Protecting the Automotive Supply Chain: Strengthening Factory Security Starting with MUSHIKAGO’s “Automated IT Asset Visibility”
Aisin Fukui Corporation
1. Background: Supply Chain Security Requirements Surrounding the Automotive Industry
As the automotive industry undergoes a transformation toward mobility services, the use of IT has led to a growing volume of data being handled. In this environment, protecting the supply chain from risks such as information leakage and production stoppages caused by cyberattacks has become a critical issue.
As a result, industry-wide risk management and security measures are gaining importance, and compliance with the cybersecurity guidelines established by JAMA/JAPIA (Japan Automobile Manufacturers Association / Japan Auto Parts Industries Association) is being promoted.
At Aisin Fukui Co., Ltd. as well, efforts to strengthen factory security had been increasing year by year in order to fulfill its social responsibility of ensuring a stable supply of automotive parts.
2. Challenges: Asset Management Across a Vast Factory Site
To promote security measures in increasingly digitalized manufacturing environments, it is essential first to maintain an accurate inventory of what is connected and where on the network. However, on large factory sites with extensive production activities, Aisin Fukui faced the following challenges:
Production equipment in factories often contains embedded control PCs and communication modules, yet many of these assets are difficult to recognize as IT devices based on appearance alone. In some cases, even the personnel responsible for introducing and operating the equipment did not have a full grasp of them, making it even more difficult for IT staff to investigate and identify everything.
・Invisible IT Assets
Factory production equipment often contains embedded control PCs and communication modules, but many such assets are not easily identifiable as IT devices from their outward appearance.
Even those in charge of installing and operating the equipment may not fully understand what is inside, making it especially challenging for IT staff to investigate and capture everything.
Examples of IT assets hidden within manufacturing equipment
・Large-Scale Investigation and Assessment Beyond Human Capability
A vast factory site contains a large number of production facilities spread across the premises. In Aisin Fukui’s case, the scale exceeded several thousand IP addresses.
In addition, in order to appropriately manage security risks and respond to discovered issues, it was necessary to maintain more detailed information on each IT asset, such as OS type, version, and service type, as well as conduct in-depth vulnerability assessments.*1 Carrying out work of this scale manually or semi-manually on a continuous basis was approaching its limits.
・Constantly Changing Factory Environment and the Burden of Updating Information
In factories, production equipment is relocated or updated on an irregular basis. Keeping the asset inventory continuously up to date in line with these changes was difficult.
Furthermore, when implementing large-scale security measures, a method was also needed to manage work progress in real time. It was clear that conventional periodic inventory checks were no longer sufficient.
3. Why MUSHIKAGO Was Chosen: A Balance of Ease of Deployment and Functionality
Among the many available tools, MUSHIKAGO was selected because of its agentless*2 scanning capability, which automatically identifies assets on the network simply by being installed, without affecting factory operations.
Aisin Fukui Co., Ltd.
Mr. Shimada, Group Manager, DX Promotion Group, Corporate Planning Department
“In the fiercely competitive automotive industry, it is absolutely unacceptable for security measures to reduce productivity on the factory floor. In that respect, MUSHIKAGO requires no changes whatsoever to our existing production equipment. Simply by connecting it to the network, it automatically visualizes the latest status of our IT assets every day. This lack of impact on the production floor and this immediacy were exactly what we needed, and MUSHIKAGO fully met our stringent requirements.”
4. Results of Implementation: Real-Time Understanding of IT Asset Changes Through Daily Automation
The introduction of MUSHIKAGO delivered the following benefits for Aisin Fukui’s cybersecurity initiatives:
・Visualizing All Assets Every Day
By automatically identifying all of the factory’s “invisible IT assets,” MUSHIKAGO enabled Aisin Fukui to accurately understand all IT assets across the factory. This became an essential foundation for implementing security measures.
・Achieving Both Scalability and Cost Efficiency
Aisin Fukui became able to manage and assess IT assets across its vast factory environment at low cost without increasing headcount. This helps maintain the competitiveness of Aisin Fukui’s products.
・Always Up-to-Date Information
Because MUSHIKAGO continuously scans the network, Aisin Fukui is now able to maintain an up-to-date list of IT assets and their vulnerabilities at all times. This capability also proved useful in tracking the progress of Aisin Fukui’s network security initiatives.
5. Future Outlook: Turning Security into Competitive Strength
Following the use of MUSHIKAGO for IT asset visibility and vulnerability assessment, Aisin Fukui plans to move forward with even more advanced security measures through penetration testing*3.
MUSHIKAGO is a solution that provides end-to-end capabilities, from IT asset visibility to vulnerability assessment and penetration testing. Together with Aisin Fukui, it will continue to support cybersecurity measures in the automotive industry.
Aisin Fukui Co., Ltd.
Mr. Michizeki, General Manager, Corporate Planning Department
“As a company responsible for part of the automotive supply chain, we recognize that cybersecurity is now part of quality itself. Going forward, we will make full use of AAA to further strengthen the protection of our manufacturing sites and contribute to the development of the automotive industry as a whole through the safe and reliable supply of products.”
1 Vulnerability assessment: The process of checking IT assets for configuration weaknesses or outdated software that could provide an entry point for attackers.
2 Agentless: Because there is no need to install investigation software on existing equipment, the risk of device malfunction or shutdown can be minimized.
3 Penetration test: A more practical form of verification that goes beyond identifying weaknesses by examining whether there are actual routes an attacker could use to gain access from an attacker’s perspective.
