[Senate Hearing 109-76]
[From the U.S. Government Publishing Office]
S. Hrg. 109-76
FEDERAL BUREAU OF INVESTIGATION'S INFORMATION TECHNOLOGY MODERNIZATION
PROGRAM, TRILOGY
=======================================================================
HEARING
before a
SUBCOMMITTEE OF THE
COMMITTEE ON APPROPRIATIONS UNITED STATES SENATE
ONE HUNDRED NINTH CONGRESS
FIRST SESSION
__________
SPECIAL HEARING
FEBRUARY 3, 2005--WASHINGTON, DC
__________
Printed for the use of the Committee on Appropriations
Available via the World Wide Web: http://www.access.gpo.gov/congress/
senate
__________
U.S. GOVERNMENT PRINTING OFFICE
20-668 WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON APPROPRIATIONS
THAD COCHRAN, Mississippi, Chairman
TED STEVENS, Alaska ROBERT C. BYRD, West Virginia
ARLEN SPECTER, Pennsylvania DANIEL K. INOUYE, Hawaii
PETE V. DOMENICI, New Mexico PATRICK J. LEAHY, Vermont
CHRISTOPHER S. BOND, Missouri TOM HARKIN, Iowa
MITCH McCONNELL, Kentucky BARBARA A. MIKULSKI, Maryland
CONRAD BURNS, Montana HARRY REID, Nevada
RICHARD C. SHELBY, Alabama HERB KOHL, Wisconsin
JUDD GREGG, New Hampshire PATTY MURRAY, Washington
ROBERT F. BENNETT, Utah BYRON L. DORGAN, North Dakota
LARRY CRAIG, Idaho DIANNE FEINSTEIN, California
KAY BAILEY HUTCHISON, Texas RICHARD J. DURBIN, Illinois
MIKE DeWINE, Ohio TIM JOHNSON, South Dakota
SAM BROWNBACK, Kansas MARY L. LANDRIEU, Louisiana
WAYNE ALLARD, Colorado
J. Keith Kennedy, Staff Director
Terrence E. Sauvain, Minority Staff Director
------
Subcommittee on Commerce, Justice, and State, the Judiciary, and
Related Agencies
JUDD GREGG, New Hampshire, Chairman
TED STEVENS, Alaska ----------
PETE V. DOMENICI, New Mexico DANIEL K. INOUYE, Hawaii
MITCH McCONNELL, Kentucky BARBARA A. MIKULSKI, Maryland
KAY BAILEY HUTCHISON, Texas PATRICK J. LEAHY, Vermont
SAM BROWNBACK, Kansas HERB KOHL, Wisconsin
THAD COCHRAN, Mississippi PATTY MURRAY, Washington
(ex officio) ROBERT C. BYRD, West Virginia
(ex officio)
Professional Staff
Katherine Hennessey
Dennis Balkham
Jill Shapiro Long
Jessica Roberts
Nancy Perkins
Chad Schulken (Minority)
Kate Eltrich (Minority)
C O N T E N T S
----------
Page
Opening Remarks of Senator Judd Gregg............................ 1
Trilogy Program Software......................................... 2
Opening Remarks of Senator Patrick J. Leahy...................... 2
Possibility of Scraping Key Trilogy Components................... 2
Assessments of Visual Case Files................................. 3
Lessons Learned.................................................. 3
Prepared Statement of Senator Patrick J. Leahy................... 4
Statement of Senator Barbara A. Mikulski......................... 6
Technology Programs Going Bust................................... 6
Statement of Hon. Robert S. Mueller, III, Director, Federal
Bureau of Investigation, Department of Justice................. 7
Zalmai Azmi, Chief Information Officer, Federal Bureau of
Investigation, Department of Justice........................... 7
Opening Statement of Director Mueller............................ 7
Completed Phases of Trilogy...................................... 7
Critical IT Improvements......................................... 8
Technology for Street Agents..................................... 8
Virtual Case File Answers........................................ 9
Two-track Visual Case File Plan Adoption......................... 10
Responsibility for What Went Wrong............................... 10
Virtual Case File Funding........................................ 11
Where Do We Go From Here......................................... 11
Aerospace Corporation Selection.................................. 12
Prepared Statement of Robert S. Mueller, III..................... 13
Quality of Personnel............................................. 19
Cost-plus Contract and COTS Products............................. 20
Enterprise Architecture.......................................... 21
How Do We Get the Money Back..................................... 21
Delivery Elements of VCF on Track................................ 21
Director Mueller's Responses..................................... 22
Federal Systems Integration and Management Request............... 23
Budget to Complete Trilogy....................................... 23
Reprogramming.................................................... 24
Recouping Funds from SAIC........................................ 24
Case Management.................................................. 25
Information Technology Development and Funds Recovery............ 25
Possibility of Scraping SAIC..................................... 26
Decisionmaking................................................... 27
Evaluating the 2004 Product...................................... 27
Accelerated Funding and Oversight................................ 29
Independent Evaluating Assistive Team............................ 30
File Management and Wireless Technology.......................... 30
Prepared Statement of Arnold L. Punaro, Executive Vice President,
Science Applications International Corporation................. 33
Prepared Statement of Gary P. Pulliam, Vice President, Civil and
Commercial Operations, The Aerospace Corporation............... 40
Prepared Statement of Glenn A. Fine, Inspector General,
Department of Justice.......................................... 60
Prior OIG Reviews of FBI Information Technology.................. 61
Background on Trilogy............................................ 62
Results of OIG Audit of Trilogy Project.......................... 62
Causes of Trilogy's Problems..................................... 65
OIG Conclusions Regarding Trilogy Project........................ 68
Additional OIG Reviews in the FBI................................ 68
Prepared Statement of Senator Charles Grassley................... 70
Additional Committee Questions................................... 71
Questions Submitted by Senator Patrick J. Leahy.................. 72
Virtual Case File................................................ 72
Terrorist Screening Center....................................... 80
FEDERAL BUREAU OF INVESTIGATION'S INFORMATION TECHNOLOGY MODERNIZATION
PROGRAM, TRILOGY
----------
THURSDAY, FEBRUARY 3, 2005
U.S. Senate,
Subcommittee on Commerce, Justice, and
State,
the Judiciary, and Related Agencies,
Committee on Appropriations,
Washington, DC.
The subcommittee met at 2:01 p.m., in room SD-192, Dirksen
Senate Office Building, Hon. Judd Gregg (chairman) presiding.
Present: Senators Gregg, Stevens, Mikulski, and Leahy.
OPENING REMARKS OF SENATOR JUDD GREGG
Senator Gregg. The subcommittee will come to order. I
appreciate Senator Leahy being here. We haven't really
organized as an Appropriations Committee yet, so we do not know
who is chairman of what and who is ranking where, but for the
moment, Senator Leahy is serving as the acting ranking member
for this subcommittee. It is nice to have my neighbor and
friend from across the river, as we refer to it, sitting here
as the Democratic leader on this committee.
This hearing is called, regrettably. I wish it wasn't being
held. I know the Director wishes it wasn't being held and the
Bureau does, also, I am sure.
For a long time, this committee has committed a large
number of resources, a tremendous amount of effort, on working
with the Federal Bureau of Investigation (FBI) to try to
upgrade the technology capability of the agents on the street
and the FBI generally, not only within the Bureau but as it
integrates with the rest of the Government, especially on this
core issue of how we fight terrorism. Part of this initiative,
of course, has been the famous Trilogy program, which has had
fits and starts, which has involved a large number of dollars
and in which we have made a serious effort.
The FBI, to begin with, needs to be congratulated. We are
3\1/2\ years out from 9/11 and we haven't been attacked, and
that is in large part because of the excellent work of the FBI
and the men and women of that agency who commit their lives to
making sure that we are secure. I congratulate the Bureau for
that and the American people thank you for it.
TRILOGY PROGRAM SOFTWARE
In addition, there have been some successes with the
Trilogy program that deserve praise. The bringing online of the
hardware was done on time and it appears to be well done.
But the big issue is the software which runs the hardware.
Here, we have a huge problem. It has been reported that we now
have independent evaluations and it appears that the Virtual
Case File (VCF) element, which is essentially the software
which would give the agents and the FBI the capacity to
adequately consolidate and track cases from agent to agent,
from field office to field office, from central command back to
field offices, has failed catastrophically.
And so we have got to address why it failed, first. Second,
we have to ask the question of who is responsible. I think that
is only reasonable because there is a large amount of
taxpayers' dollars that have produced very little for the
taxpayers, over $100 million minimum. And then, third, where do
we go from here, because this is a critical element of having
an efficient and effective FBI and especially an efficient and
effective deterrent to terrorism. So now that we have had this
very significant failure, how do we get back on track and what
is the timeframe, what is the cost, and most importantly, can
it be done?
The Director has kindly agreed to come and testify today. I
appreciate his courtesy in giving us time today on this issue.
We are going to proceed with trying to find out what is going
on and how we can fix the problem. We are not too interested in
spending a lot of time on the history of the blame. We are more
interested in figuring out how we fix the problem.
Senator Leahy.
OPENING REMARKS OF SENATOR PATRICK J. LEAHY
Senator Leahy. Thank you, Mr. Chairman. I agree very much
with what you had to say. Mr. Chairman, perhaps it is our New
England upbringing that we get somewhat worried about the
amount of money that has been put in here and will never be
recovered.
We have an important issue for the FBI in this. I am glad
that Director Mueller and Inspector General Fine have returned
to testify. I appreciate the time Director Mueller spent with
me yesterday, he and Mr. Azmi and others. I made very clear to
him my concern at that time on this and some other subjects.
POSSIBILITY OF SCRAPING KEY TRILOGY COMPONENTS
I know Groundhog Day was yesterday, but I think of that
movie, ``Groundhog Day,'' and the sense of deja vu the movie
had. It is unbelievable, given the years that have gone by, the
advances in technology that have marched on in the meantime,
that we are here today to discuss whether or not to completely
scrap a key component of the Trilogy project, the long-
anticipated Virtual Case File. It has been kind of a train
wreck in slow motion, unfortunately, at a cost of $170 million
to the taxpayers, or a very large part of that. We don't know
how much of a cost to the public.
I don't want New England reserve to fool anybody to think
that my reaction getting the initial reports of this was much
short of apoplectic, this unraveling of the Trilogy project, or
as some FBI agents have told me privately, the tragedy project.
It would bring the FBI's information technology into the 21st
century. That shouldn't be rocket science. Most companies have
to do that. It should be doable.
This has been a long and tortured effort. Back in 2000,
when we began discussions about Trilogy as a way to bring the
FBI's antiquated system into the 21st century, we were warned
of dire consequences to our security and our safety if the
improvements weren't imminent, if we didn't give them the money
so that it could be done right away. Well, we responded. We
devoted $581 million to the project.
ASSESSMENTS OF VISUAL CASE FILES
But time and again, it has fallen victim to escalating
costs and implementation concerns, mismanagement, and so on.
The estimated December 2003 deadline for completion of it
passed unmet. The program was then dubbed unusable. We now know
that it is being tested as the so-called ``Virtual Case File
(VCF/Light).''
The $170 million seems to have evaporated. Maybe some of
this, we can get back from those supplying software and
hardware. But what bothers me is that a lot of the delays in
communications, even though we asked in different committees--
and I am on the authorizing committee as well as the
appropriating committee--we never seemed--they weren't
communicated to Congress, and it wasn't because Republicans and
Democrats alike weren't asking. We were.
The FBI has repeatedly pressed for realistic assessments of
VCF, but getting straight answers from the Department of
Justice and the FBI have proved so difficult that we finally
turned to the Government Accountability Office (GAO) for an
independent assessment. It is only in the shadow of that
impending Office of Inspector General (OIG) report that
suddenly this comes to light. We have a classic example of too
many cooks with the unpredictable results.
The initial contract for VCF was modified 36 times. During
this period, the FBI had five different chief information
officers, I am told 10 different project managers. Beyond that
shuffling, several teams were brought into the process at
various times to help set requirements, assess deliverables,
and manage costs. Even the efforts of the GAO have been
thwarted by changes in personnel and trying to get answers.
Technology changes rapidly, I appreciate that. But the
private sector has to make these decisions under similar
pressures and it is not too much to demand the same from the
FBI.
The September 11 attacks did change the FBI's assessment on
what is needed. I appreciate that. But 3 years have passed for
the FBI to regroup. The Congress has responded with the
necessary financial resources.
LESSONS LEARNED
Now, this has been a very, very expensive lesson learned
program. Congress paid for something to be built, not for
learning what has to be built through trial and error. We have
to protect the American people. To do this effectively, the FBI
has to have state-of-the-art technology that works. It is a
vital task. Now we are going to have to spend more money to buy
what we thought we bought.
But I think that just simply spending money is not going to
be enough. We can't just keep throwing money at the problem. I
think that the FBI has got to stop hiding its problems. The
Department of Justice has to stop hiding its problems. You
know, you have a lot of us up here who have been very, very
supportive of law enforcement, very supportive of the FBI. I
have done this for 30 years in both appropriations and
authorizations. But, you know, the camel's back is broken, and
if you think that some of us who have been supportive in the
past are going to keep on spending money and we are not getting
answers, or are told all is well when it is not, it is just not
going to work.
Mr. Chairman, I agree with you. It is unfortunate we have
to be having this hearing, but thank goodness we are.
Senator Gregg. Thank you.
[The statement follows:]
Prepared Statement of Senator Patrick J. Leahy
I commend Chairman Gregg for convening this hearing today. This is
an important issue for the FBI and its missions in protecting the
country, and I appreciate the opportunity to serve as ranking member on
this hearing. I am pleased that both Director Mueller and Inspector
General Fine have returned to testify, I welcome them and the other
witnesses, and I look forward to their testimony.
I know that Groundhog Day was actually yesterday, but the subject
of today's hearing--problems the FBI is having with its computers--
calls to mind the sense of deja vu that the film of the same name
captured so well. It is unbelievable given the years that have gone by
and the advances in technology that have marched on in the meantime
that we are here today to discuss whether or not to completely scrap a
key component of the FBI's Trilogy project--the long-anticipated
Virtual Case File. This program has been a train wreck in slow motion,
at a cost of $170 million to American taxpayers and an unknown cost to
public safety. And sadly, VCF is but one of many Trilogy problems at
the FBI.
Apoplectic would be too mild a description of my reaction to the
unraveling of the Trilogy project--or the Tragedy project, as some FBI
agents have taken to calling it. Bringing the FBI's information
technology into the 21st Century should not be rocket science; it is a
complicated process, but it is certainly doable.
The history of the FBI's efforts to upgrade its information
technology has been long and tortured. Back in 2000, when we began
discussions about Trilogy as a way to bring the FBI's antiquated
systems into the 21st Century, we were warned of dire consequences to
our security and our safety if the improvements were not imminent. The
picture was bleak. The Bureau had no functional e-mail system at the
time, and over 13,000 desktop computers that were years old could not
run basic software packages. Congress responded by devoting $581
million to the effort.
These deficiencies had real-world consequences, hampering the FBI's
ability to share important and time-sensitive information internally
and externally with other intelligence and law enforcement agencies. In
testimony before the Senate Judiciary Committee, 9/11 Commissioner
Slade Gorton noted: ``[I]nformation technology problems . . . have
hampered the FBI's ability to know what it knows for years'' and led to
the now infamous incident of the Phoenix memo on terrorists and flight
schools that never made it to the attention of top officials who should
have seen it.
Time and again, the project has fallen victim to escalating costs,
imprecise planning, mismanagement, implementation concerns, and delays.
The necessary network, hardware and software upgrades were not
delivered in a timely manner. Consequently, the estimated December 2003
deadline for completion of VCF passed unmet. The program was then
dubbed ``unusable,'' and we now know that what is being tested is a
significantly scaled-down version, a so-called ``VCF-lite.'' And in
keeping with the past disappointments and delays, we have recently
learned that the future of this ``lite'' version remains in question.
Congress was led to believe that VCF was progressing on track
despite some delays and cost overruns on the project. Yet now we hear
that VCF may never be completed at all. In effect, that means for
Congress, for the FBI and, most importantly, for the American taxpayer,
this has been $170 million in ``vaporware''--widely advertised, but
never actually available for use.
There has been no shortage of opportunities for straightforward
reporting to the oversight committees of Congress as things began to
come off the tracks, including numerous hearings, punctuated by several
damaging reports from OIG, the Government Accountability Office, and
the National Research Council. These delays and disappointments were
never communicated to Congress, and it is not because Congress failed
to ask. The FBI was repeatedly pressed for realistic assessments of
VCF. But getting straight answers from the Justice Department and the
FBI proved so difficult that Congress finally turned to the Government
Accountability Office for an independent assessment. It was only in the
shadow of an impending OIG report that the reality of the situation has
come to light.
Director Mueller testified before the Judiciary Committee last May
and was specifically asked about the status of VCF. He testified then
that ``we are on track to deliver elements of virtual case file
capabilities by the end of this year. We are in negotiations with our
contractor on finishing out that last part of the Trilogy project . . .
But I do believe that when we are concluded this year, we will have the
foundation for cutting-edge technology for an organization our size.''
What was not presented in this hearing was any acknowledgement or
even any hint that progress had halted and the project was, in fact,
falling apart. This was an opportunity for Director Mueller to show
some accountability and be upfront with Congress about the problems
with the project. The FBI missed another opportunity to come clean
three months later when the Committee convened a hearing on the 9/11
Commission's recommendations.
It appears the FBI bears the brunt of the responsibility for this
derailment; a classic example of too many cooks, with the predictable
results. The initial contract for VCF was modified 36 times. During
this period, the FBI had five different Chief Information Officers and,
reportedly, 10 different project managers. Beyond all that shuffling at
the top, several teams were brought into the process at various times
to help set requirements, assess deliverables and manage costs. Even
the recent efforts of the GAO to audit the project have been thwarted
by repeated changes in the personnel responding to auditors' inquiries.
It is not clear to me even yet what the FBI truly knew and whether
the Bureau articulated what it needed, though initial reports suggest
the FBI made an art form of redefining and changing its requirements.
The project's contractor, Science Applications International
Corporation, has said it received changes on almost a daily basis--some
small, but many, significant. Unbelievably, the OIG reports that the
process for defining the requirements and baselines for the VCF
continues to this day. I look forward to hearing from Inspector General
Fine on this matter. The Trilogy project is reminiscent of other FBI
technology failures where the Bureau has ambitiously tried to build the
latest and greatest without properly assessing its needs. The FBI
custom-built the Carnivore system on the basis that it was ``far
better'' than any commercial product, but after very little use,
recently scrapped it for an undisclosed commercial product.
Technology changes rapidly, and I appreciate the FBI's efforts to
keep pace. But the private sector has had to make these hard decisions
with similar pressures, and it is not unreasonable to demand as much
from the FBI. The September 11th attacks did change the FBI's
assessment of what it needed. But three years have passed for the
Bureau to regroup, and in that time Congress has responded with the
necessary financial resources to assist the Bureau in adapting in these
tasks. This has been an outrageously expensive lessons-learned training
program. Congress paid for something to be built, not for learning
about what to build through trial and error.
I am aware of the concerns that have also been raised about the
performance of SAIC, the project's contractor, and I do expect SAIC to
account for any failures in its work product.
Our highest priority must be to protect the American people. To do
its job effectively, the FBI must have state-of-the-art technology that
works. This is a vital task, and now Congress will have to provide
still more funding to get the job done. But throwing money at this
chronic problem alone will not fix it. The FBI must stop hiding its
problems and begin confronting them. The FBI needs to engage in a full
working partnership with the authorizing and appropriations committees
to which the Bureau is accountable to for programs like this. Doing
that will better protect the public, conserve tax dollars, and save
everyone's time.
The camel's back is broken. For a course correction to succeed,
there must be a true accounting, and it is going to start today. We
want to hear what went wrong, who was responsible, and how we are going
to move forward.
Senator Gregg. Traditionally, we haven't had opening
statements beyond the chairman and the ranking member, but
obviously, participation today is by folks who are really
interested in this and I didn't know whether you wanted to make
a statement.
STATEMENT OF SENATOR BARBARA A. MIKULSKI
Senator Mikulski. Just very briefly, Mr. Chairman. First of
all, I want to thank you for holding this hearing. You have
always stood sentry over getting taxpayers' value for
taxpayers' dollar, and you were the first to hold public
hearings on the issue of terrorism, so we thank you for your
leadership.
Also to Senator Leahy, in the absence of a permanent Chair
of CJS, we thank you for filling in. It is also very possible
that if the draconian restructuring program of the House would
ever go through, I might Chair this subcommittee, which----
Senator Gregg. Or be ranking.
Senator Mikulski. Or just be ranking.
Oh, no, that is another restructuring.
Senator Leahy. I wasn't going to say a word.
Senator Mikulski. I am sorry.
Senator Leahy. I am just staying out of this one.
Senator Mikulski. I am sorry. I was so excited. That was
regime change, not restructuring.
But I also wanted to be here as a member of the committee.
I am a member of the Intelligence Committee. We went through
the 9/11 inquiry and we were absolutely very clear that our FBI
needed to modernize itself. We are proud of the FBI and we are
proud of the fact that we have asked them to retool their
mission, retool their people, and retool their technology. And
now, as we have moved forward to the reform necessary for both
intelligence and FBI, I think the Director is working very hard
on this retooling of the mission. The people that he has hired
have helped him do this. Now we have to make sure that we have
the right technology to do this.
TECHNOLOGY PROGRAMS GOING BUST
Right after 9/11, we found out that the FBI had 13,000
desktop computers that were outdated and dysfunctional. We also
saw that that whole idea of watch lists talking to each other,
offices talking to each other, and so on was outdated. We have
got to get this back on track.
As someone who has looked at these big technology programs,
whether it was in transportation, whether it was out of the VA/
HUD Subcommittee, they have always been a bust. I think maybe
we have to reexamine that rather than inventing things, that we
need to look at how to buy things off the shelf, how we can
move quicker, faster, cheaper, and save a lot of heartache, a
lot of heartburn, and a lot of taxpayers' dollars.
But I know today is the day for getting the FBI and its
financial and computer programs back on track and I look
forward to working with you in any capacity in which I might
find myself.
Senator Gregg. I look forward to that, also.
Senator Mikulski. I am ready to retool if I have to.
Senator Gregg. Mr. Director, we are ready to hear your
thoughts and explanations.
STATEMENT OF HON. ROBERT S. MUELLER, III, DIRECTOR,
FEDERAL BUREAU OF INVESTIGATION, DEPARTMENT
OF JUSTICE
ACCOMPANIED BY ZALMAI AZMI, CHIEF INFORMATION OFFICER, FEDERAL BUREAU
OF INVESTIGATION, DEPARTMENT OF JUSTICE
OPENING STATEMENT OF DIRECTOR MUELLER
Mr. Mueller. Thank you, Mr. Chairman, Senator Mikulski,
Senator Stevens. I do want to thank you, believe it or not, for
the opportunity to be here today to discuss this issue because
it is important. It is important to the Federal Bureau of
Investigation (FBI), it is important to the country, and I know
it is important to the Congress.
I do want to spend some time discussing the questions that
you, Mr. Chairman, have raised. As all of us know, the Virtual
Case File is a case management system constituting the third
prong of the FBI's mission technology program and is known as
Trilogy. It was first developed in 2001.
COMPLETED PHASES OF TRILOGY
I want to point out at the outset that the first two phases
of Trilogy have been successfully completed and, as the
chairman pointed out, have been deployed and have greatly
enhanced our information technology capabilities. We now have
deployed a high-speed network enabling our FBI offices around
the country and around the world to share data, including
audio, video, and image files. Our new IT infrastructure also
provides for secure communications with our intelligence
community partners.
We have replaced those outdated computers with more than
30,000 new desktop computers with modern software applications,
and we have replaced nearly 4,000 printers. We have 1,600
scanners, 465 servers, and as important, 1,400 routers that
have been installed.
As a result of the implementation of the first two prongs
of Trilogy, FBI personnel can now utilize a uniform suite of
software that enables our agents and our support to share
information quickly, reliably, and securely.
These efforts have also provided a foundation for a number
of new capabilities to support the FBI's counterterrorism
mission. I will point out at the outset that after September
11, while Trilogy and bringing Trilogy home was tremendously
important, it also at that time was critically important to us
to take our counterterrorism information throughout the Bureau,
information from elsewhere on counterterrorism, and place that
information in an updated investigative data warehouse. We now
have that information, that investigative data warehouse, that
has that information and provides to special agents,
intelligence analysts, and members of joint terrorism task
forces a single access point to more than 47 sources of
counterterrorism data that was only in the past available
through separate stovepiped systems.
We have new analytical tools used across multiple data
sources, providing a more complete view of the information
possessed by the Bureau. Users can now search up to 100 million
pages of international terrorism-related documents and other
structured records, such as addresses and phone numbers, in
seconds. They can also search rapidly for pictures of known
terrorists and match or compare the pictures with other
individuals in minutes rather than days.
CRITICAL IT IMPROVEMENTS
Other critical IT improvements have enabled the FBI to
proceed with unprecedented connectivity with our partners in
the intelligence and law enforcement communities. The SCION
network gives FBI personnel the ability to electronically
receive, disseminate, and share compartmented sources of
intelligence information amongst our various operating
divisions and with the intelligence community.
But despite these significant improvements, the Virtual
Case File, which is a case management application for improving
efficiency and records management, is not yet available to our
personnel. I can tell you, Mr. Chairman, as I have expressed in
private to yourself and Senator Leahy, there is no one who is
more frustrated, no one who is more disappointed than I at the
delays we have encountered in deploying VCF. I do believe,
however, it is important to the American people to understand
what the failure to deliver VCF means, and what it does not
mean, to the FBI agent on the street.
TECHNOLOGY FOR STREET AGENTS
I want to point out that the FBI agent on the street has
the state-of-the-art technology when it comes to surveillance.
Without getting into sensitive and classified information, I
can assure you that our ability to intercept and decipher
communications and to otherwise monitor criminal activity and
gather intelligence is among the best in the world. The FBI
agent on the street is able to communicate and share data
securely, whether by telephone, computer, or teleconference
with our partners, not only in the FBI but also in the law
enforcement and intelligence communities in the United States
and around the world.
What the agent on the street does not have is a user-
friendly format for inputting investigative and intelligence
information into his or her computer. Instead, the agent faces
a cumbersome, time-consuming process of preparing a paper
record of that information, seeking the necessary approvals,
and then uploading that document into an existing database. If
the agents had the Virtual Case File capabilities we had
envisioned, they could directly input information into their
computers, receive electronic approvals, and with the push of a
button upload information into the database where it would be
immediately available to others who need to access it, whether
it be an agent, an analyst, or other Federal employees and
State and local officials.
And by saying this, Mr. Chairman, I do not mean to say that
this does not affect our capacity to protect the United States.
To the extent that we are delayed, to the extent that we do not
have this Virtual Case File, we are not as effective or
efficient as we should be in protecting the people of the
United States, whether it be from terrorism or criminals within
the country.
VIRTUAL CASE FILE ANSWERS
Mr. Chairman, this afternoon, I would like to take this
opportunity to answer the three basic questions about Virtual
Case File which you elucidated in your opening statement. First
of all, what went wrong? Second, who is responsible for what
went wrong? And third, where do we go from here?
What went wrong? The development of the VCF application
started with a relatively simple concept that the FBI needed a
modern case management system. As the FBI's mission evolved,
particularly over the past 3 years, so did our technological
needs. And as a result of these changes and other issues, the
FBI faced obstacles in a number of key areas relating to the
VCF program.
We did not have a complete set of defined VCF requirements
when the original contract was signed in June 2001, and we did
not have a finalized set until the summer of 2002.
The contract which we entered into was based on hours
worked, a cost plus award fee, and we now know that these types
of contracts are difficult to manage.
But from our perspective, we also lacked skill sets in our
personnel, such as qualified software engineering, program
management, and contract management.
We underestimated the complexity of interfacing with our
legacy systems, of addressing our security needs, and of
establishing an enterprise architecture.
Recognizing many of those internal limitations originally,
we did decide to outsource the development of VCF, including
contract management and technology development. The contractor
responsible for delivering the user applications component,
including VCF, was Science Applications International
Corporation (SAIC). I know you are to hear from them today, as
well.
Following the establishment of the solid requirements in
November 2002, the original target date for completing VCF was
December 2003. I personally received a demonstration of the VCF
software in November 2003, and was impressed by what I saw at
that time. I anticipated that we would be moving forward
expeditiously to the installing of that VCF on our agents'
support computers in the relatively near future once we had
upgraded all of our computers from a Windows 98 operating
system to a Windows 2000 operating system. I, at that time,
believed that we were on the right track to deliver that which
our employees were seeking.
When SAIC delivered the first product in December 2003, we
immediately identified a number of deficiencies, 17 at the
outset. That soon cascaded to 59 and ultimately to 400 problems
with that software. In April 2004, we provided SAIC with a
document outlining the corrections we felt were needed and SAIC
ultimately agreed to remedy the deficiencies and deliver full
functionality, but only at a cost, an additional $56 million,
and a timetable, an additional year, which at that time we had
problems with.
TWO-TRACK VISUAL CASE FILE PLAN ADOPTION
So in June 2004, I decided to adopt a new two-track plan
for VCF, an initial operating capability, or IOC, and a full
operating capability, which is denominated as FOC. My goal with
the IOC was to identify and utilize some portion of the product
developed by SAIC since the fully functional case management
system as we had anticipated had not been delivered. The
portion of Virtual Case File currently being piloted is the
automated workflow process. Last month, several hundred
employees in the New Orleans field office began using the
system as their document routing system and will continue to do
so through the end of March.
The purpose of this pilot is to test drive the workflow
concept, validate the human-computer interface, create an
electronic interface to our legacy systems, access the network
performance, and develop and deliver an enterprise-level
training curriculum. The IOC, the initial operating capability,
is on track to accomplish these objectives.
As part of two-track plans, the FBI contracted with
multiple independent vendors to perform the following tasks:
Examine the Virtual Case File application delivered by SAIC in
December 2003, to determine if this software, as designed,
would meet the FBI's operational, security, and performance
requirements. Aerospace Corporation was tasked to determine if
the Virtual Case File application is scalable and can be
maintained and enhanced easily.
They were also asked to examine the current technologies
and vendors as well as available commercial off-the-shelf or
COTS, products. They were also tasked to look at those products
designed for other agencies to determine the best combination
to meet the FBI's needs. This effort was conducted jointly, not
only with ourselves and the Department of Justice, but also
with the Department of Homeland Security, to ensure our case
management efforts would be interoperable. In many ways, as
several of you have pointed out, the pace of technological
innovation and the need for information sharing has overtaken
our original vision for Virtual Case File and there are now
products to suit our purposes that did not exist when Trilogy
was first envisioned.
We have also asked a different contractor to review and
revalidate our users' requirements because the mission of the
FBI has evolved and there are new requirements for information
and intelligence sharing among different entities.
Last week, we received the final version of the Aerospace
report and provided copies to this subcommittee and to the
Office of Inspector General at the Department of Justice.
RESPONSIBILITY FOR WHAT WENT WRONG
Question number two, who is responsible for what went
wrong? Mr. Chairman, I am responsible, at least in part, for
some of the setbacks experienced with Trilogy and Virtual Case
File. I agree with the OIG's findings that FBI management did
not exercise adequate control over the Trilogy project and its
evolution in the early years of the project.
Let me also add that I agree with the OIG's finding that
with the new organizational structure and authority given to
the Chief Information Officer (CIO), Zal Azmi, in July 2004,
project management has now been given the attention that was
needed throughout the Trilogy project. Zal Azmi is here with me
today. He started with me as a special advisor on technology
issues when I first saw problems in the fall of 2003. He became
the Chief Information Officer in spring of last year, and
through his leadership, the FBI has implemented a coordinated
strategic approach to information technology. My prepared
statement outlines a number of the steps that Mr. Azmi has
taken as CIO and some of the accomplishments of him and the
people with whom he works.
I also will say, and I think it is shared in the testimony
from SAIC, that in addition to our shortcomings in overseeing
the Trilogy project, the contractor also bears some
responsibility. As discussed above, we retained a not-for-
profit federally funded contractor, Aerospace Corporation, to
conduct an independent verification and validation review of
the Virtual Case File, the VCF software as delivered by SAIC in
December 2003.
