The Baltimore Sun February 26, 2006
Computer ills hinder NSA
2 technology programs, weapons for the war on terrorism, have proved duds
By Siobhan Gorman
WASHINGTON -- Two technology programs at the heart of the National Security Agency's drive to combat 21st-century threats are stumbling badly, hampering the agency's ability to fight terrorism and other emerging threats, current and former government officials say.
One is Cryptologic Mission Management, a computer software program with an estimated cost of $300 million that was designed to help the NSA track the implementation of new projects but is so flawed that the agency is trying to pull the plug. The other, code-named Groundbreaker, is a multibillion-dollar computer systems upgrade that frequently gets its wires crossed.
The downfall of the Cryptologic Mission Management program has not previously been disclosed. While Congress raised concerns about the agency's management of Groundbreaker in a 2003 report, the extent and impact of its inadequacies have not been discussed publicly.
Intelligence experts told The Sun that as a result of these failures, agency computers have trouble talking to each other and frequently crash, key bits of data are sometimes lost, and vital intelligence can be overlooked - all as the agency aggressively argues for broader surveillance power under the president's warrantless wiretapping program.
Moreover, there are no agency-wide controls to make sure effective fixes are put in place, and, with the demise of the mission management program, none will be in place anytime soon.
"The stuff that NSA does is probably more valuable today than it's ever been," said John Pike of Globalsecurity.org, who has monitored the intelligence agencies for 25 years. "If their infrastructure doesn't work, they can't work. If the people can't work, the agency can't work."
A former NSA employee put it more bluntly, as he explained why he was speaking to a reporter for the first time, though on the condition of anonymity: "What I am fearful of is: Because of all this, we will have a 9/11 Part II."
These two programs, in combination with the NSA's $1.2 billion threat-sniffing initiative called Trailblazer, were to be the engine that would propel the formerly cutting-edge intelligence agency into the digital age. The Sun disclosed last month that six years after it was launched, the Trailblazer program consists of little more than blueprints on a wall.
NSA spokesman Don Weber did not return repeated phone calls and did not respond to a series of e-mailed questions submitted at his request more than a week ago.
Reporting for this article was based on interviews with 10 former NSA officials and intelligence experts. Most were granted anonymity because elements of these programs are classified, and those who work for the agency or its contractors risk losing their security credentials.
In recent months, as his agency has come under intense scrutiny, NSA Director Lt. Gen. Keith B. Alexander has sent memos to his employees reminding them of their orders not to speak with reporters.
At the NSA, and throughout the government, the Sept. 11 attacks created a crisis atmosphere. Congress responded by pouring money into anti-terrorism efforts, while intelligence agencies scrambled to put new programs in place - often without the planning and oversight needed to succeed, intelligence professionals said.
At an agency-wide meeting at the NSA not long after the Sept. 11 attacks, Michael V. Hayden, then the NSA director, announced a $1 billion budget increase.
But the top-secret agency, based at Fort Meade between Baltimore and Washington, has no mechanism to systematically assess whether it is spending its money effectively and getting what it has paid for, NSA veterans said. One former employee likened it to a neighborhood with no police to enforce the traffic laws.
Oversight by Congress and by the inspectors general of the NSA and Pentagon has been sporadic. The head of the Government Accountability Office, the congressional audit agency, recently complained that his agency has not been asked to look at any of the NSA's programs.
The NSA's Cryptologic Mission Management program was supposed to fill those gaps by imposing financial planning and management discipline.
The five-year-old program aimed to tackle a challenge many modern companies face: How can you monitor the progress and spending of projects across the organization? Companies generally answer that question with commercially available software, such as Microsoft Project, which helps businesses track projects against an established timeline and measure their results.
The NSA, instead, said it needed specially tailored software but continually changed its mind about the scope and design of the program, making it impossible to develop and execute a plan, said former government officials knowledgeable about the program.
In addition, the program was not integrated into the rest of the agency's efforts. Not long after the effort was launched, a 2001 Senate report warned that the NSA "appears to have no plans or processes in place" to link the Mission Management program to the rest of the agency's information technology and intelligence collection.
Late last year, Alexander, who took over as NSA director in August, tried to kill the program, according to four former government officials knowledgeable about the program. He faced resistance from members of Congress who wanted to continue funding the project because the NSA would have no other way to assess its programs, which are estimated to number in the thousands, two of the former officials said.
Alexander is expected to go to Capitol Hill in the next few weeks armed with a compromise that would replace the Mission Management program with another effort to track the agency's programs, said one of the former officials.
