FOCUS ON THE YEAR 2000
THE SKY IS NOT FALLING,
BUT…
OUTSIDE EXPERTS SAY STATE AND AID ARE THE LEAST Y2K- READY AGENCIES IN THE FEDERAL GOVERNMENT
By WILLIE SCHATZ
so what's really going to happen next January if some computers can't distinguish the year 2000 from 1900? Armageddon? The End of Civilization? Or just another day at the office? Nobody seems to know, though lots of people have opinions. "Y2K disruptions could range from the mundane to the serious," Under Secretary of State for Management Bonnie Cohen told the Senate Special Committee on the Year 2000 Technology Problem in her March 5 testimony. Cohen added that the biggest problems may arise outside the U .S., but preparing for those is "a challenging undertaking because our knowledge of international Y2K risks is far from comprehensive."
The only problem is that no one really knows what's Year 2001 going to happen. How can they when nothing similar has gone down before ? And who can tell fact from fiction when the Internet buzzes with rumors of massive Y2K test failures that are complete fabrications, corporations minimize their real Y2K problems? "The good news is that talk of the death of civilization, to borrow from Mark Twain, is greatly exaggerated," the Senate Special Committee wrote. "The bad news is that…the Y2K problem is very real and that Y2K risk management efforts must be increased to avert serious disruptions."
This collective angst derives from programming decisions made decades ago at the dawn of the computer age. To save expensive memory space, early programmers used the last two digits of years rather than four, e.g. "90" for "1990." In the last decade, smart users realized their machines might not have a clue whether "00" signified 1900 or 2000.
Much of the sound and fury is directed at agencies of the federal government, which, as the world's largest computer user and buyer, is expected to lead the planet in practicing preventive Y2K medicine. Those agencies that took Y2K seriously as long as a decade ago, such as the Social Security Adminitration and the Small Business Administration, can sleep very soundly as the New Year’s Eve clock ticks louder. Other units, particularly the State Department and the Agency for International Development (AID), are feeling justifiable anxiety.
Failing Grades, Again
"The Department of State remains mired in the Jefferson era of quills and scrolls, and flickering candlelight," Rep. Steven Horn (R-Calif.), the chair of the House Subcommittee on Government Management, Information and Technology, charged in his Feb. 12 quarterly report on the executive branch's Y2K progress in solving the year 2000 problem. " Although the department increased its compliance rate by 25 percent this quarter, only 61 percent of its systems are Year 2000 compliant. A lot of work remains, and time is running short."
In fact, according to Horn's "report card" (cutely designed to resemble an elementary school report card), the State Department and AID are the only two agencies expected not to be ready for the millennium until after the year 2000 is over. State is expected to be Y2K-compliant in 2001; the AID compliance date is "unknown."
State Department officials have heard Horn's criticisms before. As in his previous six quarterly assessments, Horn gave the department a resounding "F" on his year 2000 progress report card. That placed the department in the same slow lane as the Department of Transportation (DOT) and AID, which also received "F"s. The grade seemed particularly galling to State's information technology officials, who contended their recent performance deserved at least a "D."
"Of course we're perturbed, because his assessment is not factual," said Dave Ames, the deputy chief le planet information officer in State's Bureau of Information agencies Resource Management. "I can't read Horn's mind. I have a hard time discerning his algorithm. And I really don't think he gets it. There hasn't been any contact between us. His staff called after the November grade (an "F", of course) about wanting to get together. They canceled two days before the planned meeting and haven't wanted to talk to us since."
If they had, they would have heard about State's work in educating "the American people" about the Y2K problem worldwide. The department's felt Jan. 29 "Y2K Worldwide Notice-Public Announcement" noted that, come Jan. 1, "some computer-based systems throughout the world may be unable to process information correctly, causing unpredictable results, including system malfunction." (See http://www.travel.state.gov/y2k_announce.html.) Businesses and governments actively addressing potential Y2K problems may experience little or no noticeable disruption of essential services, State said. But others with more limited expertise or resources could experience significant difficulties. The announcement added that in ill-prepared countries, Y2K could affect financial services, utilities, telecommunications, transportation and other vital services.
But even after its massive Y2K intelligence efforts, the department had to admit that "it is difficult to forecast where the Y2K problem will surface, and some problems could even appear before Jan. 1, 2000."
