https://tw.news.yahoo.com/台積電電腦中毒-背後真正原因全解析-052541403.html
台積電電腦中毒 背後真正原因全解析
天下雜誌
897 人追蹤
2018年11月6日 下午1:25
文/彭子珊
8月的台積電電腦中毒事件,是台灣史上最大規模資安事故,充分暴露出「工業4.0」背後,工廠資訊安全的脆弱程度。趨勢科技表示,早在台積事故之前一年,就有兩家美、日大廠因中毒而停產。
圖:劉國泰
「這個事件給我們機會好好地檢討,」台積電財務資深副總何麗梅接受《天下》專訪,回顧該公司8月初驚動全球的資安事件時表示,台積事後馬不停蹄的檢視防火牆等所有資安軟硬體及管理體制,「一定把有問題的地方找出來。」
當時,台積電生產機台感染電腦病毒,導致三大廠區機台停擺多達三天,影響當季營收約2%,損失高達52億台幣,是台灣史上最大資安事故。
事後數星期,該事故細節才逐漸為外界了解。
有SOP為何還會出事?
原來,台積現場操作人員沒有按照標準作業流程,讓新進機台先掃毒,再連上內部網路。「有SOP(標準作業程序),但現場作業的人一個閃失,就是這樣子,」台積電300mm廠務處資深處長莊子壽說。
藏身在新機台電腦裡的勒索病毒WannaCry,便在開機後立刻掃描同一生產內網裡的所有電腦主機,發動攻擊Windows 7一處安全漏洞EternalBlue,擴散感染到同屬台灣其他廠區。
雖然風波迅速平息,但台積電這次電腦中毒事故,已經註定名留青史。因為這是台灣科技史上第一宗公諸於世的大規模工廠資安事故,當台灣製造業都高喊「工業4.0」,爭相將廠內機台連上網路之際,台積事件,充分暴露工廠資訊安全的脆弱程度。
「現在每間工廠都很害怕,知道自己電腦都很老舊,沒辦法防禦,」亞洲最大資安企業、趨勢科技台灣暨香港區總經理洪偉淦說。
《天下》專訪洪偉淦,談台積資安事件之後,個人與企業如何面對工業4.0和智慧城市下的潛在威脅。以下為專訪摘要:
問:物聯網時代的資安威脅,跟過去電腦時代有什麼不同?
答:過去就是電腦、筆電,現在有手機、各種雲端和app,必須重新定義,怎麼來保護使用者。大家都認為只要用戶端來裝防毒軟體就好,但其實每一層都要保護。
台積電的案子就是這樣,沒想到病毒是從內部的機台進去裡面,從內部爆發。
攻擊台積電的是勒索病毒。去年5月出來的WannaCry,一開始就散播100多國家,30幾萬台電腦受影響。一出來就有29種語言版本。因為勒贖一定要秀出文字訊息教你怎麼付錢,所以一開始就準備好要全球擴散,讓大家都看得懂怎麼付贖金,是第一隻自我擴散的病毒。
台積電不孤單,波音、本田也都受害
問:勒索病毒入侵晶圓廠,這是計劃性的攻擊嗎?
答:他們也沒想要去打工廠。(發明勒索病毒的人)他們的目的是要錢。但是病毒灑進去,工廠不會付贖金,因為感染病毒後,病毒會將資料庫加密鎖住(以便勒索業主),抓不到資料,生產線就自動停了。所以病毒打進去,就已經造成損失。
WannaCry出來之後,大家才發現,從前以為工廠不是問題,現在才知道工廠是大問題。
過去,工廠沒有自動化,沒有連上網路。但工業4.0之後,要做工業物聯網、邊緣運算,以前沒事的,現在都有事了。
台積電不是先例,2017年日本本田汽車就被打進去,上千台車無法生產。今年3月,波音也受到WannaCry影響,工廠也停了。
問:為什麼工廠的資安防禦這麼脆弱?
答:簡單說,第一,工廠資訊設備很多(跟辦公室用的電腦一樣)都是wintel架構,用了快40年了。但工廠在意的是產能、良率、效率,廠內也有資訊人員,但他的工作,是確保生產順利不會中斷。
設備好不容易調到最好的生產參數,讓你更新作業系統,最後影響良率怎麼辦?
