National Research Council group calls for Trilogy stoppage

National Research Council: A Review of the FBI's Trilogy Information Technology Modernization Program

The FBI should halt implementation of the final piece of the Trilogy modernization program until a sound contingency plan is in place, according to an outside report released this week.

The FBI's Virtual Case File application was not developed with testing or prototyping in mind, a risky approach taken in a rush to get the case file system online, states a report from a committee of technology experts convened by the National Research Council. In July 2003, FBI officials asked the council to review the nearly $600 million Trilogy program and other IT efforts.

"This approach is nearly guaranteed to cause mission-critical failures and further delays, with implications for training, performance, coherence, internal morale, public image and cost to recovery," the report states of the bureau's lack of planned testing.

A version of the VCF is expected to be introduced by the end of this year, months behind schedule, and with limited capabilities. The report suggests that FBI officials stop the development of VCF until they develop a plan to revert to the old Automated Case Support system if necessary.

Officials should avoid the planned flash cutover to the new system, the committee says. Also, the VCF, as with any new IT system, should include plans for adequate testing before deployment, the report states.

Zalmai Azmi, bureau chief information officer, said last week that bureau officials are planning a phased rollout.

VCF, designed before the bureau's mission shifted to include counterterrorism, does not support the needs of today's intelligence gathering, according to the committee. But rather than expanding VCF to include efforts against terrorism, FBI officials should design a separate architecture for counterterrorism and build explicit interfaces to link it with the application, the report states.

The report also highlights the bureau's lack of an enterprise architecture to guide the modernization efforts. Azmi said an initial as-is version of the architecture will be completed by the end of the year, and the bureau has hired a contractor to help with the effort. However, the bureau's commitment has been late and limited, the report states, and the architecture's development is essential to a successful IT modernization plan.

"The FBI's top leadership, including the director, must make the creation and communication of a complete enterprise architecture a top priority," the report states. "This means they must be personally involved and invested in the key decisions that the process will require be made."

The committee suggested that the FBI stop the implementation or development of any new IT application, other that VCF, until a technology architecture is in place.

The report also criticized the bureau's program and contract management, citing that contracts lack deliverables and specifications. This impedes effective contract management, a condition exacerbated by high turnover of IT staff and a shortage of experienced program managers, the report states.

"Current contracting and management problems, aggravated by frequent turnover among key FBI staff, make it unsurprising that Trilogy is significantly behind schedule and over budget," the report states.

Other recommendations included in the report:

FBI officials should seek independent and regular review of the enterprise architecture.

Officials should develop a process map for information sharing that defines the current state of and the designed state for the information sharing process.

Officials need a plan to address recovery of data and functionality if any technology application comes under denial-of-service attacks.

In future IT application development, contracts should include the smaller-scale prototypes to test the system and allow for user feedback.

The bureau should dramatically increase internal IT expertise and create long-term career paths for IT personnel.