The FBI Sentinel Project: July 2011
The FBI Sentinel Project: July 2011
The FBI Sentinel Project: July 2011
net/publication/220375307
CITATION READS
1 2,914
2 authors, including:
Stephen C Wingreen
University of Canterbury
48 PUBLICATIONS 213 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
Initial Trust in Emerging Technologies and the Effect of Threats to Privacy View project
All content following this page was uploaded by Stephen C Wingreen on 06 January 2016.
EXECUTIVE SUMMARY
In 2000, the United States Federal Bureau of Investigation (FBI) initiated its Trilogy program in order to
upgrade FBI infrastructure technologies, address national security concerns, and provide agents and analysts
greater investigative abilities through creation of an FBI-wide network and improved user applications.
Lacking an appropriate enterprise architecture foundation, IT expertise, and management skills, the FBI
cancelled further development of Trilogy Phase 3, Virtual Case File (VCF), with prime contractor SAIC after
numerous delays and increasing costs. Still in need of an electronic information management system for
enhanced sharing, search and analysis capabilities, the FBI began development of Sentinel in 2006 through
Lockheed Martin. Unlike in the case of Trilogy, the FBI decided to implement a service-oriented architecture
(SOA) provided in part by commercial-off-the-shelf (COTS) components, clarify contracts and requirements,
increase its use of metrics and oversight through the life of the project, and employ IT personnel differently in
order to meet Sentinel objectives. Although Lockheed Martin was eventually released from their role in the
project due to inadequate performance, the project is still moving forward on account of the use of best
practices, which are identified in the case. The case highlights key events in both VCF and Sentinel
development and demonstrates the FBI’s IT transformation over the past four years.
Keywords: agile development, automated case system, enterprise architecture, information system
implementation, information management system, information system management, legacy
system, organizational structure, oversight, requirements, service-oriented architecture
ORGANIZATIONAL BACKGROUND
The United States Federal Bureau of Investigation (FBI), headquartered in Washington, D.C. and
established in 1908, is an investigative organization whose mission is driven, more than ever, by
intelligence. With over 33,000 permanent employees, the majority of them in support roles, the FBI has
56 field offices based in larger U.S. cities, over 400 resident offices throughout the U.S., and more than
60 international embassy-based locations. The FBI focuses on ten specific tasks in its overall mission to
protect the United States from damage to its national security, primarily via terrorist and foreign
intelligence threats, and to sustain and enforce federal criminal laws. As well, the organization supports
other domestic and international intelligence and law enforcement agencies and partners. The FBI falls
DOI: 10.4018/jcit.2011070105
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 85
under the U.S. Department of Justice (DoJ) and reports to both the Director of National Intelligence and
the Attorney General. During fiscal year 2010, the FBI had a total budget of approximately $7.9 billion,
an increase of at least $500 million over 2009’s budget. FBI Director Robert Mueller requested a 2011
budget from Congress of $8.3 billion which will be utilized to address national security threats, major
crime problems and threats, program offsets, reimbursable resources, and operational enablers.
In July 2001, the FBI’s Assistant Director of Information Resources Division explained to a Senate
Judiciary Committee that the FBI, although it had invested greatly in state and local law enforcement
agencies information technology systems, had not made significant IT improvements to satisfy the basic
investigative needs of its own agents and analysts, and the needs of national security. And, in fact, he
testified the FBI had not made any “meaningful improvements” in information technology since at least
1995 (Dies, 2001). The events of 9/11 occurred only a few short months later, and highlighted the need
for a redesign of the FBI information systems. Therefore, in order to correct issues, such as outdated
hardware and software, reduced network connectivity, and non-existent applications for information
storage, the FBI, in partnership with several defense contracting companies, began development on the
Trilogy project in 2001.
Four years into the project however, over budget and behind schedule, the FBI terminated Trilogy
during its third and crucial phase, virtual case file (VCF) development. Initially, neither the FBI nor the
prime contractor, SAIC (Science Applications International Corp.), took responsibility for the failed
project. In the end, FBI Director Robert Mueller accepted the FBI’s role in the collapse of Trilogy, but
still in need of an effective electronic investigative case management system and a solution to permit the
retirement of the FBI’s legacy automated case system (ACS), he requested Congressional support to
create Sentinel. The greatest concern to Congress was whether or not the FBI had learned enough from
Trilogy and how the FBI would implement changes so that Sentinel development would be efficient and
satisfy system requirements.
In order to successfully develop and implement Sentinel, the FBI would not only have to modify the
way in which it worked with defense contracting partners, specifically Lockheed Martin, and its
development of procedures and processes, but also its approach to IT in general. Oversight committees
and auditors have indicated that the FBI’s changes in process and control since the beginning of Sentinel
allowed the FBI to better manage its contract with Lockheed, which stands in contrast to the management
of the SAIC contract during VCF development. In addition, the FBI restructured its organizational model
to guarantee that IT functions work together during full life cycle management of all IT projects and
systems. The FBI demonstrates its understanding of the value of IT infrastructure, which involves the
addition of new users on a regular basis, at least 50 IT projects in simultaneous development, and
updating its obsolete hardware and networks, by its continuing requests for increases in IT funding for
personnel, equipment, software, and training every fiscal year. Whether or not this understanding equates
to commitment to the efficient and effective development of IT programs, namely its flagship program
Sentinel, requires further examination.
Although the case is on-going, both strengths and weaknesses of the system redesign process are
reported, as well as some best practices that are being employed to overcome the various challenges.
Although the perspective adopted for the case may be relevant and insightful for all parties involved, we
believe it is most valuable for executives and managers of large, complex government projects. The
86 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
results are of practical significance both for other similar government projects, as well as private
organizations undertaking large, complex projects.
