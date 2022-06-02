Manufacturing has become most popular target of hackers, says TXOne Networks

Bolstering operational technology (OT) security is a budding awareness among semiconductor suppliers, as the manufacturing industry has become the most popular target of hackers, according to Terence Liu, CEO of TXOne Networks.

'Threat landscape has changed'

Ten years ago, few people cared about the manufacturing industry's information security because hackers usually attacked financial and government sectors and no law pushed manufacturers to improve security, Liu said during a video interview with DIGITIMES Asia.

However, the "threat landscape" has changed, Liu said, citing a report released by IBM, which provides threat analysis and response services.

"Manufacturing replaced financial services as the top attacked industry in 2021, representing 23.2% of the attacks [IBM's] X-Force remediated last year," IBM said in the report in March. "Sixty-one percent of incidents at OT-connected organizations last year were in the manufacturing industry."

The capital flow of hackers is harder to track now when their payments are made in virtual coins, Liu said.

OT akin to IT

As manufacturers are automating more production facilities, their OT networks have become similar to IT settings, meaning the two environments are no longer fully separated as in the pre-digital era, Liu said.

In the industry 4.0 era, the seclusion of OT systems is almost untenable as more production facilities – ranging from machines, and manufacturing execution systems, to cloud servers – become interconnected. The COVID-19 pandemic has also compelled manufacturers to open internal networks for remote workers, creating more opportunities for hackers, he observed.

Hackers usually ransom manufacturers in two ways. They may steal companies' data related to clients and threaten to publish the data. Or, they may attack manufacturers' OT systems to disrupt production activities. Manufacturers would suffer more losses if they halt operations longer, Liu said.

SEMI E187 specification

On August 3, 2018, TSMC encountered attacks by computer virus, "which affected a number of computer systems and fab tools in Taiwan," according to its statement. It reported losses of about NT$2.6 billion (US$88 million) in the third quarter of the year due to the incident. Other IC designers in Taiwan have also reportedly encountered repeated attacks or data thefts over the past few years.

The incidents have forced semiconductor suppliers to face the need to fortify their security protection.

In 2021, SEMI established the Taiwan Cybersecurity Committee, which is chaired by TSMC corporate information security head James Tu. The committee later published the SEMI E187 Specification for Cybersecurity of Fab Equipment – the first information security standards initiated by Taiwan.

The committee also involves members from Applied Materials, Microsoft, UMC, ASE Group, Foxconn Technology Group, as well as cybersecurity firms TXOne and CyCraft Technology, according to SEMI Taiwan's website.

Under the E187 specification, equipment suppliers have to ensure their products are free of viruses and that their operating systems can be regularly updated, so they have to do precautionary checks before making deliveries, Liu said.

Other issues, including how foundries can better safeguard production lines and how to apply US National Institute of Standards and Technology (NIST) standards or ISA/IEC 62443 to the semiconductor industry, may be listed on the committee's agenda later, he said.

For mega-corporations that have plants across several countries, their headquarters are advised to issue top-down security guidelines for branch units while allowing each unit to have certain flexibility in execution, he said.

Even within the semiconductor industry, different sectors have diverse security requirements.

For example, the problems for chipmakers and PCB makers vary in type and scope. While high-performance PCB vendors have started deploying cybersecurity out of customer requests or their own anxiety, the lower-end PCB makers may pay more attention to wastewater disposal. Fabless IC designers are more like software suppliers, so their security problems are more like IT issues. Integrated device manufacturers (IDMs) who have both design and manufacturing facilities are exposed to multilayered risks, Liu said.

In choosing security tools, companies ought to identify what their "crown jewels" are – their most valuable parts that, once attacked, would immediately disrupt operations, Liu said.

TXOne's strengths

As a supplier of OT security solutions, TXOne's mission is to protect "computers that do not look like computers" throughout their life cycles, Liu said.

For instance, extreme ultraviolet (EUV) lithography machines do not resemble traditional computers, but they consist of many computing units that need security defenses, he said.

TXOne monitors the communications among machines and protects them from operating on wrong commands, for hackers can wreak havoc by giving misleading instructions to control units, Liu said.

Citing examples, Liu said a water treatment plant in Florida in 2021 nearly caused mass poisoning as a hacker attempted to alter its sodium hydroxide levels. An oil pipe restarted many times could lead to an explosion, he added.

TXOne was founded in 2019 as a joint venture by Trend Micro and Moxa. Its clients span various industries – semiconductors, pharmaceuticals, smart manufacturing, oil and gas infrastructure. VicOne, another subsidiary founded by Trend Micro this year, focuses on automotive security.

In 2021, TXOne completed Series A round fundraising and collected NT$660 million in total – the biggest-ever amount in the history of Taiwan's cybersecurity industry, it said.

TXOne is actively expanding its overseas business. It has established a presence in Japan, as well as Texas in the US, and the Netherlands in Europe.