GMIT on mission critical systems and moregreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Government Management, Information, and Technology subcommittee (GMIT) Excerpts from "Report on the Committee's Oversight Review" Oct. 8, 1998
http://www.house.gov/reform/gmit/y2k/y2k_report/IIreport.htm --------------------- March 4, 1998
"Even John Koskinen's skills, however, do not change the fact that the Executive branch is still on the edge of failure. There are almost 8,000 mission-critical computer systems in the Executive branch. At the current rate of progress, only 63 percent of those systems will be ready for January 1, 2000 when the clocks roll over less than 667 days from now. We need a centralized approach. We need to prioritize. We need to coordinate. We need to do all of those stages very soon."
(no mention of legislative or judicial branches). ----------------------- June 2, 1998
"According to the June report card, of the 7,336 mission critical systems in government, 2,766 are not expected to be converted in time for the March 1999 milestone. That is unacceptable." ------------------------ June 10, 1998
At the March 18th hearing on Year 2000, Joel Willemssen of GAO and Assistant to the President John Koskinen agreed that not all mission-critical systems will be done in time. Two months later, the rate of progress had not improved. As of May 15, 1998, only 39 percent of all Federal mission-critical systems were Year 2000 compliant. At the current rate of progress, over 3,000 mission-critical systems would not be done by the President's deadline of March 1999. -------------------------- Sept. 9, 1998
"We found in our field hearings that while some organizations are on the right track, many have concerns about identifying and repairing embedded systems located in such critical equipment as nuclear plants, water and sewer processing systems, and even traffic signals. There are approximately 25 billion embedded chips in use throughout the world and as many as 50 million of them depend on date calculations.
---------------------------- Oct. 2, 1998
"There are approximately 7,300 mission critical systems in the Executive branch of the Federal Government. As of August 15, 1998, 50 percent of these systems were Year 2000 compliant. At the current rate of progress, the percentage compliant would climb only to 66 percent by March 31, 1999. This date is the President's deadline for fixing noncompliant systems."
"It is of deep concern that about one-third of all Federal mission critical systems will not be compliant by March 1999, only nine months before January 1, 2000, and only six months from the beginning of the Federal Government's new fiscal year on October 1, 1999. This is troubling in part because even once these systems are "compliant," they need to be independently verified, implemented (returned to operation), and then put through a rigorous end-to-end testing process involving all related systems. Testing and verification can take at least nine months, and often requires even more time than that."
"A further concern is that virtually all data on Federal Year 2000 status are self-reported. Questions have been raised about the reliability of these data. On June 5, 1998, the Defense Department's Inspector General published a highly critical audit of Defense's Year 2000 remediation. The purpose of the audit was to "determine whether the year 2000 certification process is adequate to ensure that mission critical technology systems will continue to operate properly after the year 2000" and to evaluate "the year 2000 certification process" through a random sample of systems already certified as compliant by the individual managers in charge."
"The audit uncovered two separate but related problems in DoD implementation of the Management Plan. First, many systems were certified as compliant when in fact no adequate justification for such assertions existed. The Inspector General estimated that only 109 of the 430 systems reported as compliant by November 1997 were in fact adequately validated according to the five-phase process."
"This ambiguity extends even to the central concepts and terms utilized in the Year 2000 remediation community, including statements given to Department of Defense project managers by the relevant private vendors. For instance, it has been hard in practice to determine precisely what is meant by the terms "certification" and "compliance." As General Accounting Office representative Alan Rhodes recently argued: "What I would say is that the data that are out there are suspect. The numbers that are presented are not uniform. [The General Accounting Office is] having trouble finding clear definitions . . . You say tomato, I say tomato. There's a great deal of people who say four things you can hear from a vendor. One you probably will never hear, and that is certified Y2K compliant. . . Second point would be just Y2K compliant. That's going to come to you from the General Counsel. And it will be a large document, and I promise you won't understand it when you're done. Third thing's Y2K ready. I have no idea what that means. The fourth one is, we don't foresee a problem; and if you have one, call us."
In addition, there has been much uncertainty about the criteria for naming a system "mission critical." As the Year 2000 program has proceeded, many mission critical systems have disappeared from the central database not because of successful completion of the five managerial phases and final certification, but because they were re-identified as "non-critical" to Defense's "core capabilities." Thus, an agency's "progress" may be predicated on a reshuffling of cards rather than timely completion of Year 2000 technical objectives."
"Testing is a major aspect of the Year 2000 problem. According to many experts, testing is also the hardest, most expensive, and most time-consuming aspect of fixing the problem. The concern is that many Federal agencies will not have sufficient time to thoroughly test their systems. Evidence so far suggests that this is a major problem. The General Accounting Office described the state of Federal testing as "one of the more alarming problems we have come across."
"For example, the Federal Aviation Administration's Enhanced Traffic Management System monitors flight plans nationwide, controlling high-traffic situations and alerting airlines and airports to bring in more staff during times of extra traffic. Since it must exchange data with airlines' flight planning systems in order to accomplish this, end-to-end testing is essential, and would include systems for all entities involved, as well as their supporting telecommunications."
"And in May of 1998, the Department of Agriculture reported as Year 2000 compliant 15 replacement systems that were still in the planning stages."
"Federal agencies have more than 10,000 data exchanges with each other, foreign governments, State and local governments, and private entities. The subcommittee was informed by the Office of Management and Budget that the Executive branch is working closely with the National Association of State Information Resource Executives as well as the National Governors' Association. OMB has directed Federal agencies to report on their inventory of data exchanges, State by State, and to ensure that they are all Year 2000 compliant by March 1999."
