Would someone please explain to me why the utilities' contingency plans are so secret. I contacted my utility and they said their plans were confidential so I contacted my state Public Utilities Commission and they said they had issued a protective order stating what was submitted to them couldn't be released. If everything is fine why the secrets?

-- Anonymous, August 23, 1999

Answers

Enemies, foreign and/or domestic, could use the information to the detriment of the country.

-- Anonymous, August 23, 1999

Leave it to Lane to concisely sum up the issue. ;-)

Security is the primary reason that Y2k contingency plans are confidential. You simply wouldn't want certain nefarious individuals or groups to have access to emergency operating procedures.

-- Anonymous, August 23, 1999

>You simply wouldn't want certain nefarious individuals or groups >to have access to emergency operating procedures.

That they will be communicating with walkie talkies and flipping the switches manually and (g*d forbid) have to run plants without sufficient monitoring equipment is now a secret? That the back ordered replacement components may be delayed due to transportation and infrastructre crumbling is a matter of national security? That their onsite backup power may not be as reliable as they are supposed to be is a matter of great concern?

Why the heck were they not all fixed long time ago? We had 30 yrs to fix it.

security by obscurity is no security.

MB

-- Anonymous, August 23, 1999

To Full Monty,

I think you done broke the code. And since that is now on the Net for all to see, we're in a heap-ah-trouble. Koskinen to the rescue, please!

-- Anonymous, August 23, 1999

FADE IN:

INT. LOCAL ELECTRIC COMPANY OFFICE -- DAY

Two fairly large fellows, JIM WATTS and GEORGE OHM, are sitting near a large control center eating lunch from a McDonald's bag. In the background we see a large poster with a kitten hanging by it's front paws dangling from a pole. The caption reads, "Y2K Ready" and the smaller print reads, "From Your Friends At NERC."

The phone rings and Jim reaches over to answer it.

JIM (still chewing) Yeah, local utility company, can I help you?

SPLIT SCREEN

INT. LOCAL ELECTRIC COMPANY OFFICE -- CONTINUOUS

INT. NANCY'S HOUSE -- DAY

Nancy is sitting at her office computer desk. On the screen is Electric Utilities and Y2K page.

NANCY Hi, I'm a concerned citizen and I was wondering what kind of contigency plans you had in place.

Jim nearly coughs up his food.

JIM Just a minite, please.

Jim places his hand over the mouth piece and turns to George.

JIM Hey George, there's a lady on the phone who wants to know something about our contigency plans - what do I tell her?

George reaches over to a large stack of papers and starts shuffling through. He pulls out his Y2K Primer - "Everything You Need To Know To Get You Through 1999. "

GEORGE Okay,let me check through this thing - hmmm, suggested press releases, suggested public relations testing, suggested phrases, suggested inserts... Oh, yeah, here iit is - contigency plans. (beat) Oh, crap, Jim, that's the page you spilled taco sauce on.

Jim rolls his eyes.

JIM Great what do we do now?

They both concentrate for a moment.

GEORGE Hey - tell her it's secret, yeah, that's it. Tell her it's secret.

Jim chuckles.

JIM Boy, George, your a genius.

Jim lifts his hand off the mouth piece.

JIM Sorry it took so long, but I've just found the file and unfortunately - it's secret.

George nods approvingly and Jim starts to elaborate.

JIM Yeah, this is so secret that I don't even know about it.

George starts to panic and shakes his head negatively, pulling his finger across his throat frantically.

JIM Er, no, I mean, that was just a little electric company humor, mam. Yep, we all know what's going on here - but infortunately, you don't. Have a nice day.

FADE OUT:

For a very long time.

Terri Reid

-- Anonymous, August 23, 1999

Thanks, Rick.

On the other hand, I can't disagree with the other posters on the thread. That is, while there are legitimate reasons for secrecy, such as national security, that secrecy can be abused.

-- Anonymous, August 23, 1999

There's a need for some level of security regarding any emergency operating procedures. For example, if some nefarious group (say, The Joker) were to want to disable power to say, Gotham City, determining which substations were "critical" would not be a terribly difficult exercise. But, Batman Power Company would have emergency plans in place to deal with the loss of these "critical" substations. If The Joker had access to these emergency plans, then at the same time he was plotting to take out the critical substations, he could have a subplot to thwart restoration of services by taking out people and/or equipment needed for implementation of the emergency plans.

