ROCKVILLE – The National Security Agency recently named seven companies as accredited Cyber Incident Response providers. Two of these companies, Lockheed Martin and Maddrix, are based in Maryland.
“Maryland is the global epicenter of cybersecurity, leading the way in finding cyber tech solutions that make our nation safer and Maryland’s economy stronger,” Sen. Barbara Mikulski said. “With Maryland’s leading federal assets and dynamic private sector, America’s cyber defense starts in Maryland.”
Lockheed Martin is an aerospace and global security company headquartered in Bethesda with 113,000 employees worldwide, according to a press release. According to a press release, Maddrix is a startup firm based in Baltimore that is focused on “helping government and private sector organizations proactively identify targeted attacks.”
“Serving as one of the first participants for the NSA’s newest incident response initiative and receiving accreditation validates our capabilities and further solidifies our role as an industry leader in the cyber security business,” said Chandra McMahon, vice president of commercial markets for Lockheed Martin’s Information Systems & Global Solutions. “Our Intelligence Driven Defense approach to securing networks, coupled with our extensive experience protecting .mil, .gov, and .com domains, enabled us to meet the rigorous evaluation criteria set forth in this program.”
The NSA’s accreditation was based on a company’s ability to meet 21 focus areas of Cyber Incident Response Assistance (CIRA). These areas included a commitment by the company to maintain its CIRA capabilities, documentation of the company’s past performance in at least three instances of assisting clients in cyber incidents and a training plan to keep technical and management staff up to date on the company’s cyber response policies, according to the NSA’s Accreditation Instruction Manual.
“In addition to traditional espionage activities, many foreign governments use their intelligence services and military cyber warfare units to conduct large-scale industrial espionage against western private-sector organizations and destructive attacks against critical infrastructure. The benefits of industrial espionage and destructive attacks far outweigh the risks to these countries, making targeted attacks a long-term strategic problem for the U.S. government, our nation’s critical infrastructure, and private industry,” Maddrix President Stephen Windsor said. “Having a trusted third-party like the NSA evaluate and accredit CIRA vendors helps victim organizations by providing a vetted list of vendors to choose from.”
The accredited companies are not contracted to the NSA and do not receive a contracting advantage, according to National Security Cyber Assistance Program Deputy Director Ron Lenzner.
“This is an accreditation program based on mission readiness and technical capabilities,” Lenzner said. “The companies accredited have shown that they have the ability and the processes to deliver state-of-the-art Cyber Incident Response Assistance.”
Lenzner said he could not disclose how many companies had applied for the accreditation. The accreditations are valid for a year and can be renewed through the NSA.