Although State has had a Y2K office since 1996, it apparently was somnolent until last year. New chief information officer Fernando Burbano reported for work in May. Ames was upgraded to a deputy assistant secretary and senior FS administrative officer John O'Keefe was assigned to monitor and to direct State's activities at its embassies and consulates. The department belatedly began to work on getting its compliance certification from the Office of Management Budget. Also last year, the accounting and consulting KPMG Peat Marwick won the bidding to assume some of the Y2K office's work, such as running the logistics and operating think the "war room." Cohen ordered a moratorium on 25 system development programs that are not related to Y2K to help keep Y2K in the IRM staff's crosshairs. State also put the pedal to the metal in replacing its decrepit information technology inventory.
Budget figures give some idea of when State started taking the problem seriously. The department's FY97 Y2K budget was a miniscule $500,000. Even a 320 percent leap for the next fiscal year left the agency with a piddling $2.1 million. Only with FY99’s $12 million has Ames felt he can make a difference, although this refugee from the mainframe world never met a dollar he couldn’t spend and considers the FY99 allocation "chump change." Eighty-nine percent of that money already was obligated when we spoke to him in March, a high figure considering that FY99 was not yet half over.
All that for an "F." But the extra funding and the extra bodies have started to make a difference. Ames in the department's February '99 quarterly report to the Office of Management and Budget told Bruce McConnell, the chief of the information policy and technology branch in the OMB's Office of Information and Regulatory Affairs (OIRA), that State's "overall progress this quarter warrants your reconsideration of State's Tier One status" (agencies not making adequate progress). Along with repeaters AID and DOT, State's fellow offenders this time included the Department of Defense, the Department of Energy and the Department of Health and Human Services. But State, at least, escaped the dungeon. "[I]n recognition of State's accomplishments," Cohen told the Senate Special Subcommittee; "OMB has upgraded the Department to Tier II (making progress but with concerns) from Tier Ion Y2K readiness."
"I'm not going to pull the wool over anyone's eyes," Ames said. 'We usually are behind other agencies' percentages. But we've got to deal with worldwide logistics. We've got over 260 systems to worry about. I think we've done an awful lot in a very short time."
But the State Department's improvement seems to be in the eye of the beholder. Using Rep. Horn's math, only 36 of State's 59 mission-critical systems -61 percent -were deemed "compliant." But department officials apparently think the subcommittee's mathematicians got it wrong. The department's February quarterly report to OMB claims 46 systems
"By March 31,1999 over 90 percent (55 systems) are projected to be fully implemented," the agency told O MB. "Of the remaining four systems, three [two FSN payroll systems and the Supply Automated Receiving System] will be completed in April 1999. The last mission-critical system (TDIS, the Travel Document Issue System used at all passport agencies to produce grade passports) has been scheduled for implementation in August 1999. However, our recently adopted two-prong approach combining remediation and replace strategies will allow for significant improvement in this schedule."
Ames claims such performance levels are now normal for the State Department.
"When I came last May we had three government staffers and eight contractors," he said. "Now we have eight staffers and 55 contractors. The program has grown tremendously. We've also got a strike force, the majority of who come from our subcontractors with [Computer Sciences Corp. and Federal Data Corp.]. Within the KPMG realm, we're considered the best practice Y2K effort. Their partners come to talk to my people. And we're sitting here with an "F?"It could be worse. They could be working for USAID.
Who Will Aid AID?
"AID remains buried at the bottom of our grade pool," Horn wrote in his Feb. 12 assessment. "That small agency has only seven mission-critical systems. [Mission-critical systems are those essential to keeping agencies in business.] However, not one of them is year 2000 compliant. Given its current progress, we aren't sure which millennium this agency is targeting for compliance. Agency officials, of course, disagree. They report that the work will be completed by September 1999. Don’t count on it."
AID workers know that tune. Like their State Department colleagues, they also have flunked every quarter since Horn started giving grades. They are not happy campers.
"If you look at the rules, no matter what we do there’s no way we’re not going to get an "F," said Darryl Owen, the consulting and information services division chief in AID’s Office of Information Resource Management (OIRM). "We can’t win. The grade is an artifact of politics, so we have to play with that. You’ve got hard dates and a line in the sane, so maybe it’s not that unfair.