If by contingency plans, you mean how much extra fuel, alternate critical suppliers, etc. I agree - however, even some of this information might be considered business sensitive from a competitive standpoint.

-- Anonymous, August 23, 1999

Rick,

Now really. "The Joker?" "Gotham City?" How *can* you make a (pardon the expression) "joke" out of something as serious as Y2K & electrical power? This is serious stuff, and we should all expect better of our exalted experts, such as your most exalted self.

No, discussing "The Joker" is perfectly inappropriate under such circumstances. Especially when we all know that one of *Spider-Man's* arch-enemies, Electro, is more likely to be the real culprit of power company problems.

:)

(Okay, okay- it's been a long day. -Frasier Crane)

-- Anonymous, August 23, 1999

Thousands upon thousands of men in their country's military uniforms are routinely taught how to take down electric distribution points with no insider information. If in fact an enemy, foriegn or domestic, were seriously considering taking down parts of a distribution system, they wouldn't need a utilities contingency plans to do so. I shutter to think the scope of disruption a few could cause based on NERC info alone.

Frankly, I hadn't thought much about intentional power disruption until just recently. A utility manager remarked to me that they were stationing people at some of their critical points to "keep the Y2K crazies from creating a self fulfilling prophecy". I just shook my head. Could it actually be that the "normal" people who are not worried about Y2K may blame the Y2K prepared for causing the disruptions? Gasp.

-- Anonymous, August 23, 1999

Self-Fulfilling prophecy is what this is all about.

If these people don't tell what is being done to prevent problems, more and more people will become concerned enough to take their money out of the bank, if enough do that then that is the end.

If you are suggesting that they are keeping quiet because their competition might be able to use this information against them in the free market, I would say that any company that is taking Y2K seriously will have more customers due to their percieved self-sufficience.

If you are worried about Y2K terrorists I would be mored concerned with someone who wants to bring down the great Satan, and is willing to die doing it, by using a LAAW or SA-7 to take pot shots at Nuclear Power plants.

Utilities, Banks, and Telecommunications are using it to keep any and all information away from the general public. If people knew the real extent of Y2K readiness the would be able to make decisions. This way they have no information to do anything. If every thing was peachy-keen they would be spouting it all over the world and the National Guard, military and Police would be stationed around every vulnerable piece of equipment. But the problem is that they will be needed elsewhere to possibly control riots, since NO ONE knows what will occur. The governmets of Cities, States, and Nations are creating Y2K bunkers, they are not doing it beacuse they think everything will be fine.

-- Anonymous, August 23, 1999

Whew, after reading the above posts I'm really getting scared now. I had thought Y2k was the big problem, but I can see now that it's way down the line as far as grid suppply is concerned. Bring on the Y2k problems, I say. That, I can deal with. All that other stuff is far too chilling for me.

-- Anonymous, August 23, 1999

Just read a techno-thriller of writers like Tom Clancy and you know why.

-- Anonymous, August 24, 1999

Mark D. DeVries wrote:

"If you are worried about Y2K terrorists I would be mored concerned with someone who wants to bring down the great Satan, and is willing to die doing it, by using a LAAW or SA-7 to take pot shots at Nuclear Power plants."

Good point Mark. As a Security and Safety Professional, this is what I worry about. Y2K is a perfect opportunity for some of the terrorist groups (Both forigen and domestic) to make a point, and to strike at the heart of our country. But, it would not take a LAAW or even an SA- 7. Some C4 and a very well trained group of 5 or 6 people could shut down Chi Town easily.

Martha

-- Anonymous, August 24, 1999

Had i just landed on Earth I would've thought that Sensitive Electric Utility Facilities are hidden behind unmarked doors in ordinary looking building next to the chinese take out and the laundromat.

As it turns out utility stations are pretty obvious to the naked eye (Big Transfomers, Big Cables), and the offices are conveniently pointed out in the phonebook. And power plants are rather hard to miss! Now maybe there are underground cables and switching yards, but even those are usually clearly marked and fenced.

