A computer virus has reportedly impacted the operations of global semiconductor chip manufacturer TSMC. The report is yet another reinforcement to manufacturing and supply chain IT and operational teams that data and information security must remain  a top priority. Semiconductor Chip Manufacturing
The computer virus struck multiple TSMC factories on Friday evening, infecting a number of its highly specialized chip fabricating equipment. Reports had indicated that that virus had spread among multiple chip fabrication facilities. An initial statement from the Taiwan based chip producer acknowledged the virus but indicated that the it “was not caused by a hacker.”  However, a published report today by ITPRO indicates that that TSMC has now acknowledged that this cyber-attack was a WannaCry variant, injected into internal production systems when a supplier reportedly installed infected software with running an anti-virus scan.
The virus reportedly spread within the fab manufacturer’s internal network to include production fabs in Tainan, Hsinchu, and Taichung, which then triggered a temporary shutdown of all production facilities to isolate and remove the virus. According to a company statement” “The degree of infection varied by fab. TSMC contained the problem and found a solution.”
The company’s CEO indicated in a statement surprise and shock, in that thousands of software focused tools had been installed previously, without any such incident. TSMC’s CFO indicated to Bloomberg that the company had been attacked by computer viruses on prior occasions, but this was the first time such an attack affected actual production processes.
Reports of this cyber-attack took on special significance for high-tech and consumer electronics supply chains. First, the industry is about to enter its busiest period of manufacturing output, much of it targeted for the Q4 holiday related customer fulfillment period. The second, and likely more concerning, is that TSMC is a sole source for many proprietary semiconductor processor chips including those incorporated within the Apple iPhone and Qualcomm’s voice processors.
While full production is expected to be restored sometime today, TSMC initially indicated that quarterly revenue could be impacted by as much as 3 percent. Securities analysts and industry media are further pointing to some impact to Apple’s upcoming new iPhone product launch scheduled next month.
Reader Takeaway
Once again we are compelled to remind our clients and readers to our 2018 Prediction that Cyber Risk and Information Security Needs Would Consume Supply Chain Risk and Tech Investment Considerations in 2018.
Noted in our prediction was the following:
With every passing month, the increasing frequency and sophistication of cyberattacks, some by state-sponsored players, threaten to do harm to major brands, services providers, and their customers. Many specialists in the field of cyber security are predicting that 2018 will present even more challenges for data and information breaches, and some have raised alarms that the next potential threat will reflect control of devices within physical manufacturing, utility, or transport networks.
Indeed, such occurrences and increased threats are occurring and the impacts to individual brands, customers or suppliers are spreading.  Last week, we alerted our Supply Chain Matters readers to a report indicating that global automakers trade secrets may have been exposed in a supplier’s information leak. That incident reportedly involved more than 100 companies that had interacted or performed business with a small Canadian based robotics supplier that allegedly placed the unprotected production process sensitive data on the open Internet.
TSMC is indicating that it is determined to learn from its current incident, and implement more safeguards against cyber threats, including the elimination of any possible human error via more automated systems and processes.
Our takeaway remains as originally expressed, insure that your organization, along with your supply and demand focused networks, are continually scrutinized for information security vulnerabilities or exposures. That includes holding IT vendors feet to the fire for insuring that their licensed or Cloud-based systems have the most up-to-date information and data security safeguards.
Such incidents can happen at any time and in any industry setting.
Bob Ferrari
© Copyright 2018. The Ferrari Consulting and Research Group and the Supply Chain Matters® blog. All rights reserved.