How the semiconductor industry is grappling with cybersecurity threats
Cybersecurity has become imperative for chipmakers looking to protect their facilities and operations from rising threats. Otherwise, they are at risk of losing tens of millions of dollars from security incidents.
A single 12-inch wafer used in high-end applications — such as artificial intelligence, high performance computing, or automotive chips — can be worth upwards of $20,000. If production is interrupted during critical stages, like photolithography or plasma etching, thousands of wafers may be damaged. This can result in significant losses from wasted materials, extended downtime, delayed shipments and diminished customer confidence.
On Aug. 3, 2018, a WannaCry variant affected Taiwan Semiconductor Manufacturing Co., disrupting both computer systems and manufacturing tools at multiple facilities in Taiwan. Several fabrication plants were forced to halt production and it took three days to recover approximately 80% of the affected equipment. In a 2018 report, TSMC says the virus led to nearly $84 million in losses for the third quarter.
While some in the industry have disputed his views, TSMC's CEO C.C. Wei said at the time he didn't expect any hacking and 'this was purely our negligence.' At the time, a company spokesperson told Bank Info Security 'this tool arrived at our facility with a virus already on it.'
The key lesson from this incident extended well beyond strengthening cybersecurity through technologies and processes. It underscored how critical security guidelines and successful implementation are across the chipmaking ecosystem.
In the years that followed, semiconductor fabs systematically enhanced their cybersecurity posture through a three-stage, inside-out approach: securing operational environments, inspecting inbound devices and reinforcing supply chain cybersecurity. Further incidents have happened in the years since and the industry has made a coordinated effort, led by a consortium, to bolster its work through initiatives such as a new security standard.
A growing issue
Terence Liu, CEO of Taiwan-based cybersecurity firm TXOne Networks, has had a tough job over the past decade. As a key provider for TSMC, TXOne purpose-built its software and hardware to protect critical infrastructure in more than a dozen countries.
Initial efforts focused on safeguarding internal operations. This included protecting critical production systems through network segmentation, endpoint protection and virtual patching to reduce exposure to known vulnerabilities.
Liu said that as these internal measures matured, 'the focus expanded to securing what enters the fab environment,' adding that 'strict inspection and validation processes were established for incoming equipment and devices, particularly those introduced by employees, contractors, or integration partners.' This step helped reduce the risk of inadvertently introducing threats into highly sensitive production areas.
Sources say companies came to recognize that effective cybersecurity must extend to the broader supply chain. Suppliers are now expected to demonstrate stronger security practices. This often involves completing structured questionnaires and undergoing external vulnerability scans to validate the maturity of their internal cybersecurity controls.
At the same time, there is growing awareness that securing the semiconductor industry requires collective action across the entire value chain, including manufacturers, equipment vendors and software providers.
Several major semiconductor firms have taken the lead in forming communities under the influential organization SEMI, formerly known as the Semiconductor Equipment and Materials International. A notable example of this collaboration is the Taiwan Semiconductor Cybersecurity Committee, chaired by TSMC.
One notable outcome is the development of the SEMI E187 fab equipment cybersecurity specification. This landmark standard is tailored to the unique characteristics of semiconductor manufacturing environments, where equipment lifecycles often span decades and operational continuity is critical.
The standard has evolved into a key purchasing requirement for many leading manufacturers and is now enforced throughout their supply chains. The supply chain enforcement is real and growing, with E187 certification now a baseline expectation for OEMs supplying to global fabs.
TSMC's contract now mandates it, and official reference guides firmly embed it into procurement criteria. Certification bodies, such as Bureau Veritas and Intertek, offer formal assessment services and structured paths toward compliance. Companies such as Gallant, Control, and Delta have already qualified, signaling the existence of structured, scalable compliance paths, not just voluntary guidance.
Looking ahead
What began as a regional initiative has quickly grown into a global movement.
James Tu, TSMC's head of corporate information security, outlined a vision to extend this cybersecurity uplift across the entire global semiconductor ecosystem during a talk at Semicon West in 2023. Tu plays a key role at Semi's Taiwan Cybersecurity Committee.
'Let us work together to enhance global supply chain security by influencing our own suppliers and partnering with SEMI,' he said. Tu stressed the need to influence TSMC's suppliers, collaborate with SEMI, and support the committee's members to create a ripple effect that boosts supply chain security broadly.
This vision ultimately led to the formation of the Semiconductor Manufacturing Cybersecurity Consortium, a global group dedicated to advancing cyber resilience across the semiconductor supply chain.
SMCC aims to unite chipmakers, equipment firms, cybersecurity vendors and nonprofits to safeguard semiconductor production from rising cyber threats. Its working groups focus on building implementation frameworks, aligning with global regulations and strengthening supply chain resilience. SMCC also monitors regulations such as the European Union's Cyber Resilience Act.
