More About Us

Rite-Solutions is an award-winning software development, systems engineering, information technology and learning development firm based in Middletown, RI with satellite offices in Pawcatuck, CT, Dahlgren, VA, and Washington, DC.

Connect

(401) 847-3399

1 Corporate Place, 2nd Floor
Middletown, RI 02842

News & Media

Improving Cyber Security Protection of DoD Systems

In a perfect world, all IT systems would be fully protected from cyber threats. This means that the commercial products that make up these systems would inherently, or through additional protection, be secure against cyber attacks. Unfortunately, our world is not perfect. Our world is pretty vulnerable. In addition, security risk is compounded by connecting to the Internet, which was not built with security in mind. For the Department of Defense (DoD), the increased use of commercial products and information sharing has also increased the vulnerability of DoD systems. However, there are fundamental steps that can be taken to improve the security of mission-critical DoD systems.

The Challenge of Maintaining Cyber Security Accreditation

The process of testing an IT system against a set of standards is known as certification. The formal authorization of a system based on the certification is known as accreditation. An accreditation authority is responsible for accrediting a system with an acceptable level of risk, typically measured as low, medium, or high. The system owner is responsible for managing and maintaining the accepted risk level throughout the system’s life cycle. The DoD has had a Certification and Accreditation (C&A) Process in place for many years to protect the information stored and transmitted in DoD systems. Technological advances and increased connectivity combine to make it more challenging for system owners to maintain low risk levels and, hence, maintain their accreditations.

The DoD acquisition process has, for several years, focused on speed of capability delivery. The use of Commercial-off-the-Shelf (COTS) products in system development helps to bring increased capabilities to war-fighters more quickly through a process known as Rapid COTS Insertion. The transition to COTS-based systems has helped the DoD gain superiority in many capability areas. However, the reliance on COTS means these systems are inherently flawed from a security standpoint. Furthermore, security risk increases exponentially when these systems are interconnected over commercial networks allowing exposure to a host of malicious actors.

A Life-Cycle Approach to Improving Cyber Security

The solution to this pervasive problem is increasing the attention given to security considerations at program inception. Cyber defense needs to be baked-in rather than bolted-on. Typically, system development includes design, integration, test, production, deployment, and life-cycle support phases. Cyber security considerations must be integrated into every phase of the development process to address current and future security concerns. If system security features are an afterthought, integration complexity, delivery schedule and project costs will all be dramatically impacted. The use of security guidelines must be implemented early in system development. The Defense Information Systems Agency (DISA) has developed the Security Technical Implementation Guidelines to provide guidance on securely configuring information systems and software. The National Institute of Standards (NIST) and, specifically, the Special Publication 800-37 provide guidelines for implementing the Risk Management Framework.

Yet, even the best security strategies still have their challenges. For example, development teams must be careful when managing vulnerabilities during the integration and test phases since software stability is required. A system’s software build should be stable when that system undergoes final acceptance and pre-production testing.

COTS products and a focus on net centricity are the keys to the military’s rapid deployment of advanced capabilities to the war-fighter. Yet, this has made protecting these systems from exploitation a greater challenge. Unfortunately, there is no silver-bullet solution that ensures 100% protection—cyber security is a constant battle. However, a security strategy that is implemented throughout the system life cycle can reduce vulnerability to malicious software and ensure certification and accreditation. System owners must define and maintain an acceptable level of risk on a warfare system. This means that conscientious and constantly evolving cyber security measures must be continuously practiced if net-centric systems are to remain secure as new threats evolve

Related Posts

Apr 30 2024

Rite-Solutions Awarded a $10.7 Million Task Order to Support the Development of Electronic Warfare and Electronic Support Trainers

Rite-Solutions has been awarded a five-year, $10.7 million competitive Task Order from the Naval...
Apr 04 2024

Rite-Solutions Awarded $88 Million Contract, the Largest in Company History, by the Naval Undersea Warfare Center Electromagnetic Systems Department

MIDDLETOWN, RI (April 1, 2024) — Rite-Solutions was recently awarded a contract for $88.6 million...
Apr 04 2024

Rite-Solutions Awarded $60 Million Naval Undersea Warfare Center (NUWC) Division Newport IT Services Contract

MIDDLETOWN, RI (March 18, 2024) — Rite-Solutions was recently awarded a $60.7 million, five-year...
Dec 14 2023

Dr. Martin Luther King, Jr. Community Center Receives Generous Donation From Local Defense Contractor, Rite-Solutions, Inc.

(NEWPORT, R.I. November 28, 2023): As part of their month…

Dec 14 2023

Rite-Solutions Receives HIRE Vets Medallion Award 2023

MIDDLETOWN, RI (December 4, 2023) — Rite-Solutions was recently a…

Jun 29 2023

Rite-Solutions Named Best Places to Work in Rhode Island

MIDDLETOWN, RI (June 28, 2023) — Rite-Solutions recently was named…

May 23 2023

Rite-Solutions joins ServiceNow Partner Program to Help Navy Improve IT Service Management Processes

MIDDLETOWN, RI (May 22, 2023) — Rite-Solutions today announced it…

Apr 11 2023

Rite-Solutions Receives Next-Generation Attack Submarine Navy Contract

MIDDLETOWN, RI (April 11, 2023) — Rite-Solutions has been awarded…

Nov 18 2022

Rite-Solutions Receives Three Navy Contracts Worth $68 million

MIDDLETOWN, RI (November 16, 2022) — Rite-Solutions is pleased to…

Sep 26 2022

Rite-Solutions Receives $77 Million, Five-Year, Cybersecurity Contract from US Navy

MIDDLETOWN, RI (September 26, 2022) Rite-Solutions was awarded a $77…