The TSMC computer poisoning incident in August was the largest security accident in Taiwan's history, fully exposing the fragility of factory information security behind "Industry 4.0".

Source: Content from WeChat official account Semiconductor Industry Observation (ID: icbank) Comprehensive from "Tianxia Magazine", thank you.

"This incident gives us a chance to review it well," TSMC's senior vice president of finance He Limei accepted an exclusive interview with "Tianxia". When reviewing the company's security incident that alarmed the world in early August, TSMC said that afterwards, TSMC's inspection of all security software and software such as firewalls and other security software and management systems, "must find out the problematic areas."

At that time, TSMC's production machines were infected with computer virus, causing the three major factories to shut down for up to three days, affecting the quarter's revenue of about 2%, and the loss was as high as NT$5.2 billion, which was the largest security accident in Taiwan's history.

A few weeks later, the details of the accident gradually became known to the outside world. Why does something happen if there is SOP in

?

It turns out that TSMC's on-site operators did not follow the standard operating procedures, and asked the new machine to first remove the drugs and then connect to the internal network. "There is a SOP (standard operating procedure), but the person who works on the spot misses, that's it," said Zhuang Zishou, senior director of TSMC's 300mm factory office.

The ransomware WannaCry hidden in the new computer computer immediately scans all computer hosts in the same production intranet after booting up, launches attacks on Windows 7 security vulnerability EternalBlue, and spreads and infects other factories in Taiwan.

Although the storm has quickly subsided, TSMC's computer poisoning accident has been destined to be known in history. Because this is the first large-scale factory security accident in Taiwan's science and technology history, when Taiwan's manufacturing industry shouted "Industry 4.0" and was scrambling to connect the machine stations in the factory to the Internet, the TSMC incident fully exposed the fragility of factory information security.

"Now every factory is very scared and knows that their computers are old and cannot defend against them," said Hong Weigan, general manager of Trend Technology, Taiwan and Hong Kong, Asia's largest security company and Trend Technology.

Smart cities are connected to the Internet everywhere, and the threat of security in the security industry has increased significantly. Another popular technology topic, "smart cities", is filled with surveillance cameras and sensors on the streets and connected to the Internet. These collectively referred to as "Internet of Things equipment" also have serious security threats.

was once called "Security Master" by The Economist, a professor at the Berkman Internet Social Center at Harvard Law School. In September this year, he published "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World" to deeply analyze the security attacks in the Internet of Things world.

Schnell pointed out that in the past, we always used patches to update computer systems to reduce the risk of being attacked. "This won't work on low-cost IoT devices because these manufacturers don't have a dedicated team to make patches," Schnell wrote in The New York Times.

"Tianxia" interviews Hong Weigan, general manager of Trend Technology, Taiwan and Hong Kong, to talk about how individuals and enterprises face the potential threats under Industry 4.0 and smart cities after the TSMC Security incident. The following is an interview summary:

Question: What is the difference between the security threat in the Internet of Things era and the computer era in the past?

Answer: In the past, it was a computer and laptop. Now there are mobile phones, various clouds and apps. It must be redefined to protect users. Everyone thinks that as long as the user installs antivirus software, it is good, but in fact, every layer needs to be protected.

This is the case of TSMC. Unexpectedly, the virus went inside from the internal machine and broke out from the internal one.

attacks TSMC with ransomware. WannaCry, which came out in May last year, was spread to more than 100 countries at the beginning, and more than 300,000 computers were affected. Once it comes out, there are 29 languages.Because Leshuang must show text messages to teach you how to pay, so we are ready to spread globally from the beginning so that everyone can understand how to pay ransom. It is the first self-proliferation virus.

TSMC is not alone, Boeing and Honda are also victims

Question: Is ransomware invading fabs, is this a planned attack?

Answer: They didn't want to go to a factory either. (The people who invented the ransomware) Their purpose is to ask for money. However, if the virus is spilled in, the factory will not pay the ransom, because after being infected with the virus, the virus will encrypt and lock the database (to extort the owner). If the information is not captured, the production line will automatically stop. So if the virus is in, it will cause losses. After

WannaCry came out, everyone realized that they used to think that the factory was not a problem, but now they know that the factory is a big problem.

