Tech flaws hobble watch list

Originally posted at 4:33PM Aug. 26; updated at 12:15PM Aug. 27

(UPDATED) A variety of technical flaws in an upgrade of the system that supports the government's terrorist watch list has drawn congressional fire and raised concerns that the entire system might be in jeopardy.

The concerns are over a program called Railhead, which was intended to improve information sharing, fusing and analysis of terrorist intelligence data across government agencies. The program was designed to eventually take the place of the Terrorist Identities Datamart Environment (TIDE), which is the central data repository on international terrorists' identities. The multi-year upgrade program, valued at approximately half a billion dollars, is being led by the National Counterterrorism Center, part of the Office of the Director of National Intelligence.

The original database management system was hastily built by Lockheed Martin, using an Oracle platform, in the aftermath of 9/11. But in the years since it was put into operation, it has suffered from a growing number of contractors and government employees attempting to expand and enhance the database without properly taking its architecture and design rules into account.

As a result, there are now dozens of undocumented and duplicate database tables that make search queries increasingly unreliable, according to a preliminary subcommittee report to the House Oversight Committee on Science and Technology.

The Railhead program was developed to address many of those problems and also improve the ability to share and combine data for government antiterrorism analysts. But the program, which involves a number of contractors being led by Boeing and SRI International, has run into significant design and execution problems, the subcommittee said.

Rep. Brad Miller (D., N.C.), chairman of the subcommittee that conducted the investigation, has sent a letter to the Inspector General of ODNI requesting
further investigation into the program's problems.

The NCTC issued a statement Aug. 22, disputing the findings, noting the subcommittee 'has had no interaction with the NCTC or the intelligence community on the Railhead program.' It added, 'There has been no degradation in the capability to access, manage and share terrorist information during the life of the Railhead program.'

According to the subcommittee report, initial plans calling for replacing the legacy database and its online interface were scrapped in favor of converting the system, using XML (Extensible Markup Language). But one of two Railhead design teams raised concerns that XML would substantially increase the size of data files ' and slow down transmission times to the 30 separate networks accessing the system.

The resulting design delays were compounded by concerns about the system's security, the fact that certain data wouldn't move to the new system, and issues concerning whether the system would properly handle sensitive but unclassified data. Recent software testing failures, though normal for a project of this nature, raised further questions about whether the system's overall design had deeper flaws.

The NCTC, in its statement, said, 'The Railhead program is not limited to the Terrorist Identities Datamart Environment and NCTC-Online, a Web-based site used for sharing terrorist information, but encompasses software upgrades to many systems. Regular reviews by NCTC leaders and government managers that identify any program shortcomings are quickly addressed and the appropriate steps are taken to ensure current information systems capabilities are maintained while new enhancements are thoroughly tested and implemented.'

However, problems with the system's development came to a head in recent weeks. The government has fired most of the 862 contractors from a variety of companies who were working on the project, according to a report in the Aug. 22 Wall Street Journal.

Calls to Boeing; SRI International; and ODNI, which is responsible for the system, were not returned.

The following article has been updated since its initial posting to reflect new comments from the National Counterterrorism Center.

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group