How to balance regulating semiconductors with global security and technological progress
Semiconductors need to be secured against all risks Image: LamaiC - stock.adobe.com
- Exploring the implications of AI advancements on semiconductor usage in sensitive and potentially harmful applications highlights the need for regulation.
- There are many challenges in tracking semiconductor distribution and embedding hardware security.
- It is necessary to examine the trade-offs, costs and benefits of implementing regulations on semiconductor security and traceability.
The advancement of artificial intelligence (AI) carries a significant potential to influence society and geopolitics, particularly when misused with malicious intent. Chipsets, vital to AI technology, are increasingly central in geopolitical tensions, a consequence not solely attributed to AI. Every digital device incorporates numerous semiconductor components. Industries, such as automotive, are witnessing a remarkable increase in the use of semiconductor parts, reflecting the rapid growth in this sector.
The progress in technology, closely linked to advancements in the semiconductor industry, is a key driver of economic growth and military enhancement. Countries or regions commanding the semiconductor market and its supply chains are poised to gain increasing strategic leverage in technological innovation, AI development, economic expansion and military prowess.
How is the World Economic Forum creating guardrails for Artificial Intelligence?
Governments worldwide are making significant investments in the semiconductor industry to secure technological and economic advantages. From 2010-2015, China has been channelling billions into its semiconductor sector. Similarly, the US and EU initiated substantial investments in their semiconductor supply chains in 2022. The growing recognition of semiconductors' strategic importance, coupled with escalating global tensions, has triggered various measures such as sanctions against Russia and Iran, restrictions on exporting telecom and AI chipsets to China, China's prohibition of certain US chipsets in its critical infrastructure and tariffs on electronic components from China. These developments, reflecting the semiconductor industry's crucial role in technology advancement, economic influence and military capability, raise a pivotal question: should there be regulations mandating traceability and hardware security in semiconductor products?
Traceability and security challenges posed by semiconductor distribution
Despite sanctions and export restrictions, controlling the global distribution of semiconductor components remains a formidable challenge. The vast network of distributors and resellers makes it almost impossible to monitor the flow of these components effectively. Semiconductor sales professionals are particularly aware of this complexity, as they often struggle to track component distribution for their sales commissions, especially when dealing with manufacturers in Southeast Asia. Presently, it's a common issue that no semiconductor company can accurately trace the final integration and use of their devices.
Technologies developed by Kudelski IoT and others offer solutions for traceability and security, facilitating the secure provisioning of devices into various ecosystems. However, many semiconductor products have yet to fully adopt or integrate these technologies.
Integrating a secure, unique, tamper-resistant identity into semiconductor components is essential for meeting security and traceability requirements. Such an identity would enable stringent security controls, verifying ownership, origin and authenticity and allowing devices to be revoked or flagged if used unexpectedly.
This approach also helps combat the increasing problem of counterfeit chipsets. While the necessary hardware and systems for these security measures exist, they come at a cost. Given the current geopolitical climate, the crucial question remains: what is the acceptable price for such security integration and can we afford to forego these critical controls?
Balancing security and industry impact
The integration of enhanced security features into semiconductor products inevitably increases costs. These additional expenses are compounded through distribution and reseller channels, impacting the gross margins of semiconductor companies. Since gross margins are a critical metric closely watched by investors, semiconductor firms are often hesitant to adopt measures that might negatively affect them. However, the typical cost increase for integrating security, which ranges from 2-5% of the total semiconductor cost, is generally viewed as a reasonable compromise given the benefits.
Globally, various government agencies are establishing guidelines and, in some instances, regulations mandating that semiconductor devices incorporate secure identities and meet specific security standards. The European Union is set to introduce the EU Cybersecurity Act, enforcing new rules for both hardware and software products. Similarly, in the United States, the National Institute of Standards and Technology (NIST) and the Federal Communications Commission (FCC) are rolling out analogous requirements. Additionally, countries such as Singapore are implementing their own regulations to enhance the security and traceability of semiconductor products. These international efforts underscore the growing consensus on the importance of security in the semiconductor industry.
In 2023, the spotlight was on the Chip Act and semiconductor investment. Looking ahead to 2024, the focus should shift towards enhancing the security and traceability of semiconductors. This is poised to be a key initiative for the industry and governments. The aim is to establish and enforce guidelines and regulations that not only ensure safety and security, but also maintain a balance with ongoing growth and technological advancement. This dual focus is essential for the sustainable progress of the semiconductor sector.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Tech and Innovation
Related topics:
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on Forum InstitutionalSee all
Gayle Markovitz and Spencer Feingold
December 2, 2024