CASE DESCRIPTION
Both researchers possess appropriate qualifications to describe and interpret the facts of the case, to make
objective judgments using qualitative methodologies about IT projects, and collectively have over thirty
years of professional and academic experience in IT between them. The principal investigator
additionally has deep knowledge from several perspectives within the case, based on professional
experience with the various parties as the events described were unfolding. The co-investigator has
published qualitative research on the topic of both enterprise systems project implementation, and IT
personnel previously. The following description of both the case and challenges moving forward follows
the researchers' best objective insights and judgments.
Trilogy
The FBI is known for locating and apprehending criminals, both in the United States and across the globe.
However, it is also often recognized for its inability to integrate IT to better support the missions of its
agents and analysts. Mismanagement, organizational inertia, faulty communication, reluctance to learn
from past mistakes, and lack of understanding of IT processes, capabilities, and limitations, all have
played a role in the failure of highly anticipated, “problem solving” FBI IT projects. To complicate
matters, the FBI's defense contracting companies, such as SAIC, the MITRE Corporation, and now
Lockheed Martin, have also earned their fair share of culpability. Yet, neither the FBI nor the
contracting companies have always accepted their roles in the failures.
Shortly after the 9/11 attacks and in response to additional “…problems with information
technology…” that “…didn't occur over night…”, problems that created an environment in which
information on criminals was not analyzed and shared adequately for the FBI to accomplish its mission,
FBI Director Robert Mueller announced that restructuring outdated technology systems, specifically the
Automated Case Systems (ACS), was necessary (Higgins, 2002). Trilogy, a program requiring three
years to design after FBI award of contracts, was the answer to information infrastructure improvements,
and incorporated three components: provision of hardware and software for each employee in all offices
(Information Presentation Component or IPC), creating a high-speed communications network between
FBI offices (Transportation Network Component or TNC), and replacement of obsolete applications with
five new investigative applications in a Virtual Case File (VCF) with a web-based interface (User
Application Component or UAC).
In 2002, as Trilogy development began, Sherry Higgins, Project Management Executive for the
Office of the Director at the FBI, testified to Congress that development involved a number of risks, the
most risky relating to the accelerated development schedule and “…TNC/IPC and UAC test and
acceptance; the enterprise operations center; and legacy system interoperability…” (Higgins, 2002).
Nonetheless, in her words, all were “manageable” (Higgins, 2002). Ms. Higgins also reported she would
originate a Trilogy Communications Plan, a master schedule for the project, and an Office of Program
Management to handle various aspects of Trilogy, namely to employ key program management function
subject matter experts, implement a “…business approach…” to efforts, and determine the top methods of
return on IT for the FBI (Higgins, 2002).
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 87
The FBI recognized it did not possess the necessary personnel or knowledge to complete Trilogy in-
house, so it contracted the IPC and TNC portions to DynCorp and CSC and the final phase, the
UAC/VCF portion, to SAIC. SAIC was not only responsible for technology development, but also for
contract management (United States Federal Bureau of Investigation, 2005). In 2004, at over $300
million in costs, SAIC completed the first two components of UAC. However, it failed in completing the
third component, VCF, forcing an increase in costs and delays. In late 2003, SAIC provided the FBI,
including Director Mueller, a demonstration of VCF capabilities developed thus far; but, on delivery one
month later, the FBI, with the aid of an impartial third party (Aerospace Corporation), whose role was to
evaluate the development of VCF, discovered almost 400 issues with the software. Following SAIC’s
agreement to correct the problems at a cost of $56 million, and another year long delay, the FBI removed
SAIC from the Trilogy project (United States Federal Bureau of Investigation, 2005; United States
Department of Justice Office of Inspector General, 2006).
In addition to the delay, the FBI complained that the VCF computer code lacked a modular structure
which would permit it to be updated and maintained easily. The FBI commented that the environment in
which VCF was constructed had changed and other new products were more suitable (United States
Department of Justice Office of Inspector General, 2006). Aerospace Corp. reported that, out of 59
development issues, the FBI was responsible for 19 (requirements changes), and SAIC for the 40
remaining errors. Aerospace, in its assessment of SAIC’s work on the project, claimed it could “find no
assurance" that SAIC met the stated requirements, nor that the “…architecture, Concept of Operations,
and requirements were correct and complete” (United States Federal Bureau of Investigation, 2005).
Ms. Higgins’ congressional testimony demonstrates that the FBI was aware of Trilogy’s complexity
and challenges from the start. Yet, the FBI did not follow its plans to manage these issues or simply
lacked the competence to do so. The agency had permitted failure to continue, at great costs, for too long.
Thus, as guilty as SAIC was in the failure, the FBI was as well. Exhibit 1 portrays Trilogy milestones.
After the FBI officially cancelled development of VCF in 2005, Director Mueller took responsibility
for the FBI’s part in the project collapse. In his testimony to Congress, he stated “I am responsible, at
least in part, for some of the setbacks experienced with Trilogy and VCF” and declared his agreement
with the Department of Justice’s Office of the Inspector General (OIG) finding that “FBI management did
not exercise adequate control over the Trilogy project and its evolution in the early years of the project.”
(United States Federal Bureau of Investigation, 2005). Lack of control and accountability were key
factors that resulted in payments made to contractors, as shown in Exhibit 2, for work or travel that was
never completed, and for loss of between 400 and 1200 assets, mostly (computer) equipment, worth
millions of dollars (United States Government Accountability Office, 2006). Director Mueller also
attested the FBI failed to adequately define VCF requirements, did not completely comprehend the type
of contract it had created with SAIC, lacked its own in-house expertise and enterprise architecture to
manage and work IT development projects, and miscalculated the complexity of integrating a legacy
system with a new one.
