Posted on 02/04/2005 4:23:11 AM PST by bd476
WASHINGTON – "San Diego defense contractor SAIC said Thursday it had fixed flaws in heavily criticized software it developed for the FBI as part of a $170 million contract to help the agency track terrorists and manage criminal cases.
"We fully conformed to the contract we have and gave the taxpayers real value for their money," said Arnold L. Punaro, executive vice president of SAIC.
He blamed the FBI for the initial problems, saying the agency had a parade of program managers and demanded too many design changes. During 15 months that SAIC worked on the program, 19 different government managers were involved and 36 contract modifications were ordered, he said.
"There were an average of 1.3 changes every day from the FBI, for a total of 399 changes during the period," Punaro said.
His vigorous defense of SAIC immediately followed an appearance by FBI Director Robert Mueller on Capitol Hill, during which he sharply criticized SAIC's performance on the contract and said the project might have to be abandoned.
SAIC's custom software, known as Virtual Case File, was intended to help FBI agents and analysts track terrorists and manage criminal investigations. When SAIC delivered the product, at least 400 problems were found with the software, Mueller testified.
"We immediately identified a number of deficiencies that made it unusable," he said.
Mueller and Punaro's clashing statements were made in different settings. Mueller made his comments during an oversight hearing conducted by a Senate appropriations subcommittee. Punaro spoke to reporters afterward.
Punaro had been scheduled to testify after the FBI director, but the Senate committee hearing was adjourned before he could testify.
"We understand the circumstances in U.S. Senate scheduling, but we were fully prepared to put our case forward," Punaro said after the hearing.
Problems with the software made by SAIC were only the latest development in a three-part program known as Trilogy, which has run up an overall price tag of nearly $600 million since the contracts were awarded in 2001.
Trilogy was intended to overhaul the FBI's aging computers with a secure, high speed network that called for installing 500 computer network servers, 1,600 scanners and thousands of desktop computers in FBI field offices.
After the FBI initially determined there were flaws in the program, an independent consultant, Aerospace Corporation, reviewed the SAIC software at a cost of $2 million and determined it should be abandoned. It found a "lack of effective engineering discipline has led to inadequate specification, design and development of VCF," Mueller said.
Reacting to the report, Mueller said, "After three and a half years, this was disappointing news."
Punanro of SAIC, criticized the Aerospace report, saying, "we have a strong disagreement with the conclusions."
Among other things, Aerospace Corp. based its conclusions on an early software program that is a year out of date, Punaro said. "It was preliminary delivery and it did have some problems. However, we worked with the FBI and got on top of those," he said.
Mueller indicated that the FBI might try to get back some of the more than $100 million it has paid to SAIC, which won its contract in June 2001.
Despite the problems in the Virtual Case File technology, Mueller said "we will continue to consult with industry leaders to ensure that we develop a sound, long-term plan for our (technology) needs," Mueller said.
Committee members weren't so sure.
"My disappointment with the extreme waste of taxpayer dollars – over $100 million – is surpassed only by my frustration over the fact that we now do not know when the FBI will have this critical case management system in place," said Senator Judd Gregg, R-N.H., chairman of the Senate appropriations subcommittee on commerce, justice, and state.
Meanwhile, the Justice Department's Inspector General also criticized the FBI's handling of the software, saying it had not provided a timetable for completing it.
"The critical need to replace the FBI's obsolete case management system remains," the inspector general report said."
If the FBI doesn't have a way to recoup the $100 million already spent, they still should walk away from using SAIC's software.
Who knows what other breaches of security preceded their turning over the software to the FBI?
California defense contractor warns employees following computer theft.
Typical of gubm'nt - get their opportunity to testify then close the meeting before the other side gets the same opportunity.
Kind of like a grand jury I know of where the subject of the inquiry was told he could testify. Then the meeting was changed to a different time and he wasn't notified. I guess that's what happens when convictions are more important than justice.
The FBI found glitches in the software and negotiations ensued. Then the FBI hired an outside firm to get a second opinion and they told the FBI to bail out on the software.
That means $100 million dollars of taxpayer money gone, or SAIC owes it, or the FBI should give SAIC another chance. Except SAIC fell down horribly on security.
Who's to say that this wasn't the first security breach, or worse, that the break-in and theft of computers wasn't carried out by foreign powers?
I wonder why SAIC gets to talk to anyone but Mueller.
"SAIC was victim to a break in at one of its corporate facilities on January 25, 2005, and several personal computers were stolen that contained personal information on current and former stockholders.
