KOSKINEN ON GOVERNMENT'S Y2K READINESSgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
KOSKINEN ON GOVERNMENT'S Y2K READINESS (Top Y2K advisor says government disruption unlikely)Washington -- In his statement before a House committee, John Koskinen, chairman of the President's Council on Year 2000 Conversion, said he is confident that the Y2K problem will not bring large-scale disruptions in key national infrastructure areas.
Koskinen said the federal government is concerned first with its own computer systems and, second, with the readiness of the state government systems. The Council has also formed working groups to address Y2K problems of organizations whose computer failures would have an adverse effect on the public. Communications, transportation, electric power and water supply are some of the critical sectors the government is focused on.
"I believe that at this time our greatest risks are in three areas: smaller government entities, small businesses and internationally," the Council chairman said.
Koskinen predicts that close to 90 percent of the Government's most fundamental systems will meet the March 31 goal set by President Clinton for Y2K readiness. Koskinen especially points to the progress made by the Social Security Administration, the Treasury Department and the Department of Health and Human Services.
Following is the text of Koskinen's testimony to a House committee:
(begin text)
STATEMENT OF JOHN A. KOSKINEN CHAIRMAN PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION BEFORE THE COMMITTEE ON WAYS AND MEANS U.S. HOUSE OF REPRESENTATIVES
February 24, 1999
Good morning. I am pleased to appear before the Committee to discuss the activities of the President's Council on Year 2000 Conversion and the status of public and private sector efforts to address the Year 2000 (Y2K) computer problem.
Mr. Chairman, I would like to start by thanking you and the other members of the Committee for your ongoing interest in the Y2K problem and its potential implications for beneficiaries and taxpayers.
Businesses and governments across the country are engaged in vigorous efforts to ensure that systems are prepared for the date rollover. It is a vast challenge, and not every system will be fixed by January 1, 2000. While progress is being made in the public and private sectors, continued efforts are necessary if we are to achieve our shared goal of minimizing Y2K-related disruptions.
The Three-Tiered Approach
The Y2K problem is a layered problem. It's not enough for the Federal Government, or any organization, to fix its own systems. Organizations also need to be concerned about the progress of partners they exchange data with and depend upon as well as progress among other organizations whose failure could have a significant effect upon their operations.
The Council began its work last year using this "three-tiered" model. From the Federal Government's point of view, it means first, ensuring that critical Federal systems are ready for January 1, 2000; next, working with our interface partners for important Federal services, primarily States, to ensure that they are remediating their systems; and, finally, reaching out to those whose failures domestically or internationally could have an adverse affect on the public.
The Council's more than 30 agencies, including several independent regulatory agencies, work together to exchange information on agency Y2K progress and shared challenges. They also coordinate interagency testing efforts for programs that rely upon multiple agency systems and assist each other with contingency planning efforts.
To reach out beyond the Federal Government, the Council has formed working groups focused on Y2K challenges in over 25 critical sectors such as finance, communications, transportation, electric power, oil and gas, and water supply. The working groups have reached out to form cooperative working relationships with the major trade associations and other umbrella organizations representing the individual entities operating in each sector. Working group outreach efforts are designed to increase the level of action on the problem and to promote the sharing of information between entities. The outside organizations in each sector have also agreed to conduct Year 2000 readiness surveys of their members.
We have also created a Senior Advisors Group to the President's Council, comprised of Fortune 500 company CEOs and heads of national public sector organizations representing our working groups. The Group provides the Council with an additional perspective on Y2K challenges that cut across sector lines and recommends how industries can best work together in critical areas. You are scheduled today to hear from two members of this Group. Scott Anderson of Zions National Bank represents the banking industry and Fred Brown of BJC Health Systems represents the hospital industry. We appreciate the willingness of these gentlemen and their organizations to work with us to address the Year 2000 problem.
Materials describing our working groups and the Senior Advisors Group are available on the Council's web site -- www.y2k.gov.
Federal Agency Progress
Our first challenge is to ensure that Federal systems are prepared for the Year 2000. These are the systems for which we are responsible and have the authority to fix. Consequently, it is the area about which we have the most information. Agencies report quarterly to the Office of Management and Budget (OMB) and Congress, and the OMB summary reports on agency Year 2000 progress are available on the Council's web site. I am pleased to report that the Federal Government continues to make strong, steady progress in solving its Y2K problems.
According to the most recent agency data, as of January 31, 1999, 79 percent of all Federal mission-critical systems are now Year 2000 compliant -- more than double the 35 percent compliant a year ago. These systems have been tested and implemented and will be able to accurately process data through the transition from 1999 into the Year 2000. The data also show that, of critical systems requiring repair work, 96 percent have been fixed and are now being tested.
