Concourse

Rhode Island

IT Status Report & Strategic Plan

February 23, 2026 · Version 2.0

Executive Summary

Governor

Dan McKee (D)

CIO

Brian Tardiff

CISO

Nathan Loura

IT Organization

Division of Enterprise Technology Strategy and Services (ETSS)

State Agencies

40

Population

1.1M

Key Strengths

  • ETSS dramatically increased project delivery in 2025, completing 114 projects (up from 46 in 2024) while handling nearly 90,000 tech support tickets and configuring 4,559 PCs -- demonstrating organizational maturity and execution capability under CDO/CIO Brian Tardiff's leadership
  • Rhode Island Zero Trust Center of Excellence (CoE) established under CISO Nathan Loura integrating people, processes, and technology in a 'never trust, always verify' cybersecurity framework -- among the most mature state-level zero trust implementations nationally
  • Comprehensive AI Action Plan released January 2026 by Governor McKee's AI Task Force (led by former Congressman Jim Langevin) with recommendations spanning education, defense, healthcare, finance, government, and small business AI adoption
  • $108.7M BEAD allocation with RFP process launched April 2025, building on successful $25M Capital Projects Fund that already improved connectivity for 16,000+ locations and leveraged $27M in private investment

Key Risks

  • RIBridges public benefits system suffered catastrophic data breach in December 2024 -- Brain Cipher ransomware group accessed system via Deloitte credentials for five months, compromising personal data of 650,000+ residents including Social Security numbers
  • RIBridges breach exposed systemic vendor oversight failures -- CrowdStrike investigation found hundreds of alerts went unnoticed and critical logs were inaccessible, raising fundamental questions about Deloitte contract management and state accountability
  • Small state IT budget (approximately $64M operating) limits ability to simultaneously invest in cybersecurity hardening, legacy modernization, cloud migration, and AI adoption
  • Post-breach legal exposure -- Attorney General considering lawsuit against Deloitte, class-action settlement proceedings, and ongoing credit monitoring obligations for 650,000+ affected residents create financial and operational distraction

Capability Areas

Capability Radar

Cybersecurity & …AI & AutomationDigital Governme…Data Management …Workforce & TalentCloud ServicesBroadband & Conn…IT Procurement &…Interoperability…Legacy Moderniza…
Rhode Island

Current IT Projects

ProjectStatusDescriptionTimeline
RIBridges Security Remediation and ModernizationIn ProgressPost-breach remediation of RIBridges public benefits system including firewall upgrades, VPN hardening, enhanced monitoring, log management improvements, and vendor security accountability measures following the December 2024 ransomware attack.2025-2027
BEAD Broadband DeploymentRFP Phase$108.7M federal broadband program to deploy or upgrade high-speed internet networks statewide. First RFP issued April 2025 with pre-bid webinar and proposal process for internet service providers across 30+ municipalities.2025-2029
Zero Trust Center of ExcellenceActiveEstablishment of enterprise-wide Zero Trust architecture under CISO Nathan Loura, integrating identity and access management, network segmentation, and continuous verification across state agencies.2024-2027
AI Action Plan ImplementationPlanningImplementation of Governor McKee's AI Task Force recommendations released January 2026, spanning education, defense, healthcare, finance, government, and small business sectors with emphasis on workforce development.2026-2028
ERP Modernization InitiativePlanningModernization of legacy enterprise resource planning systems for financial management and human resources, transitioning to cloud-based SaaS model under CIO Tardiff's technology strategy.2026-2029
Capital Projects Fund Broadband CompletionIn Progress$25M state broadband investment connecting remaining locations from initial deployment phase, having already improved service for 16,000+ locations and leveraged $27M in private sector investment.2024-2026

100-Day Strategic Plan

Quick-win initiatives for immediate impact

200-Day Strategic Plan

Strategic initiatives for sustained transformation

Sources

  1. Rhode Island Division of Enterprise Technology Strategy and Services (ETSS) (accessed 2026-02-23)
  2. ETSS 2025 Annual Report -- 114 Projects Completed (accessed 2026-02-23)
  3. Rhode Island Current: State's Technology Office More Than Doubles Completed Projects (accessed 2026-02-23)
  4. GovTech: Rhode Island CISO Brian Tardiff Will Take Over as CIO, CDO (accessed 2026-02-23)
  5. GovTech: Rhode Island Builds Zero Trust Center of Excellence (accessed 2026-02-23)
  6. Providence Journal: How RI Plans to Accelerate AI Adoption (accessed 2026-02-23)
  7. Rhode Island Current: Rhode Island Releases Roadmap for AI (accessed 2026-02-23)
  8. HIPAA Journal: Rhode Island Releases Details of RIBridges Hacking Investigation (accessed 2026-02-23)
  9. Providence Journal: Hackers Used Deloitte Credentials for RIBridges System (accessed 2026-02-23)
  10. Rhode Island Current: RIBridges Firewall Worked But Alerts Went Unnoticed (accessed 2026-02-23)
  11. Reuters: Rhode Island Hit by Data Breach as Hackers Demand Ransom (accessed 2026-02-23)
  12. Rhode Island Commerce: BEAD Program Kickoff and RFP (accessed 2026-02-23)
  13. ConnectRI Broadband Infrastructure and Digital Equity Hub (accessed 2026-02-23)
  14. RI 2030: Expanding Broadband Infrastructure and Digital Equity (accessed 2026-02-23)
  15. ETSS Cybersecurity Division and Zero Trust Strategy (accessed 2026-02-23)
  16. NASCIO 2025 State CIO Top 10 Priorities (accessed 2026-02-23)