The following is excerpted from an article on the Cassandra Project site www.millennia-bcs.com by a person who works in the Australian power industry. Does his proposal especially proposition 3 have any merit?

Contributed by: Joseph Sgroi

Email: josephs@powerup.com.au

26 May 1998

Power Stations: A Strategy for Survival

This article is a follow up article to my article of 2 April kindly printed in the Guest Room of the Cassandra Project. My previous article portrayed the probability of severe long term power blackouts as a result of non-compliant real time embedded systems failing within the Power Station environment in the Year 2000.

Therefore, are we all doomed to an era of darkness and social disruption? Not without a fight we're not! We all enjoy life and cherish our family and friends to allow that to happen.

So how do we resolve this most difficult problem?

The strategy to make a power station Y2K compliant may only work for an extremely small number of the more modern, more recent power stations. Even here there will be serious doubts, as I.T. equipment built as recently as 1996 has been proven to be non-compliant. Non-compliant chips are still being sold as we speak.

I therefore put to you the following propositions as food for thought and discussion:

Proposition 1: Test for Compliance Now

Any Power Station which is currently under construction MUST be built with 100% compliant equipment. We must also ensure that it is thoroughly TESTED for compliance. The emphasis should be on testing each item of equipment, rather than relying on vendor compliance certificates.

Proposition 2: Bring forward construction dates

Any Power Station that is due for completion in 2000 or 2001 needs to be brought forward and completed by December 1999. Proposition 1 must also be adopted for these stations.

Proposition 3: Time Re-synchronisation within the Electricity Industry

Consideration should be given to the option of turning the clocks back within the power industry to a mutually agreed synchronised time. This would ensure that a disaster is avoided and power stations are kept on line in the Year 2000. This option may sound preposterous at first glance, but allow me to put the following arguments to you:

1. Y2K will hit most if not all Power Stations AT THE SAME TIME. This, as a minimum, would cause blackouts of weeks or months. In the worst case, a "System Black" could result which would be a catastrophe. Either scenario would result in severe social disruption with major impacts to the well being of our society and our own families.

2. Once a Power Station goes down in the rollover to Year 2000, the harsh reality is that those small tiny batteries on the non-compliant circuit boards within components and equipment will guarantee that the incorrect date is maintained on that component or item of equipment. So even if we can kick start that station with a backup generator, the non-compliant components will again cause that Power Station to shut down. The Power Station remains unusable until ALL non-compliant components and items of equipment are replaced.

3. There may not be enough time to investigate, test and replace approximately 100-400 items of equipment in each power station and complete all this work within 18 months. Even if we manage to find suppliers for all our components that are to be replaced, the inter-equipment interface specifications and operational functionality, along with the necessary tests, would be the issue here which would cause unacceptable delays in time.

4. Synchronisation would ensure that ALL equipment at the Power Station would NOT be confronted with the Y2K problem and would continue to function normally. Even if the synchronisation program was not totally completed at a particular power station in time, it could be completed very shortly after Jan 1 2000. Whereas total equipment replacement would take many months after that date, and be very costly as well.

The synchronisation of equipment clocks would be an enormous undertaking, but it may be achievable within 18 months. The reality is that the compliance alternative may not be achievable in the very little time we have left.

This synchronisation option would play havoc with the billing and marketing systems within the industry, however this could be compensated by way of a special Government grant or tax to assist the privatised electrical businesses. If this is the small price we need to pay to ensure ongoing electricity supply, then so be it. The management of risk may indicate to us that this is our best, least-risk option. It may be both our lowest-cost and best time-critical option. The consequence of proceeding down the compliance path and not completing the work in time simply doesn't bear thinking about.

This 3 pronged strategy would ensure that at least some power stations would remain on-line. In the event that both the compliance alternative and/or the synchronisation alternative failed, Propositions 1 and 2 might ensure that, at the very least, some power stations are still functioning on the power grid. Electrical engineers are well aware of the fact that this outcome is absolutely critical.

The Year 2000 problem will act as a test for the Electrical Industry. The industry has undergone significant change of late, with the transferral of ownership and control from government to private companies. This problem will require coordination and agreement between all the stakeholders in the industry, governments and private companies alike. It will test the resolve of private industry and governments to set aside profit and control objectives, in order to work together to confront and obliterate the common enemy. In some ways it will be a test of our society as a whole.

Keep raising awareness.

-- Anonymous, June 07, 1998

Answers

What do I think of: Proposition 3: Time Re-synchronisation within the Electricity Industry

It's a great idea... but... I think it may not work in some cases.

The problem I see is that embedded systems may not have 'obvious' dates and times that can be easily identified and altered. If this is right, how will we know that (a) we go them all (b) that some systems won't reset to other dates at some future time (c) that all equipment will work with the earlier date. I know of examples of equipment that does not go backward in time - as an integrity precaution. Also, some physical systems depend on dates for proper operation (e.g., moon phase, season, leap years and centuries, etc.). Then there is the problem that we need to reset all of those clock at the same time - or the system may fail from synchronization errors.

Also - please note that the assunption in: 1. Y2K will hit most if not all Power Stations AT THE SAME TIME. does not seem to be entirely right. Many systems are not based on ZULU time, but on local time, which means that many Y2K failures will roll around the globe with midnight.

-- Anonymous, September 28, 1998