Aerospace in its report concluded that, and I quote, ``lack
of effective engineering discipline has led to inadequate
specification, design, and development of VCF.'' In the course
of their review, Aerospace could find no assurance that the
requirements were satisfied nor that the architecture concept
of operations and requirements were correct and complete. When
we received this report recently, we were indeed disappointed.
VIRTUAL CASE FILE FUNDING
With regard to the funding of Virtual Case File, this
committee has been supportive of our efforts and has generously
provided the funding we have needed to overcome obstacles and
attempt to move forward. Mr. Chairman, you and other members
are undoubtedly concerned, as am I, about losses we have
incurred as well as future investments we will need to make in
Virtual Case File.
We have invested approximately $170 million in VCF to date.
It is my understanding that our vendors have delivered services
and reusable equipment worth $53.3 million and that we have
$12.2 million in unspent obligations on our VCF contracts. This
results in a loss of approximately $104.5 million. I do not
take that lightly. It is $104.5 million that we will not have
to spend on other things. It is $104.5 million of the
taxpayers' dollars and I am tremendously troubled by that and
that is an understatement. I am disheartened by this result,
but remain confident in our ability now to deliver a case
management system to our employees' desktops in the future.
WHERE DO WE GO FROM HERE
Last question, where do we go from here? The development
and deployment of an investigative case management system
remains the top priority of the Office of the Chief Information
Officer. Some components of VCF that have been developed will
be incorporated into the long-term solution. We will leverage
the permanent interface that has been established with our
legacy data systems. We will assess the impact of an automated
workflow system on a field office and headquarters structure as
well as the performance of a case management system on the new
Trilogy network, during, and at the end, of the pilot testing
period. We will take with us a number of valuable lessons
learned in contract management, project management, policies
and procedures, modular development and deployment, data
security, and records management.
Not surprisingly, the pace of technology has overtaken the
development of unique software applications for the Bureau and
we may turn to commercial off-the-shelf, or COTS-based
products, to give us that which we had envisioned in Virtual
Case File. We are currently reviewing the Aerospace reports
which recommend that we discard VCF and start over with a COTS-
based product and which provide their evaluation of COTS
products as well as products in use by other Government
agencies. As we review these reports, we will continue to
consult with industry leaders to ensure that we develop a sound
long-term plan for our IT needs.
We will move forward with a phased, and I emphasize a
phased, development and deployment plan as recommended by the
National Academy of Sciences. Every phase will provide a set of
services that the FBI workforce needs and which was part of the
original VCF plan.
I cannot at this time estimate when this will occur, nor
can I determine right now what we will need in terms of
additional funding. I will tell you that we will work closely
with this committee and other committees of Congress to develop
the future for a Virtual Case File, and with the work of Mr.
Azmi and the people he has brought in, with input from persons
outside the Bureau, I am confident that we, in a phased way,
can replicate that which we had envisioned in 2000 and 2001 as
being a part of Virtual Case File.
AEROSPACE CORPORATION SELECTION
Mr. Chairman, before I conclude, let me say that I have
reviewed the testimony of other witnesses and there are two
questions that I would anticipate and would like to answer at
the outset.
The first question is, how did we select Aerospace
Corporation to conduct the independent verification and
validation review, and I am going to pass that over to Mr.
Azmi.
I am going to start on the second question, and that is why
did we limit Aerospace's review to the December 2003 delivery
of Virtual Case File and not include that which was produced in
December 2004 and that which we are testing now.
I will tell you, last spring, in 2004, after we saw the
problems we had in the version that was provided in December
2003, we entered into negotiations with SAIC, and at the end of
those negotiations it was clear from their leaders that we
would have to invest another $56 million and an additional year
of time to complete the project as we had anticipated with
SAIC. At that time, in consultation with Mr. Azmi, I felt we
needed an independent review of the work that had been produced
by SAIC and that is the version that we had to review at that
time. I am comfortable in having Aerospace or anyone else
review the initial operating capacity that is currently being
tested in New Orleans and here at the FBI headquarters.
Mr. Azmi may want to provide more input into why we asked
Aerospace to review the December 2003 delivery, and I would
also ask him to answer the question as to why we selected
Aerospace, because I believe that is when it would be
forthcoming, and then I will close.
Mr. Azmi. Mr. Chairman and members of the committee, thank
you for the opportunity to appear here today and respond to
your questions.
On the question, why we selected Aerospace to conduct an
evaluation of the VCF delivery of 2003, it was mainly a
recommendation made by the Director of the Science Board. When
I arrived in November 2003, I realized that the Director
already had a number of boards and advisors that were actually
providing input to the future of the information technology
within the Bureau. I met with the Science Board--the members
are former CIOs, technologists from both the Government and
private sector--and I presented the dilemma that we were facing
with VCF.
The software was delivered with 17 deficiencies. We
decomposed those 17 deficiencies to 59. Later on, we found 400
problems with the software, and that was the recommendation of
the Board, that we conduct an independent evaluation.
We had selected three sources of evaluators. Aerospace was
selected because it was a federally funded organization, a
nonprofit organization. It had worked with the Department of
Defense (DOD) and the intelligence community for more than four
decades. They were also capable of providing in-depth software
engineering review that we needed. For those reasons, we
selected Aerospace to conduct an independent evaluation of the
VCF software. Thank you, sir.
Mr. Mueller. Anything to add on why we selected the
December 2003 version to be evaluated?
Mr. Azmi. I can add only one point. When I arrived, I
looked at the contract and the contract stated specifically
that SAIC will deploy a working version of VCF by December 17,
2003. When I looked at all of the capabilities of VCF, what
should have been delivered and what was delivered, we decided
if we are going to invest in the software for the future of the
FBI, if we will have to stay with this software, we need to
understand what the software will provide to us, and that is
one of the reasons why we selected to evaluate that software
that was promised to the Bureau from the outset of support of
this contract.
PREPARED STATEMENT
Mr. Mueller. So in closing, those hopefully answer the
questions that would have been asked. I want to thank the
subcommittee, you in particular, Mr. Chairman, for your support
throughout this endeavor, your patience, understanding your
frustration. Mr. Azmi and I are happy to respond to any
questions that the subcommittee may have.
Senator Gregg. Thank you, Mr. Director, and thank you for
your forthrightness.
[The statement follows:]
Prepared Statement of Robert S. Mueller, III
Good afternoon, Mr. Chairman, Senator Leahy, and Members of the
Committee. Thank you for the opportunity to appear this afternoon and
address concerns relating to the FBI's Virtual Case File system, or
VCF. As you know, VCF is a case management system constituting the
third prong of the FBI's information technology program known as
Trilogy. The first two phases of Trilogy have been successfully
completed and deployed, and have greatly enhanced our Information
Technology (IT) capabilities.
--We have deployed a high-speed, secure network, enabling personnel
in FBI offices around the country and around the world to share
data, including audio, video and image files. Our new IT
infrastructure also provides for secure communications with our
Intelligence Community partners.
--We have also replaced outdated hardware with more than 30,000 new
desktop computers with modern software applications, nearly
4,000 new printers, 1,600 scanners, 465 servers, and 1,400
routers.
As a result of the implementation of two major prongs of the
Trilogy initiative, FBI personnel can now utilize a uniform suite of
software that enables them to share information quickly, reliably, and
securely. These efforts have also provided a foundation for a number of
new capabilities to support the FBI's counterterrorism mission. The new
capabilities include:
--The FBI's Investigative Data Warehouse (IDW) now provides Special
Agents, Intelligence Analysts, and members of Joint Terrorism
Task Forces (JTTFs) with a single access point to more than 47
sources of counterterrorism data, including information from
FBI files, other government agency data, and open source news
feeds, that were previously available only through separate,
stove-piped systems.
--New analytical tools are used across multiple data sources
providing a more complete view of the information possessed by
the Bureau. Users can search up to 100 million pages of
international terrorism-related documents and other structured
records such as addresses and phone numbers in seconds. They
can also search rapidly for pictures of known terrorists and
match or compare the pictures with other individuals in minutes
rather than days. Coupled with sophisticated state-of-the-art
search tools, the IDW enhances the FBI's ability to identify
relationships across cases quickly and easily.
--Other critical IT improvements have enabled the FBI to proceed with
unprecedented connectivity with our partners in the
Intelligence and Law Enforcement Communities. The Top Secret/
Sensitive Compartmented Information Operational Network (SCION)
gives FBI personnel the ability to electronically receive,
disseminate, and share compartmented sources of intelligence
information among the FBI's counterterrorism and
counterintelligence operations and with the Intelligence
Community. SCION also provides for video teleconferencing at
the TOP SECRET level.
Despite these significant improvements, the Virtual Case File--a
case management application for improving efficiency and records
management--is not yet available to our personnel. Mr. Chairman, no one
is more frustrated and disappointed than I at the delays we have
encountered in deploying VCF. But I believe it is important for the
American people to understand what the failure to deliver VCF means--
and what it doesn't mean--to the FBI Agent on the street.
The FBI Agent on the street has state-of-the-art technology when it
comes to surveillance. Without getting into sensitive and classified
information, I can assure you that our ability to intercept and
decipher communications and to otherwise monitor criminal activity and
gather intelligence is among the best in the world. The FBI Agent on
the street is able to communicate and share data securely, whether by
telephone, computer, or teleconference with our partners, not only in
the FBI, but also in the law enforcement and intelligence communities,
in the United States and around the world. The Agent on the street is
able to access FBI documents electronically on our existing computer
systems and to search those documents using multiple search
technologies.
What the Agent on the street does not have is a user-friendly
format for inputting investigative and intelligence information into
his or her computer. Instead, the Agent faces a cumbersome, time-
consuming process of preparing a paper record of that information,
seeking the necessary approvals, then uploading the document into an
existing database. If Agents had the VCF capabilities we envisioned,
they could directly input information into their computers, receive
electronic approvals, and, with the push of a button, upload
information into the database where it would be immediately available
to others who need access to it--Agents, analysts, other federal
employees, and state and local officials.
I want to emphasize, however, that although VCF would enable us to
do our jobs more efficiently, the absence of VCF does not prevent us
from fulfilling our counterterrorism, intelligence and law enforcement
missions. Again, VCF is not a database or an analytical tool used to
connect the dots--it is a case management system that will make it
easier for Agents to input and share the dots.
Having said that, Mr. Chairman, I thank you for your longstanding
interest in the VCF program and your commitment to hold a public
hearing to examine the setbacks which have plagued this program. This
afternoon, I would like to take the opportunity to answer three basic
questions about VCF: (1) What went wrong? (2) Who is responsible for
what went wrong? and (3) Where do we go from here?
What Went Wrong?
The development of the VCF application started with a very simple
concept--the FBI's need for a modern case management system. As the
FBI's mission evolved over the past several years, so did our
technological needs. As a result of these changes and other issues, the
FBI faced obstacles in a number of key areas relating to the VCF
program.
--We did not have a complete set of defined VCF requirements when the
original contract was signed in June 2001.
--The contract was based on hours worked--cost plus an award fee. We
now know these types of contracts are difficult to manage.
Although the requirements were solidified in November 2002, the
contract remained a cost-plus-award-fee contract.
--We lacked skill sets in our personnel such as qualified software
engineering, program management, and contract management. We
also experienced a high turnover in Trilogy program managers
and Chief Information Officers.
--We underestimated the complexity of interfacing with our legacy
system, of addressing our security needs, and of establishing
an enterprise architecture.
We will continue to confront these lessons moving forward.
Recognizing our internal limitations, we decided to outsource the
development of VCF, including contract management and technology
development. The contractor responsible for delivering the user
applications component, including VCF, is the Science Applications
International Corporation, or SAIC.
Following the establishment of solid requirements in November 2002,
the original target date for completing VCF was December 2003. I
personally received a demonstration of the VCF software in November
2003 and was impressed with what I saw. I believed that we were on the
right track to deliver to our employees' desktops the case management
system we were seeking. However, when SAIC delivered the product to us
in December 2003, we immediately identified a number of deficiencies in
VCF that made it unusable. Upon further examination, we discovered
nearly 400 problems with the software and, in April 2004, provided SAIC
with a document outlining the corrections needed. SAIC ultimately
agreed to remedy the deficiencies and deliver full functionality but
only at a cost--an additional $56 million--and a timetable--an
additional year--which were unacceptable to the FBI.
In June 2004, I decided to adopt a new two-track plan for VCF: an
Initial Operating Capability, or IOC, and a Full Operating Capability,
or FOC. My goal with the IOC was to identify and utilize some portion
of the product developed by SAIC, since the fully functional case
management system had not been delivered. The portion of VCF currently
being piloted in the IOC is the automated workflow process. Last month,
several hundred employees in the New Orleans field office began using
the system as their document routing system and will continue to do so
through the end of March. The purpose of the pilot is to: test drive
the workflow concept; validate the human/machine interface; create an
electronic interface to our legacy system, the Automated Case Support
System, or ACS; assess network performance; and develop and deliver an
enterprise level training curriculum.
The IOC is on track to accomplish these objectives.
As part of Track Two, the FBI contracted with multiple independent
vendors to perform the following tasks:
--Examine the VCF application delivered by SAIC in December 2003 to
determine if the software as designed will meet the FBI's
operational, security, and performance requirements. The
contractor, Aerospace Corporation, was also tasked to determine
if the VCF application is scalable and can be maintained and
enhanced easily.
--Examine the current technologies and vendors, as well as available
Commercial Off-The-Shelf, or COTS, software applications and
those designed for other agencies, to determine the best
combination to meet the FBI's needs. This effort was conducted
jointly with the Department of Homeland Security to ensure our
case management efforts would be interoperable. In many ways,
the pace of technological innovation and the need for
information sharing has overtaken our original vision for VCF
and there are now products to suit our purposes that did not
exist when Trilogy began.
--We have also asked a different contractor to review and revalidate
our users' requirements because the mission of the FBI has
evolved and there are new requirements for information and
intelligence sharing among different entities.
Last week, we received the final version of the Aerospace report
and provided copies to the Committee and to the Office of the Inspector
General at the Department of Justice.
Who is Responsible for What Went Wrong?
Mr. Chairman, I am responsible, at least in part, for some of the
setbacks experienced with Trilogy and VCF. I agree with the OIG's
finding that ``FBI management did not exercise adequate control over
the Trilogy project and its evolution in the early years of the
project.'' Let me also add that I agree with the OIG's finding that
``with the new organizational structure and authority given to the CIO
in July 2004, project management has been given the attention that was
needed throughout the Trilogy project.'' Mr. Chairman, I will address
that new structure and its accomplishments later in my statement.
In addition to our shortcomings in overseeing this project,
however, the contractor responsible for VCF bears some responsibility.
As discussed above, the FBI retained a not-for-profit, federally funded
contractor, Aerospace Corporation, to conduct an independent
verification and validation review of the VCF software as delivered by
SAIC in December 2003. We asked Aerospace to provide responses to the
following three questions:
--1. Did SAIC meet the stated requirements?
--2. Did SAIC develop a complete and correct Concept of Operations,
System Architecture, and System Requirements?
--3. What should the FBI do with the VCF software as delivered in
December 2003?
Aerospace concluded that ``lack of effective engineering discipline
has led to inadequate specification, design and development of VCF.''
In the course of their review, Aerospace could ``find no assurance''
that the requirements were satisfied, nor that the architecture,
Concept of Operations, and requirements were correct and complete.
Needless to say, Mr. Chairman, after three and a half years, this was
disappointing news.
With regard to the funding of VCF, this Committee has been
supportive of our efforts and has generously provided the funding we
have needed to overcome obstacles and attempt to move forward. Mr.
Chairman, you and the other members are undoubtedly concerned--as am
I--about losses we have incurred, as well as future investments we will
need to make, in VCF. We have invested approximately $170 million in
VCF to date. It is my understanding our vendors have delivered services
and reusable equipment worth $53.3 million and that we have $12.2
million in unspent obligations on our VCF contracts. This results in a
loss of $104.5 million. I am disheartened by this result but remain
confident in our ability to deliver a case management system to our
employees' desktops in the future.
Where Do We Go from Here?
VCF
The development and deployment of an investigative case management
system remains the top priority of the Office of the CIO. Some
components of VCF that have been developed will be incorporated into
the long-term solution. We will
--Leverage the permanent interface that has been established with our
legacy data systems.
--Assess the impact of an automated workflow system on a field office
and Headquarters structure, as well as the performance of a
case management system on the new Trilogy network, during and
at the end of the pilot testing; and,
--Take with us a number of valuable ``lessons learned'' in contract
management, project management, policies and procedures,
modular development and deployment, data security, and records
management requirements.
Not surprisingly, the pace of technology has overtaken the
development of unique software applications for the FBI, and we may
turn to Commercial Off-The-Shelf, or COTS-based, products. We are
currently reviewing the Aerospace reports which recommend that we
discard VCF and start over with COTS-based products, and which provide
their evaluation of COTS products as well as products in use by other
government agencies. As we do so, we will continue to consult with
industry leaders to ensure that we develop a sound, long-term plan for
our IT needs.
We will move forward with a phased development and deployment plan
as recommended by the National Academy of Sciences and required by
Federal information resource management policy. An incremental approach
ensures development and acquisition of the best available products on
the market. Every phase will provide a set of services that the FBI
workforce needs and which was part of the original VCF plan. I cannot
at this time estimate when this will occur nor how much in additional
funding we will need to invest to get there.
We will also give consideration to a Service Oriented Architecture
(SOA), as recommended in the Aerospace report. The concept behind an
SOA solution is to standardize enterprise services--such as searching,
reporting, and analyzing data--so that different groups of users can
reuse similar services to access dissimilar data sets throughout the
enterprise--such as our legacy systems of ACS, III, and our Telephone
Application. It appears that an SOA approach could provide a flexible
solution to the inflexible systems currently existing within the FBI
and would help us successfully implement a final product.
FBI Information Technology
With me today is Zal Azmi, who joined the FBI in November 2003 as
the Chief Information Officer. Through his leadership, the FBI has
implemented a coordinated, strategic approach to information
technology.
--Strategic Plan.--In December 2004, we completed our first release
of the Strategic IT Plan which maps out how IT will support the
FBI's and DOJ's Strategic Plan and mission goals over the next
five years. All IT projects are required to be consistent with
the FBI's and DOJ's Strategic Plans.
--Enterprise Architecture.--We established our baseline Enterprise
Architecture (EA) in 2004 and are in the process of developing
our target EA. We have created an IT Master Systems List
identifying all of the IT systems, applications, networks and
databases in the FBI and DOJ. All IT projects in the future
will be required to be consistent with the FBI's and DOJ's EA.
--Process Improvement.--Our Life Cycle Management Directive (LCMD),
which governs how IT projects are managed from ``cradle to
grave,'' is now consistent with industry best practices and
Federal government information resource management policies.
All IT Projects and Programs are required to pass through
rigorous project and executive level control ``gate'' reviews
for each stage, from inception through disposal. There are 7
gates, 9 phases, and 14 key supporting processes in the LCMD.
These reviews are the mechanisms for management control and
direction, decision-making, coordination, and confirmation of
successful performance.
--Portfolio Management Program.--This program focuses on performance
assessments of IT investments in the operations and maintenance
(O&M) phase of their life cycle. Since the majority of our IT
investments currently reside in the O&M phase, these
assessments help senior management make more informed decisions
about IT investments, in terms of both personnel and money.
Portfolio Management recommendations are focused on those
investments that should be leveraged, replaced, outsourced or
retired.
--Enterprise IT Tool.--The IT Portfolio Management Automation project
awarded a contract to develop the FBI's Enterprise IT tool.
This is a software package that will identify and track IT
projects with baselined plans, schedules, and costs. It will
also plan and track all FBI IT hardware and software
infrastructure procurements at an integrated, enterprise level.
--Capital Planning and Investment Management/Project Assurance.--The
Investment Management/Project Review Board now reviews and
approves new IT investments at specified stages of each IT
project's life cycle. We are also in the process of evaluating
the FBI's 130+ existing IT projects for overall health and
placement within the system development life cycle. This will
enable FBI executives to uncover and address cost, schedule and
performance risks. IT Investment Management will use our
Enterprise IT Tool to track new FBI IT investments to ensure
alignment with mission goals.
--Performance and Results-Based Management (IT Metrics).--We are
updating an IT Metrics program that identifies and measures IT
performance according to industry standards, government
regulations, and Earned Value Management System (EVMS)
principles. Currently, we publish a CIO Monthly IT metrics
report using the Balanced Scorecard Methodology. Our plan is to
establish EVMS for ``major'' IT projects. When a program or
project metric varies by more than 10 percent of the acceptable
thresholds for cost, schedule, and performance, it will trigger
closer scrutiny and remedial action by the Investment
Management/Project Review Board.
--Acquisition and Financial Reform.--IT Acquisition Reform, a joint
initiative between the CIO and the Chief Financial Officer of
the FBI and DOJ, will standardize and automate all procurement
actions, involving all IT acquisitions, as well as focus on
increased competition and small business involvement. In 2004,
the FBI entered into multi-year enterprise-wide agreements with
Microsoft, Oracle and Dell which have saved millions of dollars
in licensing fees. The savings derived from these contracts
have been reinvested into technology projects, such as SIPRNET
and FAMS (FBI Automated Messaging System). SIPRNET gives the
FBI desktop connectivity to the Intelligence Community and FAMS
is based on the Defense Messaging System (DMS). The FBI is the
first civilian agency to operate a classified DMS-like system.
--Leadership.--We have begun to train our Program and Project
Managers as well as executive management personnel to become
certified as Program Management Professionals (PMP), which is
in compliance with the federal guidance. We currently have two
certified Government and five contractor PMPs. Approximately 25
managers have taken the PMP review course and plan to take the
test. Another 20 are currently enrolling in the training
program. This and other leadership training provides best
practices and techniques to provide better management of the IT
projects and the enterprise IT portfolio.
--IT Policy.--We are in the process of updating a Master IT Policy
List. Once established, any new IT policies or modifications
will have to be reviewed and approved by the IT Policy Review
Board. The Master List will enable the CIO to monitor all IT
projects during the Life Cycle Management Directive control
gate review processes and enforce all applicable IT policies.
--Technology Assessment.--The FBI's Chief Technology Officer is
working closely with the Enterprise Architecture team of the
FBI and DOJ to standardize enterprise technology standards,
technical reference models, technical architectures, and
technical design reviews under the Life Cycle Management
Directive and system testing/integration. A unified test and
integration facility will allow for centralized technology
assessment that provides responsive IT solutions to meet
mission goals. These measures mitigate project risks through
common, interoperable, supportable and affordable solutions.
--Security and Information Assurance.--We have implemented an
Information Assurance Program which implements key IT
capabilities such as Public Key Infrastructure (PKI) and the
Enterprise Security Operations Center (ESOC), to strengthen IT
services in the FBI and DOJ and mitigate internal and external
threats. Certification and Accreditation is being required for
all IT Projects and Systems to further mitigate project risk.
CONCLUSION
Mr. Chairman, in the aftermath of VCF, the FBI is faced with
difficult decisions on how best to proceed with our evolving IT needs
and evolving technologies. This Committee and the American people have
my personal assurance that we will proceed as expeditiously and as
prudently as possible to provide our employees with the automated
capabilities they need. We have expanded the team of IT professionals
within the FBI, each of whom has demonstrated an ability to perform
under adverse circumstances. We have learned many valuable lessons over
the past few years and, as a result, will be able to apply these
lessons and avoid many of the pitfalls that befell this project in the
past.
I would like to close by thanking the Committee, and you in
particular, Mr. Chairman, for your support throughout this endeavor,
and I look forward to working with you and your staff as we chart our
course for the future.
Senator Gregg. The FBI has obviously got a problem and you
are willing to address it and you have been forthright in
explaining it, but I do think it is important to go back to
some of the causes of the problem and make sure that those
things are being addressed.
The Aerospace review, and I think choosing Aerospace, from
what I can figure out, was a reasonable choice. They are
independent and they appear to be quite objective. But they
have three basic findings. One, that the architecture was
developed without adequate assessment of alternatives and
conformance to various architectural standards and in a way
that precluded the incorporation of significant commercial off-
the-shelf software. I want to get back to that point because I
want to know if that was an intentional decision because it
appears to have driven cost.
Second, the high-level documents, including the concept of
operations, systems architecture, and systems requirement, were
neither complete nor consistent and did not map to users'
needs, which I find unusual.
And three, the requirements and design documentations were
incomplete, imprecise, requirements in design tracing have
gaps, and the software cannot be maintained without difficulty
and is, therefore, unfit for reuse. We are looking at the 2003
delivery, of course, but this was the format on which 2004 was,
I presume, built out of. And even if it wasn't, it still raises
huge issues since we paid $170 million to get it.
And then Aerospace concluded that it would be better not to
even develop it this way, that we should go to the off-the-
shelf approach, which raises three fundamental issues which I
am wondering how the FBI plans to approach them as it moves
forward.
The first one is, why didn't we have in the FBI the
technical people who would have picked up on things like
failure of architectural design, failure to meet standards
which were fairly consistent across the development of software
architecture which weren't being met? There was a huge turnover
of people during this period. Is it possible for an agency like
the FBI to maintain the quality of people that are necessary in
order to monitor a program of this size or should they--do we
almost as a matter of systems have to put that monitoring into
an independent group in order to make sure that we have the
talent necessary to double-check a contractor like this?
Second, why would we ever choose a cost-plus contract? I
mean, this experience of cost-plus is pretty horrific across
Federal funding activities.
And third, this point which Aerospace makes about actually
developing a software which wouldn't conform or wouldn't be
integrated with off-the-shelf activity. We know by definition
that technology mutates constantly and improves. I mean, isn't
it inherent to any technological system of this size that you
are going to want to be able to migrate to the next system,
which is going to work better, and that next system isn't
necessarily going to be internally developed, it is going to
probably be developed by some smart bunch of folks who spun off
from Massachusetts Institute of Technology (MIT) and are
sitting in a garage somewhere in hopefully New Hampshire?
But it is not going to probably come from within the agency
because you don't have the time and you don't have the people
and you don't have the talent. Or you have the talent, maybe,
but you don't have the time to focus on the mutation.
So have we addressed those three issues which I see as
systemic to the question of why it has failed?
QUALITY OF PERSONNEL
Mr. Mueller. Let me take a crack at them and then turn it
over to Mr. Azmi.
In terms of the quality of personnel we had in the Bureau,
I had a CIO, a very excellent CIO for the first year after I
was there. He then retired. I then went on a nationwide search
for a CIO which took about 8 to 12 months. The persons who were
proffered for a variety of reasons fell through and there was a
gap during that period of time in leadership at the CIO
position. That hurt us.
I also, perhaps due to my naivete, did believe that we had
the appropriate program managers. I had persons in from other
organizations such as IBM and Lucent. I came to find out that
there are project managers in a particular skill that we
needed. I did not provide to our project managers or to the
users group. It was a software engineer specialist with the
capability of drilling down into that which was being composed
by SAIC.
Now, do I have that capability now? I don't think, and I
will ask Zal, I am not certain that we have that full
capability to drill down into a particular software package and
determine whether everything is going as it should go.
I do know that we have greatly expanded our CIO office
under Zal Azmi. One of the things that he has brought is the
ability to give me the bad news early on. One of the problems
of anybody who runs an organization like mine is that people
want to give you the good news. They do not want to give you
the bad news. He has always been out there giving me the bad
news and he has brought on board a technology officer who is
the type of person that goes out and looks at each one of these
COTS products.
All that being said, we will have to augment our staff with
contractors. We will have to go and look, as we have in the
past, for expertise outside the Bureau to make certain that we
have covered all of these areas of expertise.
COST-PLUS CONTRACT AND COTS PRODUCTS
As to your second question, on a cost-plus contract, that
was entered into in the summer of 2000. I do not have the facts
or the understanding as to why we entered into a cost-plus
contract in the summer of 2000, in the summer of 2001. I can
tell you that my experience is we will never again in the
Bureau enter into a cost-plus product that can lead us so far
astray.
I will tell you that prior to the last piece of the second
part of Trilogy, which was putting in the networks, the local
area networks, the wide area networks, at the secret level, at
the classified level, which was a challenge, we had
difficulties with the cost-plus contract with that contractor
and ended up restructuring it so we got a commitment to produce
at a particular cost at a particular time.
Last, with regard to COTS products, as I become more
knowledgeable about technology, it goes without saying, I
think, that the world has come to be a plug-and-play world. You
don't get a full system of stereo television all in one package
by one manufacturer now. What you have is plug and play,
whether it be computers or your stereo or what have you. As we
have grown since 2001, it is clear that in developing a package
such as the Virtual Case File, we have to look at COTS
products. We have to use COTS products. We have to phase it in,
understanding that down the road 1, 2, or 3 years hence, we may
have to unplug a product and plug in a new one.
Zal, do you have anything to add?
Mr. Azmi. I want to add to the concept of cost-plus
contract. The Bureau originally actually got into this contract
in 2001 because we did not have all of our requirements
defined. However, in 2002, there was a joint application
development session between the Bureau and SAIC and, at that
point, we developed a solid base for requirements, and, at that
point, that contract could have gone to a performance-based
contracting. However, that contract continued as a cost-plus
contract.
I will say that in June 2004, when we decided to actually
develop the initial operating capability, we did move to a
performance-based contract. That is the main reason why the
software was developed on time and within the budget.
I would also add that even though IOC is only 10 percent of
the VCF, I think the concept is sound and we can implement that
for larger contracts.
ENTERPRISE ARCHITECTURE
The other question, Mr. Chairman, you had was about
enterprise architecture and what we are doing, where we are
going from here. I submit to you that we have already
solidified our requirements for Virtual Case File or a case
management system of the future. We have already mapped those
requirements through a Federal enterprise architecture
framework, which is the best practice, is the standard the
Federal Government uses. We have already mapped our software,
or our requirements to what they call a service reference
model. We have already done this mapping.
That will enable us to actually deliver a case management
system of the future in phases, with capabilities being
available to the users shortly after the contract is awarded,
and that is the concept we are going to move forward with, the
small deliverables and the contained time with program
management and project management disciplines in place.
HOW DO WE GET THE MONEY BACK
Senator Gregg. I want to make sure everybody has time here
so I will reserve my questions, but I am sure somebody is going
to ask you how we are going to get any of this money back and
that is a question I do hope we get to.
DELIVERY ELEMENTS OF VCF ON TRACK
Senator Leahy. Thank you, Mr. Chairman, and I would ask
also consent that I have a little time to put my full statement
in the record and keep this short.
Senator Gregg. Of course.
Senator Leahy. The reason I ask is that it would be
somewhat more lengthy because it also involves my other hat on
authorization.
Director Mueller, on May 20, 2004, you testified before the
Judiciary Committee. You stated, ``We are on track to deliver
elements of Virtual Case File capabilities by the end of this
year.'' I responded to that and I said, ``What elements and
what do you mean by elements?'' I don't think I ever got a
clear answer on elements, but you did say, quote, ``We are in
negotiations with our contractor on finishing out that last
part of the Trilogy project, the Virtual Case File, and my hope
and expectation is that that will be completed by the end of
this year. But I do believe that when we are concluded this
year''--2004--``we have the foundation for cutting-edge
technology for an organization our size,'' close quote.
At the same hearing in May 2004, Senator DeWine of Ohio
asked you this. Quote, ``Do you currently have enough money to
complete Trilogy? What will be the total cost of Trilogy? How
much money do you have left to spend on the program, and when
will Trilogy be completed?'' You responded, ``I believe we do
have sufficient money. I believe the total cost will be close
to $560 million. And the last piece of Trilogy, that is the
Virtual Case File, my expectation, it will be in by the end of
this year.'' Senator DeWine said, ``End of this year?'' You
responded, ``This year.''
Now, we do know that by the time you testified in May 2004,
almost 1 year ago, Virtual Case File was already on life
support. The FBI had already twice rejected SAIC's delivery of
the Virtual Case File. It already identified nearly 400
potential problems with the software. It had already been told
by Virtual Case File that correcting these problems would cost
an additional $56 million and an additional year. As you say in
your testimony today, they are both unacceptable to the FBI.
In addition, the FBI was already negotiating for a scaled-
down version of VCF, the initial operating capability of VCF
Light.