再來就是責任歸屬不清楚,大家都知道一家公司有工廠、辦公區,辦公區就是IT管的,資訊人員能不能管工廠?通常是廠長在管,那IT安全性是誰管,每家公司都不一樣。
電腦可以3年就更新,但工廠設備不行
第二個,就是老舊。電腦可以三到五年就換新,但工廠生產設備很貴,折舊很長,可以用五到十年甚至更久。那時候的電腦作業系統還是十年前的版本,沒有更新,設備廠商會說我給你的就是這樣,你動了我就我沒辦法保固。
我們可以知道工廠有多少機台設備,但究竟有多少台電腦?很難知道。因為現在機台裡面都內建很多電腦,甚至一個機台裡面有八台。究竟哪一台電腦出事?處理起來很痛苦。
很多甚至是原廠已經不見了(結束營運),我們還在用他們的設備,怎麼去做系統更新?
這兩個卡在一起,就是大問題。(更多內容,請見天下雜誌)
※更多精彩報導,詳見《天下雜誌》網站。
※本文由天下雜誌授權報導,未經同意禁止轉載
TSMC computer poisoning
[World Magazine]
World magazine
897 people tracked
November 6, 2018 1:25 pm
Wen / Peng Zishan
The computerized poisoning incident of TSMC in August was the largest-scale security incident in Taiwan's history, fully revealing the vulnerability of factory information security behind "Industry 4.0." Trend Micro said that two years before the Taiwan Accident, two US and Japanese factories stopped production due to poisoning.
Photo: Liu Guotai
"This incident gives us a good opportunity to review," He Limei, senior vice president of TSMC Finance, accepted an exclusive interview with "World" and recalled that the company had alerted the global security incident in early August, saying that Taiwan’s non-stop inspection of firewalls and other security Body and management system, "must find out where there is a problem."
At that time, the TSMC production machine was infected with computer viruses, causing the three major factories to stop for up to three days, affecting about 2% of the quarter's revenue and losing up to 5.2 billion Taiwan dollars. This is the biggest security accident in Taiwan's history.
A few weeks afterwards, the details of the accident gradually became known to the outside world.
Why is there an SOP?
Originally, the TSMC field operators did not follow the standard operating procedures, so that the new machine was first cleaned and then connected to the internal network. "There are SOPs (Standard Operating Procedures), but the ones who work on the site are missing, that's it," said Zhuang Zishou, senior director of TSMC's 300mm factory office.
The ransomware WannaCry, hidden in the new machine, immediately scanned all the computer hosts in the same production network and started attacking Windows 7 with a security vulnerability, EternalBlue, which spread to other factories in Taiwan.
Although the storm quickly subsided, TSMC’s computer poisoning accident was already destined to stay in the history. Because this is the first large-scale factory security incident in the history of Taiwan's science and technology, when the Taiwanese manufacturing industry shouted "Industry 4.0" and rushed to connect the factory machine to the Internet, the TSMC incident, Fully expose the vulnerability of factory information security.
"Now every factory is very scared. I know that my computer is very old and I can't defend it," said Hong Weijun, general manager of Asia's largest security company and Trend Micro Taiwan and Hong Kong.
"The World" interviewed Hong Weijun, after talking about the Taiwanese capital security incident, how individuals and enterprises face the potential threats under Industry 4.0 and smart cities. The following is a summary of the interview:
Q: What is the difference between the security threat of the Internet of Things era and the past computer era?
A: In the past, it was a computer and a laptop. Now there are mobile phones, various clouds and apps. It has to be redefined and how to protect users. Everyone thinks that as long as the client is equipped with anti-virus software, it is necessary to protect every layer.
The case of TSMC is like this. I didn't expect the virus to go inside from the internal machine and erupt from the inside.
It is the ransomware that attacks TSMC. WannaCry, which came out last May, spread more than 100 countries from the beginning, and 300,000 computers were affected. It comes in 29 languages. Because the redemption must show the text message to teach you how to pay, so the beginning is ready to spread globally, so that everyone can understand how to pay the ransom, is the first self-proliferation virus.
TSMC is not alone, Boeing and Honda are also victimized.
Q: Is the ransomware virus invading the fab, is this a planned attack?