The President has established an ambitious goal of having 100 percent of the Government's mission-critical systems Y2K compliant by March 31, 1999 -- well ahead of many private sector system remediation schedules. Although much work remains, we expect that close to 90 percent of the Government's mission-critical systems will meet the March goal, a tribute to the hard, skillful, and dedicated work of thousands of career Federal employees. Monthly benchmarks with a timetable for completing the work will be available for every critical system still being tested or implemented after March. And we expect that all of the Government's critical systems will be Y2K compliant before January 1, 2000.
Although you will hear more from all of them later today, let me say a few words about some of the agencies that are of particular interest to this Committee -- the Social Security Administration (SSA), the Treasury Department, and the Department of Health and Human Services (HHS). As you know, Mr. Chairman, the Social Security Administration has been a consistent leader in the Federal Government's Year 2000 efforts. SSA chaired the first interagency committee on Y2K in 1995 and has been an active participant on the President's Council, sharing useful guidance with the other agencies on best practices for remediation, testing, and contingency planning. In December, after we were informed that Treasury's Financial Management Service (FMS) had completed its work in this area, the President announced that the Social Security payment system is now Y2K compliant. And according to the most recent data, SSA has now completed work on all of its mission-critical systems.
The Treasury Department, which includes the Internal Revenue Service (IRS), the Customs Service, and the Financial Management Service, has some of the most complicated systems in the Government which serve millions of Americans. In particular, the IRS and FMS have faced difficult Y2K challenges. But the new managers in those agencies have done a very effective job in managing the process. At the IRS, Commissioner Rossotti has helped his agency to master what many thought to be an insurmountable task, and we are confident that the IRS will have completed work on most of its critical systems by the end of March.
HHS continues to confront some of the most unique information technology challenges in the world. The Department's efforts are complicated by the fact that the Medicare system is very dependent on the private sector for its operations. The Health Care Financing Administration (HCFA) has had to work in concert with roughly 60 large insurance companies who were not all initially responsive to the need to meet Government goals that, in most cases, required compliance earlier than their private sector customers. But they are making progress. And although significant systems work and contingency planning will remain after March, most Medicare contractors are expected to complete renovation and testing by the Government-wide goal. HCFA is also making substantial progress on its internal systems, as you will hear from Administrator Min DeParle.
Interface Partners
Our second challenge is to work with the Federal Government's interface partners, primarily the States, as they work to ensure that their systems are ready for the Year 2000.
States administer over 160 Federal programs. These programs provide some of the most recognizable Federal services such as Unemployment Insurance, Medicaid, and Food Stamps.
Millions of Americans rely upon these programs, so the Federal Government obviously has a vested interest in requiring that State systems administering them are Y2K compliant.
As a general matter, most States are making good progress in remediating their systems. Virtually every State has an organized Y2K program in place, often led by a designated State Y2K Coordinator. According to a National Association of State Information Resource Executives (NASIRE) survey of State Y2K remediation efforts, several States report that they have completed Y2K work on more than 70 percent of their systems. But not every State is doing well. The same NASIRE survey indicates that a handful of States report that they have not yet completed work on any of their critical systems.
The Council's State and Local Government Working Group is led by the White House Office of Intergovernmental Affairs and includes key groups like the National Governors Association (NGA), the National Association of Counties, the National League of Cities, and NASIRE. Last summer, Council members joined the NGA in a Y2K summit with Year 2000 coordinators from 45 States. To help sustain the momentum generated at that conference, I now participate in a monthly conference call with State Year 2000 executives to discuss cooperative efforts between the Federal Government and the States and how States can help each other to address Y2K challenges. We will hold another State summit next month with the NGA.
Federal agencies are also actively working with the States to ensure that Federal-State data exchanges for State-administered programs will be ready for the Year 2000. Most Federal agencies and States have now inventoried all of their data exchange points and are sharing information with one another to ensure the exchanges will function in the Year 2000. However, as of the most recent OMB quarterly report, three States had not yet provided any information on the status of their data exchange activities. For its next quarterly report, which will be released next month, OMB has asked agencies to provide assessments of each State's Y2K progress on ten key State-administered Federal programs such as Food Stamps and Unemployment Insurance.
Our joint Y2K efforts with the States are bearing fruit. Working together, we last month overcame one of the first major examples of a "look ahead" Y2K problem. The Unemployment Insurance program, a major Federal-State partnership administered by 53 State Employment Security Agencies (SESAs), encountered the Year 2000 problem on January 4. Since new claims are calculated on a 12-month basis, State systems had to process dates going into January 2000. The Labor Department had been working closely with all the States to ensure that they could continue to process claims and provide benefits through this transition, particularly the 16 SESAs that had not completed all of their Y2K system renovation before January 4, 1999. Thanks to this collaborative effort, these SESAs were prepared with, and are now using, temporary fixes to their systems so that they can continue to accept claims and process benefits while they complete their remaining Y2K work. The Department has also instituted special reporting procedures for the Unemployment Insurance program to identify any early problems. Reports have been received from all States and indicate that no Y2K-related service disruptions have occurred.