Supply and demand
Intercepting communications has long been a crucial element of national defense. But in an era of instant messaging and cell phones, demand for the NSA's expertise has far outstripped supply.
To try to keep pace, the NSA launched Groundbreaker in 1999 - a program to upgrade the agency's technology infrastructure and potentially save billions of dollars by outsourcing 600 jobs and responsibility for equipment and maintenance.
As with virtually all of the NSA's activities, many details of the initiative remain secret. Hayden announced it in 2000, calling it the key to a "robust and reliable infrastructure" at the NSA that would address the modern information explosion. The total cost, he said when the contract was awarded in 2001, could exceed $2 billion.
Since then, former intelligence officials said, the initial $2 billion price tag is estimated to have doubled.
A September 2003 report by the NSA's inspector general found that "key elements" for managing the Groundbreaker contract "were missing," including a "contract management program" and a quality control mechanism, according to a copy of the executive summary obtained by The Sun. Expenditures amounting to millions of dollars were unaccounted for, according to the inspector general.
A group of private contractors known as the Eagle Alliance, led by Computer Sciences Corp., is running the project. A spokeswoman for CSC directed a reporter to the NSA for comment.
Computers are integral to everything NSA does, yet it is not uncommon for the agency's unstable computer system to freeze for hours, unlike the previous system, which had a backup mechanism that enabled analysts to continue their work, said Matthew Aid, a former NSA analyst and congressional intelligence staff member.
When the agency's communications lines become overloaded, the Groundbreaker system has been known to deliver garbled intelligence reports, Aid said. Some analysts and managers have said their productivity is half of what it used to be because the new system requires them to perform many more steps to accomplish what a few keystrokes used to, he said. They also report being locked out of their computers without warning.
Similarly, agency linguists say the number of conversation segments they can translate in a day has dropped significantly under Groundbreaker, according to another former NSA employee.
Under Groundbreaker, employees get new computers every three years on a rotating schedule, so some analysts always have computers as much as three years older than their colleagues', often with incompatible software, the former employee said.
As a result of compatibility problems, e-mail attachments can get lost in the system. An internal incident report, obtained by The Sun, states that when an employee inquired about what had happened to missing attachments, the Eagle Alliance administrator said only that "they must have fallen out."
When computers need to be fixed or upgraded, the Eagle Alliance provides three levels of service. The fastest service is reserved for the NSA's top management. One mid-level employee gave up waiting for an administrator to put free software on his computer and downloaded it onto his home computer, so he could finish an online training course. The program was installed at work eight months later, he said.
In 2003, Congress finally punished the NSA for chronic mismanagement by taking away its authority to sign big contracts, such as the one for Groundbreaker, and gave that responsibility to the Pentagon. But that decision made it harder for the NSA to complete projects on time because the agency must ask the Pentagon for permission to initiate and review projects, former NSA Director Bobby R. Inman said in an interview.
Alexander, the current director, declined an interview request for this article. But in August he told The Sun that the NSA needed to leap from the "industrial age" to the "information age" to survive.
There is little disagreement that programs such as Groundbreaker and Cryptologic Mission Management are complex, but that does not diminish the national security demands that require the NSA to tackle modern communications.
Several agency veterans said, however, it isn't clear that the expertise to run these programs exists at the agency.
The NSA has become increasingly dependent on private contractors, who, rather than offering a fresh view, tend to hire former NSA employees and install them on the same projects they had handled when they were at the agency, said a former senior intelligence official who works for a contractor.
"It's more of the same people," the former official said. "The contracting system makes it very hard to engage industry, and it's very hard for people to break into government contracting. This is one of the areas I think needs tremendous review."
In fact, a security clearance is required just to see the list of NSA contracts, but a company representative cannot obtain a clearance without an NSA contract.
Throughout the national defense agencies, Pike said, there has been a sharp uptick in the past five years in programs that ultimately cost multiples of what the contractor initially promised.
Meanwhile, new bureaucratic hurdles have tripled the time it takes to develop and produce new intelligence products, said former NSA director Inman. In the 1950s, projects could go from concept to the field in four or five years; now, it is a 12- to-15-year time frame, he said.
Because it is so difficult to plan on a 15-year schedule, "as this pressure to attack new problems increases, more large programs will be canceled in midstream with loss of money," Inman said. "It's not a good way to spend the public's money."
© Copyright 2006, The Baltimore Sun