Guide Introducing Specific Procedures and Examples Formulated to Help Small and Medium-Sized Manufacturers Ensure the Security of Their Factories

1．Background

In recent years, the widespread adoption of IoT by factories has increasingly connected them to networks, thus exposing them to an increasing number of cyberattack risks. Even factories thought to have little connection to networks could be subject to attacks due to hacking and other methods. In addition, there have been cases where specific factories are targeted by attacks and also those in which the victim of a chance attack happens to be a factory. Any factories can thus fall victim to cyberattacks. In light of the fact that some factories have actually suffered damage due to cyberattacks inside and outside of Japan, factory cybersecurity measures need to be implemented.

Recognizing this issue, METI formulated The Cyber/Physical Security Guidelines for Factory Systems (hereinafter referred to as “the Guidelines”) in November 2022, which show the approach and procedures that help implement security measures for factory systems. This was followed by the Appendix: Key Considerations for Promoting Smartification in April 2024.

In recent years, the risk of cyberattacks via supply chains has been becoming more prevalent, including those that could also cause damage to business partners of the attacked companies. In order to protect the entire manufacturing industry from cyberattacks under these circumstances, it is necessary for all companies that comprise supply chains to implement security measures regardless of factory size. 

Against this backdrop, METI formulated The Cyber/Physical Security Guidelines for Factory Systems Appendix [The Importance of Factory Security and How to Start]  that mainly targets management teams of small and medium-sized manufacturers that own factories and those in charge of factory security. This guide provides explanations about the Guidelines in an easier-to-understand manner by showing specific examples and procedures.

2．Outline of the Appendix [The Importance of Factory Security and How to Start] 

This guide introduces specific examples and procedures for anyone, even novices, to understand the importance of factory security and how to start implementing relevant security measures. The second chapter of the document lists the impact of cyberattacks on factories and actual examples of damage caused by such attacks for the intended readers, or management teams of small and medium-sized manufacturers that own factories. This chapter also provides explanations on cybersecurity measures that do not require cost. Further, the third chapter of the manual, which targets those in charge of factory security in production/IT-related departments, explains an important approach to be taken when making examinations of factory security, with actual examples of measures implemented in line with specific procedures.

Going forward, METI will conduct promotional activities to promote the use of the Guide in collaboration with related ministries, agencies and other organizations, along with other cybersecurity promotion measures for SMEs. 

It is expected that the guide will help small and medium-sized manufacturers become more aware of the importance of factory security and that it will lead to the enhancement of security across supply chains in the manufacturing industry.

Related Materials (in Japanese)

• The Cyber/Physical Security Guidelines for Factory Systems Appendix [The Importance of Factory Security and How to Start ](PDF:1,210KB)
• Awareness-raising flyer for The Cyber/Physical Security Guidelines for Factory Systems Appendix [The Importance of Factor Security and How to Start ](PDF:410KB)

Related Links

• The Cyber/Physical Security Guidelines for Factory Systems(PDF:2,289KB)
• Factory sub-working group, Working Group 1, Study Group for Industrial Security (in Japanese)

Division in Charge

Cybersecurity Division, Commerce and Information Policy Bureau