Beyond the Federal Government
The third challenge for the President's Council is to reach out beyond the Federal Government and its partners to those organizations whose failures would have an adverse effect on the public. As noted, to accomplish this goal, the Council has formed over 25 working groups in critical sectors such as electric power, communications, oil and gas, finance, and transportation. One of the first things our working groups encountered in their relationships with major industry trade associations and others was a reluctance on the part of many to share technical and other valuable information about their experiences in addressing the problem as well as information about the status of their Y2K remediation efforts. To break this logjam and help associations and other groups collect and share Y2K information, the Administration worked with Congress to enact the "Year 2000 Information and Readiness Disclosure Act." This bipartisan legislation provides protection against the use, in civil litigation, of technical Year 2000 information about an organization's experiences with product compliance, system fixes, testing protocols, and testing results when that information is disclosed in good faith. It also includes important protections for information gathering that is designated as a "special data gathering request" under the Act. These collections of information cannot be reached by private litigants, or used by Federal agencies for regulatory or oversight purposes, except "with the express consent or permission" of the provider of the information.
Using these statutory protections, the working groups, under the leadership of their outside industry group partners, are focused on gathering industry assessments of Y2K preparedness in critical sectors. Last month, the Council issued its first quarterly summary of this assessment information. While many industry groups are just beginning to receive survey data from their members and some report that they expect to have such information within the first quarter of this year, I'd like to make three points about what we know thus far.
First, we are increasingly confident that there will not be large-scale, national disruptions in key infrastructure areas. In particular, the telecommunications and electric power industries have constructed well-organized and comprehensive responses to the problem.
Second, banks -- large and small -- are well prepared for the Year 2000 transition. In the most recent examination by Federal regulators, 96 percent of the Nation's depository institutions were on track to meet the regulators' goal of completing Y2K work by June 1999.
The third point is obvious but it bears repeating. Our greatest risk lies in organizations that are not paying adequate attention to the problem.
If the head of an organization has fixing the Y2K problem as a top priority, that organization is by definition going to be better prepared -- even if it cannot fix all of its systems before January 1, 2000. It is organizations where the leadership is convinced that the problem doesn't apply to them or that they can simply fix systems when they break that are of most concern.
Of all the industry sectors, health care presents some of the most difficult outreach challenges. As you know, it is a diverse industry that covers everything from hospitals and long-term care facilities to pharmaceutical companies and retailers. Many health care providers and companies are freestanding entities and are not active participants in national organizations like the American Hospital Association (AHA) and others with whom the Council has working relationships. The diffuse nature of the industry has prompted us to divide the outreach responsibilities of the Council's Health Care Working Group into three main areas -- medical devices, health care facilities, and pharmaceuticals.
Under the leadership of the Food and Drug Administration, and with active participation by the Department of Veterans Affairs and the Defense Department, the Government has been collecting and publishing information about the Year 2000 compliance of medical devices. Companies were initially reluctant to take part in this process, but the level of participation has increased significantly in the last few months. Fortunately, the vast majority of medical devices do not have Year 2000 safety concerns, and many are not affected by the date rollover. Nonetheless, we are concerned about and are focused on providing to all health care providers' information about the small number of devices with Y2K problems that could compromise patient safety.
HHS is working with the AHA, the Joint Commission on Health Care, and others to assess the status of Y2K efforts within health care facilities and to encourage information sharing within this segment of the health care industry. At this juncture, we are particularly concerned about smaller health care facilities, many of whom may lack the resources to deal with the problem.
Under the leadership of the VA, the Council is working with the pharmaceutical associations, who have been focused on developing assessments of industry preparedness. We will also be gathering more information about the pharmaceutical supply chain, which fortunately does not operate on a strictly just-in-time inventory system and has reserve capability built into the process. We are looking forward to working with these groups to provide information to the public about the adequacy of prescription drug supplies as we move toward the end of this year.
Areas of Risk
Following the logic that our greatest risk lies in organizations where for one reason or another the leadership does not have the Year 2000 problem as a high priority, I believe that at this time our greatest risks are in three areas: smaller government entities, small businesses, and internationally.
At the local level, many towns, cities, and counties are aggressively attacking the problem and are making good progress, but a significant number are not sufficiently organized to prepare critical systems for the new millennium. According to a December 1998 National Association of Counties survey of 500 counties representing 46 States, roughly half of counties do not have a countywide plan for addressing Year 2000 conversion issues. Almost two-thirds of respondents have not yet completed the assessment phase of their Year 2000 work.
