ECIA Updates Span Cyber Security, Conflict Minerals and ICs
To keep its members up to date on government activities and how they may affect their businesses, the Electronic Components Industry Association (ECIA) has provided an update on three legislative initiatives. All of them, of course, pertain to the semiconductor and electronics industries.The first focuses on the state of the U.S. semiconductor manufacturing and design industry, using a survey to determine the impact of foreign government investment and activities. The ECIA also highlights the European Parliament’s most recent ruling on conflict minerals to gauge its impact on the global market. Finally, the association looks at the cyber supply chain for US weapons systems.
The first update covers an ongoing survey by the U.S. Department of Commerce, Bureau of Industry and Security to generate a "defense industrial base assessment" of U.S. design and manufacturing for semiconductor products used in commercial markets and the U.S. government. The survey was sent to approximately 225 U.S. companies to gather information about IC market capabilities, competitors, customers, financial information, capital expenditures, research and development, the supply chain, trade practices, and the workforce. The data and subsequent analysis will serve to help industry representatives and government policy officials monitor trends, benchmark industry performance, and raise awareness of potential issues.
Meanwhile, the European Parliament approved its version of the "conflict minerals rule," which would require all but the smallest EU importers of conflict minerals to conduct mandatory due diligence of their suppliers. Conflict materials include cassiterite for tin, wolframite for tungsten, coltan for tantalum, gold ore, and other minerals used in consumer and industrial electronics. Such minerals exacerbate tensions in zones where they are sourced, in particular the Democratic Republic of the Congo (DRC).
Once approved by the EU Council, the rule will go into effect on January 1, 2021. Unlike the U.S. rule, the EU rule does not require downstream manufacturers, importers, and sellers of finished goods to conduct due diligence. Importer companies will be able to claim "responsible importer" status by following due diligence requirements, and each EU member country will be responsible for ensuring compliance and determining non-compliance penalties. The EU rule is inclusive to all conflict-affected and high-risk regions, not just the DRC.
The ECIA’s final update highlights the U.S. Defense Science Board’s recent publication of "Cyber Supply Chain.” The report provides recommendations to strengthen the supply chain for microelectronics in Department of Defense weapons systems. It covers practices to mitigate supply chain risks and vulnerabilities and opportunities to modify or strengthen these practices. Topics include current processes for department program protection, vulnerability detection in hardware and software, interagency activities that reduce risks, and commercial off-the-shelf vulnerabilities that have been reported and impact the security of DoD systems.
To set up alerts and receive targeted communications from the ECIA, set up a member profile at www.ecianow.org/my-ecia.