In the past, each semiconductor fab required suppliers to complete its own cybersecurity questionnaire, which placed a heavy burden on suppliers who had to respond to numerous, varying assessments. SMCC consolidated expert input and developed a unified cybersecurity assessment questionnaire, serving as a standardized baseline for self-assessment and continuous improvement. This reduced the time and effort required from suppliers. SMCC also published the NIST Cybersecurity Framework 2.0 Semiconductor Profile.
During a February 2023 NIST workshop, then-Cybersecurity and Infrastructure Security Agency Director Jen Easterly applauded NIST's work to update the framework. She and CISA had been pushing for the technology community to focus on 'product safety' and 'the idea that software and hardware must be secure by design and secure by default'. She said the framework had been useful to companies seeking out a clear and actionable foundation for implementation — especially one that aligns with globally recognized best practices.
This comes as the sector still faces a wave of cyber threats, with attackers targeting critical infrastructure, intellectual property, and production systems. Advanced persistent threats, ransomware and firmware-level attacks are becoming more sophisticated, often backed by nation-state actors.
Experts say that what distinguishes the semiconductor industry in its cybersecurity transformation is the ability to combine deep technical expertise with a collaborative, long-term plan that involves shared responsibility.
While not every industry operates with the semiconductor industry's high level of complexity or automation, the principles are broadly applicable: Cybersecurity is no longer optional. It's a foundational element of operational resilience and business trust.
As TXOne Networks' Liu likes to emphasize, 'strong [operational technology] security not only protects production but also safeguards long-term competitiveness.'
Recommended Reading
Cyberattacks in manufacturing: What's driving the trend?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
8 minutes ago
- Yahoo
Are US tariffs starting to bite? Trump, in denial over rising prices, targets Fed chief Powell
Memo from the White House: inflation is 'right on track', it declared this week, citing the latest official data. Price growth is now 'very low', according to Donald Trump. The actual statistics paint a markedly different picture. Just six months after he regained power, in part by promising to rapidly reduce prices, Trump has presided over the chaotic rollout of tariffs on an array of overseas products that many have argued risk having the exact opposite effect. After a lull, the consumer price index (CPI) is back on the rise. In June, everything from fruit and washing machines to dresses and toys became more expensive. Businesses in the US and around the world have struggled to keep up with the Trump administration's erratic rollout of its aggressive trade strategy: the daily White House soap opera of warnings, threats, confusion, deadlines, delays and drama. Related: Can Trump fire Federal Reserve chair Jerome Powell? Putting to one side the steady stream of twists, cliffhangers and all-caps declarations, each episode has pushed US tariffs higher. The overall average effective tariff rate is now set to hit 20.6%, according to the non-partisan The Budget Lab at Yale, its highest level since 1910. Eventually, someone has to foot the bill. Interactive By Trump's telling, the countries he targets will be forced to pay up. But in reality, tariffs are paid by the importer – US-based companies, in this case – and often passed on. Tariffs are a burden. One way or another, the impact typically is felt along each link of the supply chain, from the initial manufacturer to the customer who buys the finished product. 'All through that chain, people will be trying not to be the ones who pick up the cost,' noted Jerome Powell, the Federal Reserve chair, at a recent press conference. 'But ultimately, the cost of the tariff has to be paid and some of it will fall on the end consumer,' added Powell. 'We know that. That's what businesses say. That's what the data says from past evidence. So we know that's coming.' The effect is not immediate, though. It might take Trump a matter of minutes to announce a tariff on Truth Social, but the full effects can take months to work their way through the economy. Interactive And so Powell, and the Fed, has waited. For seven months now, at four consecutive meetings, the US central bank's policymakers have sat on their hands and kept interest rates on hold. After dramatically raising rates to combat inflation, they want to see how prices respond to Trump's tariffs before cutting them back. It's early days. Prices are still rising, and by more than the Fed's target of 2% each year. Officials want to know if Trump's plan will make them rise faster. The evidence has so far been mixed. While consumer price growth accelerated slightly between May and June, the annual rate of wholesale price growth slipped. The Fed's latest 'beige book', a semi-quarterly report of anecdotal economic insights from across the US, also released this week, described a relatively calm business landscape, despite persisting uncertainty. Assuming Trump's announced tariffs are enforced, they will dent US economic growth by 0.1 percentage point this year and 0.3 percentage points next, according to modeling by Oxford Economics. 'The drag on the economy is predominantly tied to core inflation, which will temporarily be 0.2bps [basis points] higher than in the current baseline,' said its chief US economist, Ryan Sweet. 