I think what was not pointed out in this thread is the dissemination of contents of contingency plans as it relates to what is their worst case scenarios are and what are the steps taken when those scenarios become reality.

Say in the case of collapse of supply of fuel, a hypotetical contingency plan might be: 1- Call the Army and ask for fuel (bzzzt, we may not get a response) 2- Use secret cache of coal hidden at location (Lon, Lat) 3- Call the uh... spin department and let them spin the generators. 4- Announce that everything will be jes fine in 2 2 3 days. 5- Quietly leave for your hidden shack in the boonies, avoiding eye contact at all costs. 6- The last person need not bother shut off the lights.

-- Anonymous, August 25, 1999

About a year ago there was a letter circulating on the web from/to militia groups. It, in essence, said that everyone needed to take part in the distruction of the grid. That it didn't have to be a big risky deal for anyone. Take your deer rifle and drive down the road and shoot out transformers. Since most substations are on the road, lob a hand grenade into the substation as you drive by. There were other simple things you could do like simply cutting the wires in rural areas, taking a chain saw and cutting trees down onto the wires. I found this very chilling and wish I had saved that letter. I saw it 3 or 4 times. But it brought home the vulnerability of the grid. It doesn't take a rocket scientist to destroy the system. The same with the natural gas lines. They are well marked across the nation, many of them running along major highways. Same with petroleum. There may be no national black out, but how many local disasters does it take to coalesce into a regional blackout? How many regionals to make a national blackout?

Taz

-- Anonymous, August 25, 1999

I don't get this talk of increased risks of terrorist attacks because of y2k. What particular actions could terrorists do under y2k conditions that they can't already do now? Won't terrorists also be hampered by y2k? How would a temporary weaknesses in, say, US air defence systems encourage terrorism in the US? How would a y2k failed nuclear reactor be more vulnerable to terrorist attack than one that is running okay? How would terrorists or rebel armies/militias and their logistics be less vulnerable to y2k than legitimate state forces? And anyway, where in the world would you find an enemy that is so miffed at the US that they will launch widescale multiple terrorist actions inside the nation at the start of New Year? ...knowing full well or course that sooner or later that the reaction will come and it will be 'swift and decisive'. Help me here. I really don't get it.

-- Anonymous, August 25, 1999

>Help me here. I really don't get it.

I'll turn around in my perch on the fence and try... Admiting to the contents and publicizing the contingency plans inevitably draws attnetion to vulnerabilities of EU. Look at the hoopla over Jim Lord's leak, risk of basic services going out in places. One wonders if the contingency plan states that infrastructure problems will be fixed in oh 2 2 3 days? or WTF? The scary part of the contingency plans is that they are very short sighted. Most of the basic risks known to us following Y2k on and off the net likely remain without any viable contingency plan. These basic risks (fuel, parts, software) are pointed out in various places (GAO, here etc.) but it is not politically palatable to put 2 and 2 together and come up with something resembling 4. The utilities the navy reports mention have yet to go through IV&V and until then the remain at risk. Pentagon has already pointed out that civilian requests will not be responded to, that their list of critical stocpiled equipment and supplies is secret.

What is being managed here is the perception of the problem now, and publicizing contingency plans and their inadequecy makes a complete fool of the administration better than any successful terrorist attack on an oil pipeline or some darwin Award nominee putting a chainsaw to power cables .

It would be real unsavory if bad management turns out to be the great satan now, since there is still a chance to raise a fuss and get some heads rolled and put every individual in preparation mode. But nooo! Don't wake up the sheeple. don't draw attention to short sighted management, play the terror card if you will, but under no circumstances expose the soft underbelly of management to public scrutiny. When the public is hit with a clue-by-four in 128 days, they'll be too busy scrounging for food, heat and water to care about some burecratic mumbo jumbo risk matrix.

All of that is no surprise to anyone who has followed the threads. What baffles me is how people like Rick and Lane swallow it whole without a blink and pass it on.

