Taiwan has long been one of the most essential actors for the global semiconductor manufacturing industry, with the world’s largest and most advanced semiconductor foundry, the Taiwan Semiconductor Manufacturing Company (TSMC), and a top fabless integrated circuit (IC) design company, MediaTek. TSMC accounted for over 50% of the 2020 global semiconductor foundry market on top of being the only chipmaker that has mastered the 5nm chip production alongside its rival, South Korea’s Samsung Electronics. Recently, it was reported that Samsung is falling behind in the race for cutting-edge chips, while TSMC has been accelerating its dominance during the first quarter of 2021. All of these factors highlight the irreplaceable role played by Taiwan in global chip manufacturing and how it might continue to evolve. Since cutting-edge chips are a vital part for advanced technologies, Taiwan’s semiconductor industry has evolved into a high-stakes, geopolitical issue. Since 2020, the Covid-19 pandemic has intensified the situation. The pandemic triggered a sudden surge in demand for electronic devices, which in turn caused a global chip shortage crisis, especially in the automotive industry. As such, one thing leads to another, with the world finally realizing how dependent they have become on Taiwan’s chip manufacturing industry.

What Does this Mean for National Security, International Relations and Global Business?

Since advanced technologies’ development is highly dependent on semiconductors and the semiconductor supply chain is currently highly dependent on Taiwan, Taiwan’s semiconductor industry could heavily affect the world’s technology development, international relations, and global business. First, Taiwan’s semiconductor industry was caught in the crossfire of the US-China tech war. Since early 2020, the US government has increased the pressure on TSMC to stop providing chips for Chinese tech firms and instead produce its military-use chips in the US in order to ensure that TSMC can manufacture the high-security components free from potential Chinese interference. As such, back in May 2020, TSMC halted new orders from Chinese tech giant Huawei after the US tightened its export controls, which prohibits all non-US chip manufacturers using US chipmaking equipment, intellectual property, or design software from shipping chips to Huawei without applying for a license. On the other hand, China has also invested tons of resources, aiming to boost its own chip industry. Nevertheless, since TSMC is tilting towards the US at the moment, China has fallen behind the US in the race for semiconductor self-sufficiency.

Semiconductor self-sufficiency has also become a key factor in the national security of many developed countries, including the European Union and Japan. Last year, both France’s and Germany’s top leaders, Chancellor Angela Merkel and President Emmanuel Macron, discussed the potential for chip shortages and reached a consensus around the need to accelerate Europe’s push to develop its own chip industry. US and Japanese government were also lobbied by automakers, with Taiwan and TSMC being asked to step in, because carmakers including Volkswagen AG, Ford Motor and Toyota Motor Corp were forced to halt production and idle plants due to chip shortages. In addition to governments, tech giants – who are the world’s biggest chip buyers – also set out to establish a new lobbying group to press for government chip manufacturing subsidies. Recently, 65 major players in the semiconductor value chain, including Apple, Microsoft, Google, Intel, Nvidia and Amazon, have formed the Semiconductors in America Coalition (SIAC), aiming to bolster the US semiconductor industry. Despite all the efforts that have been made, it is very unlikely that Taiwan’s semiconductor industry will be replaced or impacted within a short period of time, especially when it comes to the most advanced, next-generation 3nm chip-making process.

Threat and Challenges in Terms of Cybersecurity

Taiwan’s semiconductor industry faces a particularly large cybersecurity challenge because one of the main cyber-threats to Taiwan is state-sponsored hacker groups, which are also known as Advanced Persistent Threats (APTs). Taiwan has a reputation for being the “sandbox,” or testing ground, for Chinese APTs. For years, TeamT5 has observed that both government units and major private firms in Taiwan have been affected by APTs likely based in the People’s Republic of China (PRC) since China has the ultimate goal of annexing Taiwan.

TeamT5’s threat intelligence team has been keeping track of APT groups in Asia Pacific for years. Based on our experience, there is one serious APT attack against Taiwanese entities per week, or two. From what we have seen:

1. Different APT groups originated from the same country are tasked with different goals and targets.
2. Since they are state-sponsored, APT groups often possess intensive resources and sophisticated levels of expertise.
3. Other than government units, APT groups mainly target the most critical industries, such as energy, manufacturing, electronics, and financial institution.
4. APT groups can remain stealthy and undetected for years.

Previously, the spear-phishing attack is one of the most common techniques used by APTs, which is triggered by highly customized emails to malware download. However, APTs are reportedly targeting supply chains at an increasing rate or even launching their attacks with ransomware, which is typically used by money-driven cybercriminals.
 

Supply Chain Attacks

High tech enterprises have the capacity to spend a great amount of money in cyber defense, yet not every equipment manufacturer and materials supplier can have the same amount of resources or defense mechanisms. Thus, the upstream and downstream parts of the semiconductor supply chain become the entry-point of penetration that will be targeted by the threat actors. Furthermore, semiconductor foundries operate 24/7 to meet fabrication needs. If the threat actors managed to disrupt any manufacturing equipment, computer systems, or other critical parts of the production process, they can have a severe impact on the foundry’s output no matter how indirect or little the disturbance is.

Nowadays, supply chain attacks have become more common, more frequent, and more destructive. In recent years, there have been numerous supply chain attacks against electronics makers and critical infrastructure, putting national interests at stake and further elevating the issue into de facto cyberwarfare. The most recent and most severe supply chain attack was the 2020 SolarWinds Intrusion, where the threat actors compromised the popular monitoring and management platform Orion before distributing trojanized updates to the software's users. It is estimated that the attack impacted over 200 organizations. The US government and security vendors helping the investigation reached the consensus that it was a state-sponsored supply chain attack launched by a Russia-origin APT group. In response to supply chain risk, TSMC has established a cybersecurity team with SEMI (Semiconductor Equipment and Materials International) as well as the TSMC Supplier Chain Security Association (TSMC-SCSA).
 

Ransomware Attacks

Apart from supply chain attacks, Taiwan’s semiconductor industry also faces the threats posed by ransomware attacks against critical infrastructure, as the production of chips is highly dependent on energy and water supplies. For instance, the recent ransomware attack against the US Colonial Pipeline caused shortages of gasoline while panic buying impacted various manufacturing industries across the US. Although the Colonial Pipeline attack was launched by cybercriminals, there was one significant case of ransomware attack launched by an APT against critical infrastructure in Taiwan last year. In May 2020, Chinese MSS-linked APT41, which TeamT5 has been tracing for years and dubs as “Amoeba”, successfully intruded Taiwan’s state-owned energy firm, CPC Corporation. Amoeba’s attack caused a shutdown in the CPC Corp’s payment system. We believe that cyberattacks that involve both APT and ransomware will be more common in the future and, so far, there is no perfect mechanism to combat the threat.

Conclusion and Recommendations

In conclusion, Taiwan’s semiconductor industry is facing various kinds of threats in terms of cyberattacks and military coercion since it is located on an island with a complicated history and entangled relations with China. In addition, Taiwan has also been facing the worst drought in decades, worsening the already devastating chip shortage crisis. Nonetheless, when it comes to cyber defense in the semiconductor industry, it is almost impossible to stop APTs through traditional defense mechanisms such as antivirus and firewalls since APTs are evolving at a very fast pace. Therefore, cyber threat intelligence is crucial for the mitigation of possible threat actors by proactively hunting for APTs and compromises.