[Senate Hearing 105-617]
[From the U.S. Government Publishing Office]
S. Hrg. 105-617
UTILITIES AND THE NATIONAL POWER GRID
=======================================================================
HEARING
before the
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
UNITED STATES SENATE
ONE HUNDRED FIFTH CONGRESS
SECOND SESSION
on
THE READINESS OF THE UTILITY INDUSTRY, INCLUDING ELECTRIC AND GAS
UTILITIES, TO DEAL WITH THE YEAR 2000 TECHNOLOGY PROBLEM
----------
JUNE 12, 1998
----------
Printed for the use of the Committee
Available via the World Wide Web: http://www.access.gpo.gov/congress/
senate
_______________________________________________________________________
For sale by the Superintendent of
Documents, U.S. Government Printing Office
Washington, DC 20402
49-393 CC U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 1998
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
[Created by S. Res. 208, 105th Cong., 2d Sess. (1998)]
ROBERT F. BENNETT, Utah, Chairman
JON KYL, Arizona CHRISTOPHER J. DODD, Connecticut,
GORDON SMITH, Oregon Vice Chairman
SUSAN M. COLLINS, Maine JEFF BINGAMAN, New Mexico
TED STEVENS, Alaska, Ex Officio DANIEL PATRICK MOYNIHAN, New York
ROBERT C. BYRD, West Virginia, Ex
Officio
Robert Cresanti, Staff Director
Andrew Lowenthal, Acting Minority Staff Director
(ii)
C O N T E N T S
------
OPENING STATEMENT BY COMMITTEE MEMBERS
Hon. Robert F. Bennett, a U.S. Senator from Utah, Chairman,
Special Committee on the Year 2000 Technology Problem.......... 1
Hon. Christopher J. Dodd, a U.S. Senator from Connecticut, Vice
Chairman, Special Committee on the Year 2000 Technology Problem 4
Hon. Jon Kyl, a U.S. Senator from Arizona........................ 6
Hon. Gordon Smith, a U.S. Senator from Oregon.................... 8
DEMONSTRATION
Lynn K. Hobbie, vice president-marketing, Madison Gas and
Electric Co., Madison, WI, and Cole Price, Wisconsin Public
Power, Inc..................................................... 9
CHRONOLOGICAL ORDER OF WITNESSES
Hon. Elizabeth A. Moler, Deputy Secretary, U.S. Department of
Energy......................................................... 11
Hon. James J. Hoecker, Chairman, Federal Energy Regulatory
Commission..................................................... 13
Hon. Shirley Ann Jackson, Chairman, Nuclear Regulatory Commission 15
Hon. John A. Koskinen, Assistant to the President, and Chair,
President's Council on Year 2000 Conversion.................... 17
Louis J. Marcoccia, president, MTS/PeoplesSource; and consultant,
Duke Energy, Washington Gas, and Baltimore Gas and Electric.... 33
Michehl R. Gent, president, North American Electric Reliability
Council........................................................ 36
Charles D. Siebenthal, manager of Year 2000 Programs, Electric
Power Research Institute; Palo Alto, CA........................ 38
James A. Rubright, executive vice president, Sonat Inc. and
representative of the Interstate Natural Gas Association of
America........................................................ 41
Gary W. Gardner, chief information officer, American Gas
Association.................................................... 43
APPENDIX
Alphabetical Listing and Material Submitted
Bennett, Hon. Robert F.:
Opening statement............................................ 1
Prepared statement........................................... 53
Y2K committee survey results measuring Y2K preparedness of
Nation's largest utilities................................. 54
Dodd, Hon. Christopher J.:
Opening statement............................................ 4
Prepared statement........................................... 56
``Pentagon Faulted on Year 2000 Reports Investigators Find
Unreliable Accounting of Computer System Compliance,'' from
the Washington Post, June 12, 1998, by Stephen Barr........ 57
Gardner, Gary W.:
Statement.................................................... 43
Prepared statement........................................... 58
Responses to questions submitted by Chairman Bennett......... 64
Gent, Michehl R.:
Statement.................................................... 36
Prepared statement........................................... 64
Y2K Coordination Plan for the Electricity Production and
Delivery systems of North America.......................... 68
Appendix A--Letter to NERC from Secretary and Deputy
Secretary of Energy, May 1, 1998........................... 75
Responses to questions submitted by Chairman Bennett......... 76
Hobbie, Lynn K.: Demonstration................................... 9
Hoecker, Hon. James J.:
Statement.................................................... 13
Prepared statement........................................... 78
Responses to questions submitted by Chairman Bennett......... 81
Jackson, Hon. Shirley Ann:
Statement.................................................... 15
Prepared statement........................................... 82
Responses to questions submitted by Chairman Bennett......... 91
Koskinen, John A.:
Statement.................................................... 17
Prepared statement........................................... 93
Responses to questions submitted by Chairman Bennett......... 96
Kyl, Hon. Jon:
Opening statement............................................ 6
Prepared statement........................................... 98
Marcoccia, Lou:
Statement.................................................... 33
Prepared statement--part 1................................... 100
Prepared statement--part 2................................... 109
Letter to Chairman Bennett, June 16, 1998 111
Moler, Hon. Elizabeth A.:
Statement.................................................... 11
Prepared statement........................................... 111
Letter to Erle Nye, Chairman of the Board, North American
Electric Reliability Council............................... 114
Responses to questions submitted by Chairman Bennett......... 115
Moynihan, Hon. Daniel Patrick: Prepared statement................ 118
Price, Cole: Demonstration....................................... 9
Rubright, James A.:
Testimony.................................................... 41
Prepared statement........................................... 119
Responses to questions submitted by Chairman Bennett......... 127
Siebenthal, Charles D.:
Testimony.................................................... 38
Prepared statement........................................... 127
Responses to written questions submitted by Chairman Bennett. 134
Smith, Hon. Gordon H.:
Opening statement............................................ 8
Prepared statement........................................... 135
Additional Material Submitted for the Record
Statement of the National Rural Electric Cooperative Association. 137
(iii)
UTILITIES AND THE NATIONAL POWER GRID
----------
FRIDAY, JUNE 12, 1998
U.S. Senate,
Special Committee on the Year 2000
Technology Problem,
Washington, DC.
The committee met, pursuant to notice, at 9:38 a.m., in
room SD-192, Dirksen Senate Office Building, Hon. Robert F.
Bennett (chairman of the committee), presiding.
Present: Senators Bennett, Kyl, Smith, and Dodd.
OPENING STATEMENT OF HON. ROBERT F. BENNETT, A U.S. SENATOR
FROM UTAH, CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 2000
TECHNOLOGY PROBLEM
Chairman Bennett. The committee will come to order.
Good morning. Welcome to the inaugural meeting of the
Special Committee on the Year 2000 Technology Problem. This
special committee was formed pursuant to S. Res. 208,
introduced by both the majority and minority leaders of the
Senate on April 2, 1998, and which unanimously passed the
Senate. This bipartisan support is indicative of the fact that
we in the Senate recognize the serious nature of the Year 2000
problem and the potentially dire consequences to every citizen,
not only in this country but throughout the world.
We have become a highly automated society. Technology has
made our lives easier on the one hand, but highly dependent on
automation on the other. If we do not aggressively address the
Year 2000 problem, the consequences could be devastating.
Undetected bugs in embedded systems could be in everything
from microwaves to cars, to power generation facilities. The
jurisdiction of this special committee extends beyond the
public sector into the private sector.
As a result, this committee will hold hearings on important
business sectors of our economy, beginning today with the
utility industry, specifically gas and electric utilities this
morning. At subsequent hearings we will look into the Year 2000
preparedness of health services, telecommunications, financial
services, transportation, general government services, and
general business. We will also look into the legal liability of
firms that have become the subject of court suits due to Year
2000 technology problems.
I have some disturbing news to report this morning. In
order to prepare for today's hearing, I directed the committee
staff to conduct a formal survey. It was of modest proportions,
including only 10 of the Nation's largest electric, oil, and
gas utility firms. I wanted to know the status of their Y2K
preparedness.
Now, the survey, admittedly, is not statistically
representative of the entire industry, but it does include
geographically dispersed firms engaged in all aspects of power
generation and gas and electricity transmission and
distribution.
Together, the companies surveyed serve a population of over
50 million people in more than 3,000 municipalities, including
20 major airports and 3,000 hospitals.
I had anticipated that I would be able to provide a
positive report on the Y2K status of these public utilities,
which is why we did it. One of the functions of this committee
is going to be to allay false rumors and concerns as well as
expose genuine concerns and raise significant issues. However,
based on the results of the survey, I cannot be optimistic, and
I am genuinely concerned about the prospects of power shortages
as a consequence of the millennial date change.
I will share a few of the survey's findings.
Only 20 percent of the firms surveyed--since there were 10
firms, you can figure out how many that is--had completed an
assessment of their automated systems. One firm did not even
know how many lines of computer code it had to check. Experts
have testified before the Banking Subcommittee on Technology--
where Senator Dodd and I first became involved in this issue--
that any major firm that has not already completed its
assessment cannot hope to be Y2K compliant by January 1, 2000.
If that holds true with the utilities, we have 8 out of the 10
that are in serious trouble.
None of the utilities surveyed was assured after making
their inquiries that their suppliers, vendors, and servicers
would be Y2K compliant. Utilities are highly dependent on
services, suppliers, and other upstream activities to transmit
and distribute gas and electricity. In fact, many power
distribution companies are ultimately dependent on foreign oil
imports.
None of the firms surveyed had completed contingency plans
for Y2K-related eventualities. Even though all of these firms
are required by their regulators to maintain emergency response
plans, none had completed a Y2K contingency plan. My concern is
that they probably don't know what contingencies to prepare
for.
The last question on the survey asked for recommendations,
and one respondent, after making several, made the following
profound statement: ``Whatever actions are taken by Congress,
they must be done quickly, during this session, or they will
have no impact on the Y2K problem.''
I am personally concerned that the Y2K problem is not
receiving sufficient attention at this point in time except for
the absolute alarmists who are telling everybody it is too late
and they must dig up their backyards, bury a propane tank, and
prepare to become hunter-gatherers for the next 5 years. That
kind of attention is not going to get us where we need to be to
get the problem solved.
I am concerned that when it does become a matter of general
public concern it will be too late to bring pressure to bear on
the timely correction of the many Y2K problems that exist. My
greatest fear is that when it does become a matter of general
public concern, it will bring with it a measure of panic that
will be detrimental to effective and efficient remediation of
the problems that present themselves. That is why we are
holding this series of hearings, not only to raise the level of
awareness but at the same time focus on solutions so that the
panic can be alleviated.
Now, for the private sector, I define the Y2K problem in
much broader terms than what I see generally discussed and
reported in the trade press, where most of the Y2K stories are
showing up. The problem is more than a computer's ability to
function on January 1, 2000. It includes not only computers, it
includes embedded systems, such as process control units.
I have here a circuit board taken out of a PC, but it could
be taken out of any one of the process control systems that
abound in our society. It is a fairly standard circuit board.
It has in it one, two, three, four, five, six, seven, eight,
nine obvious chips--chips that were once circuit boards
themselves, but in the magic of modern technology were shrunk
down into tiny chips that could then be placed in this circuit
board.
Every one of those embedded chips is at risk of having a
Y2K problem. The estimates that we have of the number of
embedded chips that will fail because of Y2K go from a low of 2
percent to a high of 5 percent. We can relax, some people say;
that is a very small number. When you think of the billions of
chips that are in circuit boards like this one and say even if
2 percent of them fail, the impact could be significant. That
is a problem that has not received the amount of attention that
it should in the press so far.
I read a story recently about a major oil company that
tested one of its oil refineries. They found that the refinery
had 90 separate systems that used a microprocessor. Many of
these were key systems. Now, of the 90 systems, they were able
to come up with detailed documentation on 70. Of these 70, they
determined that 12 had date-dependent embedded chips, and of
the 12, 4 failed a Y2K test and will have to be replaced. And
had any of the 4 been in place on January 1, 2000, they would
either have completely shut down the plant or have caused a
high-level safety hazard which would have caused the other
safety systems to shut it down.
Now, what is really worrying the company's experts is the
other 20 systems. They don't know what functions the chips in
those systems have. They are leaning towards replacing them
all. This happens to be a relatively modern plant.
On June 8, U.S. News & World Report ran a story concerning
a Midwestern electric generation facility that was taken off-
line to test for Y2K compliance. When the test clock was rolled
forward to January 1, 2000, a safety system mistakenly detected
dangerous operating conditions and shut the generator down.
After 3 days, they reran the test, only to have a different
sector fail, shutting down the generators again.
USA Today ran an excellent article yesterday describing the
impact of the Year 2000 problem on other parts of the economy.
I could go on through the whole morning with these kinds of
examples, but I assure my colleagues I won't.
Now, another area of the Y2K problem is interfaces.
Interfaces sometimes exist between systems within a company,
and sometimes exist between a servicer, supplier, vendor, and
customer. It is important that Y2K remediation corrections
among these parties be compatible. It was possible that every
computer or chip in the chain be itself Y2K compliant and still
have the system fail because they can't talk to each other
properly.
Infrastructure plays an important supporting role for
almost any business. Utilities, as I have indicated, are
dependent on transportation, telecommunications, water and
sewer facilities, all of which are critical to their continuing
operations, all of which are open to Y2K problems.
Government services are frequently taken for granted, but
they also have challenges, and Senator Dodd pointed out there
is a story in this morning's paper that raises concerns about
the Defense Department, where apparently some systems are being
certified as Y2K compliant when, in fact, according to the
inspector general, they are not.
[The prepared statement of Chairman Bennett and the article
on the Defense Department can be found in the appendix:]
Chairman Bennett. Well, as I say, I could go on all
morning. I have probably reached the level of endurance on this
issue as far as my opening statement is concerned, so I will
now turn to our vice chairman, Senator Dodd, who has been a
stalwart in addressing this problem right from the first time
we uncovered it in the Banking Committee, and we are delighted,
Senator Dodd, to have you as the vice chair and ranking member
on this committee.
OPENING STATEMENT OF HON. CHRISTOPHER J. DODD, A U.S. SENATOR
FROM CONNECTICUT, VICE CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR
2000 TECHNOLOGY PROBLEM
Vice Chairman Dodd. Well, thank you very, very much, Mr.
Chairman, and I am delighted as well to be joining with you in
this effort and others of our colleagues, Senator Smith, who is
here this morning, and the other members of the committee. I
want to thank the leadership of the Senate, Senator Lott and
Senator Daschle, for their support for the establishment of--
Senator Kyl, Jon, I didn't see you there. I apologize. Senator
Jon Kyl as well is with us. I thank the leadership for their
support in establishing this special committee. This to many
people, I suppose, at the outset seems like an arcane subject
matter. In fact, it has been the subject of some humor, I
suppose, along the way. Just the title of it, the Y2K issue,
and the assumption that Bill Gates or someone else in Silicon
Valley would come up with a chip at some point here that would
just solve this problem and it would go away immediately and we
could all sit back and relax.
But I think as people now pay more and more attention to
it, you see stories like the one in the Washington Post this
morning identifying a very serious problem at the Defense
Department, and more and more articles begin to emerge. With
something a little more than 500 days remaining before January
1, 2000, more and more people are getting a larger sense of the
magnitude of this problem not only here at home but globally,
given the inter-reaction, the seamless web in a sense that ties
our economies together, our telecommunications, our
transportation systems. So this is a tremendously serious
subject matter, and we are very fortunate indeed that Senator
Bennett of Utah has taken this issue on and was certainly in a
lonely position 1 or 2 years ago in getting the Banking
Committee to establish a separate subcommittee and technology,
but really to focus on this question. So I am deeply grateful
to him, as I think all of our colleagues are, and the Nation
will be ultimately when we plow through these issues over the
coming months.
This is our inaugural hearing, and it is appropriately so
we are looking at utilities, and this is a very important issue
for the very simple reason that if we don't get this right,
nothing else works. If you don't have the power to generate
electricity, then every other issue we could talk about becomes
sort of moot.
I was back in Connecticut last weekend and noticed a fair
amount of advertising in my State, as I am sure is true around
the country, by various tourism groups asking the question:
Where do you want to be on New Year's Eve or New Year's Day the
Year 2000? What are your plans?
While I don't know where anyone else plans to be, let me
suggest three places you wouldn't want to be, in my view, based
on where we are today: you wouldn't want to be in airplane, you
wouldn't want to be in an elevator, and you wouldn't want to be
in a hospital, in my view. Barring some tremendous changes and
some accelerated dealing with these issues, those three places
pose some difficulties.
The fact is that with less than 18 months to go, I am very
concerned, as the chairman is and others are, that we are going
to face serious economic dislocations from this problem.
I am very, very concerned that even as Government and
business leaders are finally acknowledging the seriousness of
this problem, they are not thinking about the contingency plans
that they ought to be thinking about today--not waiting a year
from now, but thinking about them now--that need to be put into
place to minimize the harm from widespread failures.
Senator Bennett is fond of likening this committee to Paul
Revere. It is a good analogy. He says that we have to sound the
alarm that the millennium is coming. Well, today's hearing
should answer the question about whether there is going to be
any lights shining out of the Old North Church.
Some people have asked why we are starting our hearings
with the power industry. As I said a moment ago, it is rather
simple: Without electricity, nothing else works. And the power
industry provides a good model for thinking about the Year 2000
in a lateral rather than a vertical manner. By that I mean that
a corporate executive or Government official can't simply look
at the four corners of their business or agency and ignore the
outside world.
Say, for example, you took all the necessary steps to make
your home Year 2000 compliant: You updated your PC and
software, you replaced your answering machine, you determined
that the VCR and the microwave would still work, and you put a
brass knocker on your door as a contingency, just in case your
new modern doorbell didn't work.
Even though you were vertically complete, you still have to
worry about the electricity, your water, the mail, cable and
phone service, and on and on. That analogy illustrates, I hope,
the way business and Government must also think about the Year
2000 problem.
Since all the utilities are tied together in the power grid
and are dependent upon a whole series of steps in order to
function, it is an excellent illustration of how you cannot
simply focus on one's own company or agency, no matter how big
or little, and declare it to be Year 2000 compliant.
Senator Bennett mentioned that the special committee
conducted a survey of major energy producers, and it revealed
that we are not in very good shape.
Quite honestly, I think we are no longer at the point of
asking whether or not there will be any power disruptions, but
we are now forced to ask how severe the disruptions are going
to be.
Given the brevity of time left before the millennium
conversion, contingency planning has got to start today--not
just for the worst-case disaster scenarios but for all the
medium-sized disruptions that are more likely to occur.
One thing that I have noticed is that every company,
Government agency, or trade association that I have met with
over the past number of weeks has a very nice, neat chart
showing the timeline for completion of their Year 2000 project.
My deep concern is that those nice, neat little charts will be
blown to smithereens the moment they start testing their
repairs.
I have been constantly surprised by senior Year 2000
officials who say with one breath that testing will take just
as long as fixing the code, and say with the next breath that
they need only a few months for complete system testing after
fixing the system took years.
Now, while it took me a while to figure out the difference,
unlike the chairman of this committee, between an embedded chip
and a wood chip, I certainly can do enough math to determine
that there isn't a single company or Government agency that is
leaving itself any margin of error in these neat little charts
they are so fond of showing.
It has been said before, but I think it bears repeating:
Failure is simply not an option. If the critical industries and
Government agencies don't start to pick up the pace of dealing
with this problem right now, Congress and the Clinton
administration are to have to make some very, very tough
decisions to deal with a true national emergency.
Mr. Chairman, I thank you.
[The prepared statement of Vice Chairman Dodd can be found
in the appendix.]
Chairman Bennett. Thank you very much, Senator Dodd.
Senator Kyl, we appreciate your joining us. We realize for
all the Senators this is an additional burden to their regular
committee assignments, and we are glad to have the committee
that we do have.
OPENING STATEMENT OF HON. JON KYL, A U.S. SENATOR FROM ARIZONA
Senator Kyl. Thank you, Mr. Chairman. A burden we happily
assume, and I, too, want to commend you for your leadership in
this vital issue. There has been a fair amount of activity in
the Congress on the Y2K-related matters up to now, but really
it hadn't received the prominence that it deserves until you
brought this committee into being. And I want to thank you for
recognizing the need for the committee, for taking the time to
chair it, and for your personal commitment to the welfare and
security of our Nation.
In my Judiciary Subcommittee on Technology, Terrorism, and
Government Information, we have been examining threats to the
Nation's critical infrastructure, from terrorists and hackers
and foreign states employing new techniques of information
warfare. Clearly, at both the national and local level, we will
need serious and well-founded contingency planning for Y2K-
related disruptions to assure at a minimum the provision of
essential Government emergency services.
When on March 6, I asked John Koskinen, Chairman of the Y2K
Council, what the Government was doing in the area of
contingency planning, he wrote back that ``FEMA will take the
lead in assuring that the Federal Government is doing all that
is necessary to be ready should serious disruptions occur.''
But I had also written to James Lee Witt, the Director of
FEMA, the Federal Emergency Management Agency, to inquire about
their assessments of possible disruptions in the electric power
grid and their associated contingency plans. The FEMA Assistant
Director wrote back in May, saying: ``FEMA has performed no
assessments of the Y2K computer problem on the
telecommunications and electric power infrastructures. FEMA has
no contingency plans specifically designed to address network
interoperability or embedded chip failures in either the
telecommunications or electric power industries.''
Mr. Chairman, if the agency charged with the contingency
planning still has no contingency plans, then I submit either
the administration does not expect to have any emergency
preparedness needs that are Y2K specific or the Federal
Government has been delinquent in fulfilling its responsibility
to our citizens and needs to correct that deficiency
immediately. So the hearing you have called today is especially
timely.
I would also mentioned that at my urging the Federal
Communications Commission will be tasking the Network
Reliability and Interoperability Council to perform an
assessment of the Y2K readiness of telecommunications
infrastructure. I hope that the results of their study will be
available to this committee at our upcoming hearing on
telecommunications.
One last point. As the work of this committee progresses,
we should focus not only on problems but, as you have so often
reminded us, on opportunities. For example, some computer-
dependent industries and public utilities are getting the
opportunity to make much needed upgrades, which, if done
properly, may make them more resilient to other kinds of
disruptions in the future. Y2K is also prompting both private
and Government organizations to review their contingency plans
and improve their readiness against information system
failures, whether from internal glitches or deliberate attack.
And as we enter the next century, we will continue to build on
this vast technological landscape.
The Y2K problem is the first collective technological
challenge to our Nation. Like it or not, Y2K provides a
nationwide test bed for dealing with what the effects of a
deliberate attack on the infrastructure might look like. We can
benefit from this opportunity to enhance Government/industry
cooperation and endeavor to learn about its implications for
the reliability of our critical infrastructures. With well-
reasoned measures and working together, our Nation can come
through this challenge stronger, wiser, and better prepared.
[The prepared statement of Senator Kyl can be found in the
appendix.]
Chairman Bennett. Thank you, Senator Kyl.
Senator Smith, we welcome you also and look forward to your
opening statement.
OPENING STATMENT OF HON. GORDON SMITH, A U.S. SENATOR FROM
OREGON
Senator Smith. Thank you, Senator Bennett. In the interest
of time, I would just ask that my statement be included in the
record, and I will make a few brief comments, first to thank
you and Senator Dodd for your leadership of this committee. I
agree with the description of you as our Paul Revere on a very
important issue, and I am honored to be on this committee
because my State of Oregon, Senator Dodd, produces lots of
computer chips and wood chips. [Laughter.]
So in the interest of both of those important industries, I
am delighted to be here.
I am particularly interested in the comments our
distinguished panel might have on issues of rural
electrification as the computer grid might affect people in
rural communities. I am anxious that they are not left out of
this equation.
And I will end on one final metaphor. I think it is
attributed to you, Senator Bennett: Even if we fix our problems
as a country on the Y2K issue, we may find ourselves having
constructed a modern Tower of Babel when our Nation may not be
able to communicate very well with other nations who may not be
addressing this issue. But let's hope they do, and let's get
started for our country.
Thank you.
[The prepared statement of Senator Smith can be found in
the appendix.]
Chairman Bennett. We will include in the record the
statement of Senator Moynihan.
[The prepared statement of Senator Moynihan can be found in
the appendix. ]
Chairman Bennett. Thank you very much. I accept the Paul
Revere tag, but I must hasten to add the second half. I tell
people this committee must be Paul Revere, but we cannot be
Chicken Little. We can't give too much aid and comfort to those
who say the sky is falling and the problem cannot be solved.
The reason for the committee is to raise the awareness to the
point that we do get the problem solved.
Now, I would like to start today with a demonstration of
how the electric power industry works. We have a computer model
that can track power generation, transmission, distribution,
and demand. And I think it is instructive for us to see the
interdependency of the power supply system and what happens
when certain facilities are taken off line.
I have asked representatives from Wisconsin's utility
industry who are familiar with the PowerWorld model to provide
us with this demonstration based on a real power system. I say
in advance these people are not Y2K experts. We asked them in
the preview last night, well, what happens when Y2K came along?
And they said, no, no, no, we can just show you what happens
when a particular generating plant goes down. But this will
help us get an understanding of what would happen in the event
a facility did go down on January 1, 2000.
Following the demonstration, we will be pleased to welcome
our witnesses. I apologize for having all of the witnesses
sitting at the table simultaneously instead of bringing them up
one at a time. Frankly, we are doing this to save space in the
room because if we sit you at the table, that means another
seat for the people that are backed up who want to be here. We
didn't expect this big a turnout, and next time we will have a
bigger room.
But we will welcome the Honorable Betsy Moler, Deputy
Secretary of the Department of Energy; the Honorable James
Hoecker, Chairman of the Federal Energy Regulatory Commission;
the Honorable Shirley Jackson, Chairwoman of the Nuclear
Regulatory Commission; and pending his arrival, the Honorable
John Koskinen, who is Chairman of the President's Council on
Year 2000 Conversion. Mr. Koskinen has told us in advance he
had another assignment earlier, and we will just slip him in
when he arrives.
So, with that, we turn to our friends from Wisconsin, and
Cole Price and Lynn Hobbie will lead us through this
demonstration.
DEMONSTRATION BY LYNN K. HOBBIE, VICE PREIDENT-MARKETING,
MADISON GAS AND ELECTRIC CO., MADISON, WI, AND COLE PRICE,
WISCONSIN PUBLIC POWER, INC.
Ms. Hobbie. Thank you, Mr. Chairman.
Vice Chairman Dodd. You have to bring that microphone up
close to you now here.
Chairman Bennett. These microphones, we will tell you, are
1950's technology. My father and Senator Dodd's father both
spoke through these same microphones, for whatever that----
Ms. Hobbie. Well, let me know if you can hear me when I
speak. Does that work?
Vice Chairman Dodd. Senator Thurmond calls them ``speaking
machines.'' [Laughter.]
Gives you some idea how old they are. They are Y2K
compliant, though.
Senator Kyl. No chips in those.
Vice Chairman Dodd. No chips in those, I will tell you.
Ms. Hobbie. Thank you all for the opportunity, for letting
us use these speaking machines before you today. We appreciate
the opportunity to be here.
Again, I am Lynn Hobbie from Madison Gas and Electric
Company, an investor-owned utility in Wisconsin. With me is
Cole Price, from Wisconsin Public Power, Inc., a company which
supplies power to municipal utilities in Wisconsin. Thank you
also for heeding our claims that we are not experts in the
problems of Year 2000 compliance. Our expertise is in the
electric utility industry and how the interrelated electrical
systems function.
We are here today to show you a tool to begin your hearings
that we believe will help you visualize and better understand
how electric systems work. The tool is called PowerWorld. It is
a computer simulation model. It was developed by a consortium
of universities in Illinois.
You can see before you on the monitor a map of the major
transmission lines in the United States. And as you can see, it
is a very complex system. What you cannot see but need to know
is that this system is highly integrated, which means that
things that happen in one part of the system can and do impact
other parts of the system.
Mr. Price. If we zoom in on the map of the New England
region, we can see an illustration of how the system works.
Chairman Bennett. This is done for Senator Dodd's benefit?
Connecticut is there.
Mr. Price. An important feature of the electric system as
compared to the natural gas system is that electricity cannot
be stored. Electricity is a real-time industry. It must be
generated at the time it is consumed. A generator somewhere in
this region is running right now to light the power in this
room. The area we are most familiar with is Wisconsin. If you
continue to watch the monitor, it will come right up,
hopefully.
So we are going to show you a model of a situation that
Wisconsin faced last summer. That situation was an extreme case
and is not typical, but it is useful to demonstrate that the
system has physical limitations and that different parts of the
system can be vulnerable in different situations and under
different conditions.
The day model is a very hot day. Multiple generating plants
were out of service in our region for various reasons.
Vice Chairman Dodd. Pull that microphone close to you now,
Mr. Price. I am having a hard time hearing you.
Mr. Price. And we had a limited ability to import power
into Wisconsin from other States. Because of the location of
the power plants that were out of operation, combined with the
physical limitations of the transmission system, we had some
low voltage problems in the region. Those are shown by the red
colors around the power lines.
If during that time we had lost a large power plant in the
southern part of the State, as I will now demonstrate--now, I
just turned of a power plant that is on the map as shown in
Michigan, but it is actually located down here in the southern
part of the state. I draw it over in Michigan to have easy
access to the units.
Our situation would have worsened in this model. You can
see the deeper red colors representing that worsened situation.
If instead we had lost a smaller power plant in the
northern part of the State, we could have experienced
blackouts. And now I am taking off a unit that is located
closer to the problem.
If you can't read that, it says, ``The system can no longer
supply the load. Blackout.'' This shows why location rather
than size or fuel of the power plant is a key factor.
Now, this is just a model and does not reflect the
automated safety features that electric systems have in place.
In real life, instead of a complete system collapse, protective
measures would automatically kick in, and instead we would deal
with this situation by having rolling brownouts.
Ms. Hobbie. Again, this is a single example. PowerWorld as
a tool can demonstrate many different electric system
situations, and we have shown you only one. But in closing, let
us leave you with these key points about our industry.
The electric system is, in fact, very complex. It is highly
integrated. Events that happen in one location can impact other
locations. It is a real-time industry, and it has physical
limitations. And all of these characteristics need to be
considered in understanding the challenges of Year 2000
compliance within this industry.
If you have any questions, we would be happy to take them;
otherwise, thank you very much for your time.
Chairman Bennett. Thank you very much. The deepening and
spreading read area is enough to get our attention.
Secretary Moler, we appreciate your being here and welcome
you.
