// FINAL Y2000 PREDICTIONS //

by Ed Yourdon Director of Cutter Consortium's Y2000 Advisory Service.

This week's Y2000 Advisor will reach you on 23 December -- two days before Christmas, and a mere eight days before the end of the year. No doubt there will be a few final pronouncements of readiness by laggard organizations -- but for all practical purposes, the Y2000 remediation game is over. After a brief pause for the Christmas holidays, most organizations will begin staffing their command centers on 27 or 28 December, and will then await the millennium rollover. And the question in everyone's mind will be: what's going to happen?

Those of us who work in the Y2000 field have heard this question repeatedly for the past three or four years, but the frequency and intensity of the question has increased dramatically in the past couple of weeks. Perhaps it's because the public likes to believe in last-minute miracles -- which is about the only way of describing the organizations that were two years behind schedule as recently as June, but who have miraculously caught up in the past few months. Perhaps it's because the media believes that Y2000 "experts" have had some last-minute epiphany that will allow them to describe the outcome of Y2000 with crystal clarity.

But no matter how experienced any of us might be, no matter how much bravado we put into our public pronouncements, the truth is that nobody really knows how this complex event will play out. We can try to create "frameworks" with which to characterize different stages of the Y2000 phenomenon, and metaphors (e.g., the popular "winter snowstorm" metaphor, along with the Naval War College's metaphors of hurricanes, tornadoes, floods, and ice storms) to describe plausible scenarios that might occur. But in the end, these are all guesses, and there are too many unknowns for us to believe that any of these prognostications will be completely correct.

As for the frameworks: the one that makes most sense to me involves four "stages" of the Y2000 phenomenon. The first stage is about to end: it's the "anticipatory" phase of efforts to circumvent the problem, address the problem head-on, or even exploit the problem. Not only does this include the obvious activities of contingency planning, but also the increasingly common strategy of shutting down servers, Web sites, transportation systems, pipelines, and chemical plants from sometime prior to 1 January until sometime after 1 January -- just in case there are unexpected problems. There seems to be more of this "pause" activity than some of us had expected, but also somewhat less of the "freeze" strategy of postponing all updates and changes to mission-critical systems after, say, 30 September.

The "anticipatory" phase has been a hectic one for many organizations, but it also involves individuals -- i.e., the individual practice of stockpiling food, stuffing cash under the mattress, adjusting winter vacation plans, and (in the worst case) succumbing to hysterical panic as the final hour approaches. Thus far, it appears that such individual activities have been far less widespread, and far less intense than many government officials had anticipated. It's still possible that we may see some last-minute frenzied activity between Christmas and New Year's, but thus far, the overwhelming majority of individual citizens have been largely disinterested in the topic.

That brings us to the next stage: the rollover itself, and the first few days of January. This is where most of the media has concentrated its attention, and where the most pessimistic analysts have warned of nationwide blackouts and other global calamities. The IT community has long been aware that only a small percentage -- probably in the vicinity of 10% -- of the Y2000 problems will actually occur on 1 January, with other problems continuing to occur throughout the year, and possibly into 2001. Nevertheless, the IT community has also fallen prey, at least to some extent, to the popular opinion that the worst problems will occur at the stroke of midnight. All of the staffing plans that we've been hearing about in the press involve large numbers of extra personnel who will report for duty sometime during the last few days of December, and who are expected to cope with emergencies and disasters only through the first few days of January. If nothing goes seriously wrong by 3 or 4 January, most companies will send these extra people back to their normal duties -- even though far more serious Y2000-related problems could strike in the middle of January, or at the end of February, or at any other point during the year.

But this doesn't answer the fundamental question that most of the reporters and journalists keep asking: just what is it that we expect to happen during New Year's weekend. The prevailing opinion among Y2000 professionals, and one to which I subscribe, is that we will NOT experience a "total" breakdown of the core infrastructure of the advanced nations of the world, but that we could experience some serious "localized" failures. In less-developed and less-prepared countries around the world, it's possible that we could see a near- total breakdown of banking, or telecommunications, or air-transport, or electrical power, or hospitals, or government services.

What I worry about the most during the "rollover" stage is the possibility of a severe breakdown of a chemical or nuclear system, and the possibility of a severe terrorist attack in some part of the world. Such events might be "local," in a technical sense; but if 10,000 people are killed or maimed for life, it will be pretty difficult to shrug off Y2000 as a "non-event." It's conceivable that this kind of worst-case scenario could happen later in 2000, too, but it seems more likely to me that terrorists would strike on, or near, New Year's Day; and it seems more likely to me that embedded-system failures in chemical/nuclear accidents would occur on, or near, the beginning of January.

