Military Preparedness and Y2K

Military Y2K Preparedness

http://www.dtic.mil/c3i/y2k/mgntplan/plan.html

7.1 Contingency Planning - There are 2 primary types of Y2K Contingency Plans required in order to capture the important aspects of Y2K contingency planning. These are:

Operational (Mission/ Functional) Contingency Planning - focuses on how to complete a mission or function without the support of any or all mission-critical support systems. Commanding Officers (Operational, Support, Base/Facility) and Civilian Directors shall document alternative systems and procedures in their Operational CP in order for them to be able to sustain the minimum operational capabilities required to support our national military strategy. Y2K Operational CPs shall address all systems required by that operational commander to perform his/her mission(s) or functional responsibility.

System (Technical) Contingency Planning - focuses on restoring a system. Y2K System CPs address activities to be performed by the system administrator, work group manager, or LAN manager at the local level before, during and after a Y2K related failure to preserve and protect the system and its data. System CPs shall map directly to at least one Operational CP to ensure that in the event the system experiences a Y2K disruption, an alternative system or procedure is available in order to continue the functional or mission area until the disrupted system is restored.

7.1.3 Operational and System Contingency Plan Relationships. - The two types of Contingency plans are highly inter-related. They are based on the same intellectual methodology.

Both require the examination of upstream technical interdependencies and the identification of vulnerabilities that can disrupt the capability of a given system to perform as required.

Where systems intersect with operational capabilities there is the potential for mission-stopping outages as a result of a Y2K induced technical failure.

The CEO and CIO must work together to identify those areas with the greatest probability of a Y2K disruption and the greatest negative impact on the ability of an organization to conduct its core missions.

Contingency planning in this context is the managerial approach to

developing workarounds,

finding alternative means to satisfy essential requirements,

putting in place manual processes that bridge the capability gap threatened by an outage,

and otherwise preparing an organization to continue to conduct business in spite of potentially dramatic and sustained outages of key technical systems.

Process owners must decide, in concert with their customers, the extent to which it is necessary to "look upstream" to identify vulnerabilities.

The more critical the service provided, the farther upstream the process owner must explore to assure himself/herself of their unimpeded delivery. For example, if a given logistics facility provides products and services essential for a warfighting component to deliver a capability that is deemed essential on the JCS CINC "Thin-Line" the manager of that logistics facility should closely examine the contingency management procedures of not only their "first tier" suppliers but of suppliers farther upstream. Conversely, if a logistics manager provides products and services to a Morale, Welfare, and Recreation (MWR) activity without a direct combat support role, the level of analysis might be limited to only the contingency planning of "first tier" suppliers.

The degree of managerial visibility into and involvement with one's providers of products and services is directly predicated on the level of risk a process owner can accept. It is a situationally dependent judgment call that only a process owner can make.

7.2 Continuity of Operations Plans (COOP) - The term COOP refers to plans initiated by an executive order in 1988. DoD D 3020.26, Continuity of Operations Policy and Planning requires echelon II and above commands to develop COOPs to ensure continuity of mission critical and mission essential operations during an impending or actual national emergency. (Y2K Contingency Plans labeled as COOPs are generally Operational Contingency Plans and do not have to change their name.) This management plan does not require COOPs as defined by the DoD Directive to be developed. However, where such COOPs already exist, it may be appropriate for that plan to be used in lieu of a Y2K Operational CP for the missions and functions supported by the COOP plan. COOPs may serve as Y2K Operational CPs as long as the COOP is made "Y2K aware" by updating its content, or adding a Y2K appendix, to reflect a recovery strategy and plan that addresses disruptions caused by Y2K.

7.3 Evaluation of Contingency Plans - Y2K Operational and Functional End-to-End test exercises will be used to evaluate the Y2K contingency plans of designated mission-critical systems and will contribute to a complete evaluation of DoD operational capability.

When contingent actions of a designated mission-critical system's contingency plan are not actually implemented, a subjective evaluation should be conducted using the contingency plan testing procedures outlined in Appendix H of this management plan. Results of any contingency plan reviews should be included in the exercise evaluation report.

Exercise objectives require that systems and interfaces used during the exercise be Y2K-compliant. This is to prevent non-compliant systems from interfering with the test of compliant systems operating in the century date change environment. To complete the performance of the mission, necessary functions of non-compliant systems shall be performed using an appropriate contingent action from the relevant Y2K Contingency Plan.

