another embedded system survey : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Serious Y2K Risks In Embedded Systems - Report

April 23, 1999: 1:16 p.m. ET

LONDON, ENGLAND (NB) -- By Steve Gold, Newsbytes. The green light on Year 2000 issues relating to embedded systems may have been given too early by many experts, according to a report just published by BSC Consulting. The London-based IT consultancy firm says that it carried out its survey as part of its ongoing business continuity and risk management service. The survey revealed that the problem of embedded chips could have a serious impact on vital services and buildings, says Patrick Moore, the director of the firm. BSC says that its survey was in-depth, and covered a total of 38,361 systems involving telecommunications, medical equipment, air conditioning, lifts, heating, lighting and other utilities. According to Moore, the dangers of the Y2K issue on IT systems generally have been well documented and, as a result, many organizations are spending millions of pounds to try and resolve the problem in time for the next century. Concerns have also been raised about the potential risks to building systems and equipment, brought about by embedded chips and logic processors that could be affected by the Y2K problem. In its report, BSC refers to these items as assets. Its report found that 6.8 percent of these assets are not Y2K-compliant. While this percentage may seem low, the difficulty is that these systems may be the ones that are going to be vital in terms of running a building, according to Moore. "It's very important that companies and organizations take steps to ensure that their embedded systems are millennium compliant, otherwise they could be faced with the prospect of not being able to operate their business at the beginning of 2000 because vital machinery or building systems are not operational," he said.

home | digitaljam | contents | search | stock quotes | help

Copyright ) 1999 CNN America, Inc. ALL RIGHTS RESERVED.


-- (, April 24, 1999


From the Presidents Council on Year 2000 Conversion which of course all of you have read :o) is this interesting bit.


(Lead Agency -- Department of Veterans' Affairs)


7 A February 1999 survey of 24 drug manufacturers representing 90 percent of the industry found that they are 67 percent complete with remediation of critical systems and 50 percent complete with testing.

7 Drug companies report that 90 percent of embedded systems are Y2K compliant, while 10 percent require adjustments/replacement.

-- Brian (, April 24, 1999.

Now why would this high a precentage be reported and there is supposed to be no reason for this problem? Now why would anyone want to think there is going to be a problem if 90% of the generic meds are imported? Would John K. be an alarmist or is there really a problem.

-- Brian (, April 24, 1999.

So basically, this BSC tested 31,368 embedded systems, and found a failure rate of 6.8 percent. Doesn't sound too bad, but lets figure exactly how many failed:

.068 multiplied by 31,368=2,133 system failures

Now, lets dive into this a little more carefully. Basically, anyone can take this whole article at face value. Of 31,368 embedded systems were tested. Of those, 2,133 failed. That is so small of a number that honestly any person can't sit here and fret over a number so miniscual.

Gartner released a survery and Y2K problems will be spread well over a year, and more likey 23 to 36 months. With only 8% of all problems occuring at the stroke of 12AM on January 1st, 6.8% not even really worth worrying about.

Also, these embedded systems, you have to ask several questions, what kind? What type? What problems were detected? Did the problems shut down all responsibilities of the microchip, or did it still function?

Pat "Don't trust the gov't. Trust me. I can sell you family safety for only the low price of $10,000."

-- Pat (, April 24, 1999.

So a Risk Management Consulting Company finds risks to manage? Will wonders never cease. Such objectivity!

-- Flint (, April 24, 1999.

In terms of the health care industry they have to have accurate dates even if it is not critical to the basic operation of the equipment cause if there is a death or otherwise and the lawyers get involved then the hospital has a problem. The cost of legally fixing the problem is going to amount to more than fixing the equipment. Not to mention of course the patient but people don't count as it "will never effect them". The health industry is finding 2 - 5 percent failure in hospital equipment because of date problems. Fix on failure or work arounds are not an option in such a case.

If the rate of failure is as high as 10% are you really going to say that the happy faces in Clintons command are just throwing numbers out for the sake of the consultants to make money? Or could the problem be a bit bigger than we would hope?

Back to the chemical industry report

>>>>>>>>>>>>>>>>>>>>>>>>> SMEs managing high hazard chemicals can pose large risks to works and the surrounding community. While some exceptional SMEs are highly resourced, more generally, SMEs lack awareness regarding the Y2K impact, resources, and the technical know-how for fixing the problems. Given the time constraints, there is very little chance of changing that reality. >>>>>>>>>>>>>>>>>>>>>>>>>

Come July maybe we will hear if these plants are going to shut down during the rollover. Then we will see how big a problem we could be having. Pardon me if I kind of try to figure out this situation but after reading about embedded systems for 14 months and hundreds of opinions you figure there would be some kind of agrement if there is even a problem. Now I realize that failure in these cases are often not critical to the equipment involved but if there is potential for failure why do people think it won't be serious in all cases. Why bother even looking at the problem. It would seem to be a waste of money. They can give it to me instead :o)

-- Brian (, April 24, 1999.

