Virtual Case File
From Wikipedia, the free encyclopedia
Virtual Case File, or VCF, was a software application developed by the United States Federal Bureau of Investigation between 2000 and 2005. The project was not close to completion when it was officially abandoned in January 2005, having turned into a complete fiasco for the FBI. In addition to wasting at least US $100 million, the failure brought widespread criticism to the Bureau and its Director Robert S. Mueller III.
Contents |
[edit] Origins
In September 2000, the FBI announced the 'Trilogy' program intended to modernize the Bureau's outdated IT infrastructure. The project was originally scheduled to take three years and cost $380 million (although it ended up going far over budget and behind schedule). The project had three parts: purchasing modern desktop computers for all FBI offices, developing secure high-performance WAN and LAN networks, and modernizing the FBI's suite of investigative software applications. The first two goals of Trilogy were generally successful despite cost overruns. Replacing the Bureau's Automated Case Support, or ACS, software system, proved difficult. ACS was a system developed in-house by the Bureau, used to manage all documents relating to cases being investigated by the FBI, enabling agents to search and analyze evidence between different cases. ACS was considered by 2000 a legacy system, comprised of many separate stovepipe applications which were difficult and cumbersome to use. ACS was built on top of many obsolete 1970s-era software tools, including the programming language Natural, the Adabas database management system, and IBM 3270 green screen terminals. Some IT analysts believed that ACS was already obsolete when it was first deployed in 1995.
[edit] Launch
Bob E. Dies, then the Bureau's Assistant Director of Information Resources and head of the Trilogy project, prepared initial plans in late-2000 for a replacement to ACS and several other outdated software applications. In June 2001 a cost-plus contract was awarded for the software aspects of the project to SAIC, the network aspects were contracted to DynCorp. Dies was the first of five people who would eventually be in charge of the project. The software was originally intended to be deployed in mid-2004, and was originally intended to be little more than a web front-end to the existing ACS data.
[edit] Problems and failure of the project
Robert Mueller was appointed Director of the FBI in September 2001, just one week before the devastating September 11 attacks. The attacks highlighted the Bureau's information sharing problems and increased pressure for Bureau to modernize. In December 2001, the scope of VCF was changed with the goal being complete replacement of all previous applications and migration of the existing data into an Oracle database. Additionally, the project's deadline was pushed up to December 2003.
Initial development was based on meetings with users of the current ACS system. The resulting 800-page specification document was of poor quality. SAIC broke its programmers up into eight separate and sometimes competing teams, which struggled to communicate. They chose to reimplement basic technologies like messaging, workflow, and email rather than use existing software. Many developers complained about the lack of an overall plan for the project, and the project's schedule slipped throughout 2002.
One SAIC security engineer, Matthew Patton, used VCF as an example in a October 24, 2002 post on the InfoSec News mailing list (www.infosecnews.org) regarding the generally deplorable state of federal information system projects in response to a Senator's public statements a few days earlier about the importance of doing such projects well. His post was regarded by FBI and SAIC management as attempting to "blow the whistle" on what he saw as crippling mismanagement of a national security-critical project. Patton was quickly removed from the project and eventually left SAIC for personal reasons.
In December 2002, the Bureau asked Congress for increased funding, seeing it was well behind schedule. Congress approved an additional $123 million for the Trilogy project. In 2003, the project saw a quick succession of three different CIO's come and go before Zal Azmi took the job, which he still holds as of August 2006. Despite development snags throughout 2003, SAIC delivered a version of VCF in December 2003. The software was quickly deemed inadequate by the Bureau, who lamented multiple inadequacies in the software. SAIC claimed most of the FBI's complaints stemmed from specification changes they insisted upon after the fact. After months of argument, an independent arbitrator determined that both the FBI and SAIC were at fault.[citation needed]
On March 24, 2004, Robert Mueller testified to Congress that the system would be operational by the summer, but most of the project's managers knew this would not happen. SAIC claimed it would require over $50 million to get the system operational, which the Bureau refused to pay. Finally, in May 2004 the Bureau agreed to pay SAIC $16 million extra to attempt to salvage the system and also brought in Aerospace Corporation to review the project at a further cost of $2 million. Meanwhile, the Bureau had already begun talks for a replacement project beginning as early as 2005. Aerospace Corp.'s damning report was released in the fall of 2004, at which point most observers knew the project was doomed. Development continued throughout 2004 until the project was officially scrapped in January 2005.
[edit] Reasons for failure
The project demonstrated a systematic failure of software engineering practices:
- Lack of a strong blueprint from the outset led to poor architectural decisions.
- Repeated changes in specification.
- Repeated turnover of management, which contributed to the specification problem.
- Micromanagement of software developers.
- The inclusion of many FBI Personnel who had little or no formal training in computer science as managers and even engineers on the project.
- Scope creep as the requirements were continually added to the system even as it was falling behind schedule.
- Code bloat due to changing specifications and scope creep. At one point it was estimated the software had over 700,000 lines of code.
- Addition of more people and resources to the project as it was falling behind, a violation of Brooks' law.
- Planned use of a flash cutover deployment which made it difficult to adopt the system until it was perfected.
- No one could complete an 800 page requirement document.
[edit] Implications
The Bureau faced a great deal of criticism following the failure of the VCF program. While the Bureau claimed in testimony to Congress that the program lost $104 million in taxpayer money, some analysts believe the true figure is at least twice as high. In addition, the Bureau continues to use the woefully antiquated ACS system, which many analysts feel is hampering the Bureau's new counter-terrorism mission. In March 2005, the Bureau announced it is beginning a new, more ambitious software project code-named Sentinel to replace ACS, expected to be completed by 2009.
[edit] External links
- IEEE Spectrum article: Who killed the virtual case file? 11 page detailed article of the entire timeline
- The FBI's Upgrade That Wasn't - Washington Post article about the project
- Testimony of Inspector General Glenn A. Fine before the Department of Justice - February 3, 2005: Project Audit results
- Matthew Patton's October 24, 2002 posting on InfoSec News about VCF
- IEEE Spectrum Radio audio discussion of the failure. Participants are Peter Neumann, Steve Bellovin, Matt Blaze, and Robert Charette.