In addition to the requirement to exercise the contingency plans of non-compliant systems, the plans of other systems may also be exercised, either deliberately or in response to Y2K-related system disruptions. To coordinate mission execution and resource allocation during exercise periods when multiple systems may be unavailable or degraded, the mission/function Continuity of Operations Plan will be used. If no existing Continuity of Operations Plan meets exercise needs, then an exercise-specific Continuity of Operations Plan will be developed and that fact noted in the exercise evaluation report.

10.0 OUTREACH PROGRAM - Y2K-related disruptions could occur if mission critical information or products are not available to DoD because

external suppliers are not Y2K compliant,
or if the Department is unable to conduct effective operations with allied or friendly nations because their systems are not Y2K compliant. Consequently, DoD must identify all Dependencies outside the Department that affect mission critical functions and then work to ensure effective integration of DoD Y2K activities with outside partners.

DoD will participate in all federal sectors where there are DoD interests or where the Department can contribute to federal efforts to address Y2K. It will be the lead agency for one federal sector–the Defense/ International Security Sector. Participation in federal sector activities will be coordinated by the DoD Y2K Office. Functional experts representing DoD at federal sector meetings must be sufficiently senior to speak for the Department.
The Defense/International Security Sector will be divided into several Sub-Sectors to address DoD unique

nuclear,
intelligence,
communications,
logistics,
operations, and
infrastructure issues.
It will also include outreach activities with allied, friendly, and other nations where critical Y2K-related defense issues must be addressed.

2.0 APPLICABILITY AND SCOPE - This plan applies to all DoD Components, including the

Office of the Secretary of Defense (OSD),
Military Departments,
Chairman of the Joint Chiefs of Staff,
Combatant Commands,
Inspector General of the Department of Defense,
Defense Agencies, and
DoD Field Activities.
The Components of DoD reporting the progress and status of their systems through the Intelligence Community shall provide all relevant material to the Y2K Manager in the IC CIO.
The guidelines presented here apply to all IT systems, all weapons systems, and all date cognizant computer controlled infrastructure equipment (the Year 2000 Infrastructure Management Plan is at Appendix C). While this plan places emphasis on mission critical systems, the Department’s goal is to address all systems and devices.

4.2 DoD Y2K Management Process - Y2K compliance will be inspected from three perspectives: individual system renovation and certification, functional-centric, and mission-centric.

The developer or owner will perform individual system renovation, certification, and implementation by December 31, 1998.

The Principal Staff Assistants (PSAs) and CINCs, Services, and Agencies are responsible for ensuring functional-centric testing is performed.

The Joint Staff will work with CINCs worldwide to conduct joint operational evaluations (mission-centric) aimed at checking Y2K compliance and ensuring continuity of operations through January 2000 and beyond.

Selected reviews will be performed by the DoD audit/inspection community.

2.3 Facilities and Installations Tracking - The Principal Deputy Under Secretary of Defense (A&T), Deputy Under Secretary of Defense (IA&I), and Facilities and Installations Year 2000 Test Manager will prepare a Capstone Interoperability Testing Plan for Facilities and Installations. This testing plan will address the facilities and installations reporting process for mission and non-mission critical systems and guidelines for conducting interoperability testing.

4.2.2 Identify Supporting Systems

Once the critical missions and functions are identified and prioritized, the underlying information systems must be identified in context with specific mission threads. Identifying critical information systems is only part of the process.

The interdependencies between systems must also be identified. This type of information will allow decision-makers to view information systems in the context of their contribution to achieving DoD's operational goals. The DoD Components will also identify the interdependencies between and among systems.

If the identified systems cannot be made Y2K compliant within time constraints, then the Components will determine workarounds and alternatives that will allow DoD to continue its critical missions and functions.

This information will be maintained by the DoD Components and the PSAs.

4.2.5 Conduct Operational Evaluations and Functional End-to-End Tests

The CINCs will conduct operational evaluations to identify specific Y2K problems, to establish workarounds where feasible, and to suggest alternative/contingency approaches to assuring uninterrupted critical-path operations.

The PSAs and the Services will conduct functional end-to-end tests to ensure the continuity of critical support functions, e.g., logistics, finance, et al., and to work with the CINCs in determining where these functional operations dovetail with critical mission threads.

The data related to the mission critical threads will be maintained in the OSD Y2K database, along with all the necessary information about each system in the thread.

4.2.11 Table Top Exercises - The DoD will conduct a series of Y2K Table Top Exercises (TTE) to

support and prepare OSD and component decision makers to collectively contemplate the implications of managing a National Security contingency coincident with the Y2K situation.

