Y2K ready? Some businesses might need to check the fine print

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread


-- Linkmeister (link@librarian.edu), August 30, 1999


[Fair Use: For Educational/Research Purposes Only]

Y2K ready? Some businesses might need to check the fine print

By Ross Kerber, Globe Staff, 08/29/99

Companies, trade groups, and regulators have barraged the public this summer with assurances that only minor problems will result from the computer-software glitch known as Y2K.

From utility executives to Federal Reserve Bank officials, the message has been one of consistent optimism that major institutions will function smoothly through the date change.

But there's a catch that businesses and individuals might want to keep in mind: Some research underlying the rosy forecasts includes ample wiggle room.

For example, the American Hospital Association boasts that ''almost all'' of its members will be ready for the date change to Jan. 1, 2000, even though it has received data from just a small fraction of its membership. Electric-industry executives congratulated themselves for meeting a June 30 deadline to ready their systems, but 63 companies were granted ''limited exceptions,'' meaning they had missed the target date.

Also, agencies have reduced the number of systems they consider ''mission-critical'' from 8,589 in late 1997 to 6,190 today, which critics say has made it easier for agencies to declare their systems ready.

These factors worry some independent computer experts who are helping government and industry groups plan ways to minimize risks. These people note that software-upgrade programs often wind up behind schedule and over budget, and they think that stricter audits might present a more realistic picture of preparations in some sectors.

''There's some question as to whether those published status reports are too optimistic,'' said Capers Jones, a computer scientist at Artemis Management Systems in Burlington who has testified to Congress about readiness efforts.

Like most other specialists, Jones doubts that disruptions will be severe. But thousands of minor computer crashes, taken together, might create problems early next year, particularly for smaller companies.

''There's a lot of happy talk out there now'' on Y2K issues, said Howard Rubin, a Hunter College computer scientist and a consultant to the United Nations and the Meta Group Inc. ''I think in reality you can expect a fair number of things to go wrong.''

John Koskinen, the Clinton administration's Y2K point man, agrees that trade-group data has weaknesses. But he says that is more than offset by readiness statements of individual companies - including almost every large employer in New England.

On June 30, for instance, most of New England's major utilities and banks declared they had met federal Y2K readiness deadlines - among them Fleet Financial Group Inc., BankBoston Corp., New England Electric System, and Boston Edison. Koskinen also noted that other supposed ''doomsday'' dates have passed almost without incident, such as the start of fiscal year 2000 on July 1 in many states and cities.

''The bottom line is that companies must visibly and publicly explain to their customers where they are at,'' he said. ''Where there's more specific information, you get a sense of accountability ... and I think that's what is developing.''

The Y2K problem arises because many computer programs use just the last two digits of each year to keep track of the date. Left unchanged, some programs might misinterpret the last two digits of 2000 and cause major systems to crash or shut down.

Because these computers control everything from traffic lights to teller machines to water systems, companies and governments worldwide are spending billions of dollars to upgrade computer systems before the date change occurs.

Lately, to provide extra assurance, some regulators have begun to conduct deeper reviews of various companies, aiming to turn up cases of what engineers sometimes call ''pencil-whipping'' paperwork to make sure it reflects desired results.

Among these are the US Department of Energy, where the chief information officer, John Gilligan, says he wants to press utilities for more details of the exceptions some had claimed to meet the June 30 deadline. He wonders whether all the exceptions were as minor as some industry executives had stated in a report issued on Aug. 3.

''I'll admit that with the statistics that they put in the report, you have to read them carefully because they're attempting to show positive progress'' that may not be justified, Gilligan said.

Now the agency will do a few audits as well, which Gilligan said will function as ''some kind of sanity check'' on the industry's forecasts.

Eugene Gorzelnik, a spokesman for the utility trade group, conceded that the decision to grant exceptions has sparked criticism. But he said the exceptions had been granted to recognize economic constraints, such as the need to keep power plants on line throughout the hot summer.

