Japan’s Ministry of Economy, Trade and Industry has published new operational technology (OT) security guidance for semiconductor factories.
The 130-page document is available in both Japanese and English. While the guidance is aimed at semiconductor device makers in Japan, it may be useful to organizations worldwide, particularly as it leverages not only Japan’s Cyber/Physical Security Framework (CPSF) but also internationally used frameworks such as the NIST Cybersecurity Framework (CSF) 2.0.
It’s worth noting that in the United States NIST is also working on a CSF 2.0 variant that is specifically aimed at semiconductor manufacturing.
Chipmakers around the world have been targeted by threat actors, including by profit-driven cybercriminals, and sophisticated state-sponsored threat actors linked to North Korea and China.
“Considering the economic and national security importance of the semiconductor industry and the growing cyber threats and risks at present, it is imperative to implement and strengthen security measures, including countermeasures against advanced cyberattacks,” noted the authors of Japan’s new OT security guide.
The guide describes reference architectures for semiconductor device manufacturers, and the security risks faced by such organizations in various areas of their environment.
In addition, it recommends specific security measures that should be implemented, including asset management, vulnerability assessment, minimizing potential damage, monitoring, incident response and recovery, and physical access restrictions.
In addition to the full guide, Japan’s Ministry of Economy, Trade and Industry has made available a 23-page summary. Both are available in PDF format.
Related: Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm
Related: Radiflow Unveils New OT Security Platform
Related: ICS/OT Security Budgets Increasing, but Critical Areas Underfunded
