Why Micro-Segmentation Is Becoming the Core of Product Cybersecurity:A Unified Trend Across SEMI E187, FDA, and the EU CRA

Three major frameworks are driving this shift:

• SEMI E187 – the first and most widely adopted semiconductor equipment cybersecurity standard published by SEMI

• EU Cyber Resilience Act (CRA) – the EU cybersecurity regulation for digital-element products

• FDA Cybersecurity Guidance – the U.S. guidance for medical device cybersecurity

Although these regulations target different industries, they share a clear common requirement:

Products must control and restrict their network behavior to avoid becoming a pivot point for supply-chain attacks.

This is why Micro-Segmentation is rapidly emerging as the foundational technology for Product Cybersecurity.

A Shared Requirement Across All Three Regulations:

Devices Must Not Communicate Arbitrarily

1. SEMI E187: The Minimum Cybersecurity Baseline Before Entering a Fab

SEMI E187 requires semiconductor equipment to implement cybersecurity from the design phase and to meet a set of baseline expectations before shipment, covering domains including Network Security, OS Support, and Endpoint Protection.

Core requirement:Equipment must not become a pivot for lateral movement within a fab.

2. FDA Cybersecurity Guidance 2023 (Medical Devices)

Although not a formal regulation, the FDA guidance requires medical device manufacturers to:

• Provide an SBOM

• Perform threat modeling

• Restrict unnecessary communications

Core requirement:Communications between medical devices must be controlled and auditable.

3. EU CRA (Affecting Global IoT Manufacturers from 2025 Onward)

The EU CRA requires digital-element products—hardware or software—to incorporate cybersecurity from the design stage:

• Prevent unauthorized access

• Apply least-privilege principles

• Avoid unnecessary network behavior

Core requirement:Products must demonstrate verifiable protection of network communications before release.

Conclusion: All Three Regulations Aim to Block Lateral Movement

Lateral Movement has been defined by agencies such as CISA and the MITRE ATT&CK Framework as a critical vector for supply-chain intrusions.

Controlling communication between devices is now recognized as a fundamental layer of Product Cybersecurity.

Why Micro-Segmentation Is the Universal Answer

Core concept of Micro-Segmentation:

“Treat each device as an independent security zone, allowing it to communicate only with necessary peers.”

This design enables:

• Blocking compromised devices from infecting others

• Substantially reducing the attack surface

• Strengthening the security boundary of each device

• Supporting legacy devices that cannot run antivirus or agents

Even if one device is compromised, the impact remains isolated—preventing spread across an entire production line or medical network.

This architecture is not tied to any specific vendor; it aligns with the security principles widely encouraged by modern regulations.

Enterprise Cybersecurity vs. Product Cybersecurity

Why Micro-Segmentation Works Differently**

Micro-Segmentation spans two major security scenarios—enterprise security and product security—but their deployment conditions differ significantly.

In enterprise environments:

• Used for internal segmentation, ransomware containment, and lateral movement prevention

• Typically relies on firewalls, EDR, NAC, SDN, or agents integrated with directory services

In product environments (semiconductor tools, medical devices, industrial controllers):

• OS environments are restricted; agents cannot be installed

• Field environments often lack dedicated security engineers

• Configuration changes may affect compliance or stability

Therefore, product-side cybersecurity must not interfere with device operation.

Network-layer micro-segmentation achieves isolation, communication control, and behavioral enforcement without modifying device settings—a critical differentiator for Product Cybersecurity.

Janus Perspective:

AI-Driven Micro-Segmentation Is the Most Practical and Final Layer of Product Security**

In supporting manufacturers through SEMI E187, FDA Guidance, and CRA preparation, Janus found:

The real challenge of micro-segmentation on products is not the technology but the manpower required to maintain it.

• A single device may have 20–200 legitimate communication behaviors

• Maintenance and updates require rebuilding communication rules

• Production line changes often invalidate existing allowlists

• Manual upkeep becomes unsustainable

Janus AI-based micro-segmentation platform provides five practical advantages:

• OS-independent

• No agent installation

• No modification to device configuration

• Automated learning and continuous allowlist updates

• Adaptive behavior even after production changes

Conclusion:

The Future of Product Cybersecurity Is Device-Level Micro-Segmentation**

With SEMI E187, FDA Guidance, and CRA all requiring control of device communications,Micro-Segmentation is no longer optional—it has become the core capability of Product Cybersecurity.

Where allowlists once required manual operation, AI now enables real-time modeling and automated enforcement.

This is the mission of Janus netKeeper:

Transform Product Cybersecurity from manual effort into a measurable, verifiable, and autonomously maintained architecture.

As Taiwan leads globally in semiconductors, AI infrastructure, smart manufacturing, and smart healthcare,Janus will help local and global supply chains gain technological leadership in the next era of Product Cybersecurity.