In addition, TTE activities will include participation in the planning and execution of inter-departmental Y2K exercises to be conducted under the direction of the Executive Office of the President. These activities will enhance participants’ understanding of potential Y2K impacts on National Security; assist in the development of policy recommendations; provide continuing impetus to accelerate progress on fixing Y2K systems problems; and facilitate effective contingency planning. These events will provide the Department with valuable opportunities to address plans and policies for dealing with the Y2K problem

TTE Activities will include the following:

Y2K Functional Seminars and Functional Policy Workshop. A set of three functionally oriented one day seminars will be held on November 20 and December 1 and 15 1998. A functional policy workshop will be held on January 13,1999. These activities will serve as a prelude to subsequent DoD level and National Y2K Table Top Exercises. These seminars will be informational in nature and will address functional and cross-functional policy implications of the Y2K environment on

mobilization,
deployment,
employment, and
sustainment capabilities.

Participants will include appropriate Under Secretaries of Defense, Assistant Secretaries of Defense, Principal Staff Assistants, and key leadership from the Joint Staff, Services, and Defense Agencies.

DoD level Y2K Table Top Exercise. This one day, scenario facilitated exercise, to be conducted during February 1999, will focus on policy and crisis management in response to a National Security emergency. Full participation by Principals, to include the Deputy Secretary of Defense, Vice Chairman Joint Chiefs of Staff, the Service Secretaries, DoD CIO, selected Principal Staff Assistants, and Defense Agency Directors is vital to the success of this endeavor.

National level Y2K Table Top Exercise. The White House Y2K Office is in the initial stage of planning an interagency Table Top Exercise during June 1999. This Principal level activity will focus on national contingency policy review and associated decision making. The DoD CIO will provide support to the White House Y2K Office and will assist in coordinating the activities of other federal agencies participating in the national exercise.

http://www.y2ktool.com/year2000/tip51.shtml - U.S. Department of Defense, Office of the Inspector General Audit

http://www.dodig.osd.mil/audit/reports/99059sum.htm Summary of DoD Year 2000 Conversion -- Audit and Inspection Results -- Report No. 99-059 (PDF)

This report summarizes 142 audit and inspection reports, reviews, and memorandums pertaining to DoD organizations or functions and their year 2000 conversion progress. Year 2000 conversion problems were identified within the following areas:

management oversight and awareness (95 reports),
reporting (79 reports),
assessment (97 reports),
resource requirements estimation (48 reports),
interface identification and agreements (74 reports),
prioritization (14 reports),
testing (83 reports),
contingency and continuity-of-operations planning (105 reports),
contracts (21 reports), and
infrastructure (44 reports).

The results support the DoD acknowledgements that the year 2000 conversion poses a high risk for a very wide range of DoD functions and organizations, and that conversion progress to date has been insufficient. Continued extensive audit and inspection coverage is planned.

Army Research Laboratory Preparation for Year 2000, Summary of Report 99-036 Date: November 13, 1998 - As a result, the Laboratory cannot ensure that information technology systems and ongoing research efforts will not have Y2K date-processing problems.
AMRIID Preparation for Year 2000, Summary of Report 99-035 Date: November 13, 1998
Mgt. of the On-Site Inspection Agency Year 2000 Program, Summary of Report 99-034 Date: November 12 1998
U.S. Pacific Command Year 2000 Issues, Summary of Report 99-031 Date: November 03, 1998
Defense Technology Security Admin. Year 2000 Program, Summary of Report 99-030 Date: November 03, 1998
Defense Special Weapons Agency Year 2000 Program
Summary of Report 99-028 Date: October 30, 1998

http://www.dtic.mil/c3i/y2k/slides_1998/index.htm Author: William A. Curtis/Tom Weber/Steve Peterson

DoD Y2K Briefing - The Problem

Ascertaining Y2K Reality
Altering Y2K Reality
Complexity of the Problem
Mission Critical Systems (Current and Projected System Status)
Non-Mission Critical Systems (Current and Projected System Status)
Mission Critical Systems (as of Sixth Quarterly OMB Report)
The Interface Challenge

Our Approach and Management of the Solution

Bringing Resources to Bear
Strategic Thrusts
Concept for Y2K Reporting System
Interface Assessment Workshop Status (as of 14 Aug 1998)
Cross-Organizational Interaction

Enterprise Testing: Can It Wait for 1 Jan 2000?