Vice Chairman Dodd. Could I just ask one question before
you go? I am curious. You show Wisconsin and you show the
Connecticut-New England area. Basically, you--are you localized
to some extent there so that to the extent there is a power
system that shuts down or fails in the New England area, that
would really just affect that geographical area? Or is there a
danger of that spreading across the country in any way
creating, you know, less serious problems but nonetheless--when
you say integrated, is it integrated nationally or regionally?
Mr. Price. It depends on the severity of the outage. For
the most part, outages are contained and localized to as small
a region as possible. But if you were to lose control of an
outage, it could cascade through and to other regions. But that
is usually unlikely.
Vice Chairman Dodd. OK.
Chairman Bennett. Secretary Moler.
STATEMENT OF HON. ELIZABETH A. MOLER, DEPUTY SECRETARY, U.S.
DEPARTMENT OF ENERGY
Ms. Moler. Thank you, Mr. Chairman and members of the
committee. It is an honor for me to appear before you today at
the committee's inaugural hearing. You have asked me to focus
on the readiness of the utility industry, including electric
and gas utilities, to deal with the Year 2000 technology
problem.
Before I turn to the specifics of my testimony, let me
commend you, Mr. Chairman, as well as Senator Dodd, the
committee's vice chairman, and the other members of this
special committee, for your willingness to invest your time and
energy on this important subject matter. Computer technology
has become a pervasive part of our society and our Nation's
well-being. Both technologists and leaders in all sectors of
our society must work together to ensure that we are investing
adequate energy and resources in addressing this important
potential problem.
President Clinton and Vice President Gore have paid
particular attention to the need to address the Year 2000
issue. They personally recruited the former OMB Deputy Director
for Management, John Koskinen to chair the President's Council
on Year 2000 Conversion, and you will hear from him today. The
President and the Vice President have spoken repeatedly on the
need for both Government and the private sector to address this
issue. Back in February, when the President's Year 2000
Conversion Council was being formed, the Vice President met
personally with the members of the President's Management
Council, on which I serve, to discuss the Year 2000 problem and
made it very clear that we, as managers, must pay particular
attention to this issue.
We have used the Year 2000 Conversion Council as a vehicle
for the administration to identify the administration's key
participants who will focus on various sectors of our economy
and to divide up the work. The Department of Energy has agreed
to take the lead on the electricity sector, so my testimony
today will focus on that sector. The Federal Energy Regulatory
Commission has agreed to take the lead on the oil and gas
subgroup, so you will hear from FERC Chairman Jim Hoecker on
that sector.
Electricity is, of course, one of those ubiquitous things
that Americans take for granted. It is also the lifeblood of
our modern economy. Simply put, our Nation depends upon a
reliable supply of electricity. We cannot afford to have the
Year 2000 technology issue disrupt our Nation's supply of
electricity.
Our domestic electricity industry has a long and proud
history of bringing reliable, affordable supplies of
electricity to American consumers. The industry has its own
reliability organization, the North American Electric
Reliability Council, which was formed in the aftermath of the
1965 Northeast power outage. When I think about reliability
issues, having spent some time as a Government employee
worrying about this sector, I automatically think of NERC. It
is the industry organization that has been responsible for
electric reliability for the past 30 years. NERC is a privately
chartered, industry-run organization. While the
administration's Comprehensive Electricity Competition Plan
calls upon Congress to strengthen the Government's authority
and oversight of NERC, at present there is little in the way of
either Federal or State regulatory authority to address
reliability issues.
Consequently, when the Department of Energy agreed to take
the lead in assessing the electricity sector's Year 2000
readiness, Secretary Pena and I, naturally, turned to NERC. On
May 1, we wrote to Erle Nye, the current chairman of NERC. We
asked NERC to undertake a comprehensive assessment of the
industry's Year 2000 readiness. NERC agreed to our request and
has taken on the key task of assessing the industry's state of
readiness and coordinating the industry efforts, including
contingency planning.
As the NERC testimony acknowledges, our request prompted
NERC to coordinate otherwise dispersed industry studies about
the implications of this issue. Senator Dodd's observations are
right on the mark. The companies have been thinking
individually, and in the case of NERC, they had been thinking
regionally already. But there was no overall coordinated
nationwide assessment of this issue.
We expect to receive an interim report in September and a
complete assessment next July. I want to assure the members of
the committee that we will monitor NERC's progress along the
way. Our staff is having weekly meetings at the present time
with NERC.
Let me emphasize, however, that the Federal Government
cannot solve this problem. It is up to the industry itself to
do so. Every leader, every officer, and every manager in this
industry must feel a sense of responsibility for addressing and
solving this problem. That is the only way we will get it done.
The Government's primary role is to promote industry efforts,
without getting in the way or creating needless bureaucratic
hurdles that distract attention rather than add value.
The American people have the right to expect the
electricity sector to be prepared for a smooth Year 2000
transition. People can dream up doomsday scenarios of what
might happen if the industry is not ready. We need the facts,
not doomsday scenarios. Once we know what the facts are, we can
go from there to solve any problems that emerge. Ultimately,
the electricity industry itself bears the primary
responsibility for addressing the challenge of assuring a
smooth transition through the critical dates surrounding the
Year 2000 issue, as well as the skills and knowledge needed to
meet that challenge.
Government's role is to facilitate their efforts by
promoting the sharing of Year 2000 information within the
industry, its companies, suppliers, consultants, and State and
local regulators. We can help disseminate what is known in
other industries about similar products and problems, and we
can maintain an awareness about factors external to the
industry upon which energy depends. We can also help to keep
Government speaking with a consistent, hopefully calm, voice
and cooperate with other levels of Government to minimize
requirements that do not add value.
This completes my prepared remarks, Mr. Chairman. I would
ask that my complete testimony be included in the committee's
hearing record, and I look forward to hearing from my
colleagues and would be pleased to answer any questions at the
appropriate time.
Thank you.
[The prepared statement of Ms. Moler can be found in the
appendix.]
Chairman Bennett. Thank you. Your full statement will
appear in the record, and we are grateful to you for your
appearance here today and your preparation.
Mr. Hoecker, I apologize for mispronouncing your name, and
we look forward to your presentation and appreciate your being
here today.
STATEMENT OF HON. JAMES J. HOECKER, CHAIRMAN, FEDERAL ENERGY
REGULATORY COMMISSION
Mr. Hoecker. Thank you very much, Mr. Chairman, and thank
you for the opportunity to appear before this special committee
to discuss Year 2000 readiness and the energy industry, and the
oil and natural gas business in particular. Mr. Chairman and
Senators, it is my view that your leadership will be
immeasurably helpful in marshaling private resources to address
this issue. I therefore applaud your efforts to raise awareness
of the Year 2000 challenge.
Today I will focus briefly on the state of our
understanding of what is being done with respect to the Year
2000 challenge for energy businesses and what this Commission
is doing in coordination with the President's Council on Year
2000 Conversion to encourage industry to take steps to ensure
that our Nation's critical energy services will not be subject
to unplanned interruption or that any such interruptions will
not be unduly disruptive.
Whether the Year 2000 challenge represents a crisis, as GAO
has characterized it, or a technical matter that can be swiftly
diagnosed and addressed, a failure to fully understand now the
potential seriousness of the issue for energy companies may be
the greatest problem we currently face. Cooperation and
communication are therefore necessary in order to assess the
nature and dimensions of the problem, to formulate development
and testing of solutions, and set in place timely operational
contingency plans that will avert any loss or prolonged loss of
service, including electric transmission and sales and
interstate gas and oil transportation.
Unfortunately, the extent of completed Year 2000 work
within the energy industry is largely unknown. To date, most
available information is anecdotal, with very little empirical
data being available on completion of conversion and testing.
Compilation of this information has been inadequate. Larger
energy companies and some industry associations have promoted
awareness of Year 2000 issues and in some cases have shared
information about the readiness efforts. The state of awareness
and planning of smaller companies, regulated or unregulated, is
less certain, however.
The FERC is working cooperatively with other Federal
agencies as a member of the President's Council on Year 2000
Conversion. Through participation in the Council's energy
working group, the Commission has been designated leader for
the oil and natural gas sector.
On June 5, 1998, the oil and gas sector of the energy
working group held a meeting with representatives of trade
associations and various research and standards boards who
represent the oil and natural gas industries. The meeting
participants agreed that Year 2000 Conversion readiness should
focus on: First, safety; second, reliable delivery of energy
products; and, third, accurate accounting and billing.
Separately, FERC is also developing an outreach program for
the Commission's regulated entities and industry associations,
in coordination with the energy working group.
Information about Year 2000 readiness may be difficult to
obtain. Fear that the information may be commercially
sensitive, that certain liability issues may arise, or even
that collaboration on this problem may expose companies to
antitrust actions is clearly inhibiting disclosure. Moreover,
it appears that even when companies share operation of common
delivery networks, information about Year 2000 work is not
often being disseminated between or among these companies.
It nevertheless appears to me that gas and oil companies
are willing to act in good faith to address this issue
promptly. We hope to encourage companies to make more
information available to the general public, including their
assessment of how serious they think the problem is, what is
being done to address it, and what is expected to happen on
January 1, 2000. If companies can be persuaded to submit
information in protected form to third-party organizations like
the Natural Gas Council, the Gas Industry Standards Board, or
the American Petroleum Institute, industry participants will be
able to develop a greater sense of confidence that they are not
at risk for the inactions of others. The Commission can then
make information on Year 2000 remediation available through the
FERC Web site and the energy working group web site.
In the end, I clearly subscribe to the administration's
views, as described by Deputy Secretary Moler, that energy
industry participants have the responsibility for addressing
this problem. There should be no competitors when it comes to
this critical issue, critical to the public welfare.
We believe the Commission has an important role to play,
however, and I view it as the Commission's responsibility to
the American people to help alleviate this potential threat to
the reliability of our energy systems.
I look forward to your questions, and thank you for asking
me to be here today.
[The prepared statement of Mr. Hoecker can be found in the
appendix.]
Chairman Bennett. Thank you very much.
Ms. Jackson, we welcome you. We appreciate your being with
us.
STATEMENT OF HON. SHIRLEY ANN JACKSON, CHAIRMAN, U.S. NUCLEAR
REGULATORY COMMISSION
Ms. Jackson. Thank you. Mr. Chairman, members of the
special committee, I am pleased to be here to discuss with you
the status of the U.S. Nuclear Regulatory Commission (NRC)
response to the Year 2000 computer problem for nuclear power
plants. I would like to begin by thanking you, Mr. Chairman,
Mr. Vice Chairman, and members of this special committee, for
taking on this critical task and for heightening Government,
business, and public awareness of Year 2000 computer issues.
In general, NRC efforts on the Year 2000 problem can be
divided into three basic areas: our efforts internal to the
NRC; our interactions with our reactor licensees and the
nuclear power industry; and our broader actions to address the
issue of a reliable electrical grid.
The NRC is working to ensure that all of our agency
mission-critical systems that relate to power reactor
licensees, seven systems in total, will be Year 2000 compliant
so that our communications and data interfaces will continue to
function properly. The one NRC system linked directly to
operating nuclear power plants is our Emergency Response Data
System, or ERDS, which transmits near real-time data to NRC
incident response personnel during declared emergencies. The
NRC currently is upgrading ERDS to be Year 2000 compliant. The
upgrade is on schedule for full implementation by March 4,
1999. Each of our other mission-critical systems also are on
schedule to be Year 2000 compliant in accordance with OMB
guidelines, with three systems currently being repaired and
three being replaced.
The potential impact of the Year 2000 problem on nuclear
power plants varies with the types of computer systems in use.
Our licensees rely upon: First, software to schedule
maintenance and surveillances; second, programmable logic
controllers and other commercial off-the-shelf software and
hardware; third, digital process control systems, such as pump
or valve controllers; fourth, digital systems for collecting
operating data; and, fifth, digital systems to monitor post-
accident plant conditions.
Examples of systems and equipment most likely to be
affected by Year 2000 problems include plant security
computers, plant process systems, and radiation monitoring
systems.
Since 1996, the NRC has been interacting with industry
organizations to address the Year 2000 problem. This
interaction has included issuing an NRC Information Notice in
1996, holding workshops and numerous meetings on the issue, and
developing a standard review plan for NRC staff use in
reviewing licensee Year 2000 readiness.
In addition, the Nuclear Energy Institute, NEI, has taken
the lead in developing industry-wide guidance which the NRC
subsequently reviewed and approved. This guidance presents
nuclear power plant licensees with an acceptable approach for
addressing the Year 2000 problem.
To obtain confirmation of licensee action on the Year 2000
problem, the NRC has issued a generic letter, which has
regulatory force, requiring a written response from each
licensee. A copy of that generic letter is being provided for
the record. The initial response from each licensee is due in
August. This response must provide written confirmation that
the licensee is implementing a Year 2000 program, which
includes scoping, prioritization, assessment, remediation,
testing, and contingency planning. Licensees who elect to use a
different Y2K program than that described in the NEI guidance
are required to present a description of their programs to
ensure that their computer systems will be ready for the Year
2000. In addition, each licensee must submit confirmation in
writing by July 1, 1999, that its facility is or will be Year
2000 ready by the Year 2000.
In addition to these written responses, the NRC will
conduct special sample inspections at 12 nuclear power plant
sites to verify that effective actions are being taken. These
inspections will begin in September of this year and continue
into early 1999. They will be conducted by instrumentation and
control system specialists from our Office of Nuclear Reactor
Regulation, who will receive specific training on the Y2K
problem. The inspections will be conducted in accordance with
guidance in a temporary instruction which currently is in draft
form and will be issued in August. The inspection guidance is
based on the program described in the NEI guidance document.
Inspectors will, in fact, verify scoping, prioritization,
assessment, including testing for Y2K problem susceptibility,
remediation and modification testing. The inspectors will also
review licensee-identified contingency plans. The site selected
for inspection will be determined based upon licensees' initial
responses to the generic letter, the safety significance of
known issues, the type of reactor, plant location in order to
cover all NRC regions, as well as input from observation by our
site resident inspectors.
The NRC recognizes, however, that despite every reasonable
effort by licensees to identify and correct Year 2000 computer
system problems at their facilities, some software
applications, embedded systems, equipment, may remain
susceptible to the problem. Therefore, as I noted earlier, to
ensure continued safe operation of a facility into the Year
2000 and beyond, we expect licensees to formulate contingency
plans for affected systems and equipment.
Our concept of Year 2000 readiness includes the planning,
development, and implementation of site-specific contingency
plans or compensatory actions for items that are not expected
to be Year 2000 compliant.
Although our primary interactions with licensees in this
area have focused on reactor safety, we recognize that the Y2K
problem also may have the potential to affect the reliability
of electrical grids. Nuclear power reactors are designed with
at least two independent sources of off-site power. Even if all
off-site power is lost due to a transient on the electrical
grid, on-site power systems are designed to circumvent
challenges to plant safety systems by providing adequate
electrical power to safely shut down and cool the reactor.
I should also add that nuclear power plants, particularly
the larger ones, are also very robust in terms of being able to
withstand transience on the grid.
As you know, NRC regulatory oversight and authority does
not extend to the off-site electrical grid system. On the other
hand, we recognize the need to ensure that grid reliability
concerns are identified and resolved. We support the efforts of
the President's Council on Year 2000 Conversion and our members
of the Energy Working Group. We will continue to work closely
with the Federal Energy Regulatory Commission and the
Department of Energy on any potential problems associated with
the Year 2000.
This concludes my oral testimony. We have submitted a
complete written statement, and we ask that it be included in
the hearing record together with the generic letter, and we
look forward to working with the special committee and to
addressing any questions this morning.
Thank you.
[The prepared statement of Ms. Jackson can be found in the
appendix.]
Chairman Bennett. Thank you very much, and your full
testimony will indeed appear in the record.
Mr. Koskinen, we are delighted that you have joined us, and
we look forward to your testimony.
STATEMENT OF HON. JOHN A. KOSKINEN, ASSISTANT TO THE PRESIDENT,
AND CHAIR, PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION
Mr. Koskinen. Thank you, and good morning, Mr. Chairman and
members of the panel. I am pleased to appear with this
distinguished panel before the committee this morning to
discuss the activities of the President's Council on Year 2000
Conversion and the Year 2000 problem's implications for the
energy industry. Let me begin, however, as the other panel
members have, by expressing my support for the work of this
committee. I am confident the committee will play a key role in
helping to address the Year 2000 problem, and I appreciate your
commitment to focus not only on Year 2000 activities within the
Federal Government, but in the private sector as well, where it
is clear we face a real challenge in raising awareness among
small- and medium-size organizations.
I would also like to express my appreciation to you, Mr.
Chairman, and to Senator Dodd for the work you both have done
through the Senate Banking Committee to increase awareness of
the problem in the financial services industry.
As you know, like the financial sector, energy is a key
part of our Nation's infrastructure. While people in other
sectors are focused on ensuring that their systems and date-
sensitive embedded chips are ready for the new millennium, that
work will be irrelevant if we have power failures on January 1,
2000. To prevent such an outcome, we need to work together in
an ongoing dialog with the industry to raise awareness of the
problem and to facilitate information exchanges. Today's
hearing is a valuable contribution to that dialog.
As you suggested in your invitation, Mr. Chairman, I would
like to give you a brief overview of the Council's activities.
As you know, I returned to the Federal Government in March to
chair the President's Council. The Council's mission is
twofold: To assist Federal agencies as they work to prepare
their systems for the new millennium, and to coordinate agency
efforts to increase awareness of the problem among private
sector entities, State and local governments, and international
organizations.
While several of the agencies confront significant
management challenges, I am confident that the vast majority of
Federal mission-critical systems will be ready for the Year
2000. Many agencies are already making excellent progress.
According to the most recent OMB quarterly report, 71 percent
of mission-critical systems in the nine agencies assigned OMB's
highest ranking are already Year 2000 compliant--9 months ahead
of the Government-wide goal.
An important fact in our favor is that senior managers in
the Federal Government are very much aware of the Year 2000
problem. I have met individually with the heads of more than 40
Federal agencies, and their agencies are working hard to ensure
that Federal systems are compliant.
One of the things I emphasized in my meetings with the
agency heads was that, while it is very important for agencies
to focus on fixing their own systems, they also have an
obligation to reach out to organizations within their policy
areas to increase awareness of the problem and to offer
support. We decided that, to be most effective, we needed to
build on existing organizational relationships between agencies
and outside groups, which in many cases are their normal
constituencies.
The Council has organized itself to take advantage of these
relationships. We have identified roughly 30 economic sectors
and enlisted agencies that have policy interests in, or
connections to, those areas to chair working groups for those
sectors, to increase awareness of the problem, and to offer
support. In particular, agencies are working with industry
trade associations, which have unique capabilities for
communicating with their members about the problem, as well as
with individual companies, State and local governments, and
international institutions.
For example, the Transportation Department will soon be
holding an Intelligent Transportation Systems summit in
Washington that will bring together industry leaders, State and
local transportation officials, and transportation technology
suppliers to discuss solutions for possible Year 2000-related
disruptions in the operation of traffic control systems. And
just last week, the Federal Communications Commission held a
roundtable of industry leaders to discuss the Year 2000
problem's implications for public safety systems.
We are also using other leverage points in our outreach
efforts. There are organizations that, by virtue of their
actions or opinions, can be a powerful influence to encourage
others to ensure that their systems are ready for the new
millennium. Therefore, I have met with several rating agencies
and the Year 2000 Task Force of the American Institute of
Certified Public Accountants to encourage them to reiterate to
their clients the importance of addressing the Year 2000
problem.
The Council has formed working groups to coordinate agency
outreach activities in several key areas of the Nation's
infrastructure that require an intensified focus. We have
working groups that cover telecommunications, financial
institutions, workforce issues, emergency services, and energy.
I will address the energy working group's activities in greater
detail momentarily, but let me begin by noting that the
telecommunications group, chaired by the FCC and GSA, is
working with industry groups and the Nation's largest
telecommunications service providers to minimize any
disruptions to the communications networks we have all come to
rely upon.
For financial institutions, chaired by the Federal Reserve,
the working group is focusing on addressing the problem not
only with U.S. banks but with the securities industry, mortgage
companies, and Government-sponsored entities.
The Labor Department chairs the workforce issues group,
which is focused not only on monitoring the Federal
Government's supply of workers for its Year 2000 remediation
activities, but on ways to help mitigate some of the potential
Year 2000 workforce shortages in the economy as a whole.
The emergency services working group, chaired by the
Federal Emergency Management Agency, is concentrating on
ensuring that State and local emergency response officials are
addressing the Year 2000 problem.
Because it is such a critical part of the Nation's
infrastructure, we are very concerned about Year 2000 progress
in the energy industry. The wide range of companies active in
the production and transportation of power, which include
investor-owned utilities, publicly owned utilities, Federal
power marketing associations, and oil and gas producers, makes
the challenge of outreach all the more difficult.
As a result, as you have heard, the Council has taken the
step of appointing two chairs in the energy area: the
Department of Energy, as Secretary Moler noted, is chairing
that portion of the energy working group's activities for
electric power, and the Federal Energy Regulatory Commission is
chairing the operations for oil and gas. The entire group is
working to engage industry in an ongoing dialog about the level
of awareness, assessment, and remediation that is underway, and
is offering to coordinate the activities of all Federal
agencies in this area. Again, as Secretary Moler noted, while
the Government does not have direct control over most of these
organizations, we can play an important role in facilitating an
information exchange on Year 2000 best practices and shared
experiences among those in the industry.
We are also very concerned about the implications of date-
sensitive embedded chips for the energy industry. Some of these
chips help to carry out critical functions in power plants and
oil production facilities, and we are encouraged that the
industry recognizes the importance of this issue.
Thus far, we have been delighted with the response we have
received from various energy trade associations. As noted, the
working group has met with the North American Electric
Reliability Council, which has agreed to be our contact with
the electric power industry. In a meeting last week, the
American Petroleum Institute and the Natural Gas Council agreed
to use their capabilities as umbrella organizations to raise
awareness of the problem within their industries and to survey
the progress of their members. While it is difficult to make
estimates at this stage in the process, the consensus is that
the largest companies in the energy industry are actively
working to ensure their ability to function as we move into the
new millennium.
There is no doubt that the Year 2000 problem poses a
significant challenge to the global economy. I am confident
that Federal agencies will live up to their end of the bargain,
both in fixing their critical systems and in increasing
awareness beyond the Federal Government. As I have often said,
there is no guarantee that every critical system will be fixed.
But if we work hard and if we work together, I think we will be
well positioned to achieve our ultimate goal of ensuring that
any inconveniences caused by the Year 2000 problem will be
relatively minor.
I thank the committee again for its interest in this issue.
You are making a valuable contribution to the public dialog
about the matter, and I look forward to working with you. I
would be happy to answer any questions that you may have. And
as the other witnesses noted, I would appreciate it if my full
statement could be entered into the record.
[The prepared statement of Mr. Koskinen can be found in the
appendix.]
Chairman Bennett. It will be so ordered.
Mr. Koskinen and I speak weekly either face to face on or
by telephone and sometimes both, as we are making every effort
to see to it that the excellent work he is doing within the
administration is well-coordinated with the work that we are
trying to do on the Hill.
I have a number of questions. Let me first ask all of you
if you would respond to questions that would be submitted to
you from the committee.
You all heard except for you, Mr. Koskinen, my opening
statement, and the summary of the survey that we took on behalf
of the committee. I apologize that the survey was not finished
in time for me to give it to you prior to your attendance at
the hearing but, nonetheless, I would appreciate it if you
would respond to what you heard as I opened the hearing.
To remind you this is not a got'cha-kind of test, were you
listening. I will repeat the three major findings that we got
from the survey: A lack of completed assessments, a lack of
assurances that Y2K compliance would be there from servicers,
suppliers, and vendors, and a lack of contingency plans.
First, does this result surprise you? And, second, do you
have any reactions, contradictions, comments, what have you?
Secretary Moler, perhaps we begin with you.
Ms. Moler. The lack of completed assessments surprises me.
The lack of assurances that particular software and replacement
chips, if you will, does not surprise me because of the time
that I have spent on this issue.
We do not have the knowledge, certainly in the Federal
Government, whether the software suppliers, in particular, will
meet the promises they have made for replacement systems. That
is actually one of the reasons why in Federal circles we have a
March 1999 deadline for completing things rather than a say,
November or December 1999 deadline. So, that we have our own
surveys and we have plans to complete our own work well ahead
of a time that the issue becomes critical for Federal systems.
On contingency planning, I think that the recognition is
just dawning for lots and lots and lots of groups that
contingency planning is a critical part of preparedness in this
area.
Chairman Bennett. If I may, from the visits that I have
made and I have been into two plants now, a nuclear plant in
California and then a nuclear plant connected with New York
Power Authority who are involved with fossil fuel generation as
well as hydro-generation. There are suppliers other than
software suppliers that are in the chain that are vital. And I
would hope, as we talk about their need to check with
suppliers, we do not just focus on software suppliers.
The plant in San Onofre that I visited gave me a fairly
detailed list of all of the suppliers that they had checked,
including municipal water systems. They said we cannot run this
plant if we cannot get any water. Checking the people who
provided their security system, what happens if the Y2K problem
locks everybody out on New Year's Day and no workers can get
into the plant? We have had examples of that kind of failure
occurring from people who have tested for it.
So, I hope when we use the term, servicers, suppliers, and
vendors, we realize that it is all across-the-board and not
just in the computer world.
Mr. Hoecker, did you have a response or a reaction?
Mr. Hoecker. Yes, Mr. Chairman.
Speaking for the Commission, where we believe all our
systems will be 2000 compliant by this time next year, what we
have learned in our discussions with the industry is, I think,
somewhat surprising. It is the lack of information about all
these areas that is perhaps most troubling to me.
We have found that even though many natural gas and oil
companies are moving ahead, particularly larger companies, with
assessments of the problem and testing, frequently that
information is not being communicated. And, since we are
dealing with the integrated networks of companies that provide
transportation in gas and oil over long distances, it is the
lack of communication between those companies as to what the
status of their activity is that is particularly troubling.
I sense that it may require everyone to reach the same
degree of readiness or compliance in order for the system to
work as a whole. And that is why I wanted to emphasize this
morning that awareness and communication is key and I think the
energy working group is going to make a major difference in
that sort of communication.
Chairman Bennett. Ms. Jackson.
Ms. Jackson. Thank you.
My response would be that I would say we are not entirely
surprised that all the assessments may not have been done. A
number of the panelists have spoken to the question of lack of
information but it is because of that, and to address that with
respect to the limited part of the electricity sector with
which we deal but an important part, that we issued the generic
letter that I spoke about and had earlier sent out an
information notice.
Because we were not entirely satisfied that there was
enough attention based on the earlier information notice, which
was sent out in 1996, we issued the generic letter which
requires a written response. We will know more specifically in
August when those responses are due. And because we are a
regulatory, health and safety, regulatory agency we are able to
require certain responses from our licensees, and that is the
way we are getting at it.
In addition, we do know that the Nuclear Energy Institute
is developing supplemental guidance specifically on contingency
planning for the power reactor licensees that would focus on
issues such as additional staffing, increased on-site oil
supplies for emergency diesel generators, enhanced
communication and the communication protocols with reactor
operators in other countries, particularly in the Pacific Rim,
which would experience Y2K about 12 hours earlier than our
licensees, and also enhanced communications with the low-
dispatch centers to have more specific knowledge of the general
conditions on the network and how they would affect the nuclear
plants.
And, so, that, coupled with the specific remediation
relative to software and embedded chips in the plant, is the
way that we feel is the appropriate way to get at these issues.
Chairman Bennett. Thank you.
Mr. Koskinen, again, we recognize you were not here to hear
the----
Mr. Koskinen. Well, as you know, this morning I had a
previously scheduled meeting with a set of chief financial
officers from many of the largest companies in the United
States, and we discussed the point you have hit upon here
today, which is the endemic problem of the supply chain.
Everyone has moved to just-in-time inventory controls as an
efficient way of running their operations. And that means that
everyone is now interconnected, not just in telecommunications
matters, but in actual business operations.
From industry to industry, large companies in many cases
are confident that they will be ready, but they have concerns
about whether those upon whom they depend in the supply chain
will be ready and will be able to operate. As you note,
suppliers to energy firms are important. Suppliers to
manufacturers are important as well. As you can see by the
ongoing General Motors strike, supplier in the chain can, in
effect, shut down the entire process.
So, I think that is a common problem. Like Deputy Secretary
Moler, I too am surprised that the level of assessment is at 20
percent because that is a much lower level than indicated by
the feedback we have received. But we should recall, as you
know, that the embedded chip problem is what I call the growth
industry of the Year 2000 problem. Most people have only
recently become aware of the importance of embedded chips.
Everyone started out 3 or 4 years ago by focusing on this as a
problem of software applications which are significant in
financial processing and other areas.
But it is only in the last 12-to-18 months that industries
across-the-board have focused on the fact that, while the
percentage of chips that may fail is very small, the number is
very large. If you are talking about a 1 or 2 percent failure
rate in the roughly 5 billion chips we ship in a given year,
that means you have 100 million chips that have some potential
to create difficulty. It is that assessment, I assume, that
these companies in particular are struggling with.
I don't know about the particulars of this survey, but my
experience is that it is more likely to be an assessment
problem of their chips, not their software systems.
Chairman Bennett. Thank you. The only other comment I will
make with respect to this, sounding a broken record again and
Senator Dodd mentioned it in his opening statement, the most
time-consuming portion of this whole process is the testing
portion and I always get very nervous when someone says, we
will have the problem solved by October of 1999. You have to
have the problem solved on paper by this year because 1999 is
going to be consumed in testing and then validating the testing
results.
And I have other responsibilities that I use with respect
to the Year 2000 problem. I am chairman of the Legislative
Branch Subcommittee on Appropriations which means that every
portion of the legislative branch has to come before my
committee for their money and I am disturbed by some agencies
in the legislative branch who said, oh, yes, we are going to
have this all solved and the new equipment and software program
that will solve the problem is now on schedule to be delivered
in the Fall of 1999, which does not give you any testing time
at all and makes me very nervous.
Vice Chairman Dodd.
Vice Chairman Dodd. Thank you very much, Mr. Chairman.
And I will underscore that point. I mentioned earlier to
you that I had a conversation. The Gardner Group, as many of
you may know, is located in my State of Connecticut and the CEO
of that firm who I met with the other day, they do about 98
percent of the Y2K compliance issues on Fortune 500 companies
and their concern is that we are not developing at this point
contingency plans.
The fear is that we will start waiting until next year to
decide that contingency plans may be necessary and their point
is that they ought to be doing it now because of their fear of
noncompliance.
Let me, if I can, Mr. Koskinen--and I thank all of you. We
are all very thrilled, by the way, that the President has asked
you to take on this responsibility and you, obviously, know
this issue well and it is reassuring, quite candidly, that we
have someone of your talents and ability who will be working
with us over the coming months on this issue.