Flint..In answer to your comment about embedded chips not causing a problem. In most hospitals, they use eiher Hewlett-Packard or Ention monitoring systems for their CCU/ICU/Open Heart units. AS OF 3/20/99, the 'older systems' of HP (more than 4 years old) were not compliant and did not have a fix for either the programming or the chips in the sending units. This per HP website. They might have this under control but I for one do not wish to have chances taken with me or mine. The monitoring system is extremely date/time sensitive. The ventilator systems for non-breathing patients (Bird and one or two others) are compliant---if they are the old systme. The new ventilators are very sensitive. Spoke to the head Resp. Therapist at one of our large local hospitals Thursday. They tried to roll the date on (no brand please) machine. Locked up tight and refused to reset.

Last week at one of our MAJOR hospitals (800+ beds) they went to test the emergency power (not a y2k as far as I know) under complete shutdown....guess what? The new Heart Floor emergency plugs were not included in the circuit. Had a bunch of RNs and RT bagging people for almost 30 minutes until power could be restored. I understand it took them almost 20 minutes to get down 5 floors and find the maintence people to tell them. Phones out all over the hospitals etc. One hell of a mess. No one died but plenty of administrative staff shaking in their boots.

What's my point? It only takes one embedded chip not functioning to kill you...if you happen to be on that machine.

Stay healthy.

-- Lobo (, April 25, 1999.


I expect quite a bit of this, to be honest. Saying embedded problems are rarer than expected is quite different from saying they don't exist. There will be fatal failures due to y2k, and fatal failures due to Murphy as well. Telling these apart will probably require a lot of analysis. Those who automatically assume that any mechanical failure they hear about must be y2k related are muddying the waters at best.

-- Flint (, April 25, 1999.

Flint, the number of failures I see in medical systems every day even without y2k scares the bejeesus out of me. They can't keep the systems intact NOW. When you figure in an additional 1 - 3% because of the date change (even if the equipment is insignificant) I don't think the maintenance people can keep up. I know that when significant machines go down, the other 'stuff' gets put on the back burner. Then that machine breaks because of lack of care, etc. Then two machines, ad infinitum.

Like I said, stay healthy.

-- Lobo (, April 25, 1999.


>Of those, 2,133 failed. That is so small of a number that honestly any person can't sit here and fret over a number so miniscual.

Think of it like this; if your car is 99% in working order but the 1% that fails is your dead battery, your car ain't goin' nowhere. If it's your A/C you might be uncomfortable, but you can still drive.

Where the problems occur is much more important than the overall failure rate.


-- TECH32 (TECH32@NOMAIL.COM), April 25, 1999.


So a Risk Management Consulting Company finds risks to manage? Will wonders never cease. Such objectivity!

I'm beginning to like you.

You have been warned. :)

-- Stephen M. Poole, CET (, April 25, 1999.


There's the rub. These "non-compliant" (in quotes because the definition seems to change at need nowdays) embedded systems could range from hand-held test equipment to entire complex process controllers. These surveys tend to lump them all together. How to tell?

You should be aware that most of us who install and use these things don't really trust them, and tend to leave the old (manually-operated) stuff in place as a backup. So ... even if my shiny new Mark III Widgerwockie goes south on 01/01/00, I've probably got a backup that can be switched in rather quickly. Worst case, I'll have something in place to smoothly and safely shut the process down until I can get there to scope it out.

You know why? Because these things fail now, all the time, and usually at the worst possible time. Have you ever seen what a bad power supply can do to an embedded processor? Not to mention operator stupidity ...

("Duh ... hey, Stephen? Whaddazit mean when the little meter pegs in the red an' th' thing starts smokin'?")

That's why I've never believed the fantasy scenarios about embedded widgets going insane and dumping 10,000 times the lethal level of flourine into a water supply. Does anyone honestly believe that these systems don't fail NOW, and that, as a result, there aren't safety mechanisms in place?

("Garsh, we just sent some highly-corrosive stuff into Aunt Maude's commode, hilk, hilk! Bet she'll getta kick outta that!")?

These numbers are meaningless as far as predicting disaster. I would suggest you look at Flint's angle -- this is very possibly a consultant (or group of same) ensuring job security for their humble selves. :)

-- Stephen M. Poole, CET (, April 25, 1999.

Flint (or should that be "Flip" as in "flipant")said

"So a Risk Management Consulting Company finds risks to manage? Will wonders never cease. Such objectivity!"