2. The Federal Leadership Role
"In addition to preparing its own technology for the year 2000, the Federal Government must play a leadership role, both within the United States and internationally. This would be appropriate for any wide-spread problem, but is particularly so in light of the fact that technology is highly interdependent and the United States relies on technology more than any country in the world. Furthermore, the Year 2000 problem has the potential to cause excessive anxiety and even panic in people who fear the worst. As noted earlier in the report, this kind of fear is allayed by access to information and confidence in elected leadership. For these reasons, the subcommittee has repeatedly called on the President of the United States as well as the departments and agencies of the Executive branch to take a strong leadership role in addressing the Year 2000 problem."
"The importance of Federal leadership has also been stressed repeatedly at subcommittee hearings. Subcommittee Ranking Member Dennis Kucinich stated that the Federal Government, in particular, must take a leadership role. "It's not enough that the Federal Government fix its own systems, the Government must also facilitate private sector conversion." One witness asserted that "[w]e need a broad public acknowledgment of the nature, scope, and difficulty of the Year 2000 problem, starting with President Clinton and followed by other leaders in the Administration, in Congress, in the military industry, and elsewhere."
"In terms of international leadership, trade is especially vulnerable to the Year 2000 problem because it is highly dependent on technology. Every import and export transaction involves a number of sequential steps and several companies, including transportation companies, ports, freight forwarders, banks, warehouses, and government agencies. All these entities rely on information technology systems and embedded systems. Furthermore, it is actually impossible to test the systems until January 1, 2000, due to the sheer number of discrete technologies and enterprises that make up a foreign trade transaction. One witness put the international picture in dramatic terms: "[W]e come to the conclusion that foreign trade, unfortunately, is going to decline very rapidly and very quickly as we move into next year." ----------------- State Governments.
"Mr. William Vetter, Manager, Bureau of Communication and Computer Services, State of Illinois, noted that many Illinois agencies "began to address the Y2K challenge several years ago, even in the 1980s." The State's target completion date for Year 2000 repairs is January 1, 1999."
"As of the August 13, 1998 hearing, New York State had 6 of its top 40 systems Year 2000 compliant; the remainder were scheduled to be competed by January 1999. New York also reported that 19 percent of its 900 data exchanges were compliant. The State put its cost estimate at $250 million. "We have implemented numerous strategies to recruit, retain, and compensate staff." Mr. Davis also noted that his State is actively participating in Federal-State Year 2000 coordination meetings and working with other State and local governments on the issue."
"Texas reported that it believes that most mission-critical systems will be ready for the Year 2000. All coding changes are targeted to be completed by December 31, 1998. All agencies with embedded systems are supposed to report to the Texas Year 2000 Project Office in October 1998."
"Despite this positive effort, the ability of State governments to prepare for the year 2000 remains in doubt. As January 1, 2000 approaches, time for thorough testing will run short for States trying to do too much at the last minute. Costs will rise, and the technical expertise necessary to implement and test sophisticated systems will be increasingly scarce. "Texas, Missouri, California, and a number of others have already cited the fact that they are unable to attract and retain the resources that they need to fix their problems." -------------------- County Governments
"Nassau County, New York was represented by Douglas Wipperman, Director of Data Processing for the county. He reported that the County discovered the problem early on and decided to approach it through full remediation of expanding to the four-digit year rather than through windowing. "Many of the consultants approached us suggesting that [windowing] was the way to go, but what happens is, we are left holding the bag after they are gone." ----------------- 2. Basic Infrastructure: Electricity, Telecommunications, Water
"Frankly, we as a nation do not know where we stand on key infrastructure areas like power, water, and telecom. . . There's a lot of talk but when you get beneath that talk there is no underlying data." ------------------ Telecommunications.
"Telecommunications systems are critical to the operations of nearly every public and private sector organization including financial services and brokerage institutions; health, safety, and emergency services; transportation; utilities; and manufacturing and small business. Disruption in the service provided by the public telecommunications network can affect millions of users and cause massive financial losses."
"Most major carriers expect to achieve Year 2000 compliance of their network services by December 1998. Most major carriers also plan to be fully compliant, including support services and systems, by mid-1999. At a June 1998, House Ways and Means subcommittee hearing, the General Accounting Office testified that it will be a "massive challenge" to bring the telecommunications industry into compliance on time. With less than nineteen months remaining, the GAO was concerned that no one currently had an overall assessment of the degree of year 2000 risk in the telecommunications infrastructure."
"Water and sewer companies rely on computers as well as equipment operated by embedded chips for a wide range of functions. These include electronic pressure recorders, generators, collection systems monitoring, flow monitoring, mobile equipment, meter reading, and routing. They also include laboratory analysis, industrial compliance determinations, and geographic information systems. If their technology fails, a variety of malfunctions could result."
"David Hall, an embedded chip expert and Senior Engineer, CARA Corporation, reported on his discouraging observations of Year 2000 preparations at water treatment plants: "Every municipality I have worked with said that their wastewater treatment and wastewater flow is the most critical item, bar none, even electricity. And I have yet to see anybody from a national level or even a state level start looking or trying to get everybody together to determine whether the water and the wastewater flow and the other things can come together." The General Accounting Office made a similar observation: "[T]here is increasing evidence of a great number of embedded chips in water and wastewater systems that must be dealt with quickly."
-- bilbo (email@example.com), January 21, 1999
It seems that bullshit flows downstream, too.
-- Bill (firstname.lastname@example.org), January 22, 1999.