One of the things we find over the years here is that there
is a tendency and I guess it is the nature of how business gets
done is we constantly try to put a good face on things. We want
to talk about things that are happening right and, obviously,
that is very important. The chairman has made that point. We do
not want to get into dooms-day scenarios and so forth. That
does not help in this situation.
But also we need to get good, candid assessments,
particularly at this stage because we can do something about
this now. While it is 18 months, that is a short amount of
time, but a lot can happen in 18 months to get this on the
right track.
And, so, it is very, very important that this committee and
others know about things that are not working as well as things
that are working so that we spend our time and attention
focusing on the questions where some real effort is needed. And
I say that to you because in looking over this report from the
Office of Management and Budget, you cite in your statement
here that 71 percent of our agencies or 71 percent of the
systems at the Government's most successful agencies are Year
2000 compliant. What you fail to mention is that these are
mostly smaller agencies by and large.
Now, there are some exceptions here. But the National
Science Foundation, the Small Business Administration, FEMA,
GSA, are really some of our smaller agencies. Now, there are
some large ones here: SSA, NASA, and so forth, but if you look
at this, and you go down further here and you get to the big
agencies, the large agencies: Defense, Education, HHS, it is
only 31 percent.
And, you know, it just seems to me we got to focus on these
kinds of things here. I mean I appreciate what you are getting
at here, but we need to know about the big ones. Now, this
morning the Post has an article on the Defense Department which
Senator Kyl and Senator Bennett may want to get into a bit more
with you here. But I think it is critically important that we
need to know about what is going on.
The Department of Energy is one of the OMB's categories.
And they list them, by the way, here as insufficient progress
is being made in these areas. And at this pace, the OMB says
that here, ``The Department of Defense will not meet its goals
and complete its work on time.'' And, candidly, the Department
of Defense, this is an OBM study now saying this, is pretty
alarming, quite candidly.
And it seems to me that we need to get your, when you come
up here to talk to us here, you need to put us on notice up
here so that we can be doing smart things from a legislative
branch to help out with this.
And, so, I would urge you in your work here, let us know
where the bad news is here, at this point, not just some of the
good news.
Now, let me ask if I can, Ms. Moler, about the Department
of Energy here, since we have got you. They have got
insufficient progress. And I wonder whether you can explain
what is being done to improve that situation and what the
consequences are for the Nation if the Department of Energy
fails to meet its millennium requirements?
Ms. Moler. The Department of Energy has the fourth highest
number of ``mission critical''--in the jargon--systems. We have
done a complete survey and there are currently 411 of them. The
Department of Defense has five times as many.
But we still have a significant number of systems. We are
at this point 42 percent compliant. We believe we will have all
systems except a couple that will be compliant by March of next
year. We are using a slightly different planning scenario than
OMB prefers. I am trying to move it up.
And there are a couple of systems that we know will not be
fixed by March. They are isolated. I can go into the specifics
of those if you want. Our progress is picking up. I have just
instituted an independent audit of--independent, but still DOE
employees--of our CIO's assessment. A lot of these things are
in the field and they are at the National Laboratories and we
are going system-by-system and looking at each and every one of
them. And we believe that we will be ready----
Vice Chairman Dodd. OK.
Ms. Moler [continuing]. Based on the information I have
now. Now, if I find something else out, I will certainly----
Vice Chairman Dodd. Please, let us, we want to know about
it.
Ms. Moler [continuing]. Let the world now. I mean you
cannot hide these things, that will not help.
Vice Chairman Dodd. Let me ask you, Mr. Koskinen, just in
the seconds or so remaining here on the time clock. Let me read
you some of the questions that were in the committee's survey
of the 10 largest energy producers, and one company's responses
to it, if I can.
The committee asked the companies, and I am quoting here,
``How many systems were identified with Y2K implications and
how many of those were mission-critical?''
This company which is one of the largest energy companies
in the United States with more than $20 billion a year in
revenues and is 1 of the 100 largest U.S. companies, responded
in the following manner and I quote them in their response:
``We have numerous systems. It would not be cost-beneficial to
count them.'' They also gave the exact same answer to the
question about how many embedded systems were identified.
The committee also asked how many lines of code were
reviewed as part of the assessment, and the company responded
and I quote them here: ``It is unknown how many lines of code
have been reviewed.''
Last, the company also stated that, ``No Federal or state
regulatory body has requested Y2K information of it.'' It is a
$20 billion company.
Now, I wonder if you might tell us if a Federal agency were
to give you that kind of report, would you find it
satisfactory?
Mr. Koskinen. Obviously not and, in fact, if you would not
mind, I will respond to your earlier comment as well.
Vice Chairman Dodd. Please.
Mr. Koskinen. I could not agree with you more that all of
us, as the chairman and I have discussed, need to focus our
energies as much as we can on where the problems are.
Vice Chairman Dodd. Let me ask you and then I want you to
answer that. One, would you be satisfied and, two, is that
company in your mind, based on what it has answered here, going
to be compliant by the Year 2000?
Mr. Koskinen. Clearly, in the OMB rating system that
company would be a Tier 1 agency, one that is not demonstrating
sufficient progress. If that is the actual state of play, as
opposed to their having gotten legal advice to reply very
generally for fear that it will become public information, then
I think that organization has a potentially insurmountable
challenge to complete their work in the next 18 months.
We need to focus on where the problems are and to be candid
with one another. It does not totally surprise me that no
agency has asked them for information as we do not have
authority in many of these areas to actually require companies
to give us information. One of the reasons the Council is
working with umbrella groups is to engage in a candid
discussion with industry leaders and get them to assess the
industry with us and give us more information. We need that
information.
My point about citing the nine agencies that are doing well
was not to say that we do not have problems. The OMB report,
which focuses on the problem agencies in some detail, is a
public document. I do, however, want to take issue with the
notion that the Government should get an ``F'' for its work. I
think we clearly have several agencies that face major
challenges, but it strikes me that we cannot create a
stereotype that there are no Federal systems that work.
The other thing to bear in mind, and the chairman's hearing
on Wednesday noted this, is that you can find out exactly what
progress Federal agencies are making. It is all there. They
will tell you exactly how many mission-critical systems they
have, and where those systems are in each phase. So, you do not
have to guess, and creating the stereotype that nothing works
does not necessarily help in solving the problem.
We are focused on those areas in which there has been
insufficient progress. I have announced that I will now attend
the monthly management meetings with senior managers of the six
Tier 1 Cabinet agencies, again to work jointly with them to see
what are the issues that we can try to resolve to make sure
that they can meet their plans, all of which show that they
will be compliant.
But there are major challenges. Some of the Tier 2 agencies
in the OMB report, such as the IRS, have major challenges as
well. I am not only troubled by, but surprised at, as everyone
is, the lack of assessment in the results from your report.
Clearly, we would consider any agency in the Federal Government
that has not completed its assessment, or virtually completed
it by now, to be at high-risk.
Vice Chairman Dodd. Last on this point and let me ask this
quickly of the FERC and Department of Energy, and you heard Mr.
Koskinen's response here. You know, if somebody like this
company of this size, $20 billion in revenues, 1 of the top 100
companies in the country, is looking like they are not going to
make it here, what powers do you have in order to try and put
some pressure here, if you will, or some authority here to get
them to move on this or, do you have any at all?
Ms. Moler. We have limited regulatory authority, limited
powers. However, we do have the bully pulpit and the power of
public scrutiny and, frankly, embarrassment.
But as far as directing them to comply with a particular
order, it is limited.
Mr. Hoecker. I agree. Certainly for the FERC, for whom
reliability of electric and gas service is always a concern,
our ability to direct companies to assess, to be in compliance
and so forth is virtually nonexistent.
I mean we regulate rates and we can deal with
discrimination issues but beyond that there are some serious
gaps in the law.
Vice Chairman Dodd. Mr. Chairman, I have gone way over the
time, and I apologize.
Chairman Bennett. No. Thank you.
I think that was an important point to pursue and let me
make again the point that when we did the survey we promised
these companies absolute anonymity. And I would hope that any
staffers who know the names of these companies will recognize
that promise because we are grateful to this company for being
that candid. And we do not want to chill the opportunity to get
more information by violating that confidentiality.
Senator Kyl.
Senator Kyl. Thank you, Mr. Chairman.
Since the energy system is the primary focus of our work
today, I would like to ask whether any of you are prepared at
this time to characterize the degree of Y2K problems in the
U.S. energy system or the status of remedial actions?
And I am not suggesting that you came here to do that; I
just wonder if we can obtain any of that information from you?
Ms. Moler. We do not have a comprehensive picture of the
electricity sector which has been our focus. So, we hope to
have one, at least a better picture, in September.
Senator Kyl. Thank you.
Mr. Hoecker. Certainly one of the goals of the energy
working group and the people who are working on gas and oil
issues is to flesh out that picture as soon as we possibly can.
We have trade associations that are serving their members, we
are engaging in meetings and discussions about this but,
currently as I said in my testimony, the evidence we have of
assessment compliance is completely anecdotal.
Senator Kyl. Ms. Jackson.
Ms. Jackson. We will be able to provide very specific
information in August because of the fact that we are requiring
the written response to our generic letter. Theoretically, we
could gather some information today but since, in fact, the
responses have to be very specific to the letter, I think we
will be able to provide you with a wealth of information at
that time.
Senator Kyl. Thank you.
Mr. Koskinen. This reveals part of the thinking behind our
strategy at the council. In a number of important industry
areas the Government has basically no oversight or regulatory
authority at all, and I am not suggesting we should have that
authority. Therefore, I think Senator Dodd is right, and your
question is very appropriate, we and the public need to know
over time where the problems are going to occur.
So part of our strategy in creating these sector leaders
and working groups, and engaging in a constructive dialog with
industry leaders and umbrella groups, is to try, as the
chairman noted, to cultivate candid exchanges at the level we
need to know, which is how industries generally are doing.
We do not need to know whether a particular company is
going to make it or not. But we need to know how is the
industry doing, both as an industry and also geographically and
regionally. And in the time remaining, 567 days or so, I do not
think that we are going to be able to yell at people or beat
the information out of them.
What we can do is to have them understand that we are
anxious to work with them constructively. We are anxious to
have a dialog to see if there is anything we can do to help
them solve their problem. But, ultimately, it is their problem.
What we can do, and what you are doing here, is raise the
visibility of the issue, raise awareness of its importance, and
encourage people to address the problem in time. Because time
is the vanishing resource.
Senator Kyl. But all of the Federal agencies or departments
that rely upon the energy system--they all do, of course--but
all of them that rely upon it in significant ways are going to
have to make that assessment themselves, both in order to
understand what they will have to do remedially and also to
provide for contingency planning.
Mr. Koskinen. That is right. And one of the things we hope
to do through the council as we move through what I call the
proselytizing/organizing phase into the monitoring and
assessment phase, is to begin to coordinate Government
contingency planning as we move into next year and try to share
among the agencies our concerns about this area.
The two major areas that we are obviously concerned about
are energy and telecommunications because every agency depends
upon those parts of the infrastructure. And we need to be able
to collect the information so that we can respond. Senator
Dodd's point is exactly right in response to the surveys, and
the chairman noted that contingency planning is not something
you do at the last minute. Contingency planning has to be done
in terms of going forward, in terms of how you protect your
core basic business processes.
The Council and OMB are working, and GAO has done good work
in this area as well, to stress to the Federal agencies that
they must have contingency plans. The point is well taken, and
Senator Dodd again made it correctly, we need the information
as early as we can so that we can respond accordingly. The
response is not necessarily to yell at people, the response is
to figure out what we are going to do in response to the
reality. But we need to know what the reality is.
Senator Kyl. I mentioned in my opening statement that with
respect to contingency planning, I had written you back in
March. You indicated that FEMA would be the agency. When I
heard from FEMA in May and they still had not done any Y2K-
related contingency planning. So, it seems to me that
recognizing the nature of the challenge is one thing but
getting on with it is something else.
I am also concerned that the report that was mentioned
before in the Washington Post today, an article by Stephen
Barr, raises a similar kind of concern. I gather that had the
Inspector General's report not been forthcoming, we would not
know that the Pentagon's reports were faulty in terms of
compliance rates.
What that IG report found was that many systems who
reported themselves as compliant, apparently, were not, in
fact, compliant. And the article goes on to note that the
Agriculture Department also has reported systems compliant that
were apparently only in developmental stages. That, according
to the GAO.
I guess the question here is, do we have to rely upon
independent studies by GAO or a department's Inspector General
to find out whether Government agencies, themselves, are in
compliance or is there an overall plan? Since you are heading
up the effort--what is the plan we have for verifying whether
agencies are, in fact, at the stage of compliance that they say
they are?
Mr. Koskinen. Testing is an important issue. OMB has
required the agencies to have an independent verification and
validation program not only to test the assumptions but to test
the reality as well.
As the chairman noted, the reason everybody should be
pushing to complete work on their systems by the end of this
year into the first quarter of next year is that while you may
think you are done at that point, you will then have to go out
and solve all the unforseen problems.
Nobody in the private or the public sector has ever had to
deal with this issue before, and that is why testing is so
important. And testing is a continuous process; the Inspectors
General in many of the organizations are right now working very
closely with the management, continually going out and checking
whether the information is valid. And it is not that people are
trying to mislead anyone. If they were, we would have much
better numbers. The numbers in some areas are very troubling,
but we are talking about hundreds, in some cases, thousands of
systems you continually have to monitor and check.
The bottom line will not be the reports, but whether the
systems actually operate. But your point is well taken. In
every agency, we have an ongoing evaluation and verification
program that will continue to show that things people thought
were going to work turned out not to work.
And, as the chairman said, even when everybody signs-off
and they think they are 100-percent compliant, and Social
Security is almost there, they are still retesting all of those
systems to make sure in different configurations they, indeed,
are compliant. They are actually running and rerunning those
systems. That takes time, and that is what we have to do.
Senator Kyl. One final question, if I could?
On April 1, you testified that you would be joining the
Vice President and the staff of the National Partnership for
Reinventing Government as they continue to work to improve
customer service at the 32 Federal agencies identified as
having a high impact on our citizens.
What is the role of the Vice President in meeting the Y2K
challenge?
Mr. Koskinen. As you noted, the Vice President has been
very focused on those agencies that most directly relate to the
public. He and his staff have been working with them for some
time and are stressing the importance of solving the Year 2000
problem in the meetings they are having with each of those 32
agencies.
At a late January cabinet meeting, he and the President
very vigorously stressed to agency heads that this was their
problem. It was not their division's problem, or their IT-area
problem, it was their personal responsibility. As I met with
the Cabinet agencies, all of the Secretaries told me of the
impact that the President and the Vice President's remarks had
on them.
As Deputy Secretary Moler noted, the Vice President has met
with the President's Management Council where he again
reaffirmed the importance of this process. But I think the
ongoing review that he and his staff are having with the high-
impact agencies is sending the right signal that this is a
matter of the highest importance.
Senator Kyl. Thank you.
Thank you, Mr. Chairman.
Chairman Bennett. Thank you very much. We express our
gratitude to the panelists for their participation and also for
the support and assistance that their staffs have provided in
preparation for this hearing.
Vice Chairman Dodd. Mr. Chairman, can I ask one more
question----
Chairman Bennett. Surely.
Vice Chairman Dodd [continuing]. And I apologize--is it----
Mr. Hoecker. Hoecker.
Vice Chairman Dodd. Hoecker. Thank you. I apologize for not
picking that up earlier. I want to thank you, Chairman Hoecker.
You gave a very candid statement this morning here about where
things are from your standpoint and I appreciate it.
You say that the state of the Year 2000 readiness of the
utility industry is not yet fully known. And you go on to
expand on the point by stating that the extent of completed
work, Year 2000 work, within the energy industry is unknown.
The compilation of this information has been inadequate. The
state of awareness in planning of small utilities and
cooperatives is less certain. You also stated and I quote you
here: ``At the present time any failures to fully understand
the seriousness of the issues must be regarded as a serious
problem.''
I just was impressed by that. And, you know, from a Federal
Government standpoint, we are sort of the clearinghouse in a
sense here. I guess I agree with Mr. Koskinen, we are not going
to solve this problem except our own agency issues that we have
to look at but the broader issue is to sort of be a
clearinghouse. But I must tell you with less than 18 months to
go, you know, if we do not have any idea where the utility
industry is to the point where we do not even know if the
utilities are even aware of the problem, then have we not
fallen into that failure to understand the seriousness
category?
Mr. Hoecker. Indeed. I am hopeful, more than hopeful that
the President's Council and the work that we will be able to do
in the months to come, in the immediate months to come, will
cure much of that problem. And we are getting very good
cooperation from individual companies and from trade
associations. I hope we can bridge this information gap
quickly. But it is a disturbing phenomenon.
My CIO has been talking with many people and meeting with
Mr. Koskinen and the group and reports to me that she cannot
really get a good handle on where these companies are in terms
of their activity.
Vice Chairman Dodd. Well, I would hope--you know, this is
June and while 18 months is pretty quick, we probably ought to
hear back from you fairly quickly about how much cooperation
you are getting on this. I mean I do not know what is available
to us in this session but it seems to me if we are not getting
that information then we might want to think about some other
measures that we might have to take to get it to you.
In that light, I am curious as well, Chairperson Jackson,
on the NRC issues, you are surveying 12 out of about over 100
power plants in the country. You are going to get that generic
information in August. What are you going to do with the
information if you find deficiencies in August? What is the
response of the agency at that point?
Ms. Jackson. Well, first let me say that the responses to
the generic letter are 100 percent. It is not 12 percent.
Vice Chairman Dodd. Oh, all right.
Ms. Jackson. Using those generic responses, we are going to
be doing two things. We are going to be doing sampling----
Vice Chairman Dodd. You cited 12, right.
Ms. Jackson. That is right. Then that is how we picked the
12 but then we are having a workshop, participating in a
workshop with all of the licensees, in the Fall to discuss the
results of those inspections and the problems that have arisen.
And that is our way of working with the industry to get the
word out and then it will also determine what specific follow-
up we have to take.
We have a drop-dead date of September 30, 1999, in terms of
making a----
Vice Chairman Dodd. We have to come up with a better
description of that date. [Laughter.]
The language in this debate is not exactly----
Chairman Bennett. The lights out date.
Vice Chairman Dodd. Yeah, lights out.
Ms. Jackson. Well, let me finish my sentence, please.
Vice Chairman Dodd. Yes.
Ms. Jackson. We have a final determination date of
September 30, 1999, to make a decision because that would allow
time for alternative energy sources to be brought onto line if
we have to make a determination from a public health and safety
point of view relative to a nuclear plant shutdown.
Vice Chairman Dodd. Can I also ask you very quickly, to
what extent are you coordinating or working at all with foreign
nations to determine what is being done there? We have seen,
there is a history now of some very serious health and safety
problems at certain nuclear power facilities around the world.
To what extent are you in touch with or is the agency in touch
with foreign countries that have power plants to determine what
they are doing?
Ms. Jackson. OK. Let me answer that briefly in about three
or four ways. First, we have had very specific interactions
with the French, the British, and the Canadians, particularly
the Canadians because of some inter-connectivity of the grids
on the steps that they are taking.
Second, we are in the process of working out communication
protocols because of the 12-hour advance with certain countries
in the Pacific Rim.
Third, we have been working with the International Atomic
Energy Agency to get them to act as a clearinghouse on
information, particularly relative to testing and problem
identification and corrective actions.
And we also will be working with them to try to get them to
develop a communication protocol for how the different
countries can communicate as we go up to the actual year turn-
over.
And, finally, we also work with the OECD Nuclear Energy
Agency in a comparable effort.
Vice Chairman Dodd. I notice you did not--I mean
specifically, what about the plants in Eastern Europe? Let me--
--
Ms. Jackson. Well, that is why we, in fact, are working
with the IAEA, the International Atomic Energy Agency because
they, in fact, work closely with those countries and we feel
that they are the appropriate clearinghouse and change agent
relative to those countries.
Vice Chairman Dodd. Do you want to follow-up on that?
You mentioned the Canadian--Ms. Moler, what sort of
interplay is there with the Canadians on this question? We have
a tremendous interplay, obviously, with the hydro-Quebec power
production. What coordination is happening?
Ms. Moler. The Canadian companies are a part of the North
American Electric Reliability Council and they are included--
let me just add one thing. When the Secretary and I asked NERC
to play the coordinating role they responded very quickly and
very positively. They and, indeed, they are going beyond their
normal realm. They usually look just at what is called bulk
power issues. They do not usually go to actual distribution
utilities.
And I have spoken with their chairman and they have been
very responsive. I hope that they will also be very candid with
us as the work unfolds and you are going to hear from them on
the next panel.
Vice Chairman Dodd. OK.
Thank you, Mr. Chairman.
Thank you all very much.
Chairman Bennett. Thank you very much.
Mr. Koskinen, we would be delighted to have you remain to
listen to the next panel if you have the time. We will
understand if you have commitments you have to leave. But I
think we are going to get----
Mr. Koskinen. I will stay for a few minutes, but I have a
noon meeting with everybody you ever heard of at the Defense
Department to talk about this issue.
Chairman Bennett. I think that may come up overnight. I can
understand that. [Laughter.]
Well, we thank you all and appreciate your support and that
of your staffs as well.
Thank you.
All right. We welcome the members of the second panel. I
apologize to you for making you wait so long, but given the
nature of the issue I think we had to go in as great a depth as
we did with the first set of witnesses.
We will now hear from witnesses outside of Government. You
can correct all of the errors that were given us in the first
panel if you found that there were. You can comment on the
survey and our interpretation of it if you find that it is
incorrect. We are very grateful that you have been willing to
come here.
I will introduce the members of the panel by name, reading
from right to left, and then let each of you give additional
biographical information if you feel so moved. We would hope
that you would make an effort to stay within the time limit so
that we have time for questions afterwards.
Mr. Lou Marcoccia, consultant with Duke Energy, Washington
Gas, and Baltimore Gas and Electric; Mr. Michael Gent, who is
president of NERC, about whom we have heard so much in the
first panel; Dr. Charles Siebenthal, who is manager of the Year
2000 Programs for the Electric Power Research Institute; James
Rubright, executive vice president of Sonat, Inc.; and Gary
Gardner, chief information officer of the American Gas
Association.
Gentlemen, we are very grateful to you for your willingness
to participate and look forward to your testimony.
Mr. Marcoccia, we will start with you.
STATEMENT OF LOUIS J. MARCOCCIA, PRESIDENT MTS/PEOPLESOURCE AND
CONSULTANT FOR DUKE ENERGY, WASHINGTON GAS, AND BALTIMORE GAS
AND ELECTRIC
Mr. Marcoccia. Good morning. I am really glad to be here
this morning sharing this day.
First of all, Senator Dodd, you had difficulty calling Mr.
Hoecker. I have much more of a difficult name, so you can
certainly call me Lou. That certainly will be fine. [Laughter.]
Vice Chairman Dodd. We are going to call you Lou. I already
made that decision. [Laughter.]
Mr. Marcoccia. Fine. What I would like to do, if I may, is
provide a brief biography, and then I would like to hit a few
points that was made by the first panel and get into my written
testimony if I can.
I became a project director of the Year 2000 for the New
York City Transit Authority in 1991, and I have been dealing
with the Year 2000 for the last 7 years as a practitioner.
Two years ago I started a consulting firm, and I have
personally worked at over 38 client sites throughout the United
States, which includes energy utility organizations, banks,
school systems from a petitioner putting code back into
production, both computer systems as well as embedded systems.
What is very interesting, Senator Dodd, you mentioned the
Gardner Group comes from Connecticut. According to the first
panel, if you do an assessment, you are in pretty good shape.
According to the Gardner Group, which I certainly concur with,
that the assessment constitutes 4 percent of the total project,
which means that if we agreed that a major milestone is the
assessment, and we are basically just getting through the
assessment now, that means we only have 96 percent left to the
project. That is one, certainly, point.
What is really interesting to note is that--and I certainly
do this with respect and deference--it was noted by the
representative from the NRC that they initially had their first
contact in 1996 and, yet, their second response, which is a
generic letter, comes 2 years later. What happened between 1996
and 1998? I think, at that point, we should have been in the
middle of testing and not just sending out a generic letter to
find out what the status for are for our utilities
organizations.
I also noted that we seem to be pleased if we are actually
in the assessment and inventory phase. As of today, for
organizations to be confident that they will be complying,
should have completed 60 percent of their system tested and
back in production as of today.
The target date for compliance, which is really
misunderstood, is not December 31, 1999, and I will walk
through the details of that, it is December 31, 1998, and I
will articulate the detailed reasons for that.
The utility industry has not met the criteria for
successful implementation of the Year 2000 for the mission-
critical systems. Therefore, they have failed in their
responsibility to their stockholders, partners, and customers.
I believe their failure will cause major disruptions here
in the United States and overseas. I say this based on the
following analysis: As it relates to criteria for analysis, all
mission-critical systems and embedded systems must be completed
by December 31, 1998, and there are five major reasons for
that.
No. 1, we must allow for complete year-end process of the
code and take advantage of the factor shutdown because that is
when you have the opportunity to test those embedded systems.
No. 2, to allow for a contingency for unexpected problems
not resolved in 1998 or if the project is generally running
late. As we all know in this business, we never have projects
that run late. Therefore, maybe step 2 is not required.
[Laughter.]
No. 3, to allow for integration testing within an
organization and between external partners, 1999 should be used
for the integration between external partners and within one
organization.
No. 4, to allow for replacement or upgrades of computer
software, computer hardware, and embedded systems, there might
be delays, and that may not be complete in 1998.
No. 5, and this is a technical fact, a 1-year calculation
which are present in many systems will fail January 1, 1999,
not January 1, 2000. So if you have an application that does a
1-year calculation, that will fail in January 1, 1999, and that
is part of many applications that we have in our industry.
I have used the following criteria to establish what a
successful Year 2000 implementation is:
No. 1, all mission-critical systems that require
corrections are fixed, tested, implemented in a Year 2000
production environment.
No. 2, formally document which systems are going to be
retired. We seem to talk about retirement, but we never seem to
retire major applications.
No. 3, the current software, hardware embedded systems that
were candidates for replacement have, in fact, been replaced.
It will take, for major manufacturing type of equipment,
utility and other manufacturing equipments, 12 to 18 months to
replace a piece of equipment that will fail. You simply do not
have enough time if you find that out June or September of next
year. There is not enough time to replace that piece of
equipment.
The strategy for the Year 2000 correction implementation
has been agreed to and documented. What is the readiness of
computer systems, as it relates to the utility companies?
Currently, many large utilities have not defined what needs to
be corrected. The industry has not yet determined how they will
fix or test what they have found, both on the application side
and on the embedded systems side.
The industry has not yet determined the resource
requirements for the entire life cycle of finding the problem,
fixing the problem, and testing the problem. You can have all
the committees you want, if you are not fixing and testing and
placing back in production, you are late.
The industry has not developed contingency plans for its
mission-critical systems if failure occurs, and failure will
occur. The industry is not in the triage mode in determining
what systems must be compliant by December 31, 1999. Most
organizations or many organizations will not implement the
entire portfolio and they must decide which will make it and
which will not. We should have that list today.
Replacement strategy for noncompliant computer systems with
compliant software purchases or converting these systems to
other platforms had to already have been started. To try to
have a replacement strategy today or even last month on a
wholesale basis is simply not feasible, in that we have never
done it before in the past and we will not do it for this
project.
Chairman Bennett. Can you summarize? We are running out of
time.
Mr. Marcoccia. Oh, really. OK. Wow. It went by fast, huh? I
apologize for that.
Chairman Bennett. Not at all. You have been very, very
responsive, but we will get back to you in the question period.
Mr. Marcoccia. I really want--embedded systems. Because of
the slow start in dealing with the computer system, the
embedded system is the area the industry has fallen far behind
in their understanding of how to find, fix, and test the
embedded systems.
We currently know of systems that will definitely fail.
Computer systems that are associated with the tankers we know
will fail sometime in 1999. We have known that--I did a seminar
in Europe in 1996/1997, and I made those same statements. We
have known that certain monitoring systems at a utility company
will fail. We have known that.
A failure, even though they may be contained within 2, 3,
or 4 percent, and I do not know how true that number is, the
problem is not identifying units. What makes an organization
run is the connection of each of those pieces in a process. So
if a particular unit or component in that process fails, the
whole process fails, and we have a problem.
Since I have taken up more time than I should have, I will
conclude at this point.
Thank you for your time.
[The prepared statement of Mr. Marcoccia can be found in
the appendix.]
Chairman Bennett. Thank you very much, and I now apologize.
Your name is pronounced Marcoccia.
Mr. Marcoccia. It is going to be tough, Senator.
[Laughter.]
Chairman Bennett. But I appreciate it. In the spirit of
Senator Dodd, thank you, Lou. We appreciate it. [Laughter.]
Mr. Gent.
STATEMENT OF MICHEHL R. GENT, PRESIDENT, NORTH AMERICAN
ELECTRIC RELIABILITY COUNCIL
Mr. Gent. Thank you, Senator Bennett and Senator Dodd.
I would like to try to summarize my prepared text and have
the rest of it entered into the record.
I find myself agreeing with a little bit of what everybody
has said.
As you know, the North American Electric Reliability
Council, of which we have a map up here----
Chairman Bennett. Could you pull the speaking machine a
little closer. Thank you.
Mr. Gent. You just really have to get into this, do you
not.
Chairman Bennett. Yes. [Laughter.]
Mr. Gent. In 1968, we formed NERC, and under NERC's
leadership we have made the North American electric supply
system the most reliable in the world. In fact, it is the best
by any measure that you want to use around the world.
About a month ago, you have heard Deputy Secretary Moler
indicate, that the Department of Energy asked NERC to assume a
leadership role in preparing the electric supply and delivery
systems in North America for this transition to the millennium.
Our response to that challenge is actually attached in my
prepared statement. It is our Phase 1 plan. I want to assure
you that this is a living plan, and it will be adjusted and
changed to fit the conditions as we move along.
I know that you are also aware, as you have inspected
several facilities, that individual utilities and companies
have collaborative efforts underway, as well as their
individual efforts. They are to be commended for attacking this
problem aggressively head-on. However, I have a concern--and I
know it is your concern. I have heard it today--that this
activity may not be coordinated.
Because of the high degree of interdependence in the
electric systems, as you saw earlier in the demonstration, it
is imperative that we have a cooperative plan.
The plan that NERC has come up with, as I have said
earlier, is attached to my testimony. There is a map in it that
is very similar to the one you have on your stand. I would like
to point out that there are four major Interconnections in the
United States and Canada.
The eastern two-thirds of the United States and Canada is
included in what is called, appropriately, the Eastern
Interconnection.