Enterprise Testing: Three Levels/Domain Focus
Assured, Unambiguous Core Operational Mission Capability Demonstrations
Three Levels Of Y2K Testing
Sponsored Exercise Program The Big Exercise Picture
Exercising Y2K Compliance in Wargame Scenarios A Combatant Command-Centric Scenario
Mission Area Testing
Y2K Mission Area Testing A Notional View Of Nuclear Deployment
Y2K Functional Area Testing A Notional View Of Finance Systems
Testing Augmentation Force

Contingency Plans

DoD Y2K Contingency Planning Concept
The Slippage Issue - System Failure
CINC Top 20 C4I Systems
Defense/International Security Sector Outreach Program
DoD Sector Involvement
DoD International Outreach
Allied Y2K Steering Group Activities

Other Issues:

Seven Current DoD Initiatives June 1998
High Risk Systems Board (Critical System Status Review)
Driving Toward Success
Transitioning IAWs to Y2K Readiness Reviews
7 Aug 1998 SecDef Memo on Y2K
DoD Y2K Organization
Supplier Capability Working Group

http://www.y2k.gov/new/FINAL2.htm The President’s Council on Year 2000 Conversion,

First Quarterly Summary of Assessment Information, January 7, 1999

Defense. The Defense Department continues to make progress in addressing its massive Y2K problem (percentage of Y2K compliant critical systems rose to 53 percent from 42 percent in August 1998), albeit at a rate too slow to meet the March 1999 goal. As a result, the Secretary and Deputy Secretary have taken a number of actions to accelerate the Department's progress toward Y2K compliance, including

requiring commanders and service chiefs to personally certify the Y2K status of each major information system,

and withholding funding for non-Y2K work on information systems unless and until military departments demonstrate Y2K progress.

http://www.gao.gov/y2kr.htm GAO Reports and Testimony - Special section on Y2K.

Year 2000 Computing Crisis: Business Continuity and Contingency Planning GAO/AIMD-10.1.19. August 1998. [Available in PDF version only]

President's Council on Year 2000 Conversion

Sector Impacts and Responsibilities

http://www.y2k.gov/nonjava/desc4.html

(Note: Agency listed in italics is Chair of the group.)

Benefits Payments

Social Security Administration
Department of Veterans Affairs
Office of Personnel Management
Department of Defense
Department of Health and Human Services
Department of Agriculture
Department of Labor
Chair: Kathy Adams (SSA)

Buildings and Housing

General Services Administration
Department of Housing and Urban Development
Department of State
Department of Defense
Department of the Interior
Department of Agriculture
Co Chairs: Steve Hochman (GSA) and Gloria Parker (HUD)

Consumer Affairs

Federal Trade Commission
Consumer Product Safety Commission (non-Council agency)
General Services Administration
Chair: Elaine Kolish (FTC)

Defense/International Security

Department of Defense
Department of the Interior
Department of State
Chair: Art Money (DOD)

Education

Department of Education
National Science Foundation
Department of Agriculture
Department of Commerce (National Telecommunications and Information Administration)
Office of Personnel Management
Department of the Interior
Department of Defense
Department of Health and Human Services
Department of State
Department of Veterans Affairs
Chair: Mike Smith (DOEd)

Emergency Services

Federal Emergency Management Agency
Department of the Interior
Department of Transportation
Department of Health and Human Services
Department of Defense
Department of Commerce
Department of Agriculture
Chair: Clay Hollister (FEMA)

Employment-Related Protections(Benefits, Civil Rights, Health & Safety, Statistics & Standards)

Department of Labor
Department of Health and Human Services
Chair: Kitty Higgins (DOL)

Employment Services

Department of Labor
Office of Personnel Management
Chair: Kitty Higgins (DOL)

Energy

Electric Power

Department of Energy
Nuclear Regulatory Commission
Federal Energy Regulatory Commission
General Services Administration
Department of Defense (Army Corps of Engineers)
Department of the Interior
Department of Agriculture
Department of State
Chair: Betsy Moler (DOE)

Oil & Gas

Federal Energy Regulatory Commission
Department of Energy
Department of the Interior
Department of Transportation
Department of State
Chair: Katie Hirning (FERC)

Finance (Banking, Guarantee Agencies & Investments)

Federal Reserve Board
Office of Comptroller of the Currency
Department of the Treasury
Department of Veterans Affairs
Department of Education
Department of the Interior
Federal Trade Commission
Department of State
Department of Agriculture
Department of Housing and Urban Development
Small Business Administration
Securities and Exchange Commission
Commodity Futures Trading Commission
Fannie Mae (non-Council agency)
Freddie Mac (non-Council agency)
Sallie Mae (non-Council agency)
Overseas Private Investment Corporation (non-Council agency)
Pension Benefit Guaranty Corporation (non-Council agency)
Export-Import Bank (non-Council agency)
Federal Housing Finance Board (non-Council agency)
Farm Credit Administration (non-Council agency)
Chair: Steve Malphrus (FRB)