All parties involved made many mistakes in their approach to Trilogy, and the events surrounding
9/11 and their subsequent developments served to complicate matters. These events prompted Director
Mueller to request acceleration of Trilogy which, when coupled with lack of solid communication and
cooperation, SAIC’s tendency towards poor workmanship, and the FBI’s poor IT management skills and
knowledge, doomed Trilogy from the start. In 2006, a year after the FBI scuttled VCF, hard feelings over
the project failure still existed on all sides – from the FBI, SAIC, and government officials. The Senate
Appropriations Committee, officially recognizing the failure as the fault of both the FBI and SAIC,
88 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
drafted legislation (HR 5672) directing the FBI to “…use all means necessary, including legal action, to
recover all erroneous charges from the VCF contractor ...” (Dizzard, 2006).
Figure 2. Trilogy contractor payments (United States Government Accountability Office, 2006)
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 89
Figure 3. Sentinel’s conceptual schedule and capabilities (United States Department of Justice
Office of Inspector General, 2007)
Source: United States Department of Justice Office of Inspector General (August, 2007).
Sentinel
Shortly after Director Mueller announced the FBI’s intent to learn from the lessons of the failed VCF
project, his statements were put to the test. In 2005, the FBI revealed it would create a new electronic
information management system called Sentinel and immediately went to work differentiating the system
from Trilogy in the press. Director Mueller decided to convert to a service-oriented architecture (SOA),
an idea he had presented to Congress that same year based on Aerospace recommendations. SOA
provided the modular structure desired and the flexibility the FBI needed to compliment its current IT
systems and serve as a “platform for gradual deployment of capabilities and services” in all FBI divisions
(United States Federal Bureau of Investigation, 2005).
Sentinel now, as Trilogy was supposed to be, provided a solution for FBI agent and analyst access
and information sharing obstacles. When the FBI released information to the media in mid-2005 on its
intent to move forward with Sentinel, the plan was that, unlike Trilogy, Sentinel would be rolled out in
steps, as demonstrated in Exhibit 3, each of the four phases providing its own user capabilities, and
emphasis on training, support and consideration of current and future users of the program would be great
(United States Federal Bureau of Investigation, 2005; United States Department of Justice Office of
Inspector General, 2007). Zalmai Azmi, the FBI’s CIO, vowed in 2005 “Sentinel is a lot different than
VCF.” and is “…not going to be implemented in one swoop” (Witte, 2005).
90 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
In August 2005, the FBI began soliciting proposals from government contractors for work on the
Sentinel project and, in 2006, it chose Lockheed, a Bethesda, MD based company and 15 year partner to
the FBI. The contract, valued at $305 million, less than Trilogy overall but three times the cost of VCF
itself, didn’t include the $120 million for staffing and administering the Sentinel Project Management
Office, or PMO (Lockheed Martin, 2006; United States Department of Justice Office of Inspector
General, 2009). Lockheed and its project partners indicated they would use commercial-off-the-shelf
(COTS) technology for integration purposes, a plan the FBI quickly approved because of Director
Mueller’s noted interest in it as a viable option in response to VCF when addressing Congress earlier.
Lockheed and the FBI agreed to move incrementally through the process, from development to
operations, and to complete Sentinel by December 2009 (Lockheed Martin, 2006).
At the request of Director Mueller and congressional appropriations and oversight committees, who
had witnessed the costly demise of the VCF project and now wanted accurate and timely updates on
Sentinel, the DoJ OIG once again became involved, specifically to conduct audits of the four phases of
the program (United States Department of Justice Office of Inspector General, 2009). The DoJ OIG,
Lockheed Martin, and the FBI reported the full deployment of Sentinel’s Phase 1 in June 2007. Amongst
other things, Phase 1 improved search capabilities and provided FBI agents and analysts web-based
access to the Automated Case Support (ACS) system, the pre-Trilogy system comprised of outdated
programs, but which still provided a source of valuable information (Lockheed Martin, n.d.; United States
Department of Justice Office of Inspector General, 2009). Part of the success in deploying Phase 1
involved the FBI PMO and Lockheed adhering to a monitored schedule during which they ran tests and
pilots and trained FBI personnel in depth to ensure proper performance. These activities were unlike any
that occurred during VCF development. In addition, general oversight of Phase 1 alone created over
20,000 documents detailing FBI methods utilized to guarantee disciplined management, best development
methodology, EA, and proper IT governance (United States Federal Bureau of Investigation, 2007).
Phase 2, which was delayed from the start so that the FBI and Lockheed could rearrange processes,
costs, and schedules based on lessons learned in Phase 1, required Lockheed Martin to create electronic
repositories, a workflow tool, and a new security framework, also served as a reminder to all parties of
Sentinel’s challenges (United States Department of Justice Office of Inspector General, 2006). It was in
this phase that difficulties and changes in cost, schedule, and scope arose, even before the fourth and final
segment of the phase (officially accepted by the FBI in December 2009) concluded. Due to testers’
negative feedback on Phase 2 Segment 3 in April 2009, the FBI and Lockheed decided to make changes
to Segment 4 and, as often occurs with changes, there was delay (several months) and additional costs
(several million). Five months behind schedule, Segment 4 quickly demonstrated inability to meet certain
standards and needs of the testers, with users reporting Phase 2 problems would make “…the completion
of the related tasks 'much harder' than current FBI practices”, thus affirming that phase’s general lack of
user friendliness and bringing to light old memories of a failed VCF program (Charette, 2010).
The DoJ OIG noted “…Sentinel had serious performance and usability issues…” and received
“…overwhelmingly negative user feedback during testing”, and questioned the FBI’s “conditional”
acceptance of Phase 2. OIG claimed that conditional acceptance allowed the FBI to use operations and
management (O&M) funds, about $780,000, to correct errors after the acceptance without revealing the
additional charges on its Sentinel budget (Charette, 2010). On the other hand, many believe the FBI’s
conditional acceptance of Segment 4 allowed them to take control of the project as they should have with
Trilogy, since it prohibited Lockheed from collecting any more Segment 4 development costs “…without
specific written permission from the FBI’s Contracting Officer” (Charette, 2010).