If there do happen to be "risks to manage", who do you expect to find them, the janitors? It may be the case that these consultants are exaggerating the problem, it may be the case that most of these problems are merely cosmetic, it may be the case that I am a brain in a vat, and all you other "people" are just figments of my programmers' imaginations. But, you know, sometimes you've just got to go with whatever information you can get, even if that information is not perfect.

A 6.8% failure rate in embedded systems worldwide, even assuming that most failures would be minor, results in one almighty Jupiter-sized turd hitting the fan over the next year. The only range for reasonable debate would be from small-t tEOTWAWKI, to capital-T TEOTWAWKI. I hope these consultants are full of it, but from my limited vantage point I so far see no reason to suspect this.

And on the topic of the 6.8% figure, Pat said "That is so small of a number that honestly any person can't sit here and fret over a number so miniscual." Pat, I've got an answer for you, and it's a one word answer..."EXTRAPOLATION". I'm worried that a 5 sylable word might be a bit much for you, but give it some thought.

-- humptydumpty (, April 25, 1999.

Tech32 wrote: >Think of it like this; if your car is 99% in working order but the 1% that fails is your dead battery, your car ain't goin' nowhere. If it's your A/C you might be uncomfortable, but you can still drive.

Where the problems occur is much more important than the overall failure rate.>

But that is the whole point I made. The number is small. In the grand scheme of things, 6.8% of all embedded systems having some sort of failing, and remember that the "stroke of midnight" is not the witching hour of doom. The failure rate can be almost non existant and fixable by technicians as problems are going to be spread out over 30 months.

The car batter analogy works well here, you care battery goes dead, that is just 1% of a problem. So jump start the car, everyone should have a pair of jumper cables for any reason, jump the car and drive off. It is fixable.

-- Pat (, April 25, 1999.


Just turn your observation around and see how it sounds. If bankers say banks are OK, just who would you expect to know this better, the janitor?

I'm not saying this outfit fabricated their results at all. I'm sure they found noncompliances. But I also notice two things about this blurb that raises red flags for me:

1) There isn't any good definition of the scope of a system. Most embedded systems (NOT your VCR) are layered into larger systems, which are in turn layered into larger systems. By selecting the largest scope of 'system' you can maximize your 'rate' of noncompliance. Did they do this? They don't say.

2) There isn't any summary of the nature of the noncompliances. What percentage of those noncompliances would cause significant loss of operational functionality? Any? They don't say.

I was at a Harley fest once, 10,000 motorcycles and one rep from a tire company (Dunlop, I think). He went around examining everyone's tires, and found over 80% of them were 'noncompliant' - incorrect pressure, too much wear, suspicious wear patterns, etc. Yet every motorcycle worked perfectly adequately, and there were NO flat tires experienced by anyone (and the average attendee had ridden over 100 miles to get there). But he WAS selling tires. And his 'noncompliances' were real.

Think of that tire rep as a risk management consultant. If you're selling something, you don't fabricate the need for your product or service, but you sure as hell do everything you can to *emphasize* the need for it. And if your description makes the risks look much larger than they actually are, you done good (provided no particular thing you say is inarguably false).

-- Flint (, April 25, 1999.

Yes, points 1 and 2 that you mention occurred to me too. I tried to find out more at their web-page

but it appears that their server is down. Maybe it won't be soon.

Your tyre analogy is good. I'm sure this describes the situation to some degree, in that many of the non-compliances are trivial, but technically they are y2k-glitches. But this has always been a known factor in the percentages of the problem. Let's guesstimate that 60% of y2k chip problems are trivial, 20% are annoying, 10% are trouble, and 10% are killer. (Choose your own numbers if you wish.) Plug these numbers into a base rate 0f 6.8% failures and you have a gynormous problem, especially compared to the "only 0.1% of chips have any problem" numbers that have done the rounds at times over the last year. A survey of 38,361 systems from various industries is not a bad survey sample, IMHO. Oh, and another thing. Flint, if we were discussing any old very complex issue in science or history or whatever, then I would commend your scepticism and reserve. But seeing as how this is such a high-stakes issue, where we have to make important decisions soon if not earlier, I sometimes find your approach to be exasperating.

-- humptydumpty (, April 25, 1999.


Your point is well taken. I don't mean to exasperate you. I understand that when you're faced with a clear and present danger, you shoot first and ask questions later, because if you don't, there might not be a later for you.

When later comes, though, you must satisfy the legal system that the danger was indeed clear and present. In our system, we have a standard of "the ordinary reasonable and prudent man", and what that man might reasonably have done under the circumstances. This standard is unfortunately applied using hindsight, by people with all the time they need to think about what you *might* have done differently.

