A Review of the FBI's Trilogy Information Technology Modernization Program (2004) / Chapter Skim
Currently Skimming:
2 IT-Related Issues for the FBI Requiring Immediate Action
2 IT-Related Issues for the FBI Requiring Immediate Action
Pages 16-47
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 16... ...
2.1 ENTERPRISE ARCHITECTURE ISSUES 2.1.1 Creating an Enterprise Architecture That Serves FBI Objectives What Is an Enterprise Architecture? An enterprise architecture characterizes the enterprise's missions, tasks, and operational processes, and relates these tasks, processes, and operational objectives to IT strategy, invest16
|
From page 17... ...
Among these decisions are the definitions of appropriate data structures and linkages to other systems and data sources, policies and methods of information sharing, issues of security and the tradeoffs with information access, innovation, and the exploitation of evolving technologies, and metrics of effectiveness for the IT system and its use. The close link between good enterprise architecture planning and sound systems engineering practice on the one hand and success in large-scale IT deployments on the other has been demonstrated in numerous examples in the private sector and in the federal government.i Further, the existence of the enterprise architecture can be a major contributor to the confidence and trust that management, users, and implementers have in a project, as well as facilitating cooperation among them.
|
From page 18... ...
(An analogy for technical architecture in the construction domain is the set of building codes for connecting subsystems and ensuring the operational effectiveness of the building with the community electrical, water, sewage, and roadway systems.) To indicate what some of the content of these three architectures might be, the committee attempts to describe in Figure 1 some primary and supporting activities in the FBI as they might contribute to one part of the architectural triad described above an operational architecture.4 The purpose of Figure 1 is to focus attention on key structural elements of the FBI.
|
From page 19... ...
These supporting activities ultimately must be integrated with the primary activities shown in the bottom two-thirds of the diagram for the FBI to work most effectively. activities the ACS, the VCF, SCOPE (the Secure Counterterrorism Operational Prototype Environment, discussed below in Section 2.2.3)
|
From page 20... ...
The committee recognizes that the framework described above is only one way to conceptuaTize enterprise architectures. For example, the Federal Enterprise Architecture (FEA)
|
From page 21... ...
With adequate time and focus on the part of senior operational management working with key IT people, major progress could be made in a week of intense work, and the creation of a reasonably complete operational architecture together with a top-level schematic systems architecture the most critical part of the enterprise architecture should be possible in a 6-month time frame.7 Further, committee experience indicates that progress is best made with the topleve! management team supported by an architecture team composed of a small number of full-time professionals dedicated to the task.
|
From page 22... ...
, the tradeoffs involved in deciding what to deploy are made in a vacuum and often wrongly. Only the senior operational management is in a position to articulate explicitly how these tradeoffs should be resolved.
|
From page 23... ...
as of September 2003. (The FBI is further seeking to obtain an interim system engineering, integration, and test contractor to blend the Trilogy VCF, the Secure Counterterrorism Operational Prototype Environment (SCOPE)
|
From page 24... ...
For the IT modernization to succeed, frequent and engaged participation by the FBI's senior operational management in the creation and review of an enterprise architecture is necessary, and must be followed up with ongoing and systematic monitoring of the FBI's and contractor plans and progress through implementation. A properly designed process for developing an enterprise architecture can allow senior management to play their essential role without placing excessive demands on their time, and being actively engaged in the creation of an enterprise architecture does not necessarily mean that the senior operational management is responsible for every step.
|
From page 25... ...
In discussions with the committee, senior FBI personnel repeatedly stated that "investigation and intelligence are the same thing." While it is true that the mission of criminal investigation makes use of intelligence processes, this fact does not mean that an IT infrastructure to support investigation ~ . should be the same as an IT infrastructure that can support intelligence.
|
From page 26... ...
Perhaps the most important and commendable development in the VCF effort is the appointment of a very experienced and computer-savvy FBI special agent as program manager who has played a strong role in driving the design from user requirements. To the committee, this individual appeared eminently capable of articulating user needs based on operational experience rather than speculation, and the committee believes that it is this manager's operational insights that served as an implicit enterprise architecture (more precisely, a subarchitecture)
|
From page 27... ...
to implement. Such changes are likely to be driven by changes in the operational processes that the VCF supports.~5 14See U.S.
|
From page 28... ...
Today, full-text index systems that index every word in a document are the foundation of powerful search engines, such as Google, and are being exploited to a higher level in extracting meaning automatically in some experimental systems. It is true that basic automatic indexing systems are unable to provide index terms that are not explicitly represented in the text; for this reason, automatic indexing is not a replacement for manual indexing as much as it is a very fast and powerful supplement for it.
|
From page 29... ...
The Integrated Data Warehouse (IDW) will serve as a repository to store external data from a variety of sources that come into the agency at different frequencies, such as criminal
|
From page 30... ...
Three examples will suffice to illustrate a disconnect that needs to be resolved between the data models as described to the committee and operational needs: · Presentations to the committee raised the issue of data currency. That is, intelligence analysts seemed to expect to have access to live databases containing the most current information, while the design of the FBI's data warehouse incorporated copies of production databases.
|
From page 31... ...