-- Anonymous, August 25, 1999

Rick, The claim that operating procedures and emergency procedures is hidden by security concerns is bogus. Nuclear Plant Sabotage and Terrorism

-- Anonymous, August 26, 1999

I will have to think about this some more. If I can squeeze it in with all the other things I have to think about some more.

-- Anonymous, August 26, 1999

Security is almost surely a bogus concern. It does not add up.

Anyone capable of launching a terrorist attack is also capable of figuring out where the power distribution system is most vulnerable, and the likely (and possible) responses from the Utilities. Y2k does not increase the vulnerability of that (or other critical) system(s).

Fortunately, terrorist activity is extraordinarily rare anyway, and the vulnerable critical systems are not particularly attractive targets. Terrorist events are usually structured to maximise publicity, and not necessarily damage. Putting the Eastern seaboard in the dark is a stupid terrorist act, because the blackout (or damage created) becomes the story, rather than the cause being advanced. In the terror business, there can be too much of a bad thing.

For the same reason, Y2k rollover is not a good time for a terrorist act. The glare of publicity will be on Y2k and the millennium rollover. Unlike, say, the Olympics, the Year 2000 is a distributed event. The global media will not be focused on one place. A slow news day would is the preferred time for a terrorist act.

So why the security blanket? Why the terrorist angle? What does make sense? Two ideas, perhaps related:

1) There were no real terrorists in the movie Brazil. If you have domestic problems, you rally the troops by focusing on an external threat. This sounds very cynical and I suppose it is very cynical, but there is plenty of historical evidence to support the hypothesis. It may not even be conscious deceit. This may simply be a defense mechanism built into human nature. Isn't it always someone else's fault?

Terrorism is not a very powerful or credible bogeyman, but it is the best one available these days.

(The other real possibilities for bogeyman are too frightening in the Y2k scenario. China, Russia and North Korea have weapons systems that probably have a short shelf life. Nobody is going to know who has an effective military after rollover. Everybody is going to play "Let's pretend it will all work," I think, but there are other possibilities. All militaries are war gaming all the time, anyway. Can you imagine being a fly on the wall? Will the US be able to defend Taiwan? Is North Korea looking at a "Use 'em or lose 'em" situation? Yuck. Don't think about that one too long.)

2) Realistically speaking, there is no defense against terrorism or certain other kinds of failure. All you can do is fix it as quickly as you can while trying to keep the population safe or limit the environmental damage. In other words, the security blanket is intended to obscure an inability to effectively respond.

Contingency planning is almost, by definition, inadequate. Beyond a certain level, the contingency plans for the utilities are fantasy documents. Parts of a plan are obvious and sensible - stockpiling fuel, bringing on staff and so on - but other elements are simply impractical. You can build a contingency plan around a scenario that has a terrorist exploding a bomb aboard an oil tanker but it will turn out to be meaningless.

Contingency planners choose to ignore certain real threats in the plan because there is nothing that can be done in advance to mitigate the damage if the threat is carried out. In other cases, the threat is not ignored but the plan contains measures that a smart chimpanzee can see are impractical.

Either way, the best place for a contingency plan is in a drawer somewhere. If you have to bring it out before the event, you appear incompetent and not in control. There are very large holes and very difficult questions. (If you have to bring it out after the event, that is much worse: you are in big trouble.)

"Shhh. The best place for a contingency plan is in a drawer somewhere. Security, you know."

The official word is that Y2k may cause some damage because people panic. And Y2k may cause some damage because foreigners were too stupid to fix the problem. And Y2k may cause some damage because terrorists take advantage and do unspecifed things.

I am so far away from agreeing with the official word I might as well be on the moon. I am not really worried about any of those things. Me, I am worried because we adopted the wrong date standard in software forty years ago and, as a result, a significant number of computers are going to fail. I think the consequences are surely going to be unfortunate.

The official word is that I am crazy to be concerned about two digits for a date.

So be it.

Tom

-- Anonymous, August 26, 1999

Chris, I'll tackle the easiest question you asked first. Where in the world would we find an enemy so miffed at the U.S.? In any country where the United States is routinely referred to as "The Great Satan". It's not a secret that the U.S. has the enmity of various terrorist cells and/or citizens in the world and that the emotional response in some places goes quite beyond "miffed". It's not like we haven't had evidence of that already, either -- World Trade Center bombing.

