Congress: Terror Threat System Full of Flaws

A U.S. House subcommittee is charging that a $500 million IT project intended to “connect the dots” on terrorists and help prevent another 9/11 is a failure; it can’t even handle basic Boolean search terms, such as “and,” “or” and “not.”

Allegations of waste and mismanagement were outlined in a staff memo and letter (download PDF) from the Subcommittee on Investigations and Oversight, which is part of the Committee on Science and Technology. The material was released last week in what is a usually a quiet month for Congress during its August recess.

The bulk of the subcommittee’s charges come from a memo (download PDF) prepared by subcommittee staff about a data integration project called Railhead, which is intended to help intelligence and law enforcement agencies uncover terrorist plots.

Railhead, due to be ready by year’s end, was supposed to combine and upgrade existing databases called TIDE (Terrorist Identities Datamart Environment; download PDF) and improve terrorism-fighting capabilities. But the project is in such bad shape — suffering from delays and cost overruns — that Subcommittee Chairman Brad Miller (D-N.C.) said, “There may be current efforts under way to close down Railhead completely.”

Miller’s comment was included in a letter he wrote to Edward Maguire, inspector general for the Office of the Director of National Intelligence. Miller said he wants Maguire to investigate the project.

“The end result is a current system used to identify terrorist threats that has been crippled by technical flaws and a new system that, if actually deployed, will leave our country more vulnerable than the existing yet flawed system in operation today,” wrote Miller.

The subcommittee makes a case for investigation through a variety of documents it obtained, including user-group meeting minutes, e-mails, internal blog postings and technical reports that raise issues with various aspects of the project. The lead systems integrator for Railhead is The Boeing Co.’s Space and Intelligence Systems Mission division.

Among the issues Miller wants the inspector general to probe is how Railhead is being used. His letter raises questions about money used by Boeing to renovate a building.

Railhead software was tested by the Hewlett-Packard Quality Center, which found that it “passed 148 tasks, but did not complete 26 others and failed 42,” he said. Specific problems included a failure to create reports, as well as “find non-exact matches for key entities, such as a suspected terrorist’s name,” the memo said. “Incredibly, it also failed to demonstrate the ability to use basic Boolean search terms such as and, or and not.”

The project connects dozens of data sources from a variety of agencies, using an XML platform to achieve integration. But the design team behind the effort raised concerns about the use of XML and whether it is viable. One e-mail cited in the staff memo — from a contractor in August 2007 — expressed concerns that the XML approach could lead to integration problems. That now seems to be the case, according to Miller’s letter.

The National Counterterrorism Center issued a response to Miller’s letter that called it “inconsistent with the facts.” The NCTC said Miller’s “letter implies that there exists a risk to our nation’s security related to the implementation of NCTC’s information technology program. … There has been no degradation in the capability to access, manage and share terrorist information during the life of the Railhead program.”

Moreover, the NCTC statement implies that Miller’s group has been out of the loop. While the intelligence agency has been giving regular updates to intelligence oversight committees, it has not given them to Miller’s subcommittee.

A Boeing spokeswoman deferred comment on the matter.