The Western Interconnection is the one-third that is on the
left of that map. Note also that a huge amount of Canada and a
little bit of Mexico are included in that portion.
The two smaller Interconnections are most of the State of
Texas and the Province of Quebec.
Within each of these Interconnections, the utilities
operate synchronously. That is a very big word, but let me say
it is like breathing together. They all have the same
heartbeat. A major disturbance caused by one utility in one
part of the Interconnection affects all.
For instance, in answer to Senator Dodd's question earlier,
if we had a disturbance in Miami, it would be felt equally in
Manitoba, as it is in Tampa. Just remember that an electrical
disturbance travels at the speed of light. So distance does not
mean very much on the electical grid.
NERC intends to provide a coordinated team effort to deal
with the Y2K issue. We have divided our Y2K transition effort
into five critical areas. The first, as you can see in the
plan, is generating facilities. The second encompasses energy
management systems, which you may wish to think of as control
computers. The third is telecommunications. The fourth is those
protection devices we hear so little about, but which are the
electronic guardians that protect billions of dollars of
electrical equipment from damage. And the fifth area is
distribution.
NERC is focusing on operational security through what we
call a defense-in-depth concept. It assumes that, although one
has taken all the reasonable and necessary preventative steps,
there can never be 100 percent assurance that major system
failures cannot cause a catastrophic outcome.
Although most utilities, and vendors, and manufacturers
eventually will be expected to exercise due diligence, I am
certain that not all Y2K problems will be identified, fixed,
and tested. In fact, it may not even be prudent to spend
unlimited resources on some potential problems.
The ultimate goal of our plan is to establish a
coordination process that allows the electric systems in North
American to maintain operational stability during the Y2K
transition periods.
Our program for implementing this defense-in-depth strategy
focuses on three principal areas. I won't go into them in-
depth, but they are sharing of Y2K solutions, identifying
additional potential weaknesses in the interconnected systems
in the way they operate together, and operational preparedness,
much of which you have been calling contingency planning.
So behind these simply-stated three lines of solution,
there are 13 tasks, 3 phases and a plan that spans nearly 2
years.
This program, of course, depends on the cooperation of
electric utilities in North America. Our role at NERC is to
facilitate this North Americanwide coordination so that the
collective efforts of the industry will minimize risks posed by
Y2K.
The NERC program provides operating entities with the
opportunity to share Y2K solutions and to prepare coordination
plans with neighboring systems and regions. To staff for this
coordination, and it has been said earlier that this requires a
huge staff, we intend to use the best there is, the utilities
themselves. We have this knack of being able to get the world's
leading experts to do things when their actions are important.
This approach will give us the unparalleled expertise we will
need to pull this program off.
Public exchange of information is a cornerstone of this
program and must not be viewed by utility participants as
feeding information to potential litigants. We will be
requesting the support of regulators and public officials to
support the electric industry's need to exchange information.
Any restraint that we face in sharing this information will be
a direct challenge to the reliability of electric supply.
In conclusion, NERC has taken this leadership role very
seriously in coordinating the Y2K preparations of the electric
supply and delivery systems in North America. The industry is
committed to maintaining a reliable supply of electricity
through this transition to the new millennium.
I look forward to answering your questions at the end.
[The prepared statement of Mr. Gent can be found in the
appendix.]
Chairman Bennett. Thank you.
Dr. Siebenthal?
SATEMENT OF CHARLES D. SIEBENTHAL, MANAGER OF YEAR 2000
PROGRAMS, ELECTRIC POWER RESEARCH INSTITUTE, PALO ALTO, CA
Mr. Siebenthal. I would like to congratulate you, Senator,
on getting my name straight. Most people do it backwards.
I am going to focus my remarks today on the EPRI Y2K
Embedded Systems Program and the role it plays in the electric
power industry's Y2K effort.
Before I do that, I would like to give you a little
background information about EPRI so you can understand how
this came about. EPRI was founded in 1973, as the Electric
Power Research Institute. We are a nonprofit, collaborative
research organization with headquarters in Palo Alto, CA.
EPRI membership currently represents about 87 percent of
the U.S. regulated utility industry, and we have a very large
number of international members as well now. We have a 25-year
record of providing very objective and, hopefully, good science
and technology to address important energy and environmental
questions. Thus, we were kind of a natural choice for the
industry's collaborative effort on the Y2K embedded systems
problem.
We began our Y2K program on October 1, 1997 to act as a
forum and a shared source of practical technical information.
From the beginning, this program has been open to any
organization, not just electric utilities, which has embedded
systems problems and is willing to share their information with
other participants in the program.
I am pleased to be able to say that even in an electric
power industry restructuring for competition the overriding
importance of sharing technical information about Y2K embedded
systems has been well recognized. Today, we have 74 companies,
including three major oil companies, participating in this
program and additional participants join weekly. I believe this
week's crop raises it to 76.
And I need to explain what I mean by company. Many of the
companies who have joined our program are joining as holding
companies and not regulated utilities. That means that all of
their power concerns in both the regulated and the nonregulated
area and internationally as well are sharing the benefits of
our program.
U.S. utility participants in the EPRI Y2K program represent
now more than 70 percent of the electric power generation
capacity in the United States. Our program has four major
features.
First, an Internet-based clearinghouse for participants to
share their knowledge, real time, on component and system
testing, which was activated in March of this year. A few weeks
after that, utilities and vendor organizations began uploading
their data bases to our electronic knowledge base. Today, we
have over 300 data uploads from these organizations on-line.
Our target by mid-August is to raise that to over 1,000.
Second, we conduct workshops quarterly to provide an
opportunity for in-depth, face-to-face discussion of problems,
processes, testing methods, and results. The first and second
workshops were held in January and May of this year. We are
currently planning our third workshop for August of this year,
and we expect between 500 and 600 people at that workshop.
We plan these workshops to go through 1999 dealing with
many of the issues that were discussed here already as being
important for continuing the program.
Third, and I think this is very important. We are
organizing industry technical teams to work collaboratively
with key equipment vendors and to better understand those
vendors' product, Y2K compliance programs, methods, and
results.
Our program participants have identified over 45 major
vendors in power generation equipment and over 20 major vendors
in transmission and distribution equipment.
We are really quite pleased that the vendor organizations
have recognized the need to work in partnership with us to
resolve the many questions which have to be addressed.
Last, we have attempted to identify Y2K embedded systems
programs in other industries and to develop interindustry
information sharing, where appropriate. In April of this year,
EPRI and the American Petroleum Institute co-hosted a meeting
of industry trade associations to see if other industries were
having similar collaborative data sharing efforts.
Unfortunately, at that time, we did not find any other
similar data bases on an industry basis, other than the one
that API is putting together, but EPRI has offered to host
future data bases of other industries on our electronic
platform.
I would like to summarize the progress to date. This has to
be generic, obviously. Many utilities are ahead of this. All of
our program participants are deeply into the inventory and
assessment phases of their program as you have heard. Many of
them have begun component testing, many of them are very
foreign to component testing.
Testing results to date have been largely limited, however,
to off-line tests of individual components. So far these tests
have identified primarily nuisance-type problems, such as
erroneous dates on computer screens and computer systems that
have to be rebooted with new year inputs.
So far, fortunately, instrument and controller
functionality appears to be largely unaffected. Now, these
tests have to be confirmed by on-line testing. They are very
preliminary, but they are encouraging.
Some off-line testing of larger integrated systems, such as
distributed control systems in power plants has been started.
These tests have produced some conflicting results, and we are
resolving those through the collaborative efforts in our
program.
Initial efforts at contingency planning, a subject which is
obviously very hot here today, have made us very, very aware of
the critical dependence of the electronic power industry
response plans upon electronic communications. We are currently
designing a pilot program for utilities and their major telecom
service providers to sit down face-to-face and discuss their
mutual dependencies, identify areas of common concern and,
hopefully, joint action.
Finally, I would like to offer some experience from this
program for consideration by the committee.
First, the list of services which are vital to our Y2K
performance, but which are outside of our direct control,
continues to grow as we go through the contingency planning
process.
At this point in time, we, like you, have very little
information regarding the degree to which many of these other
vital services will be able to operate effectively during Y2K
transition dates.
Second, utilities trying to develop contingency plans also
need to understand what their customers are going to do in
these times in order to prepare both the level of service that
we have to provide and to prepare for any disruptions that the
customers may induce by their own Y2K failures.
The success of these efforts rests on the ability of
businesses to share information free of litigation concerns.
EPRI corporate counsel and counsel for our participating
companies have worked long and hard to overcome their shared
concerns over the liability issues associated with information
sharing.
Those who have weighed these risks and recognize that the
overriding public interest and the magnitude of the business
problem is so pressing that it takes precedence over these
concerns are to be congratulated.
We believe that the Government could significantly advance
the Y2K remediation process by stating a public policy, which
encourages the noncompetitive resolution of Y2K problems and
acting to address legal liability concerns associated with
sharing technical information.
In conclusion, our industry is working very hard to ensure
that electrical service remains reliable, while the companies,
themselves, are responsible for actual solutions and
implementations. Sharing of technical information and
development of collaborative solutions, where appropriate,
should be officially recognized and encouraged.
We are pleased to be part of this program and pleased to
have been able to testify today. I would appreciate it if our
written testimony could be incorporated in the record.
[The prepared statement of Mr. Siebenthal can be found in
the appendix.]
Chairman Bennett. It will. Thank you very much.
Mr. Rubright.
STATEMENT OF JAMES A. RUBRIGHT, EXECUTIVE VICE PRESIDENT,
SONAT, INC., AND REPRESENTATIVE OF THE INTERSTATE NATURAL GAS
ASSOCIATION OF AMERICA
Mr. Rubright. Thank you, Mr. Chairman. I am Jim Rubright,
executive vice president of Sonat, with responsibility for our
pipeline and energy services businesses.
Sonat owns interests in over 14,000 miles of interstate
natural gas pipelines serving the southeast and the Gulf of
Mexico. But I represent here today the Interstate Natural Gas
Association of America, the trade industry association that
represents substantially all of the interstate natural gas
pipelines in the United States, Canada, and Mexico.
I will report today that the interstate natural gas
industry has taken the Year 2000 problem very seriously, and we
are, and have been for some time, working on fixing systems
well prior to the millennium change.
Also, as a result of an INGAA membership survey, we are
pursuing a number of initiatives to foster cooperation among
industry participants.
I would also like to address some areas where we think this
committee and the Congress can be helpful in this effort.
Clean burning, environmentally friendly natural gas is a
major energy source for our economy, second only to petroleum
in energy use. Natural gas currently provides 24 percent of
this Nation's energy for use in homes, industries, businesses,
and in electric power generation. In fact, natural gas
currently fuels about 11 percent of all electric power
production in America, but that percentage is expected to grow
substantially.
The Federal Energy Regulatory Commission, the FERC, which
regulates interstate natural gas pipelines, has made our
industry competitive through a number of initiatives over the
last 15 years, and the changes in our businesses associated
with competition accelerated the application of computer and
telecommunications technologies for our operations and our
customer service.
Our industry's current high degree of reliance on computer
and telecommunications technology is one reason why we have
taken the Year 2000 so seriously. We need to ensure that our
extremely safe and reliable gas delivery systems remain that
way on January 1, 2000.
In March 1998, INGAA conducted a voluntary high-level
survey of its INGAA membership. All respondents had a Year 2000
plan in place and were in the process of implementing their
plans. The survey respondents believe that Year 2000 compliance
for the pipelines themselves will be completed by October 1999.
As Chairman Hoecker mentioned, the INGAA members have
consistent priorities for addressing the Year 2000 issue. In
order of importance, these are: Protecting people and ensuring
safety; second, maintaining the flow of natural gas to markets;
third, accounting for gas flows; and, fourth, maintaining the
integrity of our internal business systems.
The first priority for our industry is safety. To operate
and monitor our pipelines, we make extensive use of automated
equipment that is replete with embedded chips placed in service
over long periods of time.
The diversity and the large quantity of equipment with
date-sensitive embedded chips makes identifying, testing, and
fixing these devices very time consuming. Fortunately, from a
safety perspective, natural gas transmission systems are
designed with multiple safeguards. In addition to sophisticated
digital control systems, operating and safety systems use
automatic analog, pneumatic, and mechanical control devices.
Also, in the event of an emergency, operating and safety
systems are equipped with manual override capabilities.
Therefore, despite extensive work which lies ahead, INGAA is
confident that the pipeline systems will remain safe on January
1, 2000, even in the face of digital device failures.
However, we intend for all of our mission-critical devices
to function on January 1, 2000. Thus, for Sonat, an example I
am very familiar with, our Year 2000 Team has already worked to
identify all of the hardware/software applications and service
providers that are potentially susceptible to a Year 2000
problem.
If the existing electronic device was supplied by a vendor,
we requested certification of compliance with the Year 2000. We
quickly realized that relying on certification would be an
inadequate basis to ensure our own compliance. As a result, we
implemented a second assessment phase, where we assessed,
essentially, every device with a mission-critical or mission-
important criteria and have developed testing protocols, with
which we have begun to test those devices.
Based on the work that we have done, in addition to
operating safely, we believe that as a pipeline supported by
the upstream and downstream segments of our industry and by the
electronic and telecommunication providers that we rely on, the
pipelines can operate reliably.
The other INGAA priorities are maintaining an accurate flow
of gas accounting and protecting our internal business systems.
These applications, in most cases, are the easiest to analyze,
since they tend to involve main frame and PC-based systems.
However, they can be very expensive for our industry to deal
with because of the massive amounts of codes that may have to
be rewritten and the cost and timeframe to introduce new
systems.
While the pipelines believe that they themselves can
achieve Year 2000 compliance as regards their own systems, we
are very concerned with our interfaces, with our upstream and
downstream suppliers, and with our customers, as well as the
utilities and telecommunication providers that we rely on.
For this reason, we are reaching out to our customers, to
service providers and to others to ensure that this is a
coordinated effort and to maximize interface testing.
INGAA is recommending a natural gas industry conference,
sponsored by the Natural Gas Council, in September to discuss
preparedness issues. We will encourage all segments of the
industry to participate, including service providers.
We believe sharing information and raising the visibility
of the Year 2000 problem is the best way to ensure compliance.
We are also working closely with the FERC to assist it in its
role.
Now, what can this committee and the Congress do? Certainly
raising visibility of the Year 2000 problem will help. It would
also help if Congress would minimize significant electronic
commerce initiatives in the next 18 months.
We all know that solving the Year 2000 problem requires a
massive effort. We need to be spending our time working on this
problem, not responding to new Government data requests, which
require reprogramming and new reporting requirements.
Our industry is also concerned with the litigation risk
that we and you foresee. We do not see how our economy can
possibly benefit from the estimated $1 trillion that may be
allocated to seeking blame among the blameless for the
consequences of an eventuality that was simply unforeseeable in
the early decades of the computer industry.
In the time left to deal with this problem, we need to
concentrate our efforts on engineering and systems. We do not
need to worry about anticipated litigation, and the economy
will not benefit from defending lawsuits with the plaintiff's
bar in the aftermath.
INGAA, thus, suggests that the committee seriously consider
limiting liability for 2000 events. Moreover, creating new
sources of statutory liability will simply exacerbate the
problem.
Finally, the proposed antitrust exemption for sharing
information among competitors to address this problem is a very
important initiative that you can undertake with almost no
adverse consequences for our economy.
We congratulate you and thank you for your leadership on
this critical issue and, together, we can solve this problem.
[The prepared statement of Mr. Rubright can be found in the
appendix.]
Chairman Bennett. Thank you very much.
Mr. Gardner.
STATEMENT OF GARY W. GARDNER, CHIEF INFORMATION OFFICER,
AMERICAN GAS ASSOCIATION
Mr. Gardner. Mr. Chairman and members of the special
committee, good morning. I am Gary Gardner, chief information
officer of the American Gas Association. I have over 16 years
of information technology experience--with roots as a
programmer, I wish we had used four dates instead of two, now
that I think about it.
In the interest of time, I plan to summarize my testimony
and ask that my full statement be included as part of the
hearing record.
Thank you for inviting me to speak to you regarding the
Year 2000 readiness of the natural gas distribution companies.
AGA represents 181 natural gas utilities that deliver gas to 54
million homes and businesses in all 50 States.
Our members distribute 85 to 90 percent of the natural gas
delivered in the United States. AGA and natural gas utilities
are fully aware of the issues surrounding the Year 2000 and the
possible impact on consumers and the economy.
Our industry views the Year 2000 issue as a serious one and
has been working hard for the past 3 years to ensure the safe
and reliable delivery of natural gas in the Year 2000 and
beyond.
As with many industries, the issue was first viewed as an
information technology issue and most activities were focused
on traditional IT solutions. Over the last 2 years, the main
focus has shifted to embedded systems and contingency planning.
With respect to contingency planning, our industry is very
proud of its record in maintaining reliable service to our
customers in the face of natural disasters and emergency
situations.
Regarding the readiness of the natural gas utilities, we
have gathered data from two sources within our industry for
presentation to the committee today.
First, this spring, the Gas Research Institute conducted a
survey which focused on natural gas distribution companies. The
49 companies that responded have customer base ranges from
35,000 customers to 4.8 million customers and are located in
all parts of the United States.
Based on the responses, it was found that 90 percent were
very confident in their ability to resolve software problems by
December 1999, with most companies indicating they have been
working on Year 2000 software issues for the past 2 to 6 years.
All respondents indicated that a formal enterprisewide
assessment was being followed. Overall, 93 percent of the
companies in the survey indicated they had completed the
initial inventory and assessment phase and were in the
remediation and testing phase of software code resolution.
In terms of embedded systems, 71 percent were confident in
resolving embedded processor issues, with 84 percent indicating
they are at the remediation testing phase of their embedded
program.
And, finally, 80 percent expected their embedded systems
will be Year 2000 compliant by June of 1999.
I would like to comment on the use of the term Year 2000
complaint. Year 2000 ready is probably the better term to
referring to a company's readiness. For purposes of the survey,
Year 2000 complaint means that the component is unaffected by
Year 2000 dates.
Noncompliance, however, does not indicate a dysfunctional
system. In the triage and prioritization process, component
that are not mission critical may be intentionally bypassed
prior to December 1999. Also important to note is most
distributions have manual controls as back-ups, so getting
around an embedded component issue should not be difficult.
For the distribution companies, the focus for embedded
systems is to ensure that, on January 1, 2000 mission-critical
gas delivery systems are working properly.
Another checkpoint of industry readiness were the
observations of Stone and Webster, a management consulting firm
active in the natural gas industry. To date, they have
conducted 14 assessments for gas, electric, and combination
companies. These companies have customer bases that range from
500,000 to 1.5 million customers.
Areas they have reviewed included utility operations,
upstream critical service providers, which includes electric,
water, telecommunications, downstream customers and vendor
supply chains.
From the entry point into the distribution system to the
end-use meter, you will typically find 50 to 100 systems with
embedded processing. Those are located in such areas as storage
fields, gas control and management operations, metering and
facilities, and find embedded processing in systems such as
compressor controls, flow calculations, supervisor control and
data acquisition systems, or SCADA systems, control computers,
correcting devices, mobile devices, instrument calibration
systems, HVAC, and security systems.
The process to address and identify embedded systems
typically involves system identification, determining
manufacturer compliance, and performing upgrades and
replacements. Based on complexity, this process could take 12
to 18 months to complete.
In terms of specific findings from Stone and Webster,
systems with embedded processing within large and small gas
utilities are essentially similar, plus utilities are fairly
consistent in devices they use. As mentioned before, many
possess manual override options.
A number of critical operation systems, those that directly
affect the delivery of gas that have exhibited weakness in Year
2000 compliance, have been running between 5 and 10 systems.
The systems which usually have compliance issues are the SCADA
systems within an organization.
In summary, our Nation's natural gas utilities are actively
and aggressively addressing Year 2000 issues. Segments within
the natural gas industry, production, transmission, and
distribution are collaborating and working closely in the
assessment and resolution of issues.
While our members are at varying levels of degree of
compliance, a very high level of confidence is present
regarding the safe and reliable delivery of natural gas. As
mentioned, because the success of our industry relies on the
delivery of services and because we have established proven
contingency plans to handle crisis and emergency situations, we
are prepared to handle the issues related to the Year 2000.
Our industry is totally focused on ensuring the delivery of
energy to the U.S. consumer, our customer.
Thank you for the opportunity to testify, and I look
forward to any questions you may have.
[The prepared statement of Mr. Gardner can be found in the
appendix.]
Chairman Bennett. Thank you very much. We appreciate all of
you and appreciate your testimony.
I would like to ask all of the other panelists if they
would like to comment on Lou's deadline of December 31, 1998,
and the assessment of the importance and timing required for
testing and implementation.
Does anyone wish to respond?
Mr. Siebenthal. I think it is well-known, Mr. Chairman,
that certain software systems do have a problem with the
rollover to 1999. We are not aware at this point in time of any
embedded systems that suffer from that same problem, but our
test programs do use that as a critical date.
Chairman Bennett. Any other reaction to that?
Mr. Gardner. I would just say, as far as the software side
of it, again, in the evaluation of what has taken place in the
environment, that certainly the software issues are ahead of
the game. As far as where the embedded are, and certainly from
discussions with our members, as far as where they are with
software remediation and testing, that I understand of plans
and testing that they are doing this summer, software testing
could be completed by that date. On the embedded side, I
believe it will go past that date.
Chairman Bennett. Lou, what is your reaction?
Mr. Marcoccia. I think there is a system--and correct me if
I am wrong--the GPS system that is associated with the tankers
that actually has a deadline that will not work in 1999. That
is certainly my understanding. I am certainly not an engineer,
but every time I brought that issue up since 1995 or 1996 I
have not had one engineer or organization tell me I am
incorrect.
I visited several organizations on the embedded system side
that deals with tankers that have agreed with me that, in fact,
there is a 1999 date that is involved with the tracking of all
tankers.
Mr. Siebenthal. Mr. Chairman, it is my understanding that
that critical date is August 20, 1999. I do not know why that
date is a problem, but that is supposedly a problem. It is also
my understanding that the Air Force is supposed to be fixing
the problem in satellites, but that the people on the ground
have to fix their own receivers if there is a problem with the
receiver.
Mr. Marcoccia. That is correct. The August 20, 1999 date is
a hard date that is in that system that is real and will stop.
We have known about that problem for several years, and that
problem is still not resolved by enough organizations that I am
concerned about it.
If they cannot handle, and the way I look at this, if they
cannot handle a known problem from several years ago, how
difficult will it be to handle a problem that they are not
aware of that will creep up sometime in 1999?
Chairman Bennett. My own sense of things, as I have
immersed myself in this issue, is that January 1, 1999 will be
a bigger event than we currently think it will be.
Mr. Marcoccia. That is right.
Chairman Bennett. And, in a way, that is good because that
will trigger the awareness of the fact that this really is
coming. People who think that nothing will happen until New
Years Eve are going to get a wake-up call.
Now, Lou, you are nodding and saying that is correct. Do
any of the rest of you agree that January 1, 1999 has the
potential of providing us with a serious jolt along the way? I
am not suggesting that the power grid is going to go down on
January 1, 1999, but I think we will have some rude wake-up
calls on that date in areas that we are not aware of.
Are you prepared to reassure me or reaffirm me in that
assumption?
Mr. Gent. Mr. Chairman, I wish it were black and white like
that. There are a number of power pools and----
Chairman Bennett. You have never dealt with the media. It
is always black and white. [Laughter.]
Mr. Gent. Well, I read in the media this morning that we
have a 40 percent chance of making it through the Year 2000, so
I am comforted by that.
Chairman Bennett. Do not be. That is my assessment.
[Laughter.]
Mr. Marcoccia. And I certainly concur.
Mr. Gent. There are a number of software programs in play
right now that deal with planning ahead and trying to commit
resources for the next hour, the next day, the next month, and
the next year, and I suspect that we will run into glitches in
that software all along the way.
I can tell you that a lot of that software is being tested.
What we do not know is has every piece of software been tested?
For instance, I am personally aware of one major power pool
that has tested, found a problem, and fixed it. I cannot assure
that the other 50 organizations that operate with their own
similar software have made that test. But that is what part of
what the NERC program is intended to do--to coordinate these
activities so that we are all aware of the problems. We take a
look, develop checklists, and proceed in an orderly way to
correct the problem.
Chairman Bennett. Before I turn to Senator Dodd, let me,
for those who may not have understood this quick exchange about
the 40 percent, make it very clear what I have said there.
If the Y2K problem were this weekend, as opposed to 18
weekends [sic] away, there is 100 percent probability that the
grid would fail. I do not think there is really much debate
there. Fortunately, it is not this weekend. It is 18 months
away, and we have 18 months to work on it, and when pressed by
members of the press to come up with a number as to what
percentage there is that the grid would fail 18 months from
now, I have said it is less than 50/50, and I have put it at
40.
But I make it very clear I am willing to move that peg as
we get more information. When we get the study from NERC we may
say, no, the 40 is far too doomsday, and it is really 30 or 25
or 20 percent the grid will fail or we may say, holy cow, let
us go back up to 50/50 shot that the grid will fail.
But I use that to illustrate the challenge we are facing
here. We have a system right now which, if we had no time, is
in failure. I think it is important that people understand
that. There is not a chance that it will fail. There is not a
percentage that it will fail. It is a certainty that if the
Year 2000 were to hit us today at the state of readiness we are
in today, the power grid would fail.
Now, we have 18 months to work on that, and what can we
accomplish in that 18 months to get us to the point that we
have to be? And as Senator Dodd said in his opening statement,
failure is not an option. So we have to use the 18 months as
wisely and as in focused a fashion as we possibly can.
Vice Chairman Dodd.
Vice Chairman Dodd. Thanks very much, Mr. Chairman.
Let me, if I can, I want to ask--I think all of you were
sitting in the room when I raised the issue with Mr. Koskinen
on the issue of the larger company that very honestly and
courageously responded to the questions the committee had asked
about Y2K readiness. I think it is a good suggestion to talk
about readiness rather than compliance. It is probably a better
word to use. The public may understand it better as well.
Let me ask all of you, basically, the same question I asked
him. You are all knowledgeable people. Some of you work a great
deal in this area.
The answer to the question obviously was that it would not
be cost beneficial to count their systems with a possible Y2K
problem was the response of the company at the time.
So I have four questions for you. Is that an acceptable
answer? Based on these answers, does this company have a chance
to meet the millennium deadline? What should be done, if we
know in advance that a major energy producer is not going to be
Y2K ready? And what contingency plans need to be in place to
deal, in your view, with such an eventuality?
Lou, why do we not begin with you.
Mr. Marcoccia. Sure. The first question is no.
The second question is no, and what should probably happen,
the project manager for that organization should probably
commit suicide, and that is what I certainly would recommend. I
certainly want to echo the comment about that one firm. I,
personally, know of several utility organizations that have not
placed one line of code back in production being Year 2000
compliant, and they have over 30 million lines of code. So it
is not one, Senator, it is many utility organizations.
And for software and embedded systems, and more so
software, the deadline is 12/31/98 because of the timeframe
that it takes to test these systems. And if you want to do some
integration, what happens, if you do not get it done at that
point, even though it looks good on paper, the risk actually
goes up tremendously because of that.
So it is not just one company. I would not be concerned if
it was one. It is many companies that fall into that category.
What should happen, one, if that organization has an
incentive plan that pays bonuses, the bonus plan should be
based on implementing Year 2000. It is amazing, when I work
with companies and when I get the CEO to change a bonus plan,
which I did for a major organization, it is amazing how the
management of that organization actually are very aware of the
Year 2000, and it is simply not good enough to be aware and
concerned.
Let me give you an analogy, if I can. I am absolutely aware
and concerned about my weight problem. I have the best gym
equipment in the basement. It is not good enough to be aware. I
have to turn that awareness and that concern into action, and
that is what is missing.
Awareness and concern is simply not good enough June of
1998. Action has to occur. What I certainly heard today, based
on what I heard--I have not read the reports--very little
action and a lot of awareness, and concern, and reports, and
meetings, and no real action that people--this is a dirty job.
This is digging a hole in the back yard, and I have not heard
any of that. What I have heard was analysis, reports,
assessments, review, generic letters, and nothing about the how
and where we are.
So I would change the management, so that actually changes.
I would develop a war room, and I would develop a triage that
says, ``We are not going to get 100 million lines done. What
can we get done in that operation?'' and then take that hit
because that organization will not be completely Year 2000
ready.
Many firms, also, and it has not been brought up, one of
the additional problems in the Year 2000 is that firms have
what is called a legacy clean-up dirty shop problem. So a firm
that has 40/50 million lines of code probably only has 20
million lines that is really production, and they can eliminate
20 million lines of code. The problem is it takes 2/3/4/5
months to decide and figure out which of those modules and jobs
are really production, so they can actually work on them. That
is a big problem that many organizations have.
Vice Chairman Dodd. Gentlemen, I suspect you might have
some alternative suggestion for the gentlemen responsible for
this. [Laughter.]
But I appreciate your colorfulness, Lou, here.
Mr. Gent. Under no circumstance, do I want to make this
sound like it is not a problem, but in direct counter to some
of my colleague's suggestions, I am aware of a number of
instances that--it is not up to me to disclose--but a number of
instances where utilities have tested both code and equipment,
found them to be incorrect or at fault, corrected the problems,
and put them back in service. You notice he carefully chose his
words, placed back in service.
Starting at the bottom of your list dealing with
contingency plans, others have discussed how they handle
contingencies, and I do not want to paint this as just another
contingency, but I want to remind you that in the operation of
these Interconnections, we deal with contingencies every day.
The whole system is planned on the possibility of
contingencies, credible contingencies. The way that we will
approach this problem is that it will become a huge
contingency.
I almost take issue with the 100 percent probaility of
failure that you are using, Senator, because we have a time
zone lag rolling across the country. I think we are quick
enough to be able to take advantage of time zone lag and learn
within an hour, if you can believe that.
NERC recently installed an incredible telecommunication
system for communications among the 23 security coordinators
across North America. It has been proven to be Y2 compliant. So
I am not sure this doomsday scenario is absolutely correct. I
would not want to go public countering your 100 percent, but I
just have.
Senator Dodd, I suggest if you ask that question of that
company again you would get an entirely different answer after
this public disclosure of your opinion of the answer and the
other answers that have been expressed here today. I find it
inconceivable that a $20 billion revenue company has not
vigorously attacked this problem.
Mr. Siebenthal. I cannot add anything to improve Mike's
discussion of the reliability issue and the 100 percent issue.
I think, Senator, you have to be careful with surveys. We
do them all the time to find out how people like our programs,
et cetera, and the only people who respond are the ones who do
not like us.
