Japan Factory Security Systems

In November 2022, Japan’s Ministry of Economy, Trade and Industry (METI) published “The Physical/Cyber Guidelines for Factory Systems”. The guidelines, which outline security vulnerabilities due to increasing network connections of factory machinery and other equipment and devices, were written to elevate awareness of and provide guidance to corporate IT officials about these risks. On April 4, 2024, METI again elevated this concern by issuing an appendix entitled “Key Considerations for Promoting Smartification”. English translations of both the guidelines and appendix were subsequently issued on April 17, 2024 and are available at:  https://www.meti.go.jp/policy/netsecurity/wg1/wg1.html#factory

With the widespread network connection of factory equipment traditionally operated as stand-alone, security incidents have increased in factories across Japan. Attacks are shifting from servers to include PCs, printers, and IoT devices such as sensors and cameras. A single vulnerable device, if compromised, can open the door to attacks on entire systems and even shut down operations. For example, in 2022a supplier to a major automotive manufacturer, a tier one supplier of automotive interior, exterior, and powertrain components, was hit by a ransomware attack targeting a remotely connected device. The attack and resulting supply chain disruptions led to a prolonged disruption of operations at 14 plants across Japan and had worldwide effects.

METI’s renewed focus on supply chain security through the issuance of the appendix and English translations of the guidelines and appendix highlights opportunities for U.S. cybersecurity companies providing services to secure industrial control systems and operational technology (ICS/OT).

For more information, please contact the U.S. Commercial Service at Office.Tokyo@trade.gov.