Hitachi Solutions Partners with C2A Security to Strengthen its Product Security Offering in Japan

Hitachi Solutions, Ltd. (Headquarters: Shinagawa, Tokyo; President: Hideji Morita) announced it has signed the first domestic sales agency agreement with C2A Security (Headquarters: Israel; Founder and President: Michael Dick), and will start offering the company’s context-driven product security orchestration platform EVSec, which automatically generates Threat Analysis and Risk Assessment (TARA) and product security lifecycle necessary for software-defined products development.

TARA is an essential activity in compliance with ISO/SAE 21434, Cyber Resilience Act (CRA), and additional regulations and standards for software-defined products. In addition, C2A Security’s context-driven product security orchestration platform, EVSec, offers multiple Modules (products) for BOM Management, Binary Scanning, Static Code Analysis (SCA), and Vulnerability Management, among others, tailored to support the efficient development and operation of products. The platform possesses templates for damage and threat scenarios, attack path analysis, and risk assessment necessary for TARA, enabling the automation of TARA activities and report generation in compliance with ISO/SAE 21434. Additionally, the holistic approach of EVSec offers increased efficiency of resources, enriching TARA with BOM information, CVE databases, asset management data, generative AI layer (AutoSynth), to dynamically update the cyber model, prioritize vulnerabilities, and manage risk.

“As industries embrace software-defined products, cybersecurity becomes a cornerstone of innovation,” commented Hitachi Solutions. “Through our partnership with C2A Security, we are enabling Japanese companies developing cyber-physical systems to meet evolving regulatory requirements and embed security into every phase of the product lifecycle.”

Hitachi Solutions will offer an automotive cybersecurity solution that includes EVSec in its lineup, providing implementation support tailored to the Japanese automotive market, contributing to the promotion of Sustainability Transformation (SX) in the smart mobility business, which supports a safer and more comfortable harmony between people and vehicles.

“Partnering with Hitachi Solutions marks an exciting milestone in our mission to empower companies with software-defined products”, commented Stephane Khelifi, VP Accounts and Customer Solutions, C2A Security. “Only recently, we announced our enterprise agreement with medical device manufacturer Elekta, serving as another testament to the extendibility of our product security platform in healthcare, medical, and CI/IoT, and now – with Hitachi Solutions. By combining our industry-leading product security orchestration platform with Hitachi Solutions’ trusted expertise and deep market presence in Japan, we’re empowering manufacturers of cyber-physical systems to properly embed security across their product lifecycle, efficiently, intelligently, and in full alignment with emerging global regulations and standards.”

Key features include:

Templates for damage and threat scenarios, attack tree analysis, and risk assessment for each component of the vehicle, such as the steering and brakes. By adjusting them according to the vehicle type, we can efficiently carry out the tasks required for TARA.
Digital Twin capabilities with the Cyber Model, to manage the components of the vehicle, and utilizing AI layer to visualize the relationships between components such as communication pathways.
Orchestration and seamless integration with related CI/CD tools, enabling smooth information sharing, facilitating the integration of security requirements with ALM tools and task management tools, vulnerability analysis through integration with SBOM, and visualization of detected vulnerabilities along with related components and attack paths.

By adding EVSec to Hitachi Solutions’ lineup of automotive cybersecurity solutions, Hitachi Solutions will be able to comprehensively support cybersecurity measures for in-vehicle software development in compliance with ISO/SAE 21434 and UN R155.

Software-defined vehicles (SDVs) have led to the expansion of in-vehicle software, which has become increasingly large and complex. In addition, communications with the outside world are also on the rise, increasing the risk of cyber-attacks from the outside. Therefore, it is important to ensure security for each component of a vehicle by properly implementing product security practices, such as TARA, SBOM, and risk management.

TARA requires a threat analysis for each component of the vehicle, identification of the risks associated with each threat, and evaluation of the danger associated with each risk, which requires collaboration between developers, security teams, and 3^rd party suppliers, through a holistic platform, like EVSec.

Careers Form

Office Administrator

More articles that might interest you:

Version Update Failure: Lessons from the SharePoint Breach on U.S. Nuclear Infrastructure

The OT Security Crisis: How Nation State Actors Are Escalating Attacks Against Critical Infrastructure

Every Component Counts: Why SBOMs Are Vital for Medical Device Cybersecurity and Compliance

Follow Us