Y2K-Status.Org - A Comprehensive Resource for Year 2000 Status

Senate Y2K Report on DoD - Feb 24, 1999

 

http://www.senate.gov/~y2k/documents/report/GenGov.pdf

Assessments

Cost estimates continue to be on the rise for federal agencies. Since August, estimates have risen $1 billion to $6.4 billion. Over 80% of the increase is attributable to three departments: Health and Human Services (HHS), Treasury, and Defense. HHS hiked its estimate $165 million for potential contingencies in fiscal year 2000, Treasury increased its estimate by $53 million for increased testing and validation and Defense jumped $591 million for increased independent verification and end-to-end testing. With much testing to go and schedules closer to possible slippage, it is likely that these cost estimates will continue to rise. Sixty-one percent of federal mission-critical systems are now reported as compliant. This is a 10% increase since August. The remaining 39% is scheduled for completion by March 1999. Unfortunately, slippage is already apparent. Ten percent of mission-critical systems did not reach the renovation milestone of September 1998. As we move further into 1999, the risk of schedule slippage will increase. Currently, of 24 major agencies that comprise the federal CIO Council, six are in Tier 1, seven in Tier 2 and 11 in Tier 3. Table 1 identifies these agencies by tier. This is based on self-reported progress on mission-critical systems. Concerns The Committee is very concerned about current agency progress. Despite an apparent increase in activity, it is still not enough. Many schedules show a steep improvement curve just before key OMB milestones. Both internal audit reporting and GAO reporting support the concern over schedule. Furthermore, hearings by the House specifically focused on the federal government’s preparedness continue to raise warning flags. The federal government has never received a passing grade on any of the six report cards issued by Congressman Stephen Horn. Additionally, a large portion of testing, known to be one of the largest portions of the overall Y2K effort, is yet to come. Several agencies stand out as ones that require focused oversight and stepped up efforts due to the risks associated with their current pace of progress: Healthcare Finance Agency (HCFA), Federal Aviation Administration (FAA), Department of Energy (DOE) and Department of Defense (DOD). In light of these risks, these agencies’ business continuity and contingency plans become even more important.

Department of Defense

In addition to the concerns expressed above, the Department of Defense (DOD), as the largest federal agency with nearly half of the federal government's computer assets, faces a monumental management challenge in addressing Y2K. The department relies on computer systems to conduct nearly all of its functions, including strategic and tactical military operations; sophisticated weaponry; intelligence collection, analysis, and dissemination; security efforts; and more routine business operations such as payroll and logistics. The breadth of the problem confronting DOD is enormous: it has more than 1.5 million computers, 28,000 automated information systems and 10,000 networks. Its information systems are linked by thousands of interfaces that exchange data within DOD and across organizational and international lines. Furthermore, DOD's reliance on computer systems is increasing as technology changes the traditional concepts of war fighting through improved intelligence and rapidly modernized command and control. Successful defense operations will depend greatly on the department's ability to ensure that its systems and the systems with which they interface are Year 2000 compliant. According to the U.S. General Accounting Office (GAO), which published a series of reports last year on DOD's overall efforts to address the Year 2000 problem, the department's efforts pose considerable risks. DOD still does not have reliable, timely information on program status, because information being reported up-the-chain is not validated for accuracy or completeness. GAO found instances in which defense components' reports on systems compliance were often inaccurate. In addition, GAO found that guidance issued by the department to its components on issues such as interfaces, testing, and reporting has been inconsistent, leading to false starts and uncoordinated efforts. GAO also found that DOD's contingency plans, developed in the event of systems failures, are frequently not executable.

DOD's Inspector General and other internal audit offices have issued over 130 reports that similarly question the department's management of its Year 2000 program. These audit reports repeatedly revealed many of the same findings as those reported by the GAO, as well as problems experienced in assessing and inventorying systems, effectively determining and allocating re-sources, and accurately testing and certifying systems' Year 2000 compliance. The department's audit re-ports also revealed that much of DOD's base level infrastructure, such as security systems, telephone switches, traffic control systems, and water and sewage treatment systems are vulnerable to Year 2000 problems.

These findings and risks are reflected in the Office of Management and Budget's assessment of DOD as a "Tier 1" agency, i.e., an agency showing "insufficient evidence of adequate progress." DOD senior management has been responsive to the GAO and internal audit findings and has taken an active, highly visible interest in implementing corrective actions. The senior management team has improved its oversight of the Year 2000 program so that it can more effectively assess program direction and take actions based on this assessment and known problems. However, DOD remains behind schedule in completing its systems remediation and is at considerable risk of being unable to successfully meet the Year 2000 deadline.

First Alert System

In preparing for the October 2, 1998 Hearing on General Govern-ment/ Emergency Services, the Committee staff formulated the con-cept of a Year 2000 problem early-warning system dubbed the “Y2K First Alert.” Similar to the National Weather Service’s storm warning and monitoring system, the Y2K First Alert would provide American citizens with the earliest possible warning of Y2K events that may threaten public safety or national infrastructure. Senators Bennett, Dodd, and Collins jointly expressed their support for the development of this concept during the opening re-marks of the October 2, 1998 hearing. First Alert would give citizens of the eastern United States up to 17 hours advanced warning of the effects of the Year 2000. Other Americans will have proportionately more warning the farther west they live. For example, citizens in Utah will have up to 19 hours of advanced notice while citizens of Hawaii and some citizens of Alaska will have almost a full day's notice. This system would be most useful for problems that occur at or very near midnight, December 31, 1999, which could be referred to as Y2K "prompt effects." These effects could occur in embedded systems in utilities, transportation, telecommuni-cations and other applications that had not been repaired. They could also occur in mainframe or information technology systems that serve a control or supervisory role that had not been fixed. When the century change occurs, a Y2K prompt effect may very quickly cause problems that might lead to some disruption of an important service.

The Y2K First Alert concept is feasible because of the arrangement of international time zones. A new day begins in the middle of the Pacific Ocean, 17 time zones earlier than Eastern Standard Time in the United States. If the Y2K bug is potent enough to cause immediate problems or “prompt effects” in information systems and embedded chips, the effect will not occur worldwide all at once. Rather, the problems will happen repeatedly in one time zone after another for one full day. For example, Y2K problems that occur at precisely 12:00 a.m. on January 1, 2000, in Wellington, New Zealand, are occurring while it is still only 7:00 a.m. on December 31, 1999 in the eastern United States. Systems and technology vulnerable to Y2K prompt effects in the eastern United States will not be affected for another 17 hours by the century rollover. The Committee believes it is imperative to use this advance notice that the United States has for the good of the nation. For instance, it would be very useful to know that utility and transportation problems are likely to occur based on our Y2K First Alert system before large segments of the population are away from their homes celebrating on New Year's Eve. The Committee has called for the government to implement this concept by coordinating the resources of the Departments of State and Defense as well as other departments and federal agencies that have resources and expertise to contribute to the system. Since the Committee issued its call on October 2, 1998 several parties have acted. FEMA has begun exploring the implementation of the concept. The telecommunications industry has begun developing a similar, private-sector concept named "Follow the Sun," and it now appears that the U.S. Air Force is pursing a related concept to meet its mission needs. Finally, the Canadian government announced in January 1999 that it plans to implement a similar concept.

Copyright 1988-2012  Richard Collins, All Rights Reserved