Food Supply (Production, Distribution, Safety & Security)

Department of Agriculture
Department of State
Department of Defense
Department of Health and Human Services
Commodity Futures Trading Commission
Chair: Cathie Woteki / Anne Reed (USDA)

Health Care

Department of Health and Human Services
Department of Veterans Affairs
Department of Commerce (National Telecommunications and Information Administration)
Department of the Interior
Department of Labor
Nuclear Regulatory Commission
Department of Defense
Department of State
Department of Agriculture
Chair: Kevin Thurm (HHS)

Human Services

Department of Health and Human Services
Department of Agriculture
Chair: Kevin Thurm (HHS)

Information Technology

Department of Commerce (National Telecommunications and Information Administration)
Federal Reserve Board
Federal Trade Commission
Department of State
Department of Defense
National Science Foundation
Department of the Interior
Chair: Kent Hughes (DOC)

Insurance

Department of Commerce
Federal Reserve Board
Department of Veterans Affairs
Office of Personnel Management
Department of Labor
Department of Transportation
Department of Agriculture
Department of Housing and Urban Development
Co Chairs: Steve Malphrus (FRB) and Kent Hughes (DOC)

International Communication

United States Information Agency
Department of State
Department of Commerce
United States Agency for International Development
Chair: Jonathan Spalter (USIA)

International Relations

Department of State

Department of Commerce
Department of Defense
Department of the Treasury
United States Agency for International Development
United States Information Agency
Department of Transportation
Department of Agriculture
Department of Energy
Nuclear Regulatory Commission
NIC
Federal Energy Regulatory Commission
Federal Communications Commission
Chair: Bonnie Cohen (State)

International Trade

Department of Commerce
Department of the Treasury (United States Customs Service)
Department of State
Department of Agriculture
Department of Transportation
Chair: Kent Hughes (DOC)

Non-Profit Organizations and Civic Preparedness

Office of Presonal Management
Federal Emergency Management Administration
Health and Human Services
Chair: Leigh Shein (OPM)

Police/Public Safety/Law Enforcement/Criminal Justice

Department of Justice
Department of the Treasury (United States Customs Service, Bureau of Alcohol, Tobacco & Firearms)
Department of Transportation
Department of State
Department of Commerce (National Telecommunications and Information Administration)
Environmental Protection Agency
Department of Defense
United States Postal Service
Department of the Interior
Chair: Steve Colgate (DOJ)

Small Business

Small Business Administration
Department of Labor
Department of Agriculture
Department of Commerce
Department of Defense
Chair: Fred Hochberg (SBA)

State and Local Governments

All Council Agencies
Chair: Mickey Ibarra (WH-IGA)

Telecommunications

Federal Communications Commission

General Services Administration
Department of Commerce (National Telecommunications and Information Administration)
Department of Defense
Department of State
Department of Agriculture
National Science Foundation
Federal Reserve Board
Department of Transportation
Co Chairs: Mike Powell (FCC) and Dennis Fischer (GSA)

Transportation

Department of Transportation
United States Postal Service
Department of the Interior
Department of the Treasury (United States Customs Service)
Department of State
Department of Defense
National Aeronautics and Space Administration
Department of Agriculture
Chair: Mort Downey (DOT)

Tribal Governments

Department of the Interior
General Services Administration
Department of Health and Human Services
Department of Education
Department of Housing and Urban Development
Federal Emergency Management Agency
Environmental Protection Agency
Small Business Administration
Department of Labor
Department of Justice
Department of Agriculture
Department of Veterans Affairs
Social Security Administration
White House Inter-Governmental Affairs
Co Chairs: Daryl White (DOI) and Cynthia Warner (GSA)

Waste Management

Environmental Protection Agency
Department of Defense
Chair: Al Pesachowitz (EPA)

Water Utilities

Environmental Protection Agency

Department of Defense (Army Corps of Engineers)
Department of the Interior
Department of Agriculture
Chair: Al Pesachowitz (EPA)

Y2K Workforce Issues

Department of Labor

Department of Commerce

Department of Defense

Department of Education

Department of Housing and Urban Development

Office of Personnel Management

Small Business Administration

Chair: Kitty Higgins (DOL)