U.S. Semiconductor Research Hub achieves key milestones in securing semiconductor supply chain resilience

The U.S. Semiconductor Research Hub led by Principal Investigator (PI) Dr. Sarah Kreps within Cornell University’s Brooks Tech Policy Institute and PI Dr. Gregory Falco in the Aerospace Adversary Laboratory in Cornell’s College of Engineering, reached a significant milestone, achieving initial operating capacity for its cyber test range. This dedicated infrastructure is now actively analyzing cybersecurity threats and vulnerabilities affecting semiconductor technologies, integrated circuits, and their supply chain, a critical step toward securing the industry’s future. With its advanced capabilities, the hub is poised to identify and mitigate vulnerabilities affecting key semiconductor components.

Beyond hardware dependencies on sole-source suppliers, the intersection of software and hardware introduces additional complexities. Software is integral to the design, testing, and operation of semiconductor devices, and failures in software can lead to hardware malfunctions, yield losses, and security vulnerabilities. A flaw in the software controlling a chip’s fabrication process could result in defective products, leading to not only significant financial and reputational damage for the company, but also national security implications for the end users of the chips which include the aerospace and defense sector. The cybersecurity landscape further complicates matters. The security posture of a semiconductor company is only as strong as its most vulnerable supplier. This interconnectedness means that a breach in a third-party vendor can serve as an entry point for attackers, compromising the entire supply chain.

Hence, a major focus of the hub’s research is constructing an empirical network model of the semiconductor industry. By leveraging financial datasets and supply chain records, researchers are mapping the intricate web of cyber suppliers and identifying critical bottlenecks. This analysis includes centrality measures to pinpoint key players, community detection to understand industry clustering, and degree distribution analysis to assess systemic vulnerabilities. These insights will play a pivotal role in shaping strategic supply chain interventions.

Gaining a holistic understanding of the real-world impact of cyber threats is another crucial element of the hub’s work. Documenting past cyber intrusions that have disrupted supply chains; such as the SolarWinds, CrowdStrike and Stuxnet cases provides invaluable empirical insights into risk mitigation strategies. By analyzing these case studies, researchers are developing proactive security frameworks tailored to the unique challenges faced by semiconductor firms.

For this sensitive work, access to high-quality supply chain data is paramount. Commercially available data may not always meet the rigorous standards required for thorough analysis. As a result, the hub is establishing strategic partnerships to trace sub-suppliers at every level, ensuring transparency and accountability throughout the supply chain. We are proud to partner with a major semiconductor firm as a strategic partner, working alongside the hub to advance supply chain mapping and cyber risk assessments. This collaboration marks a significant step toward bolstering supply chain resilience across the sector and fostering deeper industry engagement.

By integrating advanced threat intelligence and cutting-edge cybersecurity research, the U.S. Semiconductor Research Hub is leading the charge in fortifying the semiconductor ecosystem. These efforts will play a crucial role in safeguarding the industry against emerging threats and securing the future of critical technologies.

Ojasvi Rana is a Junior Fellow in the U.S. Semiconductor Research Hub at the Brooks Tech Policy Institute