US Terror threat system crippled by technical flaws

US Congress charges that US$500m project to prevent another 9/11 is a complete failure.

A US House subcommittee is charging that a US$500 million IT project intended to "connect the dots" on terrorists and help prevent another 9/11 is a failure; it can't even handle basic Boolean search terms, such as "and, or and not."

Allegations of waste and mismanagement were outlined in a staff memo and letter (download PDF) from the Subcommittee on Investigations and Oversight, which is part of the Committee of Science and Technology. The material was released last week in what is a usually a quiet month for Congress during its August recess.

The bulk of the subcommittee's charges come from a memo (download PDF) prepared by subcommittee staff about a data integration project called Railhead, which is intended to help intelligence and law enforcement agencies uncover terrorist plots.

Railhead, due to be ready by year's end, was supposed to combine and upgrade existing databases called TIDE (Terrorist Identities Datamart Environment) (download PDF) and improve terrorism-fighting capabilities. But the project is in such bad shape, suffering from delays and cost overruns, that Subcommittee Chairman Brad Miller, (D-N.C.), said: "There may be current efforts under way to close down Railhead completely."

Miller's comment was included in a letter he wrote Edward Maguire, inspector general for the office of the director of national intelligence. Miller wants Maguire to investigate the project.

"The end result is a current system used to identify terrorist threats that has been crippled by technical flaws and a new system that, if actually deployed, will leave our country more vulnerable than the existing yet flawed system in operation today," wrote Miller.

The subcommittee makes a case for investigation through a variety of documents it obtained, including user group meeting minutes, e-mails, internal blog postings and technical reports that raise issues with various aspects of the project. The lead system integrator for Railhead is Boeing's Space and Intelligence Systems Mission division.

Among the issues Miller wants the inspector general to probe is how Railhead is being used. His letter raises questions about money used by Boeing to renovate a building.

Railhead software was tested by the Hewlett Packard Quality Center, which found that it "passed 148 tasks, but did not complete 26 others and failed 42...." Specific problems included a failure to create reports, as well as "find non-exact matches for key entities, such as a suspected terrorist's name," the memo said. "Incredibly, it also failed to demonstrate the ability to use basic Boolean search terms such as and, or and not."

The project connects dozens of data sources from a variety of agencies, using an XML platform to achieve integration. But the design team behind the effort raised concerns about the use of XML and whether it is viable. One e-mail cited in the staff memo -- from a contractor in August 2007 -- expressed concerns that the XML approach could lead to integration issues. That now seems to be the case, according to Miller's letter.

The National Counterterrorism Center issued a response to Miller's letter that called it "inconsistent with the facts." The NCTC said Miller's "letter implies that there exists a risk to our nation's security related to the implementation of NCTC's information technology program.... There has been no degradation in the capability to access, manage and share terrorist information during the life of the Railhead program."

Moreover, the NCTC statement implies that Miller's group has been out of the loop. While the intelligence agency has been giving regular updates to intelligence oversight committees, it has not given them to Miller's subcommittee.

A Boeing spokeswoman deferred comment on the matter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Patrick Thibodeau

Latest Videos

More videos

Blog Posts