The facility where the break in occurred serves in an administrative capacity and is not used for performance on any of our government or commercial contracts. SAIC filed a police report with San Diego authorities to report the theft and continues to fully cooperate with law enforcement officials to apprehend those individuals responsible and to attempt to recover the stolen property.
We have no evidence that the thieves have accessed any personal information on these computers or that the purpose of the crime was identity theft, but we are notifying current and former stockholders as a precaution.
We want to emphasize how strongly we regret this occurred and how deeply concerned we are about the inconvenience and the concern this is causing among our stockholders. The company has attempted to responsibly and proactively deal with this situation, and we recognize the importance of rapid response for our stockholders.
Besides using multiple means to notify those affected, such as e-mail to employee stockholders, as well as those retirees and alumni for whom we have e-mail addresses, we have also have established a 24/7 help desk to assist employees and stockholders who might have questions or need assistance.
We are implementing a program to make other resources, information and assistance available to our stockholders, including providing guidance on simple actions they can take to minimize the risk of identity theft. Again, we are troubled that this event occurred but are working round-the-clock to mitigate any impact on our stockholders.
Information for Current and Former Stockholders
We are taking the precaution of alerting you because the stolen computers contained personal information of current and former stockholders, including name, social security number, address, telephone number and stockholder records, including shares bought, sold and held.
SAIC has established several resources to assist you. We have set up a prerecorded message for general information on this situation and answers to common questions regarding identity theft, at (888) 826-7377. If you have questions that are not covered in the recorded message, we have also set up a 24/7 Help Desk at (866) 478-0433. Those working outside of the United States should call (703) 676-5200.
It is recommended that all current and former stockholders contact one of the three major credit bureaus at the phone numbers listed below to place a temporary fraud alert (90 days) on their credit file, at no charge, as a precautionary measure. Experian also allows you to place a fraud alert online at experian.com (www.experian.com).
Both processes are extremely simple and should not take more than a couple of minutes. A fraud alert warns creditors to contact you before opening any new accounts or changing information on your existing accounts. Placing a fraud alert on your credit file will automatically result in notification to the other two credit bureaus.
All three credit bureaus will send copies of your credit report to you, upon request. When you receive your credit reports, look them over carefully for accounts you did not open, inquiries from creditors that you did not initiate, and inaccurate personal information. Even if you do not find any signs of fraud, it is recommended that you keep your fraud alert in place and check your credit reports every three months for the next year.
If you should see anything you do not understand or find suspicious in your credit report, call the credit agency and your local police or sheriff's office to file a report of identity theft.
You should also notify SAIC's Stockholder Help Desk at (866) 478-0433. The Stockholder Help Desk will provide information on additional resources that the Company will provide to any victims of identity theft, including the services of a company specializing in assisting victims of identity theft.
Additional information on how best to respond to a possible identity theft is available at the federal government's central website for identity theft information (http://www.consumer.gov/idtheft) and at the California Attorney General's website (http://www.caag.state.ca.us/idtheft/tips.htm).
Your patience and continued confidence in SAIC is greatly appreciated."
Aero also suggested they consider COTS software, which I presume to be Lotus Notes or something similar.
IMHO $100 million (or whatever the final price was) is really excessive for this sort of application.
The virtual case file software might be less costly, but the "tracking terrorist" software implies something much more complicated.
Prepared for the Subcommittee on Commerce, Justice, State and the Judiciary U.S. Senate Committee on Appropriations
On Thursday, February 3 at 2:00 p.m., ET, Arnold Punaro, SAIC Executive Vice President and General Manager – Washington Operations, was to testify before the Senate Appropriations Subcommittee on Commerce, Justice, State and Judiciary. Before Punaro was able to make his opening statement and provide his full testimony, the hearing was recessed. Punaro's testimony was to address SAIC's performance on the FBI's Trilogy Virtual Case File system. Subcommittee Chairman Judd Gregg, R-N.H. promised to hold future hearings on the subject, which will give SAIC a chance to make its case.
Chairman Gregg and Senator Leahy:
It is a privilege to appear before you today to testify concerning our portion of the work on the Trilogy Project for the Federal Bureau of Investigation. Mr. Chairman, I ask consent that my entire statement be entered into the record and with your permission I am prepared to summarize.
I. Introduction and context
At the outset, let us say clearly that SAIC understands and appreciates the overwhelming demands and difficulties that the FBI has faced since the attacks of September, 11. While we disagree with the Bureau over aspects of the Trilogy program history, we have only the greatest respect for the dedication with which the Bureau has pursued its mission of defending our nation under the enormous, and sometimes conflicting, pressures that surfaced in the aftermath of the terrorist attacks.