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 91
While Sentinel Phase 2 delays and costs mounted, both the FBI and OIG began examining
Lockheed’s performance a little more closely. The FBI had allowed Lockheed to deliver a faulty product
with “conditions”, which was an immense concern. However, as the actual developer of the system,
Lockheed was just as responsible for their own dwindling performance. In particular, the OIG pointed to
several major Lockheed-originated problems regarding Sentinel: the usability of Sentinel's specifically-
developed electronic forms, 26 “critical issues” that required resolution before functionality was
complete, Sentinel’s difficulties in interacting with the FBI’s Public Key Infrastructure (PKI), and
Lockheed Martin’s deviation from “…accepted systems engineering processes in developing the software
code for Sentinel” (United States Department of Justice Office of Inspector General, 2010).
To supplement its relationship with the OIG and Lockheed, the FBI hired the MITRE Corporation, a
non-profit manager of Federally Funded Research and Development Centers (FFRDCs), in Phase 2.
MITRE’s task was not to design or test the system, but to intensely examine Sentinel’s software code and
any related documentation originating with problems that had been occurring since early 2009. In other
words, MITRE’s purpose was to dissect and report on Lockheed’s work. Similar to OIG, MITRE
concluded that Lockheed diverged from accepted engineering systems practices, did not adhere to
documentation requirements created by Lockheed itself, and had not followed correct testing procedures,
all of which resulted in over 10,000 inefficiencies which could affect Sentinel’s performance (United
States Department of Justice Office of Inspector General, 2010). In some significant ways, Sentinel had
begun to look like a repeat of Trilogy.
By the end of fiscal year 2010, the FBI had invested $79.8 million in Sentinel, the second largest
amount of all its 2010 projects, yet continued to receive the highest ratings for risk, delay, and cost
(United States Government, 2010). As Exhibit 4 shows, of all the DoJ agencies, the FBI had invested the
most in IT over FY2010, $1.4 billion in total; yet, of the 17 major IT investments, Sentinel received
approximately 6% of total funds (United States Government, 2010). The DoJ (of which the FBI is part)
expected the first two phases of Sentinel to be the most costly, yet the costs were still underestimated. In
August 2010, DoJ reported that the FBI had already either used or planned to use $405 million of the total
budgeted $451 million by September 2010, thus leaving only $46 million to develop Phases 3 and 4 if
Sentinel was to meet budget requirements. The FBI was not prepared to utilize risk reserve funds as it
had in 2009, and although it had demonstrated more control of Sentinel, it realized further modifications
to ensure success were needed.
FBI Transformation
Nonetheless, the FBI had begun a new chapter and was recreating itself as it progressed through Sentinel
development, as events described thus far suggest. Many of its successes could not be measured in terms
of dollars. Success, instead, could be measured through the FBI’s recognition of fault, decision to
change, development of methods and measures to ensure timely and quality completion of Sentinel, and
implementation of these methods. FBI leadership needed to demonstrate its control over actions taken,
actions to be taken, and detail in-depth plans for the future. This control was demonstrated in the summer
of 2010 when it issued a full stop work order to Lockheed and placed the Sentinel program under FBI
senior management internal review. In September 2010, corresponding with its report to OIG detailing
changes it would make in order to complete Sentinel on time and within budget, the FBI completely took
over the project from Lockheed, deciding instead to use it own employees, relying less on external
technology partners, and employing an agile development process to complete Sentinel.
92 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
Figure 4. IT dashboard DoJ IT investment and cost comparison (United States Government, 2010)
Source: United States Government. (2010). Department of Justice, Federal Bureau of Investigation:
Investment rating.
The FBI’s decision to cease further work on Sentinel (with Lockheed) until the program could be
reviewed brings to light several factors essential to success, which required not just the development and
implementation of agent and analyst intelligence tools, but modifying procedures and processes that
would help the FBI achieve this goal more efficiently. The most notable factors that exhibit positive
transformation are the FBI’s implementation of accountability and control, its mitigation of risk through
improved decision making and communication, and its strategic approach to IT.
During Phase 1 the FBI and Lockheed learned some vital lessons, in particular, that it was best to divide
each phase into segments, so that every 3 to 6 months users received new capabilities. Yet, objections
from MITRE and OIG remained, especially with regard to the testing and acceptance for each segment.
They both indicated concern over the FBI’s criteria for delivery and acceptance of segments for each
phase and lack of criteria which, if utilized, would ensure overlapping system-wide functionality, both for
phases and Sentinel as a whole. In addition, MITRE believed that the FBI and Lockheed had not
conducted all of the necessary testing during phases, in particular Phase 2. The FBI and Lockheed
disagreed with each other (United States Department of Justice Office of Inspector General, 2010).
Questions and disputes such as these over control and accountability from outside the FBI, as well as
from within, were not new to the organization.
Generally speaking, accountability infers consideration of five elements: project objectives, quality
indicators, benchmarks, program monitoring, and periodic feedback (Chang & Lin, 2009). Four of these
five elements – fault, causality, role, and liability – play a part, particularly with regard to computer
decision systems. In the case of VCF, the FBI did not utilize any accountability methods until it was too
late, and although fault, causality, role, and liability rested on both parties, they were difficult to
determine at times. Fault requires that a failure in the system is identifiable; however, because the FBI
did not implement quality indicators and benchmarking, nor conduct monitoring or feedback sessions,
fault, along with cause, were not identified until VCF had nearly collapsed. Lack of accountability during
VCF development as a result of little oversight and few to no departments and programs to assess
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 93
governance and responsibility provides the benchmark by which to assess current accountability
processes and procedures.
Figure 5. FBI’s IT system’s life cycle management directive (United States Department of Justice
Office of Inspector General, 2007)
Source: United States Department of Justice Office of Inspector General (August, 2007).
