TXOne Networks CEO Terence Liu speaks at the 2021 Hacks in Taiwan Conference. Credit: TXOne Networks
Bolstering operational know-how (OT) safety is a budding consciousness amongst semiconductor suppliers because the manufacturing trade has become the most popular target of hackers, by Terence Liu, CEO of TXOne Networks.
‘Threat panorama has modified.’
Ten years ago, few folks cared about the manufacturing trade’s data safety due to hackers usually attacking monetary and authorities sectors, and no regulation pushed producers to enhance security, Liu mentioned throughout a video interview with DIGITIMES Asia.
However, Liu mentioned the “risk panorama” has been modified, citing a report launched by IBM, which offers risk evaluation and response companies.
“Manufacturing changed monetary companies as the highest attacked trade in 2021, representing 23.2% of the assaults [IBM’s] X-Force remediated final yr,” IBM mentioned within the report in March. “Sixty-one p.c of incidents at OT-connected organizations final yr had been within the manufacturing trade.”
The capital movement of hackers is more durable to trace now when their funds are made in digital cash, Liu mentioned.
TXOne Networks to IT
As producers automate extra manufacturing amenities, their OT networks have become much like IT settings. But, as Liu mentioned, within the pre-digital period, the two environments are now not separated.
In the trade 4.0 period, the seclusion of OT methods is sort of untenable as extra manufacturing amenities – starting from machines, and manufacturing execution methods, to cloud servers – become interconnected. Moreover, the COVID-19 pandemic has compelled producers to open inside networks for distant employees, creating extra alternatives for hackers.
Hackers normally ransom producers in two methods. First, they could steal corporations’ information associated with shoppers and threaten to publish the information. Or, they might assault producers’ OT methods to disrupt manufacturing actions. Manufacturers would endure extra losses if they halt operations longer, Liu mentioned.
SEMI E187 specs
On August 3, 2018, TSMC encountered assaults by pc virus, “which affected some pc methods and fab instruments in Taiwan.” following its assertion. It reported losses of about NT$2.6 billion (US$88 million) within the third quarter of the yr as a result of the incident. Other IC designers in Taiwan have additionally reportedly encountered repeated assaults or information thefts over the previous few years.
The incidents have compelled semiconductor suppliers to face the necessity to fortify their safety.
In 2021, SEMI established the Taiwan Cybersecurity Committee, chaired by TSMC company data safety head James Tu. The committee later revealed the SEMI E187 Specification for Cybersecurity of Fab Equipment – the primary data safety requirements initiated by Taiwan.
The committee also includes members from Applied Materials, Microsoft, UMC, ASE Group, Foxconn Technology Group, and cybersecurity corporations TXOne and CyCraft Technology, following SEMI Taiwan’s website.
Under the E187 specification, tools suppliers have to ensure their merchandise is free of viruses and that their working methods will be updated. They must do precautionary checks earlier than making deliveries, Liu mentioned.
Other points, together with how foundries can safeguard manufacturing traces and methods to apply US National Institute of Standards and Technology (NIST) requirements or ISA/IEC 62443 to the semiconductor trade, could also be listed on the committee’s agenda later, he mentioned.
For mega-corporations with vegetation throughout several international locations, their headquarters are suggested to challenge top-down safety tips for department models whereas permitting every unit to have sure flexibility in execution, he mentioned.
Even inside the semiconductor trade, completely different sectors have numerous safety necessities.
For instance, the issues for chipmakers and PCB makers range in sort and scope. While high-performance PCB distributors have begun deploying cybersecurity out of buyer requests or anxiousness, the lower-end PCB makers could pay extra consideration to wastewater disposal. Fabless IC designers are like software program suppliers, so their safety issues are different, like IT points. Finally, Liu mentioned that integrated gadget producers (IDMs) who’ve each design and manufacturing amenities are uncovered to multilayered dangers.
In selecting safety instruments, corporations must determine what their “crown jewels” are – their most priceless components that, as soon as attacked, would instantly disrupt operations, Liu mentioned.
As a provider of OT safety options, TXOne’s mission is to guard “computer systems that don’t appear to be computer systems” all through their life cycles, Liu mentioned.
On occasion, excessive ultraviolet (EUV) lithography machines don’t resemble conventional computer systems. However, he mentioned that they consist of many computing models that want safety defenses.
TXOne displays the communications amongst machines and protects them from working on incorrect instructions, for hackers can wreak havoc by giving deceptive directions to regulate models, Liu mentioned.
Citing examples, Liu mentioned a water therapy plant in Florida in 2021 almost induced mass poisoning as a hacker tried to change its sodium hydroxide ranges. He added that an oil pipe restarted might result in an explosion in many instances.
The tone was based on 2019 as a three-way partnership by Trend Micro and Moxa. Its shoppers span varied industries – semiconductors, prescribed drugs, sensible manufacturing, oil, and fuel infrastructure. Vicente, one other subsidiary based by Trend Micro this yr, focuses on automotive safety.
In 2021, TXOne accomplished Series A spherical fundraising and picked up NT$660 million in whole – the biggest-ever quantity within the historical past of Taiwan’s cybersecurity trade, it mentioned.
The tone is actively increasing its abroad enterprise. It has established a presence in Japan and Texas within the US and the Netherlands in Europe.