RD260 - Costs Associated with Mitigating Security Threats, Security Gaps, and the Data Stored on IT Systems Used by the Department of State Police – August 15, 2016

Executive Summary:
The Auditor of Public Accounts (APA), in an audit report for the fiscal years ending June 30, 2012 and June 30, 2013, identified two specific information technology deficiencies at the Virginia State Police (VSP):

1. Hardware/software/staffing related to Virginia Information Technology Agency (VITA)/Northrop Grumman (NG)

2. VSP’s reliance on legacy technologies

In an effort to address the significant security risks identified in the APA report ( http://www.apa.virginia.gov/reports/VSP_2012-13.pdf) , VSP is requesting that the Department of Planning and Budget (DPB) transfer $5 million to VSP pursuant to the Appropriation Act, Item 476 I.2 (Regular Session, 2016) This funding shall be used to address unanticipated costs associated with mitigating security threats, information technology (IT) security gaps, and the data stored on IT systems used by the Department.

VSP is a non-transformed agency with unique law enforcement and Criminal Justice Services requirements. It is mutually agreed upon between VSP and the Virginia Information Technologies Agency (VITA) that at least 80% of VSP’s total IT infrastructure is out-of-scope to the VITA/Northrop Grumman Partnership (VITA/NG), which causes VSP transformation to be untenable. As a result, after more than ten years of earnest efforts on the part of VSP and VITA, virtually no progress has been made with respect to transformation. This in/out-of-scope split support model creates extraordinary vulnerabilities for VSP, which were clearly articulated in the APA Report.