In 2004, as Trilogy was coming to an end, OIG and Government Accountability Office (GAO)
process recommendations to guide IT investment development and accountability prompted the FBI to
create its Life Cycle Management Directive (LCMD), a directive overseen by the Office of Information
Technology Policy and Planning (OIPP). Shown in Exhibit 5, the LCMD consists of four major
components - life cycle phases, control gates, project level reviews, and key support processes - and nine
phases that occur over IT development, implementation and retirement (of projects) (United States
Department of Justice Office of Inspector General, 2007). In order for FBI management to approve a
project’s advancement to the next of the nine phases, explicit requirements must be met. According to the
DoJ, LCMD provided “…the framework for standardized, repeatable, and sustainable processes and best
practices…” in IT development that the FBI needed, leading the DoJ to believe LCMD would help the
FBI avoid problems it faced during VCF development (United States Department of Justice Office of
Inspector General, 2007).
In addition to overseeing the LCMD, the OIPP creates policies and plans, managing them through
governance methods, and addresses DoJ OIG and GAO audits that monitor deficiencies in the FBI's IT
standard methodologies and governance procedures. OIPP is just one example of many departments,
programs, and plans the FBI introduced between 2004 and 2005. The FBI also created the following
94 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
during this period of time: strategic IT plan, enterprise architecture (EA), portfolio management program,
enterprise IT tool, capital planning and investment management/project review board, IT metrics process,
IT acquisition and financial reform program, leadership programs, and assessments of technology and
information security. These programs and offices affect all FBI IT projects, offering resources for
accountability and control which were not in place during VCF.
Several decisions and events that supported IT governance were solely applied to Sentinel. For
example, Director Mueller requested increased DoJ OIG and congressional oversight prior to
development commencement. The increased oversight improved analysis of Sentinel development
defects and strengthened communication between Congress and the FBI. The FBI also looked outside of
itself and other governmental entities to companies like MITRE and Aerospace for impartial oversight.
These companies provided valuable insight that assisted the FBI's decision-making about Sentinel’s
future. And, just recently, to demonstrate its capabilities and desire for Sentinel success, the FBI decided
to complete Sentinel mostly in-house while working with specific (non-Lockheed) partners. According to
Mr. Fulgham, this allows the FBI engineers to “…have a much more profound impact on the architecture,
on how we deploy and integrate their products.” (Foley & Hoover, 2010). In all, the FBI modified its
methods of IT governance greatly after VCF, and have applied these new methods effectively considering
how recently they have adopted them.
A second demonstration of transformation, and one which relates closely to accountability, is the
manner in which the FBI controlled Sentinel. The most obvious example of this control is the phasing out
of Lockheed. By the spring of 2009, efforts to direct Lockheed to perform as requirements dictated and to
impress on the company the importance of applying lessons learned from Trilogy to Sentinel appeared to
have fallen on deaf ears. In response to issues with Phase 2, Lockheed modified Phase 3 staff allocation
to rework pieces of Phase 2, which in turn negatively affected Phase 3 reflexively. In January 2010, after
the official conditional acceptance of Phase 2’s Segment 4, Lockheed reported that Phase 3, which
involved improving upon capabilities created in Phase 2, would also be delivered behind schedule and at
a slightly higher cost (United States Department of Justice Office of Inspector General, 2006; United
States Department of Justice Office of Inspector General, 2010). Meanwhile the OIG, in its March 2010
audit report, addressed its own project concerns over data migration, prioritization of defect reports,
staffing, user help, and general Sentinel program reporting, all of which they believed would plague every
aspect of the project into the future if not resolved (United States Department of Justice Office of
Inspector General, 2010).
Although instructed to do so by the FBI, Lockheed failed to develop a new budget and schedule for
the remaining phases in accordance with FBI needs. In March, in response to criticism and obvious
warning signs of declining development performance, the FBI ordered a partial work suspension to
Lockheed on Phases 3 and 4 (Bain, 2010). According to Director Mueller, this act was intended to
provide Lockheed a “sufficient wake-up call”, and one month later he reported to the Senate
Appropriations Committee that if recent changes did not fix the problems, he would take any steps
necessary to ensure Sentinel’s completion (Hoover, 2010). What once appeared as a mild warning was
now becoming considerable. The FBI claimed that in ordering Lockheed to suspend work, it was
demonstrating effective management skills but, not to diminish the company’s intent, also said that
Lockheed was cooperating and understood both the desire and imperative for quality (Censer, 2010; Bain,
2010). As expected, both the FBI and Lockheed defended their own abilities and outcomes – Lockheed
did so in an attempt to protect itself from being completely shut down on the project and the FBI did so to
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 95
prove it wasn’t wasting tax payer dollars and repeating mistakes. Their attempts to manage reputations,
however, could not delay the inevitable, and a full stop work order would soon be issued.
In the end, the FBI felt the cost estimates and time schedule presented by Lockheed were simply not
acceptable. A VP at Lockheed highlighted some of Lockheed’s feelings towards their removal from the
project, saying, "The FBI believes they have the ability to do things we can't do in a leadership role in a
way that they can more affordably and efficiently implement the rest of the project requirements." (Foley
& Hoover, 2010).
Transparency
Control of Sentinel development helped the FBI mitigate risk to the project, a factor that was devalued
during Triology. Mitigating risk was one of the underlying, key goals of the Sentinel program from the
start, and many of the modifications the FBI has made contribute to this goal, such as construction of an
EA, implementation of an SOA, improved accountability, more effective use of human capital, and plans
to utilize agile development. Another method of mitigating risk, one that the FBI has utilized, stems from
its transition to a more transparent organization, at least in terms of providing cost, schedule, and easy
access to open source information. The FBI understands that provision of information is ethical and
allows the public to monitor and influence, as it can, programs such as Sentinel. Although the agency
requires information security on many levels, it also recognizes the strengths of strategic communication
and how providing up to date accurate information on Sentinel – the positive and the negative – assists in
lending credibility to the program and building trust, which in turn creates support for Sentinel and other
FBI programs in development, thereby reducing risk of failure.
