A computer virus over the weekend disrupted the operations of the Asian manufacturer that makes chips for the iPhone and other devices offered by top shelf high-tech companies.
The Taiwan Semiconductor Manufacturing Co. on Sunday said that a virus outbreak Friday evening affected a number of computer systems and fab tools at its facilities in Taiwan.
The incident likely will cause shipment delays and create additional costs, the company said, as well as a 3 percent reduction in revenue and a 1 percent decline in gross margins in the third quarter.
However, TSMC remained optimistic that it could catch up with lost production in the fourth quarter, and still meet its forecast of high single-digit revenue growth for the year.
The degree of infection varied by fab, but 80 percent of the company’s tools affected by the bad software were recovered by Sunday and full recovery was expected by Monday, TMSC explained.
The outbreak occurred due to a “misoperation” when a new software tool was being installed. When the tool was connected to the company’s network, the virus began to spread. However, data integrity and confidential information were not compromised by the malware, according to the company.
iPhone Delays Possible
TSMC makes the A11 processor Apple used in the iPhone X, and it has been making the company’s A12 chip for its next generation of iPhones, which are expected to roll out next month. It remains to be seen if this bump in TSMC’s production schedule will affect the availability of the new iPhones.
It’s hard to say if iPhone availability will be delayed, because TSMC hasn’t revealed which production lines the virus infected, said Kevin Krewell, principal analyst at Tirias Research, a research, analysis and advisory services firm based in Mesa, Arizona.
“My belief is that this was a transient issue and will not affect long-term production volumes,” he told BlueHillco.
It is too soon to predict how the incident may affect Apple’s new products, said Charles King, a Hayward, California-based principal analyst with Pund-IT, an advisory and consulting firm.
“While production of iPhone chips may have been impacted, whether those effects were enough to delay delivery of upcoming products is purely speculative,” he told BlueHillco.
Apple did not respond to our request to comment for this story.
Move Manufacturing Home?
American manufacturers know there are risks to making products overseas. So far, the benefits have outweighed those risks, and a few supply chain hiccups aren’t likely to induce device makers to do something drastic, such as bring manufacturing back to America.
“If we look at breaches over the last few years, suppliers in the U.S. are not more or less likely to be hacked than those overseas,” Anupam Sahai, vice president of product management at Cavirin, told BlueHillco. Cavirin is a cybersecurity risk and compliance company based in Santa Clara, California.
“Moving to the U.S. does not necessarily mean better security, but it would clearly mean the cost of mobile phones would be significantly higher,” maintained Joseph Carson, chief security scientist at Thycotic, a Washington, D.C.-based provider of privileged account management solutions.
“Then the question would be, would you pay (US)$2000 for your next iPhone if it was more secure?” he asked.
“At the end of the day,” Carson told BlueHillco, “most consumers buy ease of use and value versus security, and the industry is focused on what the consumers wants versus what they need.”
Trapped in Global Economy
There no guarantee that products built in the U.S. would be more secure than those built overseas, but there’s no getting away from using parts produced overseas, in any case.
Apple may want to manufacture in the U.S., but it still would have to deal with parts from China, noted Jack E. Gold, principal analyst at J.Gold Associates, an IT advisory company in Northborough, Massachusetts.
“Any additional security would be mitigated by the worldwide supply chain considerations necessary to build modern products,” he told BlueHillco.
Some companies are producing high-end products in the U.S., Pund-IT’s King pointed out, but that’s because of concerns over theft of intellectual property, not industrial sabotage or malware.
“Unless problems like those experienced by TSMC become more common,” he said, “I expect microprocessor and other vendors will continue to engage with offshore manufacturers like TSMC.”
Manufacturing concerns in today’s world are global, so cybersecurity concerns affect companies worldwide, explained Dirk Morris, chief product officer at Untangle, a network security provider for small and mid-sized businesses based in San Jose, California.
“This incident highlights the fact that any business that relies on software, especially Internet-connected software, could be vulnerable to cybersecurity threats,” he told BlueHillco.
Semiconductor manufacturing has been becoming centralized. For example, TSMC builds products for multiple Tier 1 vendors, including Apple, AMD, Nvidia and Qualcomm. That concentration of manufacturing can multiply the impact of incidents like this weekend’s virus attack.
“It’s becoming increasingly likely that a single event could ripple through multiple supply chains,” King said.
“It’s notable that TSMC stated that it had prepared for this eventuality, and the company appears to have things well in hand,” he added, “but that doesn’t mean that future events or actions against other suppliers won’t be more disruptive.”
The TMSC situation reinforces what old supply chain hands already know.
“Just like any industry in high tech, you need to diversify your supply chain to ensure you can continue to deliver products to your customers in the event one of your suppliers is impacted by a major service disruption,” Thycotic’s Carson advised.
What about worries that the TMSC virus could jump from the supply chain into Apple’s products?
“Consumers should not be concerned about the security of Apple products any more than usual,” Carson said.
“As an organization, Apple is usually very strict on supply chain requirements, and this issue is about supply shipments availability, rather than integrity of parts,” he said.
“Consumers should be more concerned about what Internet services they use and register for after they purchase mobile devices,” Carson added.
Only the machines making the chips, not the chips themselves, were affected, Tirias’ Krewell explained.
“There’s no way to hack an Apple chip design through changing the manufacturing machinery,” he asserted.
It appears that no data or confidential information were compromised by the virus, noted Untangle’s Morris.
“At this time, there is no reason to believe that any components TSMC manufactures will be affected,” he said. “The only downstream impact to consumers at this time is related to manufacturing delays due to the downtime caused by the incident.”