SAIC, with 45,000 employees, is the largest privately owned research and engineering firm and one of the largest government contactors in the nation. As employee owners, we have prided ourselves since our founding 36 years ago on our ability to assist the U.S. Government on programs of national importance. Our dedication to work that matters is further reflected in an aggressive and pervasive ethics program. How our company operates and how we are perceived are matters of vital, personal interest to each and every employee. We have grown to become a very successful and sought after company by providing quality products and creating satisfied customers.
In that respect, let me mention several major, illustrative software engineering projects successfully designed and deployed for the FBI to illustrate the work we've done.
In sum, SAIC comes to this issue with a record of outstanding achievement in challenging projects, including specifically for the Federal Bureau of Investigation. We point this out not to boast, but to provide the context for considering some of the issues that have marked the public discussion of Trilogy and the manner in which SAIC has performed on this contract.
The Results and the Reasons
Currently, the contract has a negotiated value of $130.3 million and a funded value of $123 million. To date, SAIC has been paid $115.2 million. We expect to be paid the funded value of $123 million at completion. In conjunction with this work effort, the company has invested $3.9 million of its own money to support the Trilogy program.
Aerospace Corporation
Before presenting SAIC's testimony about the course of its work on Trilogy in detail, I want to speak briefly to the report by the Aerospace Corporation. While we have not been given a copy of this report, we were allowed to read a copy last week at the FBI. We appreciate that opportunity. Aerospace Corporation did not inform us, nor attempt to discuss in any way its findings-a lapse we find both inexplicable and contrary to the practices of inspectors general, the General Accounting Office, and other scientific groups, who find that comments from those reviewed contribute to a more balanced and useful report.
The Aerospace Corporation produced a report on the wrong software while failing to concentrate on central issues that determine system performance.
Had they asked us for comment, we could have told them they examined the wrong software. Mr. Chairman, I mean that in a literal sense. Aerospace Corporation explicitly evaluated a snapshot in time of the software as if it were a finished product when in reality, as everyone should have known, it was still being developed. The Aerospace Corporation says it found "evidence of incompleteness" and "failure to optimize." This is hardly unexpected in a work in progress that was still months away from its delivery date. In academic terms, it was as if we had been assigned a paper due December but then graded it the previous summer.
The product we presented to the FBI in December 2004 is not the product evaluated by Aerospace Corporation. VCF IOC was rigorously tested and accepted by the FBI after meeting 100 percent of its requirements.
Because the software evaluated was different from the software delivered, SAIC believes that the Aerospace Corporation report is not an adequate basis for deciding on a future course of action concerning VCF.
This is not to say we accept Aerospace Corporation's judgments about the product that was evaluated. We emphatically do not. The Aerospace Corporation is a national asset in its realm of expertise: aerospace. The Trilogy project is something else, altogether. We respectfully-but strongly-urge this subcommittee to consider that Aerospace Corporation did not bring a sufficient understanding of the uniqueness, complexity, and scope of the FBI undertaking to evaluate our software product.
Central to the Aerospace report is criticism of requirements documentation. Time and again, in the Aerospace report we reviewed, we saw instances where criticisms about requirements were based not on the substance of the requirements or whether or not the product satisfied the requirements, but rather on ancillary data such as syntax in documentation. How well the product satisfied requirements was not a part of their evaluation. Based on examination of the documentation they concluded they were not assured the product would meet requirements and went no farther.
In particular, SAIC categorically rejects the assertion that its work lacked engineering discipline, an assertion that appears without support in the document we read. This kind of assertion, without rigorous-or even specific-support should be unacceptable in an endeavor of this importance. For instance, Aerospace Corporation did not look at the software development folders, which are key documents on how the code was designed and written. These comprise the "Bible" for software developers. In a football analogy, it was as if Aerospace Corporation was asked to scout another team which had made available its playbook. They didn't bother to read it. In fact, they scouted the wrong team.
Even so, Mr. Chairman, we would welcome the opportunity, late though it may be, to discuss the findings with Aerospace Corporation. It could only benefit the FBI, which is our aim here.