Just the day before the hearing when we asked you these
questions where we got a pretty rosy scenario, the FBI
submitted a request, Federal Systems Integration and Management
(FEDSIM), the contract manager, to estimate the cost associated
with shutting down 90 percent of it.
Now, I don't know anybody who has been more supportive in
the 30 years I have been here of the FBI than I have. Others
have been as supportive. I don't know of anybody more
supportive. I have been extremely supportive of you. But I am
ready to tear out what little bit of hair I have left.
Why didn't you mention any of these problems, all of which
were there, when you were asked about the status of the project
in May 2004? You had a friendly audience. You had me. You had
one of the leading Republicans, Mike DeWine. We were asking you
these questions, and the answers we got didn't comport with the
facts. Why?
DIRECTOR MUELLER'S RESPONSES
Mr. Mueller. Senator, I don't want you to lose the last of
that hair.
Senator Leahy. There is not much left, I can tell you right
now, nor is there any more patience.
Mr. Mueller. I will tell you, as we went through the
spring--and I would have to look at the dates--as we went
through the spring last year, I had voices telling me,
particularly from SAIC, that they could produce. I met with the
Chief Executive Officer (CEO) in the spring--I am not certain
of the date--and received from the CEO the assurances that we
could--and by ``we,'' I mean SAIC would produce and it was my
expectation that we would have a substantial portion, not all,
but a substantial portion of Virtual Case File by the end of
the year.
Now, when that came in terms of the timing of my testimony,
I am not certain. On the other hand, I will tell you that Zal
Azmi has always raised questions about this. I knew that there
were issues with regard to the project as it was given to us in
December 2003, but I had already been through a similar
circumstance with Computer Sciences Corporation (CSC) in which
we had to renegotiate, we had to go back to the drawing table,
and they came through under budget, on time, as we had done so.
And there was a part of me in the spring of 2004 that thought
that we could go through exactly the same exercise.
FEDERAL SYSTEMS INTEGRATION AND MANAGEMENT REQUEST
Senator Leahy. The day before the hearing, the FBI had
submitted a request to FEDSIM asking, what would it cost to
shut down 90 percent of it.
Mr. Mueller. I am not familiar with that. I am not certain
I was familiar with that at the time.
Senator Leahy. I hope not, because if you were familiar
with it, your answers to mine and Senator DeWine's questions
were totally inconsistent with what the facts were.
And then we sent follow-up questions to you. I did and
several others did. You told me you completed your responses
some time ago and sent them on to the Department of Justice for
review. It has been 8 months. I don't know who is good cop/bad
cop, to use an analogy in your business, who is good cop/bad
cop here, but we asked specific questions. The answers we were
given did not comport with the facts, and I will accept your
statement here today that you were not aware that the day
before, they were trying to figure out how to close down 90
percent of it.
But the answers--somebody has got to bear responsibility.
It can't just simply be, well, the Department of Justice told
us for 8 months, don't answer these questions. We are talking
about hundreds of millions of dollars and a friendly committee.
What in the hell goes on if it is an unfriendly committee?
Mr. Mueller. Is that a question, Senator?
Senator Leahy. Yes. When are we going to get the answers?
Mr. Mueller. Well, as I indicated to you yesterday, the
answers were provided to the Department of Justice in October.
We have been working with them. I am as frustrated that you do
not have the answers as you quite obviously are and I am
certainly willing to do what I can to work to get those answers
to you.
BUDGET TO COMPLETE TRILOGY
Senator Leahy. Well, let me ask you a specific question for
appropriations. Does the FBI have sufficient money to complete
Trilogy, including VCF or a similar case management system, or
will the FBI reprogram or request additional funds to fix and
find a replacement for Virtual Case File in this upcoming
budget cycle?
Mr. Mueller. What we are planning to do is utilize funds
that we have outstanding for this fiscal year and in 6 to 8--
and correct me if I am wrong, Zal, on this--and in 6 to 8
weeks, we ought to have a better feel for what it would cost to
bring on the various components that we are anticipating
bringing on in the phased-in development of Virtual Case File.
It would not be a 1-year phase-in. It would be a 2- or a 3-year
phase-in. At this point in time, having just received the
Aerospace report, we are examining all of our options and it
will be at least 6 to 8 weeks before we can come back to you
and lay out in front of you our strategy and say, this is what
we want to do. These are the COTS products we may want to use
and this is what it will cost.
I am looking to reprogram funds to do it, certainly within
this fiscal year, and then we will look at where we are when it
comes to 2006-2007.
REPROGRAMMING
Senator Leahy. Well, if you reprogram the funds----
Senator Gregg. Senator, if I can just interrupt, I think it
is important to note this phased-in development issue, because
this committee was actually very aggressive with the FBI saying
that this program should have been phased in at the beginning--
--
Senator Leahy. I remember that.
Senator Gregg [continuing]. As I think the Director will
recall, and so I think at least they should be credited with
the next steps they are going to do phases.
Senator Leahy. But then on that, where are you going to
reprogram the money? Does that mean you are going to reduce
other programs?
Mr. Mueller. We have carryover money of approximately $15
million and we are looking at other savings that we have
managed to put into Virtual Case File, or what will become
Virtual Case File, and we are also going to look at
reprogramming additional funds, depending on what we can do and
how fast we can do it in this fiscal year.
Senator Leahy. Will you report to this subcommittee--well,
the reprogramming, you will anyway----
Mr. Mueller. Absolutely.
Senator Leahy [continuing]. But will you report to this
subcommittee from what programs you are finding savings?
Mr. Mueller. Yes.
Senator Leahy. You understand the danger of that, of
course.
Mr. Mueller. Yes.
Senator Leahy. All right.
Mr. Mueller. I would anticipate we would have to. We
reprogram--if it is over a certain amount, we are up here in
any event, so----
Senator Leahy. We are just curious----
Mr. Mueller [continuing]. It is an ongoing----
RECOUPING FUNDS FROM SAIC
Senator Leahy. We are just curious what programs that we
have already authorized might get cut back or eliminated by a
reprogramming to take care of the mistakes in the VCF. By the
way, speaking of money, do you have plans to recoup funds from
SAIC, and if so, how much?
Mr. Mueller. We have referred the matter over to the
Department of Justice to look at, explore our options.
Senator Leahy. Are they going to get an answer back to you
quicker than they do to those of us in the Congress?
Mr. Mueller. All I can tell you is we referred it to the
Department of Justice, Senator, looking at to what extent
either of the parties are culpable. I do believe there is
culpability, as I indicated, on both sides. I am not going to
stand here and say that we are not in some part responsible for
the fact that it was not brought home on time. But as I say, I
believe SAIC was also responsible. The report from Aerospace
seems to indicate some of those deficiencies and we are looking
at our options to recover some of that money for the taxpayer.
Senator Leahy. Do you have any estimate of how much that
might be?
Mr. Mueller. I do not.
CASE MANAGEMENT
Senator Leahy. Okay. Let me ask you just two questions and
I will submit the rest, which is always scary because I will
probably never get the answer, but when will agents have a
functioning case management system in their hands?
Mr. Mueller. A basic case management system, and there are
various aspects to it--monitoring evidence, leads management,
and the like, but a basic case management system, certainly we
hope within 1 year. And I will tell you, I am guilty of----
Senator Leahy. One year from today?
Mr. Mueller. Yes. And I am guilty in the past of raised
expectations. I thought we were going to produce. Every time I
have gone to an office to talk to our people, I will talk about
the importance of technology, the desirability of bringing us
into the digital age, and have given them the expectation that
we would have had Virtual Case File certainly by now. I went
out and retrained a number of agents in support of Virtual Case
File. So I am very reluctant to give estimates, understanding
that I have been proven wrong in the past and I have raised
expectations, not only of the agents but also of Congress and
others who are interested in moving us into the digital age.
INFORMATION TECHNOLOGY DEVELOPMENT AND FUNDS RECOVERY
Senator Leahy. I will ask just one last question and I will
submit the rest, and I ask this question because the same
frustration--the biggest frustration I have in being unable to
get answers is that over and over again on the things that we
legitimately ask questions about, either the Appropriations
Committee or the authorizing committee, we don't find out until
we read it in the paper. We either find out because a newspaper
reporter is able to get more or a TV reporter, or somebody has
leaked something to them.
So let me ask you this. Are there other clouds on the
horizon with respect to the information technology efforts that
you might like to tell us about today before we read about it
in the press in the future?
Mr. Mueller. That is a very broad question.
Senator Leahy. I know it. It is a very broad subject.
Mr. Mueller. Are there any clouds on the horizon with
regard to the development of these systems? With regard to the
development of these systems, I think the last piece of Trilogy
was Virtual Case File, and I think you know exactly what we
know with the various reports. We, upon occasion, have other
areas in which technology is affected. We are currently looking
at an issue that does not relate at all to our sensitive
material--well, our classified materials, but is an issue which
I probably should raise to you in private.
Senator Leahy. Okay. Fair enough. Will you?
Mr. Mueller. I will.
Senator Leahy. Thank you. Thank you, Mr. Chairman.
Senator Gregg. Senator Mikulski.
Senator Mikulski. Thank you very much, Mr. Chairman.
Well, under this rock is another rock and under this rock
is a black hole. The future--I am concerned. First of all, we
can look back, but my concern is how do we move ahead.
Can you tell me, number one, are you thinking about
scrapping the program now that we have invested $170 million
into it, or how much of the $170 million are we able to kind of
recapture and get value for the agents to have what they need
in the field? Are we just bagging it? We have got so many
contractors there. You have got SAIC, and others working on the
other parts of Trilogy and of course now you have Aerospace,
the corporation's comments and evaluations. Where are we here?
What are you going to do? Are we scrapping a $170 million
program here?
Mr. Mueller. Let me start, Senator, by saying that the
total contract was for $170 million. We think we can recover
approximately $53 million of that in terms of software,
hardware that we have received in the course of that contract,
so that will not be lost. We have in excess of $12 million left
in the contract, which leaves approximately $104 to $105
million that we will not be able to recover.
POSSIBILITY OF SCRAPING SAIC
Senator Mikulski. Are you saying goodbye to SAIC now or are
they going to be the ones that everybody walks into the
woodshed, but then what happens after you come back from the
woodshed to the main building? Are we going to get the case
file----
Mr. Mueller. We are looking at all of our options and who
can----
Senator Mikulski. So you don't know who----
Mr. Mueller. We do not know who the contractor will be for
the next phases of the program. Now, are we scrapping the
program altogether, I think was one of your questions.
Senator Mikulski. Yes.
Mr. Mueller. The recommendation from Aerospace, based on
their review of that which was provided to us by SAIC in
December 2003, was to scrap the project totally. We are looking
at that. We are reviewing that. SAIC, I think, will tell you
when they testify that the product that they have produced for
us that is being tested down in New Orleans is state of the
art. It is very good and we should adopt that. We are looking
at that.
On the one hand, SAIC says we have produced and the product
we have got down in New Orleans is good and you ought to adopt
that. On the other hand, we have the report from Aerospace that
says, for a variety of reasons, you ought to scrap Virtual Case
File. So we are evaluating those two----
Senator Mikulski. But SAIC says, we have delivered you an
initial product. It is now in New Orleans being tested.
Mr. Mueller. Yes, and it is good, state of the art----
Senator Mikulski. Well, wait. Wait. We don't know yet. It
is being tested.
Mr. Mueller. That is what SAIC is saying.
Senator Mikulski. It is being tested.
Mr. Mueller. It is being tested.
Senator Mikulski. So, number one, you don't know whether
you are going to scrap it or not, and if you do, whether you
scrap it or not, moving ahead, you don't know who the
contractor will be. And if you don't know who the contractor
will be, then you don't know how much it will cost----
Mr. Mueller. Correct.
DECISIONMAKING
Senator Mikulski. So this is not a happy situation.
Mr. Mueller. No. I would agree with that. It is not a happy
situation when we are----
Senator Mikulski. And then my question becomes, then, who
is in charge to get this back on track and what are your time
tables? The chairman will have an appropriations deadline. We
have a very tight budget--we have been faced with spartan
allocations. And then who is going to be in charge to make all
these decisions? And I know you are going to say you are in
charge, okay. That is great. But like the Pope is in charge of
the Catholic Church, who is in charge of this confessional?
Mr. Mueller. Well, the way you put it, maybe I am in charge
of the confessional, but I will rely on Zal Azmi and his team
for advice and management of the process as we go forward. But
as I said before and I have said since I have arrived, and I
have said it in this context and other contexts, we need and
would look to outside, independent advice on whether we are on
the right track. We have had--and I have gone to any number of
outside entities to get advice on whether we are on the right
track, experts outside, and we will continue to do that.
Senator Gregg. Senator----
Senator Mikulski. Well, my time is up----
Senator Gregg. No, your time is not up, but I am just
wondering if I could interject a question here.
Senator Mikulski. Please, yes. I think this will work best
this way.
EVALUATING THE 2004 PRODUCT
Senator Gregg. Are you evaluating the 2004 product as it is
now being used in a demonstration in New Orleans independently,
and if you are, who is doing that?
Mr. Azmi. That product in New Orleans is a prototype or a
functional prototype of the VCF IOC, initial operating
capability. That software is one-third of the--I am sorry, one-
tenth of the VCF software. It is not all of the capabilities
that was promised. It is just one-tenth of that. Within that
software, the FBI has also included a number of capabilities
that were developed by FBI staff, programmers. So, that is a
combination of two programs that is being tested in New
Orleans.
By the end of March, we will shut down that evaluation
period and will have 30 days to actually gather information and
feedback from our users in New Orleans to see how they liked
it. That is the work we are doing with our staff over in New
Orleans, sir.
Senator Gregg. Can I postpone you for one more question?
Senator Mikulski. Sure.
Senator Gregg. You are saying it is one-tenth of what was
supposed to be delivered.
Mr. Azmi. That is correct, sir.
Senator Gregg. The project that was evaluated and found so
lacking by Aerospace, which was the 2003 product, was that the
entire product?
Mr. Azmi. That is correct, sir.
Senator Gregg. Thank you.
Mr. Mueller. I think----
Senator Mikulski. Did you want to pick up on my question?
Mr. Mueller. I think Mr. Azmi wanted to add on the answer
to your question, if he could.
Senator Mikulski. Yes.
Mr. Azmi. I know that Director Mueller is taking
responsibility for the program as a whole, but as the Chief
Information Officer for the FBI, it is my responsibility to
develop information technology to our users. What steps have I
taken since my arrival to actually make sure----
Senator Mikulski. When did you arrive?
Mr. Azmi. November 2003, ma'am.
Senator Mikulski. Thank you.
Mr. Azmi. We have taken a number of steps to actually
correct the deficiencies overall with information technology
programs within the FBI. But specifically for the VCF program,
what we have done, we have completed our requirements. We have
a requirements document for a case management system that our
users, our agents, and our analysts want and the FBI. We have
mapped those requirements toward services that are guidelines
by the Federal enterprise architecture framework. We have those
services. We have broken down those services into phases to
ensure that we have the ability and capability to deliver those
into phases.
We have also asked another independent contractor to
develop what we call an independent Government cost estimate to
tell us exactly how much every one of these phases will cost.
That report is due to the FBI by mid-February, ma'am.
Senator Mikulski. I appreciate that answer. I know my time
is about up----
Senator Gregg. You have as much time as you want.
Senator Mikulski. Director Mueller, did you----
Mr. Mueller. I wanted to add one other thing that has
become important. It was in the National Sciences report, and
that is the necessity for an enterprise architecture for the
FBI as a whole. We have never had an enterprise architecture.
We have been stovepiped. And one of the things we have done
over the last year is begin to develop an enterprise
architecture so that whenever we bring on an information
technology product, it fits within that enterprise
architecture.
For us to move forward, we have to have the enterprise
architecture to assure that whatever we bring in is consistent
with and works with other software and hardware packages that
we may bring on board, and that is a substantial advance for
us. We have a team working on it and I think we are on the
track to have one of the better enterprise architectures for
any institution in Washington.
ACCELERATED FUNDING AND OVERSIGHT
Senator Mikulski. Well, I appreciate these answers and I
certainly your attempt, Mr. Azmi, to try to bring order out of
chaos. I also appreciate the fact that after September 11,
there was this incredible need to retool the FBI. There was an
accelerated ops tempo, if you will, because we didn't know when
they were going to try to kill us again. We were still standing
sentry because they might be trying to kill us again in an hour
and a half.
So we understand the challenges you faced, the FBI faced,
and with this increased ops tempo, though, your Congress gave
you money as well as in a variety of homeland security agencies
money to protect the United States of America. That is what
these files and all this technology is all about, is to
maximize and leverage an agent to make that agent the most
effective person that they can to do the mission.
I am really concerned that after 3\1/2\ years, where in the
hell are we and have we just wasted money, have we just wasted
time, and how we won't repeat it again, because in the report,
it talked about how the FBI had changing requirements. It is
what we hear at the Pentagon. Every time they build a ship,
they meet with an admiral and a boatswain's mate and the
requirements get changed.
So my question--well, first of all, just know, I know you
are disappointed and I am disappointed. I believe that this is
a systemic issue with some of the accelerated funding in
homeland security and I think calls for additional oversight in
appropriations.
But now having then come back to where we are, with the
reforms Mr. Azmi has put in to bring order out of chaos, when
do you think you can tell the subcommittee what it is that you
want to do and how much it will cost?
Mr. Mueller. Two months.
Senator Mikulski. Two months.
Mr. Mueller. I think we will have a much better handle on
where we are at that time.
Senator Mikulski. Fine. But I think we also have to
understand the pressure that you--when I say you personally,
because we were together in some tough environments and I
respect you very much and all the agents. But, wow, I think we
kind of have to regroup, don't you agree, Mr. Chairman?
Senator Gregg. As usual, the Senator from Maryland has
gotten to the essence of the issue.
Senator Mikulski. Thank you. We look forward to working
with you, Mr. Chairman, and we look forward to making sure
there is not an empty chair here.
INDEPENDENT EVALUATING ASSISTIVE TEAM
Senator Gregg. It would be very enjoyable were you in that
chair.
And just to follow up on the Senator from Maryland's
points, which I think are absolutely correct, and Senator
Stevens actually made this point before he had to leave, this
could be a systemic issue across other agencies, as we tooled
up so quickly with technology that agencies that didn't have
the personnel capability to properly manage this tooling up
either bring online technology that can't migrate into the
greater needs, can't keep up with the changing times, or simply
can't do the job.
That is why I get back to this issue of should we have an
independent evaluating assistive team, where we have the level
of expertise there that is consistent and technically current
to come in and help an agency like the FBI. I mean, you have
got a good person in Mr. Azmi. I am extremely impressed with
Mr. Azmi. I have had a fair number of discussions with him. But
is the FBI ever capable of getting out of the trees and looking
at the forest on the issue of technology the way an independent
group might be able to help you?
Mr. Mueller. I think it is worth exploring. I think, as I
have come to learn, that development of software for a
particular organization requires a complement of individuals
within the organization who understand the work of that
organization----
Senator Gregg. That is obvious.
Mr. Mueller [continuing]. Usually called user groups, and
the experts on the other side who know the technology. And the
coming together of those two is exceptionally difficult. A
third party with the expertise, or a third entity that could
provide the expertise to an agency may be worthwhile.
Right now, we understand we don't have all the areas of
expertise in the Bureau and we go out to outside contractors to
bring that expertise in, in particular areas. But it is
certainly something that perhaps should be explored.
I will tell you also, in response to Senator Mikulski's
point about pushing hard on the technology, one of the things
that we did do which I think backfired on us is push hard after
September 11 to get the technology on as fast as possible
without understanding, fully understanding the detrimental side
effects to pushing too hard to get that technology on board
without going through, unfortunately, some tedious, time
consuming steps in order to get what you need, even though you
have to delay, and that is a lesson I have learned in the
course of working with Virtual Case File.
FILE MANAGEMENT AND WIRELESS TECHNOLOGY
Senator Mikulski. Mr. Chairman, just to you, after 9/11 and
then for those of us on the Intelligence Committee also
authorizing and appropriating with the FBI, it was, in every
one of the agencies where there was responsibility for
protecting us against predatory attacks, there was this
increased tempo and every desire to move quickly, even if we
made mistakes. It was better to make a mistake and spend the
money, but don't dilly-dally on the process.
At the same time, we had that sniper in Maryland, and I
wish you could have been there to see the FBI, Bureau of
Alcohol, Tobacco and Firearms (BATF), hundreds of agents in a
room about this size with wireless technology. That is when I
got a sense of the files, the management, and the
communication, how they all worked with all of the leads all
over America, with BATF and the ballistic lab, and then local
law enforcement. It was really stunning. And when we have the
right tools, it is amazing. But again, they were at the edge of
their chair, working with every tool at their disposal, and
even though some of those tools were out of date.
So again, we see the way they have to escalate to an
intense level. They have an attitude which we appreciate. Damn
the torpedoes. So if you make mistakes or you spend too much
money or whatever, at least grab the sniper, grab the killer,
grab the terrorist, grab the predator, and we have made
mistakes. These are big-bucket mistakes, but now it is to
regroup.
But I think it wasn't because there wasn't a desire to move
quickly and do a good job. I am not white-washing this, but----
Mr. Mueller. If I could respond briefly, Mr. Chairman, I
think if you look at it as a continuum, after September 11, if
you went into that room, you saw paper all around----
Senator Mikulski. You did.
Mr. Mueller [continuing]. Because we would have to take
down everything on paper and run it by paper. And if you went
into our SIOC in the wake of September 11, you would find piles
of paper around.
We evolved. When we worked with the other agencies, Federal
and local, it was pretty much a paperless organization, and we
have evolved to be paperless when we have challenges such as
that.
Unfortunately, we had to run files between offices. We did
not have the communications capabilities at the time of the
sniper attacks that we would want, even though we had the
paperless entry of information, and we have evolved yet from
there.
So we have made headway in a number of these areas that
enables us, particularly with substantial challenges such as
September 11 or the sniper attacks and the like, to do our
business digitally.
CLOSING REMARKS
Senator Gregg. Thank you Senator, which I think gets back
to what our purpose here is, is to make the agent on the street
more effective in protecting us. We know the commitment of the
Bureau. We know it is extraordinary. We know the people that
serve us there, including right up to yourself, are the best
and trying hardest and we respect that, but obviously the
taxpayers want to make sure they get value for their dollar, as
you do, too. So that is what this hearing is about.
I thank you. Thank you for your time. I appreciate your
courtesy in giving us so much of your time.
Mr. Mueller. Thank you, Mr. Chairman.
Senator Gregg. Thank you, Mr. Director, Mr. Azmi.
SUBMITTED STATEMENTS
We have a bit of an issue here in that we have got a vote
at 3:30 and a 4 o'clock event that I have to be at because the
leader told me I have to be there and I am a big fan of the
leader. So I think I am going to have to recess this hearing
and probably reschedule the second panel, which I regret,
because I think SAIC has every right to make their case in the
public. They have obviously got a case they want to make as to
their views, and obviously we would like to hear from Aerospace
and from the Inspector General.
The statements from these organizations not appearing and a
statement from Senator Grassley will be inserted in the record.
[The statements follow:]
Prepared Statement of Arnold L. Punaro, Executive Vice President,
Science Applications International Corporation
Chairman Gregg and Senator Leahy: It is a privilege to appear
before you today to testify concerning our portion of the work on the
Trilogy Project for the Federal Bureau of Investigation. Mr. Chairman,
I ask consent that my entire statement be entered into the record and
with your permission I am prepared to summarize.
INTRODUCTION AND CONTEXT
At the outset, let us say clearly that SAIC understands and
appreciates the overwhelming demands and difficulties that the FBI has
faced since the attacks of September, 11. While we disagree with the
Bureau over aspects of the Trilogy program history, we have only the
greatest respect for the dedication with which the Bureau has pursued
its mission of defending our nation under the enormous, and sometimes
conflicting, pressures that surfaced in the aftermath of the terrorist
attacks.
SAIC, with 45,000 employees, is the largest privately owned
research and engineering firm and one of the largest government
contactors in the nation. As employee owners, we have prided ourselves
since our founding 36 years ago on our ability to assist the U.S.
Government on programs of national importance. Our dedication to work
that matters is further reflected in an aggressive and pervasive ethics
program. How our company operates and how we are perceived are matters
of vital, personal interest to each and every employee. We have grown
to become a very successful and sought after company by providing
quality products and creating satisfied customers.
In that respect, let me mention several major, illustrative
software engineering projects successfully designed and deployed for
the FBI to illustrate the work we've done.
--The Combined DNA Index System (CODIS) is a national DNA database
system for use by United States and international law
enforcement authorities by creating DNA profiles and by
matching unknown profiles found in the course of criminal
investigations to profiles stored in local, state, and national
databases here and overseas.
--The FBI Interstate Identification Index (Triple-I) is the U.S.
national criminal history system that maintains more than 40
million data entries (the largest and most accurate criminal
history database in the world) and is used every day by state,
local and federal law enforcement agency in the United States.
--The National Instant Criminal Background Check System (NICS)
implements the Brady Act. SAIC was contracted to develop,
deploy, maintain, and support the federal, state, and local
governments in checking a citizen's eligibility to purchase a
firearm (handing in excess of 30 million purchases to date). It
handled more than four million calls per year from firearms
dealers checking purchasers against the national database. To
quote Mr. Michael D. Kirkpatrick (FBI Assistant Director in
Charge, Criminal Justice Information Services Division at the
time of the work) in his letter of appreciation to SAIC in
January 2004, ``Not only is the successful implementation of
the NICS directly attributed to the hard work and dedication of
the SAIC staff, numerous post-implementation challenges were
met head-on and overcome with SAIC's support--you have been a
trustworthy, customer-oriented partner.''
--Law-Enforcement Online (LEO) is a 24 hours a day, 7 days a week,
online, real-time, controlled-access web portal (more than
43,000 users) providing a focal point for electronic
communication, education, and information sharing for the law-
enforcement, criminal-justice, and public-safety communities
nationwide.
In sum, SAIC comes to this issue with a record of outstanding
achievement in challenging projects, including specifically for the
Federal Bureau of Investigation. We point this out not to boast, but to
provide the context for considering some of the issues that have marked
the public discussion of Trilogy and the manner in which SAIC has
performed on this contract.
The Results and the Reasons
--Trilogy began in a pre-9/11 world with very different circumstances
and requirements than those that exist now.
--The events of 9/11 caused massive and continuing change in the
project while the FBI dealt with enormous post-attack pressures
and demands.
--The FBI's requirements for the project--the list of what the FBI
wanted the project to have and do--grew and changed continually
while turbulence in FBI program management worked against
stability and definitive guidance.
--A key FBI decision to drop a controversial, high-risk plan for a
one-step conversion to a new system opened the way for a
sensible developmental approach of incremental improvements in
capability.
--The FBI and SAIC renegotiated the contract in summer 2004, coming
to firm agreement on requirements for the incremental
improvement through what is called the Virtual Case File (VCF)
Initial Operating Capability (IOC).
--SAIC acknowledges some areas where we made mistakes and
particularly where we failed to adequately communicate our
concerns to appropriate levels of management, to include the
Director of the FBI.
--SAIC delivered, and the FBI approved and accepted, VCF IOC within
the allocated budget and ahead of schedule to industry-standard
quality, offering FBI agents significant new tools in their
counter-crime and counter-terror roles.
Currently, the contract has a negotiated value of $130.3 million
and a funded value of $123 million. To date, SAIC has been paid $115.2
million. We expect to be paid the funded value of $123 million at
completion. In conjunction with this work effort, the company has
invested $3.9 million of its own money to support the Trilogy program.
Aerospace Corporation
Before presenting SAIC's testimony about the course of its work on
Trilogy in detail, I want to speak briefly to the report by the
Aerospace Corporation. While we have not been given a copy of this
report, we were allowed to read a copy last week at the FBI. We
appreciate that opportunity. Aerospace Corporation did not inform us,
nor attempt to discuss in any way its findings--a lapse we find both
inexplicable and contrary to the practices of inspectors general, the
General Accounting Office, and other scientific groups, who find that
comments from those reviewed contribute to a more balanced and useful
report.
The Aerospace Corporation produced a report on the wrong software
while failing to concentrate on central issues that determine system
performance.
Had they asked us for comment, we could have told them they
examined the wrong software. Mr. Chairman, I mean that in a literal
sense. Aerospace Corporation explicitly evaluated a snapshot in time of
the software as if it were a finished product when in reality, as
everyone should have known, it was still being developed. The Aerospace
Corporation says it found ``evidence of incompleteness'' and ``failure
to optimize.'' This is hardly unexpected in a work in progress that was
still months away from its delivery date. In academic terms, it was as
if we had been assigned a paper due December but then graded it the
previous summer.
The product we presented to the FBI in December 2004 is not the
product evaluated by Aerospace Corporation. VCF IOC was rigorously
tested and accepted by the FBI after meeting 100 percent of its
requirements.
Because the software evaluated was different from the software
delivered, SAIC believes that the Aerospace Corporation report is not
an adequate basis for deciding on a future course of action concerning
VCF.
This is not to say we accept Aerospace Corporation's judgments
about the product that was evaluated. We emphatically do not. The
Aerospace Corporation is a national asset in its realm of expertise:
aerospace. The Trilogy project is something else, altogether. We
respectfully--but strongly--urge this subcommittee to consider that
Aerospace Corporation did not bring a sufficient understanding of the
uniqueness, complexity, and scope of the FBI undertaking to evaluate
our software product.
Central to the Aerospace report is criticism of requirements
documentation. Time and again, in the Aerospace report we reviewed, we
saw instances where criticisms about requirements were based not on the
substance of the requirements or whether or not the product satisfied
the requirements, but rather on ancillary data such as syntax in
documentation. How well the product satisfied requirements was not a
part of their evaluation. Based on examination of the documentation
they concluded they were not assured the product would meet
requirements and went no farther.
In particular, SAIC categorically rejects the assertion that its
work lacked engineering discipline, an assertion that appears without
support in the document we read. This kind of assertion, without
rigorous--or even specific--support should be unacceptable in an
endeavor of this importance. For instance, Aerospace Corporation did
not look at the software development folders, which are key documents
on how the code was designed and written. These comprise the ``Bible''
for software developers. In a football analogy, it was as if Aerospace
Corporation was asked to scout another team which had made available
its playbook. They didn't bother to read it. In fact, they scouted the
wrong team.
Even so, Mr. Chairman, we would welcome the opportunity, late
though it may be, to discuss the findings with Aerospace Corporation.
It could only benefit the FBI, which is our aim here.
SAIC'S PARTICIPATION IN TRILOGY
The FBI's Trilogy program is a massive, multi-part, multi-
contractor program for broad-based modernization and improvement of its
information technology. In June 2001, SAIC was competitively awarded a
cost-plus-award fee developmental contract for the Trilogy User
Application Component (UAC). This is an appropriate contract type
because the project involved first working with the customer to develop
and agree on what was needed (the requirements) and then execute the
agreed tasks. The complexity and uniqueness of the missions of the
Bureau also argued for this approach. Some of the public discussion of
the Trilogy contract has been conducted as if the required tasks were
well known at the start, and easily achievable. At no point in time has
either condition existed.
At the time of award in June 2001, the contract scope for SAIC
called for development of a web front-end to the existing legacy
applications used to manage case information. When this effort was
complete, SAIC was to define an Enterprise Case Management System. This
was a measured low-risk approach building on existing, or legacy,
systems within the Bureau.
The attack of 9/11
The September 11, 2001, attacks had as profound an affect on this
project as it did elsewhere in the nation. Following 9/11, the Bureau
faced enormous and sometimes conflicting pressures. Prior to the
attack, the Bureau was dealing with revelations that a spy, Robert
Hansen, had plundered FBI secrets. Security and integrity of
information is a fundamental issue for the FBI. After the attack, it
faced three often conflicting demands:
--The need to share information in the post-9/11 world so authorized
personnel could both see and connect the dots to analyze and
exploit intelligence.
--The need, in the post-Hansen world, to prevent all but a few
specifically authorized people from seeing truly sensitive
information.
--The need to ensure admissibility of investigative information in
court in keeping with the complex body of legal, policy, and
Attorney General Guidelines under which the Bureau operates.
Thus, the FBI faces a task of great difficulty and complexity in
building an information technology system that simultaneously meets all
three imperatives.
