- BlogInfoSec.com - https://www.bloginfosec.com -

Safety and the Airbag Supply Chain

It came as quite a surprise to read that Toyota, Volkswagen, Fiat Chrysler, Mitsubishi and possibly other automakers “continue to sell new vehicles with defective Takata airbags” … see Hiroko Tabuchi’s article, “Airbags with Flaws Still Used in New Cars,” on the first Business Day page of the June 2, 2016 edition of The New York Times.

An explanation for this, by Karl Brauer, senior analyst at Kelley Blue Book, is that “a tight supply of airbags worldwide means that automakers were struggling to find alternative suppliers.”

Seemingly, regulators maintain that “the newer airbags do not pose an immediate threat because it takes time for them to deteriorate.” Is this supposed to be reassuring?

I have written and presented two papers that talk to this topic. Although the first relates to information technology, and the second to natural disasters, they are both particularly relevant to this issue. The first was titled “Risks of unrecognized commonalities in information technology supply chains,” which I presented at the 2010 IEEE Homeland Security Technology Conference, and the paper was posted on IEEE Xplore at

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5654970&newsearch=true&searchWithin=%22First%20Name%22:c%20w&searchWithin=%22Last%20Name%22:axelrod [1]

The second is “The impact of major catastrophes on the global supply chain: Facility planning and inventory,” which I presented at the 2012 IEEE Homeland Security Technology Conference, and the paper was posted on IEEE Xplore at:

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6223097&newsearch=true&searchWithin=%22First%20Name%22:c%20w&searchWithin=%22Last%20Name%22:axelrod [2]

In the case of Takata airbags, it is clear that many automakers have put a huge number of eggs in one basket. This practice was also illustrated when the tsunami that hit Japan in 2011 knocked out manufacturers of key components and thereby halting production of certain vehicles for months. Such a monoculture has been discussed at length in the Infosec world with respect to the use of specific software across tens or hundreds of millions systems, which can increase the vulnerability of the entire infrastructure.

It is important to have alternative suppliers, supply-chain redundancy, inventories that anticipate potential problems, and plans to invoke alternatives. It will cost a little more in the short run, but could save considerable losses were a disastrous event to occur.