II. SAIC's participation in Trilogy
The FBI's Trilogy program is a massive, multi-part, multi-contractor program for broad-based modernization and improvement of its information technology. In June 2001, SAIC was competitively awarded a cost-plus-award fee developmental contract for the Trilogy User Application Component (UAC). This is an appropriate contract type because the project involved first working with the customer to develop and agree on what was needed (the requirements) and then execute the agreed tasks. The complexity and uniqueness of the missions of the Bureau also argued for this approach. Some of the public discussion of the Trilogy contract has been conducted as if the required tasks were well known at the start, and easily achievable. At no point in time has either condition existed.
At the time of award in June 2001, the contract scope for SAIC called for development of a web front-end to the existing legacy applications used to manage case information When this effort was complete, SAIC was to define an Enterprise Case Management System. This was a measured low-risk approach building on existing, or legacy, systems within the Bureau.
The attack of 9/11
The September 11, 2001, attacks had as profound an affect on this project as it did elsewhere in the nation. Following 9/11, the Bureau faced enormous and sometimes conflicting pressures. Prior to the attack, the Bureau was dealing with revelations that a spy, Robert Hansen, had plundered FBI secrets. Security and integrity of information is a fundamental issue for the FBI. After the attack, it faced three often conflicting demands:
Thus, the FBI faces a task of great difficulty and complexity in building an information technology system that simultaneously meets all three imperatives.
Trilogy after 9/11
Following the attack, the Bureau fundamentally reexamined the project. The earlier, measured approach of June 2001 called for improving legacy systems. In the wake of the attack, the FBI correctly determined that the legacy applications should be replaced to make the Bureau more effective in responding to terrorists' threats as well as to improve the efficiency of the continuing criminal investigative mission.
In the months following 9/11, the Bureau conducted an independent review of available Commercial Off-The-Shelf (COTS) systems and Government developed systems, and determined they could not satisfy the requirements. Therefore, SAIC was tasked to in February 2002 to develop the replacement for the legacy systems using the original contract. The SAIC UAC contract was restructured to incorporate an aggressive development plan first conceived in February 2002. This became the electronic Virtual Case File (VCF) contract. Thus, the FBI shelved 6 months of work that no longer fit the post 9-11 world, and directed SAIC take on a much more ambitious, high risk project.
The Trilogy VCF was a large and complex enterprise-level undertaking. There are no other criminal investigative management systems of this scale in the world. In terms of size, the VCF DELIVERY 1 system was to manage millions of case files on Day One with an annual growth of hundreds of thousands of cases per year. At start-up, the VCF DELIVERY 1 system was to store and index more than hundreds of millions of documents in a wide variety of formats. The VCF DELIVERY 1 system would support 30,000 users geographically dispersed across the United States and other countries. FBI agents, analysts, and support personnel would rely on the VCF DELIVERY 1 to conduct nearly all the business functions that support the criminal investigative process. The VCF DELIVERY 1 was also to provide hundreds of interfaces to legacy systems. The VCF DELIVERY 1 system would manage this workload while providing a 3-second response to users as well as high system availability. This would not be an ordinary case file management system.
The VCF was intended, in sum, to provide the next generation system supporting the FBI's case file management concept. It would be, as the Justice Department Inspector General has reported, "the first real change in the FBI's workflow and processes since the 1950's". The VCF would move the FBI from its slow, paper-based processes into the twenty-first century with electronic work flow. VCF, it was envisioned, would support real-time coordination among agents, allow secure access to, and reporting of case information for all those authorized to receive it, regardless of organization or location. VCF would support a dispersed community of users in creating, accessing, and managing centrally stored electronic case file information. It would provide the foundation upon which the FBI could migrate its disconnected business processes into an integrated and seamless work environment.
Following the 9/11 attacks, time was of the essence. SAIC was asked to devise an approach to deliver VCF in record time-on an even more aggressive schedule. The new challenge was to define, develop, and deploy a bureau-wide enterprise-level case management system in just 22 months. Without defined requirements or an enterprise architecture for the FBI IT systems, this was a high risk approach that reflected the post 9/11 atmosphere. Here is where SAIC made honest mistakes. We should have made known that this approach was too ambitious..." (End excerpt. Link follows.) Arnold Punaro's Record Testimony
"Before Punaro was able to make his opening statement and provide his full testimony, the hearing was recessed. Punaro's testimony was to address SAIC's performance on the FBI's Trilogy Virtual Case File system. Subcommittee Chairman Judd Gregg, R-N.H. promised to hold future hearings on the subject, which will give SAIC a chance to make its case."
I just posted part of Punaro's proposed testimony to the Senate with a link to the rest.
It includes the basic outline of what the FBI expected in software and what SAIC actually delivered: Punaro's Testimony
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.