Hello again everyone!

I have a really major question. I have been studying Y2K now for about two monthes & trust me I get it. However, the question I have is companies and government and so on being "compliant."

OK here goes:

I keep hearing that this place or that place is compliant because 100% of there critical systems are compliant. OK,,,So what about the systems not considered "critical?" If all the little systems fail will it not in some way affect the major systems?

Please help me out on this one! I cannot find many answers on this question.

I would appreciate any and all comments!

Thanks,

PMM

-- PMM (grute22@yahoo.com), February 22, 1999

Answers

Dear PMM,

Before one can determine which systems are critical, one must define "critical". These definitions can be pretty subjective, depending on what the enterprize is involved in. In any event, some criteria for what is critical and what is not critcal must be established.

You have concerns about the non-critical elements of a project interfering with the critical elements. These concerns may or may not be justified. It all depends on the competence of the individuals making the rules. I hope the above answer helped and did not add any unneccary confusion.

-- Watcher (anon@anon.com), February 22, 1999.

Good question PMM,.....and what if those "non-critical" systems get activated at any time? What happens to the rest of the system? Have many companies looked at this? What happens then to the rest of the system?

Two months is good,.....better than no months. Get your butt in gear Welcome aboard.

-- Donna Barthuley (moment@pacbell.net), February 22, 1999.

Defining a critical system can be more than a simple matter of judgment, when systems pass data back and forth. If a given system is deemed critical, then every system the given system relies on for input must also be considered critical, since the critical system can't work without them.

Analyzing these data flow patterns is not a trivial exercise.

-- Flint (flintc@mindspring.com), February 22, 1999.

Flint - you're right, but how many of them are actually accounting for it that way? I think we can pretty much guarantee that the fedgov isn't...though I'd bet at least some portions of private industry are trying...whaddaya think?

Arlin

-- Arlin H. Adams (ahadams@ix.netcom.com), February 22, 1999.

PMM: Michael Hyatt dealt with this problem, specifically.

Go to his website (www.michaelhyatt.com)and look the archives of 2 weeks ago("Beware of half truths..." or something like that). You'll find it amazing, and will thoroghly answer your question.

The bottom line is, you are on your own. Don't believe anything the companies say. There are NO standars. Hope for the best; prepare for the worst

-- Eli (eli@zephyr.net), February 22, 1999.

Arlin:

According to Arnold Trembley, Mastercard has done exactly that. They were surprised that some systems had to be categorized as critical. I don't know if they modified any data flows to cut unimportant systems out of the loop. My impression is that MC has exhaustively time- machine tested ALL of their code anyway.

-- Flint (flintc@mindspring.com), February 22, 1999.

PMM, My overriding concern is with the production and transportation of foreign oil to the US. I believe that we won't have the slightest idea how that is going to behave until the middle of January. This doesn't exactly address your question, but is to communicate my feeling that the questions of US government and private sector compliance (including ancillary issues like the "mission critical" ranking process)is of minor importance compared to the foreign oil situation.

-- Puddintame (dit@dot.com), February 22, 1999.

According to the U.S. Gov'ts new definition of critical and non- critical, a "non-critical system" is one that cannot be fixed on time.

You and I know that this is kind of silly, but the GAO has caught several gov't agencies playing with their numbers to make themselves look better.

Mike Cumbie

-- Michael H. Cumbie (Mikecumbie@aol.com), February 22, 1999.

Hi PMM. I find it very interesting that the critical number keeps going down with just about every "updated" report we see. Mike has a very good point: this is the easiest way of all to apply the Y2K fix. <:)=

-- Sysman (y2kboard@yahoo.com), February 23, 1999.

Arlin, I can assure you that the DoD knows exactly which systems are mission critical and which are not. They have analyzed their systems over many years. An example, the system which monitors satellites is a mission critical system, the system which trains operators is not. True training must go on but the system itself is not mission critical.

To address the "numbers" going down, nothing to see here (the South Park cop). Anyone working in the Y2K arena knows for a fact that going through the assessment phase you find things differently than you orginally thought. Some systems are in actuality a part of another or one system may actually be two. As you get deeper into the remediation you have a better understanding of which code is a part of what. Numbers don't mean anything. You're looking way to hard at this stuff.

"As a basketball fan, I get sick and tired of people talking about numbers. To me, the world is getting too materialistic." Shaquille O'Neal after signing a sever-year $121 million contract.

