1. Comment
  2. Comment
May 25, 2021

Don’t forget cybersecurity during the semiconductors shortage

By GlobalData Thematic Research

Present in everything from TV remotes, laptops and mobile phones, to Playstations, cars, and smart devices, semiconductors are in high demand.

The majority of chips in consumer products, such as toothbrushes and kettles, are not leading-edge, but smaller processors in smartphones and some gaming devices are. The ongoing shortage affects the latter.

When demand outstrips supply

Demand for semiconductors is eclipsing their supply, and no end is in sight. The shortage could last another two years.

The semiconductor supply chain is fragile. Long lead times are a product of the expensive fabrication plants (knowns as foundries or fabs) which cost $10-20bn and three to five years to build. Once constructed, the ultra-clean facilities operate 24/7/365. Changing production specifications takes months, for example when migrating designs from one manufacturer to another or changing the production line to make a new chip.

Covid-19 universally disrupted supply chains. Demand for consumer electronics, including laptops and video games consoles, soared as people moved to work from home and looked for new ways of entertainment. The automotive industry’s incorrect sales forecasts complicated demand: in the early stages of the pandemic car plants scaled back their production and cancelled some of their chip orders after predicting a slowing in sales due to Covid-19.

Chip foundries therefore reassigned their production capacity to companies making other chip-containing devices. When the automotive industry tried to ramp up its chip orders again after a faster than anticipated bounce-back, it was stymied by long lead times. The situation was exacerbated by a fire at a plant in Japan and a freak snowstorm in Texas.

Semiconductors in the geopolitical crosshairs

Taiwan-based TSMC is the world’s biggest chip manufacturer. Huawei was one of its largest customers until sanctions were imposed by the US. Because TSMC has US intellectual property, the US was able to prohibit it from trading with certain (Chinese) companies to prevent them from inadvertently sharing information.

There have been fears that China will invade Taiwan, but this is unlikely. However, there is the prospect of China using cyber tactics in gray zone warfare on the island nation. Traditional power relations between geopolitical regions will continue to be shaken by gray zone threats that fall short of war but include attacks by non-state actors. Critical national infrastructure and semiconductor foundries can be significantly disrupted and are vulnerable, as exemplified by the Colonial Pipeline attack in the US. Hybrid threats will drive continued governmental cybersecurity spending.

Taiwan claims that it has suffered a string of cyberattacks from the mainland since at least 2018. According to its Ministry of Foreign Affairs it suffered a 40-fold increase in cyberattacks in 2020 compared to 2018, with the attacks most likely to have come from the Chinese mainland.

Most of TSMC’s vital data is stored in Taiwan, meaning it is vulnerable to a targeted cyberattack. Effective defensive security will be critical in protecting both TSMC’s operations and the island’s cybersecurity. It is no stretch of the imagination to see how continuing cyberattacks on TSMC could further undermine and completely disrupt both the company and the entire global semiconductor supply chain.