Cyber Attack Shuts Toyota’s Japanese Plants

A cyber attack thought, to be from Russia, has forced Toyota to shut 14 of its domestic production plants as one of its major suppliers fights to recover computer systems.

While investigators have yet to confirm the source of the attack, many in the cyber-security sector say the attack is in line with Russia’s use of cyber attacks in previous military campaign such in the run up to the attack on Georgia and the annexation of the Crimea. This attack comes just after Japan joined Western allies in clamping down on Russia after it invaded Ukraine.

The news agency Reuters reports that the automaker faces losing about 13,000 cars of output, after a supplier of plastic parts and electronic components was hit by the cyber attack. Japanese Prime Minister Fumio Kishida said his government would investigate the incident and whether Russia was involved. “It is difficult to say whether this has anything to do with Russia before making thorough checks,” he told reporters.

A spokesperson at the supplier, Kojima Industries Corp, said it appeared to have been the victim of some kind of cyber attack. A spokesperson from Toyota described it as a “supplier system failure”. Some plants operated by Toyota’s affiliates Hino Motors and Daihatsu are included in the shutdown.

Toyota, which has experienced cyber attacks in the past, is a pioneer of Just-In-Time manufacturing with parts that arrive from suppliers going straight to the production line rather than being stockpiled. The latest production halt comes as the world’s biggest automaker is already tackling supply chain disruptions around the world caused by the pandemic, which has forced it and other carmakers to curb output.

Commenting on the attack, Oliver Pinson-Roxburgh, CEO at Bulletproof and, said: “Research has shown that up to 40% of cyber threats are now occurring indirectly through the supply chain. It is not enough for businesses to focus on cybersecurity for just their core corporate network. Every endpoint across an organization’s technology portfolio needs to be accounted for and protected. It also shows that more than a quarter of organizations do not patch critical vulnerabilities even though they are aware of them. This is a massive threat vector for bad actors to exploit as it can not only impact the company under attack but, as in this case, it can lead to third party suppliers becoming victims. There needs to be an urgent shift in focus so organizations are not only protecting their own assets but are actively monitoring for threats at every touchpoint they have with other organizations.”

— Paul Myles is a seasoned automotive journalist based in Europe. Follow him on Twitter @Paulmyles_

Leave a comment

Your email address will not be published. Required fields are marked *