Troll Maria

-- Maria (anon@ymous.com), February 23, 1999.

There was an interesting exchange during a Dept of Defense briefing last month which shed some light on the militarys view of mission critical.

http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=000SzG

Actually, I can see Hamres point applying to most organizations. As I once read somewhere, if you ask the question: If its not mission critical, why are you using it?, suddenly a lot of folks are afraid theyll lose their jobs.

*snip*

Q: My final point here is that the number of mission critical systems appears to be growing since the OMB report in November. I could be wrong about this. Is there a fluctuation in the number identified?

A: (Hamre): It moves up and it moves down as you study a case. And you find out that one system is really a subroutine in another system or you'll find something that you thought was one system, turns out there are three variants. So the number does bubble around a little bit. But it isn't a dramatically different picture.

A: (Money): Let me just add that as time has gone along, back to your previous question, we know a lot more now then we did in the plan for October. Consequently, our confidence is heightened. So we -- I strongly believe this plan greater than I believed the October plan. So back to your first question. The number of mission critical systems is, in fact, declining because as you work through this, something that was once deemed to be mission critical, people say that's no longer necessary, especially since the CINC's involvement started to happen. And also, probably that other number you're referring to is 1,900 or whatever. This [figure] combined the intelligence programs that were needed in addition to all the others where we had kept that separate in a lot of the previous reporting. So this is total DoD. Roughly 500 intelligence systems are imbedded in those numbers.

Q: Is there a problem in that there's not a standard definition of what is mission critical system? Is that changing as you go along?

A: (Hamre): Part of it is what mission critical is in the eye of the beholder. If you had a program manager that came forward and said my system isn't mission critical, you'd probably fire them. You want them to believe that what they're working on is critical. And so a lot of it was definitional. In the earlier phases, we were letting other people define for themselves whether what they were working on was critical or not. That led to overpopulation of the list of mission critical systems. We feel very confident that these systems have to work on the 1st of January if we're going to be able to carry out our composite mission here in the department.

Q: Do you know how many systems were considered mission critical at the beginning of this process that are no longer considered mission critical?

A: (Hamre): I don't remember how many scrubbed out. A couple hundred, I suppose. Or more.

Q: It's more than just weapons transportation, communications --

A: (Hamre): The little thing that makes labels in the grocery stores and our commissaries. You know, it's all that kind of stuff. In our building, you don't say you're not mission critical. It's like people not saying they're not mission essential when we have government shutdowns. Everybody wants to be here. It has taken outsiders looking at it to say do we have to have this system or not? Does it have to function the way it currently functions or not on the 1st of January? That became the criteria.

*end snip*

-- Lewis (aslanshow@yahoo.com), February 23, 1999.

FMM Just one more tnought on the whole problem. What about people coming in on 1-1-2000 and forgetting to type in 2000? Or, the "new" way that the date for that company has been reconfigured ? Or, interfacing with a non compliant company out of habit and/or you forgot they were on the " NO-NO" list . With the number of hangovers from the night before, it could happen in hundreds of businesses . Got mouse traps ??? Eagle

-- Harold Walker (e999eagle@freewwweb.com), February 23, 1999.

It appears people (managers and agency heads) are using whichever quantity of critical systems fits their purposes at the time:

Want to appear more important to your future boss? Increase critical systems. Need more money or higher priority for your department? Increase critical systems. Need to report percent apparent progress? Decrease the critical systems. Need to report "100% compliant"? Eliminate critical systems completely.

Want to confuse the issue further to outsiders? Change the definition of what a critcal system IS.

A mission critical system is ANY system which is required for the organization to _survive_ Jan and Feb. Or is it to "to make a short term profit" in Jan and Feb. Or "to make a long term profit through the whole year." Or "to serve its customers (internal company customers and outside client customers) through Jan and Feb next year".

Or is a mission critical system any program or process that is required to allow the "customer" to to survive and manage through Jan and Feb. next year? For example, the water company or county tax office might itself survive, at the price of a failed subordinate program that completely wiped customer records clear. The customers get messed up, but the organization survived. Therfore, was that subordinate program mission-critical or not?

I have a feeling that many thousand programs are slipping through the cracks now - and will be the source of trouble for millions next year.

-- Robert A. Cook, P.E. (Kennesaw, GA) (cook.R@csaatl.com), February 23, 1999.