This is another article out of my book 'The Year 2000 Millennium Bug Report' this guy believes that power stations are indeed at risk. Timothy Wilbur

Source: Year 2000 Discussion List, John Catterall, Year 2000 Project Manager - Western Power, in response to a Los Angeles Times article from 3/11/1997

From; jcatterall@ccmail.wpcorp.com.au Automated systems are indeed widespread throughout power utilities. Exposure to the industry would in my opinion rate as extreme. At Western Power, our IT compliance project (cost around $3 million and employing 35 full time employees) is trivial in comparison to the issues we face on the control and embedded system front.

Just leaving aside the problems associated with ensuring supply of such items as fuel, from the weighbridge and conveyor systems through to intelligent metering and meter reading systems dates are endemic.

Many of the control systems represented in power systems have dates associated with them. These could be reclosers, Voltage regulators, Governors, PLCs etc. The list is endless. You then have a swathe of actual 'applications' involved in the delivery of electricity such as your Distributed Control System and your SCADA (System Control and DATA 'eg dates' Acquisition) systems, all of which have dates associated with them. Much of what happens throughout the process of generating and delivering electricity is 'DATE AND TIME STAMPED'.

A typical DCS at a power station will have many thousands of processors associated with it. Anyone prepared to give me a guarantee that my DCS won't experience a date problem?? (I can't even get the manufacturer to give me this). Anyone prepared to run a power station, when the DCS is throwing alarms up at you that indicates it's getting no readings or a peculiar reading either from a device it is monitoring or one of its front end processors??

However, this represents just a portion of your problems. You will also need to address your security systems, your alarm systems (fire, temperature, etc,) your wastewater, your emissions etc. How do you monitor these and what control systems do you have in place? After all, your management must know how much and over what time period things are occurring. Your employee protection systems - would your power station staff be happy running your power station for you when they know if they hit a panic button nothing is likely to happen.

Any suggestion that power systems don't use dates or could not be affected by the Year 2000 problem is at best ill informed. John Catterall, Western Power - Year 2000 Project Manager (Note: these represent my views only and do not necessarily represent the views of my company)

-- Timothy J Wilbur (timkaz@nor.com.au), July 24, 1998

Answers

So many people like Gary North talk that the embedded processors, thousands per powerpant, will fail and cause catastropy. Maybe that is the case, I don't know. But let me ask a question stupid enough that no one seems to answer:

What happens when one o those processors fail today? Are there backups in place or under normal circumstances do 100% of them continue to work indefinately?

-- Danny (dlefever@emeraldis.com), July 28, 1998.

Here's some info from Washington State. Pardon the incomplete sentences--just want to save space.... Was channel surfing last Sunday, noticed "year 2000" at lower edge of picture on the State's Cable channel, man from State Dept. of Transportation, seated before 5 State senators, seeking more funds, reporting where things are now, 9 1/2 million lines of code, 850,000 of which are for our State ferries; 4100 work stations, 216 regions, 7500 items with embedded chips--all this and more operating our traffic lights, draw bridges, ferries. "It's amazing" commented a senator. 96 main frames; 81 completed. "Scares me to death" said another senator, Man from DOT says, "We're on target to be ready to test by July '99, the embedded chip side is another problem, getting very little help from vendors"...dealing with public safety involving snow in the mountain passes winter of '99, trucks, snow plows...Senator asks, "Where do we go for help re. chips?" DOT--We're in contact with 11 other states, also on the WEB, do not want to duplicate...found embedded chips in traffic lights--one day they say it's o.k., a month later they say they need to do something else...they're not registering dates. Asking for additional $700,000 (I do not know how much has already be appropriated.) Currently paying consultants $200/hr. Senator asks if the price is going up as time passes...DOT: "Yes"...says they can't get a certification from anyone that chips will work at draw bridges...manufacturer will not guarantee, ended with committee trying to figure out what budget to tap for funds...decision to be given at meeting next month, one senator stated the consultants are "getting fat & happy" will go on vacation yr. 2000, will be gone when things don't work. So, how's it going in your state????

-- Holly Allen (Holly3325@juno.com), July 28, 1998.

Danny,

As I understand it, there is a certain amount of redundancy built in to power plants. The loss of 1 embedded system in 1 single station is not a wipe out. This is a single point failure, and utilities do deal with this situation many times a year. In some cases the plant can lose power output capability for a while, but the overall demand is picked up by the grid.

The real problem occurs if any of the following occur:

a. The grid can't respond.....perhaps because excess generation capacity was reduced when the nuclear plants were forced to shut down for safety reasons, perhaps because other plants are also having trouble.

b. A single plant suffers multiple failures. This isn't likely in normal operation (although it does happen). It is far more likely in the Y2K scenario where the failure might occur in several units near the same time.

c. The maintenance people go to replace the failed embedded system and find that the replacement is also non-compliant, so that the generation capacity of the particular plant is reduced until a working unit can be installed......or until manual workarounds can be performed by the operators.

-- Rocky Knolls (rknolls@hotmail.com), July 30, 1998.

This is not a complete technical answer to embedded controllers at power plants (sewage, natural gas, water, etc. would be similar), but it might help explain the kinds of problem.

Assume you have a pump running, filling a tank or pumping soemthing from tank 1 to tank 2. Tank2 must be full in order for the power turbine to run. (Typical for a lube ol system or condensate and feed tank, by the way.) Tank 1 and tank 2 have sensors with embedded controllers to tell the pump when to turn on and off. (All of above assumes there is power available to pump and to the controller building and sensor and the lights .....)

If the embedded controller fails shut, the pump runs continuously, tank 1 empties, tank 2 overflows, and the turbine stops.

if the embedded controller fails open, tank 1 is never emptied, tank 2 runs dry, and the turbine stops.

if the embedded controller fails (no signal) the turbine gets a warning condition and stops automatically. Or maybe it doesn't stop and fails catastrophically, tearing itself to bits as it runs without lube oil.

a person tries to maunally regulate the system, makes an error after 32 hours on continuous duty (because no body came to relieve him, and nobody else has ever done in 32 years) and the turbine trips. Or it overflows becuase the manual level detection is misread, or not accessible to the control valve. Or the pipes break because of water hammer when the pump is started too quickly, or the suction goes dry because no truck can come and refill tank 1.

Or.....

-- Robert A. Cook. P.E. (Kennesaw, GA) (cook.r@csaatl.com), September 11, 1998.