For example, the FBI has cooperated with agencies and media that are monitoring and investigating
the details of Sentinel, even consistently providing its own updates via the FBI web site. The FBI also
utilizes the IT Dashboard in addition to its reports, those from the DoJ, Government Accountability
Office (GAO), and other federal agencies and private organizations. The IT Dashboard allows federal
agencies and the public to review details of federal IT projects and monitor their progression, while at the
same time providing a sense of transparency and some idea of Sentinel’s risk. Although the IT
Dashboard relies on DoJ’s CIO, Vance Hitch, to evaluate and input data, most data stems from other
independently-maintained sources (United States Government, 2010). Amongst other analyses,
Sentinel’s current cost (Exhibit 7), schedule (Exhibit 8), and performance metrics (Exhibit 9) are located
on the IT Dashboard and updated regularly.
<Exhibits 6 - 8 here>
Mr. Hitch does not conceal his position on Sentinel development. In the “Evaluation by Agency
CIO” rating, which assesses the “…risk of the investment’s ability to accomplish its goals”, he utilizes
five or more factors, including risk management, requirements management, contract oversight, historical
performance, and human capital in deciding how, if at all, to invest in IT projects (United States
Government, 2010). Sentinel’s CIO rating has decreased since August 2009 from 7.5 to 2.5 (with 10
being the highest score), indicating that it poses a moderately high risk of failure. In conjunction with two
other factors, cost and schedule, which have also fallen since 2009, the CIO’s rating is utilized to
calculate an overall program rating. However, if the CIO’s score is less than either cost or schedule, it
automatically becomes the overall score. Therefore, Sentinel’s current overall rating remains at 2.5. As
damaging as this specific information appears, the fact that Sentinel operations, costs, and schedules are
available on the IT Dashboard and elsewhere indicates a level of transparency which, by itself, can help to
96 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
facilitate organizational change within the FBI. The information provided is also evidence of the FBI’s
commitment to detailed, consistent and constructive metrics, and its reasoning in discontinuing
Lockheed’s contract on Sentinel.
Strategic Approach to IT
The third notable manner in which the FBI has demonstrated growth since VCF is in the preparation of
their IT Strategic Plan (ITSP), which is directly linked to the FBI’s Strategy Management Plan (SMS) and
DoJ’s ITSP. The ITSP, which parallels an enterprise view, works to identify the FBI’s strategic direction,
create and leverage IT metrics, and track progress so that strategic goals and objectives utilizing FBI
information tools can be met.
Figure 6. IT dashboard cost details, March 16, 2006 – May 30, 2011 (United States Government,
2010)
Figure 7. IT dashboard schedule details, March 16, 2006 – May 30, 2011(United States Government,
2010)
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 97
During Trilogy, government entities and IT professionals criticized the FBI particularly for its
culpability in the VCF failure. That focus of criticism was the FBI's non-existent Enterprise Architecture
(EA) which, when implemented, is a tool that provides efficient management of technically complex
programs. The FBI’s OIPP, in conjunction with a reputable technology and management consulting firm,
established a basic EA in 2004 and since has produced a fully developed one. Although 2004’s EA
launch was too late for Trilogy, its current use in Sentinel helps prevent strategic misalignment,
redundancy, and overspending. Now, any and all FBI IT programs must be consistent with the FBI’s EA.
At the same time the FBI decided to develop an EA, it transitioned to a service-oriented architecture
(SOA). Because SOAs are relevant to application integration (for example, in the case of the legacy ACS
system) and to application construction (for example, in the case of COTS), the FBI found a cost-effective
solution that would enhance their legacy systems, allow new software to be introduced, and maintain
existing system services without interference. SOA offers a modular structure that permits the scalability
needed for effective change in FBI IT, and specifically for Sentinel. In addition, SOA increases
Sentinel’s performance, reliability, and accountability. SOA integrates accountability in that it offers a
greater likelihood that the key phases of accountable computing will occur for detection, diagnosis,
defusion, and disclosure (Chang & Lin, 2009). Since the detection phase includes determining expected
service system behaviors (requirements), the FBI’s implementation of SOA after 2004 provided a
foundation for measuring performance and was contrary to its approach to Trilogy, during which
undefined or non-existent requirements became a chief complaint on all sides. In disclosure, one party
accepts liability and is therefore responsible to remedy the problem. Unlike VCF, the FBI not only
specified the manner in which Lockheed could remedy the delays, costs, and performance deficiencies,
but also in the event Lockheed was unable to meet standards, the FBI could issue a full stop work order.
Because EA and SOA are established architectures in IT, understanding them and utilizing them was
not as challenging for the FBI as some may have thought. Recognizing the uniqueness of EA and SOA to
the FBI’s vision and mission as compared to other organizations, the FBI successfully developed its own
appropriate methodologies. Agile development, although mostly foreign to the FBI, and Sentinel in
particular, has received significant press. In consideration of MITRE and OIG recommendations to
incorporate incremental steps in phases and to improve testing procedures, previously utilized on a
smaller scale in another FBI program, agile development was adopted as the organization’s solution to
98 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
information security and sharing (Lipowicz, 2010). The FBI only recently informed non-FBI personnel
that it planned to utilize agile development to complete Sentinel, and consequently mapped its envisioned
evolution to an agile enterprise, reported in Exhibit 6 (United States Federal Bureau of Investigation,
2009). Agile development offers the FBI more flexibility, and some very necessary development and
testing options. It also permits capabilities to be created in increments so they remain more closely
aligned with the FBI’s business requirements, decreases the requirements list (which was part of Director
Mueller’s plan to stay within budget and on time), allows the requirements to be more easily managed,
and assists in eliminating redundancy. Nevertheless, it remains to be seen if the FBI, which already has
acknowledged the difficulty in forecasting in agile development, can effectively utilize this approach with
Sentinel.
