Mar 11, 2022

Toyota’s production stoppage: key lessons from the suspected attack


Toyota recently halted production for at least a day at all 14 of its Japan-based plants due to a computer problem at a supplier that makes air-conditioning parts, steering wheel parts, and other components. The supplier, Kojima Industries Corp., detected an error in its computer server system that disrupted communication with Toyota and disabled its production tracking system.

“This has never happened before,” Kojima spokesman Tomohiro Takayama told the Associated Press. Tomohiro said,“We are not sure yet if it is a cyberattack, but we suspect it might be one.”

A growing trend

Supply chain attacks are becoming increasingly common in today’s world. We’ve seen the Kaseya ransomware attack and recent attacks on breweries. And we can’t write about supply chain attacks without mentioning the impact the SolarWinds hack had on the industry. 

Toyota has not disclosed details about the production stoppage, but attackers are taking notice of how important the supply chain is to the daily operations in manufacturing facilities. Hackers look at the supply chain as a gateway into manufacturing plants, like those of Toyota, and seem to be exploring ways to disrupt production and impact operations. 

Compared to more traditional endpoints in an enterprise, ensuring the safety and security of people, production lines, and operations in large manufacturing plants like Toyota’s involves a combination of unique challenges, including:

  • The critical nature of manufacturing processes themselves
  • Identifying and prioritizing potential security vulnerabilities
  • The sensitivity of OT/ICS assets.        

Kojima Industries Corp. is not alone in its lack of visibility into unusual events and suspicions of an attack. And without insights into events, whether they are cyberattacks or operational issues, organizations can’t respond quickly to prevent or limit downtime and delays.

Responding to a widening attack surface

Cyber criminals and state-sponsored attackers are looking at the entire landscape of assets (OT, IT, IoT, and IIoT) in manufacturer and supplier plants and facilities as one connected system. Manufacturing organizations need to start thinking the same way, given the potential for indirect attacks through suppliers to disrupt or derail key operational processes or even companywide production.

So, what will it take for manufacturers and their suppliers to effectively protect against unseen operational and cyber risks?

  • Comprehensive visibility into all assets with full confidence on asset data accuracy.
  • A full understanding of asset context and typical behavior, including the following details:
    • What is the asset?
    • How critical is it to the organization?
    • Where is it physically located?
    • Who owns it?
  • The ability to enforce appropriate security policies to protect your assets and operations.
  • The ability to reduce impact of security incidents by speeding up time to remediation.

How Armis can help

Armis empowers SOC teams to know and act rather than suspect and hunt. The Armis Asset Intelligence Platform discovers, classifies, and detects anomalous behavior for every OT, IT, IoT, and IIoT asset in your environment without relying on disruptive agents or scans. Teams can rely on continuous threat detection for all asset types, including rich device context that makes it easy to prioritize at-risk assets, to speed response time. And Armis accelerates remediation by leveraging existing infrastructure and tooling for policy-based or manual response to threats and operational issues.

Learn how Armis achieved 100% visibility and detection of initial access and lateral movement during the MITRE ATT&CK Evaluations for ICS by downloading the guide here. You can also schedule a 1:1 demo with one of our security experts here.

Get Updates!

Sign up to receive the latest news