I'm not an expert in nuclear systems, so I can't make any knowledgeable predictions about the likelihood of a Chernobyl-style accident. But there are two things that give me comfort: first, the number of civilian nuclear reactors is relatively small, some 432 in number. And second, the dangers associated with nuclear accidents are so serious that they will be under far greater scrutiny than most other embedded-system environments, with a far greater chance that a reactor will be shut down if it begins misbehaving. I would like to hope that the same is true of nuclear weapons systems, but that's an area I know even less about.

I'm less confident about the hazardous chemical sites, mostly because of the numbers involved: in the US alone, there are over 66,000 sites that manufacture, treat, transport, or dispose of toxic chemicals. I assume that the large manufacturers have been working in a responsible fashion to check their embedded systems, but that still leaves thousands upon thousands of smaller companies to worry about. And unlike the nuclear plants, where a single agency like the NRC has been providing regulatory pressure, there has been little or no regulatory oversight of the toxic chemical industry. To compound the problem, there are toxic chemical sites in the rest of the world, many of which operate in third-world countries whose Y2000 awareness is even more dubious.

An isolated event like Bhopal killed hundreds, and injured thousands; but it was far enough away from Europe and North America that we didn't have to acknowledge it as a problem affecting our own lives. For that matter, even the horrific TV footage of Kosovo refugees fleeing their country had only a temporary impact on our consciousness. The sad reality is that many of the Y2000 crises that occur during the rollover stage will be treated the same way. On the other hand, if we have the equivalent of Chernobyl -- which not only killed and injured numerous Russian citizens, but also spread radiation throughout Europe -- it won't be so easy to dismiss it casually as a "localized" problem. It's conceivable that such a crisis could occur not only from a nuclear accident, but also from a large-scale chemical-plant mishap.

Even without Y2000, problems like this have occurred -- that's why Chernobyl, Three Mile Island, Bhopal, and the Exxon Valdez incidents are part of our vocabulary. As for Y2000, the best we can hope for is that we have only a few such incidents and that they are truly isolated and localized. The number of such incidents, their severity, and the degree to which they are isolated will determine whether society remembers the extent to which society remembers the rollover stage as a crisis or non-crisis.

Beyond the rollover stage, I believe we will see at least two subsequent stages: a period of computer-related disruptions lasting for six months to a year, and a period of economic decline caused by those disruptions. We've already begun seeing some of the computer-related disruptions during the current "anticipatory" stage, because companies have rushed new Y2000-compliant systems into production before they were sufficiently tested. Payroll systems in several US school districts are misbehaving; hastily installed ERP systems are wreaking havoc in manufacturing organizations; and government systems are sending out water bills (in Iowa) and motor vehicle registrations (in Maine) with dates of 1900 instead of 2000.

Nobody has been killed by any of these incidents, but they have caused lost revenues, increased costs, aggravated customers, and sharp declines in the stock-market prices of the affected companies. I believe that we have seen only the tip of the iceberg: there are many additional companies and government agencies experiencing these problems without acknowledging them publicly, and ALL of these problems will escalate sharply after 1 January. As already mentioned, Y2000 problems are not going to be confined to a three-day period at the beginning of January, but will continue throughout the year; thus, I think we're going to be faced with glitch after glitch after glitch. Indeed, we may find that modest glitches in January create larger follow-on glitches in February, which escalate into severe glitches in March, and catastrophic glitches in April.

It doesn't take very many of these problems to have a significant impact. Remember: economists and politicians are happy when the GDP increases by three or four percentage points each year, and they begin worrying about inflation if economic growth exceeds 5%. How many Y2000 glitches would it take to decrease the overall productivity of your company by 5%? Optimists will argue that any such problems will be overcome through hard work, ingenuity, innovation, and team spirit; and while the optimists may ultimately turn out to be right, my belief is that our economy is SO automated and finely tuned that it will not be able to withstand numerous, interrelated Y2000 glitches without suffering a noticeable decline in productivity and economic output for at least the first six months of 2000.

I think the advanced nations of the world will be lucky to maintain the same GDP in 2000 that they've enjoyed in 1999, and they could easily suffer a modest decline in GDP. I think the situation will be far worse in the second-tier and third-tier countries, and the productivity declines in those countries will ultimately impact the first-tier countries by virtue of reduced imports and exports. If the GDP of the advanced countries remains flat, and the GDP of the lesser-developed countries drops by, say, 5%-10% because of Y2000 problems, it will ultimately mean that the lesser-developed countries will have to reduce their imports from the advanced countries. Indeed, Y2000 problems in the lesser-developed countries may disrupt their ability to export raw materials and commodities with which the advanced countries make their finished products; that alone would be enough to impact the GDP of the advanced countries.