Other companies did not schedule outages at their nuclear-power plants in time to perform Y2K checkups in the first half of the year. ''It was a question of priorities,'' he said. All reviews will be done by the end of the year, and the trade group says it welcomes the oversight.

At the Pentagon, tougher inspections have led to revisions of rosy scenarios.

One set of inaccuracies turned up at the Army's Tooele Chemical Agent Disposal Facility in Utah, which in June 1998 reported Y2K compliance for several systems used to dismantle artillery shells containing deadly nerve and mustard gases.

But in October, inspectors found that neither system had been reviewed under formal procedures. While managers had undertaken reviews using private-sector standards, the status of both systems should have been listed as ''unknown,'' according to the government's checklist.

In addition, a manager at the Army's Aberdeen Proving Ground in Maryland ''did not provide oversight and emphasis'' of Tooele's work, inspectors found. Nobody was disciplined, and the Army says it has since completed reviews to make Tooele Y2K compliant.

Such reporting reflected what Robert J. Lieberman, the Pentagon's assistant inspector general for auditing, said was a lack of seriousness toward Y2K preparations through most of last year. Not until a special meeting in December 1998 did many officers begin to take Y2K seriously, Lieberman said.

''At first it was viewed as a numbers drill that nobody cared about,'' Lieberman said. ''You could turn in almost anything, just as long as you answered the mail.''

Lieberman said he is satisfied that the problems his group turned up are being fixed. The Pentagon said in July that it had repaired 1,964 of 2,107 systems it considers critical to fighting wars, up from 577 a year ago. Including classified systems, the agency said last week, it had upgraded 2,149 mission-critical systems out of 2,414.

Remediation efforts at hospitals and other parts of the health-care industry also have attracted auditors' attention. In addition to automated record-keeping systems, technicians worry that chips embedded in devices such as X-ray machines and heart defibrillators might malfunction as a result of the date change.

Officially, the American Hospital Association says it doubts such problems will arise. The group bases its optimism in large part on a survey it sent to 2,000 of its roughly 5,000 members in February. According to the trade group, 90 percent of respondents ''expected their devices to be compliant by year end or expected no problems in their operations.''

But critics say the survey forms were returned by only 583 hospitals, a fraction of the membership. Gary Christoph, information officer for the US Health Care Financing Administration, said the low response rate was ''cause for significant concern.''

''Does that mean they don't know, or are scared to tell us?'' he said.

In a survey of its own that the Department of Health and Human Services conducted in March, findings were less cheerful: ''Providers seemed less confident in the Y2K readiness of their biomedical equipment,'' the agency reported.

The American Hospital Association has agreed that much work remains to be done, but has said that its survey results are still valid because questionnaires had been mailed to hospitals selected at random. ''Maybe we can't quantify it as well as the utilities and banks,'' said Robyn Cooke, one of the trade group's officers. She added that hospitals had been given only a week to return the forms and that this might have reduced the response rate.

Some outside observers say they find the hospital group's position worrisome. But some of the same Y2K specialists, such as University of North Texas professor Leon Kappelman, say that the lack of details tends to draw suspicious auditors - which in theory could lead to better remediation work.

''You've never had a software problem before that has gotten such high visibility'' as the Y2K bug, Kappelman said. A positive upshot, he said, is ''enormous management pressure to get the work done.''

This story ran on page F01 of the Boston Globe on 08/29/99.

) Copyright 1999 Globe Newspaper Company.


-- Linkmeister (link@librarian.edu), August 30, 1999.

The "exceptions" game is certainly a wildcard. If you go to the links page for the US Navy and eventually find a site on health topics, you can find an exceptions form which looks just like those used by NERC. I have heard nothing of the exceptions practice in .gov or .mil, but the existence of the form raises possibilities.

I guess the government is saying "A few of our systems are almost ready, with exceptions."

-- Puddintame (achillesg@hotmail.com), August 30, 1999.

Moderation questions? read the FAQ