But, seriously, a $20 billion company probably has many,
many business units, many, many companies and probably each one
of those companies is doing that because they are managing the
budget that way. But the holding company probably does not
really have any idea over maybe 10 different corporations in 20
different countries what the sum total are.
Now, we can argue----
Vice Chairman Dodd. I hope you are right. But we asked the
question. They gave us the answer.
Mr. Siebenthal. Yes.
Vice Chairman Dodd. If you got that answer, how would you
react?
Mr. Siebenthal. I am very surprised. I find it hard to
believe that that is the correct answer. With Mike, I just
cannot believe that a company that size----
Vice Chairman Dodd. I think you are answering my question
by suggesting you do not believe the answer because if you did
believe the answer you would be more than surprised, you would
be shocked, correct?
Mr. Siebenthal. Yes. Correct.
Vice Chairman Dodd. Any difference in that? Listen, I am
just repeating what we have been told. I am not----
Mr. Rubright. I agree that it strains credibility. I take
the statement on its face.
I think that the recommendations that INGAA made are all
directed toward sponsoring cooperation. What contingency plans
can you make? We all must realize that there are people who
will be in various stages of readiness and, apart from
assessment, as you get into the execution of your plans, no
matter where you are, there will be people who are surprised by
their inability to execute as they had intended.
So as this problem becomes closer to the date, the ability
of existing industry participants to benefit from the knowledge
and experience of other industry participants and to focus on
what is absolutely necessary will become increasingly critical
if it is not critical today.
That is why we are suggesting that any impediment that you
can remove to cooperation between industry competitors, between
upstream and downstream suppliers, is essential and would be
extremely helpful.
Vice Chairman Dodd. I guess I know maybe your answer to
this. To the extent that the Federal Government, FERC,
Department of Energy is a clearinghouse for this information,
we listened to these two representatives of the DOE, the
chairman of the FERC, say they really did not have any
authority, any power to do anything about getting information.
I was a little surprised at that. I probably thought they had
more. I was sort of stunned that they did not.
In addition to what other recommendations you are making,
should they have more authority to be able to get this
information?
Mr. Rubright. I think they can request the information, and
the power of their request, particularly in light of the
visibility that has developed, will increase the access.
I do not personally believe that the Government has the
time to fix this problem itself.
Vice Chairman Dodd. No, it cannot fix it. I agree.
Mr. Rubright. It has to motivate private industry to do so
and remove impediments for it to do so. I think that is the
approach that our regulatory bodies have taken, and so when
they have seen us take initiatives, such as the Natural Gas
Council initiative, they are very quick to support them and
say, ``What can we do to support your initiatives?'' because
the solution will only come from the people with the resources,
and that is private industry.
Vice Chairman Dodd. Thanks very much.
Mr. Marcoccia. But, Senator, it is true that maybe they
have restrictions, but the problem is, if they do not have any
control, then how can they state that everything appears to be
fine, and they are OK. You cannot be on both sides of the coin.
If you do not have control, at least use the bully pulpit and
articulate what you think the realities are.
I just find that to be inconsistent. You do not have
control, but things are great. Well, how do you know things are
great if you do not have control? I do not understand how you
can link those two together.
Vice Chairman Dodd. That is what we are wrestling with
here, Lou. I appreciate that. I do not disagree. As we heard
from the Nuclear Regulatory Commission and others, I like the
fact that they are asking the questions, but it is getting a
high degree of concern that we come down to a point here where
we do not know more about it, and what we do know about it is
alarming in terms of whether or they are going to be ready by
the Year 2000 to respond to those issues, and then have the
problem emerge, not only, and I have been sympathetic on
litigation reform issues, but I do not need to tell you here
what is going to happen in these ares.
Mr. Marcoccia. It is going to be the same old story. When I
started on my crusade in 1991, most people thought I was nuts.
When I had the plan to implement Year 2000, people thought I
was nuts. And the last 2 years, as a matter of fact 18 months,
I have been able to sign up 38 major companies in the United
States, and the last 18 months I have gone from being in debt
to being a multi-millionaire. If this flies, there is reason
why this flies around.
And what I am here to say, Senator, that it is an issue,
and I think one of the reasons that it is not being addressed
because we have not had a national spokesperson take up the
bully pulpit. What we hear all the time is the Internet and
everything else, but we have not had a national spokesperson
that has really grabbed onto it and made the headlines in the
papers.
I have, basically, in the last several years, been talking
to almost every project manager of the major Federal Government
agencies. I remember being in the DOD's office at a very high
level, I don't know, about a year ago/year-and-a-half ago, and
they were very proud. They did an assessment of 3,500
applications. And then when I asked the question, ``At this
rate, you would have to implement in production seven
applications a day, seven applications a day,'' and that was
over a year ago, and the shift has not occurred. The Federal
Government has not made the shift, and that only has happened
in the last few months.
There has to be a national spokesperson, and I----
Vice Chairman Dodd. I hear you. That is why we are here
today.
Let me, if I can, just quickly, to EPRI, I am impressed
with the work that you are doing providing a clearinghouse of
that information. One of the concerns I have is some of the
manufacturers of these embedded systems are no longer in
business, as I am told. What can you do about that particular
problem in terms of getting information from the manufacturers?
Mr. Siebenthal. Virtually nothing, although the
manufacturers will work with us on those issues. But one has to
understand the manufacturers have two problems. They have to
fix their own manufacturing line, so they can stay in business,
and they have to help us fix the products which they have sold
us in the past.
Legacy products of the kind that you have talked about have
to be tested by the current owner. There is virtually no
alternative to that, and that is what we are recommending to
all of the participants in our program.
Vice Chairman Dodd. Do you have any sense of numbers on
this, what we are talking about in terms of the numbers or
percentages of manufacturers of embedded chips that are out of
business?
Mr. Siebenthal. I really do not, sir. In many cases, you
will find that something you bought 10 years ago has passed
through the hands of five or six subsequent purchasers, and
through mergers, and it is almost not worth, if I can use the
word that your Fortune 500 company said, it is not cost-
effective to try to figure that out. It is better to go test it
and make your own decision.
Vice Chairman Dodd. I apologize, again, Mr. Chairman.
Chairman Bennett. Not at all.
Vice Chairman Dodd. Thank you all very, very much. I
appreciate your willingness to be here with us today.
Chairman Bennett. Yes. Thank you. I will not debate with
you whether or not a current failure is absolute or whether
there are contingency plans because we are not going to get a
failure this weekend. So it would be a worthless kind of
intellectual exercise.
But my point, regardless of what number you put on it, is I
think one that you have helped us make, which is that the
present system is clearly in jeopardy, the jeopardy is serious,
the impact on the Nation would be incalculable if it were not
fixed, and we need to do the very best we can to get it fixed
and to raise both the awareness and, as Lou points out, the
level of action that comes as a result of the awareness.
This hearing was scheduled for that purpose and, if I may,
I think we have accomplished that purpose, at least to the
degree that it is possible for any Senate hearing to produce
that result.
Thank you all. The committee stands adjourned.
[Whereupon, at 12:30 p.m., the committee was adjourned.]
A P P E N D I X
______
ALPHABETICAL LISTING AND MATERIAL SUBMITTED
______
Prepared Statement of Chairman Robert F. Bennett
Good Morning, and welcome to the inaugural hearing of the Special
Committee on the Year 2000 Technology Problem. This special committee
was formed pursuant to Senate Resolution 208, introduced by the
Majority and Minority Leaders of the Senate on April 2, 1998 and which
was passed unanimously by the Senate. The jurisdiction of the special
committee extends beyond the public sector into the private sector.
As result, this Committee will be hearing from the utility
industry, specifically gas and electric utilities, today. Subsequent
hearings will look into the year 2000 preparedness of health services,
telecommunications, financial services, transportation, general
government services, and general business. We will also look into the
legal liability of firms who become the subject of court suits due to
year 2000 technology problems.
I have some disturbing news to report this moring. In order to
prepare for today's hearing, I directed Committee staff to conduct a
formal survey. The survey was of modest proportions including only ten
of the largest electric, oil, and gas utility firms in the U.S. I
wanted to know the status of their Y2K preparedness. While the survey
is not statistically representative of the entire industry, it does
include geographically dispersed firms engaged in all aspects of power
generation, and gas and electricity transmission and distribution.
I had anticipated that I would be able to provide a positive report
on the Y2K status of these public utilities. Instead, based on the
results of this survey, I am genuinely concerned about the prospects of
power shortages as a consequence of the millennial date change.
Let me share a few of the survey findings: Only 20 percent of the
firms surveyed had completed an assessment of their automated systems.
One firm did not even know how many lines of computer code it had.
Experts have testified before my banking subcommittee that any major
firm that has not already completed its assessment, can not hope to
become Y2K compliant by January 1, 2000.
None of the utilities surveyed were assured after making inquiries
that their suppliers, venders, and servicers would be Y2K compliant.
Utilities are highly dependent on servicers, suppliers, and other
upstream activities to transmit, and distribute gas and electricity. In
fact, many power distribution companies are ultimately dependent on
foreign oil imports.
None of the firms surveyed had completed contingency plans for Y2K
related eventualities. Even though all of these firms are required by
their regulators to maintain emergency response plans, none had
completed a Y2K contingency plan. My concern is that they probably
don't know what contingencies to prepare for.
The last question on our survey asked for recommendations. One
respondent, after making several recommendations made the following
profound statement: ``Whatever actions are taken by Congress, they must
be done quickly, during this session, or they will have no impact on
the Y2K problem.''
I am personally concerned that the Y2K problem is receiving so
little public attention. I am concerned that when it does become a
matter of general public concern that it will be too late to bring
pressure to bear on the timely correction of the many Y2K problems that
exist. My greatest fear is that when it does become a matter of general
public concern, it will bring with it a measure of panic that will be
detrimental to effective and efficient remediation of the problems that
will present themselves.
For the private sector, I define the Y2K problem in much broader
terms than what I see generally discussed and reported in the trade
press which is where many of the Y2K problems are reported. The problem
is more than a computer's ability to function on January 1, 2000. It
includes not only computers, it includes embedded systems, such as
process control units.
I read a story recently about a major oil company that tested one
of its oil refineries. They found that the refinery had 90 separate
systems that somehow used a microprocessor. Many of these were key
systems. Of the 90 systems, they were able to come up with detailed
documentation on 70. Of these 70, they determeined that twelve had date
dependent embedded chips. Of the twelve, four failed a Y2K test and
will have to be replaced. Had any of the four failed on January 1,
2000, they would either have completely shut down the plant or would
have caused a high level safety hazard which would have caused other
systems to shut it down.
What is really worrying the company's experts now is the other 20
systems. They don't know what functions the chips in these systems have
and are leaning towards replacing them all. This happens to be a
relatively modern plant.
On June 8th, U.S. News & World Report ran a story concerning a
Midwestern electric generation facility that was taken off-line to test
for Y2K compliance. When the test clock was rolled forward to January
1, 2000, a safety system mistakenly detected dangerous operating
conditions and shut the generator down. After three days, they reran
the test, only to have a different sector fail, shutting down the
generators again.
Another area of the Y2K problem is interfaces. Interfaces sometimes
exist between systems within a company, and sometimes exist between a
servicer, supplier, vender, or customer. It is important that Y2K
remediation corrections among these parties be compatible.
Infrastructure plays an important supporting role for almost any
business. Utilities, for example, are dependent on transportation,
telecommunications, water and sewer facilities; all of which are
critical to continuous business operations.
Ripple effects are an important concern. If foreign oil production
is not Y2K compliant, or if oil tankers' navigation and propulsion
systems are not Y2K compliant, what effect will that have on our
electric generation facilities that are dependent on petroleum products
to generate power?
Government services are frequently taken for granted, but are an
area of significant concern. I know of no Federal data bases or
information systems that are not computerized. We rely heavily on
government services for mail delivery, transportation, financial
services, water and waste treatment facilities, just to name a few. If,
for example, the Coast Guard ships operating in the vicinity of the
Alaska Pipeline are not Y2K compliant, we could find timely shipments
of Alaskan oil jeopardized.
I find these categories useful in evaluating the breadth of the
Year 2000 problem. I would encourage our witnesses to consider them as
they make their presentations today.
______
Y2K Committee Announces Survey Results Measuring Y2K Preparedness of
Nation's Largest Utilities
[Survey conducted by the staff of the Senate Special Committee on the
Year 2000 Technology Problem]
executive summary
The Special Committee on the Year 2000 Technology Problem recently
completed a survey of ten of the largest oil, gas, and electric
utilities in the United States. The purpose of this survey was to
determine the status of the utility industry in terms of its year 2000
(Y2K) preparedness.
--Based on the survey results, we conclude that while these utilities
are proceeding in the right direction, the pace of remedial
efforts is too slow and the associated milestone dates are so
distant that there is significant cause for concern.
--It is also clear from the survey responses that despite substantial
completion of initial assessments, firms are not confident that
they have a complete and accurate picture of their present Y2K
compliance, making assurances of timely Y2K compliance little
more than a hope.
--Experts contend that the most difficult aspects of remediation are
in the renovation and testing phases; most of the firms
surveyed have not begun these critical phases of remediation.
--Utilities' ignorance of the Y2K compliance of critical suppliers,
vendors, and servicers and their lack of assurances from same
create additional uncertainty for utility consumers.
--Since the firms tested are among the largest utilities in their
fields with the most available resources, we are pessimistic
about the implications for the rest of the utility sector.
purpose and methodology
We asked survey respondents for information on their automated
systems used to manage and operate their respective utilities; these
include both their computers systems and embedded systems such as
process control units used in their production and distribution
systems. While the survey is not statistically representative of the
utility industry at large, the inclusion of 10 of the largest oil, gas,
and electric utilities, including generation, transmission, and
distribution facilities, ensures broad representation of the industry.
Pledges of confidentiality were made to survey respondents in order to
facilitate honest and candid answers to survey questions.
Other studies have concluded that smaller utility companies are not
as advanced in their Y2K preparedness as their larger counterparts.
Hence, the results presented here probably represent the best prepared
portion of the industry.
findings
The utilities surveyed generally did not become aware of their Y2K
problems until 1995 or later. Each of them has since created a formal
Y2K project within their firm. Unfortunately, only 2 of the utilities
surveyed reported that they have completed the initial assessments of
their automated systems, especially on the embedded systems side where
4 firms were unable to identify how many embedded systems they have in
service.
All of the survey respondents reported using outside consultants or
contractors in combination with in-house personnel in their Y2K
assessment. All of the companies reported significant numbers of
automated systems, with one firm reporting over 300,000. The typical
firm reported about a third to a half of its systems were mission
critical.
Of those who had identified their embedded systems, there was a
wide variation in the number reported. Some firms reported numbers of
embedded systems by type of application while others reported on a
detailed inventory basis. In general, embedded systems assessments have
lagged computer systems assessments. We were told that this is because
the problem in embedded systems was not apparent until recently.
Costs for remediation also varied significantly, due perhaps to the
fact that the companies involved were not homogeneous in terms of
service provided and the types of assets in place, as well as the fact
that final assessments are not complete. Two firms were unable to
report their projected remediation costs. Notwithstanding the variation
in estimated remediation costs, the total projected cost of remediation
for the survey firms was over $400 million.
The typical utility surveyed expects to renovate about 75 percent
of its noncompliant systems and to replace or retire the remainder.
All of the firms surveyed were optimistic that they would have
their mission critical systems renovated or replaced by January 1,
2000; however, most implied that remediation efforts for non-mission
critical systems would still be on-going after January 1, 2000. All the
firms surveyed reported checking with suppliers and servicers, but few
of them received assurances of uninterrupted service and many are
having difficulty obtaining responses to their inquiries. This creates
some additional uncertainty for continuous utility service after the
millennial date change depending on the criticality of goods and
services provided by vendors, suppliers, and servicers.
While most surveyed firms recognized a potential for legal problems
and/or liability in conjunction with the millennial date change,
several indicated that they did not anticipate legal or liability
problems even if suppliers and servicers failed to make timely
deliveries. Nonetheless, each firm surveyed indicated that it had
received inquiries regarding its Y2K preparedness from regulators,
creditors, and/or stockholders/investors.
None of the utilities surveyed had completed contingency plans, for
potential eventualities associated with the millennial date change.
Most of this effort will be done in conjunction with standing disaster
recovery or emergency response plans.
One of the more interesting parts of the survey asked about the
need for congressional action. Fifty percent responded that they needed
the ability to share Y2K information and best management practices more
freely among other companies without fear of legal reprisal. Since the
Justice Department (DOJ) addressed this issue last week, we assume the
DOJ information has not been widely distributed. Twenty percent
suggested the need for a liability limit, and 10 percent suggested a
need to defer Gas Industry Standards Board implementations so that all
available resources can be focused on Y2K remediation efforts.
SENATE COMMITTEE ON THE YEAR 2000 TECHNOLOGY PROBLEM RESULTS OF UTILITIES SURVEY
--------------------------------------------------------------------------------------------------------------------------------------------------------
Percent Status of
Date Establish Assessment systems service Legal or Contingency Contacts Contacts Will you
Company aware formal complete mission providers/ liability plans by by finish
project critical vendors concerns complete creditors investors in time
--------------------------------------------------------------------------------------------------------------------------------------------------------
1...................................... 1995 Yes No 54 ? Yes No Yes ......... Yes
2...................................... 1995 Yes Yes 5 ? Yes No Yes Yes Yes
3...................................... 1996 Yes No ? ? Yes No No Yes Yes
4...................................... 1992 Yes No 30 ? Yes No Yes Yes Yes
5...................................... 1995 Yes Yes 50 ? No No Yes Yes Yes
6...................................... ....... Yes No ? ? Yes No Yes Yes Yes
7...................................... 1996 Yes No ? ? Yes No Yes Yes Yes
8...................................... 1996 Yes No 25 ? No No Yes Yes Yes
9...................................... 1996 Yes No 35 ? Yes No Yes Yes Yes
10...................................... 1996 Yes No 18 ? No No Yes Yes Yes
--------------------------------------------------------------------------------------------------------------------------------------------------------
Notes:
1. The eight companies that reported cost expect to spend over $400 million collectively on Year 2000 problems.
2. while no company had completed contingency plans, all but one had begun planning.
Source: Committee staff.
__________
Prepared Statement of Vice Chairman Christopher J. Dodd
Thank you Mr. Chairman. This is the special committee's inaugural
hearing and I want to extend my congratulations to you for getting us
to this point.
If it weren't for your tireless--and sometimes lonely--efforts to
raise the Senate's awareness about the Year 2000 problem, I doubt very
much if we would be here today.
When I was back in Connecticut last weekend, I noticed a fair
amount of advertising for New Year's eve 1999 in which the question was
asked: ``Where do you want to go for New Year's? Make your plans
today!''
While I don't know where anyone else wants to be, let me suggest
three places you don't want to be: In an elevator, in an airplane or in
a hospital.
The fact is that with less than 18 months to go, I am very
concerned that we are going to face serious economic dislocations from
this problem.
And I am very, very concerned that even as government and business
leaders are finally acknowledging the seriousness of this problem, they
are not thinking about the contingency plans that need to be put into
place to minimize the harm from widespread failures.
Senator Bennett is fond of likening this committee to Paul Revere,
saying that we have to sound the alarm that the millennium is coming;
well today's hearing should answer the question about whether there's
going to be any lights shining out of the old north church.
Some people have asked why we are starting our hearings with the
power industry. the answer is brutally simple: Without electricity
nothing else works.
And the power industry provides a good model for thinking about the
Year 2000 in a lateral, rather than vertical, manner.
By that I mean that a corporate executive or government official
can't simply look at the four corners of their business or agency and
ignore the outside world.
Say, for example, you took all necessary steps to make your home
Year 2000 compliant--you updated your pc and software, you replaced
your answering machine, you determined that the vcr and microwave would
still work and you put a brass knocker on your door as a contingency,
just in case your new, modern doorbell didn't work.
Even though you were vertically complete, you still have to worry
about the electricity, your water, the mail, cable and phone service
and so on.
That analogy illustrates the way business and government must also
think about the Year 2000 problem.
Since all the utilities are tied together in the power grid and are
dependent upon a whole series of steps in order to function, it is an
excellent illustration of how you cannot simply focus on one's own
company or agency, no matter how big or little, and declare it Year
2000 compliant.
Senator Bennett mentioned that the special committee conducted a
survey of major energy producer and it revealed that we are not in very
good shape.
Quite honestly, I think we're no longer at the point of asking
whether or not there will be any power disruptions but we are now
forced to ask how severe the disruptions are going to be.
Given the brevity of time left before the millennium conversion,
contingency planning has to start today--not just for the worst-case
disaster scenarios but for all the medium-sized disruptions that are
more likely to occur.
One thing that I've noticed is that every company, government
agency or trade association that I've met with has a nice neat chart
showing the timeline for completion of their Year 2000 project.
My deep concern is that those nice, neat little charts will be
blown to smithereens the moment they start testing their repairs.
I have been constantly surprised by senior Year 2000 officials who
say with one breath that testing will take just as long as fixing the
code, and say with the next breath that they need only a few months for
complete system testing after fixing the system took years.
Now while it took me a while to figure out the difference between
an embedded chip and a wood chip, I certainly can do enough math to
determine that there isn't a single company or government agency that
is leaving itself any margin of error in these neat little charts
they're so fond of showing.
It's been said before, but it bears repeating: Failure is simply
not an option. If the critical industries and government agencies don't
start to pick up the pace of dealing with this problem right now,
Congress and the Clinton administration are to have to make some very
tough decisions to deal with a true national emergency.
______
[From the Washington Post, June 12, 1998]
Pentagon Faulted on Year 2000 Reports Investigators Find Unreliable
Accounting of Computer System Compliance
(By Stephen Barr)
When it comes to computers and the Year 2000 glitch, the Pentagon's
compliance checklist doesn't always produce compliance. An
investigation by the Defense Department's inspector general found that
computer system managers turned in reports listing critical technology
systems as ready to accurately process and calculate dates in the next
century even though the systems had not received such certification.
The prospect of incorrect information in the Year 2000, or Y2K,
progress reports has raised concerns about the integrity of the process
used by top Pentagon and White House officials to track computer
repairs and to make contingency plans for any possible technology
crisis on Jan. 1, 2000.
``Senior DOD management cannot afford to make Y2K program decisions
based on highly inaccurate information,'' the office of the inspector
general concluded in its report on the matter. ``If DOD does not take
the action that it needs to obtain accurate information as to the
status of its Y2K efforts, we believe that serious Y2K failures may
occur in DOD mission-critical information technology systems.''
Rep. Stephen Horn (R-Calif.) raised the report at a House
subcommittee hearing Wednesday on Year 2000 computer repairs. ``I
thought we were past the days of the Vietnam body count,'' Horn said as
he inquired about Pentagon plans for ``improved honesty of
compliance.''
William A. Curtis, a retired Army combat officer recruited by the
Pentagon 60 days ago to shape up its Year 2000 computer repair program,
did not dispute the findings.
``We have got to have the most accurate data * * * and not be
shooting the messenger,'' Curtis told Horn.
Curtis and Sally Brown, a Defense official involved in Y2K
compliance efforts, said they did not believe system managers were
trying to intentionally mislead superiors on Y2K progress.
The Year 2000 problem stems from the use in many computers of a
two-digit dating system that assumes that ``1'' and ``9'' are the first
two digits of the year. Without specialized reprogramming, the systems
will recognize ``00'' not as 2000 but 1900, which could cause computers
to shut down or malfunction.
Overall, the Pentagon is running at least four months behind
schedule on its timetable for Year 2000 computer fixes and estimates
that it will spend about $1.9 billion on the problem. The department
has about 25,000 computer systems, with about 2,800 designated as
``mission critical.''
They include command and control, satellite, inventory management,
transportation management, medical and equipment, and pay and personnel
systems.
At the Defense Department, Year 2000 policies say that computer
users cannot assume a system will successfully operate in the next
century until it has been certified by a system manager. A computer
system is not certified until the system manager signs a Y2K compliance
checklist, the inspector general's report said.
But when the office of the inspector general sampled 430 computer
systems that the Pentagon had reported as Year 2000 compliant in
November 1997, it found that defense officials could not provide
documents to show they had followed proper procedures. Using a
statistical model, the office concluded ``that between 265 and 338
systems were not certified,'' although the systems had been reported to
senior management as certified.
In addition, investigators found that ``the existence of a
completed and signed Y2K compliance checklist did not always mean that
the system was Y2K compliant.''
They did not identify the systems by name or function, but the
computers were reportedly being used by large Defense agencies, such as
the Army, the Air Force, the Finance and Accounting Service, the
Special Weapons Agency and the Defense Logistics Agency.
The report, issued last month, underscores the problems federal
agencies face as they try to define such terms as ``Y2K compliant'' and
``Y2K ready.''
The Agriculture Department, for example, recently reported 15
systems as compliant, even though they were only in developmental
stages, said Joel C. Willemssen of the General Accounting Office.
In the Pentagon's case, the report from the office of the inspector
general said the department's Year 2000 management plan did not clearly
describe the certification process or the specific requirements for
systems managers.
``The word certified had so many different kinds of meanings that
it had lost all its meaning,'' Brown said yesterday.
A new management plan will be published within the next few days to
clarify procedures and expectations, Curtis said. Some Defense agencies
also have decided that it is no longer appropriate for only one person
to sign off on a certification and now require senior managers to
participate in the decision, he added.
To help accelerate its repair effort, Curtis said, the Pentagon
plans to set up a High Risk Systems Board to oversee each computer
system in Y2K jeopardy and will form a 250-person evaluation force to
independently validate the fixes and testing for the Pentagon's most
important systems.
__________
Prepared Statement of Gary W. Gardner
opening remarks
Mr. Chairman and members of the select committee, Good Morning. I
am Gary Gardner, Chief Information Officer of the American Gas
Association. Thank you for inviting me to speak to you regarding the
status and readiness of natural gas distribution companies as it
relates to Year 2000 (Y2K) issues. Our industry views the Y2K
technology issue as a serious one and has been working hard to ensure
safety and reliability in the natural gas distribution chain.
The American Gas Association (A.G.A.) represents 181 local gas
utilities that deliver gas to 54 million homes and businesses in all 50
states. Our members distribute 85-90 percent of the natural gas
delivered in the United States. Additionally, A.G.A. provides services
to member natural gas pipelines, marketers, gatherers, international
gas companies and a variety of industry associates.
background
A.G.A. and gas utilities have been fully aware of the issues
surrounding the Year 2000 and the possible impact on U.S. citizens (our
customers) and the economy. Natural gas utilities have always been
committed to ensuring the safe and reliable operation of our delivery
systems. As a result, our industry has been heavily working on Y2K
issues for the past three years. As with many industries, the issue was
first viewed as an information technology (IT) problem and most of the
activities were focused in the internal IT departments of our
companies. Over the last two years, the major emphasis has shifted to
the issues surrounding embedded systems and contingency planning.
With respect to risk management and contingency planning, our
industry is very proud of its record of maintaining reliable service to
our customers in the face of natural disasters, extraordinary weather
conditions and emergency situations. Our contingency planning efforts
are based on years of experience in operating safe delivery systems for
consumers.
industry survey
In an effort to provide specific information regarding the
preparedness of the U.S. natural gas utilities, A.G.A. has gathered
data for this hearing from active players in Y2K issues within our
industry. First, the Gas Research Institute, the research, development,
and commercialization organization of the natural gas industry,
conducted a survey in May, predominately of local natural gas
distribution companies. The companies which responded to the survey
have customer bases that range from 35,000 to 4.8 million. The
objective was to assess the Y2K status and need for collaborative
efforts supporting Year 2000 resolution.
Preliminary results, based on responses of 49 companies of mixed
size and geographic location are summarized as follows:
--The confidence level of avoiding significant operating disruptions
is high--90 percent responded that they were very confident in
their ability to resolve software problems by the end of 1999.
--The companies are undertaking a structured approach to resolving
Y2K issues--all respondents indicated a formal, enterprise-wide
assessment has been conducted. The priority areas and issues
include operations, finance, IS vendor reliability, supply
chain reliability, building systems, and customer service.
Nearly half of the companies that responded indicated that Y2K
amendments were made to their already existing contingency/
emergency plans.
--The vast majority of the companies have been working on the
software issue for 2-6 years. At this point, 20 percent of the
companies indicated they have completed their software
remediation program.
--Overall, 93 percent of the companies in the survey indicated that
they are beyond the initial inventory and assessment phase, and
in the remediation/testing/completed phases of software code
resolution.
--In terms of embedded systems, 71 percent were very confident in
their ability to resolve the embedded processor issues. This
confidence level is expected to increase as they complete the
remaining phases of their Year 2000 plan.
--84 percent of the companies are in the remediation/testing/
completed phase of their embedded processor program--with 80
percent of the companies expecting that their embedded systems
will be Y2K compliant by June 1999.
I'd like to comment on the use of the term ``Y2K compliant''. ``Y2K
ready'' may be the preferred term when referring to a company's
readiness. For purposes of the survey, Y2K compliant means the
component is unaffected by the Y2K dates. Non-compliance, however, is
not interchangeable with the term ``dysfunctional system.'' In the
``triage'' or prioritization process, components that are not mission-
critical may be intentionally bypassed prior to Dec. 1999. They may be
tested and the dysfunction found not to have significant implications
to operations, or not tested at all, depending on their rank in the
prioritization.
For distribution companies, the focus for embedded systems is to
ensure that on January 1 mission-critical gas delivery systems are
working properly. Also, it must be noted that most local distribution
companies have manual controls as backups, so getting around a embedded
component should not be difficult. Our bottom line emphasis and focus
is on the remediation of issues that directly affect the delivery and
proper accounting of natural gas.
remediation experiences
The results of remediation testing by the management consulting
firm of Stone and Webster should also provide the committee with a
sense of the general preparedness and the nature of the challenges
facing the industry. Stone and Webster has conducted fourteen Y2K
assessments for gas, electric and combination companies. These
companies have customer bases that range from 500,000 to 1.5 million.
Their efforts have focused on all aspects of utility Y2K
vulnerabilities including:
--Embedded systems within core utility operations
--Upstream critical service providers (electric, water,
telecommunications)
--Downstream use of gas at customer location
--Vendor supply chains
With respect to the issue of embedded systems, the embedded systems
are defined as systems within a gas utility's operation that contain
microprocessors and have time/date stamps associated with their normal
function. From the point of entry to the distribution/transmission
pipeline of the local distribution company to the meter, you may find
50-100 systems with embedded processing, such as:
------------------------------------------------------------------------
Locations Embedded systems
------------------------------------------------------------------------
Storage Fields.................... Compressor Control, Flow
calculations.
Gas Control....................... SCADA (supervisory-controls-data
acquisition) systems Flow and
control computers.
Metering.......................... Transmit and Correcting Devices,
Mobile and Handheld devices.