In the past, the factory was not automated and there was no connection to the Internet. But after Industry 4.0, industrial Internet of Things and edge computing will be done. It was nothing in the past, but now it is all right.

TSMC is not a precedent. In 2017, Japan's Honda Motor was thrown in, and thousands of cars could not be produced. In March this year, Boeing was also affected by WannaCry and its factory was shut down.

Question: Why is the factory’s security defense so fragile?

Answer: Simply put, first, there are many factory information equipment (like computers used in offices) that are both Wintel architectures and have been used for almost 40 years. But what the factory cares about is production capacity, yield rate, and efficiency. There are also information personnel in the factory, but his job is to ensure smooth production and will not be interrupted.

equipment finally adjusted to the best production parameters, allowing you to update the operating system, and what should you do if you finally affect the yield?

Then comes the responsibility is unclear. Everyone knows that a company has a factory and an office area, and the office area is managed by IT. Can information personnel manage the factory? Usually the factory manager is in charge, so who is in charge of IT security? Every company is different.

computers can be updated in 3 years, but factory equipment cannot.

The second one is old. Computers can be replaced in three to five years, but factory production equipment is very expensive and depreciated for a long time. It can be used for five to ten years or even longer. At that time, the computer operating system was still the version from ten years ago and had not been updated. The equipment manufacturer would say that this is what I gave you. If you move, I can't guarantee it.

We can know how many machines and equipment there are in the factory, but how many computers there are? It's hard to know. Because there are many computers built in the machine now, and there are even eight computers in one machine. Which computer has any problems? It's painful to deal with.

, many of the original factory are gone (end of operation). We are still using their equipment. How to update the system? The two stuck together by

is a big problem.

Question: The factory's networking devices belong to the industrial Internet of Things. For example, if other IoT devices are used in the field of smart cities, is the risk of security so high?

Answer: As long as it is an Internet-connected device, vulnerabilities will be hacked. The problem is that the Internet of Things devices cannot even be patched. In the past, people who worked in IT knew that there were certain processes for software development, which was to avoid some vulnerabilities and know how to update them. But people who do the Internet of Things are not necessarily those who are familiar with IT.

You can imagine how people who make cars, air conditioners, and refrigerators do the Internet of Things? They have some public version chips, plus open source software, and app remote control, which become smart devices.

Is your online camera really safe?

On October 21, 2016, the largest DDOS attack ever occurred on the East Coast of the United States, with an attack traffic of 1.2 TB (megabit tuple). In the past, it was at most GB (billion-bit tuple), but this was more than a thousand times. It was directly hit by the telecommunications industry, and as a result, 75 Internet service industry operators followed suit.

This time the hacker's approach was to attack the system vulnerabilities of the surveillance camera (IP Camera), which was very large. He obtained control of hundreds of thousands of units at a time, and then used these IP Camera to attack telecom companies. (Extended reading: The big prediction of the security crisis of the Internet camera turning into a hacker paradise)

What did we think of the Internet of Things devices before? Great, just hang up.But this incident made everyone rethink. The purpose of hackers is not device, but to use device to attack others.

This is a headache because IP Camera, which has vulnerabilities, most of the IP Camera does not have the ability to patch vulnerabilities. This is also the biggest problem of the Internet of Things. It affects not only individuals, but also the infrastructure, cities and countries are exposed to danger.

Why do hackers like the Internet of Things the most?

Hackers like IoT devices because they are connected to the Internet 24 hours a day and are very fragile. They use open source or public versions, and most of them do not have a defense mechanism. Also, it is cheaper than attacking computers, and the most important thing is that no one cares about it. Suppose a hacker uses your cheap IP Camera to hit others, the current situation is the area of ​​no-cost.

There are so many things in smart cities, whether the government should take care of it is a big question. Let me give you an example. A device person told me that surveillance cameras are now sold for 1,000 yuan and are installed on the "T-Big" of the expressway. If you want to go up and repair it, the crane fee alone will be 20,000 yuan.

This is a very realistic problem. If you don’t expect the future, there will be no one or money to deal with these overwhelming equipment in the end.