Many small and medium-sized businesses are also taking steps to address the problem and to ensure not only that their own systems are compliant but that organizations they depend upon are ready for the Year 2000 as well. But a significant number of small and medium-sized businesses are not preparing their systems for the new millennium. A recent National Federation of Independent Business (NFIB) survey, released this month, indicates that as many as one-third of small businesses using computers or other at-risk devices have no plans to assess their exposure to the Y2K problem. The survey also indicates that more than half of small firms have not yet taken any defensive steps. The NFIB and other small business surveys have found that having adequate resources for addressing the problem is not the concern. Rather, a significant number of small businesses appear to taking a "wait and see approach" on whether or not their systems will be affected by the Y2K problem. We are trying to get them to understand that this is a high-risk strategy. Internationally, there is more activity than there was a year ago, but it is clear that most countries are significantly behind the United States in efforts to prepare critical systems for the new millennium, and a number of countries have thus far done little to remediate systems. Awareness remains especially low among developing countries. While strong international coordination of Y2K efforts has existed for some time in the area of finance and more recently has begun to take shape for telecommunications and air traffic, we are very concerned about the lack of information and coordination in the area of maritime shipping. You will hear more about that area from the Coast Guard later today. Lack of progress on the international front may lead to failures that could affect the United States, especially in areas that rely upon cross-border, networks such as transportation.
The Council has been working to improve the response among smaller governments, small businesses, and international entities. For smaller governments, we have been working to reach out through groups like the National Association of Counties and the National League of Cities. We are also encouraging State Year 2000 coordinators to focus on the efforts of smaller governments within their jurisdiction. For small businesses, the Council joined the SBA, the Commerce Department, and other Federal agencies in launching "National Y2K Action Week," last October to encourage small and medium-sized businesses to take action on the Y2K problem with educational events that were held across the country. Another week is planned for this spring. And SBA has mounted an aggressive outreach program where, through its web page and with partners in the banking and insurance industries, it is distributing Y2K informational materials to the Nation's small businesses.
Internationally, the Council worked with the United Nations to organize in December a meeting of national Year 2000 coordinators from around the world, perhaps the most important Year 2000 meeting to date. More than 120 countries sent representatives to New York. The delegates at the meeting agreed to work on a regional basis to address cross-border issues (e.g., telecommunications, transportation). They also asked the steering committee we had created to help organize the meeting to establish an international mechanism for coordinating regional and global activities, including contingency planning. Earlier this month, the steering committee announced the creation of the International Y2K Cooperation Center, which will support regional activities and international initiatives in areas such as telecommunications and transportation. The World Bank will support the advisory and planning activities of the Center through voluntary donations.
Contingency Planning and Emergency Response
The Federal Government responds to a range of emergencies under the direction of several agencies. FEMA chairs the Catastrophic Disaster Response Group, which is comprised of a set of Federal agencies and the Red Cross. The State Department and the Treasury Department have responsibilities for foreign civil emergencies while the Defense Department supports both domestic and foreign emergency responses as well as being responsible for national security. The Departments of Energy and Transportation each have emergency command centers to help respond to challenges in their areas.
One of the challenges of the Y2K problem is that, while we do not expect major national failures in the United States, it is possible that we will have a confluence of demands for assistance and response as the clock turns to January 1, 2000. Therefore, we are working with all of the major emergency response agencies to create a coordinating center to ensure that we can respond effectively to whatever challenges we face moving into the next century.
We will also be discussing with our partners in our varied working groups, under the leadership of the Senior Advisors Group, the status of industry-wide plans for dealing with any emergencies that they may confront. While these responses are primarily the responsibility of each individual enterprise and industry, we clearly will all benefit by coordinated planning and communication.
We also are encouraging all organizations, beginning with the Federal agencies, to have contingency plans for the possible failure of their systems as well as the failure of systems they rely on that are run by others. As demonstrated by the Unemployment Insurance experience, the best form of response to a system failure is an effective backup plan.
The Balancing Act
Let me close by noting that we all continue to confront the challenge of encouraging organizations to take the Y2K problem seriously, remediate their systems, and prepare contingency plans without causing a public overreaction that is unnecessary and unwarranted. Our strategy is based on the premise that the public has great common sense and will respond appropriately when they have the necessary information.
We believe, therefore, that everyone working on this problem -- at the Federal level, at the State and local level, and in the private sector -- needs to provide the public with clear and candid information about the status of their Year 2000 activities. That's why we're making the industry assessments we gather publicly available. That's why the OMB reports on Federal progress are available to the public. That's why we have created the 1-888-USA-4-Y2K information line for consumers. That's why we will provide details of our contingency planning and are encouraging others to do the same.
A corollary principle is that everyone working on this problem has a responsibility to ensure that their comments accurately reflect the factual information that is available, and that they avoid over generalizations that will only play into the hands of those who want to create panic for their own gain.
We remain committed to working with the Committee and Congress on this critical issue. I would be pleased to answer any questions you may have at this time.
-- (Busy@the.top), March 01, 1999