Tag Archives: cyber security

National Security Agency Accredits PLEX Solutions as NSCAP-VAS National Security Vulnerability Assessment Provider

January 31, 2017
Bethesda, MD – PLEX Solutions, a leading provider of vulnerability assessment and penetration testing services, announced that it has been accredited by the National Security Agency (NSA) as part of the inaugural class of elite Vulnerability Assessment Services (VAS) providers under the NSA’s National Security Cyber Assistance Program (NSCAP).

The NSA NSCAP mission is to address the growing concern regarding targeted network attacks across U.S. government agencies and the private sector by identifying highly qualified cyber security service providers who owners of both government and commercial systems can call upon for vulnerability assessment services.

The NSA NSCAP VAS accreditation is the new gold standard for vulnerability assessment service providers. To earn this accreditation, PLEX was evaluated in 16 vulnerability assessment functional areas including its ability to deliver state-of-the-art services, develop and maintain highly skilled staff, and keep pace with advanced threat actors through training, lessons learned, and shared situational awareness.

“Our PLEX 360° security assessment methodology is built out of our staff’s vast knowledge and experience conducting advanced cyber operations and defending against advanced, persistent cyber threat actors in both the government and private sectors. We’re very honored to have been selected by NSA in recognition of our superior performance and expertise as a vulnerability assessment provider,” said Terry Bradley, Chief Technology Officer and Director of Cyber Security Solutions at PLEX.

“We passionately care about our customers’ information security and intellectual property, and vulnerability testing is the first step to ensuring our clients mitigate the threats to their networks and information systems” said Stan Nolen, co-founder of PLEX Solutions, “this NSCAP-VAS certification is yet another proof point that we are a trusted NSA partner in cyber security and have dedicated the entirety of our firm to the relentless pursuit of achieving our clients’ missions.”

For more information on the NSCAP VAS pilot program, contact NSCAP@nsa.gov or visit NSCAP’s web site and see the accredited vendor list.

About PLEX Solutions

PLEX delivers cyber security, engineering, technical expertise and mission critical solutions to Department of Defense, Federal Civilian agencies and commercial customers. Headquartered in Bethesda, Maryland, PLEX’s expertise and commitment to quality services are critical in meeting the missions of our customers.

Contact Us

Hospital Hacks Point to Deeper Security Issues

By Terry Bradley March 30, 2016

This week’s news that MedStar Health has suffered a serious computer security incident that has forced them to “turn away patients” (https://goo.gl/j2fFhY) comes as no surprise to anyone familiar with state of network security in the medical industry. This week’s attack is just one of several high-profile incidents at major hospitals that not only threaten these providers ability to operate, but could impact the very safety of the patients they’re trying to help (see also: http://goo.gl/ocmZUp and https://goo.gl/LE45tI).

Focused for years on compliance with the privacy requirements of HIPAA, most health care providers have not even begun to address the more difficult challenges of protecting their networks and data from skilled attackers that are actively seeking to gain access to increasingly lucrative patient personal information. The recent spate of ransomware attacks, however, has shown that stealing patient information is not the only way medical providers are being attacked. Direct extortion is clearly a viable option and may be happening in conjunction with more subtle attacks that steal patient data.

What’s a health care provider to do? I’d recommend immediately allocating two new budget line items. The first pot of funds would be for a “baseline security assessment” that would determine the organization’s current cyber security posture and create roadmap of projects / investments needed to address the deficiencies the assessment is certain to reveal.

What’s the second budget line item for? It would be for buying some bitcoins, which may be needed even sooner that a security assessment can even get started.