Israel based DevSecOps platform vendor, C2A Security delivers automated cybersecurity solutions for car makers and mobility companies.
C2A Security’s unique product, EVSec is an innovative cybersecurity DevOps platform that helps automotive companies manage software at scale.
The platform is primarily built to automate the compliance process for cybersecurity standards and regulations.
In its latest interaction with Aishwarya, Dvir Reznik, VP Marketing, C2A Security talked about the transforming dynamics of mobility landscape and the relevance of automation in the automotive industry.
Influx of Electric Vehicles, Smart & Connected Mobility and ADAS have reformed the automobile sector. How does C2A Security view these transforming dynamics? Mention your viewpoint.
There are three main forces pushing the automotive industry this decade, with a direct impact on its future: Software, Regulation, and Electrification.
I believe it was Marc Andreessen who coined the term ‘Software is eating up the world’, and this couldn’t be truer with vehicles – being electric, connected, ADAS-enabled, or Autonomous in the long term. Vehicles resemble computers on wheels more than ever, and car makers are already transforming to become software companies, to stay competitive, release products and features faster, and meet consumers’ demand.
The second is regulation, primarily WP.29 R155 regulation but also ISO/SAE 21434 standard, and others. The regulation, which went into effect in July 2022 in the EU, will accelerate in June 2024, making car makers liable for the security posture of their entire fleet – whether a 2023 or 2003 model.
The third force is electrification. In 2022, EV sales as a percentage of global car sales surpassed 10% for the first time, and by 2025, electric and hybrid vehicles are expected to capture 30% of the global market share, significantly impacting the global landscape in 2023 and beyond.
For car makers to stay competitive while adhering to emerging regulations and standards, they ought to build that level of trust with consumers around the in-vehicle software and services. Cybersecurity is key in building that trust, and that’s where C2A Security comes in, by empowering car makers to achieve more with less (shorter timelines).
What are C2A Security’s key offerings and do you offer customizable solutions to your clients?
C2A Security offers the only DevSecOps platform in the automotive industry, for car makers, Tier 1 suppliers, and mobility companies, as well as EV charging station suppliers. Through our fully compliant and automated DevSecOps platform, customers achieve three main goals:
- Shortening release cycles for new features and products
- Addressing the talent gap through the automation of threat analysis and risk assessment (TARA), bringing all teams – R&D, Operations and Security, to work more collaboratively, to achieve higher results.
- Reducing liability costs by automatically prioritizing security protocols and controls to address existing and emerging regulations and standards.
Our EVSec Platform includes EVSec Core and five modules: Analysis, SBOM & Vulnerability Management, Attacker, Network & Endpoint, and VSOC Analyzer.
Tell us about your notable collaborations and any unique client experience you want to mention.
Just this year, C2A Security added new top-tier mobility players to its customer and partners portfolio, such as Valeo, Marelli, NTT Data, and Segula Technologies, among others, and the EVSec Platform is already in use at several global car makers. We provide and develop the tools that companies like these then provide to their end users.
This month, C2A Security announced it has been selected by Evvo Labs, a leading IT Security company in Singapore, to expand the availability of the EVSec platform to EV Charging and mobility companies. Evvo Labs will provide C2A Security’s EVSec solution to companies in Singapore, China, Vietnam, and other countries in the APAC region.
How does your DevOps Platform tackle any malicious interference and what protective measures do your platform offer?
EVSec Platform is a cloud-agnostic solution being deployed in the customer’s environment, behind the company’s firewall and other security measures.
How does EVSec eliminate the shortage of professional cyber experts while complying with the different regulations and standards
While regulations and standards are often ‘a step behind’ technology, it’s imperative to be prepared, especially in the automotive industry, which has long product development cycles (up to 3 years or more).
A DevSecOps platform is aimed at bringing different groups within the organization together, working collaboratively on a product/project, and seeing it through production. One of our customers has hundreds of software projects in various development and production stages. And given the massive talent gap (3.4 million cybersecurity engineers in the US alone), an automated tool such as EVSec empowers car makers to achieve more with less. By using EVSec, car makers free up their cybersecurity professionals to develop new code and work on bigger projects, rather than chasing vulnerabilities. By introducing automation into the security process, EVSec can identify and address risks and vulnerabilities in real-time and ahead of time.
Where does the company see itself in the next five years and any upcoming project you are working on?
It’s an exciting time to be in the automotive industry, no doubt! I personally am loving every minute of it. In the past 6 months alone, we’ve signed big partners to our Platform, and we’re working with global car makers on various engagements. 2023-2024 is the ‘scale-up period’ considering everything we have in the pipeline. Exciting times, as I said.