FBI overhauls Virtual Case File contract

The plan to secure Trilogy

The FBI's Trilogy system has been designed with several layers of security to foil spies, hackers and moles.

  • Personnel and physical security: All users must be cleared to appropriate levels before they access the FBI network or any physical FBI assets.

  • Trilogy User Application Component credential: An FBI security administrator must verify a prospective user's need to know and clearance level before issuing a credential and user account.

  • Lightweight Directory Access Protocol authentication: The system will use LDAP to establish the identity of each user requesting access.

  • Authorized roles and profiles: A database manages specific roles and groups for each user, as a basis for data access.

  • Application protection controls: Users gain access to system functions based on their roles.

  • Virtual private database: This function provides rules that protect data from unauthorized users.
  • Zalmai Azmi, the FBI's new CIO, promises a new contract with SAIC sharing the costs.

    GAO probes Trilogy cost increases, delays and security as CIO Azmi seeks performance-based deal

    The FBI's new CIO is looking for a new deal on the bureau's systems modernization project.

    Zalmai Azmi, who had been acting CIO, said the bureau is renegotiating its contract with Science Applications International Corp. to resolve differences over the future of the Virtual Case File, a major piece of the Trilogy modernization program.

    During a May 7 meeting with reporters at FBI headquarters, Azmi said the bureau is seeking
    to rework its cost-plus-award-fee contracts with SAIC and prime contractor Computer Sciences Corp. The FBI is negotiating a new, performance-based contract.

    Also that day, lawmakers announced that the General Accounting Office is investigating the VCF project at the request of House Judiciary Committee chairman F. James Sensenbrenner Jr. (R-Wis.) and the committee's ranking minority member, John Conyers Jr. (D-Mich.).

    In a May 7 statement, Sensenbrenner noted that Trilogy has been extended from an original 36-month schedule to a 48-month schedule.

    'I have been a strong supporter of the VCF and Trilogy because the FBI cannot fight 21st century terrorists and criminals with 1960s technology and processes,' Sensenbrenner said. 'I have asked for a meeting with FBI director [Robert Mueller III] as soon as possible because I want to be assured that there will be no more unpleasant surprises about Trilogy.'

    The bureau also is trying to prevent further problems by renegotiating its modernization deals.
    'They [SAIC] have promised cost sharing,' Azmi said of the vendor for the delayed, over-budget VCF project. 'There will be a contract with earned value management that will be performance-based.'

    No estimate

    Azmi did not offer an estimate of how much the delays in the Trilogy project have increased its cost. But he did say the project has not yet exhausted the $581 million allocated for its completion.

    He plans a phased deployment of VCF that will bring parts of the system up by the end of the year.

    As Azmi reins in the Trilogy project, he is also expanding his authority over other systems projects. He said he recently sent a memo to FBI workers informing them 'that all IT projects and investments must go through my office.'

    The office also will oversee a project to implement portfolio management, he said.

    Whatever direction the office takes, it will face considerable scrutiny from congressional auditors.

    Sensenbrenner and Conyers have ordered GAO to find out how the bureau has responded to traitorous FBI agent Robert Hanssen's exploitation of the agency's systems to sell secrets to Moscow.

    In a letter to comptroller general David Walker in October, the lawmakers cited an August 2003 study of the Hanssen affair by the Justice Department's inspector general. Justice recommended security upgrades, among other measures, to detect improper computer use and prevent users from overriding security features.

    'What happened with Hansen cannot happen again,' Azmi said. The Trilogy design includes several layered security features intended to foil efforts, by insiders or outsiders, to steal or destroy data.

    A source familiar with the GAO investigation said the audit agency has found that VCF costs rose after the program was overhauled in 2002. Although the VCF section of Trilogy had been under way since the late 1990s, a 2002 re-evaluation called for re-engineering the project. 'But a lot of money was spent before that,' the source said.

    The FBI learned late last year that SAIC's first version of the case management system did not function as specified in the contract. After analysis and negotiation with the bureau, SAIC replaced key members of the team this spring.

    'They [the FBI] are now working with the new team to bring them up to speed in terms of all the subtleties of the FBI's workflow,' a software specialist close to the project said.

    'They recognize that the new team is not going to immediately recognize the sophistication and complexity of FBI case work,' he said.

    GAO has found that VCF has good system documentation. SAIC is using Oracle Corp. design tools, partly in an effort to foil hacking by locking VCF's code, the software specialist said.
    VCF will include a context-sensitive function that will help FBI users learn to navigate the workflow functions of the massive system.

    Reader Comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above