All of this ultimately leads to the final stage of Y2000: the economic after-effects. One can hope that enough of the Y2000 bugs will have been identified and repaired by late 2000 that most of the nations of the world can legitimately claim "victory" from a technological perspective. But it could take anywhere from several months to several years to recover from the economic impact of these technological problems. Indeed, the duration of the recovery will be at least partially controlled by the overall degree of marketplace optimism or pessimism. Government authorities and industry associations have been working strenuously to maintain that sense of optimism during the current anticipatory stage of Y2000, and that could turn out to be either a good thing or a bad thing. If the rollover-stage crises are few and far between, and if the productivity-impact problems are relatively modest and short-term, then consumer optimism may survive, more or less intact. That is certainly the best that one can hope for, and it would then lead to the rosy predictions of another stock-market boom that sees the Dow Jones average reaching 36,000 within the next few years.

On the other hand, if the rollover-stage crises are more numerous and more far-reaching than initially predicted, it will shake consumer confidence. If that's followed by productivity-impact problems that are more severe and more long-lasting than initially predicted, it will only be a matter of time before the additional decline in consumer confidence will be reflected in an overall stock-market decline. And since the current astronomical stock-market averages are based largely on a combination of consumer confidence and putative claims of technology-based productivity increases, the reality of consumer pessimism and productivity decreases could have a deadly impact on share prices. Leading economists and Wall Street wizards may claim that it's impossible for us to experience another Great Depression like the 1930s; I believe that it's eminently possible, and that we'll be lucky to escape with nothing worse than a medium-term recession instead of a long-term depression.

I don't have any clever way of getting rich if there is a depression; it will hurt me and my family as much as anyone else. Thus, I don't envision these scenarios with any degree of eager expectation; indeed, I hope that I turn out to be wrong. Unfortunately, I do think there will be at least a few serious short-term crises during the rollover stage, and I do think there will be numerous productivity problems caused by ongoing Y2000 problems throughout the next year. In any case, as actor Colin Quinn says at the end of the weekly news summary on the "Saturday Night Live" show, "That's my story, and I'm sticking to it."

Ciao! Ed ++++++++++++++++++++++++++++++++

-- Jean Wasp (jean@sonic.net), December 28, 1999

Answers

Y2K is a little like the parable of the blind men and the elephant. The technological problem is so ubiquitous and so far-reaching that it's hard to wrap your brain around it. And we can only attempt to fathom its implications. I do believe that we truly cannot forecast with any accuracy not only the effects of this global breakdown in infrastructure but how you and those around you will experience it.

That having been said, it seems to me that we could experience a total collapse of all life-sustaining systems. Electricity depends on telecommunications and telecom depends on electricity. And it's all bugged.

My biggest fears center around nuclear power plants. I've learned, in studying the way Y2K could affect nuclear plants, is that these plants cannot power themselves. They require an outside source of electricity--EVEN AFTER THEY HAVE BEEN SHUT DOWN! So when we hear that the worst thing that can happen is that a nuclear plant will have to shut down, THAT'S NOT TRUE!

If the grid that supplies a nuclear power plant should fail, the U.S. plants have backup generators (unfortunately, they're not 100% reliable), but the Soviet-style plants do not. Nor do the Soviet-style plants have containment structures. A reactor core will be on the path to meltdown if it is without coolant (water pumped by electricity) for two hours. Also, the swimming pools located on-site which store the fuel rods which are no longer viable for generating electricity, require the constant flow of water through them. The more recently a plant has been refueled, the hotter the rods and the more immediate is the need for coolant. Unfortunately, not all U.S. "spent" fuel pools have backup generators connected to them.

If we lose telecom in an area, we lose electricity. If we lose electricity (and the backup diesel generators fail or run out of fuel), we lose the nuclear power plant. Try as I might, I find it hard to see a win-win situation.

Is there something I'm missing?

-- Wendy Tanowitz (wendyt@jps.net), December 29, 1999.

Hi - Thought I'd check the NRC homepage. I clicked on the year 2000 link and found that all the links from that page are dead -- I get a 404 page not found on any links at: http://www.nrc.gov/NRC/NEWS/year2000.html Any thoughts?

Anyone know why this should be? For any of you GIS folks I do have US nuke facility map layer available in several formats. It is located at: http://www.mapcruzin.com/ddownload_nrc.htm This was taken from the LandviewIII mapping system and converted to various other formats.

-- Michael Meuser (meuser@enviroknowledge.com), December 29, 1999.