The United States’ passage of last year’s CHIPS Act granted over $200 billion in new funding to boost domestic research and manufacturing of semiconductors. While the U.S. has become increasingly strong in chip design, it has historically relied heavily on other countries for chip manufacturing. Investments from the CHIPS Act will help reduce dependence on other nations and expand the U.S.’s domestic manufacturing capacity. At the same time, it will provide the country with more resources to compete in the AI race, as demand for AI chips remains sky-high (evidenced by increased funding in AI startups and recent earnings from NVIDIA & Qualcomm).
Taken together, we’re in the midst of a chip renaissance in the United States. And with that, the landscape is beginning to change. As domestic manufacturing picks up, we will likely see an increase in U.S. foundries, and as a result, fabless semiconductor companies will soon have options both in the U.S. and abroad. This renewed age of collaboration, with more players and deeper roots in the U.S., will drive greater outcomes for the entire chip industry and its customers — but it will also come with risks.
Collaboration Breeds Innovation
Greater collaboration across more vendors in the chip ecosystem provides several benefits to companies in the space. For one, it allows each company to exercise greater focus. When a company attempts full-scale vertical integration (e.g. handling everything from design to manufacturing), sometimes the company can’t execute all of the singular pieces exceptionally well because of how much work this entails.
When a company can instead focus on individual pieces of the puzzle (e.g. just design or manufacturing only specific types of chips), execute them precisely, and then outsource other pieces to companies that can execute their parts well, you’ll get a better product in the end.
Relatedly, collaborating with third parties frees up time for a semiconductor organization to invest in areas like the research and development of new technologies, which will spur more innovation and better products for customers.
For example, take a look at NVIDIA which currently outsources its chip production to TSMC (Taiwanese Semiconductor Manufacturing Co.) and other foundries. Its decision years ago to focus on chip design and be a fabless company allowed NVIDIA to focus on bettering its existing technology and innovating to create new technologies. This decision has since granted them a virtual monopoly on GPUs.
The Cybersecurity Risks
While collaboration will play a key role in further developing the U.S. semiconductor industry, it also opens companies up to greater security risks. Like with any business, the more partners, vendors, and suppliers that you work with, the more that your sensitive information is being shared externally. Oftentimes once sensitive company information has left the enterprise, teams lose the ability to protect that data and must rely on the security of their third-party partners. A startling statistic is that 65 percent of organizations have not even identified the third parties that have access to their most sensitive data, meaning they don’t actually know who has their secrets.
In manufacturing, this third-party risk is even more serious given the highly sensitive IP being shared within and across the semiconductor industry, and the large number of vendors most chip companies work with, from materials suppliers to capital equipment makers to R&D labs.
For example, if a semiconductor company is working with a fabrication plant, they will need to share sensitive information about chip design. Traditionally, once sensitive information is shared with a third-party partner like a fabrication plant, the semiconductor company can’t control and protect its data. Instead, they’re reliant on the plant’s security practices, which could be lax and leave sensitive information up for grabs.
Not only is that problematic as that IP could be leaked to a chip company’s competitors, but there could even be geopolitical consequences as foreign countries could get their hands on the United States’ chip IP and misuse it.
To begin to address the risks that come with collaboration, security teams can shift to focus on protecting the data itself, rather than the traditional cybersecurity approach of focusing on perimeters or endpoints. To do so, teams can take the following steps:
- Classify your data. To classify your data, ask questions such as what is the purpose of the data, what format is it in, where does it live, who uses it, and are they in or outside the organization.
- Develop policies that continuously protect data. Using the questions above, teams can begin to understand the lifecycle of company data and develop policies that keep it protected wherever it goes.
- Automate your data protection. Automation is a necessary element in the data security world as it helps avoid human error or oversights.
- Solicit feedback and prioritize usability. Make sure to work with employees outside of the security team to see what is working and what isn’t, where they may need more flexibility, and when workflow processes may be changing.
By knowing and addressing these risks at the beginning of our onshoring efforts, we can set the industry up for success moving forward and shape the U.S. as a leader in the semiconductor space.