This was a despicable cyber-attack exploiting the vulnerability of a supply chain. Major manufacturers should conduct a comprehensive review of their risks, including those of their business partners.
Toyota Motor Corp. suspended the operation of all 28 production lines at its 14 plants in Japan on March 1. This move was prompted by a cyber-attack on an auto parts company that is one of Toyota’s suppliers, preventing the automaker from receiving parts.
Toyota was to resume production on March 2．However, this is an extraordinary situation in which all the domestic plants of Toyota, Japan’s largest auto manufacturer, were shut down at once, interrupting the production of 13,000 units.
The fact that the cessation of supply from a single auto parts company paralyzed the entire functions can be said to have highlighted once again the dangers in automakers’ supply chains. Toyota must thoroughly investigate the incident and take all possible measures to prevent a recurrence.
The targeted firm was Kojima Industries Corp., based in Aichi Prefecture, which makes interior resin parts and other products. The company said it discovered a glitch in its computer server system on the night of Feb. 26, confirmed it had been infected with a virus, and found a threatening message. It is believed to have been a ransomware attack, in which money is demanded in exchange for restoring data.
On Feb. 27, Kojima Industries shut down its network to prevent further attacks, and the system that handles orders from and to Toyota stopped, making it difficult to deliver parts. Toyota said there have been no problems with its own system.
There has been a spate of cyber-attacks on the domestic automobile industry, including one that targeted Honda Motor Co. in 2020, resulting in production being suspended at some of Honda’s overseas factories.
There is also concern about cyber-attacks on subcontracted auto parts companies, rather than large companies such as Toyota that have highly secure systems. The importance of preparing for attacks throughout supply chains has been pointed out.
Toyota and other major companies with a wide supply network should work together with their business partners to take strong preventive measures against cyber-attacks.
Ukraine has reportedly been exposed to massive cyber-attacks during the invasion by Russia, and the Russian government is suspected of being involved in the attacks. The Japanese government, which has joined the economic sanctions against Russia, has also called on companies to take thorough safety measures in this regard.
Although it is unclear whether Russia was behind the cyber-attack on the Toyota supplier, the public and private sectors need to share information more closely and further heighten the level of alert.
The National Police Agency plans to set up a special investigation unit in April this year to deal with cross-border cyber-attacks. Detecting perpetrators will be an effective preventive measure. Investigative authorities need to do their best to uncover the whole picture of this case, including the identity of the culprit behind the cyber-attack.
— The original Japanese article appeared in The Yomiuri Shimbun on March 2, 2022.