Systematic Errors

A new law aims to prevent software meltdown in federal agencies

Several hundred tons of plutonium, enriched uranium and other highly radioactive materials have been produced within the U.S. over the past two decades. For every ounce created, transported or sold, Department of Energy officials entered a record into a database. The tracking system ensures that no weapons-grade nuclear materials are stolen or misplaced and provides evidence that the U.S. is complying with international treaties. But in 1993 the software, written 20 years ago for an obsolete mainframe, had become impractical to maintain, so the DOE ordered a replacement.

Because of the importance of the system, Congress asked the General Accounting Office (GAO) to check up on the project a year later. The GAO's report was disturbing. It warned that the DOE's contractor had started programming without adequately analyzing whether the new design would work as well as alternatives, meet users' needs or even save money. Despite the GAO's admonition, construction continued.

Last fall the GAO issued a follow-up review raising more serious concerns. The contractors, it found, could provide no specifications, no test results, no status reports. The DOE had no way of knowing whether the project was on track. Agency managers could not even estimate the size of the new system. Nevertheless, in September the DOE switched off the old tracking system and turned on the new one without ever requiring that the software pass a final test demonstrating that all its reports are accurate. GAO reviewers have recommended canceling the project, warning that "the history of software development is littered with systems that failed under similar circumstances."

Indeed, in the history of federal software procurement, expensive, time-consuming failures are the rule. The costs to taxpayers are threefold. First are direct losses from investments in technology that is never used, such as a Federal Bureau of Investigation fingerprint-scanning system ordered in 1993. Already late and more than 50 percent over budget, the system uses technology so outdated that police advisers recently voted to reject and rebid the contract.

Secondary costs go to pay salaries and maintenance fees to keep obsolete systems running while modernization projects drag on. The National Weather Service's upgrade of its observation and forecasting systems, for example, has slipped five years and doubled in cost because of poor design and management.

Most painful, however, are the lost savings that could have been realized had agencies applied technology effectively. While the Internal Revenue Service has frittered eight years and $2.5 billion trying, with little success, to modernize its systems in order to combat fraud and noncompliance, an estimated $70 billion in uncollected taxes has slipped through the government's fingers.

No one knows what return executive agencies can expect from the $26.5 billion they plan to spend on information technology in 1996. But many industry experts are certain that it is lower than it ought to be. One major reason, an outdated law known as the Brooks Act, vanished in February, when President Bill Clinton signed a bill that radically reorganizes the way federal agencies purchase large software systems.

The 1965 Brooks Act funneled nearly all computer purchases through the General Services Administration (GSA) and forced agencies to pick contractors through a lengthy competition. The idea was to ensure that the government paid the lowest price for expensive mainframes. But as large machines yielded to the market for personal computers, the law became a costly anachronism.

The legislation that repeals the Brooks Act will require each federal agency to appoint a chief information officer (CIO). Although agencies will no longer need the GSA's (typically rubber-stamped) permission to buy information technology, they will have to report on the cost, status and success of their projects to the Office of Management and Budget (OMB). The OMB will have the authority to kill runaway systems by withholding their funding-and the duty to send an annual report to Congress comparing the performance of the agencies.

In place of the Brooks Act's intricate rules is a new set of detailed directions. Big systems must be split into small independent chunks so that later sections can incorporate newer technology. Segments are supposed to be finished within 18 months-faster than most current projects. Perhaps the law's most ambitious provision insists that agencies analyze and redesign operations before investing in systems to automate them.

Senator William Cohen of Maine, who sponsored the legislation, maintains that it could save up to $175 billion over five years. Industry veterans suggest that estimate may be wildly optimistic, although they generally agree with Larry E. Druffel, head of the Software Engineering Institute, that "repeal of the Brooks Act has to be positive." Appointing CIOs, splitting projects into pieces and enforcing risk management could produce a more logical approach, he says. But Druffel warns that "these components could also produce a bureaucratic system in which the CIO becomes a bottleneck, security concerns inhibit the use of commercial products, and increments are built without any unifying framework, so that nothing works with anything else."

Richard A. DeMillo, former head of the Software Engineering Research Consortium, points out that the law "recycles old ideas that have always sounded good but haven't been followed by contractors." Indeed, the act gives agencies no new leverage to deal with firms that deliver poor work, fall behind schedule or raise their cost estimates midstream.

If Congress has neglected oversight in the past, "this goes to the other extreme, of micromanagement," complains Paul Strassmann, former CIO for Xerox, Kraft and General Foods. "The fundamental flaw here is that [Congress] prescribes inputs yet has very little interest in results." Congress, he suggests, should demand reductions in overall agency costs, not in the price of technology.

"Treating each systems acquisition as a separate [technological] solution," Strassmann testified in a Senate hearing, "has resulted in thousands of unintegrated, hard-to-maintain, impossible-to-manage, contractor-dependent islands of automation." Because the law "does not articulate what to do with what is already in place and what happens after new systems are installed," Strassmann warns, "this act may succeed in eliminating much of the existing regulatory chaos of acquisition only to become saddled with a more costly chaos of operations."
-W. Wayt Gibbs in San Francisco

This is the second in a continuing series on computing and government.