Another place in the world where people have demonstrated being miffed at the U.S. is IN the United States. (Oklahoma City bombing) So there is enough evidence that both external and internal threats exist.

Actually, I think you inadvertently answered part of your own questions from earlier in the paragraph when you wrote, "..the reaction will come and it will be 'swift and decisive'." If an individual or group, either internally or externally, is of the opinion that the Year 2000 will likely cause disruptions of some magnitude, particularly in communications, military/government, and information exchange between countries, then what better time to act than when the odds of that 'swift and decisive' reaction might be hampered? Or when the terrorist act itself might initially be confused with a Year 2000 failure? (This would apply more particularly to internal threats.) For external threats, you're right that any terrorists should recognize (I say should, but like everybody else, some are smart and some aren't) that they would be vulnerable to any infrastructure or communications failures, too. Which from that aspect would be a reason for any potential acts to be perpetrated just prior to the rollover when transportation, etc. is likely to be stable but when the country could soon have many more distractions to worry about internally which might hamper a focused investigation.

You're right that there's probably not anything someone so inclined could do in 2000 that they couldn't do now if they wanted to. It's only that potential 2000 disruptions might be viewed as providing an opportunity for increasing the number of, or magnifying the impact of disruptions in concert with a potential decrease in the risk of being apprehended, and/or a potential decrease in the ability of state, local or federal emergency response teams to deal with the impact of any terrorist-planned disruption, or even to figure out what the initiating cause was. IF destabilization is the agenda of an individual or group, and a chemical plant explodes early in January 2000, you think people are going to say at first "Y2K" or "somebody with an agenda"? That's what I see as the potential danger. I'm hoping that nothing like this will occur, but I wouldn't bet on it. There are some really nutty people in the world.

-- Anonymous, August 26, 1999

Bonnie wrote:

IF destabilization is the agenda of an individual or group, and a chemical plant explodes early in January 2000, you think people are going to say at first "Y2K" or "somebody with an agenda"? That's what I see as the potential danger. I'm hoping that nothing like this will occur, but I wouldn't bet on it. There are some really nutty people in the world.

I am glad to disagree with Bonnie about something, just so that people are able to tell Susan Sarandon and Mel Gibson apart.

I do not believe that any terrorist group has destabilization as a direct goal. That may be the long term goal, sometimes, but the short term objective is always attention. Even over the longer term, the reasoning progression goes terrorist act --> government overreaction --> overreaction deprives innocent people of freedoms --> population is shown that establishment is evil --> population throws the rascals out.

When the chemical plant blows up, people will think "Y2k" on January 1st, 2000. Which self-respecting terrorist wants that?

Tom

-- Anonymous, August 26, 1999

Whoa, Monty, go back and read my original response. I have no problem with disclosing logistical contingency plans / preparations (how much extra fuel is on hand, an increase in consumable inventory, extra staff on hand, etc.). Where I draw the line on disclosure of emergency operating procedures / contingency plans (having been there) is the operational side of it (what equipment gets operated when and where and in what operational configuration). Again, go back and read my original response.

As a sidebar, I've seen an interesting difference of opinions in this thread, from all sides of the issue. The bottom line is that I don't think that any of us are going to agree on this one totally, and that's fine. ;-)

-- Anonymous, August 26, 1999

Ah, individual perspectives. Wouldn't it be a crummy world without them? Tom, perhaps the difference might have something to do with a Canadian versus American viewpoint. I'd say your thoughts are quite on target in regards to the typical external terrorism motives, but I was thinking mostly of internal individuals and/or groups. You asked which self-respecting terrorist would not want credit for their actions. I'd say quite a few people who belong to certain U.S. militia-type groups do have long term goals for the expansion of their membership and they would be glad to create some incidents (particularly any which would hamper or disrupt government agencies) which would not be or could not be, attributed to them. Just a "See? The government lied to us about the dangers of Y2K," would be a promotion of their anti-government agenda and would give them more converts. A local or regional emergency declaration of martial law would give them even more polemic ammunition. Of course, some of us would say they won't have to do anything but wait and the government will still look bad post 2000 (smile) but making sure of it isn't outside the realm of possibility, especially to anyone who's lived in certain ultra conservative areas of this country. Sad to say, but there are internal antagonisms here which would rival or surpass anything from outside the country. Taz's post above provides a framework for the kind of thought patterns I'm talking about, and they wouldn't be proclaiming "I did it!" or "I demand such and such" afterward. Sometimes just gaining prestige among their compatriots even if no one else knew they were responsible would be enough.