A: They didn't want to go to the factory. (The person who invented the ransomware) Their purpose is to ask for money. But the virus spilled in, the factory will not pay the ransom, because after the virus, the virus will lock the database (to extort the owner), the data will not be caught, the production line will automatically stop. So if the virus gets in, it will already cause losses.
After WannaCry came out, everyone discovered that the factory was not a problem, and now it is known that the factory is a big problem.
In the past, the factory was not automated and was not connected to the Internet. But after Industry 4.0, it is necessary to do industrial IoT and edge computing. It’s all right now.
TSMC is not a precedent. In 2017, Honda Motors of Japan was hit in, and thousands of cars could not be produced. In March of this year, Boeing was also affected by WannaCry and the factory stopped.
Q: Why is the factory's security defense so fragile?
A: Simply put, first, many of the factory information equipment (like the office computer) are wintel architecture, which has been used for 40 years. However, the factory cares about capacity, yield and efficiency. There are also information personnel in the factory, but his job is to ensure that production will not be interrupted smoothly.
The equipment is not easy to adjust to the best production parameters, let you update the operating system, and finally affect the yield?
Then again, the responsibility is not clear. Everyone knows that a company has factories, office areas, and office areas are IT pipes. Can information personnel manage factories? Usually the director is in charge, who is the IT security, and each company is different.
The computer can be updated in 3 years, but the factory equipment is not working.
The second one is old. The computer can be renewed in three to five years, but the factory production equipment is expensive, the depreciation is very long, and it can take five to ten years or even longer. At that time, the computer operating system was still a version ten years ago. It was not updated. The equipment manufacturer would say that I gave it to you. If you move me, I can't guarantee it.
We can know how many machines are in the factory, but how many computers are there? It's hard to know. Because there are a lot of computers built into the machine, there are even eight in one machine. Which computer has an accident? It is very painful to deal with.
Many even the original factory has disappeared (ending the operation), we are still using their equipment, how to do system updates?
These two cards together are big problems. (For more, see the world magazine)
※More exciting reports, please refer to the "World Magazine" website.
※This article is authorized by Tianxia Magazine and is not allowed to reprint without consent.
台積電電腦中毒 背後真正原因全解析
天下雜誌
897 人追蹤
2018年11月6日 下午1:25
文/彭子珊
8月的台積電電腦中毒事件,是台灣史上最大規模資安事故,充分暴露出「工業4.0」背後,工廠資訊安全的脆弱程度。趨勢科技表示,早在台積事故之前一年,就有兩家美、日大廠因中毒而停產。
圖:劉國泰
「這個事件給我們機會好好地檢討,」台積電財務資深副總何麗梅接受《天下》專訪,回顧該公司8月初驚動全球的資安事件時表示,台積事後馬不停蹄的檢視防火牆等所有資安軟硬體及管理體制,「一定把有問題的地方找出來。」
當時,台積電生產機台感染電腦病毒,導致三大廠區機台停擺多達三天,影響當季營收約2%,損失高達52億台幣,是台灣史上最大資安事故。
事後數星期,該事故細節才逐漸為外界了解。
有SOP為何還會出事?
原來,台積現場操作人員沒有按照標準作業流程,讓新進機台先掃毒,再連上內部網路。「有SOP(標準作業程序),但現場作業的人一個閃失,就是這樣子,」台積電300mm廠務處資深處長莊子壽說。
藏身在新機台電腦裡的勒索病毒WannaCry,便在開機後立刻掃描同一生產內網裡的所有電腦主機,發動攻擊Windows 7一處安全漏洞EternalBlue,擴散感染到同屬台灣其他廠區。
雖然風波迅速平息,但台積電這次電腦中毒事故,已經註定名留青史。因為這是台灣科技史上第一宗公諸於世的大規模工廠資安事故,當台灣製造業都高喊「工業4.0」,爭相將廠內機台連上網路之際,台積事件,充分暴露工廠資訊安全的脆弱程度。
「現在每間工廠都很害怕,知道自己電腦都很老舊,沒辦法防禦,」亞洲最大資安企業、趨勢科技台灣暨香港區總經理洪偉淦說。
《天下》專訪洪偉淦,談台積資安事件之後,個人與企業如何面對工業4.0和智慧城市下的潛在威脅。以下為專訪摘要:
問:物聯網時代的資安威脅,跟過去電腦時代有什麼不同?
