What is HIRT (Hitachi Incident Response Team)?
HIRT (Hitachi Incident Response Team) was established in 1998 as an in-house project, and was organized to act as CSIRT (Computer Security Incident Response Team) for the Hitachi group in October 2004. Currently, HIRT acts to promote cybersecurity countermeasure activities across the entire Hitachi Group, deploying comprehensive security activities ranging from incident prevention to resolution, and further to the strengthening of resilience. Through inter-organizational and international coordination, we tackle problem-solving to contribute to the realization of a safe and secure internet society for the Hitachi Group, our customers, and society.
Concept of Activities: 3 Approaches
HIRT goes beyond mere reactive measures and promotes "incident operations" through the following three activities:
Readiness (Prevention of occurrence): We take proactive measures to prevent incidents from occurring, such as collecting and managing vulnerability information during normal times and hardening development and verification environments.
Response (Technical response): When an incident occurs, we conduct rapid investigation and analysis, as well as technical coordination, to support the avoidance and resolution of damage caused by cyberattacks.
Resilience (Strengthening adaptability and resistance): We make continuous improvements based on the analysis of threat intelligence, aiming for an organization equipped with the flexibility to maintain and recover business even in the event of an attack, thereby strengthening our resilience.
Promotion Structure: Four IRT Models
At Hitachi, to ensure the security of products, services, and internal infrastructure, HIRT/CC acts as a hub to promote activities in a structure where internal IRTs coordinate with each other.
| Name | Role and Area of Responsibility |
|---|---|
| 1. HIRT/CC (Coordination Center) | [Overall Supervision and Point of Contact] Acts as the point of contact (PoC) for external IRT organizations, such as FIRST and JPCERT/CC, and coordinates and consolidates among internal IRTs to promote vulnerability countermeasures and incident response activities for the entire Hitachi Group. |
| 2. SI vendor IRT | [Protection of customer systems] The responsible department is the SI/Service division. Based on published vulnerability information, this organization supports countermeasures and incident response to ensure the security of customer systems. |
| 3. Product vendor IRT | [Product Security] The responsible department is the Product development division. Supports vulnerability countermeasures, including investigating the impact on Hitachi products and providing remediation information (including CVE assignment and management). |
| 4. Internal user IRT | [Protection of internal infrastructure] The responsible department is the Internal infrastructure management section. Promotes vulnerability countermeasures and incident response for internal infrastructure to prevent Hitachi's internal IT environment from becoming a base for compromise or security violations. |
Global Collaboration Activities
HIRT has joined FIRST (Forum of Incident Response and Security Teams), the international CSIRT forum, as well as the Nippon CSIRT Association (NCA), building a global network based on mutual trust. In addition, in line with the "Information Security Early Warning Partnership Guidelines," we coordinate with JPCERT/CC and IPA (Information-technology Promotion Agency, Japan) to strive for the smooth distribution of vulnerability-related information and the promotion of countermeasures.