Trilogy after 9/11
Following the attack, the Bureau fundamentally reexamined the
project. The earlier, measured approach of June 2001 called for
improving legacy systems. In the wake of the attack, the FBI correctly
determined that the legacy applications should be replaced to make the
Bureau more effective in responding to terrorists' threats as well as
to improve the efficiency of the continuing criminal investigative
mission.
In the months following 9/11, the Bureau conducted an independent
review of available Commercial Off-The-Shelf (COTS) systems and
Government developed systems, and determined they could not satisfy the
requirements. Therefore, SAIC was tasked to in February 2002 to develop
the replacement for the legacy systems using the original contract. The
SAIC UAC contract was restructured to incorporate an aggressive
development plan first conceived in February 2002. This became the
electronic Virtual Case File (VCF) contract. Thus, the FBI shelved 6
months of work that no longer fit the post-911 world, and directed SAIC
take on a much more ambitious, high risk project.
The Trilogy VCF was a large and complex enterprise-level
undertaking. There are no other criminal investigative management
systems of this scale in the world. In terms of size, the VCF DELIVERY
1 system was to manage millions of case files on Day One with an annual
growth of hundreds of thousands of cases per year. At start-up, the VCF
DELIVERY 1 system was to store and index more than hundreds of millions
of documents in a wide variety of formats. The VCF DELIVERY 1 system
would support 30,000 users geographically dispersed across the United
States and other countries. FBI agents, analysts, and support personnel
would rely on the VCF DELIVERY 1 to conduct nearly all the business
functions that support the criminal investigative process. The VCF
DELIVERY 1 was also to provide hundreds of interfaces to legacy
systems. The VCF DELIVERY 1 system would manage this workload while
providing a 3-second response to users as well as high system
availability. This would not be an ordinary case file management
system.
The VCF was intended, in sum, to provide the next generation system
supporting the FBI's case file management concept. It would be, as the
Justice Department Inspector General has reported, ``the first real
change in the FBI's workflow and processes since the 1950's''. The VCF
would move the FBI from its slow, paper-based processes into the
twenty-first century with electronic work flow. VCF, it was envisioned,
would support real-time coordination among agents, allow secure access
to, and reporting of case information for all those authorized to
receive it, regardless of organization or location. VCF would support a
dispersed community of users in creating, accessing, and managing
centrally stored electronic case file information. It would provide the
foundation upon which the FBI could migrate its disconnected business
processes into an integrated and seamless work environment.
Following the 9/11 attacks, time was of the essence. SAIC was asked
to devise an approach to deliver VCF in record time--on an even more
aggressive schedule. The new challenge was to define, develop, and
deploy a bureau-wide enterprise-level case management system in just 22
months. Without defined requirements or an enterprise architecture for
the FBI IT systems, this was a high risk approach that reflected the
post 9/11 atmosphere. Here is where SAIC made honest mistakes. We
should have made known that this approach was too ambitious.
VCF and ``flash cutover''
One of the key issues in the new VCF development strategy was the
so-called ``flash cutover'' approach. That meant, simply, that the new
VCF, in spite of its then undefined requirements, would not be
implemented via a low risk, evolutionary strategy, but rather would be
built as a grand design in record time and be implemented all at once
in a ``flash cutover'' from the legacy systems to the new VCF. SAIC
informed the Bureau this was a high-risk strategy. It was here that
SAIC should have made its concerns known to the Director. The FBI
insisted on this aggressive approach because of its critical need to
improve information sharing and case management. SAIC agreed to
undertake the challenge. In hindsight, this approach was a fundamental
error and, in May 2004, the National Research Council Computer and
Telecommunications Science Board was highly critical of the flash
cutover approach and instead argued in favor of an incremental
deployment model with prototyping and adequate time for test. From 2002
through mid-2004, the Bureau was committed to the flash cutover
approach; however, after the Academy report, the Bureau agreed to a
low-risk, incremental strategy.
During 2003 and 2004, the Bureau's understanding of how it should
respond, of what mechanisms and process it might need, and how it
should adjust the IT infrastructure to meet the challenges of fighting
terrorism continued to evolve. Not surprisingly, the impact on the VCF
program was continuing and significant. In the testimony of the
Department of Justice Inspector General before this Subcommittee in
March, 2004, the IG identified ``poorly defined requirements that
evolved as the project developed'' as one of the reasons for the delays
and cost increases in the Trilogy project. In fact, as recently as 4
months ago, the FBI had a team working to define, confirm, and refine
their case management requirements.
When the flash cutover approach was adopted, SAIC formulated an
approach to meet the aggressive schedule. SAIC used eight development
teams working in parallel and a program staff that reached 250 full-
time equivalents. The risks associated with the multi-team, parallel
approach became apparent in the fall of 2003. With multiple teams
working on vertical slices of the system at breakneck speed, SAIC did
not adequately enforce coding standards across the teams and this
resulted in less than uniform code. In addition, this approach resulted
in some level of duplication of effort in the code with different
approaches used to solve similar problems. This, however, did not
compromise the system.
Another matter affecting the VCF software development was
significant management turbulence. Since November 2001, there have been
19 Government management personnel changes that had a direct and
significant impact on the management of this project (11 FBI Changes
and 8 FEDSIM Changes). This lack of continuity among key Government
managers contributed to the problems of ensuring the effective and
timely implementation of this system. Each change brought new
directions, a different perspective on priorities, and new
interpretations of the requirements.
In its report on Trilogy last year, the National Research Council
spoke directly to the difficulty of developing software in the absence
of specific, settled requirements. As the Council noted, ``[I]t is
essentially impossible for even the most operationally experienced IT
applications developers to be able to anticipate in detail and in
advance all of the requirements and specifications.''
Probably the most damaging aspect of this development environment
was the ever-shifting nature of the requirements. SAIC development
teams would meet with the FBI agents assigned to the project to elicit
system requirements, then SAIC would translate that into software
designs. Often, however, the agents would look at the development
product and reject it. They would then demand more changes to the
design in a trial-and-error, ``we-will-know-it-when-we-see-it''
approach to development. The turbulence was not limited to the
immediate changes demanded. They would ripple though the related parts
of the software design. This cycle was repeated over and over again and
prevented SAIC from defining system acceptance criteria and suitable
test standards until requirements were finally agreed under VCF IOC
this past summer. SAIC expressed concern over the affect of these
changes on cost and schedule; however, we clearly failed to get the
cumulative effect of these changes across to the FBI customer. We
accept responsibility for this failure to elevate our concerns.
The most significant of these changes, occurring during the period
when the flash cutover strategy was in place, was to the Records
Management System. SAIC had actually selected a commercial off the
shelf (COTS) solution and the FBI had agreed to it. Then, late in 2003,
FBI representatives decided they wanted a different approach, which
would require changes to another COTS software package. The new COTS
vendor would not be able to modify the software until a new release of
the software was available in spring 2004. At this point, the grand
design approach of the flash cutover strategy had begun to fall apart.
In December 2003, we delivered an evaluation copy of the VCF
system. The FBI reviewed the product and identified 17 deficiencies,
some of which were actually more changes in requirements. These
deficiencies and changes were addressed by SAIC, and an updated version
of the system was provided in March 2004. The FBI then asked SAIC to
assess the cost and schedule impact of incorporating accumulated
changes and finishing Delivery 1. SAIC complied with this request in
April 2004, but the FBI chose not to undertake this course of action.
The goal established early in 2002--define, develop, and deploy a
bureau-wide, enterprise-level case management system in 22 months--was
now clearly in jeopardy and behind the aggressive schedule.
From VCF to VCF IOC
In May, 2004, a series of meetings between SAIC, the FBI, and
FEDSIM took place to define a new strategy. What emerged from these
meetings was a significantly different plan.
In these meetings, the Bureau agreed to modify its flash cutover
approach in favor of an incremental approach, allowing deployment of
new capabilities. Second, instead of replacing its legacy systems at
this juncture, the Bureau agreed to focus on creating new capabilities
based on legacy systems. Finally, the new approach was christened VCF
Initial Operating Capability (IOC) and it was set for Delivery in
December 2004. The fundamental understanding between the SAIC senior
leadership and Director of the FBI that enabled SAIC to go forward on
the VCF IOC was agreement, for the first time, on a fixed set of
requirements and defined acceptance criteria.
WHAT THE FBI RECEIVED IN VCF IOC
In December of last year, SAIC delivered VCF IOC. The project was
successful. It delivers significant new capabilities, complied with the
December, 2004 delivery date, was within the budget allocated for IOC,
met 100 percent of requirements established by the FBI for IOC, passed
a rigorous testing phase, was accepted by the FBI, meets or exceeds
industry standards for quality, and, most importantly, is working well
today for FBI agents in New Orleans and Washington Headquarters.
Functional capabilities
With VCF IOC the FBI has a system that will move agents from a
slow, paper-based system to a twenty-first century system for their key
investigative efforts. In the past investigative information was often
held-up in Field Offices, captured in agent notebooks, stored away in
filing cabinets, and generally held in different ways and different
means all across the country. VCF IOC makes critical information
available instantaneously, in a uniform, easy-to-access manner, to all
who need to access it regardless of their physical location.
Additionally, these new capabilities build a foundation for migrating
now-disconnected business processes into an integrated work environment
and provide the infrastructure required to add the additional case
management capabilities. Specifically, the functional capabilities of
IOC include:
--Investigative document import for the FD-302 and related documents
(the current mainstay of FBI investigative effort) and National
Security Letters.
--Electronic workflow, validation, and approval meeting legal,
policy, and Attorney General Guideline standards to ensure
admissibility in court.
--Upload of approved investigative documents into the appropriate
case files as serials in the legacy Automated Case Support
(ACS) system.
Infrastructure capabilities
If widely deployed, the infrastructure capabilities within IOC
would take the Bureau from its current paper-based circumstances into a
modern web-based environment. Specifically, IOC delivers:
--A modern 3-tier web based computing infrastructure (as a migration
target from the legacy mainframe).
--An effective web-based user interface, already well received by
agents who have seen and used it.
--Organizational Hierarchy maintenance infrastructure, which matches
IT infrastructure to the Bureau's organization.
--Automated interface to the legacy ACS.
--A significant part of the underlying infrastructure for security,
access control, auditing and logging.
--System management and integration with the FBI's Enterprise
Operations Center (EOC), a 24-7 monitoring and support center.
The functional and infrastructure capabilities in IOC enable the
rapid expansion of VCF capabilities, both to add new features and to
integrate software developed for Delivery 1 but not included in IOC. As
evidence of this, in November 2004, the FBI tasked SAIC to extend the
capabilities of the IOC system to provide a significantly broader
capability to the Agent users. These extensions were successfully
implemented in less than three months and provided to the FBI pilot
users, where they have been quite well received.
We believe the FBI would be well served by expanding these
capabilities beyond the pilot sites, even as an interim solution to its
urgent needs.
Beyond the capabilities and infrastructure active in IOC, SAIC has
done substantial work toward meeting the full set of requirements
articulated to date for the Bureau and enterprise-wide version of VCF.
The product of that broader work can be categorized in three groups. In
the first category are capabilities where implementation was complete
(or nearly complete), where integration and test were underway, and
where routine software problems were being identified and fixed. These
specifics of work done in these categories include:
--Case Management
--Leads
--Intake and Report of Investigative Activity (RIA)--which is a
different way of approaching the import documents in IOC
--Document Management
--Notifications and Ticklers
--Source Management
--Text Search
--Most of the Reporting Generation Capabilities
--Case Classification Hierarchy Maintenance Infrastructure
--The remainder of the underlying infrastructure for security, access
control, auditing and logging including complex business rules
address the potentially conflicting pressures to share
information post-9/11 and to implement need to know
restrictions post-Hansen.
Beyond completing the integration and test effort, additional work
would be required to deploy these capabilities focused on (a) resolving
outstanding requirements or implementation issues, and (b) adapting the
capability away from the flash cutover approach to the incremental
deployment strategy.
The second category represents capabilities where implementation
was in progress but engineering or requirements issues required
resolution before implementation could be completed, including:
--Evidence Management
--Analysis and Techniques and the remainder of the report generation
capabilities.
--Name search
--Resource tracking and management
--Crisis Case management
The third category includes capabilities that were late
requirements additions or implementation approach changes and
preliminary engineering efforts were in place. This would include
records management.
In addition to these capabilities, SAIC performed substantial
analysis and engineering efforts to document the complex and largely
undocumented legacy environment that has evolved over the years. That
effort was critically important to the FBI's information technology
initiative. In a December, 2002 report, the DOJ IG noted that the lack
of documentation for the legacy systems would limit ``how rapidly UAC
can be developed and deployed'' since ``the FBI must know what it has
before it can define the right solution to fix the problem''. The SAIC
team made significant progress in this area producing
--Over 300 Interface Control Documents (ICDs) covering the interfaces
between internal FBI systems and also with external systems.
--Extensive analysis and mapping of largely undocumented legacy data
to a relational model in preparation for migration into VCF.
CONCLUSION
In conclusion, SAIC has spent the last 36 years working hard and
ethically to support important work for the U.S. government and our
nation. We have been successful because we have delivered good work for
our customers. We followed a difficult path to get there. The Bureau
faces difficult choices in difficult and challenging times.
Unfortunately, the flawed report from Aerospace Corporation does not
provide a sound basis for making decisions about VCF IOC.
The information technology assignment that the FBI envisioned and
that SAIC accepted in June of 2001 changed dramatically after the
terrible events of 9/11. As the FBI struggled to respond to new
missions and conflicting demands, new technology requirements also
evolved, and we attempted to keep up. Finally, it became clear to all
that the grand design envisioned in the full version of Virtual Case
File was collapsing. The FBI agreed, instead, to an incremental
approach that would--and did--produce immediate and tangible results.
With the delivery of VCF IOC, SAIC has given FBI agents new capability
today--not at some uncertain point years from now, but today as they
work to combat both crime and terror across this nation.
SAIC pledges to the Committee and to the FBI that we stand ready to
work at cost with all parties to recognize the full potential of all of
the extensive documentation, analysis and code that has already been
provided to further enhance the capabilities of the FBI to perform its
vital tasks.
If the FBI's goal is to provide its agents enhanced capabilities as
soon as possible and at relatively low additional cost, then we
strongly recommend that the FBI continue to deploy VCF capabilities to
the agents using the highly successful incremental approach utilized
for the VCF IOC delivery and to evolve it along with their emerging
enterprise architecture. Using IOC should bring dramatic productivity
improvements now while the bureau develops a new system.
If, however, the primary goal has shifted to meeting the new
requirements of the new Federal Investigative Case Management System
(FICMS), or to adopt the latest technology and COTS components that did
not exist when VCF began, then the FBI's agents will have to wait until
these new programs deliver as yet undefined capabilities in three or
more years. The Trilogy IOC provides much needed capabilities today
that are scalable across the entire FBI and provides the foundation to
quickly add other required capabilities incrementally over the next
year.
______
Prepared Statement of Gary P. Pulliam, Vice President, Civil and
Commercial Operations, The Aerospace Corporation
Mr. Chairman, distinguished committee members, and staff: I am
pleased to represent The Aerospace Corporation and appear before you
today as you deliberate Trilogy and the Virtual Case File System.
As a private, nonprofit corporation, The Aerospace Corporation has
provided engineering and scientific services to government
organizations for over 40 years. We provide a stable, objective, expert
source of analysis. We are focused on the government's best interests,
with no profit motive or predilection for any particular design or
technical solution.
As its primary activity, Aerospace operates a Federally Funded
Research and Development Center (FFRDC) sponsored by the Under
Secretary of the Air Force, and managed by the Space and Missile
Systems Center (SMC) in El Segundo, California. The Aerospace
Corporation also undertakes projects for civil agencies that are in the
national interest and are consistent with our corporate role. Over 350
staff members focus exclusively on computer systems, software, and
information technology.
Our unique ``trusted agent'' role provided to the Air Force has
become known throughout the Intelligence Community. In executing our
FFRDC mission, and more specifically, our support to the National
Reconnaissance Office, our technical core competencies have become
known to the FBI.
1. INTRODUCTION
In 2001, the Federal Bureau of Investigation (FBI) began a major
information technology upgrade commonly known as The Trilogy Program.
The User Applications Component (UAC) is one of three basic elements of
Trilogy. Organizations such as the Government Accountability Office,
the Department of Justice Inspector General, and the National Research
Council have voiced serious concern about the progress in completing
Trilogy, and specifically the UAC. In response to these concerns, the
FBI developed and implemented a ``corrective action plan'' in June
2004. As part of the corrective action plan, the FBI requested that The
Aerospace Corporation (hereafter, Aerospace), conduct an independent
verification and validation of the UAC; specifically, the Virtual Case
File (VCF) Delivery 1.
This testimony summarizes findings and recommendations from the
independent verification and validation (IV&V) review of the VCF
Delivery 1, conducted by The Aerospace Corporation (Aerospace). This
testimony is extracted from Aerospace Report No. ATR-2005(5154)-4,
``Independent Verification and Validation of the Trilogy Virtual Case
File, Delivery 1: Final Report'', delivered to the FBI on January 21,
2005. The FBI, and the Vice President, Civil and Commercial Operations
of The Aerospace Corporation have approved release of this information.
This overall scope of the IV&V assessments of the VCF Delivery 1
included the system design, software design, overall security, and the
maturity of the development contractor's software development
processes. Each assessment comprised reviews and analyses of pertinent
documentation, source code, and process-related materials. In addition,
the assessment of the maturity of the development contractor's software
development processes included a site visit (November 9, 2004) with
interviews of key contractor personnel involved in the VCF Delivery 1.
The assessments summarized in this testimony were conducted in the
period August-December 2004.
It is important to clarify that this effort was not an IV&V in the
traditional sense of verifying that all requirements have been
satisfied, though requirement satisfaction was part of the assessment.
Neither was it an independent program assessment that focused on the
entire range of management, programmatic, contractual, and technical
issues. Rather, Aerospace conducted a detailed engineering assessment
of VCF Delivery 1 requirements and design documentation, source code,
and artifacts to provide a recommendation to the FBI on discarding or
remediating VCF Delivery 1 products.
Specifically, Aerospace was asked to address the following business
questions:
Question 1. Did the incumbent contractor meet the stated
requirements?
a. User Needs
b. System Requirements
c. Software Requirements
Question 2. Did the incumbent contractor develop a complete and
correct Concept of Operations, System Architecture, and System
Requirements?
Question 3. What should the FBI do with VCF Delivery 1?
a. Keep all of it?
b. Keep parts of it?
c. Discard it?
The remainder of the testimony is organized as follows:
Section 2 describes the methodology used in assessing the system
design associated with VCF Delivery 1, as well as the software design,
security, and the maturity of the development contractor's software
development processes.
Section 3 summarizes the findings made by the assessment teams in
terms of topics whose state of being influences the answers to the
three business questions. These topical groupings represent (1)
architecture, (2) requirements, (3) software quality, (4) performance,
(5) security, and (6) contractor processes. More detailed finding
statements are found in the Appendices.
Section 4 presents conclusions formed by examining the findings
across all six items of interest, as well as inferred findings based on
possible observed trends. This section addresses Business Questions 1
and 2.
Section 5 presents a framework for addressing Business Question 3
and a recommendation based on the framework. In addition, general
recommendations are given based on Aerospace observations.
2. APPROACH
The IV&V review consisted of assessments of the UAC documentation
and artifacts relating to system design, software design, security, and
the maturity of the development contractor's software development
processes. In addition, the IV&V assessment of the maturity of
contractor processes included a fact-finding trip to the contractor's
facility to conduct interviews and view additional materials. In
general, the methods used were tailored versions of those employed by
Aerospace in performing IV&V reviews of national security space
systems. The specific approaches utilized by a given assessment team
are summarized in the following sections.
Because IV&V is the process of verifying that requirements are
satisfied and validating that user needs are met, and because Aerospace
was limited primarily to documentation and artifacts, most of
assessment was spent examining the quality of and traceability through
the documentation and artifacts. This is in keeping with an essential
tenet of systems engineering that necessary conditions for a system to
be successfully implemented are that (1) documentation and artifacts be
complete, clear, concise, precise, and mutually consistent, and (2)
requirements be properly decomposed with bi-directional tracing between
successive levels of the system (e.g., user needs trace to system
requirements, system requirements trace to subsystem requirements, and
so forth through design, implementation, and test). Not only do these
conditions increase the probability of successfully implementing a
system, they are required for effective maintenance.
When possible, the assessment team used industry and government
standards as benchmarks against which the program documentation and
artifacts were measured. Although standards were not required on the
VCF development contract, standards were used in the assessment because
they encapsulate known best practices that should be used whether or
not they are required of a contractor. The use of standards also
eliminates a level of subjectivity from the assessment.
Given the scope and time constraints of the IV&V review, Aerospace
focused on a sample of program documentation and other artifacts. Two
notable exceptions were that (1) the group assessing the maturity of
contractor software development processes conducted a 1-day site visit
with the contractor to obtain answers to process questions and to view
sample reports and artifacts, and (2) a limited number of Aerospace
personnel attended a 1-day design review. In taking this overall
approach, it is important to note:
--With the exception of the 1-day site visit and the 1-day design
review, Aerospace did not have direct contact with the
incumbent contractor to address comments on the documentation
and potentially alleviate some concerns.
--With the exception of database performance testing, access was not
provided to the tests that occurred or the results of those
tests (hence, the review does not directly address how well VCF
Delivery 1 satisfies the user requirements but does so by
inference).
2.1 System Design Assessment
The system design assessment provided the system-level portion of
the IV&V review. The system design assessment was divided into two
smaller assessment activities: an evaluation of the system-level
documentation (i.e., cross-checking the system-level documentation) and
a system-level IV&V appraisal of VCF Delivery 1. The latter consisted
of an examination of requirements traceability, requirements
satisfaction, performance, and security.
2.1.1 System Level Documentation Assessment
To objectively assess the system-level documentation, Aerospace
identified standards against which the documents could be compared.
This section describes the ways these standards were used in the
assessment.
The CONOPS was reviewed and its content compared against the
reference standard embodied in the Department of Defense (DOD) Data
Item Description (DID) Operational Concept Description (OCD) [1]. (The
emerging guide for preparing CONOPS documents [2] that is being created
by the American Institute of Aeronautics and Astronautics (AIAA), in
conjunction with the International Council on Systems Engineering
(INCOSE), was also consulted for content and language.) In the review,
particular attention was given to the CONOPS with respect to:
--The description of the current system (e.g., operational
environment; major system components; interfaces to external
systems or procedures; capabilities and functions of the
current system; diagrams/charts depicting data flow and
processes; quality attributes such as reliability,
availability, maintainability, flexibility, extensibility;
personnel; support concept for the current system).
--The justification for and the nature of changes (e.g., description
of the needed changes; priorities among the changes; changes
considered but not included; assumptions and constraints).
--The description of the new system.
--Operational scenarios (e.g., the role of the system and
interactions with users; events, actions, interactions,
stimuli).
--The new system's operational and organizational impacts.
--The analysis of the proposed system (e.g., summary of advantages;
summary of disadvantages/limitations; alternatives and trade-
offs considered).
The SADD was reviewed and its content compared to the reference
standard found in the DOD DID System/Subsystem Design Description
(SSDD) [3]. (The Institute of Electrical and Electronics Engineers
(IEEE) Recommended Practice for Architectural Description of Software-
Intensive Systems, IEEE Std 1471-2000 [4], was consulted for content
and language.) The SADD was examined with respect to its:
--Presentation of system-wide design decisions. Specifically,
decisions regarding system behavior and the selection and
design of components; inputs, outputs, and interfaces; actions
the system would perform in response to inputs or conditions;
description of physical systems; selected algorithms; how
databases would appear to the user; approaches to meeting
safety, security, and privacy requirements; design and
construction choices.
--Descriptions of the system architectural design (e.g., hardware
configuration items, computer software configuration items, and
manual operations; concept of execution; interface design;
requirements traceability).
The SRS was also reviewed and compared against two applicable
standards: DOD Military (MIL) Standard (STD) 498, Software Development
and Documentation [5] and DOD DID System/Subsystem Specification (SSS)
[6]. (The INCOSE Systems Engineering Handbook [7] was consulted for
content.) The SRS was assessed against the full breadth of possible
requirements, to include:
--Definition of required states and modes
--Internal and external interface requirements
--Internal data requirements
--Safety requirements
--Environment requirements
--Computer-related requirements (e.g., resources, hardware, resource
utilization, software, computer communications)
--Quality factors.
In addition to performing reviews of the SADD, CONOPS, and SRS
against particular standards, the system-level documentation was
assessed for their mutual consistency, completeness, and
reasonableness.
2.1.2 VCF Delivery 1 Assessment
2.1.2.1 Requirement Traceability
Aerospace examined the completeness and consistency of user need
statements and their maturation into system requirements.
Aerospace extracted all system and software requirements from
traceability tables found in the SRS and the SRD, and examined parent-
child relationships between these documents. Comparisons were made of
each system requirement statement within the body of the SRS to that
found in the SRS traceability matrix. A similar comparison was made
with software requirements in the SRD.
Validation and verification was performed on subsets of the system-
level requirements involving access control and workflow (these
requirement areas were chosen, in consultation with the FBI, based on
their importance to the UAC). Specifically, Aerospace identified 22
system-level access control requirements and assessed all of them. Of
the more than 120 system-level workflow requirements identified, 52
were assessed. The 74 system-level access control and workflow
requirement statements were assessed against the following quality
attributes provided in The Engineering Design of Systems [8]:
--1. Clear and concise.--The requirement has only one interpretation
and does not contain more than it should. When clarity was in
question, the UAC Requirements Terms and Definitions Document
(RTDD) was used as the primary source for clarification.
2. In-scope.--The requirement does not impose anything unnecessary
on the system.
3. Design- and implementation-free.--The requirement does not
impose a design or implementation solution.
4. Verifiable.--The requirement uses concrete terms and measurable
quantities.
5. Free of TBD/TBR.--The requirement does not contain placeholder
statements or values.
6. Free of conflict or duplication.--The requirement neither
overlaps nor opposes another requirement.
7. Appropriate decomposition.--The traced-to software requirements
make sense and are complete.
8. Complete requirement set.--There is no appearance of missing
requirements related to the requirement being examined.
2.1.2.2 Requirements Satisfaction
Actual requirement satisfaction, as determined through a review of
requirement testing results, was not considered because test results
were not made available. For this reason, Aerospace relied on secondary
indicators of requirement satisfaction. For example, the assessment of
traceability of the CONOPS, SADD, and SRS was performed within the
system-level requirement traceability activity (Section 2.1.2.1), while
traceability of software requirements was examined in the software
source code and traceability analyses (Sections 2.2.3 and 2.2.5). Other
facets of requirement satisfaction were provided by other analyses.
2.1.2.3 Performance
Contractor test methodology and database performance test results,
as found in the Interim Scaling and Performance Test Report, were
examined to assess the performance of VCF Delivery 1. The goal of the
database performance evaluation was to identify areas of high
performance risk in the database schema and database Structured Query
Language (SQL) query code. Network, application server, and web server
performance were not examined.
In addition to examining the contractor test data, independent
checks on database performance were conducted through the following
means:
--Creation of an Entity Relationship diagram based on the contractor
database Data Definition Language (DDL) code, from which
further analysis of the database could be conducted.
--Examination of SQL code with respect to (1) system queries,
especially with respect to the use of table joins in clauses,
nested queries, outer joins, and cursors; (2) code complexity;
(3) performance risk factors; and (4) identifying the SQL code
critical path \1\.
---------------------------------------------------------------------------
\1\ Critical path SQL code is defined as those SQL queries that are
executed a majority of the time.
---------------------------------------------------------------------------
--Review of the database structure for signs of performance
enhancement attributes (e.g., table partitioning, table
splitting, denormalization, materialized views, and rollup
tables).
--Review of the database indexing to determine if table indexes were
selected for maximum SQL code performance.
--Analysis of the Virtual Private Database (VPD) implementation
performance risks (i.e., looking at the where clause predicates
that would be added to each and every SQL query).
--Evaluation of system scalability requirements through an
extrapolation of reported test results.
2.2 Software Design Assessment
The software design assessment comprised six distinct analyses:
software architecture, software requirements, source code traceability,
source code documentation, requirements traceability, and security.
2.2.1 Software Architecture Analysis
The analysis began with a review of the CONOPS, SADD, SRD, Software
Design Document (SDD), and accompanying component SDDs. In addition,
IEEE Std 1471-2000 [4] was reviewed because it was referenced in the
SADD.
The software architecture was examined using an abbreviated form of
the Architecture and Tradeoff Analysis Method (ATAM) developed by the
Software Engineering Institute [9]. Critical system and software
requirements (known as quality attribute requirements in the ATAM) were
identified in Exhibit 3-2 of the SADD, reviewed, and laid out to form a
quality attribute tree, with specification down to the scenario level.
(These system quality factors address scalability, extensibility,
reliability, performance, security, and evolvability.) Software
architectural approaches based on the high priority quality factors
were then iteratively elicited and analyzed, with risks, sensitivity
points, and tradeoff points identified. Part of the iterative process
included brainstorming and prioritizing the scenarios generated in the
utility tree based on stakeholder needs (in this case, because access
to the actual stakeholders was not possible, the prioritization was
based on information in the document artifacts); in the second pass of
the process, the scenarios were treated as test cases for the
architecture analysis.
2.2.2 Software Requirements Analysis
Software requirements analysis was conducted on data access control
and basic workflow requirements after a review of the SRD, SDD (and
corresponding volumes), thread design documents, and consultation with
the FBI. The quality of these software requirements was evaluated
against the following attributes found in IEEE STD 830-1998 [10] \2\:
---------------------------------------------------------------------------
\2\ IEEE STD 830-1998 was used because software requirement
specifications and system requirement specifications are different, and
each has a different set of recommended practices. There is a lot in
common between standards for system requirements and IEEE STD 830-1998,
and hence duplication, but the two types of standards address different
areas of scope for different audiences, and do so at different levels
of detail.
---------------------------------------------------------------------------
--1. Unambiguous and clear.--The requirement has only one
interpretation. The UAC Requirements Terms and Definitions
Document (RTDD) was the primary source for clarification,
followed by Webster's Dictionary [11].
--2. Consistent.--The requirements do not conflict, and requirements
use the same terms to mean the same things.
--3. Non-redundant.--There are no superfluous requirements. Each
requirement adds something new to the SRD.
--4. Complete.--Nothing is missing from the requirement. Each
requirement defines a user type, employs the verb ``shall''
once, and specifies an end result. Most requirements should
also have a performance or timing criterion.
--5. Single requirement and concise.--The requirement does not
contain more than it should. The requirement has no superfluous
detail and expresses only one need.
--6. Design- and implementation-independent.--The requirement does
not prescribe any design or implementation solution.
--7. Testable/verifiable.--The requirement uses concrete terms and
measurable quantities. Words like ``good,'' ``well,'' and
``usually'' signal that a requirement is not testable.
--8. Complete requirement set.--No requirements are missing. The set
of requirements defines those actions the software will take
given all possible types of input data when in all possible
states.
Information and findings were shared with and by the system design
assessment team to increase overall understanding of critical
requirements.
2.2.3 Source Code Traceability Analysis
This section summarizes the combined processes of the source code
traceability analysis and the software requirements traceability
analysis (Section 2.2.5).
Requirements in the areas of access control and basic workflow were
identified and traced from the software requirements to threads and SDD
volumes to the source code, using the SDD and corresponding volumes
(e.g., Workflow Volume), thread design documents, Test Plan, and the
RequisitePro� database. (The initial process of tracing from software
requirements to threads was abandoned after the FBI notified Aerospace
that the contractor had developed new documentation.) In conducting
these traceability analyses, emphasis was placed on:
--Correctness (e.g., does the documented design and source code
address the software requirements allocated to it?)
--Consistency (e.g., is the allocation of software to design and code
consistent across the documentation and supporting requirements
management tools; are allocations at the same level of detail?)
--Completeness (e.g., are all software requirements allocated to
design elements and code; do the design elements clearly and
concisely satisfy the allocated requirements given the design
level of detail?)
Tracings were examined from software requirements through software
design and code, and from software requirements to tests.
