The Department of Commerce (DoC) has released a new report outlining how the department will approach implementing zero trust security measures in the process of validating microchips and microelectronics.
DoC said it will look to initiate a comprehensive approach that will include standards, methods, and guidelines including the following:
- Methods, reference design kits, and guidelines for security analytics and automation, including pervasive security to address formalized threat models;
- Enhanced vulnerability management across the overall product life cycle from inception to end of life;
- Documentary standards for hardware security and provenance; and
- Development and use of trusted emerging techniques.
“Security begins before chip design even starts – there is a critical need for a structured and uniform approach to security across the manufacturing lifecycle,” stated Matthew Areno, Senior Director of Security Assurance and Cryptography, at Intel.
The government’s focus on semiconductor manufacturing security comes on the heels of the passage of the CHIPS Act in August which aims to incentivize manufacturing of semiconductors in the United States.
“Many aspects of security must be considered to create protected hardware environment,” DoC said in the new report. “For example, integrated chipsets could have embedded malware, and assembled parts could have compromised components. New Methods and standards are needed to create a semiconductor ecosystem that is rooted in trust and assurance,” the report says.
The report also talks about inclusion of Rapid Assured Microelectronics prototypes (RAMP) into microelectronics manufacturing. “RAMP provides a secure, scalable platform for microelectronics design, manufacturing, and supply chain management,” DoC said in the report.