'Though the boost to consumer prices is modest, it still reduces growth in real disposable income and, by extension, consumer spending.' Inside the Fed's headquarters in Washington DC, Powell and his officials are patiently monitoring the data while deciding their next steps. But less than a mile away, one man is not prepared to wait. In a series of increasingly bitter attacks, Trump has publicly lambasted Powell for being 'too late' to cut rates, and claimed the Fed's inaction is costing the US economy. He has called on Powell (whom he first tapped to be Fed chair in 2017) to quit, and unnerved Wall Street by raising the prospect of firing him. Bharat Ramamurti, former deputy director of the national economic council under Joe Biden, said: 'If you replace Jay Powell with someone who is clearly doing whatever Donald Trump wants them to do, expectations about what inflation is going to do in the long run are going to spike and that's going to create a real problem for the Fed in the long term.' The supreme court signaled it views the Fed chair as legally shielded from presidential removal, describing the central bank as a 'uniquely structured, quasi-private entity' in a May ruling about two of Trump's other firings. Trump is 'highly unlikely' to fire Powell, he has asserted, before floating one reason he might have to go: a $2.5bn renovation of the Fed's buildings. 'I mean, it's possible there's fraud involved,' the president claimed. Powell has reportedly asked the central bank's inspector general to review the project. Powell is due to finish his term in May, and has stressed he will remain in post until then. Advocates of the Fed's independence insist the more important question is not whether the president can remove him before then, but if he should. 'Once you no longer have the check of the central bank, which can raise interest rates as needed to curb inflation, you really start to raise the specter of runaway costs, runaway inflation, and it makes the US economy less attractive for investors domestically and abroad,' said Ramamurti. Inflation is 'right on track', according to his administration. Economists are already concerned it is tilting off course – and Trump won't rule out taking action that critics warn would shunt it off the rails altogether.
Yahoo
9 minutes ago
- Yahoo
Milhaus opens railway-inspired apartments near Oklahoma City
This story was originally published on Multifamily Dive. To receive daily news and insights, subscribe to our free daily Multifamily Dive newsletter. Property: Oxlley Apartments Developers: Milhaus, Humphreys Capital Architect: Hufft Architects Location: Edmond, Oklahoma Units: 276 Rents: $1,225-$2,320 Cost: Withheld Shop Top Mortgage Rates Personalized rates in minutes A quicker path to financial freedom Your Path to Homeownership Nearly a decade after it opened its first project in Oklahoma City, Indianapolis-based developer Milhaus has returned with a 276-unit, garden-style property in nearby Edmond, Oklahoma, according to a press release shared with Multifamily Dive. The newly opened Oxlley Apartments, co-developed with Oklahoma City-based investor Humphreys Capital, is located in Edmond's historic downtown, offering close proximity to schools, universities, hospitals and major employers in the area. Its design is inspired by Edmond's industrial origins as a coal and water stop on the Santa Fe Railroad, according to Milhaus. These details include industrial-inspired fixtures and fluted accent walls, combined with modern geometries and bright white color palettes. The property's parking garage also features a five-story mural titled 'Prairie Crossing' by local artists Hayley Owen and Jesse Owen, depicting local wildlife. 'By blending Edmond's rich past with contemporary style, we've crafted living spaces that honor the town's golden age,' said Kara Clayton, senior regional manager at Milhaus, in the release. Units at Oxlley range from studios to three-bedroom apartments, and offer open-concept floor plans, large kitchen islands, in-unit laundry and balconies or patios in each unit. Amenities include a pool, a 24-hour fitness studio, electric vehicle charging stations, conference rooms, a dog park and a pet spa. The site is located across the street from West Hurd Park, providing green space and outdoor activity opportunities, and within walking distance of local restaurants, bars and entertainment venues. With a median single-family home listing price of $435,000 as of December 2024 — an 8.8% year-over-year increase — the Edmond housing market is increasingly competitive as its population continues to grow, according to Milhaus. The company said Oxlley will bring another housing option to the area. 'The city's continued growth and revitalization make it the perfect time and place for a thoughtfully designed community like Oxlley to thrive,' Todd Glass, head of real estate investing at Humphreys Capital, said in the release. Recommended Reading $110M Maryland development aims for NGBS-Gold certification
Yahoo
9 minutes ago
- Yahoo
Kansas City Life: Q2 Earnings Snapshot
KANSAS CITY, Mo. (AP) — KANSAS CITY, Mo. (AP) — Kansas City Life Insurance Co. (KCLI) on Friday reported a loss of $28.1 million in its second quarter. The Kansas City, Missouri-based company said it had a loss of $2.90 per share. Earnings, adjusted for non-recurring costs, were 77 cents per share. The insurance company posted revenue of $122.3 million in the period. _____ This story was generated by Automated Insights ( using data from Zacks Investment Research. Access a Zacks stock report on KCLI at Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
