“The Ministry of Defence’s ambitious new £7 billion IT system, designed to replace hundreds of ageing existing systems, was badly planned in important respects. No proper pilot for this highly complex programme was carried out and entirely inadequate research led to a major miscalculation of the condition of the Department’s buildings in which the new system would be installed.
“In addition, the ATLAS consortium implementing the project - led by EDS, a company whose track record of delivering government IT projects has not been exemplary - underestimated the complexity of the software it had agreed to create. For over two years, it was unable to deliver a system that could safely handle Secret material.
“All of these factors contributed towards major delays to the project. There has been recent progress but the rate at which terminals are being rolled-out must improve rapidly if the Department’s latest deadlines are to be realistic.
“Given the scale of delay, the Department must head off the risk that existing IT systems, upon which MoD staff and military personnel rely, will fail. Detailed plans on the cost and timing of work to keep existing systems going must be developed, this planning to be funded from the management fee paid to ATLAS. And if the number of errors in the initial software design increases again, the Department must increase its scrutiny and not hesitate to turn down any claims from ATLAS for higher costs as a result.”
Mr Leigh was speaking as the Committee published its 1st Report of this Session which, on the basis of evidence from the Ministry of Defence, examined the difficulties experienced on the DII Programme in the past and the measures put in place to deliver improvement in future.
The Ministry of Defence (the Department) needs high quality information technology to achieve its goals, both on operations and in the United Kingdom. It is currently replacing hundreds of existing computer systems with a single new system, called the Defence Information Infrastructure (DII). The Programme to design, install and run this is being led by the ATLAS consortium. Ultimately, the Department intends to have some 150,000 terminals supporting 300,000 users at more than 2,000 sites, with additional capability on deployed operations and Royal Navy ships. DII must be able to handle material classified as Restricted, Secret and Top Secret. The Programme began in March 2005 and will cost an estimated £7.1 billion by 2015, if fully implemented.
The implementation of DII has suffered from major delays. Whereas 62,800 terminals should have been installed by the end of July 2007, only 45,600 were in place at the end of September 2008. The main causes of delay were the Programme’s over-optimistic assumptions about the condition of the buildings into which DII would be fitted, and the consequent selection of an inappropriate and unresponsive methodology for installing terminals.
The DII Programme also provides a range of core software such as word processing, email, internet access and security to run on the new system. This should all have been available in June 2006, but less than half of the requirement had been delivered two years later in June 2008. The slow pace of software design has been caused primarily by the ATLAS consortium’s inability to meet the Department’s requirements.
As a result of these problems, the Department’s existing computer systems have had to be used for longer than intended, with the increased risk that one or more of them will fail. The forecast cost of the DII Programme has also increased by an estimated £182 million. The Department has been able to protect benefits of the Programme, totalling an estimated £1.5 billion in due course, although some benefits will materialise later than planned.
In recent months, the performance of the DII Programme has improved somewhat, with some new software having been tested and 3,400 terminals being rolled out on average each month. However, rapid improvement to 4,300 terminals a month will be needed if the Department’s latest deadlines are to be met.
The Department has had a number of significant security breaches of personal data in recent years. An independent review of its data handling was held in early 2008 and the Department is in the process of implementing the recommendations.