Figure 9. FBI’s planned transition to an agile enterprise by 2015(United States Federal Bureau
of Investigation, n.d.)
The FBI’s mission encompasses numerous tasks, all targeted at protecting national security through
intelligence driven means, enforcing federal laws, and providing leadership and support to domestic and
international intelligence and law enforcement partners. However, since the FBI has multiple duties and
is not solely focused on information technology infrastructure and programs, only a certain percentage of
funds are allocated towards IT. Although oversight committees and organizations have disputed the
effective application of funds, requests for financial support in IT have increased each year since 2000. In
2006, the FBI implemented its Strategy Management System (SMS), its version of a balanced scorecard
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 99
system. One challenge the FBI faces is in expanding and enhancing the connections between SMS,
intelligence and investigations, and its management methods. The FBI has employed at least one
component of effective management practices (performance reporting) but continues to develop a second
component (financial planning) by constantly evaluating budget alignment with the SMS so that resources
are linked to the FBI’s goals (Mueller, 2009). Since the FBI is new to a balanced scorecard approach, it is
confronted daily with its intricacies. Similar to other federal agencies, the FBI’s IT funding is deficient in
part due to its need to simultaneously support IT infrastructure, supply IT services of quality, enhance IT
initiatives, and implement emerging technologies.
In regards to its overall approach to information technology, the FBI has made significant
improvements since the inception of Trilogy in 2001, but requires greater resources – funding, personnel,
software, hardware, and physical infrastructure – to leverage current technologies, exploit emerging
technologies, or accustom itself to the infinitely dynamic environment in which it works. For example,
because the FBI is one of very few agencies to perform duties under three different security
classifications, unclassified, secret, and top secret, its activities necessitate specific secure locations.
However, in several cases, the FBI lacks sufficient facilities to house programs and personnel that would
enhance its information technology and information sharing programs in all three classifications.
Another challenge the FBI faces, as noted previously, regards IT staffing and management personnel.
Not only have the FBI’s IT projects been plagued by insufficient or unqualified defense contractor
personnel, but the FBI has admitted “…to not being able to meet both inter- and intra-agency deadlines
due to inadequate staffing levels” within its own organization (United States Department of Justice Office
of Inspector General, 2010). Inadequate staffing levels are not the only problem, however. Throughout
much of Sentinel development, the FBI failed to properly employ and manage Sentinel Project
Management Office staff and between December 2008 and October 2009 the PMO experienced a 26%
turnover rate. Since late 2009, the FBI claims to have corrected most staffing deficiencies, yet current
plans are to significantly reduce the number of contract employees and FBI personnel assigned to the
project.
The final area in which the FBI faces challenges is in its actual handling of the Sentinel project now
that it has released Lockheed from further work on it. Director Mueller accepted recommendations made
by oversight entities after the failure of Trilogy to move to a service-oriented architecture. This
modification was not enough to ensure Sentinel’s consistent success, but SOA, in conjunction with the
FBI’s recent decision to implement agile development, will improve the alignment between business
strategy and IT and presents the FBI with a reasonable and effective developmental approach. The
potential problem with the FBI’s decision to complete the Sentinel program utilizing agile development is
that it has little experience with agile development. FBI CIO Chad Fulgham once noted the FBI’s use of
the process in creating Delta, an application that manages confidential sources, and its success in doing
so, yet critics remain skeptical. Because of the FBI’s belief that agile development will streamline
decision making, the FBI is reducing contractor personnel by over 80%, including those from Lockheed
and suppliers of COTs components, and its own employees by over half from the Sentinel project.
Fortunately, the FBI recognizes the challenges that Sentinel presents. Recently, Director Mueller
made a statement that even for-profit companies would believe reasonable, saying, "When you have a
project that was laid down in concrete four or five years ago, [with] technology changes, business practice
changes, and complexity changes, one can expect some minor delays" (Hoover, 2010). Still, the FBI also
recognizes that with challenge and risk come opportunity. Although nothing can be done to salvage the
Trilogy efforts, the FBI may realize its goals with Sentinel, in time. In order to do so, however, it must
100 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
work through obstacles presented by others, at times in the form of unfactual and premature criticism, but,
even more so, through the most substantial challenges of all – its own history, structure, and culture.
REFERENCES
Arnone, M. (2005, September 19). FBI focuses on IT capabilities. Federal Computer Week.
Bain, Ben. (2010, March 31). Justice IG hits FBI’s Sentinel IT program. Federal Computer Week.
Bain, Ben & Lipowicz, Alice. (2008, February 12). Lockheed wins FBI biometric contract. Washington
Technology.
Censer, Marjorie (2010, May 10). FBI says troubled Sentinel computer system to be ready in 2011. The
Washington Post.
Chang, Soo Hoo & Lin, Kwei-Jay. (2009). A service accountability framework for QoS service
management and engineering. Information Systems and E-Business Management, 7, pp. 429 – 446.
Charette, Robert. (2009, November 12). FBI Sentinel System Slips a Bit More But Remains In Budget.
The Risk Factor. Retrieved September 12, 2010, from IEEE Spectrum:
http://spectrum.ieee.org/riskfactor/computing/it/fbi-sentinel-system-slips-a-bit-more-but-remains-in-
budget.
Charette, Robert. (2010, April 3). Interesting FBI Definition of "Minor" Technical Issues in Sentinel
Project. The Risk Factor. Retrieved September 12, 2010, from IEEE Spectrum:
http://spectrum.ieee.org/riskfactor/computing/it/interesting-fbi-definition-of-minor-technical-issues-in-
sentinel-project.
Dies, Bob E. (2001, July 18). Information technology and the FBI. Bob E. Dies; Assistant Director,
Information Resources Division; FBI, Federal Bureau of Investigation. Testimony before the Senate
Judiciary Committee. Washington, D.C.
Dizzard, Wilson P. III (2006, November 16). Senators to FBI: get a VCF refund. GCN: Government
Computer News.