2.2.4 Source Code Documentation Analysis
Java source code complexity was determined for all modules. PL/SQL
source code complexity was examined for modules related to security,
basic workflow, administration, and case management software
components. The complexity of modules written in Java was determined
using McCabeQA�. ClearSQL� was used for modules written in PL/SQL.
Module size, in terms of source lines of code (SLOC), was determined
for the respective Java and PL/SQL modules because size is another
indicator of complexity. Those modules with the greatest complexity,
size, or relationship to other modules were then subjected to a peer
review: 191 Java modules, from the functional areas of data access
control, workflow, case management, administration, and components, out
of 309 high-risk modules; all 667 PL/SQL modules related to the
functional areas of workflow, security, administration, and case
management, 98 of which were determined to be high risk; and 42 JSP
modules in the functional areas of workflow, security, administration,
and case management, based on size and relationship to other JSP
modules. The underlying source code of the selected modules was
compared to contractor documentation (SDD and corresponding volumes,
thread design documents, Software Development Plan (SDP)), especially
with respect to design and test. Documentation was examined for
correctness, consistency, completeness, and suitability. The Java and
PL/SQL peer reviews focused on data and control flow, traceability of
modules from design documentation, correctness of comments, and other
elements of coding practices as defined by the development contractor's
coding standards expressed in the SDP.
2.2.5 Requirements Traceability Analysis
The activities of the source code traceability analysis (Section
2.2.3) and the software requirements traceability analysis were tightly
coupled. For that reason, the process description and status of the two
analyses are combined and reported in Section 2.2.3 above.
2.3 Security Assessment
The security assessment was based on the DOD Information Technology
System Certification and Accreditation Process (DITSCAP) [12, 13] and
the National Information Assurance Certification and Accreditation
Process (NIACAP) [14]. Project documentation reviewed as part of the
assessment include the SRS, SRD, SADD, CONOPS, Security CONOPS, SDD,
Security Volume, Admin Volume, Security Architecture, Security Plan and
associated support package, Privileged Users Guide, and Certification
and Accreditation Methodology.
Security-related requirements were identified from the available
documentation: the SRS, SRD, and the Security Volume of the SDD. The
design of the system was then examined with respect to the subset of
requirements to determine the completeness and accuracy of the system
design against this requirement set.
Certification and accreditation material contained in the System
Security Plan and System Security Plan Support Package was also
reviewed to determine its suitability and completeness with respect to
what Aerospace experience has shown is necessary for such an activity.
2.4 Software Development Maturity Assessment
The software development maturity assessment was conducted using
the same processes Aerospace employs for national security space
systems, but tailored to the meet the time constraints of this project.
A questionnaire was developed, based on the U.S. Air Force Software
Development Capability Evaluation (SDCE) [15], that addresses risks,
key requirements, and five areas of specific interest:
--Systems engineering (e.g., system requirements development,
management and control)
--Software engineering (e.g., software requirements management,
software design, software coding and unit testing, software
integration and test)
--Quality management and product control (e.g., quality management,
quality assurance, defect control, peer review, software
configuration management)
--Organizational resources and program support (e.g., organizational
process management)
--Program-specific technologies (e.g., database management, COTS,
trusted systems).
Answers to some questions were found in a review of the available
documentation: SRS; Master Plan; Configuration Management (CM), Risk
Management (RM), and Quality Assurance (QA) Plans; Software Development
Plan (SDP); Master Test Plan and Delivery 1 Test Plan; and System
Security Architecture. Questions that could not be answered from the
documentation, or for which additional information was needed, were
presented to the FBI and the contractor in preparation for an on-site
fact-finding visit.
At the time of the fact-finding visit (November 9, 2004) Aerospace
interviewed selected members of the contractor staff according to areas
identified in the questionnaire. The current Deputy Program Director,
who was the VCF Delivery 1 Program Manager, provided interviewees with
the questionnaire and scheduled interviews with most of the VCF
Delivery 1 managers. The Program Manager accessed the IBM Rational�
ClearCase�, ClearQuest�, and TestManager� files during the interview
sessions. Time constraints did not permit an in-depth review of the
files, but sample reports were printed, and examples of parts of the
Software Development Folders (SDFs) were reviewed.
Prior to the visit, Aerospace requested that the following
documents and artifacts be available for review: SDFs, the System
Engineering Master Plan, documentation from preliminary and critical
design reviews, deficiency report databases or spreadsheets, Rational
Rose� artifacts, metrics plans and reports, peer review reports, and
quality assurance reports. All requested items were made available and
reviewed, with the following exceptions:
--The System Engineering Master Plan was not provided. The review
team elected not to review it because it was not part of the
development contract baseline.
--Rational Rose artifacts were not reviewed. The review team focused
on the SDF because coding was accomplished based on the SDF
contents.
--No system-level preliminary or critical design reviews materials
were reviewed because these events were not conducted.
Materials from In-Progress Reviews (IPRs) and the System
Requirements Review were reviewed.
3. topical findings
The results of the Aerospace IV&V are grouped into six topic areas:
--Architectures (e.g., enterprise-, system-, and software-level
architectures)
--Requirements (e.g., concept analysis, system analysis, requirement
analysis, requirement quality, traceability)
--Software quality (e.g., software functionality, structure, testing,
documentation, thread methodology, database software)
--Performance (e.g., overall system performance of the database)
--Security (e.g., certification and accreditation, system security
administration, security requirements definition, security
design documentation)
--Contractor processes (e.g., processes defined by the contractor
that were or were not followed, processes that worked or did
not work).
Findings in each area are summarized in the following sections.
Each summary lists strengths and weaknesses, provides a high-level
summary of the most important strengths and weaknesses (individually or
in groups) and their implications, and gives an overall appraisal of
the topic area. Conclusions based on the findings are summarized in
Section 4.
With the exception of the software development maturity assessment,
all of the assessments were made strictly on documentation and
artifacts delivered to Aerospace. This has two consequences. The first
consequence is that this usually leads to noting more weaknesses than
strengths. If there is sufficient ambiguity or uncertainty of what is
intended in a document, a negative finding is generated, even if a
short conversation with the contractor could have removed the problem.
Therefore, the perceived state of what is being evaluated can be more
negative than the actual state warrants. Aerospace did three things to
reduce both the likelihood of this happening and the associated impact.
First, a fact-finding visit was made to the development contractor's
facility to resolve questions about their software development
processes. Second, industry and government standards were used to
provide objective measures of quality and practices. Lastly, Aerospace
looked at both documentation and product (i.e., source code) for
possible strengths or weaknesses in each area.
The second consequence of basing the IV&V review largely on
documentation is that the ability to transfer the existing document set
from the development contractor to a replacement contractor is tested.
In this instance many weaknesses could indicate there are significant
problems with the documentation or that the concepts being developed
are not clearly stated. In either case, it would be very unlikely that
a replacement contractor could pick up where the original left off,
thereby closing the door on a possible acquisition or maintenance
strategy.
3.1 Architecture
This section summarizes the strengths, weaknesses, and Aerospace
assessment of the architecture.
3.1.1 Strengths
The incumbent contractor specified a standard three-tiered Web-
based design pattern for the VCF architecture. A well-designed and
implemented system of this type should be highly flexible, extensible,
and scaleable, and should easily integrate new functionality. The
theoretical strength of the approach is that it is highly
componentized, generic, and built on open standards.
3.1.2 Weaknesses
Though the fundamental strength of the architecture lies in its
classic three-tier model, the fundamental weakness relates to the
failure to actually implement the system according to the specified
architectural concept. As a result, the system risks the ability to
maintain, change components (e.g., COTS, GOTS), reuse, or add new
functionality to the software. Maintainability and reuse are negatively
impacted by the tightly coupled, threaded design. Performance and
scalability are likely to be limited by the decision to implement VCF
in a centralized versus a distributed fashion. Furthermore, it is
possible that certain types of distributed architectures would provide
greater reliability through redundancy.
Though maximizing the use of COTS was a stated goal of the VCF
program, Aerospace found a limited use of COTS application products,
and a design approach whereby functionality available in COTS was
rejected, then reimplemented in VCF custom code. In addition, no non-
Oracle COTS search and analysis tools were found to be acceptable, as
no non-Oracle tools were found to be compatible with the Virtual
Private Database and associated access controls.
The use of most COTS software is precluded by the choice for
implementation of security and access controls at the data level. The
VCF system uses two types of access controls: functional access
controls, and data access controls. Functional access controls are
implemented primarily in application code written in PL/SQL within the
data tier. Data access controls are implemented using the VPD. Because
all of the access control mechanisms are enforced by the database, they
cannot be utilized by external applications. This is a fundamental
limitation in VCF architecture. This means that virtually all
functionality available in COTS that requires access control (including
document management, workflow, tasking and delegation) must be
implemented by developers in the VCF application in custom code. This
limitation extends to highly capable COTS search and analysis
applications, including link analysis and specialized applications used
in other law enforcement and intelligence community applications.
The manner in which the access controls were implemented in the VPD
feature of the Oracle database also imposes significant and
unacceptable performance delays. While most implementations incorporate
some of the controls available in VPD, and apply to a restricted subset
of database tables, this implementation uses all of the control
mechanisms and applies them to the tables that are used in virtually
every join operation required for the response to any normal database
query, resulting in significant performance degradation.
Remediation of these weaknesses would require a complete
reevaluation of the approach to security access control.
Lastly, the software architecture documentation does not conform to
the best practices identified in IEEE Std 1471-2000. For example,
stakeholder concerns are not directly mapped to the software
architectural responses, there is no viewpoint specification for the
software architecture description, a specific methodology is not
identified to represent architectural views, and known inconsistencies
among architectural description elements are not noted. Failing to
adhere to best practices can impact functionality, timeliness, and
schedule throughout the development cycle.
3.1.3 Appraisal
Decisions on architecture and the accompanying high-level design
are fundamentally important. Yet critical architecture goals have not
been met. There was a failure to appropriately assess the use of COTS
products. It appears that inadequate attention was given to the
performance requirements in relation to the choice of the Virtual
Private Database and the associated Access Control List (ACL) table to
implement the discretionary access control requirements. Analysis
targeted at determining the objects to be protected with discretionary
access controls, and methods of protecting these objects, may have
resulted in alternate design choices that had more attractive
performance characteristics. Likewise, by allowing the original three-
tier architecture to collapse to two tiers (thus failing to adhere
strictly to the Web-based design pattern), the architectural tenet on
separation-of-concerns was violated. Consequently, future technology
insertion is at risk, and maintenance and reuse of the VCF software
will be more difficult.
3.2 Requirements
This section summarizes the strengths, weaknesses, and Aerospace
assessment of system and software requirements (development, analysis,
and documentation).
3.2.1 Strengths
All of the system level requirements examined were found to be
within scope. There is no evidence of unnecessary features that could
constrain design and increase cost.
The System Requirements Specification (SRS) did not contain TBD (to
be determined) or TBR (to be reviewed) markings. This is generally a
positive indicator for systems that have progressed from the conceptual
phase to the development phase, since a lack of TBDs and TBRs usually
means that the requirements baseline is stable. However, the lack of
TBDs and TBRs provides no assurance that requirements are not missing.
Friedman and Sage [16] have pointed out that the lack of TBDs can
indicate that requirements have been suppressed or ignored, thus
creating what they call ``silent specs.''
Design and implementation details were not found in either the
system-level or software requirements; therefore, the developer adhered
to expected system and software development practices.
None of the examined data access control and the basic workflow
software requirements duplicated another. Avoiding duplicate
requirements eliminates needless requirements analysis and redundancies
in development and testing.
3.2.2 Weaknesses
The CONOPS is incomplete in that it lacks summaries of advantages,
disadvantages, limitations, and alternatives and tradeoffs considered.
It fails to show through analysis that the Information Presentation and
Transportation Network Components provide the necessary infrastructure
to meet UAC requirements.
The CONOPS does not agree with the SRS, resulting in concepts that
are not articulated as requirements in the SRS and requirements that do
not correspond to operational concepts. The expected relationship
between the CONOPS and the SRS is that the CONOPS should contain
statements of operational activities; the SRS should specify system
functions through functional requirements. A relationship should exist
between the operational activities and the system functions. Contrast
this relationship with that between the UAC CONOPS and the UAC SRS: the
relationship between operational activities and system functions is
missing; there is little correspondence between the statements made in
the UAC CONOPS and the UAC SRS functional requirements.
Neither the SRS nor the SRD address all of the requirements
expected in a specification. Failure to address the range of applicable
requirements can result in a system that is implemented in such a way
as to be unacceptable to the user or other stakeholders. Incorporating
the additional sections at this point in the life cycle would require a
major effort that would subsequently result in rewriting the design
documents and making changes to the source code as needed to
accommodate these design changes and would result in additional
integration and test effort.
The System Architecture Design Document (SADD) is incomplete
relative to expectations. Although the SADD lists architecture
constraints and goals, it does not describe how the architecture meets
them. The SADD includes neither decisions nor rationale for the
external interfaces, scalability, extensibility, maintainability, and
other items important to the architecture. The incomplete description
of the system design could lead to unspecified and untraceable software
requirements, which, in turn, leads to a system that does not meet
users' needs.
Inconsistencies exist between the Interface Definition Document
(IDD), the Interface Control Documents (ICDs), and the SRS. For
example, not all ICDs are referenced in the IDD, and some external
systems noted in the SRS do not have a corresponding ICD. Although the
SRS identifies external systems that currently interface with ACS and
the types of interface to be supported by VCF to ensure legacy support,
there are no requirements in the SRS that indicate the VCF must ensure
such support. The IDD itself contains only seven requirements
(``shall'' statements), six of which relate to the frequency of
interface execution. Inadequate interface definition puts at risk the
ability of VCF Delivery 1 to operate with legacy systems.
In addition to reviewing the requirements-related documentation for
inclusion of information typically expected in the documents, a quality
review of the system-level and software requirements was conducted.
Quality deficiencies include problems such as compound requirements,
conflicting requirements, ambiguous and undefined terms, use of ``and/
or'' in system requirements, use of ``et cetera'' in system
requirements, use of unverifiable words in system requirements, lack of
specified user category in software requirements, lack of response time
constraints in software requirements, and redundant system
requirements. These quality deficiencies may result in a system
implementation that does not meet the expectations of users and other
stakeholders. Specific problems and examples are provided in the
finding summaries.
The SRS did not completely cover requirements. Gaps in expected
system level functionality were found. Additionally, the Requirements
Terms and Definitions Document (RTDD) contained implied requirements.
Placing implied requirements within the RTDD does not ensure that the
expected functionality will be implemented.
Traceability was assessed on various levels and from various
perspectives. The expected relationship between need statements, system
requirements, and requirements for lower-level elements (e.g., hardware
and software) is that there is a strict downward flow of requirements.
Every need statement maps to a system requirement and every system
requirement maps to a need statement. Thus, there are neither
``childless'' need statements nor ``orphan'' system requirements. The
process continues in a like manner for the system requirements and
lower-level element requirements. Contrast this with what is observed
in the UAC need statements and requirement documents: need statements
do not flow exclusively to system requirements, and in many cases they
bypass the system requirements completely. The lack of traceability
from need statements to system requirements could result in a system
design that does not meet user needs and may implement features that
are not required.
Traceability was also assessed in the SRS review by conducting a
decomposition analysis on a set of requirements from the SRS to the
software level. The analysis identified problems such as incomplete
decompositions and decompositions that were more restrictive than the
system level requirement. Additional traceability analyses assessed the
mapping of system and software requirements to the traceability matrix;
errors were found in the trace. The mapping of business rules to
software requirements was also incomplete. Here again, the lack of
traceability from system requirements through design means that the
design may not meet requirements and may implement features that are
not required.
Finally, analyses were conducted of traceability from software
requirements to software design and source code, and from software
requirements to tests. There were three sets of artifacts that provided
traceability between the software requirements and the design: the
RequisitePro� database, the thread documents, and the SDD volumes. The
RequisitePro� database traced to the name of a thread, which was
associated with the corresponding portion of the SDD volume for basic
workflow and for data access control. The RequisitePro� database was
consistent with the traceability in the SDD volumes (with one
exception), but not consistent with the traceability in the thread
documents. It is Aerospace's understanding that the thread documents
were the original design documents and that the SDD volumes reflected
the as-built software. All but one of the software traceability
findings deal with the SDD volumes as opposed to the thread documents.
There was poor traceability from the software requirements for
basic workflow (BW) and data access control (DAC) through the design to
the software components. A spot-check analysis of the workflow code
shows that some software requirements do not appear to be covered in
the code itself. There are some DAC software requirements that are
inconsistently traced between the RequisitePro� database and the
Security Volume of the Software Design Document. Lack of adequate
requirement traceability into software design and code results in risk
that the software will not meet its stated requirements and greater
difficulty of modifying software when requirement changes occur.
There were several BW software requirements that were not assigned
to tests in the Delivery 1 Test Plan. Without these requirements being
validated in assigned tests, there is no certainty that the users'
requirements are completely met.
3.2.3 Appraisal
The requirements, analysis, and documentation associated with the
UAC and VCF Delivery 1 contain significant information deficiencies
that must be corrected to ensure an adequate system definition and
development process; a majority of the system and software requirements
examined contain quality deficiencies; and the requirements
decomposition and traceability chain, from the SRS to SRD to software
design components to source code to test documents, is weak because of
missing information and inaccuracies. Extrapolating these observations
to the entirety of the requirements, analysis, and documentation leads
to serious concerns about the maintainability and reusability of VCF
Delivery 1. Remediation could be very time-consuming and, because of
the traceability concerns, may not ensure that all problems would be
addressed.
3.3 Software Quality
This section summarizes the strengths, weaknesses, and Aerospace
assessment of the software, to include database software.
3.3.1 Strengths
VCF Java Package Standards, set forth in Appendix A of the Software
Development Plan, were followed. In particular, the Struts framework
was followed, compelling developers to follow a Model View Controller
design. This was significant because developers familiar with Model
View Controller design and the Struts framework should be able to
understand the flow of information in the source code and maintain the
presentation layer of software with little difficulty. Also, the
software components described in the Workflow Volume of the SDD were
almost all found in the code. This is important for maintenance
purposes.
3.3.2 Weaknesses
Commenting standards were not consistently followed in the source
code files that were analyzed. For example, very few functions or files
included a change history, and there were no references to the design
documents associated with each class. This inconsistency indicates that
coding standards listed in the Software Development Plan were not
always followed. Not following a formal software development process
for such a large system implies the lack of a disciplined approach, a
lack of coordination among developers, and a lack of standards
enforcement. The result of inconsistent comments is that the burden of
source code maintenance increases because programmers are forced to
search through the documentation every time the code needs changing or
when checking for possible side effects associated with making changes
to different classes. This weakness can be corrected only by going
through all the source code files and writing the needed comments.
There are also comments in the code that mention work that remains to
be done. This means that either the code is incomplete or that the
misleading code documentation was never removed from completed code.
This code should be examined in detail and compared to the design to
determine its status, and it should be tested to be sure it ran without
errors. Then these comments should be removed to eliminate confusion.
Some Java classes have modules with incomplete code and unused
code. This code cannot be validated because its purpose is unknown.
Such code can affect the safety of the system by performing unexpected
and unplanned operations. If the code is not fully validated, then the
proper operation of the system cannot be assured.
Some Java code contains inconsistent use of constants by hard
coding and some by using constants and database files for others. The
preferred method is to use constants and database files so that any
future changes can be made to the constant or to the database, thereby
ensuring completeness of the change. Hard coding requires that changes
be made to all instances and some may be missed.
Discrepancies were found between the thread design documents and
the Software Design Document volumes for data access control and basic
workflow. In addition, there were cases where more detailed design was
found in the thread documents than in the design documents.
Inconsistent design documentation is confusing to anyone trying to
understand, maintain, or modify the software.
The design documentation reviewed does not bridge the gap between
the Software Design Document volumes and the source code. Missing
design information included the relationships between the software
components; class parameter details; full definition of class
interfaces; and details on the purpose and logic of each function. The
existence of the code is listed in the high-level design, but not the
code behavior and interactions, which should be reflected in the lower
level, detailed design. Examples of missing design details include: (1)
the PL/SQL code for workflow contained a total of 111 modules, of which
57 were not mentioned in the SDD; (2) a discrepancy between the Java
files listed in the SDD volumes and the source code provided to
Aerospace. The lack of a detailed design document that included all
source code modules makes maintenance and modifications to the source
code more difficult and time-consuming, and would subsequently drive up
the cost of any future changes to the system.
The PL/SQL code has timing and design issues. With regard to
timing, each module writes a character string to the debug log (in one
module printing is initiated through the use of a debugging switch; in
all other cases the printing is hard coded). This has a negative impact
on code performance because it increases execution time; this practice
would be tolerable only during prototype development. As to design, the
PL/SQL code uses literals rather than symbolic constant variables in
the arguments of ``IF'' and ``WHERE'' statements. This code would be
nearly impossible to maintain by anyone other than the programmer who
developed it because there are no references to design documents that
define literals, such as the integer-type values. This is an example of
not following coding standards, or of not enforcing them. It would take
time to fix this code properly by replacing the literals with symbolic
constant variables so that it could be understood by anyone other than
the original programmer.
3.3.3 Appraisal
The source code appears to have been produced without adherence to
the procedures and standards stipulated in the Software Development
Plan. The source code examined is not maintainable with its current
documentation. Without reverse-engineering the missing documentation
and conducting thorough testing, the code should not be used for any
operational system. To reverse-engineer this system to bring it up to
the level for proper maintenance and support would cost about one-
quarter to one-half of the original cost of development. In most
systems, 15 percent of the cost is derived from the documentation
across all development stages. Testing, including documentation,
typically accounts for 40 percent. Approximately half of the
documentation needs to be completed. The remaining testing is expected
to be between half and all of the cost of a typical system. This
depends on problems found during testing.
3.4 Performance
This section summarizes the strengths, weaknesses, and Aerospace
assessment of system and database performance.
3.4.1 Strengths
None identified.
3.4.2 Weaknesses
The VCF system that was tested by the contractor was a development
version (VCF Delivery 1), which is missing requirements and is
inadequate for operations. The system did not implement a number of
features, such as the Virtual Private Database (VPD) or full production
scale of hundreds of millions of rows in the database. The measurements
(as documented in the Interim Scaling and Performance Test Report) only
present some CPU utilizations and end-to-end response times from/to the
web server. Disk, bus, and network actual performance were not provided
in the performance report provided to us and are presumed not to have
been tested.
The reported system performance and its performance analysis
approach are at best marginal. Only the least-complex transactions were
reported, and a number of those did not meet requirements even for the
scaled-down database without VPD. A fully populated production VCF
system based on VCF Delivery 1 would not meet requirements. In some
cases the response time would be hundreds of percent longer than is
required, and in worst cases thousands of percent longer than is
required. Such long response times are essentially nonresponsive.
The VCF database has the attributes of a logical database model
with large numbers of tables, a lack of denormalization, subtype
entities modeled directly to physical tables, and other logical data
model features. Logical models are rarely performance-optimal. The
typical database objects available for performance optimization (e.g.,
performance-based index selection, materialized views, table
partitioning) are absent from the VCF database. At the current
estimated row counts, the database will require heavy optimization in
order to scale properly; however, the developers did not do this.
The database load estimates were created using historical ACS
usage. While using historical ACS usage was a good starting point, a
more thorough analysis of the probable usage of VCF should have been
performed before translating these estimates into a testing protocol.
The database SQL code is not performance-optimized. The SQL code
throughout the system uses many of the constructs that are specifically
noted in the database manufacturer documentation [17, 18] as being
performance risks. Compounding the problem is the use of the Oracle VPD
feature for database security. The VCF implementation of this feature
causes even more poor-performing SQL code to be added to each and every
SQL statement in the database.
The executed performance tests were flawed in two ways. First, the
contractor did not isolate the database when the CPU utilization was
tested. Aerospace was unable to conclude whether the database CPU was
underutilized because it was not having a problem with servicing
requests or it was waiting on another dependent system. The database
CPU could also have been waiting on internal database hardware such as
bus data transfers. The second flaw in the performance tests is that
the test database was loaded at substantially lower row counts than
what is estimated as needed, even for the ACS database migration.
An enterprise such as the VCF requires to be managed by a Network
Operations Center (NOC). The NOC would include a Network Management
System (NMS), archiving, availability monitoring, and other system and
operational functions.
The NMS would include functions such as a help desk, trouble ticket
system, a network management console, and network management agents on
the managed workstations and servers. The NMS would use protocols such
as SNMP (Simple Network Management Protocol), RMON (Remote Monitoring),
and others. The lack of a requirement for an NMS would result in a
system that cannot be operated in a production environment, especially
after it is fully scaled to global production size. Any production
system requires routine archiving. Most systems have an incremental or
even a full backup daily, and a full backup at least weekly. Without
archiving, work could be lost, evidence misplaced or destroyed, and
investigations could lose their integrity. The lack of a requirement
for archiving would result in a system that cannot be operated in a
production environment, especially after it is fully scaled to global
production size.
Any production system must meet availability requirements
commensurate with its mission. A system that is unavailable could
result in an interrupted investigation due to lack of access to
investigation data, or the inability to record new information that is
crucial to progress in the current investigation and other affected
investigations that depend on new evidence collected. On top of that,
investigation resources would be lost when the system is down. The lack
of a requirement for system availability would result in a system that
cannot be operated in a production environment, especially after it is
fully scaled to global production size.
3.4.3 Appraisal
The system falls short of meeting requirements as tested. In
addition, the scaled-up system, with the VPD running, is highly
unlikely to meet requirements, particularly for the type of complex
queries needed by VCF. Simple queries would be hundreds of percent
slower than the type of queries that were tested by the incumbent
contractor. The situation would be far worse for complex queries
running on the scaled-up system. The system would fall short of
requirements with extremely long response times--thousands of percent
longer than is required. Such long response times are essentially
nonresponsive.
The database has many characteristics of a database still in
development: a physical implementation of the logical database model
that will undergo significant modification well before production, and
SQL coding statements structured in a way that is logically sound and
easily understood, but not optimized for performance. Developers
typically develop code in this manner, expecting that time will be
allocated to performance optimization once the code is functionally
correct. Code modifications are also easier before optimization.
The database hardware selection appears adequate for the raw
amounts of data that must be processed, but the database subsystem
requires a realistic test with all features active, especially the VPD
security and a full ACS migration data load. The production hardware
and COTS software (i.e., Oracle database, Sun server, and the Hitachi
Storage Area Network (SAN)) are technically capable products. However,
the current VCF database schema and SQL code implementation do not
contain the performance enhancements that would allow the hardware and
COTS database server to perform optimally.
3.5 Security
This section summarizes the strengths, weaknesses, and Aerospace
assessment of security.
3.5.1 Strengths
It appears that planning for system security was done at a high
level early in the program. Such planning increases the likelihood that
required security features (e.g., access control, audit) will be
addressed in the requirements and design, which, in turn, provides a
cost-effective path to certification and accreditation. Select areas of
the system not generally found in initial system security reviews
(e.g., infrastructure devices such as routers and switches that
nonetheless contain functionality that must be addressed from a
security perspective) were addressed in some amount of detail.
The system design provides for a limited interface controlled by
the VCF application and infrastructure (for non-administrative users to
interact with the VCF). This approach prevents exposure to security
vulnerabilities that may exist in the interfaces provided by underlying
products (not visible at the user interface), such as the command line
for an underlying operating system.
At a high level, these strengths point to an approach that, if
followed, would produce an accreditable system.
3.5.2 Weaknesses
Several weaknesses were discovered that create a significant risk
that the system will not be accreditable.
Broad areas of security requirements were neither well-defined nor
correctly decomposed to lower-level requirements. Although the coverage
area of the lower-tier requirements was the same as that in the higher-
level documents, the lower-tier requirement did not provide the
necessary detail to implement and test the system in support of the
certification and accreditation effort. Furthermore, the documents
identified as the primary means for the certification and accreditation
effort (the System Security Plan and the System Security Plan Support
Package) did not map to the requirements specified for the system. This
failure to identify the requirements to which the system would be
accredited greatly increases the risk that the system would not receive
accreditation, even if built to the requirements specified. Weaknesses
were found in design and implementation. The Privileged User Guide
should contain information to manage and configure the system in a
secure manner. However, there are many sections marked TBD, as well as
sections that do not provide the detailed procedures required to
perform critical configuration steps (e.g., specific configuration
instructions for the boundary devices so that fundamental assumptions
noted in higher-level documents can be achieved). Some of the detail
provided in this guide also appears as if it were copied from other
sources, and not modified for application to the VCF system. Without
specific configuration information, the trustworthiness of the system
cannot be assessed and the system will not be accreditable.
Furthermore, if the security features that are needed do not exist, or
do not support all of the capability being depended upon by the
architecture, then significant schedule and dollar costs will be
incurred.
The design documentation for the audit subsystem does not describe
how the audit requirements are being met, especially in the area of
management of the audit trail. While the Privileged User Guide contains
COTS audit configuration steps, there is no discussion concerning how
the VCF audit is managed, and how the VCF audit can be integrated with
the audit trails produced by the COTS products to provide a coherent
audit trail.
3.5.3 Appraisal
At a high level, the system security description appears to be a
good start in describing the functionality necessary to build an
accreditable system. However, in specifying and designing the system to
meet that functionality, it appears there are significant shortfalls.
Select requirements specifying the functionality are imprecise and
incorrectly decomposed. The design of critical identification and
authentication and audit subsystems do not implement a significant
portion of the requirements for those subsystems. The documents
supporting the certification and accreditation of the system and
security configuration are not complete.
While all of these issues can be remedied, at this point in the
product lifecycle there is a high risk that the system implementation
will not meet the security requirements, and that significant
additional costs (both to the schedule and in dollars spent) will be
incurred in trying to address the issues identified. There is a high
likelihood that the system as it currently stands will not be able to
be accredited without significant additional effort on the part of the
developer.
3.6 Contractor Processes
This section summarizes the strengths, weaknesses, and Aerospace
assessment of the contractor processes.
3.6.1 Strengths
Strengths regarding the development contractor's initial processes
include:
--Good organizational structure for program management and quality
assurance
--Selection of requirements, software, and documentation control
tools
--Use of peer review and audits as key elements of the quality
assurance process
--Good configuration management and integrated management tools
--Tracking of change requests.
A Chief Engineer was designated to monitor the development and
integration of the systems engineering, software engineering, and data
engineering activities. The Quality Assurance Manager reported to the
Group-level QA at a level above the Program Manager to provide
independent quality assessments of compliance with the established
procedures.
Processes and procedures for the software development were defined
and documented in the Software Development Plan. COTS tools for
managing these processes were selected and are the same as those used
frequently in other government developments. Configuration Management
to control and track the baselines and changes to the requirements,
documentation, and software was defined and controlled via an
integrated, automated tool suite.
3.6.2 Weaknesses
The Master Plan did not include planning information (such as key
events and tasks) and controls (such as system level reviews) for the
development task. The implemented risk management process included only
an ad hoc risk identification method--personnel identified perceived
risks to the Risk Management Board for analysis. Although the
organizational structure provided for integration of the engineering
tasks, there was a lack of engineering discipline as evidenced by the
lack of adherence to established processes.
The software methodology did not provide for the database design,
implementation, and test. There were neither top-level software
descriptions nor interfaces depicted in the Software Development Plan.
The database was developed after the software design, which led to
performance problems. Software integration testing was not planned for
in the Software Development Plan, and the test plans called this by
different names without describing how it was to be done. The system
integration manager and team did the software integration testing, but
this was not made clear in the documentation.
Requirements were tracked and reported in the RequisitePro� tool,
but software requirements were not traced to the code--only to the
threads (which is at a very high level).
The quality assurance (QA) program did not include QA activities
for the software code; QA only checked that the peer review process was
followed.
Software development folder guidelines were published in the SDP
and in the Minimum Thread Team SDF Layout and Contents, but did not
provide for a convenient structure to maintain the artifacts. SDF files
were dispersed in several different tools and in many folders, making
it difficult to find a complete SDF.
3.6.3 Appraisal
The major process strength of VCF Delivery 1 was the documenting
and planning for the guidelines, procedures, and process controls in
the beginning of the program in the Software Development Plan. The
major weakness was a lack of compliance and completeness in the
procedures.
