Hardware level security of components in the semiconductor industry today largely focuses on the protection of IP (intellectual property), if at all. The level of effort and effectiveness of the IP protection, when implemented, is usually not intended to be a main focus of the design taking a backseat to safety and performance. With the cyber security landscape seeing an increase in successful attacks and ransomware it is apparent that a change is needed. Change is also driven by new legal obligations and increasing customer specifications. Regulatory pressures, such as the EU's NIS2 directive and the EU Cyber Resilience Act (CRA) for example, mandate stringent cybersecurity measures to protect infrastructure and sensitive data. Additionally, customers are increasingly demanding robust security assurances, expecting manufacturers to safeguard their products against potential cyber threats. These evolving requirements highlight the necessity for a comprehensive approach to cybersecurity that goes beyond traditional IP protection and addresses the broader spectrum of risks. The industry best practice for secure system design today is to model the systems security around “zero-trust” where each component contributes a part to a defense -in-depth approach to maximize the systems cyber resiliency. One major component in the semiconductor industry, seeing the need for security is the PSU (power supply unit). The Modular Hardware System – Common Redundant Power Supply (M-CRPS), published by the Open Compute Project (OCP), is one of the first industry-standard power supplies to include product cybersecurity in it’s requirements. These requirements apply an embedded system's cyber security approach to a hyper-scale power supply. The system requires the implementation of three security features: (1) secure boot, (2) run time attestation, and (3) secure update. Implementing similar security features may be beneficial for PSUs the semi-conductor industry as well. Security features in the PSU component enable interactions at the system level that allow for the monitoring of anomalies in the embedded components. Additionally, unique identities in the PSU enable a deeper layer of provenance tracking in the event of an incident. After introducing the new security requirements and their system benefits, this talk will explore how the PSU industry is improving component security and the goals to expand the features already successfully implemented.
