Company name
Hi-lex S.p.A.
project title
Risk Assessment Activities & Enhanced Security Risk Analytics - ESRA
dimension and location
Large enterprise - Chiavari (GE)
PARTNER
aizoOn
technologies
Industrial Cyber Security
Hi-Lex Italy S.p.A., a leading company in the automotive sector, aimed to assess its cybersecurity posture, identify deviations from national and international best practices, and create a roadmap of relevant and priority actions. The analysis included policies and procedures to ensure compliance with current regulations.
The problem
This project stemmed from the need to comply with the automotive industry’s growing cybersecurity requirements. Over recent years, the sector has experienced significant technological advancements and recognized the increasing importance of addressing cybersecurity issues.
The solution
Hi-Lex Italy has always valued cybersecurity, but the sector’s complexity and pace of evolution now demand radical changes. The new project involved mapping all network-connected devices, identifying vulnerabilities, and defining a comprehensive improvement plan. This included better tools, processes, controls, and security rules.
Hi-Lex’s approach was built on an innovative platform, surpassing traditional perimeter assessment methods (based solely on interviews or documentation reviews). Instead, the initiative provided a data-driven evaluation aligned with the systems’ current state. Insights from Technical Discovery phases and interviews were processed within a multi-standard/multi-norm platform (Enhanced Security Risk Analytics). The platform incorporated hierarchical structures integrated with a “Data Oriented” layer and an Analytics module for real-time data aggregation and system-specific insights.
This approach enabled a maturity evaluation of controls based on near-real-time parameters from systems. It reduced project duration compared to traditional consulting methods and delivered precise results, relying on technically retrieved data rather than generalized interview inputs.
Technologies
aizoOn adopted a multidisciplinary cognitive method, integrating internal and external perspectives. The ESRA platform provided:
- Process Map to Applications: Immediate insights into high-impact applications.
- Asset Inventory: Real-time, accurate network system inventories.
- Infrastructure Discovery: A comprehensive, real-time IT infrastructure reconstruction integrating multiple data sources.
Traffic data and asset characteristics informed detailed risk assessments across the network.
Desired Impacts
The ESRA project significantly impacted Hi-Lex Italy by:
- Raising cybersecurity awareness across departments beyond IT.
- Updating IT security policies for greater effectiveness.
- Implementing asset management, patch management, and vulnerability assessment systems.
Benefits for the company
For years, automakers, particularly German brands (e.g., Volkswagen Group, BMW), have mandated specific cybersecurity certifications like TISAX (based on ISO 27001 and VDA ISA). The project strengthened Hi-Lex’s capability to meet these requirements, essential for participating in business opportunities and avoiding cybersecurity-related business disruptions or reputational damage.
Adopting robust cybersecurity measures not only enhances compliance but also protects critical infrastructure from attacks, ensuring uninterrupted production and mitigating risks to safety and the environment. Moreover, a secure and efficient industrial system can reduce energy waste and carbon footprint, contributing to sustainability goals.
By prioritizing cybersecurity, Hi-Lex Italy positions itself as a competitive player in the automotive sector, offering reliable and secure connected products while safeguarding customer trust and driving business opportunities.