The SDFs were used to maintain the updated requirements analysis,
design materials, implementation artifacts, testing results, and
lessons learned. The SDFs were to be the key documentation since the
other documentation was not updated. However, assessing the
completeness of the SDFs is extremely difficult and cannot be done
without detailed guidance from a developer.
A major defect for the maintainability, reusability, expandability,
and reliability of the VCF Delivery 1 software is the lack of a defined
and documented software architecture and software methodology. Without
the tracking of requirements to the software, the reliability and
usability of the system is questionable and the software cannot be
verified and validated. Without good software architecture, there is no
structure to build for future development or functionality.
4. CONCLUSIONS
The principal conclusion of the IV&V effort is that a lack of
effective engineering discipline has led to inadequate specification,
design, and development of VCF Delivery 1. Most of the findings
presented in Section 3 relate in some way to this conclusion. From the
documents that define the UAC system at the highest level, down through
the software design and into the source code itself, Aerospace
discovered evidence of incompleteness, lack of follow-through, failure
to optimize, and missing documentation.
The engineering practices followed on this program were not in
keeping with what Aerospace would expect in a program of this magnitude
and importance. Good engineering practice includes, of course, well-
written requirements that specify the essential functionality,
performance, and constraints of the system. It also includes
--Modeling to analyze behavior and performance, and to ensure the
correctness, completeness, consistency, and realism of the
requirements
--A correct decomposition and flow down of requirements from user
needs to system requirements to design.
These practices were found lacking or ineffective for the VCF
program. Without them there can be little assurance as to the
correctness and completeness of the requirements and design.
Secondary conclusions address two of the FBI business questions
stated in the Introduction. Business Question 2 asks, ``Did the
incumbent contractor develop a complete and correct Concept of
Operations, System Architecture, and System Requirements?'' and speaks
to the framework of the UAC system and VCF Delivery 1. Business
Question 1, on the other hand, asks, ``Did the incumbent contractor
meet the stated requirements?'' and must be considered in light of user
needs, system requirements, and software requirements. Responses to
these questions are not given in terms of a simple ``yes'' or ``no,''
but are phrased in terms of assurance of an affirmative answer.
The secondary conclusions, together with their basis in the
findings, are given below, as well as the summary assessment of the
state of the UAC and VCF Delivery 1.
4.1 Regarding the Quality of the CONOPS, Architecture, and Requirements
Findings in the areas of architecture and requirements indicate
that the concept of operations, system architecture, and system
requirements were not sufficiently mature for the purposes of
developing VCF. The SRS does not provide an adequate basis for the
developer to design the system. The SRS and the CONOPS taken together
do not provide a complete and consistent view of the system. The SADD
contains certain sound architectural concepts but fails to adequately
consider the use of alternate architectural concepts or the use of COTS
that may have better served the needs of the VCF system. Therefore,
Aerospace finds no assurance that the architecture, CONOPS, and
requirements are correct and complete, and no assurance that they can
be made so without substantial rework.
4.2 Regarding the Satisfaction of Requirements
Findings on user, system, and software requirements touch most of
the areas of interest (i.e., architecture, requirements, software
quality, security, and performance), and tend to be negative. Based on
the requirements examined, the findings indicate that a substantial
body of requirements are imprecisely written or incorrectly decomposed
into lower-level requirements, detailed designs, or test scenarios.
There are key requirements whose correctness is questionable, and there
are notable instances where the design and implementation do not match
the architecture and requirements. The extent of requirement
satisfaction could not be fully determined because only high-level test
plans, software problem reports (SPRs), and a performance test report
were available; other documents that are normally examined in
determining requirement satisfaction (e.g., requirement test plans and
procedures, and results from testing) were not available. There is no
evidence that the system will scale to the storage and throughput
capabilities under the demands of a fully loaded scenario; rather,
evidence was found to the contrary. Therefore, Aerospace finds no
assurance that requirements, at the system or software level, will be
fully satisfied, and no assurance that they can be satisfied without
substantial rework.
4.3 Overall Assessment
The UAC and VCF Delivery 1 do not adequately meet system and
software requirements. Each of the six areas examined has significant
weaknesses and few compensating strengths. For example,
--The architecture was developed without an adequate assessment of
alternatives and conformance to various architectural
standards, in a way that precluded the incorporation of
significant commercial-off-the-shelf software, and without
modeling and simulation to determine whether the architecture
would meet user needs in realistic situations.
--High-level documents were neither complete nor consistent, and did
not map to user needs.
--Requirements and design documents are incomplete and imprecise,
requirement and design tracings have gaps, and software cannot
be maintained without difficulty, and is therefore unfit for
reuse.
In short, VCF Delivery 1 is a system whose true capability is
unknown and may be unknowable, unless substantial time and resources
are applied to remediation.
5. recommendations
This section presents a framework for addressing one of the FBI
business questions set forth in the Introduction and recommendations
based on the framework. Additional recommendations beyond the scope of
the original business questions are also provided.
5.1 A Framework for Addressing FBI Business Question 3
FBI Business Question 3 asks, ``What should the FBI do with VCF
Delivery 1?'' The possible outcomes include keeping all of it, keeping
parts of it, or discarding all of it. Although this independent
assessment is primarily technical in nature, stakeholder interests that
affect the disposition of VCF Delivery 1 may be technical, budgetary,
schedule-based, or mission-oriented in nature. Only the FBI--in
consideration of the various stakeholder interests--can make the
ultimate decision on the disposition of VCF Delivery 1.
The decision to be made about VCF Delivery 1 is framed by the
conditions that must be met in each possible outcome. As understood by
Aerospace, the outcomes and conditions are as follows:
--Under what conditions should the FBI keep VCF Delivery 1?
--Only if VCF Delivery 1 satisfies all requirements or remediation
is readily achieved.
--Only if the FBI desires a custom UAC solution versus a solution
based on COTS software.
--Only if it satisfies the needs of the FBI with respect to
functionality, schedule, affordability and life-cycle
issues.
--Under what conditions should the FBI keep parts of VCF Delivery 1?
--Only if there are separable components of VCF Delivery 1 that
contain useful functionality in the future context of the
UAC.
--Only if VCF Delivery 1 meets the conditions for reusable or
maintainable software.
--Only if the FBI still desires a custom VCF solution versus a
solution based on COTS software.
--Under what conditions should the FBI discard VCF Delivery 1?
--Only if VCF Delivery 1 satisfies none of the conditions above.
5.1.1 Regarding the First Possible Outcome
Regarding the first outcome, keeping all of VCF Delivery 1,
Aerospace has no assurance that the VCF Delivery 1 requirements have
been met or that remediation may be readily achieved. In fact,
Aerospace concludes that determining which requirements are actually
met and remediating those that are not would be very costly and time-
consuming, given that there are serious concerns with every level of
the system, from the requirements and architecture, to the design and
the software.
5.1.2 Regarding the Second Possible Outcome
The second outcome, keeping parts of VCF Delivery 1, depends on
whether components of VCF Delivery 1 will be useful in some future
context. In the current context, VCF Delivery 1 is custom software
based on a centralized hardware architecture. Thus, if the future
context is a COTS-based service-oriented architecture (SOA) solution
based on a distributed hardware architecture, it is less likely that
useful components of VCF Delivery 1 will be found. On the other hand,
if the future context is another centralized hardware architecture with
custom software, it is more likely that useful components will be
found. This last instance is precisely the context in which the
incumbent contractor is developing the IOC software--and is, in fact,
reusing components of VCF Delivery 1.
Even if a future context occurs in which components of VCF Delivery
1 are deemed useful, Aerospace has concerns on the reusability and
maintainability of the software based on the documentation, design, and
coding standards. The software was not written for reuse and has
serious maintainability and extensibility problems as well.
Because the Aerospace IV&V review was based largely on
documentation and artifacts, and included no substantive direct contact
with the development contractor other than that needed to assess the
software development processes, the ability to transfer the existing
document set from the development contractor to a replacement
contractor was tested. The many documentation weaknesses that were
found indicate the existence of significant problems. It is very
unlikely that a follow-on VCF contractor could pick up where the
incumbent left off, thereby weighing against this as a possible
acquisition strategy.
5.1.3 Regarding the Third Possible Outcome
The third outcome, discarding all of VCF Delivery 1, is essentially
the default condition that will occur if none of the preceding
conditions are met. It can be reached if the VCF Delivery 1 software is
found unsuitable for reuse and beyond remediation. Alternately, it can
be reached by fiat if the FBI should decide--based on the results of
the Aerospace COTS/GOTS survey [19]--to proceed with a COTS-based
solution.
5.1.4 Recommendation
It is evident from this decision framework that the VCF Delivery 1
decision depends on more than just VCF Delivery 1 itself. It depends on
the total future context in which the VCF application will exist.
It is clear that the first outcome (keeping or remediating VCF
Delivery 1) is not feasible because of the lack of assurance that VCF
Delivery 1 fully satisfies the system and software requirements, and
because Aerospace can foresee no condition under which remediation
would be feasible. Put another way, any remediation of VCF Delivery 1
would be akin to starting over.
The second outcome (keeping parts of VCF Delivery 1) is more
feasible than the first, but is still fraught with difficulty. Because
VCF Delivery 1 documentation and source code do not meet the conditions
for reusable or maintainable software, Aerospace believes it would be
difficult for any contractor (including the incumbent) to extract much
of value from the current requirements, design and software given the
poor state of the documentation. Furthermore, Aerospace believes it
would be extremely difficult for any contractor besides the incumbent
to do so.
Additionally, using VCF Delivery 1 or a derivative thereof only
makes sense absent a preference for a COTS-based VCF solution. Given
that there are multiple COTS applications, or features within
applications, that meet the needs stated in the Federal Investigative
Case Management Request for Information (RFI) [19], the question of
reusing parts of VCF Delivery 1 rests on:
--Having functionality that is superior to the COTS options or that
is not available in COTS;
--Having functionality that is modular and has a defined interface
application programming interface (API);
--Its ability to provide a clearly defined service or set of services
in the context of an SOA. Both the RFI and current federal
information technology acquisition guidelines (Clinger-Cohen
Act [20], Federal Enterprise Architecture Guidelines [21])
stress the desirability of SOAs.
While the discussion to this point is implicitly about the best
long-term VCF solution, it is also worth considering what may be a
useful short-term solution. It may, for instance, be the case that the
work currently being performed by the incumbent contractor on an IOC
build will provide a short-term capability to satisfy mission needs in
a timely fashion until a solution can be crafted that is both more
capable and more feasible for the long term. Whether or not this is
feasible depends on the timeliness and affordability and short-term
utility of an IOC-like solution versus the timeliness of a COTS-based
solution (which is a strong contender for the preferred long-term
solution).
Thus, pending the outcome of the trade studies recommended below,
Aerospace believes that discarding VCF Delivery 1 and starting over
with a COTS-based solution is the best long-term solution. Although
Aerospace recommends that VCF Delivery 1 not be used as a software
baseline for any future VCF activities based on the deficiencies
identified herein, Aerospace recommends that the VCF Delivery 1
artifacts (both documentation and source code) and this report be made
available as Government Furnished Information \3\ (GFI) to any future
VCF vendors (as part of a ``Bidders' Library'' for instance). There are
insights to be gained from understanding how the VCF problem was
initially framed, how the architecture was conceptualized, and how the
system was designed and implemented that Aerospace believes will be of
use to future developers. Aerospace recommends, however, that these
artifacts be made available only if accompanied by this report.
Otherwise, the future vendors will be in the position of having to
repeat all the investigation and analysis performed by Aerospace in its
investigation of those artifacts.
---------------------------------------------------------------------------
\3\ Providing the documents and artifacts as Government Furnished
Equipment (GFE) is not recommended so as to avoid the government
incurring any liability for their use.
---------------------------------------------------------------------------
Based on the RFI responses, there are multiple COTS applications,
or features within applications, that meet both the SOA requirements
and the needs stated in the RFI.
5.2 Additional Recommendations
The fact that Business Question 3 was asked at all implies that the
future of VCF is being considered. The larger issue, then, beyond the
disposition of VCF Delivery 1 is the way ahead for VCF. It is in
consideration of this larger issue that the following recommendations
are offered.
The principal conclusion of this assessment relates to a lack of
engineering discipline and all its negative effects. Accordingly, this
problem must be remedied before going forward. Broadly speaking, this
will require that the FBI specify that appropriate systems engineering
and software engineering practices be defined and used, and then
provide oversight to ensure that they are followed. Allowance must be
made for a reasonable schedule. An assessment conclusion states: ``The
engineering practices followed on this program were not in keeping with
what one would expect in a program of this magnitude and importance.''
The specific recommendations offered below speak to practices that
Aerospace believes are in keeping with a program of this magnitude and
importance.
5.2.1 Concerning the VCF Architecture
Aerospace found that VCF Delivery 1 began with certain sound
architectural concepts, but failed to consider the use of alternate
architectural concepts or the use of COTS components that may have
better served the needs of the VCF system. Therefore, Aerospace
recommends that trade studies be performed across several key
dimensions, to include the following at a minimum:
--The use of COTS components for key integrated case management
functionality (not merely for infrastructure items such as
databases, operating systems, and communications protocols)
versus the use of custom application software.
--The use of an SOA versus the use of a monolithic software
application.
--The use of a distributed hardware architecture versus the use of a
centralized hardware architecture.
Additionally, Aerospace recommends an analysis of how VCF fits in
with, and is constrained by, the broader enterprise architecture.
5.2.2 Concerning the VCF Requirements
Aerospace found the VCF Delivery 1 concept of operations and the
system requirements to be insufficiently mature for the purposes of the
UAC acquisition. Therefore, Aerospace recommends that a new series of
meetings be conducted with the users and other stakeholders to elicit
needs, constraints, operational concepts, and requirements. Once a set
of abstracted needs, constraints, and broader enterprise concerns is in
place, it will be possible to perform the operational and requirements
analyses, modeling of operations and functions, and modeling of
performance necessary for the creation of a correct and complete CONOPS
and System Requirements Specification.
Aerospace found a lack of accurate and complete traceability
between the various levels of requirements, components, and tests.
Therefore, in order to provide assurance that all VCF requirements have
been met and verified, Aerospace recommends that the any future VCF
development and acquisition activities enforce strict traceability.
5.2.3 Concerning the Use of Standards
Many of the problems with the body of VCF documentation extend
beyond a simple lack of discipline and instead relate to a failure to
address certain standard concerns in system architecture, system
specification, system design, and requirements quality. The systems
engineering field is sufficiently mature that there are standards and
other references that provide descriptive outlines for key documents
and quality attributes for written requirements.
Many--though not all--of these standards originate in the defense
arena. However, they are applicable (with tailoring) to non-defense
systems such as VCF precisely because it is similar to many defense
systems in its complexity, its scope, and the criticality of its
mission. As such, the approaches used in creating other large, complex,
mission-critical systems can be applied here. The standards and other
references that Aerospace applied to the VCF assessment are given in
the bibliography contained in this document. Aerospace believes they
are as applicable to the future of VCF as they were to an assessment of
its past.
5.2.4 Concerning Processes
The success of acquisition programs, particularly large ones,
depends not only on what is done but also on how it is done. Products
result from processes--and it is precisely for this reason that
processes are important. While a good process is not sufficient to
produce an excellent product, it is necessary.
A project of the scope, complexity, and importance of VCF demands
the level of process maturity embodied in CMMI Levels 3 and 4. CMMI
Level 1 and Level 2 are too ``ad hoc'' for a program of this nature; on
the other hand, CMMI Level 5 is probably not warranted.
Aerospace recommends that a Software Development Capability
Evaluation be conducted prior to contract award to reduce acquisition
risk by objectively assessing each offeror's ability to successfully
develop the software needed by the VCF program. Aerospace recommends
that an independent government cost analysis be conducted during source
selection to objectively assess the cost realism of each offeror's
proposal.
REFERENCE
[1] U.S. Department of Defense. Operations Concept Description
(OCD), Data Item Description DI-IPSC-81430, December 5, 1994.
[2] American Institute of Aeronautics and Astronautics, Guide for
the Preparation of Operational Concept Documents, Working Draft 1.0,
ANSI/AIAA G-043-200x. Washington, D.C.: American Institute of
Aeronautics and Astronautics.
[3] U.S. Department of Defense. System/Subsystem Design Description
(SSDD), Data Item Description DI-IPSC-81432, December 5, 1994.
[4] Institute of Electrical and Electronics Engineers. IEEE
Recommended Practice for Architectural Description of Software-
Intensive Systems, IEEE STD 1471-2000. New York: Institute of
Electrical and Electronics Engineers, 2000.
[5] U.S. Department of Defense. Software Development and
Documentation, MIL-STD-498, December 5, 1994.
[6] U.S. Department of Defense. System/Subsystem Specification
(SSS), Data Item Description (DID) DI-IPSC-81431, December 5, 1994.
[7] International Council on Systems Engineering. International
Council on Systems Engineering (INCOSE) Systems Engineering Handbook,
Version 2.0, July 2000.
[8] Buede, Dennis M. The Engineering Design of Systems. New York:
Wiley, 2000.
[9] Bergey, J. et al. Software Architecture Evaluation with
ATAMSM in the DOD System Acquisition Context. Carnegie
Mellon University/Software Engineering Institute Technical Note CMU/
SEI-99-TN012, ADA377450. Pittsburgh: Carnegie Mellon University/
Software Engineering Institute, 1999.
[10] Institute of Electrical and Electronics Engineers. IEEE
Recommended Practice for Software Requirements Specification, IEEE STD
830-1998. New York: Institute of Electrical and Electronics Engineers,
1998.
[11] Webster's Ninth New Collegiate Dictionary. Springfield,
Massachusetts: Merriam-Webster, Inc., 1988.
[12] U.S. Department of Defense, DOD Information Technology System
Certification and Accreditation Process, DOD Instruction 5200.40,
December 30, 1997.
[13] U.S. Department of Defense, Department of Defense Information
Technology System Certification and Accreditation Process (DITSCAP):
Application Manual, DOD 8510.1-M, July 31, 2000.
[14] National Security Telecommunications and Information Systems
Security Committee. National Information Assurance Certification and
Accreditation Process (NIACAP), National Security Telecommunications
and Information Systems Security Instruction (NTISSI) No. 1000, April
2000.
[15] U.S. Department of the Air Force, Air Force Material Command.
Software Development Capability Evaluation, AFMC Pamphlet 63-103, vols.
1 and 2, June 15, 1994.
[16] Friedman, George, and Andrew P. Sage. ``Case Studies of
Systems Engineering and Management in Systems Acquisition,'' Systems
Engineering, volume 7, no. 1, 2004, p. 90.
[17] Green, Connie. Oracle9i Database Performance Tuning Guide and
Reference, Release 2 (9.2). Oracle Corporation (Redwood Shores, CA
94065), 2002.
[18] Holdworth, Andrew. Oracle 9i Database Performance Planning,
Release 2 (9.2). Oracle Corporation (Redwood Shores, CA 94065), 2002.
[19] Kreitman, Kevin B. COTS/GOTS Trade Study Report, Aerospace
Technical Report Number ATR-2005(5154)-3. The Aerospace Corporation (El
Segundo, CA 90245), 17 December 2004.
[20] Clinger-Cohen Act of 1996 (divisions D and E of U.S. Public
Law 104-106).
[21] Federal Enterprise Architecture Program Management Office. The
Technical Reference Model Version 1.1: A Foundation for Government-wide
Improvement, August 2003.
______
Prepared Statement of Glenn A. Fine, Inspector General, Department of
Justice
INTRODUCTION
Mr. Chairman, Senator Leahy, and Members of the Subcommittee on
Commerce, Justice, State and the Judiciary:
I appreciate the opportunity to testify before the Subcommittee as
it examines the Federal Bureau of Investigation's (FBI) Trilogy
information technology (IT) modernization project. The Trilogy project
was designed to upgrade the FBI's IT infrastructure and replace its
antiquated case management system with the Virtual Case File (VCF).
Successful implementation of the Trilogy project is essential to
modernizing the FBI's inadequate information technology systems. The
FBI's systems currently do not permit FBI agents, analysts, and
managers to readily access and share case-related information
throughout the FBI. Without this capability, the FBI cannot perform its
critical missions as efficiently and effectively as it should.
In March 2004, this Subcommittee held a hearing on the status of
the Trilogy project, and I testified about the schedule delays and cost
increases of the Trilogy project. At that time, I stated that I was
skeptical about the FBI's proposed schedule to deploy a fully
functional, complete version of the VCF before the end of calendar year
2004. Shortly before the hearing, the Office of the Inspector General
(OIG) initiated a follow-up audit to assess the FBI's management of the
Trilogy project.
Today the OIG released the results of this follow-up audit. Our
audit found that the FBI successfully has completed the Trilogy IT
infrastructure upgrades--albeit with delays and significant cost
increases. However, the FBI has failed to complete and deploy the VCF,
the critical component of Trilogy that was intended to provide the FBI
with an effective case management system. The VCF still is not
operational after more than 3 years of development and the allocation
of $170 million. We found that the VCF either will require substantial
additional work or need to be scrapped and replaced by a new system.
Moreover, the FBI has not yet provided a realistic timetable or cost
estimate for implementing a workable VCF or a successor system.
Our audit also examined the causes for the delays and cost
increases in the Trilogy project. Among the problems were poorly
defined and slowly evolving design requirements for Trilogy, weak IT
investment management practices at the FBI, weaknesses in the way
contractors were retained and overseen, the lack of management
continuity at the FBI on the Trilogy project, unrealistic scheduling of
tasks on Trilogy, and inadequate resolution of issues that warned of
problems in Trilogy's development.
In this statement, I describe the OIG's examination of the Trilogy
project. The statement is organized into five parts. First, I provide a
brief description of prior OIG assessments and testimony about the
FBI's IT systems in general and Trilogy in particular. Second, I
provide background information on the Trilogy project. Third, I discuss
the results of the OIG's recently completed audit regarding Trilogy's
cost increases and schedule delays. Fourth, I discuss the OIG's
assessment of the causes for the problems in Trilogy's development and
implementation. And fifth, as requested by the Subcommittee, I conclude
my statement by briefly highlighting several ongoing and recently
completed OIG reviews that examine a variety of other issues in the
FBI.
PRIOR OIG REVIEWS OF FBI INFORMATION TECHNOLOGY
In a series of reviews over the past several years, the OIG has
identified problems in the FBI's IT systems, including outdated
infrastructures, fragmented management, ineffective systems, and
inadequate training.
For example, a July 1999 OIG review examined the actions of the
Campaign Finance Task Force that investigated allegations of improper
fundraising practices during the 1996 Presidential campaign. The Task
Force relied on the FBI's antiquated case management system, the
Automated Case Support (ACS) system, and other FBI databases to obtain
information on the individuals and organizations that had become
subjects of the investigation. In this review, the OIG noted that
deficiencies in the ACS system and the way search results were handled
within the FBI resulted in incomplete data being provided to the Task
Force.
Another OIG review issued in March 2002 examined how the FBI had
failed to turn over to defense attorneys hundreds of FBI documents that
should have been disclosed prior to the trials of Timothy McVeigh and
Terry Nichols. The OIG again concluded that the FBI's computer systems
were antiquated, inefficient, and badly in need of improvement. We
found that the ACS could not handle or retrieve documents in a useful,
comprehensive, or efficient way, and it did not provide FBI employees
with the type of support they need and deserve.
An OIG audit issued in December 2002 examined the FBI's IT
investment management practices. This audit concluded that that the FBI
had not effectively managed its IT investments because it had failed
to: (1) effectively track and oversee the costs and schedules of IT
projects; (2) properly establish and effectively use IT investment
boards to review projects; (3) inventory the existing IT systems and
projects; (4) identify the business needs for each IT project; and (5)
use defined processes to select new IT projects. We concluded that the
FBI continued to spend hundreds of millions of dollars on IT projects
without adequate assurance that the projects would meet their intended
goals. Our audit made eight recommendations with respect to Trilogy,
including urging the FBI to establish schedule, cost, technical, and
performance baselines and track significant deviations from these
baselines.
In a September 2003 audit, the OIG examined the FBI's
implementation of the OIG's prior IT-related recommendations. While we
found that the FBI had made substantial progress by implementing 93 of
148 total recommendations, we concluded that full implementation of the
remaining recommendations was needed to ensure that the FBI's IT
program effectively supported the FBI's mission.
As noted above, in March 2004 this Subcommittee held a hearing to
examine Information Technology in the FBI, at which the FBI Director
testified about the status of the FBI's Trilogy project. At that
hearing, the FBI stated that it planned to have ``a network with Full
Site Capability by late spring'' and that it was ``closing in on the
goal of completion'' of the Trilogy project.
The OIG initiated our follow-up audit to assess the FBI's
management of the Trilogy project. In December 2004, the OIG completed
a draft of this audit report and concluded that the VCF was not
operational after more than 3 years of development and the obligation
of $170 million, and the FBI did not know when the VCF or a replacement
system would be implemented.
Pursuant to our standard practice, in late December 2004 the OIG
provided the draft audit report to the FBI for its response. In early
January 2005, the FBI publicly acknowledged problems and delays in the
development of the VCF. In a written response to our audit report dated
January 26, 2005, the FBI acknowledged that the VCF had not met its
goals with respect to development of an automated case management
system. Nevertheless, the FBI stated that the ``VCF project remains the
highest IT priority for the FBI.''
After receiving the FBI's comments, the OIG completed this audit
report and released it today.
I will now provide background on the Trilogy project and the VCF
before summarizing the main findings of our audit.
BACKGROUND ON TRILOGY
Trilogy is the largest of the FBI's IT projects. As originally
designed, the Trilogy project had three main components: (1) the
Information Presentation Component (IPC)--which was intended to upgrade
the FBI's hardware and software; (2) Transportation Network Component
(TNC)--which was intended to upgrade the FBI's communication networks;
and (3) User Applications Component (UAC)--which was intended to
replace the FBI's most important investigative applications, including
the ACS, the FBI's antiquated case management system. Among its major
shortcomings, the ACS does not permit FBI agents, analysts, and
managers to readily access and share case-related information
throughout the FBI. Without this capability, the FBI cannot efficiently
bring together all of the investigative information in the FBI's
possession to solve crimes or help prevent future terrorist attacks.
The first two components of Trilogy provide the infrastructure
needed to run the FBI's various user applications, while the UAC was
intended to upgrade and consolidate the FBI's investigative
applications. After the September 11 attacks, the FBI decided to
replace the ACS with an entirely new case management system, the VCF.
It is important to note that Trilogy was not intended to replace
all 42 of the FBI's investigative applications or the FBI's
approximately 160 other non-investigative applications. Rather, Trilogy
was intended to lay the foundation so that future enhancements would
allow the FBI to achieve a state-of-the-art IT system that integrates
all of the agency's investigative and non-investigative applications.
Our audit found that in late April 2004, the FBI completed the
first two components of the Trilogy project. The FBI deployed new
hardware and software, including 22,251 computer workstations, 3,408
printers, 1,463 scanners, and 475 servers, and it installed new
communications networks.
However, as I describe in the next section of this statement, this
deployment was not done as quickly as the FBI hoped or expected.
Despite the fact that after the September 11 attacks Congress
appropriated the FBI an additional $78 million to accelerate deployment
of Trilogy's infrastructure components, the FBI completed the two
infrastructure components by late April 2004, just before the FBI's
original target date of May 2004. Consequently, the FBI missed by some
22 months the completion date for the two infrastructure components
under the accelerated schedule funded by Congress. In addition, the
total costs for the infrastructure components of Trilogy increased from
$238.6 million to $377 million over the course of the project.
And while the infrastructure components are now in place to support
improved investigative applications, the FBI still is far from
implementing the third component of Trilogy, the VCF.
RESULTS OF OIG AUDIT OF TRILOGY PROJECT
Trilogy Costs
Trilogy originally was planned in 2000 as a 3-year, $380 million
project. Over its life, Trilogy has become a $581 million project that
has suffered a continuing series of missed completion estimates and
associated cost growth.
Initially, in November 2000, Congress appropriated $100.7 million
for the first year of the project. In May 2001, the FBI hired DynCorp
(which later merged into Computer Sciences Corporation (CSC)) as the
contractor for the IPC/TNC infrastructure components of Trilogy. At
that time, the scheduled completion date for the Trilogy infrastructure
was May 2004. In June 2001, the FBI hired Science Applications
International Corporation (SAIC) to develop the user applications
component of Trilogy (which became the VCF), with a scheduled
completion date of June 2004.
In early 2002, the FBI informed Congress in its Quarterly
Congressional Status Report that with an additional $70 million in
fiscal year 2002 funding, the FBI could accelerate the deployment of
Trilogy. Congress supplemented the Trilogy budget with $78 million from
the Emergency Supplemental Appropriations Act of January 2002, thereby
raising projected costs to $458 million.
In December 2002, the FBI estimated it needed $137.9 million more
to complete Trilogy, in addition to the $78 million it had received to
accelerate completion of the project. Congress approved a $110.9
million reprogramming of funds that took into account the estimates to
complete the IPC/TNC portions of Trilogy, as well as an estimate of the
costs to complete the UAC portion. The $110.9 million reprogramming
increased the FBI's total available funding for the project to $568.7
million. In addition, $4.3 million for operations and maintenance and
$8 million for computer specialist contractor support were added in
fiscal year 2003, for a total of $581.1 million--$201 million more than
originally estimated.
The following table describes the cost of Trilogy under the
original plan and under the current plan:
[In millions of dollars]
------------------------------------------------------------------------
Component Area Original Plan Current Plan
------------------------------------------------------------------------
TNC/IPC................................. 238.6 337.0
UAC..................................... 119.2 170.0
Contractor Computer Specialists......... n/a 8.0
Integrator.............................. n/a 5.5
Project Management...................... 22.0 32.5
Management Reserve...................... n/a 28.1
-------------------------------
Total............................. 379.8 581.1
------------------------------------------------------------------------
Schedule for Trilogy Infrastructure Components
Despite the increased money provided for Trilogy, its
implementation has been delayed significantly. Part of the problem we
found was that a stable schedule for Trilogy never was firmly
established for much of the project's history. Beginning in 2002 the
FBI's estimated dates for completing the Trilogy project components
began to swing back and forth and were revised repeatedly.
The original completion date for deploying the Trilogy
infrastructure (the first two components of Trilogy) was May 2004.
After the September 11 attacks, the FBI recognized the urgency of
completing the project and moved up the completion date for deploying
the Trilogy infrastructure to June 2003. Later, the FBI said the
infrastructure would be completed by December 31, 2002. Still later,
the FBI informed Congress that with an additional $70 million it could
accelerate deployment of Trilogy and complete the two infrastructure
components by July 2002 and also deploy the most critical analytical
tools in the user applications component.
Yet, the timetable for completing the infrastructure components
slipped from July 2002 to October 2002 and then to March 2003. On March
28, 2003, CSC completed a communications network, the Wide Area
Network, for Trilogy. The FBI reported that the Wide Area Network, with
increased bandwidth and three layers of security, had been deployed to
622 sites. In April 2003, the FBI also reported to Congress that more
than 21,000 new desktop computers and nearly 5,000 printers and
scanners had been deployed.
In April 2003, the FBI and CSC agreed to a statement of work for
the remaining infrastructure components of Trilogy, including servers,
upgraded software, e-mail capability, and other computer hardware, with
a completion date of October 31, 2003. In August 2003, CSC informed the
FBI that the October 2003 completion date would slip another two months
to December 2003. In October 2003, CSC and the FBI agreed that the
December 2003 date again would slip. In November 2003, the General
Services Administration (whose Federal Systems Integration and
Management Center, known as FEDSIM, had awarded contracts for Trilogy
on behalf of the FBI) formally announced that CSC had failed to meet
the deadline for completing work on infrastructure portions of Trilogy
that were required to support the VCF user application under
development.
On December 4, 2003, CSC signed a commitment letter agreeing to
complete the infrastructure components of the Trilogy project by April
30, 2004, for an additional $22.9 million, including an award fee of
over $4 million. An award fee is used when the government wants to
motivate a contractor with financial incentives. The FBI covered these
additional costs by reprogramming funds from other FBI appropriations.
In January 2004, the FBI converted the agreement with CSC to a revised
statement of work providing for loss of the award fee if the April 30,
2004, deadline was not met. In addition, the revised statement of work
provided for cost sharing at a rate of 50 percent for any work
remaining after the April 30 deadline.
