Data security is challenging for semiconductor companies because the industry relies on fragile global supply chains and highly sensitive information. Semiconductor companies invest heavily in research and development, and this intellectual property is important for technological innovation and national security in the United States. That’s why the U.S. passed the CHIPS and Science Act to improve the competitiveness and stability of domestic semiconductor manufacturing.
The industry’s complex supply chain includes silicon vendors, semiconductor fabrication plants (fabs), original equipment manufacturers (OEMs), and many others sharing intellectual property related to chip designs, manufacturing processes, and more. Malicious actors often target this sensitive information because it can be sold to competitors on the dark web, ransomed back to the company, or used to replicate chips.
Read on to learn more about the sensitive data types in the semiconductor industry, and how Cyera can help companies protect their intellectual property.
Sensitive Data Types in the Semiconductor Industry
For most companies in the semiconductor industry, the most sensitive data is intellectual property — just like in the pharmaceutical industry. Chips are time-consuming and expensive to design, manufacture, and integrate into final products. This makes information that improves any aspect of the semiconductor supply chain a massive competitive advantage.
Here are five types of sensitive intellectual property data that silicon vendors, fabs, and OEMs need to protect.
Source Code
Silicon vendors use a hardware description language (HDL), typically Verilog, to describe digital circuits RTL (register-transfer level). This information captures how the chip functions logically and can also be used to simulate the circuit for testing. This HDL code is often used as an input for CAD (computer-aided design) tools to produce visual schematics.
HDL code is sensitive because the substantial research and development (R&D) effort involved in creating innovative chip designs is expensive. If a competitor steals a chip’s HDL code, the silicon vendor can lose out on the potential revenue they would generate from years of R&D costs.
CAD Models
Silicon vendors usually create 2D and 3D models of their chip architectures, which are typically stored in CAD files. Engineers use synthesis and place-and-route (P&R) software tools to generate these designs that draw small electronic circuit components. The design can then be used for testing and verification before the chip designs are shared with fabs.
Similar to HDL code, CAD models are important to protect because this information can be used by competitors to gain trade secrets about the chips. Chip design is a major source of income for silicon vendors, so it’s important to keep this proprietary information behind closed doors.
Product Roadmap & Patent Applications
Along with existing CAD models and source code, silicon vendors often share information about their next generation of chip features with their customers, typically OEMs. Some chips have a three year manufacturing cycle, requiring more than two years to develop and more than 3 months to manufacture. This makes the product roadmap highly sensitive because if it is leaked to competitors, they’ll have an opportunity to match or exceed the product.
Developing innovative chip architectures that are smaller and more efficient is the core business for silicon vendors, so they invest heavily in new designs with the expectation to be rewarded for this R&D effort. This means confidentiality is important for any files that contain product roadmap details — especially during the development phase. This sensitive data also includes patent applications that are filed prior to releasing a new chip design.
Once the chip is shipped, it becomes available to the public and competitors can legally get their hands on it. The semiconductor company is ideally developing the next generation of chips by the time their competitor figures out the current design and replicates it. This makes protecting product roadmap and patent application data essential for remaining competitive in the semiconductor industry.
Manufacturing Process Details
Fabs use an elaborate lithography process to convert bare silicon into wafers that contain an IC (integrated chip) die. This process involves many cycles to produce silicon wafers that contain billions of transistors to meet proprietary design specifications. And to remain competitive in the semiconductor industry, an efficient manufacturing process is necessary.
The specific manufacturing process a fab uses is documented in many types of documents. This information must be protected to ensure fabs and the silicon vendors they partner with can bring chips to market before the design and manufacturing process can be replicated by competitors.
Product Specifications
Fabs provide product specifications that describe how to use the chip to OEMs. This means OEMs receive the physical chips, software, and datasheets explaining how to integrate the chip into their end products. For example, car manufacturers like Ford and Volkswagen procure chips for advanced driver-assistance systems (ADAS) and connected car features. These OEMs need the product specifications to make sure the chips fit into the design of their own final products.
The product specification and datasheet are considered sensitive information because competitors can use this to develop similar chip features. This means both fabs and OEMs need to secure the product specification data to protect the intellectual property along the semiconductor supply chain.
How Cyera Helps Protect Intellectual Property and Sensitive Data
Cyera’s data security platform provides deep context on your data, applying correct, continuous controls to assure cyber-resilience and compliance. The platform can automatically discover and classify files, learning your unique and proprietary data automatically using advanced machine learning. This enables Cyera to autonomously identify your CAD designs, source code, product roadmaps, product specifications, and other intellectual property and keep it secure.
Cyera dynamically identifies new data and changes to existing data as designs, manufacturing processes, and partnerships evolve. This means the platform determines whether the data is about a new design that has not yet been released to the public and identifies it as highly sensitive. Conversely, Cyera determines whether the data about the design is dated and marks it as less sensitive, helping security teams prioritize protecting the most important issues.
When Cyera determines that data is sensitive (confidential or restricted), the platform will validate the controls around the data. For example, Cyera pinpoints if sensitive data is not encrypted, or if it is broadly accessible to many employees, then remediates the exposure with integrations and workflow automations that fit into existing security operations processes. The platform also highlights real-time security exposures, misconfigurations or misuse to stop data breaches as the actions are taking place.
Cyera takes a data-centric approach to security, assessing the exposure to your data at rest and in use and applying multiple layers of defense. Because Cyera applies deep data context holistically across your data landscape, we are the only solution that can empower security teams to know where their data is, what exposes it to risk, and take immediate action to remediate exposures and assure compliance without disrupting the business.
Start protecting your sensitive IP data by scheduling a demo today.
.png)