Gas Management.................... Electronic Bulletin Boards.
Operations........................ Instrument calibration systems,
regulatory compliance tracking.
Facilities........................ Energy management control systems,
HVAC, Security.
------------------------------------------------------------------------
The process to assess and identify embedded systems typically
follows an auditable methodology such as system identification,
determining compliance from manufacturers, and performing remediation
(replacement, upgrades, contingency plans) and associated testing. This
process, based on complexity of operation, could take 12-18 months to
complete.
Some general findings from the Stone & Webster engagements of
natural gas utilities include the following:
--Embedded systems within a gas utility, whether a large or small
LDC, are essentially similar.
--Most utilities are consistent in the type of devices they utilize
(i.e. meters) and many have manual override options.
--The number of critical operational systems--those that directly
affect the delivery of gas--are typically less than 10. The
systems that predominately have Y2K compliance issues are the
gas operation supervisory/control, (SCADA) systems.
--The critical embedded systems that have Y2K compliance problems are
typically fixable through repair, upgrade, or replacement and
can be corrected in less than a year.
summary
In summary, the local distribution companies, our nation's natural
gas utilities, are actively and aggressively addressing Y2K issues.
Segments within the natural gas industry (production, transmission, and
distribution) are collaborating and working closely together in the
assessment and remediation of Y2K issues. Operational and core business
systems are being identified and remediated. While our members are at
varying levels of compliance, a very high level of confidence is
present regarding the safe and reliable delivery of natural gas.
Because our industry is based on the successful delivery of services,
and has established, proven contingency plans in place to handle crisis
and emergency situations, we are prepared to handle the issues related
to the Year 2000. As we are today, our industry is committed to
ensuring the safe and reliable delivery of energy to U.S. citizens, our
customers.
Thank you for the opportunity to testify this morning. I look
forward to responding to any questions you may have.
GRI Y2K Blind Survey Summary--Preliminary 6/9/98
from gri survey on need for y2k collaborative activity--spring 1998
Participants: Predominately distribution companies.
Respondents: 49 as of 6/9/98.
Questions:
1. Have you conducted a formal, enterprise-wide assessment of the
potential financial risks presented by the Y2K problem?
Responses by percent:
Yes: 90
No: 8
Declined \1\: 2
---------------------------------------------------------------------------
\1\ ``Declined'': Some respondents indicated they were not the
right person for the specific question. Several respondents were short
on time and went directly to specific questions, declining to discuss
others.
---------------------------------------------------------------------------
2. What are some of the priority areas and issues?
Response:
Operations, finances, IS vendor reliability, supply chain
reliability, bids systems, customer service.
3. Do you feel you have enough information at hand to fully
evaluate the financial risks associated with your company presented by
Y2K?
Responses by percent:
Yes: 80
No: 14
Declined: 6
4. As a senior executive, how confident are you in your company's
ability to:
a. assess and fix Y2K software problems by 12/31/99?
Responses by percent:
Very: 90
Somewhat: 6
Declined: 4
b. assess and fix Y2K embedded processor problems by 12/31/99?
Responses by percent:
Very: 71
Somewhat: 22
Not: 2
Declined: 4
5. Has your company developed a contingency plan for Y2K non-
compliance/readiness--e.g. telecomm, public transportation failure?
Responses by percent:
Yes: 47
No: 49
Declined: 4
6. How confident do you feel in your contingency plan?
Responses by percent:
Very: 31
Somewhat: 8
Uncertain: 12
Declined: 6
N/A \2\: 43
---------------------------------------------------------------------------
\2\ ``N/A'': Indicates the question is not applicable. This is
usually evidenced by other, related responses.
---------------------------------------------------------------------------
7. Have you discussed having an outside firm conduct an audit of
your contingency plan?
Responses by percent:
Yes: 49
No: 29
Declined: 4
N/A: 18
8. What department has overall responsibility for your Y2K problem?
Responses by percent:
Y2K Team: 27
IT/IS: 53
Finance: 10
Other: 6
Declined: 4
9. How long has your company been addressing the embedded processor
problem--corporately with direct Y2K responsibility?
Responses by percent:
2-4 years: 37
1 year: 33
Less than 1 year: 29
Declined: 2
10. What type of assistance are you currently using or plan to use
for your Y2K embedded processor problems?
a. Local Contract Program
Responses by percent:
Currently use: 10
Plan to use: 8
Will not use: 73
Declined: 6
N/A: 2
b. Consulting Firms
Responses by percent:
Currently use: 53
Plan to use: 12
Will not use: 27
Declined: 6
N/A: 2
c. Equipment Supplies
Responses by percent:
Currently use: 55
Plan to use: 14
Will not use: 22
Declined: 6
N/A: 2
d. Manufacturers
Responses by percent:
Currently use: 51
Plan to use: 14
Will not use 27
Declined: 6
N/A: 2
e. Other
Responses by percent:
Trade Assoc.: 2
Delined: 2
N/A: 96
11. Has your company evaluated its major embedded processors for
Y2K compliance?
Responses by percent:
Yes: 86
No: 12
Declined: 2
12. At what stage of Y2K program completion is your company's
embedded processor program?
Responses by percent:
Launch: 0
Inventory: 2
Assessment: 12
Remediation: 31
Testing: 35
Completed: 10
Declined: 2
13. How probable is it that your company's embedded processors will
be Y2K compliant by January 2000? \3\
---------------------------------------------------------------------------
\3\ ``Y2K Compliant'' vs. ``Y2K Ready"
Y2K Ready is the preferred term when referring to an organization's
preparedness to function through and beyond 2000.
Y2K Compliant, as used in this survey, means the component is
unaffected by Year 2000+ dates.
Y2K Ready means the critical business functions associated with
safety and deliverability are expected to continue operating. There may
be some inconveniences or delays of a non-critical nature, for example
billing.
Acceptable non-compliance: Note that in the ``triage'' or
prioritization process, components that are not mission critical may be
intentionally ignored during testing prior to 12/31/99.
Alternatively, testing may reveal a non-compliance that does not
have significant implications to operations--these could be examples of
a Y2K ready system with non-compliant components.
---------------------------------------------------------------------------
Responses by percent:
Very: 88
Somewhat: 8
Not at all: 0
Declined: 4
14. When do you expect your company's firmware/embedded systems to
be Y2K compliant? Prior to 12/31/99?
Responses by percent:
Are now compliant: 8
By 12/31/99: 16
By 6/30/99: 55
No: 16
Declined: 4
15. What specific Y2K-related problems have you experienced with
your embedded processors?
Responses by percent:
No problems: 35
Problems identified: 41
Declined: 24
16. Have you found solutions to these problems?
Responses by percent:
Yes: 27
No: 14
Declined: 22
N/A: 37
17. During testing, how often were faulty solutions uncovered in
your embedded processor remediation?
Responses by percent:
Never: 18
Rarely: 24
Sometimes: 16
Often: 0
Haven't tested: 24
Declined: 16
18. How long has your company been addressing the software Y2K
problem?
Responses by percent:
5 years+: 6
2-4 years: 67
1 year: 18
Less than 1 year: 6
Declined: 2
19. What type of assistance are you currently using or plan to use
for your Y2K software problems?
a. Local contract program
Responses by percent:
Currently use: 16
Plan to use: 6
Will not use: 73
Declined: 4
b. Consulting firms
Responses by percent:
Currently use: 73
Plan to use: 6
Will not use: 16
Declined: 4
c. Equipment suppliers
Responses by percent:
Currently use: 51
Plan to use: 8
Will not use: 37
Declined: 4
d. Manufacturers
Responses by percent:
Currently use: 41
Plan to use: 8
Will not use: 47
Dedlined: 4
e. Other
Responses by percent:
In-house vendors: 2
Contract programmers: 2
Declined: 4
N/A: 92
20. Has your company tested its major software for Y2K compliance?
Responses by percent:
Yes: 78
No: 20
Declined: 2
21. At what state of Y2K program completion is your company's
software?
Responses by percent:
Launch: 0
Inventory: 0
Assessment: 6
Remediation: 22
Testing: 51
Completed: 20
______
Responses of Gary W. Gardner to Questions Submitted by Chairman Bennett
Statement: ``Nearly half of the companies that responded indicated
that Y2K amendments were made to their already existing contingency/
emergency plans.''
Question. What types of amendments were made and have they been
tested?
Answer. The May 1998 Gas Research Institute (GRI) survey, that was
presented during A.G.A.'s testimony on June 12, did not address the
specific types of amendments or whether they have been tested.
Based on follow up discussions with our member companies, as
remediation efforts progress, additions are being made to existing
emergency response plans. Examination of existing contingency plans are
being conducted in parallel with the execution of Y2K remediation
plans. The objective is to determine what specific actions would be
appropriate to minimize risk against unforeseen events. As an example,
given a systems analysis, what manual override procedures and staffing
should be in place to manage safety and deliverability issues. The
process of determining the need for amendments includes analysis of
assets and processes key to mission critical functions.
As stated during our testimony, natural gas utilities have very
detailed emergency response plans (as required by the Department of
Transportation, Office of Pipeline Safety) in place to address unusual
operating situations. Most of their current efforts are focused on
remediation and testing. Results from those activities are needed to
complete a well-focused and efficient contingency plan.
Statement: ``84 percent of the companies are in the remediation/
testing/completed phase of their embedded processor program--with 80
percent of the companies expecting that their embedded systems will be
Y2K compliant by June 1999.''
Question. What type of testing is being done? Is it the short
single type of testing (a short virtual test) e.g. start up the
machine/system/component, see what happens when the Y2K tests or
procedures are run and then shut it down? Or, is a longer time frame of
testing being done such that the item being tested is in the ``constant
on condition'' (a real virtual test) for a week or month or longer, as
appropriate? We further understand the longer testing period can show
if NON-critical errors such as filling up the error buffer will cause
the system/item to crash. Does it seem prudent for the AGA to encourage
real virtual testing?
Answer. The May 1998 GRI survey did not address the specific types
of testing that was being conducted by the industry. However, based on
follow up discussions, natural gas utilities are performing testing on
many different levels including component, system and off-line testing.
Such procedures include off-line bench-type testing of individual
components as well as off-line systems testing when possible. Testing
is being conducted on Supervisory Control and Data Acquisition (SCADA)
systems, Remote Terminal Units (RTU), modems and various field devices.
These tests are primarily off-line on spare components or on actual
plant equipment. Testing is also being conducted on protective devices
such as line relays, digital fault recorders, and meters. These tests
have been bench tested on spare equipment under simulated conditions.
Testing is performed on a component basis first and then end-to-end
testing with all systems working together is completed. The utilities
are indicating that they will be conducting on-line testing this fall
as system conditions permit. Most ``live'' testing will take place
later this year and early 1999.
Statement: Regarding a question you asked of your industry members,
49 percent indicated they have not ``* * * developed a contingency plan
for Y2K noncompliance/readiness--e.g. telecomm, public transportation
failure.'' (Question 5 from the GRI survey).
Question. When will these 49 percent develop such contingency
plans?
Answer. As stated earlier, detailed contingency plans already exist
that cover the core operation areas. As remediation efforts are
completed, it is anticipated that an increasing portion of an operating
staff's time will be devoted to contingency planning. This is
particularly true because collaborative testing efforts between
utilities, vendors, and suppliers have not been completed. Over the
coming months, numerous industry discussion forums, conferences, and
Y2K Task Force meetings (working with the Natural Gas Council's Y2K
Task Force and the President's Council on Y2k--Energy Working Group)
will address contingency issues. These meetings will provide the
opportunity to assess where our members stand in regards to readiness
and contingency planning.
__________
Prepared Statement of Michehl R. Gent
Mr. Chairman and Members of the Special Committee, we appreciate
the opportunity to express our views on this important topic.
My name is Michehl Gent. I am here today representing the North
American Electric Reliability Council. NERC is a voluntary, non-profit
organization formed in 1968 to coordinate the reliability and adequacy
of bulk electric systems in North America. NERC consists of ten
Regional Reliability Councils spanning the United States, Canada, and a
portion of Mexico. For 30 years, NERC has played a leadership role in
making the North American electric system the most dependable electric
supply system in the world.
The U.S. Department of Energy has asked NERC to assume a leadership
role in preparing the electric supply and delivery systems of North
America for transition to the Year 2000, also known as Y2K. The
Secretary of Energy has requested a status report and Y2K coordination
plan by September 1998 and a full report of the preparedness of
electric systems by July 1999. Today I intend to outline NERC's
activities to coordinate the preparations of the electricity systems
for Y2K. A copy of NERC's Y2K Coordination Plan is attached to my
comments.
Let me begin by noting that Y2K is not a new issue to the electric
industry. NERC, its ten Regional Reliability Councils, and their
members recognized the threat posed by Y2K several years ago and have
been working toward solutions at several levels. Although the effort to
date may not have been entirely consistent across the industry, most
electric utilities have established Y2K programs and invested
substantial personnel and technical resources on identifying and
resolving Y2K problems. The industry has been testing critical software
and embedded digital controllers and working with vendors to find
solutions.
Nearly all of the detailed Y2K problem identification and
resolution has been and will continue to be performed by individual
electric utilities. As an example of work under way, one major utility
is investing 16 person-years in 1998 alone and expects to have 80
percent of the conversions done by the end of this year. One utility
has assigned a Vice President full time to directing Y2K activities.
That utility is more than 50 percent through known problems and is
progressing on schedule. There are examples of utility Y2K teams which
report directly to the CEO. At one utility, 1,400 people across various
departments are assigned full-or part-time responsibility for Y2K
activities. There are numerous examples of utilities investing tens of
millions of dollars in resolving Y2K problems.
Those electric utilities that are attacking the problem
aggressively are to be commended. However, NERC's concern is that all
electric utilities that have a direct reliability impact on North
American electrical Interconnections must address the Y2K problem in a
coordinated manner. This concern is due to the high degree of
interdependence of electric systems within an Interconnection.
The electric systems of North America are connected within four
large Interconnections. The largest, the Eastern Interconnection,
covers the eastern two thirds of North America, including the United
States and Canada. The second largest, the Western Interconnection,
covers the western one third of the United States and Canada, as well
as a portion of the Baja California Norte region of Mexico. The other
two Interconnections include most of the state of Texas, also known as
the ERCOT Region, and the Quebec Interconnection, which covers the
province of Quebec, Canada. I would like to emphasize the international
nature of the Interconnections.
Each of these four Interconnections is a highly connected network.
A major disturbance within one part of an Interconnection has the
potential to cascade through the entire Interconnection. On the other
hand, there is very little interaction between the Interconnections,
with the notable exception being the major high voltage direct current
tie lines from Hydro-Quebec into the Northeastern United States. Loss
of these facilities and the power supply from Quebec can have a
substantial impact on power delivery systems in the Northeastern
portion of the United States.
Electrical systems are operated such that the loss of one facility,
or in some cases two or three facilities, will not cause cascading
outages. Y2K poses the threat that common mode failures, such as all
generator protection relays of a particular model failing
simultaneously, or the coincident loss of multiple facilities could
result in stressing the electric system to the point of a cascading
outage over a large area. I must stress this possibility is extremely
low, but conceivable.
This high level of interdependence within an Interconnection means
that the robustness of the overall system needs to be tested against
this new ``contingency.'' An individualistic approach to the problem
may, and I stress ``may,'' not cover all potential problem areas, e.g.,
coordination with neighboring utilities, and, thus, could adversely
affect operations within an Interconnection. An individual electric
utility that invests tens of millions of dollars in solving Y2K
problems could be affected in a major way by neighboring systems that
have not been as diligent. The preparation of the electricity systems
in North America must be a coordinated team effort by those entities
responsible for system reliability. All prevention programs do not have
to be the same, but they do have to be coordinated.
Let me take a few minutes to explain the specific nature of the Y2K
problem associated with maintaining a reliable supply of electricity
during the Y2K transition. There are four critical areas which pose the
greatest direct threat.
First, power generating facilities must be able to operate through
critical Y2K periods without tripping off-line. The threat is most
severe in power plants with digital control systems, which contain time
sensitive control and protection schemes. Most older plants operating
with analog controls will be less problematic. Digital controllers
built into station equipment may also pose a threat.
Energy management systems are computers within the electric control
centers across North America. These computers are used to operate
transmission facilities and control generating units. Many of the
control center's software applications contain built-in time clocks
used to run various power system monitoring, dispatch, and control
functions. Many energy management systems are dependent on time signal
emissions from Global Positioning Satellites as a time reference. In
addition to resolving Y2K problems within utility energy management
systems, these supporting satellite systems must be Y2K compliant.
Telecommunications is another critical area. Electric supply and
delivery systems are highly dependent on microwave, telephone, frame
relay, and radio communications systems. The dependency of the electric
supply on facilities leased from telephone companies and commercial
communications network service providers is a crucial factor.
Telecommunications systems are the nerve center of the electric
networks and it is important to address the dependencies of electric
utility systems on the telecommunications industry.
The final technical area of concern is in relay protection devices,
which are used to rapidly isolate a portion of the transmission system
that may be in trouble. Many protective relays are electromagnetic and
will not be affected. However, newer relays are digital and may have a
risk of a common mode failure in which all the relays of a certain
model fail simultaneously, resulting in a large number of coincident
transmission facility outages.
Let me turn now to NERC's program to coordinate preparations for
Y2K. The ultimate goal of the NERC Y2K program is to establish a
coordination process that allows the electric systems in North America
to remain operational during critical Y2K transition periods. The NERC
Y2K program is focused on three principle areas: (a) sharing of Y2K
solutions, (b) identifying potential weaknesses in interconnected
system security, and (c) operational preparedness.
NERC will initially focus on the bulk electric systems because
distribution systems are generally radial from the bulk supply network
and cannot function without a robust bulk supply network or
Interconnection. The Interconnection can function without reliable
radial distribution systems. Maintaining the operability of this
electric supply backbone may be the single most important step toward
supporting our North American infrastructure during the Y2K transition.
The Y2K needs of distribution systems will become understandable as
bulk power supply issues are resolved.
NERC will work closely with other organizations to address the
coordination of electricity distribution aspects of the Y2K problem.
Likely participants in this joint effort include DOE, the Electric
Power Research Institute, Edison Electric Institute, the National Rural
Electric Cooperative Association, the American Public Power
Association, and others.
NERC is focused on operational security through a ``defense-in-
depth'' concept, which has been well developed in the design and
operation of nuclear facilities. The defense-in-depth concept assumes
that although one has taken all reasonable and necessary preventive
steps, there can never be one hundred percent assurance that major
system failures cannot cause a catastrophic outcome. Instead, multiple
defense barriers are established to reduce the risk of catastrophic
results to extremely small probability levels and to mitigate the
severity of any such events.
I am certain that not all Y2K problems have been identified, fixed,
and tested, nor will they be in the time remaining. It would not be
prudent to expend unlimited resources on potential problems in search
of one hundred percent avoidance of component failures. The cornerstone
of the NERC Y2K plan, therefore, is to coordinate industry actions in
implementing the following defense-in-depth strategy.
First, the industry is identifying and fixing known Y2K problems.
NERC is providing a vehicle for sharing of information on known and
suspected Y2K problem areas and solutions associated with the
operation, control, and protection of power production and transmission
facilities. From this information exchange, a master list of critical
Y2K problem areas and solutions is being developed and made widely
available. NERC is initiating a reporting process for key entities to
report progress against specific criteria designed to address the known
list of Y2K problem areas. Through its Regional Reliability Councils,
NERC will review the progress of these entities to verify that
appropriate measures are being taken by all responsible parties.
Secondly, NERC intends to coordinate Regional and individual system
simulations to identify moderate and worst-case scenarios in response
to various classes of Y2K failures. Specific classes of failures that
result in the worst conditions will be examined further to determine
possible fixes and preventive or mitigation measures.
Thirdly, NERC will coordinate efforts to develop operational
preparedness and contingency plans. This includes development of
special operating procedures and the conduct of personnel training and
system-wide drills.
Finally, NERC and the Regional Councils will coordinate efforts to
operate transmission and generation facilities in precautionary
configurations and loadings during critical Y2K periods. Examples of
precautionary measures may include reducing planned electricity
transfers, placing all available transmission facilities into service,
bringing additional generating units on-line, and rearranging the
generation mix to include older units with analog controls. Another
example is increased staffing at control centers, substations, and
generating stations during critical periods. Fortunately, from an
electric reliability perspective, New Year's Eve falls on Friday,
December 31, 1999, and January 1 is a Saturday. Therefore, electric
system conditions are likely to be favorable with the level of
electricity transfers at light levels and extra generating capacity
available during the most critical period.
Let me move now to the issue of roles and responsibilities. The
success of the NERC Y2K program depends on unbridled cooperation, full
sharing of Y2K information, and diligence of effort commensurate with
the potential consequences of failing to adequately prepare for Y2K.
NERC's Y2K program depends on cooperation by the electric utilities
of North America. NERC does not currently have the authority in its
Bylaws to order electric utilities to take Y2K corrective actions. Nor
does NERC currently have the authority to conduct inspections or
enforce compliance. The binding obligations of electric utilities are
embodied in state and federal laws, filed transmission tariffs, and
contractual agreements. Electric utility legal responsibilities are to
shareholders, customers, the public, and state and federal regulators.
NERC's role is to facilitate North American-wide coordination so
that the collective efforts of the industry will minimize risks imposed
by Y2K to a reliable supply of electricity. The NERC Y2K program
provides operating entities an opportunity to share in Y2K solutions
and prepare coordination plans with neighboring systems and Regions. To
facilitate this coordination, NERC is forming a Y2K Coordination Task
Force with participation by all ten Regional Reliability Councils.
Let me now turn to an important issue of liability. The NERC Y2K
program does not address legal liabilities and NERC defers to others in
resolving these matters. However, NERC is particularly concerned that
efforts to obtain voluntary disclosure by electric utilities of
potential Y2K problems and solutions may be met with resistance due to
the liabilities of exposing this information publicly.
As an example, one utility communications officer recently noted a
customer identifying him/herself as ``a concerned citizen'' e-mailed
the utility to ask what was being done on Y2K. The communications
officer checked with the utility's Information Services (IS) Department
and learned that it had been inundated with surveys from customers and
lawyers about how the utility is preparing for Y2K. The IS staff had
received a legal opinion from corporate attorneys not to respond, so
the surveys were piling up unanswered. The communications officer
prepared a generic, one paragraph statement saying that the utility had
identified a number of issues and is working on them--that the
utility's goal is to provide safe, reliable service.
Public exchange of information is a cornerstone of NERC's Y2K
program and must not be viewed by utility participants as feeding
information to potential litigants. NERC requests full support of
regulators in supporting industry needs in this area. Any restraint in
sharing known Y2K problems and solutions will be a direct challenge to
the reliability of the electricity supply.
In conclusion, the North American Electric Reliability Council has
taken a leadership role in coordinating Y2K preparations of the
electricity supply and delivery systems of North America. The industry
is committed to maintaining a reliable supply of electricity through
the Y2K transition.
______
Y2K COORDINATION PLAN FOR THE ELECTRICITY PRODUCTION AND DELIVERY
SYSTEMS OF NORTH AMERICA
Phase 1: June-September 1998 Initial Assessment and Coordination
North American Electric Reliability Council
section 1--background
The United States Department of Energy has asked the North
American Electric Reliability Council to coordinate Y2K efforts
so that the electricity power production and delivery systems
in the United States maintain a reliable supply of electricity
during the Year 2000 transition.
Department of Energy request
The U.S. Department of Energy has asked the North American Electric
Reliability Council (NERC) to assume a leadership role in preparing the
electricity production and delivery systems of the United States for
the transition to the Year 2000 (Y2K). This transition effort is
necessary because certain software and hardware in use in the electric
and other industries use a two-digit code to represent the last two
digits of the year. As a result, these software and hardware may
misinterpret the change from 1999 to the Year 2000 as they process
data. DOE's request is part of a broad initiative by the President of
the United States to ensure that infrastructure essential to the
nation's security and well being remains operational during critical
Y2K transition periods.
The letter to NERC from the Secretary and Deputy Secretary of
Energy is provided in Appendix A. DOE requests a status report and
coordination plan by September 1998 and a full status report by July
1999. The status reports will review the measures that are being taken
to prepare the electric power production and delivery systems for the
transition to Y2K. Because NERC is an international organization and
the electricity systems of the United States are interconnected with
those of Canada and a part of Mexico, NERC's plan, of necessity, must
include all of these interconnected systems. Thus, this document
defines NERC's initial plan for coordinating the Y2K preparedness plans
of the electric utilities that operate the electricity systems of North
America.
Consolidating the prior work of the industry
Y2K is not a new issue to the electric industry. NERC, its ten
Regional Reliability Councils, and their members recognized the threat
posed by Y2K several years ago and have been working toward solutions
at several levels. Although the effort to date has not been entirely
consistent across the industry, most electric utilities have
established Y2K programs and invested substantial personnel and
technical resources in identifying and resolving Y2K problems. The
industry has been testing critical software, and embedded digital
controllers, and working with vendors to find solutions. NERC and the
ten Regional Reliability Councils have been providing high-level
coordination of Y2K efforts, principally through technical committee
activities and information sharing through the NERC web site at http://
www.nerc.com.
Nearly all of the detailed problem identification and resolution to
date has been performed by the individual electric utilities. Those
electric utilities that have attacked the problem aggressively are to
be commended. However, NERC's concern is that all electric utilities
with a direct reliability impact on North American electrical
Interconnections must address the Y2K problem in a coordinated manner.
This concern is due to the high degree of interdependence of electric
systems within an electrical Interconnection. One unprepared system has
the potential to adversely impact the operation of the rest of the
Interconnection.
In response to the DOE letter, the NERC Y2K program will focus
activities in three principal areas: (a) sharing of Y2K solutions, (b)
identifying potential weaknesses in interconnected system security, and
(c) operational preparedness. DOE's request provides NERC with an
opportunity and a challenge to coordinate the efforts of individual
Regions and electricity providers across North America toward a
collective goal of maintaining secure operation of the electric systems
through critical Y2K transition periods.
Importance of meeting the challenge
More than any other element of the North American economic and
social infrastructure, the electricity production and delivery systems
must be dependable during the transition to Y2K. Every other critical
element of infrastructure depends on the availability of an
interconnected, reliable supply of electrical power. There is no doubt
that cascading or even localized outages of generators and transmission
facilities could have serious short-and long-term consequences.
The weakest link concept
The electric systems of North America are connected within four
large Interconnections (Figure 1). The largest, the Eastern
Interconnection, covers the eastern two-thirds of North America,
including the United States and Canada. The second largest, the Western
Interconnection, covers the western one-third of the U.S. and Canada,
as well as a portion of the Baja California Norte region of Mexico. The
other two Interconnections include (1) most of the state of Texas--also
known as the ERCOT Region--and (2) the Quebec Interconnection, which
covers the province of Quebec, Canada.
[GRAPHIC] [TIFF OMITTED] T2JU98G.001
Each of these four Interconnections is a highly connected network.
A major disturbance within one part of an Interconnection will rapidly
have an impact throughout the Interconnection and has the potential to
cascade the effect to the entire Interconnection. The four
Interconnections are for the most part independent from each other,
because they are connected by comparatively small high voltage direct
current (HVDC) electrical ties and do not interconnect synchronously.
The one notable exception is the major HVDC tie lines from Hydro-Quebec
into the Northeastern United States. Loss of these facilities and the
power supply from Quebec can have a substantial impact on power
delivery systems in the Northeastern portion of the United States.
Within each Interconnection, power production and delivery systems
are highly interdependent. In general, systems are operated such that
the loss of one facility, or in some cases two or three facilities,
will not cause cascading outages. Y2K poses the threat that common mode
failures (such as all generator protection relays of a particular model
failing simultaneously) or the coincident loss of multiple failures may
result in stressing the electric system to the point of a cascading
outage over a large area.
This high level of interdependence within an Interconnection means
that the robustness of the overall system needs to be tested against
this new ``contingency.'' An individualistic approach to the problem
may not cover all potential problem areas, e.g., coordination with
neighboring utilities, and, thus, could adversely affect operations
within an Interconnection. An individual electric utility that invests
tens of millions of dollars in solving Y2K problems could be affected
in a major way by an outage initiated in neighboring systems that have
not been as diligent.
Therefore, preparation of the electricity power production and
delivery systems in North America must be a coordinated team effort by
those entities responsible for system reliability. All preventive
programs do not have to be the same, but they do have to be
coordinated. The industry will succeed or fail together in its
readiness for Y2K.
Although the written request that sparked initiation of the NERC
coordination program was received from the U.S. Department of Energy,
NERC recognizes that maintaining grid security during the Y2K
transition is an international issue requiring coordination with the
United States, Canadian, and Mexican governments.
Nature of the Y2K problem in electricity production and delivery
Maintaining a reliable supply of electricity during the Y2K
transition is not an insurmountable task. There are four critical areas
that pose the greatest direct threat to power production and delivery:
--Power production.--Generating units must be able to operate through
critical Y2K periods without inadvertently tripping off-line.
The threat is most severe in power plants with digital control
systems (DCSs). Numerous control and protection systems within
these DCS use time-dependent algorithms that may result in unit
trips. Most older plants operating with analog controls will be
less problematic. Digital controllers built into station
equipment, protection relays, and communications also may pose
a threat.
--Energy management systems.--Control computer systems within the
electric control centers across North America use complex
algorithms to operate transmission facilities and control
generating units. Many of these control center software
applications contain built-in time clocks used to run various
power system monitoring, dispatch, and control functions. Many
energy management systems are dependent on time signal
emissions from Global Positioning Satellites, which reference
the number of weeks and seconds since 00:00:00 UTC January 6,
1980. In addition to resolving Y2K problems within utility
energy management systems, these supporting satellite systems,
which are operated by the U.S. government, must be Y2K
compliant.
--Telecommunications.--Electric supply and delivery systems are
highly dependent on microwave, telephone, and VHF radio
communications. The dependency of the electric supply on
facilities leased from telephone companies and commercial
communications network service providers is a crucial factor.
With telecommunications systems being the nerve center of the
electric networks, it is important to address the dependencies
of electric utility systems on the telecommunications industry
during critical Y2K transition periods.
--Protection systems.--Although many relay protection devices in use
today are electromagnetic, newer systems are digital. The
greatest threat here is a common mode failure in which all the
relays of a certain model fail simultaneously, resulting in a
large number of coincident transmission facility outages.
section 2--objectives and scope
The ultimate goal of the NERC Y2K program is to establish a
coordination process that, when implemented, allows the
electric power production and delivery systems in North America
to remain operational during critical Y2K transition periods.
Scope is electric power production and delivery systems
Several key elements are identified in this goal statement. First,
the initial focus is on power production and transmission facilities.
