Suspected Supplier Cyber-Attack Shuts Down Toyota Plants


By Staff Writer.

A suspected cyber-attack on a key supplier has caused global car giant Toyota to suspend its Japanese car production operations. Kojima Industries Corporation, supplier of plastic parts and electronic components to Toyota, said an error was detected in its computer server system that it believed could be a cyber-attack.

The shutdown of 28 production lines across 14 Toyota plants in Japan came about because Kojima’s system could not communicate properly with Toyota or monitor production.

“This has never happened before,” Kojima spokesperson Tomohiro Takayama said on Monday. “We are not sure yet if it is a cyber-attack, but we suspect it might be one.”

There is no timeline provided as to when Kojima might resolve the issue. Meanwhile, Toyota’s daily output of 13,000 vehicles from the closed plants remains halted. Those vehicles account for around one-third of Toyota’s daily global production.

“Due to a system failure at a supplier in Japan, we have decided to suspend the operation at all 14 domestic plants”, a Toyota spokesperson said.

An early adopter and keen enthusiast of just-in-time manufacturing, cyber-attacks on Toyota’s suppliers can leave the car manufacturer vulnerable to production disruptions.

While there is some speculation a cyber-attack on Kojima could be a reprisal from Russia following Japan electing to support and participate in the current global Russian pushback, Rich Armour, CISO at Detroit-based General Motors, thinks this is not the case.

“The dark web has been quiet on this attack so far. It’s certainly possible that the Russian Government is behind the attack or one of its cyber-criminal organisations, but it looks more like a typical ransomware or other play against a target of opportunity,” he said.

“Bridgestone was also hit with a cyber-induced outage over the weekend, which raises the possibility of a coordinated attack on the industry. Right now, it’s too early to tell if the two are related.”

Also impacted by the problem at Kojima are Toyota subsidiaries Hino Motors and Daihatsu Motors. Hino Motors has confirmed two of its Japanese plants are shut down. Daihatsu has also said production at its Japanese plants are affected.

Danielle Jablanski, Security Strategist at Nozomi Networks says the suspected cyber-attack highlights the risk cyber-attacks pose to just-in-time production.

“This incident highlights a single point of failure for business interruption resulting in a loss of production,” she says. “It is also an example of a major cyber risk for ‘just-in-time’ manufacturing. Toyota has thwarted direct attacks in the past, but the difficulty in securing entire supply chains from multiple vendors is a wider and more daunting task.”

Any attack on Kojima also reflects a trend targeting supply chain links rather than a high-profile global company. If the supplier supplies more than one customer, the impact of the cyber-attack and the incentive to pay any ransom is magnified.

“Supply chain attacks are on the mind of the Federal Government, think tanks, and standards bodies,” adds Ms Jablanski. “At the same time, we see the number of suppliers for some critical hardware components across manufacturing continue to decrease. There is no easy fix to this complexity, and we will likely continue to see similar incidents.”