From the committee's perspective, the major classes of data are data to be kept in: · The active case records used by the field agents these are to be served by the VCF system under development. · A broad-based data warehouse to serve intelligence tasks now assigned to the FBIthese were served by the SCOPE prototype demonstration and are to be served by the IDW follow-up projects.
|
From page 32... ...
lh. Be flexible enough to accommodate changes in operational processes that may be made in the future.
|
From page 33... ...
The FBI may disagree with this listing of essential objectives, which the committee has created based on limited knowledge and in the absence of an FBI enterprise architecture. Agreement in detail is unimportant, but the FBI must develop its own list of essential objectives, including priorities, tradeoffs, and explicit analyses, based on its own understanding of its essential operational processes and how it expects to use these databases.
|
From page 34... ...
Such disregard would not necessarily be gratuitous, but rather an entirely understandable reaction of collectors in the field who might be reluctant to trust the security of their sources to another party. 2.2.3 SCOPE The FBI demonstrated the Secure Counterterrorism Operational Prototype Environment (SCOPE)
|
From page 35... ...
An approach rooted in commercial products does not rule out one-of-a-kind tools that are internally developed. 2.2.4 Mobile Computing The FBI's interest in wireless data communications appears to be driven primarily by operational continuity considerations.
|
From page 36... ...
Another important issue with profound consequences for security is raised by the attempt to make a single physical IT infrastructure serve the needs of both intelligence analysts and law enforcement investigators. Much intelligence information is classified, with rigid security requirements imposed by legal and national policy.
|
From page 37... ...
A third security tradeoff will manifest itself when mobile computing becomes an issue. The value of mobile computing is likely to be high, but mobile computing is inherently more vulnerable than office-based computing, and the senior operational leadership will have to decide if the increased security risks are worth the added operational flexibility.
|
From page 38... ...
in the context of the specific needs of the FBI. In each of these cases (the design principle, the threat model, the use of the NSA electronic key management system)
|
From page 39... ...
Another privacy issue not addressed in briefings but of great concern to the privacysensitive segment of the public is the protection of the public from the abuse or improper use of such data by rogue FBI employees acting on their own or through some official though perhaps not publicly acknowledged FBI program. The committee has no comment on this issue, other than noting that the simple exhortation "trust us" is not likely to be reassuring to this segment even if in fact the FBI is doing everything possible to prevent such abuses from happening.24 24Note also that Section 223 of the USA PATRIOT Act allows individuals to recover monetary damages and litigation costs from the United States in the event that information or records are willfully and improperly disclosed, a fact that increases the importance of keeping good records of who is accessing what data and under what circumstances.
|
From page 40... ...
Issues and problems identified here relate to the management approaches and processes used by the FBI across the implementation life cycle, including requirements determination, development methodology, contracting and project management, system rollout, training, evaluation, and metrics of effectiveness. While the committee's comments regarding implementation are derived from its consideration of the Trilogy infrastructure and VCF projects only, the committee believes that dealing systematically with these issues is essential to success in follow-on efforts such as the IDW and SCOPE.
|
From page 41... ...
In truth, it is essentially impossible even for the most operationally experienced applications developers to be able to anticipate in detail all of the requirements and specifications in advance. Therefore, development contracts should not make such an assumption, but rather should call for an approach to specification of user requirements that is based on a process of extensive prototyping and usability testing with real users.25 To the best of the committee's knowledge, apart from SCOPE, no prototype has been developed for any of the major components of Trilogy (the Trilogy network or the VCF)
|
From page 42... ...
2.3.2 Contracting and Contract Management Both key contracts for Trilogy (Trilogy infrastructure and the VCF) were awarded on a cost plus/cost reimbursable basis.
|
From page 43... ...
To illustrate some of the problems with contract management, the FBI told the committee that the Trilogy network had been made operational on March 2S, 2003, only because FBI personnel in the program office were pressed into overtime service to compensate when contractors failed to meet commitments. While such efforts point to the FBI's admirable dedication to duty, the need for the program office to stand in for a contractor is a sign of contractor failure.
|
From page 44... ...
An effective program management function will provide the FBI with a focal point for monitoring and collecting project data and allow for the reporting of the progress of active IT projects based on well-defined metrics. (Note that program management entails a set of skills and background different from those associated with operational experience in doing investigation or intelligence analysis.
|
From page 45... ...
The FBI lacks experienced IT program managers and contract managers, which has made it unable to deal ~~ ~ ~ Inexperienced managers generally lack the ability to assume proactive management roles and are often held hostage to the perspectives of the contractor. a~ressivelv or effectively with its contractors.
|
From page 46... ...
And, the VCF project manager's operational experience has been invaluable in keeping the VCF intellectually on track. Although the committee met only a few of them, it believes that the FBI has an important IT resource in its younger agents.
|
From page 47... ...
A better use of an equivalent amount of talent and energy would be to assist the FBI in dealing with its problems. Nevertheless, it remains the case that some audits, such as the one prepared by the General Accounting Office as The FBI Needs an Enterprise Architecture to Guide Its Modernization Activities of September 25, 2003 (released to the FBI August 22, 2003)
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.