[ISN] Auditors: FBI on thin ice in Sentinel buy

From: InfoSec News (isn@private)
Date: Tue Dec 27 2005 - 00:18:34 PST


http://www.gcn.com/vol1_no1/daily-updates/37830-1.html

By Wilson P. Dizard III 
GCN Staff
12/22/05 

The FBI faces special risks in developing the Sentinel case management
system because it plans to do so at the same time that it is rolling
out its new enterprise architecture, according to a letter [1]issued
today by Government Accountability Office auditors.

The bureau now is evaluating proposals for systems integration of the
case management system, which would serve as a replacement [2] to the
defunct Virtual Case File project, which was scuttled earlier this
year after costing more than $100 million.

"There were only two proposals submitted," an FBI official said,
referring to those from Lockheed Martin Corp. and Northrop Grumman
Corp.

The official, who spoke on condition of anonymity, said that the FBI
contracting team is getting advice from Aerospace Corp. of Columbia,
Md., and Mitre Corp. of McLean, Va., and likely will award the
contract in January. Industry sources echoed the official.s
statements.

"They are getting close [to an award,]" the bureau official said..  
"They had some clarification questions [for Northrop Grumman and
Lockheed]," the official added.

The Sentinel contract could be worth up to $170 million, according to
the consulting firm Input of Reston, Va.

The FBI earlier had planned to award the contract this month.

Another federal official familiar with the project said the bureau is
facing close scrutiny from Congress in the purchasing decision.

The GAO letter describing the Sentinel risks responded to questions
from Rep. Frank Wolf (R-Va.), chairman of the Appropriations
Subcommittee on Science, the departments of State, Justice and
Commerce and related agencies.

The auditors noted in their letter that urgent and compelling mission
needs could justify proceeding with a major IT project even if an
agency does not have a complete EA. "A key to dealing with this
practical reality is recognizing that doing so increases the risk of
deploying systems that are duplicative, not well integrated and
unnecessarily costly to operate and interface," according to GAO.

The auditors stated that the bureau had taken some steps to reduce the
risk of proceeding with Sentinel. But they went on to criticize the
bureau's poor oversight of its EA contractor, which is working without
performance-based contracting controls.

The lack of performance-based controls "has inhibited the bureau.s
ability to adequately define product quality expectations, which in
turn increases the chances that delivered products will require
rework," according to the letter. The bureau plans to develop and
fully implement the contract controls next year, GAO said.

The bureau faces additional risks because of problems with its human
capital programs, according to GAO. For example, at one point
recently, four out of five key architect positions were vacant, even
though the FBI has special legal authority to pay employees as much as
$175,000 or more to attract managers, according to the letter.

The bureau now is in the process of hiring a human capital contractor
to pinpoint gaps between the bureau.s need for employee training, pay
and nonpay incentive plans as well as professional development
practices and its existing practices, GAO said.

The GAO cited a study [3] by the National Academy of Public
Administration that reported problems with the bureau's personnel
policies and called for improvements.

The bureau official defended the FBI.s progress on personnel issues,
saying that CIO Zalmai Azmi "has put a significant amount of personal
and organizational energy into improving personnel [practices]."

The FBI official, when told of the GAO letter, said, "This is a whole
new threshold. I am not accustomed to GAO audits before the start of a
project."

Lockheed Martin confirmed that it is bidding on the contract. Northrop
Grumman did not comment on Sentinel. FBI public affairs officials were
preparing an official response to the letter this afternoon.

[1] http://www.gao.gov/new.items/d06302r.pdf 
[2] http://www.gcn.com/24_12/news/35886-1.html 
[3] http://www.napawash.org/Pubs/FBIHR8-12-05.pdf



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Dec 27 2005 - 00:59:13 PST