At SEMICON West, cybersecurity experts from across the semiconductor value chain—fabs, design houses, toolmakers, suppliers, and research institutions—outlined a sobering truth: the semiconductor sector is entering a new era of exposure. Once characterized by specialized equipment, isolated networks, and long technology cycles, semiconductor manufacturing has become a highly digitized, globally interconnected ecosystem. Adversaries have noticed.
The collective message at the conference was clear: as the semiconductor industry accelerates toward the trillion-dollar mark, cybersecurity must evolve into a robust, industry-wide foundation rather than a series of isolated defenses. Geopolitical tensions, increasingly sophisticated threat actors, and the expanding digital footprint of advanced manufacturing are raising the stakes—but the emphasis was less on crisis and more on coordination. Discussions consistently reinforced that the industry is only as strong as its weakest link, underscoring the need for a common cybersecurity framework that extends beyond individual companies to include suppliers and sub-suppliers across the ecosystem.
1. A High-Value Target for Nation-State and Criminal Actors
Speakers highlighted that semiconductors have become synonymous with national competitiveness. Advanced chips underlie defense systems, critical infrastructure, AI acceleration, and global technology supply chains. This visibility has made semiconductor companies a top-tier target for nation-states seeking intellectual property, competitive advantage, or influence over global markets.
At the same time, cybercriminals have intensified operations targeting fabs. Ransomware groups understand that semiconductor manufacturers cannot tolerate downtime; even hours of halted production can translate into millions of dollars in losses. As one panelist put it, “Few industries offer attackers such immediate leverage.”
2. Complex, Globalized Supply Chains Expand the Attack Surface
Modern semiconductor supply chains encompass thousands of contributors, including EDA vendors, IP licensors, foundries, OSAT providers, mask shops, equipment suppliers, logistics partners, and customers across every major economic region.
At SEMICON West, experts described how these networks create a dependency web where any weak link becomes a systemic vulnerability.
Real examples shared by participants included:
- Compromised vendor accounts providing backdoor entry into fab systems
- Insecure remote maintenance channels inadvertently exposing tool interfaces
- Data leakage from design partners or subcontractors
- Lack of visibility into third-party cybersecurity controls
- The consensus: supply chain risk is no longer a theoretical concern—it is a fully operational one.
3. Structural Vulnerabilities Inside Every Fab
While attackers often enter through external partners, many risks originate within fabs themselves. Speakers emphasized that semiconductor manufacturing environments were not built for today’s threat landscape.
Key structural challenges include:
- Multi-decade tool lifecycles that cannot be upgraded or patched
- Proprietary, unsupported, or end-of-life operating systems that lack modern security controls
- Restricted downtime windows, making patching operationally difficult
- Fragmented vendor ecosystems where no single entity owns end-to-end security
These conditions create pockets of vulnerability that adversaries can exploit. The result is a manufacturing environment where applying uniform security controls is extraordinarily difficult.
4. Data Security Becomes a Core Manufacturing Concern
Fabs generate and exchange some of the most sensitive data types in modern industry, including:
- Process recipes
- Layout files
- Yield models
- R&D datasets
- Tool telemetry
- Engineering logs
Speakers warned that unauthorized access or manipulation of this information can do more than disrupt operations—it can alter product quality, shift competitive advantage, and compromise national technologies. Semiconductor data, one panelist noted, “has become valuable enough to reshape entire markets.”
5. Regulatory Momentum Is Reshaping Expectations
Across the event, experts pointed to a shift in regulatory posture. Governments and industries are establishing new cybersecurity requirements for:
- Product design
- Manufacturing system resilience
- Supplier assessment
- Vulnerability management
- Incident reporting
These emerging frameworks—such as the EU Cyber Resilience Act, the NIST CSF 2.0 Semiconductor Manufacturing Profile, and Japan’s Cyber-Physical Security Framework—are shifting cybersecurity from a discretionary investment to a precondition for operating globally.
6. Collaboration as an Industry Imperative
The overarching theme was clear: No single fab, supplier, or vendor can protect itself in isolation. Cybersecurity must become a shared responsibility across the ecosystem. Collaborative frameworks, joint assessments like SEMI Standardized Supplier Cyber Assessment, and standardized practices were all cited as essential steps toward raising the entire industry’s resilience.
As one SEMICON West expert noted, “This isn’t just about building stronger fences—it’s about raising the ground level for everyone.”
Source: “Secure Together: Building Cybersecurity Resilience Through Industry Alliances,” SEMICON West 2025. Speakers: James Kaplan (McKinsey & Company); Quentin Kantaris (TXOne Networks); Bradford Hegrat (Accenture); Nijaz Velic and Richard Morris (NY CREATES); Tom Palmaers and Giselle M.H. Van Tornout (imec); SZ Lin (Sun Square); Ross Mahler and Marty Wachi (Moxa); Simon Davies (Renesas); Jennifer Lynn (IBM); Prabhu Jayanna (AMD); Anusha Annapareddy (Applied Materials); Bertrand F. Cambou (High Entropy Security); Daniel O'Loughlin (Qualcomm). Panel moderator: Andrew M. Seward (Tokyo Electron America).