答:過去就是電腦、筆電,現在有手機、各種雲端和app,必須重新定義,怎麼來保護使用者。大家都認為只要用戶端來裝防毒軟體就好,但其實每一層都要保護。
台積電的案子就是這樣,沒想到病毒是從內部的機台進去裡面,從內部爆發。
攻擊台積電的是勒索病毒。去年5月出來的WannaCry,一開始就散播100多國家,30幾萬台電腦受影響。一出來就有29種語言版本。因為勒贖一定要秀出文字訊息教你怎麼付錢,所以一開始就準備好要全球擴散,讓大家都看得懂怎麼付贖金,是第一隻自我擴散的病毒。
台積電不孤單,波音、本田也都受害
問:勒索病毒入侵晶圓廠,這是計劃性的攻擊嗎?
答:他們也沒想要去打工廠。(發明勒索病毒的人)他們的目的是要錢。但是病毒灑進去,工廠不會付贖金,因為感染病毒後,病毒會將資料庫加密鎖住(以便勒索業主),抓不到資料,生產線就自動停了。所以病毒打進去,就已經造成損失。
WannaCry出來之後,大家才發現,從前以為工廠不是問題,現在才知道工廠是大問題。
過去,工廠沒有自動化,沒有連上網路。但工業4.0之後,要做工業物聯網、邊緣運算,以前沒事的,現在都有事了。
台積電不是先例,2017年日本本田汽車就被打進去,上千台車無法生產。今年3月,波音也受到WannaCry影響,工廠也停了。
問:為什麼工廠的資安防禦這麼脆弱?
答:簡單說,第一,工廠資訊設備很多(跟辦公室用的電腦一樣)都是wintel架構,用了快40年了。但工廠在意的是產能、良率、效率,廠內也有資訊人員,但他的工作,是確保生產順利不會中斷。
設備好不容易調到最好的生產參數,讓你更新作業系統,最後影響良率怎麼辦?
再來就是責任歸屬不清楚,大家都知道一家公司有工廠、辦公區,辦公區就是IT管的,資訊人員能不能管工廠?通常是廠長在管,那IT安全性是誰管,每家公司都不一樣。
電腦可以3年就更新,但工廠設備不行
第二個,就是老舊。電腦可以三到五年就換新,但工廠生產設備很貴,折舊很長,可以用五到十年甚至更久。那時候的電腦作業系統還是十年前的版本,沒有更新,設備廠商會說我給你的就是這樣,你動了我就我沒辦法保固。
我們可以知道工廠有多少機台設備,但究竟有多少台電腦?很難知道。因為現在機台裡面都內建很多電腦,甚至一個機台裡面有八台。究竟哪一台電腦出事?處理起來很痛苦。
很多甚至是原廠已經不見了(結束營運),我們還在用他們的設備,怎麼去做系統更新?
這兩個卡在一起,就是大問題。(更多內容,請見天下雜誌)
※更多精彩報導,詳見《天下雜誌》網站。
※本文由天下雜誌授權報導,未經同意禁止轉載
TSMC computer poisoning
[World Magazine]
World magazine
897 people tracked
November 6, 2018 1:25 pm
Wen / Peng Zishan
The computerized poisoning incident of TSMC in August was the largest-scale security incident in Taiwan's history, fully revealing the vulnerability of factory information security behind "Industry 4.0." Trend Micro said that two years before the Taiwan Accident, two US and Japanese factories stopped production due to poisoning.
Photo: Liu Guotai
"This incident gives us a good opportunity to review," He Limei, senior vice president of TSMC Finance, accepted an exclusive interview with "World" and recalled that the company had alerted the global security incident in early August, saying that Taiwan’s non-stop inspection of firewalls and other security Body and management system, "must find out where there is a problem."
At that time, the TSMC production machine was infected with computer viruses, causing the three major factories to stop for up to three days, affecting about 2% of the quarter's revenue and losing up to 5.2 billion Taiwan dollars. This is the biggest security accident in Taiwan's history.
A few weeks afterwards, the details of the accident gradually became known to the outside world.