The goal is to maintain the ``backbone'' of the electricity supply
infrastructure. As such, NERC will work closely with entities
responsible for the operation and security of electric systems. These
entities include:
--NERC Regional Reliability Councils
--Control Areas within the four major electrical Interconnections in
North America
--NERC Security Coordinators
--Independent System Operators
--Owners/operators of high voltage transmission facilities
--Owners/operators of bulk power generating facilities
--Owners/operators of distribution supply system not included in the
other categories
NERC will initially focus on the bulk electric systems because
distribution systems are generally radial from the bulk supply network
and cannot function without a robust bulk supply network or
Interconnection. The Interconnection can function without reliable
radial distribution systems. Maintaining the operability of this
electric supply backbone may be the single most important step toward
supporting our North American infrastructure during the Y2K transition.
The Y2K needs of distribution systems will become understandable as
bulk power supply issues are resolved.
As discussed in the next section, NERC is likely to work closely
with other organizations to address the coordination of electricity
distribution aspects of the Y2K problem. Likely participants in this
joint effort include DOE, the Electric Power Research Institute, Edison
Electric Institute, the National Rural Electric Cooperative
Association, the American Public Power Association, and others.
Defense in depth
The second key element of the goal statement is that NERC is
focused on operational security through a ``defense-in-depth'' concept,
which has been well developed in the design and operation of nuclear
facilities. The defense-in-depth concept assumes that although one has
taken all reasonable and necessary preventive steps, there can never be
one hundred percent assurance that major system failures cannot cause a
catastrophic outcome. Instead, multiple defense barriers are
established to reduce the risk of catastrophic results to extremely
small probability levels and to mitigate the severity of any such
events.
It is certain that not all Y2K problems have been or will be
identified, fixed, and tested in the time remaining. Also, it would not
be prudent to expend unlimited resources on potential problems in
search of one hundred percent avoidance of component failures. The
cornerstone of the NERC Y2K plan, therefore, is to coordinate industry
actions in implementing the following defense-in-depth strategy:
1. Identify and fix known Y2K problems.--NERC is providing a
vehicle for sharing of information on known and suspected Y2K problem
areas and solutions associated with the operation, control, and
protection of bulk power generation and transmission facilities. From
this information exchange, a master list of critical Y2K problem areas
and solutions will be developed and made widely available. NERC will
initiate a reporting process for key entities to report progress
against specific criteria designed to address a known list of Y2K
problem areas. Through its Regional Reliability Councils, NERC will
review the progress of these entities to verify that appropriate
measures are being taken by all responsible parties. This
identification of problem areas, solutions, and testing of the solution
is a process that will continue into the millenium.
2. Identify worst case conditions.--NERC will coordinate the
conduct of Regional and individual system simulations to identify
moderate and worst-case scenarios in response to various classes of Y2K
failures. Specific classes of failures that result in the worst
conditions will be examined further to determine possible fixes and
preventive or mitigation measures.
3. Prepare for the worst.--NERC will coordinate efforts to prepare
for safe operation of the electric systems under potential worst-case
conditions. Preparations will include development of special operating
procedures and conducting training and system-wide drills.
4. Operate systems in a precautionary posture during critical Y2K
transition periods.--NERC will coordinate efforts to operate
transmission and generation facilities in precautionary configurations
and loadings during critical Y2K periods. Examples of precautionary
measures may include reducing the level of planned electricity
transfers between utilities, placing all available transmission
facilities into service, bringing additional generating units on-line,
and rearranging the generation mix to include older units with analog
controls. Another example is increased staffing at control centers,
substations, and generating stations during critical periods.
Fortunately, from an electric reliability perspective, New Year's Eve
falls on Friday, December 31, 1999, and January 1 is a Saturday.
Therefore, electric system conditions are likely to be favorable with
the level of electricity transfers at light levels and extra generating
capacity available during the most critical period.
section 3--roles and responsibilities
The success of the NERC Y2K program depends on unbridled
cooperation, full sharing of Y2K information, and diligence of
effort commensurate with the potential consequences of failing
to adequately prepare for Y2K.
NERC's Y2K program depends on cooperation by the electric utilities
of North America. NERC does not currently have the authority in its
Bylaws to order electric utilities to take Y2K corrective actions. Nor
does NERC currently have the authority to conduct inspections or
enforce compliance. The binding obligations of electric utilities are
embodied in state and federal laws, filed transmission tariffs, and
contractual agreements. Electric utility legal responsibilities are to
shareholders, customers, the public, and state and federal regulators.
NERC's role is to facilitate North American-wide coordination so that
the collective efforts of the industry will minimize risks imposed by
Y2K to a reliable supply of electricity.
The roles and responsibilities of participants in the NERC Y2K
program are defined below:
NERC.--NERC staff and support contractors will coordinate the
NERC Y2K efforts defined within this plan. This activity
includes collecting, consolidating, and distributing
information on Y2K problems and solutions, and it includes
coordination of system studies and preparedness plans. The
information collected will be compiled into a report that will
periodically be presented to the NERC Board of Trustees and
DOE.
NERC Regional Reliability Councils.--Regional staff will
coordinate NERC Y2K activities within their Regions.
Responsibilities are similar to those listed above for NERC,
but at the Regional level.
NERC Operating and Security Entities.--Operating entities,
such as Control Area Operators, Security Coordinators,
Independent System Operators, high voltage transmission system
operators, and power producers, are on the front line of Y2K
preparations. The NERC Y2K program provides these operating
entities with an opportunity to share in Y2K solutions and
prepare coordination plans with neighboring systems and
Regions. The responsibilities of these operating entities
within the NERC Y2K program are to share information on known
Y2K problems and solutions and to report their progress
according to the schedule established by the NERC Y2K program.
These entities are expected to participate in system studies,
coordinated system preparations, and precautionary system
operating measures.
NERC Y2K Coordination Task Force.--NERC is forming a Y2K
Coordination Task Force to focus on implementing this plan. The
focus of the task force is on maintaining the reliable
operation of bulk electricity production and delivery systems
during Y2K transitions. The task force will facilitate
coordination among the ten NERC Regional Reliability Councils.
The task force will be organized around the four key technical
areas identified in the previous section: Power Production,
Energy Management Systems, Telecommunications, and Protection
Systems.
Coordination with external agencies
NERC Y2K efforts are closely aligned with those of many other
government and private agencies. Key partners with the NERC Y2K program
are identified below.
Department of Energy.--DOE is the principal federal agency with
oversight responsibility for Y2K issues in electricity supply systems.
As such, NERC will report the results of the NERC Y2K program to DOE
and work in close coordination with broader DOE efforts.
Edison Electric Institute.--EEI has established a program to
address Y2K technical, regulatory, and liability issues. NERC is
committed to full cooperation with EEI in identification of Y2K
technical problem areas and solutions. The NERC Y2K program does not,
however, address regulatory requirements or legal liabilities. As such,
NERC defers to EEI's leadership in resolving these issues. NERC is
particularly concerned that efforts to obtain full disclosure by
electric utilities of potential Y2K problems and solutions may be met
with resistance due to the liabilities of exposing this information
publicly. Public exchange of information is a cornerstone of NERC's Y2K
program and must not be viewed by participants as feeding information
to potential litigants. NERC expects full support of EEI in defining
and promulgating industry needs for protection in this area.
Electric Power Research Institute.--EPRI has a well established Y2K
program to identify Y2K problems and solutions in embedded systems.
EPRI's program spans a full spectrum of electricity production,
delivery, and end use. NERC is committed to full cooperation with EPRI
in the exchange of information related to electric power production and
delivery. NERC encourages all elements of the electric power industry
to participate in EPRI's Y2K embedded systems program.
Nuclear Regulatory Commission and Nuclear Energy Institute.--There
is an obvious need to prepare nuclear facilities for Y2K and the
remote, but real possibility of interruptions of off-site power. NERC
will be coordinating efforts to maintain a reliable transmission
network capable of providing continuous off-site power for nuclear
facilities. However, NERC expects that the NRC, NEI, DOE, and others
will take the leadership role in coordinating the Y2K activities of
nuclear facilities.
Electric Power Supply Association.--NERC expects to work closely
with EPSA in coordinating the resolution of Y2K problems in power
production facilities.
American Public Power Association.--NERC will coordinate directly
with APPA's larger members who operate control areas and high-voltage
transmission systems. APPA is expected to be the primary way of
coordinating with electric distribution systems that are not members of
a Regional Council to resolve Y2K problems in state/municipal electric
distribution systems.
National Rural Electric Cooperative Association.--NERC will
coordinate directly with NRECA's larger members who operate control
areas and high-voltage transmission systems. NRECA is expected to be
the primary way of coordinating with electric distribution systems that
are not members of a Regional Council to resolve Y2K problems in
cooperative electric distribution systems.
Canadian Electricity Association.--NERC will work closely with CEA
to assure coordination of Y2K efforts among electric power producers
and delivery systems in Canada as well as electrical ties that connect
Canada and the United States.
Additional Coordination.--NERC will cooperate fully with other
federal and state government agencies and trade associations working
toward Y2K solutions.
section 4--work plan
The NERC Y2K program work plan is organized into three
phases: (1) information sharing and status review, (2)
coordination of preparedness plans and scenario analysis, and
(3) coordination of precautionary operations during the Y2K
transition.
Phase 1 (May-September 1998).--NERC will mobilize coordination and
information sharing efforts and perform a preliminary review of Y2K
readiness of electricity power production and delivery systems.
Detailed plans for Phases 2 and 3 will be developed. Phase 1 will
culminate with an initial report to the NERC Board of Trustees (BOT)
and to DOE covering the preliminary situation report and a detailed
work plan for Phases 2 and 3.
Phase 2 (September 1998-July 1999).--NERC will facilitate efforts
by the Regional Reliability Councils and responsible operating entities
to resolve the known Y2K technical problems. A process will be
established for periodic progress reports using an established list of
reporting criteria. System simulations and engineering studies will be
conducted during this phase to understand likely and worst-case
scenarios. This Phase will culminate in July 1999 with a report to the
NERC BOT and to DOE on measures being taken to prepare electric power
production and delivery systems for operation during the Y2K
transition.
Phase 3 (July 1999-January 2000).--During this period, NERC will
review the preparation of contingency plans and operating procedures.
NERC will assist Regions in the conduct of drills and final
arrangements to prepare for critical Y2K periods. Although the most
critical period is expected to be on the dates of December 31, 1999 and
January 1, 2000, configuring systems in a precautionary posture and
then restoring normal conditions afterward are expected to require
several weeks.
Phase 1 Tasks and schedule
Task 1. Establish an Internet Web Site for sharing of information
on known Y2K problem areas and solutions related to electric power
production and delivery systems.--NERC has established a Web Site and
will continue to add resources and links to other sites. The Web Site
will include a catalog of resources and an information exchange forum.
Manufacturers and vendors of software, computer equipment, electronic
devices, and communications systems who have information on Y2K
solutions will be identified on the NERC Y2K Web Site, with links to
those sites. [Established in May 1998 with continued support through
Phase 3.]
Task 2. Prepare a list of bulk electric system Y2K key entities and
contacts.--This list will identify key personnel in each Region and
note areas of expertise, such as generation, protection,
communications, energy management systems, etc. As stated previously,
the key entities include Regional Reliability Councils, Control Area
Operators, Security Coordinators, Independent System Operators,
selected Transmission Operators, and selected power producers. The
lists of entities and contacts will be posted on the Web Site. The key
entities identified will be responsible for participating in the
reporting requirements below. [List posted by June 30, 1998 with
continued updates through Phase 3.]
Task 3. Establish a NERC Y2K Coordination Task Force.--This task
force will have at least one representative from each Region who is
knowledgeable about Y2K technical issues and the activities within his
or her Region. The task force will establish four technical subgroups
to focus on identifying known Y2K technical problems and solutions in
the areas of power production (generation), energy management systems,
telecommunications, and system protection. System vendors and
manufacturers will be asked to participate with the technical
subgroups. The task force and subgroups will coordinate through
frequent telephonic meetings to ensure high levels of information
exchange and coordination of efforts. [Task force will be established
and populated by July 1 and will function until the end of Phase 3.]
Task 4. Consolidate known Y2K problems and solutions into a master
checklist.--The NERC Y2K Coordination Task Force will develop and post
publicly a master list of Y2K problem areas and solutions related to
electric power production and delivery. The master checklist will be
categorized for efficient reference. The list will identify down to the
component or software module level any known or suspected Y2K problems.
Fixes, available resources, and contacts will be identified for each
problem area as the information becomes known. The solutions posted
will draw from ``best practices'' of organizations that have had the
greatest success in resolving a Y2K bug. Known problems will be rated
by a simple numbering scheme denoting the criticality of the component
to Interconnection reliability. This effort is focused on consolidating
known information into a common reference file for all impacted parties
to use. [The initial outline of the master checklist will be posted by
June 30, 1998. The goal is to have a completed list by September 15,
1998, but the list will continue to be updated as additional knowledge
is gained.]
Task 5. Coordinate a preliminary review of Y2K activities by key
entities.--NERC, along with the Regional Reliability Councils, will
facilitate reporting of a preliminary status of Y2K activities by key
operating entities. This report will be consolidated into an industry
report to DOE in September 1998. [Reporting criteria will be
established by July 31, 1998, entity reports completed by August 31,
1998, and the consolidated report completed by September 15, 1998. The
report will be presented to the NERC BOT and then to DOE.]
Task 6. Prepare a detailed plan for Phase 2.--NERC will prepare a
detailed plan for implementing Phase 2 activities. [Presented to NERC
BOT in September 1998 followed by DOE.]
Phase 2 Tasks and schedule
Task 7. Conduct system studies and scenario analysis.--NERC, in
coordination with Regional Reliability Councils, will facilitate the
conduct of system simulations and engineering studies to understand
expected and worst-case scenarios. These scenarios will be analyzed to
determine corrective and mitigation strategies. [Simulations and
studies will be completed by May 1999, with final scenario analysis
presented in July 1999.]
Task 8. Perform Y2K readiness review.--NERC, in coordination with
Regional Reliability Councils, will facilitate a review of the Y2K
readiness of operating entities. [Readiness reporting will be conducted
periodically through Phase 2,with a final report presented to the NERC
BOT and DOE in July 1999.]
Task 9. Prepare detailed plan for Phase 3.--A detailed plan for
Phase 3 will be presented in July 1999.
Phase 3 Tasks and schedule
Task 10. Facilitate development and implementation of Y2K
preparedness plans.--NERC, in cooperation with the Regional Reliability
Councils, will facilitate the development and implementation of special
procedures and plans for operation during Y2K transition periods. NERC
will develop the generic elements of a preparedness plan for use by
operating entities in developing specific plans.
Task 11. Facilitate conduct of training and drills.--Training and
system drills will be coordinated by Regional Reliability Councils to
ensure personnel and systems are ready for operations during the Y2K
transition.
Task 12. Coordination of plans to configure electric systems in
precautionary posture.--NERC and the Regions will coordinate the
preparation of operating plans to mitigate the consequences of any
adverse Y2K problems. Examples may include placing all available
transmission facilities in service, bringing additional generators on
line, increased use of older analog controlled units, providing
additional staff at control centers, power stations, and critical
substations, and operating with reduced electricity transfers. The
critical Y2K operating period is likely to extend several weeks before
and after midnight December 31, 1999.
Task 13. Coordination of system monitoring and rapid response
during Y2K period.--NERC, the Regional Councils, and Security
Coordinators will monitor conditions during Y2K critical periods and be
prepared to implement pre-established contingency plans.
section 5--schedule
The NERC Y2K Program will coordinate activities according to
the following schedule. Y2K preparation is a rare activity for
which the ``due date'' really cannot change.
[GRAPHIC] [TIFF OMITTED] T2JU98G.002
Appendix A--Letter to NERC From Secretary and
Deputy Secretary of Energy
The Secretary of Energy,
Washingion, DC, May 1, 1998.
Mr. Erle Nye,
Chairman of the Board,
North American Electric Reliability Council,
1601 Bryan Street, Dallas, TX
Dear Mr. Nye: We are writing to seek the North American Electric
Reliability Council's (NERC's) assistance in assessing whether the
Nation's electricity sector is adequately prepared to address the
upcoming year 2000 computer problem.
The Administration is undertaking a coordinated effort to assess
various sectors' readiness to address the issue. The Department of
Energy (DOE) is taking the lead in working with the electricity
industry to facilitate actions necessary for a smooth transition
through this critical period. To this end, we are requesting that NERC
undertake the coordination of an industry process to assure a smooth
transition.
The electric system is such a highly interdependent network, and so
vital to the security and well-being of the Nation, that there is very
little margin for error or miscalculation. The Department realizes that
activities designed to address this issue are already underway in many
electric utilities, the Electric Power Research Institute (EPRI), and
in other Federal agencies. We are concerned, however, that these
activities may not be fully coordinated, or worse, may be incomplete.
The Nation needs to know that a systematic process is in place to
ensure that the electric supply system will not experience serious
disruption.
This is truly a reliability issue, and NERC has demonstrated over
the last 30 years that it is capable of coordinating the activities of
electric market participants to resolve such issues. NERC is the most
appropriate body to organize this process and report periodically on
its status. We are confident that NERC will be able to mobilize the
necessary cooperation from the Regional Reliability Councils, their
members' utilities, and other industry organizations, to develop and
implement a process that is both efficient and effective. We are asking
that you provide us with written assurances by July 1, 1999, that
critical systems within the Nation's electric infrastructure have been
tested, and that such systems will be ready to operate into the year
2000. The DOE is prepared to work with NERC to help overcome any
obstacles that you might encounter in carrying out this effort.
Finally, we wish to work with you to provide a suitable public forum in
the late summer or early fall of this year at which NERC and others
could report on the industry's assessment of this issue and outline its
plans to address this challenge.
Public events on this subject are important and valuable for two
reasons. First, they will convey to the public and public officials
that the industry is indeed preparing systematically for the
transition. Second, they will confirm to the industry that Government
agencies and the public are depending on them to ensure that the
transition goes smoothly.
We are looking forward to further discussions with you on this
important issue.
Sincerely,
Federico Pena,
Secretary.
Elizabeth A. Moler,
Deputy Secretary.
______
Responses of Michehl R. Gent to Questions Submitted by Chairman Bennett
Question 1. The Department of Energy seems to be relying almost
exclusively on NERC to coordinate Year 2000 efforts in the electric
industry. What do you see as the most difficult challenges facing your
organization in that quest?
Answer. The most difficult challenge NERC faces in coordinating the
efforts of the electric industry for Y2K readiness is the hesitance of
many organizations to disclose information about the progress of their
internal Y2K programs. Their fear is that information disclosed can be
used in litigation against them. We have prepared a self-assessment
instrument, which, if applied systematically across the industry, will
provide credible measures of progress toward resolution of Y2K problems
and contingency preparedness. One element of NERC's Y2K Program is to
periodically report to the Department of Energy the collective
readiness of various segments and regions of the industry. We are not
developing ``report cards'' on individual organizations. We are seeking
ways to protect the confidentiality of information collected from
individual organizations. We would welcome any support in obtaining
legal protections of the confidentiality of this data.
A second challenge NERC faces is the addition of electric
distribution systems to the scope of its activities. NERC's
coordination of reliability has historically focused on the bulk
electric supply and delivery systems of North America. The addition of
distribution systems to the program adds an estimated 2,000 entities to
the coordination effort. These cooperatives, municipalities, and other
local distribution entities are only partially covered by existing
trade associations such as the National Rural Electric Cooperative
Association (NRECA) and the American Public Power Association (APPA).
In short, the sheer number and diversity of these organizations makes
Y2K coordination difficult. NERC has enlisted the aid of NRECA, APPA,
and the Edison Electric Institute to reach these organizations and
include them in the NERC Y2K Program.
Question 2. With NERC's broad responsibilities and visibility over
the electrical power industry, you are probably in the best position to
know the seriousness of the Year 2000 problem and the overall status of
remediation efforts. What is your assessment of the readiness of the
industry for the millenium change? What is the status of remediation
efforts? What are the biggest problem areas?
Answer. NERC was very recently asked by the Department of Energy to
coordinate the Y2K issue for the electric industry. We have developed
in our Y2K Program a process for systematically measuring progress in
the areas of inventory, assessment, remediation, testing, and
contingency preparations. We do not have specific results to report
now. We do expect to be able to report in greater detail at the
completion of Phase 1 in September after we have experienced a couple
of cycles of our monthly Y2K readiness assessments. All indications we
have received to date are that the industry is taking the Y2K challenge
seriously. Electric utilities have made significant progress in
identifying Y2K problems (inventory and assessment) and most have plans
to complete remediation and testing by mid-1999. Although Y2K problems
are not trivial in electric systems, most reports indicate that no
major surprises have been found to date.
Question 3. Your testimony describes the fragile nature of the four
North American Interconnection areas or grids as they are popularly
called; the largest being the Eastern Interconnection covering the
eastern two-thirds of the country. You describe how a failure in one
part of the grid can have a cascading effect on other parts of the
grid. What is NERC's role in helping to quickly isolate failing
electrical systems within an Interconnection to prevent a major
blackout?
Answer. NERC is engaging the Security Coordinators and Regional
Councils in preparing special contingency plans. System studies and
simulations will be conducted beyond those that are now performed.
Operating procedures on critical Y2K dates will assure a heightened
readiness. Examples may include appeals to reduce non-critical loads,
reduction of inter-regional transfers, additional generation and
transmission facilities in service, and others. NERC, the Regional
Councils, and their members have a long and successful history of
managing system reliability under challenging conditions.
Question 4. NERC publishes reliability assessments of bulk electric
systems periodically, the last of which was issued in October 1997
covering projections for the years 1997 through 2006. However, there is
no mention of the Year 2000 problem. Isn't the Year 2000 problem a
major factor in your reliability assessment? Why was there no mention
of the Year 2000 in these publications? When did NERC begin working on
the Year 2000 problem?
Answer. Until the Department of Energy charged NERC with
coordinating the Y2K issue for the electrical industry, each individual
utility had responsibility for addressing Y2K for its facilities. NERC
began looking at the Y2K problem late in 1996 and early 1997 in
association with the President's Commission on Critical Infrastructure
Protection. As a result of those discussions, NERC sought assurances
from its telecommunications provider that the communications system it
was installing to connect 23 Security Coordinators across North America
was Y2K compliant. Y2K coordination has been an issue at NERC, the
Regional Councils, and their members for more than a year. Certainly
the Department of Energy's request has helped us formalize our Y2K
Program. Reliability Assessments historically focus on adequacy of
supply and transmission facilities. Y2K is a special condition that
requires a different approach. NERC, through the Security Coordinators
and Regional Councils, will be performing studies unique to Y2K
challenges.
Question 5. Since Hydro-Quebec is a major supplier of electrical
energy for the U.S. Interconnections, is it involved in NERC's Year
2000 plans?
Answer. Hydro-Quebec, as a member of the Northeast Power
Coordinating Council (NPCC), is directly involved in coordination of
Y2K efforts at NERC and the Regional Council levels. In fact, NPCC
(including Hydro-Quebec) has one of the more active Y2K programs.
Question 6. Does NERC require any legislative assistance in (1)
sharing information about Y2K problems and solutions? (2) ordering
electrical utilities to take Y2K corrective action?
Answer. The answer to this question is in part tied to the response
to question number one. Legislation that would protect the
confidentiality of Y2K readiness assessment data at the individual
organization level would be very helpful. NERC does not believe that
legislation is necessary to order electric utilities to take Y2K
corrective actions. NERC, the Regional Councils, and their members are
committed to addressing the Y2K issues.
Question 7. Your testimony describes the three phases of NERC's
Year 2000 work plan. Phase 1 (May-September 1998) will culminate with
delivery to DOE a situation report and detailed work plans for phases 2
and 3. Isn't September 1998 pretty late to complete your initial
situation report? Will there be sufficient time for Phases 2 and 3?
Answer. If the industry was beginning its Y2K efforts from scratch,
September might be late. However, substantial progress has and
continues to be made. NERC is affording an opportunity to report this
progress at a collective level. The time remaining is tight, but we
have no indication at this time that preparations will not be
completed. A more detailed assessment by September will provide
information as to where to focus efforts in the remaining time for
remediation, testing, and contingency preparedness.
Question 8. Similarly, Phase 2 of your work plan is not planned to
be complete until July 1999 with the issuance of a report on steps to
be taken to prepare electric power production and delivery systems
during the Year 2000 transition. This leaves just six months to
implement the steps called for in this phase and to complete
contingency planning called for under Phase 3. Is there sufficient time
to complete Phases 2 and 3 of NERC's work plan? Is there any way these
phases can be accelerated?
Answer. We feel the schedule places the appropriate emphasis at the
right times. The focus of the next 12 months needs to be on inventory,
assessment, remediation, and testing at the component and system level.
At that point, we will have a more complete picture of possible
disturbance triggers and sequences. After July 1999, the major focus
will shift from fixing the problem to preparing for possible
contingencies. We believe the time is adequate though certainly tight.
Question 9. Common mode failure (e.g. specific model of a generator
protection relay) is a relatively new threat due to the use of digital
control systems. To your knowledge, has anyone tested the overall power
system against this threat? What were the results?
Answer. NERC is encouraged by the electric industry's pursuit of
testing at the integrated systems level. Although Y2K problems may
reside at the individual software program or circuit-board level, the
impacts result from the shared interactions of components and systems.
We will be looking during our assessments at the level of testing at
the systems level. We will also be coordinating system studies that
consider the simultaneous failure of certain types of components. The
goal will be to have electric systems in a position to withstand a
higher than typical threat of simultaneous outages.
__________
Prepared Statement of James J. Hoecker
Mr. Chairman and Members of the Committee: I appreciate the
opportunity to appear before you to discuss the Year 2000 readiness of
the utility industry, including electric, oil, and gas utilities. I
commend you, Mr. Chairman, and the Special Committee for holding a
hearing on this critical issue. My name is James Hoecker, and I am
Chairman of the Federal Energy Regulatory Commission (Commission or
FERC). Some months ago I appointed a Chief Information Officer (CIO) to
be responsible for information technology issues at the Commission.
FERC's CIO, Katie Hirning, represents the Commission on the President's
Council on Year 2000 Conversion.
The state of Year 2000 readiness of the utility industry is not yet
fully known. However, FERC acknowledges the importance of the Year 2000
problem and recognizes that its involvement in solutions may be
necessary. Because the energy sector is critical to the operations of
all other sectors of the economy, I believe that it is essential for
the federal government, along with industry, to promote awareness of
this problem through cooperation and communication.
Today I would like to: (1) describe what I understand the industry
is doing about the problem; and (2) inform you of what the Commission
is doing to encourage industry to take steps to ensure that our
Nation's energy infrastructure still functions properly on January 1,
2000, including its coordination with the President's Council on Year
2000 Conversion.
The Year 2000 issue presents an unusual problem for FERC because
the Commission does not exercise direct authority over internal
operations of the regulated companies' businesses as a general matter.
The Commission would have authority over the ability of regulated
utilities to recover in cost-based rates the costs expended in
correcting the Year 2000 problem, but not over how utilities implement
specific measures to correct the problem. Furthermore, FERC's
regulation does not encompass the entire energy sector or even all
aspects of the natural gas, electric, or oil pipeline industries. Large
portions of these industries are subject to the authority of other
federal agencies or state and local governments, or are self-regulated
or unregulated.
year 2000 compliance within the commission
The Commission is diligently addressing its own computer systems to
make sure that they work on and after January 1, 2000. A Year 2000 task
force was established in March 1997 to examine FERC's computer systems
and identify systems and applications with the potential for non-
compliance, and to suggest a strategy for formulating corrective action
for each. Of the 12 automated systems that are considered to mission-
critical, one has already been made compliant, one will be upgraded,
three have already been retired, four more will be retired, and three
will be replaced. The Commission has developed renovation codes as a
contingency measure that will enable it to operate even if replacement
systems are delayed in implementation. However, FERC has a well
developed implementation schedule for total readiness by January 1,
2000. Automated equipment associated with the agency's physical plant,
such as elevators and the security system, were also evaluated. All
equipment is compliant except for the security system, which will be
upgraded before March 1999.
year 2000 issues for energy businesses
At the present time, any failure to fully understand the
seriousness of the issues must be regarded as a significant problem.
Cooperation and communication is necessary in order to understand the
severity of the problem. There is a need to identify what effect a
failed computer, computer software program, or embedded microprocessor
would have on the production or delivery of electricity, gas, and oil.
Thus far, available information is anecdotal, with very little
empirical data on completion of conversion tasks and structured
testing.
Year 2000 readiness also includes the operation of not only
conventional computer systems, but thousands of embedded
microprocessors as well. Embedded systems are present at plants,
wellheads, pipelines, control and dispatch centers, headquarters, and
other energy facilities. Identifying Year 2000 errors in embedded
systems generally requires significant manual effort. The process
cannot be automated and is likely to require physical inspection of
hardware distributed widely throughout an organization. Taking
inventory, assessing, and fixing embedded systems is especially
difficult and expensive.
the industry response
The extent of completed Year 2000 work within the energy industry
is unknown. Compilation of this information has been inadequate. Larger
utilities and some industry associations have promoted awareness of
Year 2000 issues and, in some cases, have shared information about
industry readiness. The state of awareness and planning of smaller
utilities and cooperatives is less certain.
One of the largest Year 2000 programs, offered for a fee by the
Electric Power Research Institute (EPRI) to member companies of
electric, oil, and gas associations, includes: an electronic system for
real-time data and information collected from a number of industries,
government agencies, vendors, and other service providers; and
workshops for interactive discussion of methods and results among those
involved in Year 2000 embedded systems efforts and the sharing of
information among participants. The Edison Electric Institute is
working closely with the EPRI program, on behalf of investor-owned
electric utilities.
The National Association of Regulatory Utility Commissioners'
(NARUC) has established an educational program and has a session
scheduled in July to discuss Year 2000 issues.
Year 2000 managers within the national oil, gas, and electric
associations are in frequent contact and are working together to
address these issues. Several Year 2000 programs were initiated in the
past year by industry associations. Last year the American Petroleum
Institute (API) formed a Year 2000 task force of representatives from
industry. They agreed to construct databases from various segments of
the industry. API has scheduled a meeting for July 1998 to discuss Year
2000 compliance, information exchanges, and other issues. API also
sponsored and disseminated a Year 2000 awareness research paper.