CSC met the revised deadline of April 30, 2004, for completing the
two infrastructure components of Trilogy. As a result, the FBI met the
original target set in 2001 for the infrastructure components of
Trilogy, but missed the accelerated schedule funded by additional money
from Congress by some 22 months.
Schedule for the Virtual Case File
In June 2002, the FBI decided to deploy the VCF user application
component of Trilogy in two phases under an accelerated plan: delivery
one in December 2003 and delivery two in June 2004. A third delivery
eventually was added, also for June 2004. Delivery one was supposed to
consist of the initial version of the VCF, which was intended to be a
completely new case management system with data migrated from the ACS.
The VCF also was intended to serve as the backbone of the FBI's
information management systems, replacing paper files with electronic
case files. Deliveries two and three under the contract were supposed
to consist of enhancements and additional operational capabilities to
the VCF.
SAIC provided the first version of the VCF to the FBI in December
2003, in accordance with the accelerated schedule. However, the FBI did
not accept that version because the FBI said it was not a functional
system and did not meet the FBI's requirements. Deliveries two and
three never occurred because of the difficulties experienced in
completing the initial version of the VCF. The FBI informed the OIG
that these deliveries are not being pursued now given the problems in
the first delivery and the FBI's plans to seek a common interagency
platform for a case management system (the Federal Investigative Case
Management System or FICMS, which is discussed below).
In fact, the FBI has abandoned the intended three VCF deliveries
and instead announced a new two-track approach for continuing
development of the VCF. Track one, which the FBI refers to as the
``Initial Operational Capability,'' includes a 6-week test of an
electronic workflow process scheduled to be completed by March 2005.
During this test, the FBI's New Orleans field office and a smaller
resident agency office will enter investigative lead and case data into
a prototype VCF file system, and this information will be approved
electronically and uploaded into the ACS. The FBI intends to obtain
user comments on, and assess the performance of, this new workflow
system being tested in track one.
However, it is important to make clear that the version of the VCF
being tested in track one will not provide the FBI with the case
management applications as envisioned throughout the Trilogy project
because it represents just one developmental step in the creation of a
fully functional investigative case management system. It does not
offer full case management capabilities. Rather, it is designed to
demonstrate that documents can be approved electronically and uploaded
into the existing, obsolete ACS.
The second track, called Full Operational Capability, is intended
to reevaluate and update requirements for the next phase of developing
a functional case management system to replace ACS. In track two, the
FBI plans to identify user activities and processes for creating and
approving documents and managing investigative leads, evidence, and
cases. As a result of the information gleaned during track two, the FBI
is updating and confirming the case management requirements and
evaluating whether currently available software can be adapted for a
case management system rather than creating a completely new system.
In commenting on the findings in our audit report about the delays
in the VCF, the FBI stated that ``In many ways, the pace of
technological innovation has overtaken our original vision for VCF, and
there are now products to suit our purposes that did not exist when
Trilogy began.'' This suggests that the current VCF effort may be
obsolete and that the FBI may implement an entirely new system to
replace it.
Moreover, our audit found that the FBI still does not have a clear
timetable or prospect for completing the project. The VCF case
management application was intended to replace the ACS and be the sole
system within the FBI that would contain all investigative lead and
case file information in a paperless system. Due to the failure to
complete the VCF, the FBI continues to lack a modern case management
system containing complete and accessible investigative lead and case
information. While the FBI cites in its response to our report advances
in other FBI IT systems, such as its newly created Investigative Data
Warehouse, the VCF case management system would have many features that
a Data Warehouse does not. The VCF was intended to be the backbone of
the FBI's information systems, replacing the FBI's paper case files
with electronic files. Case data in the VCF could be approved
electronically, and the electronic files would be available throughout
the FBI immediately as entered. Various lead and case information
easily could be associated for analysis. The Investigative Data
Warehouse, while perhaps a useful tool, does not manage case workflow,
does not provide immediate access to case information, and does not
substitute for an effective case management system. Consequently, the
FBI continues to lack critical tools necessary to maximize the
performance of both its criminal investigative and national security
missions.
Federal Investigative Case Management System
As a parallel effort to the VCF, the FBI recently has stated that
it is pursuing an effort to develop the Federal Investigative Case
Management System (FICMS). FBI officials have variously described this
effort to the OIG during the course of our audit as a continuation of
the VCF, a new investigative case management system to replace the
failed VCF, or a ``framework'' for the future development of an
investigative case management system platform.
In its January 26, 2005, formal response to the OIG audit report,
however, the FBI stated that the VCF and the FICMS are ``two separate,
but related projects that will move forward simultaneously. The VCF
project remains the highest IT priority for the FBI, and we are
developing an implementation plan that will result in deployment of a
fully functional investigative case and records management system.''
The FBI also stated in its response that it is continuing to pursue
the VCF through development of an implementation plan. The FBI hired
the Aerospace Corporation to evaluate currently available software
products to determine if they meet the FBI's requirements for a case
management system. The FBI also asked Aerospace to evaluate the
adequacy of the VCF as delivered by SAIC to determine what might be
salvaged from that effort.
Yet, the timetable for the FICMS and the VCF still does not appear
to be rapid or clear. In conjunction with the OIG's audit, the FBI told
the OIG that it hopes to award a contract for FICMS by April 30, 2005.
But the FBI has not provided its estimated costs, a revised schedule
for completing the VCF, or a schedule for developing a new case
management system to replace the VCF through the FICMS effort.
CAUSES OF TRILOGY'S PROBLEMS
We believe the responsibility for ensuring the success of the
Trilogy project is shared by several parties: the FBI; the Department
of Justice; FEDSIM--the component of GSA that awarded Trilogy contracts
on behalf of the FBI; and the two contractors--CSC for the two
infrastructure components, and SAIC for the user applications component
that became the VCF. These entities, to varying degrees, did not
appropriately contract for, manage, monitor, or implement the Trilogy
project.
In our view, the main responsibility for the problems with Trilogy
rests with the FBI. The FBI acted on a legitimate and urgent need to
upgrade its IT infrastructure and replace the antiquated ACS. However,
in the FBI's desire to move quickly on the Trilogy project, it engaged
FEDSIM to handle the contracting for this very large and complex
project without providing or insisting upon: defined requirements,
specific milestones, critical decision review points, and penalties for
poor contractor performance.
The resulting cost-plus-award-fee contract yielded control to the
contactors for developing Trilogy's technical requirements, while
leaving the FBI little leverage to direct the project. In essence, the
contract terms required paying the contractors regardless of whether
they met schedules or were even technically capable of completing such
a challenging project.
In addition, the FBI failed to adequately develop and articulate
the design requirements at the outset of the project, and consequently
the requirements repeatedly changed as the project progressed, with too
much contractor control and too little input from FBI management.
In its response to the audit report, the FBI alluded to its lack of
control over requirements as a reason for the current VCF problem by
stating that ``[T]he VCF project suffered in part from runaway scope.''
The FBI response also stated that to guard against runway scope in the
future, ``the IT system will be designed, developed, and deployed
incrementally against specified and planned parameters.''
In addition to the poor choice of contracting method and sketchy
requirements, neither the FBI, the Department, nor FEDSIM ensured that
adequate schedule, cost, technical, and performance baselines were
established to allow the project to be adequately monitored and to
identify and rectify schedule slippages or technical problems. Since
none of the responsible parties ensured that realistic milestones were
established to complete various segments of the project, it was
difficult to ensure that the contractors successfully met overall
schedule, cost, technical, or performance targets for the project.
In addition, the Department expected the FBI to assume the role of
project integrator to ensure all three Trilogy components meshed
properly and were on track, even though the FBI lacked this capability
or experience. The FBI's ability to manage the Trilogy project, even
with the help of contractor personnel, was crippled further by a
revolving door of Chief Information Officers (CIOs) and Trilogy project
management personnel at the FBI.
A variety of audits by the OIG and the Government Accountability
Office, as well as internal FBI reviews, had identified deficiencies in
the FBI's management of IT projects, including Trilogy. However, the
FBI's corrective action was slow. Only recently has the FBI made
substantial progress in its IT investment management processes.
More specifically, in our audit report the OIG detailed the
following eight causes for the FBI's problems with the Trilogy project:
--Poorly defined and slowly evolving design requirements.--One of the
most significant problems with managing the schedule, cost,
technical, and performance aspects of the Trilogy project was
the lack of a firm understanding of the design requirements by
both the FBI and the contractors. Trilogy's design requirements
were ill-defined and still evolving as the project progressed.
During the initial years of the project, the FBI had no firm
design baseline or roadmap for Trilogy. According to one FBI
Trilogy project manager, Trilogy's scope grew by about 80
percent since the initiation of the project. Such large changes
in the requirements meant that the specific detailed guidance
for the project was not established, and as a result a final
schedule and cost were not established. In addition, after the
September 11 attacks, the FBI recognized that the initial
concept of simply modifying the old ACS would not serve the FBI
well over the long run. The FBI then created plans for the VCF.
Additionally, a need for broadened security requirements due to
vulnerabilities identified in the Hanssen espionage case
affected Trilogy's development. According to one project
manager, this recognition of the need to upgrade security
caused more problems and delays for the full implementation of
the infrastructure component.
--Contracting weaknesses.--The FBI's current and former CIOs told the
OIG that a primary reason for the schedule and cost problems
associated Trilogy was weak statements of work in the
contracts. According to FBI IT and contract managers, the cost-
plus-award-fee type of contract used for Trilogy did not
require specific completion milestones, did not include
critical decision review points, and did not provide for
penalties if the milestones were not met.
--IT investment management weaknesses.--As described in the OIG's
December 2002 audit report, The Federal Bureau of
Investigation's Management of Information Technology
Investments, at Trilogy's inception and over much of its life,
the FBI's IT Investment Management process was not well-
developed. Although our recent audit found that while the FBI
had started centralizing its project management structure,
appropriate project management was not consistently followed by
Trilogy's IT project managers. In essence, the FBI took risks
to expedite Trilogy's implementation, and that approach failed
because the management practices to oversee Trilogy simply were
not in place.
--Lack of an Enterprise Architecture.--An Enterprise Architecture
provides an organization with a blueprint to more effectively
manage its current and future IT infrastructure and
applications. The development, maintenance, and implementation
of Enterprise Architectures are recognized hallmarks of
successful public and private organizations. While the FBI has
agreed to develop a comprehensive Enterprise Architecture, this
recommendation has not yet been fully implemented. The FBI has
contracted for an Enterprise Architecture to be completed by
September 2005. Without a complete Enterprise Architecture, the
FBI needed to conduct reverse engineering to identify existing
IT capabilities before developing the infrastructure and user
applications requirements for the Trilogy project.
--Lack of management continuity and oversight.--Turnover in key
positions hurt the FBI's ability to manage and oversee the
Trilogy project. Since November 2001, 15 different key IT
managers have been involved with the Trilogy project, including
5 CIOs or Acting CIOs and 10 individuals serving as project
managers for various aspects of Trilogy. This lack of
continuity among IT managers contributed to the lack of
effective and timely implementation of the Trilogy project.
According to contractor personnel who are advising the FBI on
Trilogy, the FBI suffered from a lack of engineering expertise,
process weaknesses, and decision making by committees instead
of knowledgeable individuals.
--Unrealistic scheduling of tasks.--Along with the lack of firm
milestones in the Trilogy contracts, the scheduled completion
dates for individual project components were unrealistic. The
unrealistic scheduling of project tasks led to a series of
raised expectations followed by frustrations when the
completion estimates were missed. According to an FBI official
who monitored the development of the Trilogy infrastructure,
Computer Sciences Corporation had problems producing an
appropriate work schedule given the resources provided for the
project. Until the FBI became more active in examining the
scheduling of the project, the FBI accepted the project's
schedules as presented by the contractor. This acceptance began
to shift when the FBI's scheduler worked with the contractor in
early 2003 to establish a realistic work schedule for
completing the infrastructure components.
--Lack of adequate project integration.--Despite the use of two
contractors to provide the three major Trilogy project
components, the FBI did not retain a professional project
integrator to manage contractor interfaces and take
responsibility for the overall integrity of the final product
until the end of 2003. According to FBI IT managers, FBI
officials performed the project integrator function even though
they had no experience performing such a role. Although FBI and
Department officials stated that the Department required the
FBI to perform project integration duties without contractor
support, the expertise to adequately perform this function did
not exist within the FBI.
--Inadequate resolution of issues raised in reports on Trilogy.--
Within a matter of months after initiation of the Trilogy
project, the FBI recognized significant issues that needed
resolution. Internal reports issued by the FBI's Inspection
Division, Criminal Justice Information Services Division, and
consultants identified a lack of a single project manager,
undocumented requirements, and a baseline that was not frozen.
Based on internal reports, the FBI was aware of the risks that
it faced during the development of the Trilogy project. While
FBI management eventually hired a project manager to oversee
the project--a recommendation made in all of the reports--the
process of defining requirements and baselines for the VCF
still continues, more than three years after these internal
reports were issued. Because the FBI did not act timely to
resolve the findings of these reports, many problems involving
project management weaknesses, poorly-defined requirements, and
lack of firm targets unnecessarily continued throughout much of
the Trilogy project's history.
I believe it is important to note that, despite the troubled
history of the Trilogy project, the FBI recently has made some
improvements in its management of information technology. One major
improvement in the FBI's IT management was the appointment of a new CIO
in May 2004 and the consolidation of the FBI's previously fragmented
management of IT resources and responsibilities under the Office of the
CIO. A significant problem in the FBI's management of IT investments
was that all of the FBI divisions with IT investments were not under a
single authority and, as a result, had a variety of processes and
procedures for developing new systems. Under the reorganization, the
CIO is responsible for all of the FBI's IT assets, projects, plans,
processes, and budgets.
In December 2004, the Office of the CIO completed an initial
version of an IT Strategic Plan, which describes how IT will support
the FBI's Strategic Plan and mission goals for the next five years. All
IT projects now are required to be consistent with the FBI's Strategic
Plan.
The Office of the CIO also has developed an FBI-wide Life Cycle
Management Directive to guide FBI personnel on the technical management
and engineering practices used to plan, acquire, operate, maintain, and
replace IT systems and services. The directive provides detailed
guidance to FBI Program and Project Managers and, if fully and
effectively implemented, will help prevent the delays and problems that
occurred during the Trilogy project.
As noted above, the FBI also is in the process of creating an
Enterprise Architecture by September 2005. The Enterprise Architecture
will provide a blueprint to aid the FBI in coordinating and managing
its current and future IT infrastructure and systems. The FBI also is
working on an IT Portfolio Management Program to list and technically
document all of its IT systems. The FBI anticipates that
recommendations stemming from its completed IT portfolio will be
included in the development of its fiscal year 2007 IT budget.
In commenting on the OIG's Trilogy audit report, the FBI cited a
number of other improvements it has begun to make, such as an IT
metrics program to identify and measure IT performance, an initiative
to standardize and automate IT procurement actions, a Program
Management Professional certification training program, a Master IT
Policy List to coordinate and control IT policies, standardized
technology assessments, and an Information Assurance Program. Further,
the FBI told us that VCF track one, or Initial Operating Capability,
used the FBI's new IT management approach, including identifying
project objectives, requirements, and constraints before proceeding to
control gates designed to keep the project on track and to regulate the
release of funds. Also, the FBI said it developed a cost-sharing
arrangement as part of the renegotiated UAC contract. These initiatives
were beyond the scope of our audit, and we could not examine the FBI's
claims on these systems. However, they appear to represent progress in
the FBI's IT system. But none of them diminish the urgent need for the
FBI to fully implement a fully functioning case management system like
the VCF to create, organize, share, and analyze case information.
OIG CONCLUSIONS REGARDING TRILOGY PROJECT
In sum, the FBI has made progress with its management of IT and its
implementation of the first two phases of Trilogy. Trilogy's
infrastructure improvements have been completed, including the delivery
of thousands of modern computer workstations and other hardware
throughout the FBI. Although the Trilogy infrastructure improvements
were characterized by delays and increased costs, the infrastructure
now is in place to support improved user applications, including the
VCF or its successor case management system, which the FBI recognizes
as its top IT priority.
Yet, the VCF effort is incomplete, and the prospects for timely
completion remain unclear. After more than 3 years, multiple missed
deadlines, and a price tag of $170 million, the FBI still does not have
an investigative case management system to replace the antiquated ACS
system. Further, we are not confident that the FBI has a firm sense of
how much longer and how much more it will cost to develop and deploy a
usable system, whether the FBI continues to pursue the VCF system or
decides to implement a new case management system.
Finally, we disagree with the FBI's assertion in its response to
our draft report that the delays in deploying the VCF and the lack of
an adequate case management system do not have national security
implications. To the contrary, we believe there is a critical need to
replace the ACS to enable FBI agents and analysts to effectively
perform the FBI's mission. The archaic ACS system--which some agents
have avoided using--is cumbersome, inefficient, and limited in its
capabilities, and does not manage, link, research, analyze, and share
information as effectively or timely as needed. While the FBI has made
strides in other IT areas--including installing a number of systems to
share intelligence information and upload numerous documents into a
data warehouse--the continued delays in developing the VCF affects the
FBI's ability to carry out its critical missions.
ADDITIONAL OIG REVIEWS IN THE FBI
To conclude this statement, in response to a request from the
Subcommittee, I summarize briefly the OIG's ongoing reviews of other
priority issues in the FBI. The following are examples of ongoing and
recently completed OIG reviews that may be of interest to the
Subcommittee.
Ongoing OIG Reviews in the FBI
Terrorist Screening Center.--The OIG is examining the operations of
the Terrorist Screening Center to determine how it has managed
terrorist-related information to ensure that complete, accurate, and
current watch lists are developed and maintained.
Implementation of the Attorney General's Guidelines.--The OIG is
reviewing the FBI's compliance with the revised Attorney General
Guidelines that govern the use of confidential informants; undercover
operations; investigations of general crimes, racketeering enterprises,
and terrorism enterprises; and warrantless monitoring of verbal
communications.
Intelligence Analysts.--The OIG is reviewing the FBI's recruitment,
selection, training, and staffing of intelligence analysts.
FBI's Handling of the Brandon Mayfield Matter.--The OIG is
reviewing the FBI's conduct in connection with the erroneous
identification of a fingerprint found on evidence from the March 2004
Madrid train bombing as belonging to Brandon Mayfield, an attorney in
Portland, Oregon.
Alleged Mistreatment of Detainees at Military Detention
Facilities.--The OIG is examining any involvement of FBI employees in
either observing or participating in the alleged abuse of detainees at
the military's Guantanamo Bay and Abu Ghraib facilities. In addition,
the OIG is reviewing when FBI employees reported the allegations of
abuse and how FBI managers handled the employees' reports.
The FBI's Chinese Counterintelligence Program.--At the request of
the FBI Director, the OIG is examining the FBI's performance in
connection with the handling of Katrina Leung, an asset in the FBI's
Chinese counterintelligence program.
The Department's Counterterrorism Task Forces.--The OIG is
evaluating the Department's counterterrorism task forces to: (1)
determine if they are achieving their stated purposes; (2) evaluate
gaps, duplication, and overlap in terrorism coverage; and (3) identify
how the performance of each task force is measured.
Implementation of the Communications Assistance for Law Enforcement
Act (CALEA).--The OIG is conducting a follow-up audit of the
implementation of CALEA, which allows reimbursement to communications
carriers for modifications of equipment to allow the capability for
lawful electronic surveillance. The FBI has expended more than $500
million under CALEA. The OIG's objectives are to review the progress
and impediments to the FBI's implementation of CALEA; review CALEA's
costs; and determine how the implementation of CALEA has impacted
federal, state, and local law enforcement in their ability to conduct
electronic surveillance.
FBI's Reprioritization Efforts.--The OIG is reviewing how the FBI's
operational changes resulting from its reorganization and change in
priorities after the September 11 attacks have affected other law
enforcement agencies.
Recently Completed OIG Reviews in the FBI
The following are some examples of recently completed OIG reviews
related to FBI operations:
--Follow-up Review of the Status of IDENT/IAFIS Integration (December
2004).--This OIG review examined ongoing efforts to integrate
the federal government's law enforcement and immigration
agencies' automated fingerprint identification databases. Fully
integrating the automated fingerprint systems operated by the
FBI and the DHS, known as IAFIS and IDENT respectively, would
allow law enforcement and immigration officers to more easily
identify known criminals and known or suspected terrorists
trying to enter the United States, as well as identify those
already in the United States that they encounter. This latest
OIG report is the fourth in four years that monitors the
progress of efforts to integrate IAFIS and IDENT.
This OIG report found that while deployment of new IDENT/IAFIS
workstations to Border Patrol offices and ports of entry
represents a significant accomplishment, full integration of
IDENT and IAFIS has yet to be realized. Federal, state, and
local law enforcement authorities still do not have complete
access to information in the IDENT database. Without such
access, the FBI and DHS fingerprint systems are not fully
interoperable, and it is more difficult for federal, state, and
local law enforcement agencies to identify illegal aliens they
encounter.
This OIG report found that the congressional directive to fully
integrate the federal government's various fingerprint
identification systems has not been accomplished because of
high-level policy disagreements among the Departments of
Justice, Homeland Security, and State regarding such
integration. In addition, the Department and the DHS still have
not entered into a memorandum of understanding (MOU) to guide
the integration of IAFIS and IDENT. This MOU has not been
completed because of fundamental disagreements between the
Department and the DHS over the attributes of an interoperable
fingerprint system and the number of fingerprints to be taken
from individuals by each agency.
--Effects of the FBI's Reprioritization (September 2004).--The OIG
reviewed the changes in the FBI's allocation of its personnel
resources since the September 11 terrorist attacks. The report
provided detailed statistical information regarding changes in
the FBI's allocation of resources since 2000. The OIG
determined that the FBI has reallocated resources in accord
with its shift in priorities from traditional criminal
investigative work to counterterrorism and counterintelligence
matters. In addition, the OIG review identified specific field
offices most affected by changes in FBI priorities within
various investigative areas, such as shifting agent resources
from organized crime or health care fraud cases to terrorism
investigations. The OIG report recommended that the FBI
regularly conduct similar detailed analyses of its agent usage
and case openings to provide a data-based view of the status of
FBI operations and to assist managers in evaluating the FBI's
progress in meeting its goals.
--Handling of Information Prior to September 11 Terrorist Attacks
(July 2004).--This classified OIG report, conducted at the
request of the FBI Director, examined the FBI's handling of
intelligence information prior to the September 11 terrorist
attacks. The review focused on the FBI's handling of an
electronic communication written by its Phoenix Division in
July 2001 regarding extremists attending civil aviation schools
in Arizona, the Zacarias Moussaoui investigation, and
information related to September 11 terrorists Nawaf al-Hazmi
and Khalid al-Mihdhar.
The OIG made 16 recommendations for improving the FBI's
intelligence handling and counterterrorism efforts, including
recommendations targeted towards the FBI's analytical program.
The OIG provided the classified version of this report to the
9/11 Commission and to Congress. In response to requests from
members of Congress, the OIG is working with the Department to
produce an unclassified version of this report that can be
publicly released.
--Foreign Language Translation Program (July 2004).--The OIG audited
the FBI's translation of counterterrorism and
counterintelligence foreign language materials. The audit found
that the FBI did not translate all the counterterrorism and
counterintelligence material it collected. The OIG attributed
the FBI's backlog of unreviewed material to difficulties in
hiring a sufficient number of linguists and limitations in the
FBI's translation information technology systems. The review
also found problems in the FBI's quality control program for
language translations. The report made 18 recommendations for
improving the FBI's foreign language translation program.
In response to the OIG report, the FBI stated that it plans to
implement a national integrated statistical collection and
reporting system for its translation program in fiscal year
2005 that will allow foreign language program management to
accurately determine the amount of unreviewed material that
needs to be translated. The FBI also plans to increase its
digital collection systems' storage capacity so that unreviewed
audio material for critical cases is not deleted by the system.
In addition, it plans to implement controls to ensure that the
forwarding of audio among FBI offices via its secure
communications network is accomplished reliably and timely. The
FBI further reported that it plans to assess the linguist
hiring process, implement measures to reduce the time it takes
to bring linguists on board, and strengthen quality control
procedures to ensure that translations are accurate and that
all pertinent material is being translated.
--Edmonds Case (June 2004).--The OIG examined the FBI's actions in
connection with allegations raised by former FBI contract
linguist Sibel Edmonds. Edmonds alleged that her concerns about
aspects of the FBI translation program were not appropriately
handled by the FBI and that her services as a contract linguist
were terminated in retaliation for her raising these
allegations. The OIG review concluded that many of Edmonds'
core allegations relating to the co-worker had some basis in
fact and were supported by either documentary evidence or
witnesses other than Edmonds. The OIG concluded that the FBI
should have investigated Edmonds' allegations more thoroughly.
With respect to Edmonds' claim that she was fired for raising
these concerns, the OIG concluded that while Edmonds does not
fall within the protection of the FBI's whistleblower
regulations, Edmonds' allegations were at least a contributing
factor in why the FBI terminated her services.
--DNA Reviews.--During the past year, the OIG completed three reviews
examining various aspects of DNA laboratories or DNA grant
programs. In the first review, completed in May 2004, the OIG
examined vulnerabilities in the protocols and practices in the
FBI's DNA Laboratory. This review was initiated after it was
discovered that an examiner in DNA Analysis Unit I failed to
perform negative contamination tests. The OIG's review found
that certain DNA protocols were vulnerable to undetected,
inadvertent, or willful non-compliance by DNA staff, and we
made 35 recommendations to address these vulnerabilities. The
FBI agreed to amend its protocols to address these
recommendations.
In a separate review, the OIG audited several laboratories that
participate in the FBI's Combined DNA Index System (CODIS), a
national database maintained by the FBI that allows law
enforcement agencies to search and exchange DNA information.
The OIG's CODIS audits identified concerns with some
participants' compliance with quality assurance standards and
uploading of unallowable and inaccurate DNA profiles to the
national level of CODIS.
In a third review dealing with DNA matters, issued in November
2004, the OIG audited the Office of Justice Programs' DNA
backlog reduction grant program. This program provides funding
to states for the analysis of DNA samples collected in cases
where no suspect has been identified. The audit found that many
of the DNA profiles that had been analyzed by the states using
grant funding had not been uploaded into the FBI's CODIS system
and that grantees were not using the funds on a timely basis to
reduce DNA backlogs.
______
Prepared Statement of Senator Charles Grassley
Chairman Gregg, I want to thank you and the Ranking Member for
holding this important hearing on the FBI's Trilogy project and for
allowing me to submit a statement for the record. Over the years I have
taken a keen interest in making sure that the FBI does the best job
that it can. Unfortunately, as Inspector General Fine has testified
today, the Trilogy project isn't an example of excellence.
I want to commend General Fine for his report outlining the many
problems with the FBI's management of the Trilogy project and it's
Virtual Case File. The results of the OIG audit revealed that, although
the FBI has completed two of the three components of the Trilogy
project, the Virtual Case File (VCF) project has failed to produce a
functioning records management system. More importantly, it seems as if
the FBI will now actively pursue the development of the Federal
Investigative Case Management System (FICMS), but has not provided
estimated costs for such a project or a revised schedule for completing
the VCF.
The audit has determined that the ``main responsibility for the
problems with Trilogy rests with the FBI.'' The fact that changes to
the system requirements were made after the project had been initiated,
that contracts were not monitored and that project management decisions
were made by committees instead of experts with a working knowledge of
these systems, are all indicative of a plan that had failed before it
even got off the ground. The absence of an Enterprise Architecture and
lack of proper scrutiny over the various contracts leads one to believe
that funds for this project were requested from Congress before a
rational and pragmatic review of the potential problems were examined.
Today's OIG audit is another verse of the same song. On several
occasions in the last few years, the IG has had opportunity to examine
the FBI's automated case support and its IT systems. They have
highlighted the flaws and deficiencies and made recommendations. As the
IG noted in September 2003, the FBI implemented many of the IG's
recommendations, but not all of them. Had the FBI fully embraced these
recommendations the Trilogy project might have been in a different
place today. In fact one of the problems we see today was noted in
December of 2002. At that time, the IG concluded that the FBI was
spending hundreds of millions of dollars on IT projects without
adequate assurance that the projects would meet their intended goals.
Apparently, not much has changed.
This is particularly troubling, in light of the dire need for a
case management system that works. I agree with the IG's assessment
that ``there is a critical need to replace the ACS to enable FBI agents
and analysts to effectively perform the FBI's mission.'' Fighting
terrorism is the FBI's main job and not having an adequate ACS hinders
their effort. The FBI asserts that the failure of the VCF will not
impact on national security, but frankly, I'd rather not take the
chance. Securing the homeland is far too important of a task to not
have the best tools available.
After having spent $580 million on the Trilogy project, including
$171 million on the Virtual Case File, one would think that the FBI
didn't just have the best tools, but they have all of the tools.
Unfortunately, the taxpayers $171 million was squandered on a project
that doesn't meet the FBI's needs. Additionally, the fact that the FBI
has been set back three years in planning their critical
infrastructure, necessitates a well thought-out and managed solution. I
hope that from this failure the FBI can gain some insights and build a
learning curve that will help them as they look for a another system.
To that end, I would recommend that the FBI explore the case
management programs already utilized by other federal government
agencies, before attempting to spearhead a Federal Investigative Case
Management System. It is quite possible that a program currently in use
by the federal government could be adapted to suit the needs of the FBI
case management program.
Chairman Gregg, I again want to thank you for giving me the
opportunity to weigh in on this critical topic. General Fine, thank you
for your thorough and insightful report and testimony. I really do want
the FBI to be the best they can be at protecting America's citizens,
and that's why this report and hearing are so very important. The FBI
must learn from its mistakes. To not do so could lead to an even
greater waste of taxpayers' dollars and increased risk to national
security.
ADDITIONAL COMMITTEE QUESTIONS
Senator Gregg. But I am going to have to recess this
hearing and we are going to have to come back and reschedule
the balance at another date. I think the time that the Director
has given us has been exceptional and it might have been a
little longer than people had expected, but we appreciate his
courtesy.
[The following questions were not asked at the hearing, but
were submitted to the Department for response subsequent to the
hearing:]
Questions Submitted by Senator Patrick J. Leahy
VIRTUAL CASE FILE
Question. There is a field test of the VCF Initial Operating
Capability currently underway in the New Orleans field office. (A) When
will that test be completed? Who will assess the results of that test
and what criteria will be applied? (B) What are the Federal Bureau of
Investigations (FBI's) plans for ``VCF-lite?'' Does it expect to use
this software in the future?
Answer. The deployment of the Virtual Case File (VCF) Initial
Operating Capability (IOC) as a pilot to the New Orleans Field Office,
the Baton Rouge Resident Agency, the Criminal Investigative Division's
Drug Unit, and the User Advocate Unit provides the opportunity to
refine workflow business processes, verify workflow requirements,
quantify workflow efficiency improvements, develop workflow-related
system deployment processes, and develop workflow-related training
processes. During the pilot, metrics are being collected to quantify
the above goals and assess user satisfaction. At the end of the pilot
activities, the FBI will better understand the opportunities an
electronic workflow capability provides for improving the efficiency of
document-related business processes and the challenges involved in
deploying a web-based workflow application across the workforce.
Questions the FBI hopes to answer include:
--Will the automation of workflow reduce investigation time?
--Will the application track documents throughout their existence?
--What is the impact of the automated workflow on the FBI workforce?
--What is the best way to train FBI employees on new technology tools
and capabilities?
--Is the user interface acceptable to the users and does it enhance
their ability to do their work efficiently and effectively?
--What is needed to implement more effective security controls to
ensure seamless access to data and information sharing?
--Will the interface between the Automated Case Support (ACS) system
and the VCF IOC be adequate for future system integration
efforts, including ``flash cutover'' strategies?
The pilot was completed in late spring of 2005, metrics are being
analyzed and reported. The FBI has tasked Mitretek Systems to perform
the assessment to determine what future use of the application is
appropriate. The results of this pilot, along with the conclusions
drawn by the Office of the Chief Information Officer (OCIO), will be
shared with The RAND Corporation as well as our oversight partners,
including the Congress, Office of Management and Budget (OMB), and
Government Accountability Office (GAO).
