The details of how the FBI does its business and the systems that support the bureau are classified. Nonetheless, Executive Editor at Large Eric Knorr did his best to get a rough description of VCF (Virtual Case File) -- the $170 million system that never launched -- from SAIC Group President Mark Hughes and Technical Director Frank Perry.
IW: I know I'm not going to get a diagram, but can you thumbnail it in words?
Frank Perry: Without going into any details, I think what you would find is a pretty standard, three-tier, Web-based, enterprise-scale application for an enterprise of tens of thousands of people.
IW: The most alarming thing I heard about this project was the “flash cutover.” I imagine on the back end of that three-tier architecture you would still integrate with the legacy system; you wouldn't just shut down all the old mainframes. Or was that what was planned?
Mark Hughes: That's what was planned initially, but when they decided to do the incremental deployment, it's just as you say. In fact, the IOC system has been integrated to some degree with their legacy systems, called ACS.
IW: How did you integrate with the mainframes? Did you use screen scraping?
FP: I don't think we can go into too much detail, but at the level that we did the integration for the IOC capability … it's a data-level integration.
IW: Can you say anything about the security?
MH: All I can say about security is that the security requirements of the FBI are really quite unique. On the one hand, they're dealing with pressures to share information. On the other hand, there are sources and methods and things like that, which really need to be classified. And then the FBI had some espionage problems, like the [Robert Philip] Hanssen case, where an insider was using their systems to get information. So the systems have to be designed to deal with that kind of thing, too.
IW: Would it be fair to characterize the security as identity based?
FP: I don't think we can really get into that.