TAIPEI — When the WannaCry virus forced the world’s biggest contract chipmaker Taiwan Semiconductor Manufacturing Co. to halt production for three days earlier this month, it sent a strong message to the industry that even the most advanced technology company is vulnerable to cyberattacks.
“The incident is a wake-up call to the whole industry,” said Leuh Fang, chairman and president of Vanguard International Semiconductor, a Taiwanese power management and display driver chip manufacturer and a TSMC affiliate. “As soon as we learned of the event, we quickly asked all our information technology specialists to come back to work on a Friday night and check all the systems and factories thoroughly.”
United Microelectronics Corp., the world’s No. 3 contract chipmaker, also recalled staff immediately after learning of the attack. TSMC was hit by a variant of WannaCry, a computer virus referred to as ransomware that blocks access until a sum of money is paid. But TSMC was not demanded to pay any ransom this time to rescue its computer systems. UMC staff spent the weekend reviewing the company’s standard operating procedures.
C.C. Wei, chief executive of TSMC, attributed the attack to his company’s negligence to detect a virus in new equipment before connecting it online, which caused it to spread to the whole production information system. The attack will erase $170 million from the company’s total revenue over the July to September quarter and reduce its margins by one percentage point.
It took almost three days before the market leader was able to resume production at all of its advanced plants including those that churn out the latest chips for new iPhones, and products for Nvidia, MediaTek, Qualcomm and Huawei’s Hisilicon Technologies.
For many industry executives, it’s still baffling how TSMC could also fall victim to WannaCry, as the company is known for its high information security. TSMC has a team of roughly 3,000 staff that work on information technology alone, according to an industry source. Many of them are dedicated to developing all kinds of artificial intelligence algorithms to analyze data and increase production efficiency.
TSMC facilities are also highly secure. Mobile internet access is blocked at all TSMC facilities. Employees use the company’s in-house phone network while visitors need to leave all electronic devices at reception and go through more than one security control.
“It’ a big shock that even a world-class player TSMC’s cutting-edge production lines could be down due to computer virus,” said Mao Ching-hao, director general at Cybersecurity Technology Institute, a unit of think tank Institute of Information Industry. “Such an incident highlights that almost all the manufacturers out there could be vulnerable.”
Mao said most of the electronic manufacturers — including TSMC — still adopt a relatively traditional way of operating their IT systems. Physically isolating internal computer networks from external ones is in itself hard to achieve.
“It’s extremely difficult to make external and internal networks completely isolated,” Mao said. “Meanwhile, the latest attacks and virus have become more customized and those new attempts often find ways to bypass firewalls.”
This virus identified in the TSMC incident is the most notorious computer ransomware that infected over one million machines worldwide after taking advantage of security loopholes in some Microsoft Windows operating systems. WannaCry and other ransomware, such as Petya and Bad Rabbit, caused a damage of $5 billion in 2017, a study by Japanese IT cybersecurity company Trend Micro showed.
The study also said that Taiwanese companies and organizations were hit by more than 10 million times by ransomware attempts in 2017. Some notable WannaCry victims included automaker Honda last June and aircraft manufacturer Boeing in March this year. UMC said thousands of attacks a day are “normal.”
Taiwan’s Ministry of Science and Technology said it set up an information sharing and analysis center last year to update the industry weekly about the latest cyberattacks and international security trends. Around 70% of major tech companies in Taiwan have joined the platform.
“We also established a 24-hour hotline in case any tech companies need our help,” said Hsueh Da-Yong, director at the ministry’s department of information services. “After the TSMC incident, we will host seven to eight extra workshops on cybersecurity for tech industry employees and managers.”
Chairman Barry Lam of Quanta Computer, a key MacBook maker and data center builder for the likes of Google and Amazon, told reporters on Aug. 8 that his company upgrades firewalls all the time to fight off more and more advanced viruses.
Liu Ke-Cheng, chairman of Advantech, the world’s leading industrial PC maker, told the Nikkei Asian Review: “There is one good thing about TSMC’s virus outbreak… It’s that nobody could later downplay the importance of information security.”