"But there’s a little discordance between what the grade reflects in people’s minds—you guys are failing—and what’s going on a few levels down inside the box. There we’re not falling. The systems are working."
That not true, according to several members of a pilot user group at AID, who asked to remain anonymous. These long-time employees contend that the agency has severe problems affecting personal computers and serious critical systems deficiencies. They say too many rank amateurs with limited technical backgrounds are making too many important decisions about Y2K policy.
They also say management rarely communicates with labor: for example, the upper portion of the IRM ladder has never met with the pilot group. Such practices, they allege, spawn such disasters as AID’s notorious New Management System (NMS). The agency admits to spending at least $92 million for that system, which the General Accounting Office (GAO) in January’s USAID Challenges Report said "is not likely to be fully operational and compliant with federal accounting standards for several more years. Until then, USAID will not have accurate information to ensure that its operations and programs are being managed in a cost-effective and efficient manner." (Also see "NMS: A Financial Black Hole," AFSA News, March 1998.)
"I think our agency is exactly the mess Horn says it is," a veteran user said. "I see no evidence it will get better. We’ve got the same people doing the same things after his grades. Even that scrutiny makes no
"If the top administrators her really cared, they wouldn't have driven out so many international technology experts. There are very few world- class technicians remaining. They've destroyed the institutional memory. I think we're doomed. There's no chance of a [Y2K] solution before the end of the year."
A stark portrait, to be sure. But substantial outside evidence -if not evidence beyond a reasonable doubt-buttresses that gloomy inside view.
"USAID's computer systems in headquarters and in its field offices are not yet equipped to handle the Year 2000 problem," the GAO wrote in its January report. "USAID has not taken adequate steps to address this problem and has not developed contingency plans to ensure continuity of all of its mission-critical business operations. Although USAID has requested [$10.2 million in] supplemental funds to accelerate the Year 2000 compliance process, it continues to face a serious 2000 risk that its systems and operations could fail or be significantly degraded."
The GAO said it's unclear whether AID's compliance effort will be sufficient given the short time and the broad extent of system integration needed. AID's Y2K contingency program also is much too narrow. GAO adds that AID is concentrating its remediation efforts on the NMS--"a system [that] does not work as intended and has created problems in mission operations and morale"--and has not fully addressed systems developed separately by its worldwide missions and bureaus or the systems that it has funded in other countries.
The NMS was conceived as the panacea for AID’s computer woes. Before it crashed and burned, the system was going to consolidate accounting, budget, personnel, procurement, program operations and property management into a single, integrated network.
But the system never came close to achieving those goals. The agency activated it at headquarters in July 1996 and three months later turned it on overseas. The GAO also said AID did so despite knowing the NMS was neither fully operational nor adequately tested. "Consequently agency staff experienced chronic problems with the NMS, including excessively slow operation and difficulties transferring data" among computer applications. The GAO also said AID stopped using the NMS in its overseas missions but has continued to use its accounting module in Washington, despite a warning from the Office of the Inspector General (OIG) that doing so "leaves USAID vulnerable to losses from fraud or abuse and hinders USAID's ability to provide adequate assurance that it can account for resources."
So much for the good news. The bad news is that NMS was going to be AID's road to Y2K salvation. But GAO's report said NMS wouldn’t be fully implemented in this millennium. And even those parts of the NMS currently in place are "not immune to the Year 2000 problem and have already encountered many serious data-handling difficulties."
"Given that these various shortcomings suggest a high risk that USAID’s systems could experience disruptive failures, it is critical that the agency have Y2K contingency plans in place to ensure continuity of its business operations," the GAO warned. "However, USAID is only now beginning to prepare contingency plans after being criticized for poor progress in this area by the OIG. (The AID OIG declined requests for separate interviews for this story.) "Fixing the agency's Year 2000 problems will require focused management attention at the most senior levels of the agency."
Is anyone at AID listening to these warnings? Users say top administrators have treated the GAO's criticism the same way they have handled Horn's failing grades: fuhgeddaboudid. But Owen of AID's OIRM says new contractors, such as Computer Sciences Corp., and new managers, such as OIRM Director John Streufert, have so dramatically altered the previous regime that John Koskinen, the director of the President's Council on the Year 2000, has cited the agency for its belated "best
management practices." Even the NMS allegedly will be all caught up, notwithstanding the GAO's assessment. An internal AID document obtained by the author says the system "is expected to be Y2K compliant in July 1999, rather than the original September 1999 schedule." The same document said all of the agency's office automation software and approximately one-half of its PC hardware had to be upgraded for Y2K. The headquarters effort was expected to be completed by the end of March.