-- Anonymous, August 26, 1999

Bonnie wrote:

Tom, perhaps the difference might have something to do with a Canadian versus American viewpoint.

It could be. The set of circumstances you describe is certainly possible. It seems to me to be a pretty thin thread to justfy keeping Utility contingency plans a secret, though.

Tom

-- Anonymous, August 27, 1999

I agree it's a thin thread, Tom. The really ridiculous part of the whole secrecy thing for corporations or governments is that it seems the thinner the thread the tighter the security while at the same time there are blatant holes in security for the really sensitive stuff where the thread of justification would be a mile wide. (Reference the recent scandals about U.S. DOE info leaks to China.) We may well be trying to logically debate issues when there IS no actual logic used by the powers that be. Is it that half the time those we expect to be reasonable and responsible really don't have a clue about what they're doing or why they're doing it? I guess I'd rather laugh about the idiocies and inconsistencies than punch walls, but the punch walls option gets really close to being the number one pick sometimes! (However, then I'd probably hurt my typing hand...so better to laugh at it all.)

-- Anonymous, August 27, 1999

Tom

Are you the Tom Benjamin that wrote several essays under a title of "Tom's Take"? By co-incidence I read it today. Very disturbing, but well written, with good original thinking. My city (Toronto) has no plans in place for shelters with generators. If the power fails for more than 2 or 3 days we are going to have a disaster.

-- Anonymous, August 27, 1999

Are you the Tom Benjamin that wrote several essays under a title of "Tom's Take"?

Yes. I wrote it a long time ago - more than a year - and I am surprised it is still floating around. On a website? I have not read it in awhile. I am more optimistic about survival in the city than I was when I wrote the piece.

Tom

-- Anonymous, August 27, 1999

Tom

Boy am I glad to hear that. I wondered, since it was written a while ago. It was mentioned with a link on a thread on the Time Bomb 2000 forum. Here's the location:

http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=001J88

I still don't like not having an emergency plan that has 200 designated shelters, all or most without generators.

-- Anonymous, August 27, 1999

I mean I still don't like having an emergency plan......

It's late!

-- Anonymous, August 27, 1999

Citygirl wrote:

Boy am I glad to hear that. I wondered, since it was written a while ago. It was mentioned with a link on a thread on the Time Bomb 2000 forum.

It feels very strange to see something like that, and even stranger to have to argue with myself about something I wrote more than a year ago. I did not mean to imply that I was more optimistic about Y2k, just that I no longer agree with this:

"Like the real estate business, the most important factor in the Y2K game is location, location, location."

The most important factor is preparation, preparation, preparation. Preparing for the worst is harder in the city - there are more difficult obstacles - but it is better to be prepared in the city than unprepared in the country. I think anyone who is prepared to survive on their own for three months will survive in either the city or the country come what may.

Assuming an infrastructure collapse - the grid goes down hard, for example - the population in the cities will crash very quickly. It will be redistributed as refugees flee towards food and water.

It will be like two games of musical chairs in two different rooms. In the city room there are relatively few chairs and many dancers. In the rural room, there are many chairs and few dancers. In this game, you are allowed to stop dancing and start preparing. You can take a chair any time you want. You just have to stop dancing and start preparing before everyone stops at once.

Now, four months before rollover, it is best to be sitting in a chair in a rural room. Second best is sitting in a chair in the city room. Third best is to be dancing in the rural room. In the rural room, there is surplus food and water and there will be a demand for labour, so dancers in the rural room will be able to find a place to sit even if they are unprepared. In the city room however, there are not enough chairs. The population will head for the room with chairs.

The doorway is the only really bad place to be. The city room will be emptied except for people firmly seated on a chair. After the population crashes, there will be enough resources and green space in the cities to support the new population levels. A local economy will be viable.

