More About Us

Rite-Solutions is an award-winning software development, systems engineering, information technology and learning development firm based in Middletown, RI with satellite offices in Pawcatuck, CT, Dahlgren, VA, and Washington, DC.

Connect

(401) 847-3399

1 Corporate Place, 2nd Floor
Middletown, RI 02842

News & Media

Improving Cyber Security Protection of DoD Systems

In a perfect world, all IT systems would be fully protected from cyber threats. This means that the commercial products that make up these systems would inherently, or through additional protection, be secure against cyber attacks. Unfortunately, our world is not perfect. Our world is pretty vulnerable. In addition, security risk is compounded by connecting to the Internet, which was not built with security in mind. For the Department of Defense (DoD), the increased use of commercial products and information sharing has also increased the vulnerability of DoD systems. However, there are fundamental steps that can be taken to improve the security of mission-critical DoD systems.

The Challenge of Maintaining Cyber Security Accreditation

The process of testing an IT system against a set of standards is known as certification. The formal authorization of a system based on the certification is known as accreditation. An accreditation authority is responsible for accrediting a system with an acceptable level of risk, typically measured as low, medium, or high. The system owner is responsible for managing and maintaining the accepted risk level throughout the system’s life cycle. The DoD has had a Certification and Accreditation (C&A) Process in place for many years to protect the information stored and transmitted in DoD systems. Technological advances and increased connectivity combine to make it more challenging for system owners to maintain low risk levels and, hence, maintain their accreditations.

The DoD acquisition process has, for several years, focused on speed of capability delivery. The use of Commercial-off-the-Shelf (COTS) products in system development helps to bring increased capabilities to war-fighters more quickly through a process known as Rapid COTS Insertion. The transition to COTS-based systems has helped the DoD gain superiority in many capability areas. However, the reliance on COTS means these systems are inherently flawed from a security standpoint. Furthermore, security risk increases exponentially when these systems are interconnected over commercial networks allowing exposure to a host of malicious actors.

A Life-Cycle Approach to Improving Cyber Security

The solution to this pervasive problem is increasing the attention given to security considerations at program inception. Cyber defense needs to be baked-in rather than bolted-on. Typically, system development includes design, integration, test, production, deployment, and life-cycle support phases. Cyber security considerations must be integrated into every phase of the development process to address current and future security concerns. If system security features are an afterthought, integration complexity, delivery schedule and project costs will all be dramatically impacted. The use of security guidelines must be implemented early in system development. The Defense Information Systems Agency (DISA) has developed the Security Technical Implementation Guidelines to provide guidance on securely configuring information systems and software. The National Institute of Standards (NIST) and, specifically, the Special Publication 800-37 provide guidelines for implementing the Risk Management Framework.

Yet, even the best security strategies still have their challenges. For example, development teams must be careful when managing vulnerabilities during the integration and test phases since software stability is required. A system’s software build should be stable when that system undergoes final acceptance and pre-production testing.

COTS products and a focus on net centricity are the keys to the military’s rapid deployment of advanced capabilities to the war-fighter. Yet, this has made protecting these systems from exploitation a greater challenge. Unfortunately, there is no silver-bullet solution that ensures 100% protection—cyber security is a constant battle. However, a security strategy that is implemented throughout the system life cycle can reduce vulnerability to malicious software and ensure certification and accreditation. System owners must define and maintain an acceptable level of risk on a warfare system. This means that conscientious and constantly evolving cyber security measures must be continuously practiced if net-centric systems are to remain secure as new threats evolve

Related Posts

Nov 07 2024

Matching Employee Contributions, Rite-Solutions Donates $20,000 to Two Community Food Banks in RI and VA

In its annual “Rite Donation” campaign, Rite-Solutions donated $10,000 each to two food banks: The...
Oct 31 2024

Rite-Solutions Receives HIRE Vets Platinum Award for Fourth Consecutive Year

Rite-Solutions, Inc. is proud to announce that it has been recognized by the U.S. Department of...
Oct 04 2024

Rite-Solutions Awarded Three-Year Cyber-Physical Systems Contract by Office of Naval Research

Rite-Solutions has been awarded a three-year contract by the Office of Naval Research for...
Sep 11 2024

Rite-Solutions Receives $39 Million Contract to Design and Develop Submarine Network Monitoring and Training Systems

Rite-Solutions has been awarded a seven-year, $39.3 million contract to perform work on two...
Sep 09 2024

Two New Technologies on Display at Defense Innovation Days 2024

At Defense Innovation Days 2024, Rite-Solutions displayed two new innovations. FINDR™ monitors...
Aug 28 2024

Rite-Solutions Receives Great Place To Work® Certification for Third Year in A Row

MIDDLETOWN, RI (August 26, 2024)—For the third year in a row, Rite-Solutions has received the...
Jul 20 2024

Rite-Solutions Promotes Jonathan Tetreault to Vice President of Contracts

MIDDLETOWN, RI (July 20, 2024)—Rite-Solutions is pleased to announce that Jonathan Tetreault, a...
Tim Smith
Jun 27 2024

Rite-Solutions Announces Tim Smith as New Business Development Lead for Department of Homeland Security

MIDDLETOWN, RI (June 26, 2024)— Rite-Solutions proudly announces that Tim Smith has joined the...
Jun 12 2024

Rite-Solutions’ New ServiceNow Application riteMaintenance™ Streamlines Maintenance Workflow, Improves Repair Time

Rite-Solutions announces that riteMaintenanceTM, the company’s ServiceNow application, is...
May 15 2024

Rite-Solutions featured in The Newport Daily News

Rite-Solutions featured in The Newport Daily News