The IOC was developed in two increments: the initial IOC and the
incremental ``IOC Plus.'' The incremental IOC Plus consists of a few
additional features that were identified during the beta test as
significantly enhancing the usability of the IOC and capable of
development and testing for a minimum additional cost. Based on
feedback from users during the pilot, the FBI will determine the value
and cost of deploying IOC Plus field-wide. Such a deployment would
provide a stop-gap capability while the Full Operating Capability
solution is being developed. The FBI has prepared a cost estimate for
deploying IOC Plus field-wide and associated operations for a 12-month
period. These costs will be analyzed along with the perceived benefit
of such a deployment to the user community, resulting in a
recommendation of whether to deploy IOC Plus field-wide.
Aspects of the pilot software will be used in the future. In
particular, the Web ACS capabilities integrated into the pilot are
being further developed and will provide users increased access to ACS
data. In addition, the software implementing the workflow aspect of the
pilot is under evaluation for longer term, future use. There are no
plans for a ``VCF-lite.''
Question. You told this subcommittee on March 23, 2004, that in the
wake of the 9/11 attacks, you evaluated whether to develop VCF or
purchase a commercial off-the-shelf product. You stated: ``I have had a
number of persons outside the bureau look at the decision to develop
our own, persons--I call them the gray-beards--who are from a number of
private concerns who would look at the choice we made and the product
we've come up with. And I think the reviews are very good for the
product we've come up with.'' Did these ``gray-beards'' from private
concerns produce written or otherwise formal assessments of whether the
FBI should develop its own product or buy off-the-shelf? If so, please
provide those. If not, why did the FBI chose to rely on an informal
assessment rather a formal report like the one recently prepared by
Aerospace? Couldn't the FBI have benefited by contracting for a formal
report on off-the-shelf alternatives much earlier?
Answer. Two groups of ``gray beards'' reviewed Trilogy and/or VCF.
A panel from the National Academy of Science (NAS), led by Jim
McGrotty, looked at Trilogy first in September 2002, and then again
during late 2003 and early 2004. The initial NAS effort in September
2002 consisted of two days of briefings, after which the panel provided
an oral assessment to the Director and others. No formal written report
was issued. The purpose of this review was to give the Director a
``pulse-check'' on how Trilogy was proceeding. The second NAS review
resulted in a written report, issued in May 2004, and was followed by
an addendum in June 2004, that focused on changes made by Zalmai Azmi,
after his appointment as the FBI's Chief Information Officer (CIO)
(which were not considered in the initial report). The NAS was not
asked to assess commercial off-the-shelf (COTS) products, although some
panel members believed, from the discussion of requirements presented,
that COTS products might meet FBI requirements.
The second group of ``gray beards'' is the Director's Science and
Technology Advisory Board, led by Art Money. This Board has been
briefed on Trilogy, VCF, and the FBI's information technology (IT)
effort in general since it first began meeting in October 2003. At the
request of former FBI Executive Assistant Director Wilson Lowery,
members of the Board met in June 2004, specifically to review and
comment on the VCF Corrective Action Plan, including the identification
of any inconsistencies or gaps in the remediation plan. After a series
of briefings during the day, the Board members met with the Director to
provide an oral assessment of the plan and other suggestions. Since
then, VCF, Enterprise Architecture (EA), and IT have been regular
agenda items on the Science Board's agenda, and the program managers
have updated the board members. Again, the Board was not asked to
assess COTS, but they also suggested that COTS could satisfy most of
the FBI's requirements and encouraged the FBI to explore that option.
Question. On July 16, 2002, Sherry Higgins, your then-Project
Management Executive, testified before the Senate Judiciary
Subcommittee on Administrative Oversight that the FBI was using an
industry-standard process--Joint Application Development--to ``define
and prioritize'' its requirements. The subcommittee was also told this
was a new way of doing business: bringing together users, designers,
and future systems operators to define and prioritize requirements. Why
was this process not effective in producing a concrete and final list
of VCF requirements that SAIC could use to build VCF?
Answer. The Joint Application Development (JAD) sessions resulted
in user-need and requirements statements reflecting the capabilities
users desired in the final system. These statements were, however, not
prioritized and, in some important aspects, insufficiently detailed
(this was particularly true of the requirements related to users'
access to the system's functions and data and to the requirements
defining the system's administrative functions). As a result, the
requirements were accurate and consistent, but they were not complete
in all areas. In addition, they did not reflect the constraints imposed
by the system's conceptual design or current infrastructure, since the
process by which requirements were defined was implemented after the
Science Application International Corporation (SAIC) had already
developed the conceptual design and the infrastructure framework. The
SAIC attempted to use these user-need and requirements statements to
define a set of requirements that were consistent with a vision of how
to build the system, but were unsuccessful because the JAD lacked
sufficiently detailed requirements regarding security, records
management, and the intelligence mission to complete the new system and
application architecture.
Question. At the hearing on February 3, you described problems
leading to a failed VCF effort, including that the FBI ``lacked skill
sets in our personnel, such as qualified software engineering, program
management and contract management.'' You also stated that the FBI
responded to these deficiencies by outsourcing the contract management
and technology development. The Federal Systems Integration Management
(FEDSIM) is acting as the contracting office on behalf of the FBI, and
Mitretek Systems provides program management, systems engineering and
technical advisory services. SAIC has been responsible for delivering
VCF.
Has the FBI or an outside entity evaluated the extent to which it
should have such capabilities within its own staff, and if so, what is
the result of that assessment?
Answer. In 2003, a distinguished group under the NAS conducted an
in-depth study of the Trilogy program including, in particular, VCF.
The NAS determined that, while the FBI had some good IT people, it fell
short of the kind of expertise needed to manage large IT acquisitions,
not only from the program management perspective, but also from an
engineering perspective.
The FBI recognized these shortcomings and created the Office of the
Chief Technology Officer (CTO) in June 2004, to strengthen engineering
and computer science especially as it relates to the development of new
technology. Currently, that office includes 10 software/system
engineers and is in the process of selecting an additional 10, which
will be a combination of new employees and transfers from other parts
of the FBI. At the same time, the CTO is strengthening software,
system, and data engineering at the Bureau by hiring contractors to
work on establishing ``to be'' technical and data reference models for
the enterprise, participating in project and critical design reviews,
and base-lining the FBI's capabilities from a systems engineering
perspective. The FBI plans to request additional government software
and systems engineers in the future to bolster its resource pool for
dealing with complex and critical information technology projects.
Additionally, the FBI's Office of IT Program Management (OIPM) has
taken several steps to strengthen program management skills as they
relate to IT programs and projects. In addition to recruiting several
experienced program managers to fill key IT management positions within
the OIPM, the FBI has implemented a training initiative through which
employees can be certified as Program Management Professionals. Since
September 2004, 30 employees have been trained and two additional
classes, with an additional 50 students, are underway.
On March 4, 2005, the FBI became a member of the Program Management
Institute (PMI), and enrolled 20 employees in this professional
organization. In addition, these individuals joined the Washington,
D.C. PMI Chapter and the government special interest group. This allows
FBI program managers to remain updated on the latest information from
PMI, attend project meetings, and participate in the government-
specific interest group.
Question. What adjustments did the FBI make to its own internal
personnel to ensure proper oversight of, and effective communication
with, SAIC, FEDSIM, Mitretek and other entities performing functions
related to VCF?
Answer. While the FBI did take steps to improve internal oversight
of the VCF project, in retrospect the steps were not adequate to ensure
proper oversight. Steps taken included, but were not limited to, the
following: (1) a communication plan between the FBI User Team and SAIC
where FBI User Team members were integrated into SAIC's environment for
project support; (2) an interim Award Fee feedback plan instituted by
the FBI and the Federal Systems Integration Management (FEDSIM) Center
to provide SAIC more frequent performance analysis; (3) monthly In-
Progress Review (IPR) briefings provided by SAIC to FEDSIM and the FBI;
and (4) weekly Program Management Office (PMO) meetings, attended by
SAIC, FEDSIM, and the FBI.
Once it became apparent that SAIC was having difficulties, the PMO
co-located FBI and Mitretek Systems personnel at SAIC. Mitretek was
asked by the FBI to provide additional resources to help resolve
issues. In addition to attending ad hoc meetings as issues arose,
Mitretek Systems developed a User's Guide and a series of white papers
to assist SAIC in understanding the FBI's needs and requirements in
areas not covered in detail in the system and software requirements.
The white papers addressed such topics as: access control concepts,
authorized users, delegated functions identified in the Systems
Requirements Document, lead routing table concepts, package assumptions
rules and roles, silent hits, User Application Component client server
communications link bandwidths, logging, and data models.
In the first quarter of 2004, an independent FBI Special
Technologies and Applications Section technical team provided an
architectural evaluation, identifying risks and deficiencies previously
suspected, but not confirmed, to the PMO. This new risk information, in
addition to SAIC's past performance on this project, became an
important component in the FBI's assessment of SAIC's ability to
respond to the challenges of completing VCF delivery 1.
Question. Prior oversight reports have found that the bureau has
had trouble managing its information technology contractors and that
these problems contributed in part to cost, schedule, and performance
shortfalls on system modernization projects such as Trilogy/Virtual
Case File. For example, in December 2002, the Inspector General
reported that the bureau was not implementing cost, schedule, and
technical baselines to monitor its contractor's progress on the Trilogy
project. In addition, in May 2004, the National Research Council
reported that the bureau needed more control over its Trilogy/Virtual
Case File contracts, including more frequent use of contractor progress
reviews, performance metrics, and specific milestone delivery dates.
What has the FBI done to strengthen its ability to effectively manage
its contractors and minimize the risk that the bureau will experience
cost, schedule, and performance shortfalls on future IT projects?
Answer. In May 2004, Director Mueller announced the appointment of
Mr. Zalmai Azmi as the FBI CIO. Mr. Azmi is responsible for the FBI's
overall information technology efforts, including developing the FBI's
IT strategic plan and operating budget; developing and maintaining the
FBI's technology assets; and providing technical direction for the re-
engineering of FBI business processes. Mr. Azmi was given the authority
for enterprise-wide IT budget control/consolidation. The CIO and Chief
Financial Officer (CFO) work closely together on all IT financial and
budget matters (including the IT budgets in all FBI divisions). The CIO
and CFO instituted an acquisition process that required all IT
investments to be reviewed by CIO and CFO staff. Almost 1,000
acquisitions were reviewed and approved in the last 2 quarters of
fiscal year 2004. The risks associated with cost, schedule, and
contract performance are also reduced by the FBI's close coordination
with the Department of Justice (DOJ) CIO; the FBI and DOJ CIOs meet
regularly to discuss status and address issues related to the FBI's
major IT investments.
The CIO centralized the IT business of the FBI, mostly in an
organizational structure under his office with a few specialized
applications organizationally separate but reporting through him (e.g.,
the Criminal Justice Information Systems Division in West Virginia)
under the Life Cycle Management Directive (LCMD). The LCMD, which
fundamentally changes how IT projects are managed in the Bureau,
governs how IT projects are managed from ``cradle to grave'' and is
consistent with industry and other government agency best practices.
The LCMD guides FBI personnel on the technical management and
engineering practices used to plan, acquire, operate, maintain, and
replace IT systems and services. All IT projects and programs will be
required to undergo rigorous project and executive level ``control
gate'' reviews for each stage, from inception through disposal. There
are seven gates, nine phases, and 14 key supporting processes in the
LCMD. These reviews are the mechanism for management control and
direction, decision-making, coordination, and confirmation of
successful performance.
The FBI's CIO has established a system of review boards through
which the IT business of the FBI is conducted.
--The IT Advisory Board ensures new technologies are incorporated
into FBI operations and business practices, ensures decision
makers prioritize operational technology needs for future
development, minimizes duplicate technology business practices
to better optimize resources, and resolves conflicts involving
IT issues among FBI Headquarters divisions.
--The EA Board ensures IT systems comply with EA requirements, the
supporting system concept, critical design, and disposal
reviews.
--The IT Policy Review Board provides guidance and direction on IT
policy matters, resolves issues, and develops new policies.
--The Technical Review Board ensures IT systems comply with technical
requirements, leads critical design, and supports deployment
readiness and system test reviews.
--The Change Management Board manages IT infrastructure changes,
leading deployment readiness, system test readiness,
operational acceptance, and disposal reviews.
--The Investment Management Project Review Board ensures IT systems
acquisitions are aligned with IT policy, strategic plans, and
investment management/portfolio management requirements. It
leads system concept and acquisition plan reviews.
These Boards have defined roles/responsibilities within the
structured framework of the LCMD and operate pursuant to established
charters and procedures. The LCMD applies to all solution providers,
including contractors. In addition, contract management is enhanced at
the Departmental level by the work of the Department Executive Review
Board (DERB), which oversees DOJ's major IT investments, including
those led by the FBI. The DERB operates as part of DOJ's Information
Technology Investment Management process to provide oversight at the
highest level.
Through a newly instituted IT Investment Management process, the
CIO is establishing control and management of IT project budgeting,
working with the CFO in the budget formulation process during the
fiscal year 2006 budget cycle (the Finance Division has asked the CIO
to provide an addendum to the fiscal year 2007 budget request targeting
IT requirements). In addition, the OCIO has increased the oversight of
IT projects and programs through the development of IT standard system/
project definitions; identification of the FBI IT portfolio of systems,
applications, programs, and projects; release of the FBI IT Master
Project/Programs list; promulgation to all FBI divisions of the LCMD;
and purchase of an Enterprise Portfolio Management tool and a Project
Portfolio Management tool.
Oversight of IT projects begins with establishing baselines for
each project. In June 2004, it was mandated that all new projects
produce and maintain resource-driven MS Project 2002 schedules. These
schedules are subject to periodic (weekly, monthly, and/or at LCMD
gates, depending on the project) review and analysis. All pre-existing
projects will be required to produce and maintain project schedules,
which are subject to review and analysis at each of the remaining LCMD
gate reviews. DOJ has announced their implementation of a congressional
mandate that all projects of a certain size are required to provide
American National Standards Institute Earned Value Management Systems
data. The Earned Value Management (EVM) methodology is a project
(investment) management process that effectively integrates the
investment scope of work with schedule and cost elements for optimum
investment planning and control. The OCIO is in the process of
reporting EVM data to DOJ in compliance with this mandate.
Question. When SAIC submitted invoices as it spent taxpayer's
money, what were the FBI's procedures for evaluating: (a) whether those
expenditures were permissible under its contract; (b) whether they were
producing the necessary result; and (c) whether the timing of those
expenses put SAIC on track for timely delivery? Why did those
procedures fail to identify at an earlier date that SAIC would not be
able to deliver the expected results on the due date, and what changes
have been put in place to manage future contracts?
Answer. In a large system development project such as VCF, the key
is the development of a base-lined, resource-loaded network addressing
both schedule and resources. Tracking progress against this resource-
loaded network reveals whether the money is being spent according to
the plan and the development is on track. While SAIC had a resource-
loaded network, it was not sufficiently milestone driven to expose the
difficulty they were having completing the system development. Even
with this weakness, the FBI was aware of the project status. Over the
past year, the FBI has met with DOJ officials and with House and Senate
Committee Members and/or their staffs to address issues regarding the
VCF and Trilogy programs.
The FBI is acutely aware of these deficiencies and has taken
proactive steps to ensure that they do not recur. As noted above, all
projects will be managed in accordance with the Life Cycle Management
Directive. Earned Value Management (EVM) reporting requirements will be
mandated on projects of a specified size and dollar threshold. A work
breakdown structure and a detailed, integrated, event-driven schedule
will be developed and maintained for each project. Project status
reporting will be accomplished at both the project and enterprise
levels. Project Management Reviews will be conducted at the project
level, and ``control gate'' reviews will be conducted at the enterprise
level. Appropriately designated boards will oversee projects and,
through the recent deployment of Worklenz software, all oversight
entities will have the same view into a project's progress. The
oversight process will also be enhanced by the monthly entry of key
budget and milestone data for all DOJ IT projects, including FBI IT
projects, into DOJ's IT Dashboard, which will allow the FBI's and DOJ's
CIOs to view status, EVM metrics, and major developments affecting
progress.
While clearly VCF does not provide the capabilities the FBI sought,
the ``lessons learned'' from the VCF project management were
beneficial. As noted above, the FBI has developed the LCMD to impose
structure and process in system development, and the VCF IOC was
executed using this new approach to IT management. Project objectives,
requirements, and constraints were clearly identified before proceeding
to each control gate, and ``go/no go'' criteria were used at major
milestones to control the release of funding and to keep the project
focused. In addition, a cost-sharing arrangement was established as
part of the renegotiated User Applications Component contract, and
adherence to defined management processes was mandated. As a result,
the VCF IOC development and deployment was completed on schedule and
within budget.
Question. At the hearing, you indicated that the FBI has deferred
to DOJ for consideration of whether the FBI can recoup any funds from
SAIC, and if so, how much and on what basis. When was this issue
deferred for consideration and when do you expect to receive an answer?
Will you inform the Committee immediately upon receipt of this
assessment?
Answer. The FBI referred this matter to DOJ's Civil Division on
February 2, 2005. The FBI asked the Civil Division to ``begin to
analyze the facts to assist us in determining the appropriate course of
action'' concerning the possible recovery of funds from SAIC. The FBI
is continuing to work with the Civil Division and the General Services
Administration to resolve this matter and determine what future action,
if any, will be taken. At this point, it is not known when a final
determination will be made. The FBI will inform the Committee when such
a determination is made.
Question. The FBI's response to the Inspector General's draft
report indicated that the FBI established its baseline Enterprise
Architecture (EA) in 2004 and is in the process of developing a target
EA in September 2005. What is the status and progress of the bureau's
efforts to develop and implement an effective and complete EA that can
be used to effectively guide and constrain its IT investments, and will
it be complete by September 2005? Does it make sense to continue to
pursue VCF, or even the Federal Investigative Case Management System
(FICMS), before this EA is complete?
Answer. Since the award of a contract for EA support on March 21,
2004, the FBI has applied a focused, concentrated, and elevated effort.
For example, a revised EA Program Plan was completed and signed by the
CIO on July 2, 2004. EA development efforts and products are being
reviewed approximately every other month by the Director's Science and
Technology Advisory Board, an external group of senior scientists and
technology experts. Both completed and in-progress EA products are also
reviewed by the EA Board (EAB), which includes Deputy Assistant
Directors from FBI Headquarters Divisions. The EA principles and the
Integrated EA Base were completed and approved by the EAB and the CIO
on December 9, 2004. The Integrated EA Base Line, which was approved by
the FBI Director on December 21, 2004, contains the following
information.
--Business Architecture--36 stakeholders, 42 functions, 223 sub-
functions.
--Data Architecture--identified 8 data areas and 65 data classes.
--Applications Architecture--includes the Master IT Systems List with
an inventory of over 500 FBI systems, applications, networks,
and databases.
--Technology Architecture--includes the FBI IT Master Products List
with over 800 COTS and Government off-the-shelf products.
The CIO has added both in-house personnel and contractors to ensure
completion of the target, or ``To Be,'' EA by May 2005. The initial
phase, referred to as the ``interim To Be architecture,'' addresses the
target architecture and the Integrated Baseline Architecture, focusing
on current projects and interoperability within the current technology
environment. Any project that is being developed with incremental
capabilities will need to be aware of the architectural impact of
projects in-progress to address integration issues. Phase I of the
target architecture identifies the mission requirements being supported
by the FBI projects identified for fiscal year 2005 and 2006, including
VCF, and the EA team is working with the personnel responsible for the
VCF to ensure that its architectural issues are addressed. The interim
target architecture includes mapping to the reference models identified
in the Federal EA, tailored for the FBI environment to provide
architectural support for projects under development. The intent is to
create an optimum architecture environment for the implementation of
projects that enhance the FBI's technical environment so the FBI is in
an optimum position to support the VCF effort.
Question. Mr. Azmi testified at the hearing that the FBI now has a
list of requirements for VCF and has mapped these requirements
``through a federal enterprise architecture framework,'' that these
have been broken down into phases, and that another independent
contractor is assessing the cost of implementing those phases and will
have a report by mid-February. What is the relationship between this
``federal enterprise architecture framework'' and the FBI's efforts to
develop its own EA by 2005?
Answer. The Federal EA Framework (FEAF) that was initially
established in fiscal year 2000 has been evolving with the development
of OMB's five reference models. For example, the original FEAF did not
contain any framework support for security. Additionally, OMB and GAO
recognized that focusing on specific organizations' applications
retained the dependencies or bottlenecks within these organizations.
Therefore, OMB replaced that approach with one that employs the concept
of service components independent of an application's implementation.
Some of the reference models, including the Security reference model,
are still under development. The OMB approach is to include in the
reference models a master list of all possible elements, so that an
organization can develop its own reference model by selecting the
elements appropriate to that organization. The FBI is using the OMB
reference models to complete its EA to the extent possible, adding
additional features or framework elements, such as security services
and features, as appropriate. The FBI target model also uses the
reference models, but depicts the future environment the FBI expects to
need to meet mission goals. The difference between the baseline EA and
the target EA represents the gap that must be bridged to achieve the
target EA.
Question. Is the list of requirements referenced in the hearing the
final list of requirements against which VCF will be built, or will
there be additional changes to the requirements list, perhaps when the
FBI's own EA is complete in 2005?
Answer. The FBI contracted with BAE Systems to review and
revalidate users requirements because the mission of the FBI has
evolved, presenting new requirements for information and intelligence
sharing among different entities. This review is still in progress. To
ensure future IT systems do not expand beyond their functional level,
IT systems will be designed, developed, and deployed incrementally
against specified and planned parameters.
Question. Which independent contractor is developing a cost
estimate, and will you provide the cost-estimate report to Congress
upon receipt? Does it make sense to solicit cost estimates at this time
given the potential flux in the VCF requirements?
Answer. Two Independent Government Cost Estimates (IGCEs) are being
developed, one by Mitretek Systems and one by Aerospace. Aerospace is a
Federally Funded Research and Development Corporation and is
Congressionally chartered to provide this kind of analysis. An IGCE is
based on a set of assumptions addressing the concept and its
development, operations, and maintenance. Given the current fluidity in
the concept's development, these estimates will need to be revisited
when the final concept has been defined.
Due to the rigor and time associated with developing an IGCE, the
FBI decided to begin preparing the estimates and factor in time for
later updates, rather than waiting until everything is known to begin
to prepare the estimates.
The FBI would be pleased to brief the Subcommittee on our progress
in this area.
Question. The OIG Report indicates that the FBI discontinued its
pursuit of certain enhancements and additional operational capabilities
to VCF in part because the VCF Delivery 1 did not meet its
expectations, and also because the FBI plans to pursue the Federal
Investigative Case Management System (FICMS). The OIG Report also
indicated that the FBI is serving as the executive agent of the process
to award a contract for FICMS by April 2005. The FBI's response to the
OIG's draft audit described FICMS as a ``blueprint'' and stated that
VCF and FICMS ``are on parallel tracks that will eventually converge.''
What will this ``blueprint'' entail and who designed it?
Answer. The Federal Investigative Case Management Solutions (FICMS)
initiative, part of OMB's Case Management Line of Business, is a
framework that provides guidance for participating agencies designing
and developing investigative case management systems. FICMS ensures,
where appropriate, the establishment and reusability of common IT
solutions and promotes the inter-agency compatibility and system
interoperability needed to facilitate information sharing across the
federal investigative and law enforcement landscape. Investigative
agencies share core business functions but also have unique needs that
drive agency-specific system requirements. The FICMS framework uses a
Service Oriented Architecture approach, which allows agencies the
flexibility to implement a common, core solution and build specific
functional modules that plug into the common solution to meet unique
agency needs. Accordingly, investigative agencies will procure
commercially available solutions where appropriate, then implement
these solutions to address specific activities such as investigative
workflow management, records management, and data analysis. These
agency-specific systems will follow the broad FICMS blueprint so that
data can flow easily and securely between agencies. The FBI is planning
to implement the first investigative case management system as part of
the FICMS framework, and is collaborating with DOJ and the Department
of Homeland Security (DHS) to maximize the system's use by other
investigative agencies, thus preventing costly investments in duplicate
IT case management systems. OMB selected DOJ to lead this effort, and
the FBI was designated as DOJ's Executive Agent for FICMS development.
Question. What impact has the development of FICMS had on the FBI's
view of, or plans for, VCF? What does it mean that VCF and FICMS ``are
on parallel tracks'' and ``will eventually converge?''
Answer. The FBI is continuing to move forward to develop and deploy
a case management system. At the same time, the lessons learned through
VCF will be used to help develop the FICMS, a broad blueprint for
federal investigative case management systems being led by DOJ. The FBI
will use the FICMS framework to develop an investigative case
management system that will not only meets the Bureau's specific needs,
but will also provide a blueprint for other federal investigative
agencies implementing case management systems. The use of this common
FICMS framework will permit more seamless information sharing.
Question. Will FICMS benefit from the 3-years and $170 million
devoted to the VCF effort, and if so, in what ways?
Answer. Yes, the lessons the FBI has learned in its efforts to
develop VCF will help in developing the FICMS, particularly in the
areas of contract management, project management, the development and
implementation of policies and procedures, modular development and
deployment, data security, records management, and training. For
example, the FBI learned that it should not attempt a ``flash cutover''
(i.e., a full implementation of a system in which all functionality is
brought online initially) when migrating from the legacy system to the
new system. Instead, the FBI should develop and incrementally deploy
capabilities in phases. Also, business process requirements captured
through the JAD sessions will be used in the development of the FICMS
requirements. The electronic interfaces developed between the legacy
ACS application and VCF IOC are being evaluated for possible reuse. The
metrics and lessons learned from the New Orleans Pilot, which are
currently being compiled, will also influence the development of FICMS.
Question. How will FICMS relate to the FBI's enterprise
architecture? What steps has the FBI taken to ensure that these efforts
will interrelate, rather than conflict?
Answer. The FBI is using the FEAF as the basis for the development
of the FBI EA. OMB requires that federal agencies use the FEAF, which
will ensure interoperability between systems and easy information
sharing. The FBI will use the Service Reference Model of the FEAF as
the FICMS framework for delivering services in a phased approach to
participating federal agencies based on their determined priority. Each
phase will deliver capabilities independently.
Question. Is there a defined list of requirements for FICMS, such
that soliciting contracts for FICMS in April will be an efficient and
productive process?
Answer. The goal of this program is to ensure compatibility between
all systems used by the various entities in DOJ and DHS. In order to
ensure that all technology requirements will be included in the
system's overarching framework, the FBI sent system requirements to DOJ
and DHS for review. DOJ and DHS responded by providing additional
requirements that are necessary for their operations. Based on this
input, the FBI created a larger set of requirements encompassing the
needs of the FBI, DOJ, and DHS. This approach ensures that all
components' investigative needs be addressed by the framework.
Question. Besides DHS, what other departments and agencies will
FICMS serve?
Answer. FICMS will serve as a framework for investigative
information technology systems used by the FBI, DOJ (including DOJ
components), and DHS.
Question. At the hearing, you stated that the FBI ``did not have a
complete set of defined VCF requirements when the original contract was
signed in June 2001, and we did not have a finalized set until the
summer of 2002.'' In addition, FBI CIO, Zal Azmi testified that ``we
have completed our requirements. We have a requirements document for a
case management system that our users, our agents, our analysts want
and the FBI. We have mapped those requirements to our services that are
guidelines by the federal enterprise architecture framework.'' However,
the Inspector General's recent audit stated that ``the process of
defining requirements and baselines for the VCF still continues,'' and
recommends that the FBI ``freeze the critical design requirements for
the case management system before initiating a new contract.'' Can you
reconcile these statements? Are the requirements for VCF now frozen and
final until a case management system is delivered? How can the VCF
requirements be final when the FBI does not have a complete EA? When
the requirements are finalized, will an outside expert evaluate the
list of requirements, and if so, who and when?
Answer. The OIG report was written in late 2004. Since that time,
the FBI has made significant progress in documenting the requirements
and Concept of Operations (CONOPS) for an enterprise-wide case
management capability. In January 2005, the FBI completed the System
Requirements Specifications (SRS) and System CONOPS. The SRS have been
revised based on feedback provided through a review process, and will
be finalized at the end of the review/revision process. The CONOPS is
also undergoing that review/revision process. A System Requirements
Review for completeness is also ongoing and, after all inputs are
incorporated, the final set of system requirements will include
approval by each of the Lines of Business owners. The systems
engineering team is working with the EA team to ensure system
requirements meet EA objectives. Additionally, requirements will be put
under formal Configuration Management control. Requirements will be
base-lined at contract award and, after contract award, changes or
proposed changes to the system or requested functionality will be
managed in accordance with the Configuration Management Key Support
Process of the Life Cycle Management Directive. The requirements have
additionally been presented to the Director's Science and Technology
Board.
Question. You testified at the hearing that agents will have ``a
basic case management system'' in their hands within a year. What
specifically will a ``basic case management system'' entail and will
its delivery complete the VCF project? If for some reason developments
threaten to delay delivery beyond 2005, will you inform this
subcommittee immediately?
Answer. The FBI has expended significant time and effort since the
hearing confirming requirements for a new case management system, as
well as developing a procurement strategy that will take advantage of
off-the-shelf products. At this time the FBI envisions the deployment
of the new case management system in four phases, each of which will
provide discrete aspects of the new case management system. The first
phase should be completed 9 to 12 months after contract award, which is
expected in the summer of 2005. However, we would not expect a ``basic
case management system'' to be in place until the completion of phase
2, which will not be until 2006. Phases 3 and 4 will add additional
capabilities to the system.
Question. In your testimony, you stated that within 6 to 8 weeks
you would have an assessment of: (a) the costs required to get a fully
functional case management system in the hands of agents; (b) the
extent to which those costs would require additional funding or
reprogrammed funds; and (c) what other programs would lose funds, if
reprogramming was required. Please provide these assessments to the
subcommittee immediately upon completion, or apprise us if they will be
delayed beyond 8 weeks.
Answer. The estimate referred to in this question will be based on
the IGCEs discussed in response to question 9(C), above. The FBI will
keep the subcommittee informed.
Question. In your testimony, you described the FBI's development of
an Investigative Data Warehouse (IDW). Was any part of the development
of IDW funded out of the $581 million appropriated for the Trilogy
project?
Answer. Funds appropriated for Trilogy were not used for the
development of the Investigative Data Warehouse.
TERRORIST SCREENING CENTER
Question. In December 2003, the FBI's Terrorist Screening Center
began its task of consolidating government terrorist watchlists. In the
recent White House budget submission to Congress, an additional $75
million is directed to the Terrorist Screening Center. What is the
status of the watchlist consolidation project, and what problems have
prevented its completion?
Answer. As of March 12, 2004, the Terrorist Screening Center (TSC)
consolidated in the Terrorist Screening Database (TSDB) all identifying
data from the 12 watchlists specified in the April 2003 GAO report
entitled ``Terrorist Watch Lists Should Be Consolidated to Promote
Better Integration and Sharing'' (GAO-03-322). While this consolidated
database does include the identifying data from the Automated Biometric
Identification System (ABIS) and the Integrated Automated Fingerprint
Identification System (IAFIS), it does not include the associated
purely biometric information from ABIS and IAFIS.
Question. When will the government have a complete, integrated
terrorist watchlist with online access for law enforcement?
Answer. As noted above, the TSC has a complete integrated terrorist
watchlist that is now maintained in the TSDB. In addition, information
appropriate to pertinent law enforcement groups is exported daily to
various information systems, where it is electronically accessible to
groups that need it in performance of their specific duties.
Domestically, general law enforcement officers have access to the TSDB
through the National Crime Information Center system; Customs and
Border Patrol and Immigration and Customs Enforcement have access
through the Interagency Border Inspection System; the Transportation
Security Administration has access through the No-Fly and Selectee
lists; and the Department of State has access through the Consular
Lookout and Support System. Among the United States' foreign partners,
Australian authorities have access through TACTICS, and Canadian
authorities have access through TUSCAN.
CONCLUSION OF HEARING
Senator Gregg. I am going to recess the hearing.
[Whereupon, at 3:20 p.m., Thursday, February 3, the hearing
was concluded, and the subcommittee was recessed, to reconvene
subject to the call of the Chair.]
