Cybersecurity and Semiconductor IP – Protecting Against Chip Counterfeiting

The combination of pandemic-induced chip demand, supply chain shortages and rising components costs put semiconductor IP at a greater risk than ever.

Protecting intellectual property involves a multi-pronged approach revolving around trade secrets, patents, trademark and copyright registration, strict IP lifecycle management protocols, employee training, and stringent data and cybersecurity procedures. Many people tend to think of cybersecurity in terms of software and Internet hacks, but in the semiconductor industry, the increasing demand for chip production has opened up vulnerabilities from the components supply chain to IP theft.

CHIPS and Science Act and Executive Order 14028

President Biden signed the CHIPS and Science Act in 2022 to boost U.S. chip production after repercussions from the COVID pandemic contributed to a global chip shortage. The act provides $52 billion in subsidies for chip manufacturers to build plants in the United States. Several months before that, he also signed Executive Order 14028, with directives for improving the nation’s cybersecurity.

In essence, the Executive Order requires U.S.-based companies to change long-established processes to comply with new federal regulations on information sharing between the private sector and the U.S. government. Companies must comply with new baseline security standards when supplying software to the U.S. government, and the Order mandates zero-trust architecture, multi-factor authentication and data encryption standards.

What do these new directives mean for semiconductor companies? One goal of the CHIPS Act is to improve security concerns along the supply chain by keeping sensitive IP within U.S. borders by fostering a secure and trusted environment for semiconductor design and manufacture. The Executive Order enhances security by requiring much more visibility into the design and development process, meaning companies will need to closely monitor and maintain visibility over their IP management lifecycle and the design and development activities.

Why These Changes are Important

With the chip shortage came a giant rise in counterfeit chips; and unfortunately, many companies remained silent about the incidents to avoid negative press. The Executive Order remedies that by requiring some companies to report cyber incidents and discoveries of fraud, particularly those that impact government networks and interests.

Fraudulent chips find their way into a wide range of applications, from everyday consumer electronics to more sophisticated equipment in aerospace and defense. With the increasing market demands and high prices of chip-building components, many companies found themselves sourcing components from unreliable sources or losing control over their supply chain security, ultimately compromising their IP or receiving faulty components. Counterfeit chips affect the greater economy by driving up costs, and can also result in life-threatening situations from phony chips in medical devices or safety and privacy vulnerabilities through smart home equipment.

Types of Counterfeit Chips

Counterfeit and fraudulent chips enter the marketplace through a variety of ways. Whether you are attempting to protect your IP from becoming compromised, or protect your company from accidental IP infringement through the purchase of fraudulent components, there are three main counterfeit chip types to be aware of:

Gray-market recycled chips: These are typically harvested from old electronics and circuit boards. Fraudsters will re-mark or modify them to appear new, making them difficult to detect.

Clones or fraudulent chips: These chips look and function the same as the original, authentic chips, but may have so-called “security back doors” or other hidden functions that can open up a wider security risk.

Over-produced and failed parts: Often there are parts and components that fail during quality testing, but wind up in the supply chain through other means. Failed parts may operate at a deficit, have certain faulty functions, or just may not meet the expected lifetime. Overproduced parts, if not destroyed or managed carefully, can also find their way to a fraudulent supply chain and resold.

Protect Your IP from Day One – Starting with Chip Design

In addition to registering mask work with the U.S. Copyright Office, there are steps companies can take to make it more difficult to counterfeit their original chip designs:

Watermarking: Optical watermarking involves embedding a pattern on the chip itself, or including a hidden circuit portion that reveals a watermark after an electrical trigger under specific conditions. Additionally, companies can embed active components into packaging that respond to a radio signal, or a more passive feature that can be visually discovered with specific lighting or tools – much like the watermarking on one hundred dollar bills. Watermarking packaging helps counterfeit detection during shipping and receiving.

Embedded cryptographic identity: This method involved embedding a unique cryptographic identity into each chip, which reports where and when the chip was manufactured and can be backed up by manufacturing records.

Structural marking of packaging (chemical or microscopic): This process employs difficult-to-reproduce chemical dyes, microscopic etching or engraving of patterns and identifiers into a chip that are extremely difficult for counterfeiters to reproduce.

Beyond the Chip – Best Security Practices

Strong IP protection is multi-faceted, as cyberattacks can come from multiple fronts. In addition to securing your chip design with physical attributes, it’s vital for companies to tighten up overall security policies from the supply chain to manufacturing to employee security training:

• Tighten up supply chain management to prevent failed or faulty chips from entering the gray market.
• Purchase components from known, vetted vendors to prevent accidental IP infringement from buying cloned or fraudulent chips.
• Invest in a counterfeit detection system: Sophisticated AI systems can inspect 100% of all component types as they go through the production line, and X-ray systems have been relied on for years to detect component anomalies.
• Implement strong cybersecurity measures such as zero trust, multi-factor authentication, secure firewalls and data encryption.
• Train employees on strong passwords, phishing scams, and procedures for sharing sensitive information – chip architects and designers especially need to know the implications of every security measure in place.
• Conduct regular security audits and penetration tests.
• Update software regularly.
• Respond quickly to any security incidents.
• Have a plan for data breaches and IP theft, with a clear and concise outline of what steps to take.

Messner Reeves can help you protect your semiconductor IP.

Our experienced attorneys are well-versed in the intricacies of IP and can help ensure your company is protected against IP theft and is in compliance with the newest federal regulations. Contact us today for a free consultation.