Compliance

1. Operating System Security
   – Ship only vendor-supported OS versions.
   – Implement hardening baselines.
   – Maintain patching and update mechanisms.

2. Network Security
   – Use encrypted protocols (SSH, HTTPS, SFTP).
   – Segment internal tool networks.
   – Monitor and restrict port access.

3. Endpoint Protection
   – Maintain anti-malware, access control, vulnerability scanning.
   – Restrict removable media.
   – Enforce least-privilege access.

4. Security Monitoring
   – Enable and retain logs.
   – Report events to fab security systems.
   – Document pre-shipment scans.

Implementation Guidance

For Equipment OEMs:
– Integrate cybersecurity design early.
– Provide documentation: OS versions, patch plans, endpoint strategy, network topology.
– Perform vulnerability and malware scans before shipment.
– Maintain auditable documentation.

For Fabs:
– Include E187 compliance clauses in supplier contracts.
– Require OEM cybersecurity documents.
– Verify compliance during factory acceptance.
– Integrate E187 with monitoring tools like SEMI E191.

How It Fits with Other SEMI Standards

E187 works alongside related standards:
– E188: Malware-Free Equipment Integration (Claroty Blog: https://claroty.com/blog/understanding-semi-e187-e188-compliance-for-the-semiconductor-industry)
– E191: Cybersecurity Status Reporting

Together, they form the foundation of fab equipment security and align with ISA/IEC 62443 guidelines.
Learn more: https://gca.isa.org/blog/understanding-the-relationship-between-semi-e187-and-isa/iec-62443-in-equipment-security-implementation

Key Takeaways

– E187 = Baseline, not optional.
– OEMs must document compliance.
– Fabs should validate cybersecurity readiness.
– Compliance builds trust across the supply chain.

Early adoption gives equipment suppliers a strong edge in the market.

Final Thoughts

The release of SEMI E187 marks a significant shift from reactive patching to proactive design. For equipment makers, it’s an opportunity to modernize architectures and demonstrate resilience. For fabs, it’s a framework for securing production environments.

By embracing E187 now, fabs and OEMs together are building a stronger, safer, and more future-ready semiconductor ecosystem.

References

– SEMI E187 Official Standard: https://store-us.semi.org/products/e18700-semi-e187-specification-for-cybersecurity-of-fab-equipment
– SEMI Quick Start Guide: https://www.semi.org/zh/technology_and_trends/quick_start_guide_to_new_cybersecurity_standard_e187
– PEER Group Overview: https://www.peergroup.com/definition-of-standard/semi-e187
– TSMC ESG Report: https://esg.tsmc.com/en/update/responsibleSupplyChain/caseStudy/43
– Intertek SEMI E187 Summary: https://www.intertek.com/semiconductor-equipment/semi-e187
– Claroty Blog: https://claroty.com/blog/understanding-semi-e187-e188-compliance-for-the-semiconductor-industry
– ISA/IEC 62443 Relationship: https://gca.isa.org/blog/understanding-the-relationship-between-semi-e187-and-isa/iec-62443-in-equipment-security-implementation
– SEMI Watch 2024: https://www.semi.org/en/standards-watch-2024-mar/how-semi-e187-and-e188-standards-elevate-cybersecurity