Maybe what we've got here is a failure to communicate. State Department officials get an "F" when they believe they deserve at least one grade higher. USAID is drawn and quartered by the Congress and by its worried investigative arm, yet blithely sails forth on what it perceives to be calm seas.
One thing's for sure, according to the Senate Special Committee: federal non-defense agencies have finally gotten the word that this potential crisis must be taken seriously. As a result, the pace of spending of Y2K emergency supplemental funds has skyrocketed in last few months.
The Millennial Guessing Game
Complicating all assessments of whether particular agencies are ready for the big day is that no one knows the real scope of the problem. As Under Secretary Bonnie Cohen said, "anything from the mundane to the serious" may occur.
A December '98 State Department memo said, "It is difficult to predict precise breakdowns." Telecommunications, movement of goods, difficulties with strategic raw materials and possible civil unrest may pose threats to U .S. economic and security interests.
"But the fact is much of the data available is anecdotal," the memo said. "It is also likely that assessments, even in industrialized countries, carry a substantial degree of uncertainty. For example, even though one industry, say the financial/insurance sector, has remediated and tested its systems, dependence on a non-compliant power supply may spell trouble."
So all State's overseas posts have been directed to evaluate their internal technology capability and their host’s infrastructure. The department wanted all posts to have submitted their Y2K contingency plans to their area geographic and to State’s Y2K office by April 16. And AID’s missions are supposed to be constantly evaluating remediation plans and contingency efforts in four categories: internal operations, program portfolio, partner status and host country.
But humans can only do so much.
"We can’t be responsible for the host’s country’s infrastructure," said an AID overseas planner, who requested not to be identified. "But we may be affected. No one’s worried about systems functioning within the four walls of our overseas ports. We’ve already done everything we can. And each mission knows the territory."
So even thought State is putting its systems through the most rigorous five-step assessment on the planet, and Foreign Service employees can be reasonably sure that their particular post won’t go down, bad stuff may still happen.
What system is most at risk? Only the Y2K spirit knows, and it isn't telling. Given that huge amounts of computer code are being written in one huge hurry, it’s safe to assume that bugs will emerge. One of the few predictions that we can safely make is that breakdowns are more likely to occur in host countries than in U.S. posts.
A Few Survival Tips
In the interim, State and AID officials insist their mission-critical systems will emerge with nary a scratch. They also stand by their security systems, which at press time were crafting final contingency plans that include elementary items such as testing generators to see if they will work on New Year’s Day.
The ultimate survival rule? When all else fails, go manual. Keep inventories by hand. Print out the Dec. 30 database, store it safely and keep it for the record. Print out personal banking records and all important personnel records. Make the biweekly
leave/earnings statements easily accessible and maintain them chronologically. Do the best you can with what you have.
Isn't that what the Y2K "problem" is really all about? As the Senate Special Committee on the Year 2000 said, the most frustrating aspect of the Y2K deadline is sorting fact from friction. There’s no doubt the problem is real. But no one’s sure how deep and how wide it is. Even at this late date there exist very few reliable technology readiness measures of infrastructure or industry sectors.
The American public seems to be thoroughly confused about what to expect. According to a March Gallup Poll, more than 85 percent say they have heard or seen "some or a great deal" about Y2K. Of those, 54 percent say they won’t fly on or around Jan. 1. Fifty-five percent think banking and accounting systems will go down and about one-third think the communications grid won’t communicate. Yet despite all this, 73 percent are confident in the government’s ability to upgrade and correct Y2K problems!
Just in case they’re wrong, though, 39 percent say they will stockpile food and water, 24 percent will buy generators or wood stoves, and although 80 percent say they won’t empty their bank accounts, 30 percent will withdraw and hoard a large amount of cash.
So where are we now? About where we started.
"The interdependent nature of technology systems makes the severity of possible disruptions difficult to predict," the Senate Special Committee said. "Consequently, the fundamental questions of risk and personal preparedness cannot be answered at this time."
Any further questions?
Return to Schatzgroup homepage