JITter in the supply chain

Supply chain failure prompts carmaker Toyota to suspend production for at least a day

Car manufacturer Toyota has suspended production at 14 plants in Japan for at least a day in response to a “system failure” at components supplier Kojima Industries.

In a brief statement issued on Monday (February 28), Toyota confirmed the temporary shutdown, which auto industry experts estimate might lead to a 5% drop in Toyota’s monthly production or the loss of about 13,000 units:

“Due to a system failure at a domestic supplier (KOJIMA INDUSTRIES CORPORATION), we have decided to suspend the operation of 28 lines at 14 plants in Japan on Tuesday, March 1st (both 1st and 2nd shifts). We apologize to our relevant suppliers and customers for any inconvenience this may cause.”

Toyota added that it was continuing to work with its suppliers in strengthening the supply chain in order to deliver vehicles “as soon as possible”.

Just-in-time risks

Car manufacturers such as Toyota have long practiced ‘just in time’ (JIT) inventory management, where components are delivered direct to production lines rather than stockpiled. In normal times this leads to massive cost savings – but it does leave the system reliant on every single supplier fulfilling orders on time.

Kojima Industries – which supplies plastic parts and electronic components to Toyota – has reportedly suffered a cyber-attack but this remains unconfirmed.

Catch up on the latest cyber-attack news and analysis

In the absence of any hard facts, speculation about the cause and perpetrators of the attack has run rife.

On Sunday, the Japanese government joined other Western nations in excluding some Russian banks from the SWIFT payment system. It also extended $100 million in emergency aid to Ukraine, Reuters reports.

Japanese companies are not infrequent targets of cyber-attacks.

Recent international events have led some to speculate that Russia has retaliated against Japan with a cyber-attack. There’s no evidence of this and the problem could just as easily be the result of a ransomware attack for profit-motivated cybercriminals or some other reason entirely.

The Daily Swig asked Kojima Industries to comment. We’ll update this story as and when more information comes to hand.

‘Path of least resistance’

Third-party security experts described the suspected cyber-attack as an illustration of the growing importance of supply chain security.

Hank Schless, senior manager of security solutions at mobile security specialist Lookout, commented: “Both the software supply chain and the physical supply chain have frequently made headlines in the last couple of years.

“This incident exemplifies how intertwined the two are, and how a successful attack on the software supply chain can have negative effects on the output of physical goods produced,” Schless added.

Sam Curry, chief security officer at threat intel firm Cybereason, said: “Hackers long ago realised the value in attacking the supply chain, and SolarWinds and Kaseya were wake-up calls for many organizations to improve security hygiene and resiliency in the face of an onslaught of attacks. Overall, the supply chain has become the path of least resistance.”

YOU MAY ALSO LIKE Bridgestone Americas ‘disconnects’ manufacturing facilities following ‘security incident’