Stockpile for the short run - three months - and prepare to fit into the viable local economy. Within three months there will be viable local economies everywhere.

Tom

-- Anonymous, August 28, 1999

Tom

Thank you for your kind advice. I believe I am prepared for every contingency except violence. There I will just try to band with friends, family and neighbours and do my best. Heaven help us all.

-- Anonymous, August 28, 1999

Tom,

I was also thinking of the musical chairs analaogy recently, intereting. One doen't want to be caught standing when the music stops if it can be helped. A childish illustration for sure but probably true of many situations in life.

As regards releasing contingency plans, there is a need to avoid being careless. If the information is not crucial to rational decision making on the part of those affected (the tough part of the question) and the information could potentially compromise safety, do not release it. There are a lot of good people on this forum who were quite adept at spotting the weak links in a vulnerable system. There are also bad guys who might desire to exploit such knowledge to our detriment.

As regards understanding the exact cause of failure in complex systems, this may be difficult even in hindight. Was it programming error, human operator error or malfeasence that blew up a gas or oil pipeline, or that electrical substation? Not ot mention that sometimes things just break. I would suspect, though, that a portion of Y2K errors will be marked by their ludicrousness. There was a recent story of a Y2K failure (don't have a link at this point) where individuals were told quite sternly to report for a court date concerning their parking tickets on a date 100 years in the future. Or, the more widely reported story of centenarians told to report to kindegarten. No one, but no one (terrorists included) could think up yarns like this. I have programmed professionally only on a very limited basis, but one thing I have seen is that software has a tendency to fail in a bizarre and occasionally dramatic way. If it didn't the problem probably would have been picked up earlier in the first place. (That said, I recall introducing my boss once to my recent database work one Friday evening when for absolutely no good reason the computer began playing Yankee Doodle Dandy, that virus programmer got his money's worth on that occasion). Still, whether it be phone calls with 4 unwanted parties and the hold music playing in the background, mass detox of addicts from supply problems, or utility bills with the name in the amount slot, I think we'll know what hurricane is hitting us if it does make landfall this winter.

-- Anonymous, August 28, 1999

BTW Terri you need the Monty Python cast for your skit. I had a similar one for the FAA when it was doing its flight test, its way OT, but real quick, Terry Gillam (in his general's uniform) "And now for something completly different" Airline Test Pilot (John Cleese) winds an egg timer and places it on the aircraft dash as Michael Palin (the inspector) looks over his shoulder. Cleese: "5 4 3 2 1, that's it were in 2000" Palin: But, but you haven't, I mean that's an egg timer" Cleese: Hums distractedly Palin: "That is an egg timer, an egg timer, it doesn't even have the year it just has a cheap alarm" Cleese: Looks intently out the window, Palin trys to speak is hushed as as Cleese quickly puts his wristwatch intently to his ear, pause. "All clear we are now fully compliant

etc, etc

Kinda bizarre but sometimes I wonder. :}

-- Anonymous, August 29, 1999

Paul wrote:

There are a lot of good people on this forum who were quite adept at spotting the weak links in a vulnerable system. There are also bad guys who might desire to exploit such knowledge to our detriment.

This is very true but exactly the point. If we can spot the weak links, so can any bad guy worth fearing. The information may be worth keeping a secret, but the genie is already out of the bottle.

Like I said to Bonnie, I think security is a pretty thin explanation. A more likely one is that the plan is not very good.

As regards understanding the exact cause of failure in complex systems, this may be difficult even in hindight.

I agree. I think virtually every major infrastructure or environmental problem will be the result of a combination of things. An unusual external demand, plus a key failure, plus a minor failure, plus a human error...

The Apollo 13 near disaster was the result of a chain of several errors stretching back two years. The Challenger disaster was the result of a chain of errors that went back to the original design and ended with a failure in the launch approval process.

If one error or one failure could cause significant problems we would have disasters occuring every day. What makes Y2k unique is volume and the heightened probability of one error leading to another.

Ludicrous errors? You bet. Let's hope we manage to keep a sense of humour abnout them.

Tom

-- Anonymous, August 29, 1999