Why is there an SOP?
Originally, the TSMC field operators did not follow the standard operating procedures, so that the new machine was first cleaned and then connected to the internal network. "There are SOPs (Standard Operating Procedures), but the ones who work on the site are missing, that's it," said Zhuang Zishou, senior director of TSMC's 300mm factory office.
The ransomware WannaCry, hidden in the new machine, immediately scanned all the computer hosts in the same production network and started attacking Windows 7 with a security vulnerability, EternalBlue, which spread to other factories in Taiwan.
Although the storm quickly subsided, TSMC’s computer poisoning accident was already destined to stay in the history. Because this is the first large-scale factory security incident in the history of Taiwan's science and technology, when the Taiwanese manufacturing industry shouted "Industry 4.0" and rushed to connect the factory machine to the Internet, the TSMC incident, Fully expose the vulnerability of factory information security.
"Now every factory is very scared. I know that my computer is very old and I can't defend it," said Hong Weijun, general manager of Asia's largest security company and Trend Micro Taiwan and Hong Kong.
"The World" interviewed Hong Weijun, after talking about the Taiwanese capital security incident, how individuals and enterprises face the potential threats under Industry 4.0 and smart cities. The following is a summary of the interview:
Q: What is the difference between the security threat of the Internet of Things era and the past computer era?
A: In the past, it was a computer and a laptop. Now there are mobile phones, various clouds and apps. It has to be redefined and how to protect users. Everyone thinks that as long as the client is equipped with anti-virus software, it is necessary to protect every layer.
The case of TSMC is like this. I didn't expect the virus to go inside from the internal machine and erupt from the inside.
It is the ransomware that attacks TSMC. WannaCry, which came out last May, spread more than 100 countries from the beginning, and 300,000 computers were affected. It comes in 29 languages. Because the redemption must show the text message to teach you how to pay, so the beginning is ready to spread globally, so that everyone can understand how to pay the ransom, is the first self-proliferation virus.
TSMC is not alone, Boeing and Honda are also victimized.
Q: Is the ransomware virus invading the fab, is this a planned attack?
A: They didn't want to go to the factory. (The person who invented the ransomware) Their purpose is to ask for money. But the virus spilled in, the factory will not pay the ransom, because after the virus, the virus will lock the database (to extort the owner), the data will not be caught, the production line will automatically stop. So if the virus gets in, it will already cause losses.
After WannaCry came out, everyone discovered that the factory was not a problem, and now it is known that the factory is a big problem.
In the past, the factory was not automated and was not connected to the Internet. But after Industry 4.0, it is necessary to do industrial IoT and edge computing. It’s all right now.
TSMC is not a precedent. In 2017, Honda Motors of Japan was hit in, and thousands of cars could not be produced. In March of this year, Boeing was also affected by WannaCry and the factory stopped.
Q: Why is the factory's security defense so fragile?
A: Simply put, first, many of the factory information equipment (like the office computer) are wintel architecture, which has been used for 40 years. However, the factory cares about capacity, yield and efficiency. There are also information personnel in the factory, but his job is to ensure that production will not be interrupted smoothly.
The equipment is not easy to adjust to the best production parameters, let you update the operating system, and finally affect the yield?
Then again, the responsibility is not clear. Everyone knows that a company has factories, office areas, and office areas are IT pipes. Can information personnel manage factories? Usually the director is in charge, who is the IT security, and each company is different.
The computer can be updated in 3 years, but the factory equipment is not working.
The second one is old. The computer can be renewed in three to five years, but the factory production equipment is expensive, the depreciation is very long, and it can take five to ten years or even longer. At that time, the computer operating system was still a version ten years ago. It was not updated. The equipment manufacturer would say that I gave it to you. If you move me, I can't guarantee it.
We can know how many machines are in the factory, but how many computers are there? It's hard to know. Because there are a lot of computers built into the machine, there are even eight in one machine. Which computer has an accident? It is very painful to deal with.
Many even the original factory has disappeared (ending the operation), we are still using their equipment, how to do system updates?
These two cards together are big problems. (For more, see the world magazine)
※More exciting reports, please refer to the "World Magazine" website.
※This article is authorized by Tianxia Magazine and is not allowed to reprint without consent.
