alswart - stock.adobe.com
The Taiwan Semiconductor Manufacturing Company (TSMC) – the world’s largest chip manufacturer – was forced to shut down production at the weekend after discovering a computer virus, highlighting the complex nature and security vulnerabilities of tech industry supply chains.
The company said some of its computer systems and 80% of its manufacturing tools had been infected by a virus.
TSMC blamed the infection on “misoperation during the software installation process for a new tool”, but gave no further details of the virus, according to CNN.
In the light of the infection, the company said it had “taken actions to close this security gap and further strengthen security measures”.
The plant was expected to resume normal production today (6 August), but the weekend shutdown could affect the availability of Apple’s new iPhones.
TSMC is the world’s largest producer of made-to-order chips and the main manufacturer of processors for Apple's iPhones and iPads.
However, analysts said the impact on any 12in wafer shipments will be limited because TSMC is likely to be prepared for such disruptions, according to Reuters. Apple is also expected to have some contingencies for supply-chain delays to reduce the impact on product availability.
TSMC has also said it expects any shipments delayed in the third quarter to recover in the fourth quarter, but it expects the disruption to knock 3% off its previously forecast third-quarter revenue of $8.45bn to $8.55bn, which means losses of between $254m and $257m.
The company reportedly plans to tell customers this week when they can expect to receive the delayed shipments.
The incident underlines the global nature of the technology supply chain, said Bloomberg, with companies such as Apple and Qualcomm depending on hundreds of suppliers around the world.
Read more about supply chain security
- MoD to focus on SMEs to raise supply chain cyber security.
- Business is increasingly recognising the importance of information security, but security within supply chains is still widely overlooked.
- A comprehensive security strategy must include the supply chain.
- The UK government will require IT suppliers to comply with the five security controls laid out in its Cyber Essentials Scheme.
It also highlights the vulnerability of technology supply chains and comes just a week after a US government report on cyber espionage by China, Russia and Iran warned that software supply chains are increasingly under attack.
“Foreign intelligence services – and threat actors working on their behalf – continue to represent the most persistent and pervasive cyber intelligence threat,” said the Foreign economic espionage in cyberspace report.
Software supply chain infiltration is a threat that warrants attention, the report said, noting that 2017 was a “watershed” in the reporting of software supply chain operations, with seven significant events reported in the public domain, compared with only four between 2014 and 2016.
As the number of events increases, the potential impacts also increase, the report said. “Hackers are clearly targeting software supply chains to achieve a range of potential effects, including cyber espionage, organisational disruption or demonstrable financial impact,” it said.