I see the same situation with y2k. There is clearly considerable debate as to the danger, and some very well-informed and influential people are saying the danger is neither clear nor present. Your position is that it is "reasonable and prudent" to assume that those people are wrong, and that any information supporting their position (and there's a lot of it) is also wrong, and that those whose business it is to sell you protection against dangers they themselves have identified are being straight with you.

Since the stakes are not at all clear and obvious, you recommend preparing against *assumed* stakes. I think there's some limit beyond which prudence blends into paranoia, but I don't know where that line is, and I don't think you do either. I believe in preparing against much worse than I expect, but that shouldn't force my expectations to match my preparations. I should still be able to evaluate the danger, rather than just assume it.

-- Flint (, April 25, 1999.

The high-stakes aren't just an assumption if these 6.8% people are correct. (Therefore I should assume they're correct because the stakes are high?? - that would be circular.) Researching all the other aspects of y2k tells me the stakes are very high, and the probabilities of rosy outcomes quite low.

I think it is prudent to err on the side of caution when assessing evidence. In normal, inconsequential intellectual debates erring on the side of caution involves witholding judgement until the weight of evidence forces it. In this intellectual debate, the considerable potential for personal harm (and you know of what I speak, this potential is not just an assumption!) plus the limited time available for meaningful decisions, changes my operating definition of "erring on the side of caution." In y2k debate, erring on the side of caution ought to mean paying special heed to each and every plausible warning of potential harm to you and those you're responsible for. Certainly don't close your ears to explanations as to why those problems might have been overstated, but basically, epistemology needs to take a backseat to ...something or other..I dunno, I'm tired... Is it just instinct? This is a bias, but I think it's justified. Be nice to be proven wrong in the end. I'm sure Flint could critise what I've tried imperfectly to say, and maybe when it's not 4 a.m. i could clarify in response to him. It kinda comes down to this...some reports say it's no big deal, some indicate, (though they don't spell it out) that it's TEOTWAWKI time. What are YOU gonna do?

-- humptydumpty (, April 25, 1999.


First of all, if you'll look at my Web site, you'll see that I don't tell people not to prepare. In fact, I recommend that they keep extra on hand all the time anyway -- forget Y2K -- because life has a tendency to throw curve balls when you least expect it.

(My wife went blind in February from a condition I'd never heard of before and still don't understand. Since I lived in the coastal plains of NC most of my life, I've also been without power more times than I can count. I know all about curves. [g])

I have been called a Polly because I won't tell people to prepare for, say, several months (or even years). Why? Because the fact is, if it's _that_ bad, having extra noodles and wheat in the closet won't make that much difference.

And anyone who thinks that the shiny H&K or Remington in the closet will pull them through a complete collapse of society is living in a Hollywood fantasy, complete with Tina Turner in studded leather.

If it does become clear that Y2K is going to be bad -- and I would remind you that the Doom Prophets ain't exactly batting 1.000 in the prediction department thus far -- what I'll do is simple: I'll ask what I can do to help. I'll pitch in. I'll do my part to see that Y2K passes as smoothly as possible.

The solution is NEVER to panic and run and hide. It's to face the problem squarely and fix it -- as a society, not just on the individual basis.

-- Stephen M. Poole, CET (, April 25, 1999.

Stephen if there is a total collapse of the civilisation, which some (not me) expect, then presumeably there will be SOME survivors, barring serious nuclear f**k-ups. Someone with lots of food and weaponry and a country home stands a much better fighting chance than someone with no preparations, although there's obviously no guarantees.

Although I disagree, I sort of know what you are getting at by saying that prepartions wouldn't make any difference. I was talking about y2k to a guy I met at a festival over Easter. He was really blase about the problem, but his preparation plan was to come to the new years festival, and have six months of food stashed a few km's away in the bush. While commending his preparation plans, I tried to get him to understand just how fubar the situation would be if he actually needed all of that food, because most everyone else would have nowhere near that level of prep's, and things would get ugly pretty quickly. I think it went over his head.

You said "The solution is NEVER to panic and run and hide. It's to face the problem squarely and fix it -- as a society, not just on the individual basis." If one were convinced that the civilisation is going down, then abandoning ship makes the most sense. The most effective altruistic thing to do would be to convince other individuals to do likewise, there'd be no hope in trying to save everyone. Even if we're really facing a 7 and not a 10, the emphasis placed on personal preparations is not misplaced. Every little bit will help. But emphasising the need for personal preparations does not preclude people acting to help others, by informing them of the problem, and trying to generate pre-emptive community planning and action.

-- humptydumpty (, April 26, 1999.

Moderation questions? read the FAQ