Greenemeier, Larry (2006, September 1). FBI looks to redeem itself with Sentinel after Virtual Case File
snafu. Information Week.
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 101
Higgins, Sherry. (2002, July 16). FBI Infrastructure. Sherry Higgins; Project Management Executive for
the Office of the Director; FBI. Testimony before the Senate Judiciary Subcommittee on Administrative
Oversight and the Courts. Washington, D.C.
Hoover, J. Nicholas (2010, April 16). FBI Director Reports On Delayed Sentinel System.
Information Week.
Hoover, J. Nicholas & Foley, John (2010, September 15). FBI takes control of troubled Sentinel project.
Information Week.
Lipowicz, Alice (2010, September 20). FBI resuscitates Sentinel case management system. Federal
Computer Week.
Mueller, Robert S. III (2005, February 3). FBI’s Virtual Case File System. Robert S. Mueller, III;
Director, Federal Bureau of Investigation; Testimony to the Appropriations Subcommittee on Commerce,
Justice, State and the Judiciary. Washington, D.C.
Mueller, Robert S. III (2008, April 18). The FBI Budget for Fiscal Year 2009. Robert S. Mueller, III;
Director; Federal Bureau of Investigation; Statement before the Senate Committee on Appropriations,
Subcommittee on Commerce, Justice, Science, and Related Agencies; Washington, D.C.
Mueller, Robert S. III (2009, June 4). The FBI Budget for Fiscal Year 2010. Robert S. Mueller, III;
Director; Federal Bureau of Investigation; Statement before the House Committee on Appropriations,
Subcommittee on Commerce, Justice, Science and Related Agencies; Washington, D.C.
Mueller, Robert S III (2010, March 17). The FBI Budget for Fiscal Year 2011. Robert S. Mueller, III;
Director; Federal Bureau of Investigation; Statement before the House Committee on Appropriations,
Subcommittee on Commerce, Justice, Science, and Related Agencies; Washington, D.C.
Schlendorf, David. (2010). The FBI’s Strategy Management System: Linking Strategy to Operations.
Palladium 2010 America’s Summit: Leading, aligning, and winning in today’s economy. 10 – 11
November. San Diego, California.
United States Department of Justice Office of Inspector General. (August, 2007). Sentinel audit III: status
of the Federal Bureau of Investigation’s case management system (Audit Report 07-40). Washington,
D.C.
United States Department of Justice Office of Inspector General. (February, 2010). FY 2011
Authorization and Budget Request to Congress. Washington, D.C.
United States Department of Justice Office of Inspector General. (November, 2009). Sentinel Audit V:
Status of the Federal Bureau of Investigation’s Case Management System (Audit Report 10-03).
Washington, D.C.
102 Journal of Cases on Information Technology, 13(3), 84-102, July-September 2011
United States Department of Justice Office of Inspector General. (March, 2010). Status of the Federal
Bureau of Investigation’s Implementation of the Sentinel Project (Report 10-22). Washington, D.C.
United States Department of Justice Office of Inspector General. (March, 2006). The Federal Bureau of
Investigation's Pre-Acquisition Planning for and Controls Over the Sentinel Case Management System
(Audit Report 06-14). Washington, D.C.
United States Federal Bureau of Investigation. (2009). Information technology strategic plan: FY2010-
2015. Washington, D.C.
United States Federal Bureau of Investigation. (2009, November 10). Response to OIG Audit of the FBI’s
Sentinel Program. Press release, from the FBI National Press Office, retrieved from
http://www.fbi.gov/news/pressrel/press-releases/response-to-oig-audit-of-the-fbi2019s-sentinel-program,
on October 26, 2010.
United States Federal Bureau of Investigation. (2007, July 5). A Solid Foundation: CIO Discusses
Sentinel Launch. News story, retrieved from
http://www.fbi.gov/news/stories/2007/july/sentinel_070507/?searchterm=None, on October 26, 2010.
United States Federal Bureau of Investigation. (2005, June 8). FBI Information Technology Fact Sheet.
Press release, retrieved from http://www2.fbi.gov/pressrel/pressrel05/factsheet.htm, on October 26, 2010.
United States Government. (2010). [Data table, Investment Rating, August 20, 2010]. Department of
Justice, Federal Bureau of Investigation. Investment rating. Retrieved from
http://it.usaspending.gov/?q=portfolios/agency=011, on October 26, 2010.
United States Government. (2010). IT Dashboard FAQ for Agencies. Retrieved from
http://it.usaspending.gov/?q=content/faq-agencies#22, on October 26, 2010.
United States Government. (2010). IT Dashboard FAQ for Public. Retrieved from
http://it.usaspending.gov/?q=content/faq-agencies, on October 26, 2010.
United States Government. (2010). [Graph illustration Sentinel Cost Details August 20, 2010]. FBI
SENTINEL Cost Summary. Retrieved from http://it.usaspending.gov/?q=content/cost-
summary&buscid=441, on October 26, 2010.
United States Government. (2010). [Graph illustration, Sentinel Schedule Details August 20, 2010]. FBI
SENTINEL Schedule Variance in Days. Retrieved from http://it.usaspending.gov/?q=content/schedule-
summary&buscid=441, on October 26, 2010.
United States Government. (2010). [Graph illustration Performance Metrics March 31, 2010]. FBI
SENTINEL Performance Summary. Retrieved from http://it.usaspending.gov/?q=content/performance-
metrics&buscid=441, on October 26, 2010.
Copyright © 2011, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
THE FBI SENTINEL PROJECT 103
United States Government Accountability Office. (2006, June 9). FBI Trilogy: Responses to post hearing
questions. Letter by Linda M. Calbom, Director, Financial Management and Assurance to The Honorable
Arlen Specter; Chairman, Committee on the Judiciary, United States Senate.
Witte, Griff (2005, June 9). FBI Outlines Plans for Computer System. The Washington Post.