James Moyne: Industry Still ‘Charting its Course’ on Data Security
By David Lammers
Developing security standards so that data analysis experts can work together to solve thorny process control challenges remains a top priority as semiconductor manufacturing moves to a smart manufacturing model.
|Dr. James Moyne|
A key player in the smart manufacturing and data security movements, Dr. James Moyne divides his time between jobs at both Applied Materials and the University of Michigan, including enough work on key SEMI standards to have received that organization’s Lifetime Achievement Award this summer for standards in the areas of process control (including E133 and E126), sensor bus (E54), and big data (E148 and E160). He is also the co-chair of the factory integration thrust of the IEEE-sponsored International Roadmap for Devices and Systems (IRDS).
At Applied Materials, Moyne consults with the advanced services engineering group, part of Applied Global Services® (AGS), where his role is to contribute to the future direction of AGS software, virtual metrology, predictive maintenance, and smart manufacturing initiatives.
"We are working on a roadmap for developing the best analytical solutions to solve problems, and not just for new software products but also for improving existing technologies," Moyne said. For example, Applied’s fault detection (FD) product now does automatic feature recognition, which reduces the time and cost of FD model- and limits setups. There are also new smart manufacturing products, including ways to work with the supply chain to guarantee confidentiality of data as we go up and down the supply chain."
Infrastructure for Digital Twin Re-Use
At the University of Michigan (UofM), Moyne co-leads research projects on smart manufacturing, including current work on developing a digital-twin, object-oriented infrastructure. (A digital twin is a digital replica of a physical thing, process, or system that has a specific purpose.) Moyne and his team will present these UofM results at the upcoming October 2019 APC Conference.
"There are lots of good solutions for run-to-run (R2R) control, virtual metrology, predictive maintenance, virtual and augmented reality, scheduling and dispatch. These are all part of the digital-twin approach to manufacturing. When you start to combine them, you can achieve a whole new level of capabilities (figure 1), but if they are developed in isolation they don’t combine well. We are developing an infrastructure that allows you to either aggregate or generalize digital twins in an object-oriented hierarchy, so you can go up and down the hierarchy to combine or re-use capabilities."
Figure 1. Smart manufacturing integrates a variety of solutions into a digital twin: a digital replica of a physical thing, process, or system.
The Michigan work, which is supported by the National Science Foundation, would enable the reuse and extensibility of solutions, allowing both proprietary and commercial applications to be integrated into a digital-twin, smart manufacturing environment. At some point, open-source software might play a role.
"We are still trying to chart our course, to gain a better understanding of how applications might all work together, first from a technology perspective, followed by a standards perspective. So long as they use a standard interface and provide a specified capability, you could unplug one digital twin for something and plug in another, in an interoperate-and-interchange framework approach," he said.
"Smart manufacturing requires a cooperative effort to integrate the software, tools, and human expertise, and a better environment for the integration of knowledge into a knowledge network," Moyne said. (Figure 2)
Figure 2. Smart manufacturing depends on a secure environment so that subject matter experts (SMEs) can analyze data from a network of sensors and other sources.
The Data Security Conundrum
Some industries are taking advantage of the cloud infrastructures being developed by Amazon, IBM, Microsoft, Google, and others. However, the semiconductor industry is comprised of companies that take different views toward sending data out of the fab. Some companies prevent suppliers’ engineers from bringing any electronics into or out of a fab, while others prevent engineers who work on data analytics at its fabs from doing similar work at a competing company’s fab sites. Still others allow data to be shared over the Internet, but with strict procedures for data partitioning and security.
"The barrier that we have to overcome is to figure out better ways to share collective knowledge without having to worry so much about data or IP leakage," Moyne said. "We are really just getting started on standards that focus on data security. The biggest challenge by far is figuring out how to engage with customers more collaboratively while addressing the need for security."
Security is a very short word for a very big topic, with data security and IP partitioning among the most important aspects. "We are just at the beginnings of understanding the problems and working on the standards effort," Moyne said.
The standards-development process involves three broad steps, first with academic papers that explore potential solutions, in this case towards data security for advanced process control and smart manufacturing. Then, experts and interested parties begin developing solutions, and finally, standards are developed around the most promising solutions.
The semiconductor manufacturing industry, Moyne said, is entering the second of the three stages for data and IP security. "The papers are out there identifying the issues, and the IRDS has added that to the roadmap describing the technical challenges and identifying the beginnings of potential technical solutions," he said.
In one area, involving the security of computer systems used in fab equipment, a standards group within SEMI has formed, with co-chairs from Intel and Cimetrix Inc., to tackle the issues of how to securely deploy software on fab equipment, including revision control.
Moyne said while that is a good start, the more complex problem how to develop standards to protect data and IP as it moves out of fabs to the cloud or remote locations has yet to be confronted in a formal manner.
"When you are trying to come up with a standard, you need to understand what the technical challenges are and determine what the current state of the art is in terms of providing a potential solution going forward. If everybody is on the same page in defining these two issues, then it is much easier. Unfortunately, we are not there yet with data sharing and IP security," Moyne said. "Security represents a unique problem because developing a standard requires that company representatives come together and divulge to all their equipment suppliers what they are doing today, and how they are doing it."
With companies each having their own security policies, it is difficult to deploy limited human resources efficiently. Bringing engineers from multiple companies to a customer’s fab site at the same time requires travel coordination and considerable commitments of time and money. If the experts could meet online and deal with a common data set stored in the cloud, process control solutions could be developed much more efficiently, Moyne said.
"In our industry companies have fundamentally different security policies, with different views on security, or in some cases a lack of understanding of what is secure and what isn’t. That has resulted in a ‘better safe than sorry’ policy with a lot of these companies. As a result, they are sacrificing APC capabilities because they want to guarantee security. The companies that tend to benefit are those that establish a baseline of what is secure and what can be done today with current security protocols," Moyne said.
SEMI has developed a standards-development process—in which Moyne has played a central role—that requires bringing people together. "Over the years I’ve come to appreciate how standards involve bringing people together to listen and understand different points of view. What I’ve tried to do is understand consensus points that reflect what everybody is thinking. A lot of what standards is about is a willingness to check egos and get people who are competitors to work together. That requires the ability to listen and learn on the fly," he said.
A challenge that is perhaps particular to semiconductor manufacturing, is that the APC software providers tend to be separate from vendors providing security, including the security embedded in the major cloud service providers. Amazon, Microsoft, and others are not players in advanced process control, and the APC vendors tend to not deal with data security. Applied Materials is working to bridge the gap, Moyne said, but generally speaking "there is not a direct link between the security solution providers and the APC providers."
Because the cloud service vendors do not develop APC solutions, it is difficult to get them involved in SEMI’s data-security-for-APC standards efforts. On the other hand, "the APC people understand APC but don’t understand security."
Moyne said he is confident that the data security challenge is going to be solved. "Out of sheer desire and need, it is going to be solved. It will be interesting to see if it is solved through standards, so we can find ways to successfully play together," he said.
For additional information contact firstname.lastname@example.org.