The Interstate Natural Gas Association of America (INGAA) has
conducted a survey of their member companies' Year 2000 compliance
status, and the results are currently being analyzed. The Gas Research
Institute (GRI) is surveying its member companies to help formulate
Year 2000 strategies. The Natural Gas Council (NGC), which encompasses
leadership of a number of industry trade associations, is meeting in
June to address industry coordination for Year 2000 readiness. It will
focus on segment-by-segment coordination and creation of a coordination
structure.
the federal energy regulatory commission's role
On its own, FERC is developing an awareness program for the
Commission's regulated entities and industry associations, in
coordination with the Energy Working Group activities. The purpose of
FERC's outreach is to promote awareness of the potential seriousness of
the Year 2000 problem and the need to devote adequate resources to fix
it. I am working with the other FERC Commissioners, Office Directors,
and the Commission's CIO to promote awareness of the Year 2000 issue
and to encourage the cooperation that already exists among energy
organizations and their customers. Further, we hope to encourage
companies to make more information available to the general public. The
public needs specific information on how serious the problem is, what
is being done to address it, and what they can expect on January 1,
2000. The Commission will also make information on Year 2000 issues
available to our regulated companies and to the general public through
the FERC Website, and we will provide a link to the Energy Working
Group Website once it is developed.
We have begun to establish regular channels of communication with
appropriate Year 2000 experts in industry and to maintain an awareness
of upcoming events and planned initiatives. We plan to:
--promote awareness among companies under our jurisdiction;
--monitor progress within the industry;
--develop a link on the FERC Website to Year 2000 information;
--encourage the inclusion of Year 2000 subject matter in future
industry seminars, trade events, television programs, and
publications;
--utilize Year 2000 public speaking opportunities; and
--work with members of the Energy Working Group of the President's
Year 2000 Conversion Council.
the oil and gas sector of the energy working group
The Commission is also working cooperatively with other federal
agencies as a member of the President's Council on Year 2000
Conversion. Through our participation in the Energy Working Group of
the President's Council on Year 2000 Conversion, FERC is working with
DOE, Department of Transportation (DOT), Department of Agriculture,
Nuclear Regulatory Commission (NRC), General Services Administration
(GSA) and Department of State to develop effective programs for
facilitating Year 2000 solutions throughout the energy industry. The
Council's Energy Working Group has been subdivided into two sectors:
electric, and oil and gas. DOE is the sector leader for electric and
FERC is the sector leader for oil and gas.
On June 5, 1998, the oil and gas sector of the Energy Working Group
held a meeting with representatives of trade associations and research
institutes representing the oil and gas industries. The meeting was
facilitated by John Koskenin, Chairman of the President's Council on
Year 2000 Conversion. Federal agencies present included FERC, as sector
leader, and DOE, DOT, NRC, and GSA. Participants also included the Gas
Industry Standards Board (GISB), Independent Petroleum Association of
America, National Propane Gas Association, INGAA, API, National
Petrochemical and Refiners Association, American Gas Association, GRI,
Association of Oil Pipelines, American Public Gas Association, National
Regulatory Research Institute, and NARUC.
The meeting participants were asked to join the oil and gas sector
of the Energy Working Group in developing a focused, coordinated effort
between the federal agencies and industry associations that would
prevent redundant efforts and ensure that all companies in the oil and
gas sectors are reached. The oil and gas sector of the Energy Working
Group will serve as a point of coordination for all participants and a
forum for collaborative efforts. The meeting participants agreed that
it would be valuable to designate umbrella organizations for both the
oil and gas industries that would be responsible for coordinating the
collection and sharing of information among all trade associations and
industry groups within each industry.
Meeting participants were asked to designate umbrella organizations
for the natural gas industry and for the oil industry. GISB will focus
on accounting standards for both oil and gas. Meeting participants
agreed to compile existing surveys and information that has already
been collected through the umbrella organizations, assess whether it is
desirable to update existing surveys, and consider developing a
comprehensive survey with core questions that could be used industry-
wide in both the oil and gas sectors. An industry-wide survey may be
distributed through the umbrella organizations, which can present
summaries of the information that they gather to the Energy Working
Group. The Energy Working Group is focusing on assessing industry-wide
and regional readiness rather than examining the readiness of
individual companies. GISB will ascertain if end users associations
would be interested in participating in the Energy Working Group.
Finally, FERC will serve as the oil and gas sector leader, and will be
the point of contact for the umbrella organizations and facilitate the
flow of information to a composite Website.
The meeting participants agreed that the focus of monitoring Year
2000 Conversion readiness should be: (1) safety, (2) reliable delivery
of energy products, and (3) accurate accounting and billing.
conclusion
In the end, energy industry participants have the responsibility to
address this problem. I nevertheless believe the Commission has an
important role in raising awareness of the issue. I view it as the
Commission's responsibility to the American public to help alleviate
this potential threat to the reliability of our energy systems. The
Commission has special responsibility to focus on the natural gas and
oil pipeline industry as part of the Energy Working Group of the
President's Council. I have therefore asked our CIO to promote the
sharing of Year 2000 information within the industry. She will also
facilitate dissemination of information about what is known in other
industries about similar products and problems, as appropriate. Having
ensured our own systems are Year 2000 compliant, we will continue to
convey to the industry and its customers the importance of achieving
solutions to Year 2000 issues promptly.
I look forward to working with the Senate Special Committee in the
months ahead, and I welcome your questions.
______
Responses of James J. Hoecker to Questions Submitted by Chairman
Bennett
Question 1. How does FERC plan to assemble its assessment of the
oil and gas industry for the President's Year 2000 Conversion Council?
When will the results be available?
Answer. FERC plans to assemble its assessment of the oil and gas
industry for the President's Council on Year 2000 Conversion through
constructing a database. This database will include responses to a
survey which will be conducted by the umbrella organizations that have
been designated by the oil and natural gas sector of the Council's
Energy Working Group. The umbrella groups are the American Petroleum
Institute, Natural Gas Council, and Gas Industry Standards Board. This
database will be made available through the Council's Website
(www.y2k.gov). The focus of the survey will not be on how individual
companies are doing, but rather on how the industry as a whole is
doing, both in the aggregate and also geographically and regionally.
The survey is expected to be finalized by the end of July, and
preliminary results are expected to become available in September of
this year.
Question 2. What portions of the oil and gas production and
distribution industry are most susceptible to the Year 2000 problem?
Does FERC have any specific plans to address these areas of
susceptibility?
Answer. It is currently impossible to identify groups of companies
that may be most susceptible. Virtually all oil and natural gas
companies have a large number of embedded systems and software
applications. Oil and gas management software includes contract
administration, measurement systems, nomination systems, and bulletin
board systems. Operations include field communications systems,
Supervisory Control Data Acquisition Systems (SCADA), automated
compressor systems, automated auxiliary plants, maintenance managements
systems, and land and easement management systems. However, automated
systems are not limited to pipelines. Embedded systems and software
applications occur throughout the sector, including production,
transportation, distribution, telecommunications links, and back office
operations. FERC will work with the umbrella organizations of the oil
and gas sector of the Council's Energy Working Group to ensure that the
entire sector is reached by industry surveys. The activities of small
companies and operators at the production and distribution ends of the
interstate systems may prove the most difficult to assess.
Question 3. Your testimony describes the difficulty in identifying
and rectifying automated systems embedded in the production and
distribution of gas and oil. Could you elaborate on this difficulty? Is
there sufficient time remaining to find and fix all of the embedded
processors?
Answer. Part of the difficulty in identifying and rectifying
embedded systems is the large number of types of embedded chips used
within the industry. Systems that are physically difficult to test,
such as underwater systems in offshore platforms, pose a special
problem.
Further, many of these embedded systems were installed over a long
period of time, and in some cases, without a lot of documentation. A
major difficulty in identifying embedded systems is the shear number of
them. Production facilities such as an off-shore drilling platform may
have ten thousand or more embedded chips. Further, while newer systems
may not be at risk in isolation, they could be affected because of
their links to older, ``legacy'' systems which have never been
replaced.
Although only 5 percent of these embedded components are expected
to malfunction by some estimates, a structured program to find and test
all systems is unlikely. Nonetheless, a component may be non-compliant
and yet not cause a system to malfunction. In fact, components that are
not mission-critical, or are found not to have significant implications
to operations, may be intentionally bypassed as a low priority for
testing due to time constraints. Further, contingency planning is
expected to be an integral part of industry Year 2000 strategies.
Consequently, the main oil and gas delivery system may be considered
Year 2000 ready without being fully Year 2000 compliant.
Question 4. You mention that FERC will be monitoring the progress
of the oil and gas industry. Could you please tell us how you will
attempt to monitor this progress? For example, will you be using
surveys or personal interviews?
Answer. The survey being developed by the oil and gas sector of the
Energy Working Group is expected to be repeated over time as a means to
monitor progress and help identify problem areas. A database will be
used to capture and compare survey results. A Website will be used as a
vehicle to share information among Working Group members.
Question 5. The plan to compile survey results from existing
efforts seems like a wise use of resources. Will this information help
the energy working group to assess what types of contingency planning
may be necessary?
Answer. The survey which is currently being developed by the oil
and gas sector of the Energy Working Group will include questions
regarding contingency planning. This survey is expected to be finalized
by the end of July so it can be sent out to industry members.
Hopefully, industry members will then be better able to find out what
kind of contingency planning will work for them.
Question 6. Do you think that the consumer should begin saving
their gas and oil bills to be able to demonstrate there would be
problems with the billing and accounting systems? Or is it too soon to
tell?
Answer. It is too soon to tell. From anecdotal information, it
appears to me that industry has put a lot of effort so far on back
office operations such as accounting, purchasing, and administration.
The initial results of the survey being developed by the oil and gas
sector of the Energy Working Group are expected to be available in
September of this year, at which time we will have a clearer picture.
__________
Prepared Statement of Shirley Ann Jackson
introduction
Mr. Chairman, members of the Committee, I am pleased to be here
today on behalf of the Commission to discuss with you the status of the
U.S. Nuclear Regulatory Commission (NRC) response to the Year 2000
computer problem for nuclear power plants. Our efforts can be divided
into three basic areas: our actions internal to the NRC, our
interactions with our reactor licensees and the nuclear power industry,
and our broader actions to address the issue of a electrical grid.
the nrc strategy for addressing the year 2000 problem
Actions internal to the NRC
With respect to power reactor licensees, the NRC is working to
ensure that all of our mission-critical systems (seven in total) will
be Year 2000 compliant so that our communications and data interfaces
will continue to function properly. The one mission-critical system
that is directly linked to operating nuclear power plants is our
Emergency Response Data System (ERDS). This application performs the
communication and data transmission functions that provide near real-
time data to NRC incident response personnel during declared
emergencies. The NRC currently is upgrading ERDS to be Year 2000
compliant in order to maintain the same communication protocol as the
current system. Once upgraded, either a 2-digit or a 4-digit date field
will be accepted. The upgrade is on schedule to be completed, tested,
and implemented by March 4, 1999. This effort is being conducted under
the NRC Year 2000 effort and is overseen by Mr. Tony Galante, the NRC
Chief Information Officer. All of our other mission-critical systems
also are on schedule to be Year 2000 compliant in accordance with OMB
guidelines, with three currently being repaired, and three being
replaced.
NRC Interaction with reactor licensees
Since 1996, the NRC has been working with industry organizations to
address the Year 2000 problem. After discussions with the Nuclear
Energy Institute (NEI) in 1997, NEI agreed to take the lead in
developing industry-wide guidance for addressing the Year 2000 problem
at nuclear power reactors. Last November NEI sent a framework document,
which NRC had reviewed, to all power reactor licensees. We believe that
the guidance in that framework document, ``Nuclear Utility Year 2000
Readiness'' (NEI/NUSMG 97-07), when properly augmented and implemented,
presents nuclear power plant licensees with an acceptable approach for
addressing the Year 2000 problem. We will continue to work closely with
other Federal agencies and industry groups, and to participate in
interagency working groups, to ensure that we stay abreast of emerging
Year 2000 concerns and that we take appropriate action to protect
public health and safety and the environment. We strongly encourage
licensees to share information regarding identified remediation and
implementation activities, so that Year 2000 problems are identified
early and addressed in a cost-effective manner.
In order to obtain confirmation that licensees are addressing the
Year 2000 problem effectively with regard to compliance with the terms
and conditions of their licenses and NRC regulations, the NRC is
requiring that all operating nuclear power plant licensees submit a
written response stating how they plan to address the Year 2000
problem. The written response is required by a Generic Letter issued on
May 11, 1998, which has been developed and refined over the past six
months.
A copy of that Generic Letter is being provided for the record
(available at http://www.nrc.gov/NRC/NEWS/year2000.html). This Generic
Letter refers to the NEI guidance document (NEI/NUSMG 97-07) as an
example of an acceptable approach for addressing the Year 2000 issue at
nuclear power plants.
By the middle of August 1998, the initial written response to the
Generic Letter is due. In that response, nuclear power plant licensees
will indicate whether they are pursuing a Year 2000 program based on
the NEI program or a different program. Licensees who elect to use a
different program are required to present a brief description of that
program, to ensure that the computer systems at their facilities will
be ready for the Year 2000. In addition, all operating nuclear power
plants are required to submit a written response no later than July 1,
1999, confirming that the facility is, or will be, Year 2000 ready by
the Year 2000. If their program is incomplete as of July 1, 1999, their
response must contain a status report, including completion schedules,
for work remaining to ensure Year 2000 readiness.
In addition to the written responses, we plan to conduct
inspections, on a sampling basis, to assess licensee preparedness for
the Year 2000. Any Year 2000 program used at a nuclear facility must be
tailored to meet the specific needs and requirements of that facility
and should, in general, comprise the following phases: awareness,
assessment, remediation, validation, and implementation. Completion of
the Year 2000 program means that the licensee has attained their
program objectives. These program objectives could range from having
all computer systems and applications, including embedded systems,
being Year 2000 compliant, to having some systems Year 2000 compliant
and the remaining systems retired or having permanent and/or temporary
compensatory measures in place.
Bounding the year 2000 concern for nuclear power plants
The potential impact of the Year 2000 problem on nuclear power
plants varies with the types of computer systems in use. Licensees rely
upon: (1) software to schedule maintenance and technical specification
surveillance, (2) programmable logic controllers and other commercial
off-the-shelf software and hardware, (3) digital process control
systems, such as a feedwater control or valve control, (4) digital
systems for collecting operating data, and (5) digital systems to
monitor post-accident plant conditions.
In addition to the reporting requirements in the Generic Letter,
NRC regulations (10 CFR Part 21, 10 CFR 50.72, and 10 CFR 50.73) also
require licensees to notify the NRC of significant deficiencies,
significant non-conformances, and failures, such as some of those which
could result from the Year 2000 problem in safety-related systems. To
date, the NRC staff has not identified or received notification from
licensees or vendors that a Year 2000 problem exists with safety-
related initiation and actuation systems. However, some problems have
been identified in computer-based systems that, while non-safety-
related, are nonetheless important. Such systems, primarily databases
and data collection processes necessary to satisfy license conditions,
technical specifications, and NRC regulations that are date driven, may
need to be modified for Year 2000 compliance.
Some examples of systems and computer equipment that are most
likely to be affected by Year 2000 problems include:
--Plant security computers;
--Plant process systems (data scan, log, and alarm and safety
parameter display system computers); and
--Radiation monitoring systems.
Because of the limited time remaining in which to address the
problem, the majority of the program remediation, validation, and
implementation activities should be completed at a facility by mid-
1999, leaving only a few such activities scheduled for the third and
fourth quarters of 1999. In addition, we recognize that despite every
reasonable effort by licensees to identify and correct Year 2000
computer system problems at their facilities, some software,
applications, equipment, and systems may remain susceptible to the
problem. Additionally, software, data, and systems external to the
facility could potentially affect the facility adversely. Therefore, to
ensure continued safe operation of the facility into the Year 2000 and
beyond, licensees should formulate contingency plans for affected
systems and equipment. The concept of Year 2000 readiness includes the
planning, development, and implementation of appropriate contingency
plans or compensatory actions for items that are not expected to be
Year 2000 compliant, to address the possible impact that unrecognized
problems may have on safe plant operation.
Interactions with the nuclear power industry
The NRC has been involved actively with the nuclear industry in
addressing the Year 2000 problem, and we are reasonably encouraged by
industry efforts. We expect continuation of this effort in the response
to the NRC Generic Letter that I mentioned earlier.
To ensure that senior level management at nuclear power plant
licensees were aware of the Year 2000 problem, the first industry-wide
NRC action was to issue Information Notice (IN) 96-70, ``Year 2000
Effect on Computer System Software,'' on December 24, 1996. In that
Information Notice, the NRC staff described the potential problems that
nuclear power plant computer systems and software may encounter during
the transition to the new century. The NRC staff also encouraged
licensees to examine their uses of computer systems and software well
before the turn of the century, and suggested that licensees consider
appropriate actions for examining and evaluating their computer systems
for Year 2000 vulnerabilities.
At the Nuclear Utilities Software Management Group (NUSMG) Year
2000 Workshop, an industry workshop held in July 1997, selected nuclear
power plant licensees described their Year 2000 programs and gave
examples of areas in which they had addressed Year 2000 issues in order
to ensure the safety and operability of their plants on and after
January 1, 2000. Some of the issues discussed included: (1) the
evaluation of the impact of the Year 2000 problem on plant equipment;
(2) the assessment process involved in the identification of
components, vendors, and interfaces; (3) the development of Year 2000
testing strategies; and (4) the identification of budget needs to
address the Year 2000 problem.
In August 1997, the NRC staff incorporated recognition of the Year
2000 concern in the updated Standard Review Plan, NUREG-0800, Chapter
7, ``Instrumentation and Control.'' This document provides guidance to
NRC staff reviewers of computer-based instrumentation and control
systems, to ensure that the Year 2000 issue was addressed in any new
systems or modifications proposed by licensees.
Also in August 1997, the Nuclear Energy Institute (NEI) met with
NUSMG and nuclear plant utility representatives to formulate an
industry-wide plan to address the Year 2000 issue. On October 7, 1997,
representatives of NEI and NUSMG met with the NRC staff to discuss the
actions that NEI was taking to help utilities make their plants ``Year
2000 ready.'' NEI presented the framework document discussed earlier.
That document makes a distinction in terminology between the
expressions, ``Year 2000 ready,'' and ``Year 2000 compliant.'' ``Year
2000 compliant'' is defined as those computer systems or applications
that accurately process date/time data (including but not limited to
calculating, comparing, and sequencing) from, into, and between the
20th and 21st centuries, the years 1999 and 2000, and leap-year
calculations. ``Year 2000 ready'' is defined as a computer system or
application that has been determined to be suitable for continued use
into the year 2000 even though the computer system or application is
not fully ``Year 2000 compliant.''
NEI/NUSMG issued the framework document to all licensees in
November 1997. The document recommends methods for nuclear utilities to
attain Year 2000 readiness and thereby ensure that their facilities
remain safe and continue to operate within the requirements of their
licenses. The scope of the document includes software, or software-
based systems or interfaces, whose failure (due to the Year 2000
problem) would (1) prevent the performance of the safety function of a
structure, system, or component, or (2) degrade, impair, or prevent
compliance with the nuclear facility license and/or NRC regulations.
After reviewing the document, the NRC has endorsed this document as an
acceptable approach for dealing with the Year 2000 problem at nuclear
power plants.
NEI/NUSMG 97-07 also suggests a strategy for developing and
implementing a Year 2000 program for nuclear utilities. The strategy
recognizes management, implementation, quality assurance (QA) measures,
regulatory considerations, and documentation as the fundamental
elements of a successful Year 2000 project. The document contains
examples of strategies that licensees currently are using, and also
recommends that the Year 2000 program be administered through standard
project management techniques.
The recommended components for management planning are as follows:
(1) management awareness, (2) sponsorship, (3) project leadership, (4)
project objectives, (5) the project management team, (6) the management
plan, (7) project reports, (8) interfaces, (9) resources, (10)
oversight, and (11) quality assurance. The suggested phases of
implementation are awareness, initial assessment (which includes
inventory, categorization, classification, prioritization, and analysis
of initial assessment), detailed assessment (including vendor
evaluation, utility-owned or utility-supported software evaluation,
interface evaluation, and remedial planning), remediation, Year 2000
testing and validation, and notification.
The QA measures specified in NEI/NUSMG 97-07 apply to project
management QA and implementation QA. Regulatory considerations include
the performance of appropriate reviews, reporting requirements, and
documentation. Documentation of Year 2000 program activities and
results includes documentation requirements, project management
documentation, vendor documentation, inventory lists, checklists for
initial and detailed assessments, and record retention. NEI/NUSMG 97-07
also contains examples of various plans and checklists as appendices,
which may be used or modified to meet the licensee-specific needs and/
or requirements.
It should be recognized that NEI/NUSMG 97-07 is programmatic, and
does not address fully all the elements of a comprehensive Year 2000
program. In particular, augmented guidance in the area of risk
management, business continuity and contingency planning, and
remediation of embedded systems is needed to fully address some Year
2000 issues that may arise in licensee program implementation. The NRC
staff believes that the guidance in NEI/NUSMG 97-07, when properly
augmented and implemented, presents an example of one acceptable
approach for licensees when addressing the Year 2000 problem at nuclear
power plant facilities.
The NRC role in ensuring electrical grid reliability
Although the primary focus with our licensees has been on public
health and safety related to reactor operations, we recognize the
concern that the Year 2000 problem may potentially affect the
reliability of electrical grids. Our regulatory focus in electrical
grid reliability primarily relates to the challenges to plant safety
systems that might result from a transient on the electrical grid, such
as a loss of offsite power. Nuclear power reactors have two independent
sources of offsite power, and are designed to safely shut down if a
loss of all offsite power were to occur. In the event of a loss of
offsite power, onsite electric power systems provide adequate
electrical power to safely shutdown and cool down the reactors. As you
know, NRC regulatory oversight and authority does not extend to the
offsite electrical grid system.
Notwithstanding our regulatory limits, we recognize the national
importance of a broader focus that helps to ensure that potential
concerns with electrical grid reliability are identified and resolved.
We support the efforts of the President's Council on Year 2000
Conversion and are members of the Energy Working Group. We are working
closely with representatives from the Federal Energy Regulatory
Commission and the Department of Energy to give assistance with, and
share information on, potential problems associated with the Year 2000.
Conclusions
The NRC and the nuclear power industry are addressing the Year 2000
computer problem in a thorough and deliberate manner. To date, we have
not identified or received notification from licensees or vendors that
a Year 2000 problem exists with safety-related initiation and actuation
systems. Further, we believe that we have, through Generic Letter 98-01
and the planned follow-up inspections, established a framework that
appropriately assures us that the Year 2000 problem will not have an
adverse impact on the ability of a nuclear power plant to safely
operate or safely shut down. We recognize the importance of maintaining
a reliable electrical grid, and we will continue to work with the
President's Council on Year 2000 Conversion Energy Working Group, the
Federal Energy Regulatory Commission, and the Department of Energy to
give assistance and share information regarding potential problems
associated with the coming of the Year 2000.
We look forward to working with the Special Committee and welcome
your questions.
Attachment--NRC Generic Letter No. 98-01: Year 2000 Readiness of
Computer Systems at Nuclear Power Plants, May 11, 1998
addressees
All holders of operating licenses for nuclear power plants, except
those who have permanently ceased operations and have certified that
fuel has been permanently removed from the reactor vessel.
purpose
The U.S. Nuclear Regulatory Commission (NRC) is issuing this
generic letter to require that all addressees provide the following
information regarding their programs, planned or implemented, to
address the year 2000 (Y2K) problem in computer systems at their
facilities: (1) written confirmation of implementation of the programs
and (2) written certification that the facilities are Y2K ready with
regard to compliance with the terms and conditions of their licenses
and NRC regulations.
description of circumstances
Simply stated, the Y2K computer problem pertains to the potential
for date-related problems that may be experienced by a system or an
application. These problems include not representing the year properly,
not recognizing leap years, and improper date calculations. An example
of a date-related problem is the potential misreading of ``00'' as the
year 1900 rather than 2000. These problems can result in the inability
of computer systems to function properly by providing erroneous data or
failing to operate at all. The Y2K problem has the potential of
interfering with the proper operation of computer systems, hardware
that is microprocessor-based (embedded software), and software or
databases relied upon at nuclear power plants. Consequently, the Y2K
problem could result in a plant trip and subsequent complications on
tracking post-shutdown plant status and recovery due to a loss of
emergency data collection.
The Y2K problem is urgent because it has a fixed deadline. It
requires priority attention because of the limited time remaining, the
uncertain risk that the problem presents, the technical challenges
presented, and the scarcity of resources available to correct the
problem.
Existing reporting requirements under 10 CFR Part 21, 10 CFR 50.72,
and 10 CFR 50.73 provide for notification to the NRC staff of
deficiencies and non-conformances, and failures, such as some of those
which could result from the Y2K problem in safety-related systems. To
date, the NRC staff has not identified or received notification from
licensees or vendors that a Y2K problem exists with safety-related
initiation and actuation systems. However, problems have been
identified in non-safety, but important, computer-based systems. Such
systems, primarily databases and data collection processes necessary to
satisfy license conditions, technical specifications, and NRC
regulations that are date driven, may need to be modified for Y2K
compliance.
Some examples of systems and computer equipment that may be
affected by Y2K problems follow:
--Security computers
--Plant process (data scan, log, and alarm and safety parameter
display system) computers
--Radiation monitoring systems
--Dosimeters and readers
--Plant simulators
--Engineering programs
--Communication systems
--Inventory control systems
--Surveillance and maintenance tracking systems
--Control systems
To alert nuclear power plant licensees to the Y2K problem, the NRC
issued Information Notice (IN) 96-70, ``Year 2000 Effect on Computer
System Software,'' on December 24, 1996. In IN 96-70, the NRC staff
described the potential problems that nuclear power plant computer
systems and software may encounter as a result of the change to the new
century and how the Y2K issue may affect NRC licensees. In IN 96-70,
the NRC staff encouraged licensees to examine their uses of computer
systems and software well before the turn of the century and suggested
that licensees consider appropriate actions for examining and
evaluating their computer systems for Y2K vulnerabilities. The NRC
staff also incorporated recognition of the Y2K concern in the updated
Standard Review Plan, NUREG-0800, Chapter 7, ``Instrumentation and
Control,'' dated August 1997, which contains guidance for the NRC
staff's review of computer-based instrumentation and control systems.
At the Nuclear Utilities Software Management Group (NUSMG) Year
2000 Workshop, an industry workshop held in July 1997, some nuclear
power plant licensees described their Y2K programs and gave examples of
areas in which they had addressed Y2K issues in order to ensure the
safety and operability of their plants on and after January 1, 2000.
Some of the issues discussed were (1) the evaluation of the impact of
the Y2K problem on plant equipment, (2) the assessment process involved
in the identification of Y2K-affected components, vendors, and
interfaces, (3) the development of Y2K testing strategies, and (4) the
identification of budget needs to address the Y2K problem.
The Nuclear Energy Institute (NEI) met with NUSMG and nuclear plant
utility representatives in August 1997 to formulate an industry-wide
plan to address the Y2K issue. On October 7,1997, representatives of
NEI and NUSMG met with the NRC staff to discuss the actions NEI was
taking to help utilities make their plants ``Year 2000 ready.'' NEI
presented a framework document that provides guidance for utilities to
use in readying for the Year 2000. The framework document makes a
distinction in terminology between ``Y2K ready'' and ``Y2K compliant.''
``Y2K compliant'' is defined as computer systems or applications that
accurately process date/time data (including but not limited to
calculating, comparing, and sequencing) from, into, and between the
20th and 21st centuries, the years 1999 and 2000, and leap-year
calculations. ``Y2K ready'' is defined as a computer system or
application that has been determined to be suitable for continued use
into the year 2000 even though the computer system or application is
not fully Y2K compliant. (These definitions have been adopted by the
NRC for purposes of this generic letter.)
NEI/NUSMG issued the framework document NEI/NUSMG 97-07, ``Nuclear
Utility Year 2000, Readiness,'' to all licensees in November 1997. The
document recommends methods for nuclear utilities to attain Y2K
readiness and thereby ensure that their facilities remain safe and
continue to operate within the requirements of their license. The scope
of NEI/NUSMG 97-07 includes software, or software-based systems or
interfaces, whose failure (due to the Y2K problem) would (1) prevent
the performance of the safety function of a structure, system, or
component or (2) degrade, impair, or prevent compliance with the
nuclear facility license and NRC regulations.
discussion
Diverse concerns are associated with the potential impact of the
Y2K problem on nuclear power plants because of the variety and types of
computer systems in use. The concerns result from Licensees' reliance
upon (1) software to schedule maintenance and technical specification
surveillance, (2) programmable logic controllers and other commercial
off-the-shelf software and hardware, (3) digital process control
systems, (4) software to support facility operation, (5) digital
systems for collection of operating data, and (6) digital systems to
monitor post-accident plant conditions. The scope of NEI/NUSMG 97-07
includes the broad range of computers and software-based systems in a
nuclear power plant. However, NRC Y2K concerns are limited to safety-
related systems and other systems required by the nuclear power plant
license or NRC regulations.
One application that is common to all power reactor licensees is
the link between plant computers and the NRC's Emergency Response Data
System (ERDS). This application performs the communication and data
transmission functions that provide near real-time data availability to
NRC and State incident response personnel during declared emergencies.
The NRC is currently performing Y2K-related upgrades to ERDS, which
will maintain the same communication protocol as the current system,
with the exception that either 2-digit- or 4-digit-year fields will be
accepted. Those licensees that anticipate changes to their ERDS link
should allow time in their schedules for retesting their systems. NRC
contractors will support requests for testing on a ``first-come, first-
served'' basis.
NEI/NUSMG 97-07 suggests a strategy for developing and implementing
a nuclear utility Y2K program. The strategy recognizes management,
implementation, quality assurance (QA) measures, regulatory
considerations, and documentation as the fundamental elements of a
successful Y2K project. The document contains examples currently in use
by licensees and also recommends that the Y2K program be administered
using standard project management techniques.
The recommended components for management planning are management
awareness, sponsorship, project leadership, project objectives, the
project management team, the management plan, project reports,
interfaces, resources, oversight, and QA. The suggested phases of
implementation are awareness, initial assessment (which includes
inventory, categorization, classification, prioritization, and analysis
of initial assessment), detailed assessment (including vendor
evaluation, utility-owned or utility-supported software evaluation
interface evaluation, and remedial planning), remediation, Y2K testing
and validation, and notification.
The QA measures specified in NEI/NUSMG 97-07 apply to project
management QA and implementation QA. Regulatory considerations include
the performance of appropriate reviews, reporting requirements, and
documentation. Documentation of Y2K program activities and results
includes documentation requirements, project management documentation,
vendor documentation, inventory lists, checklists for initial and
detailed assessments, and record retention. NEI/NUSMG 97-07 also
contains examples of various plans and checklists as appendices, which
may be used or modified to meet the licensee's specific needs and/or
requirements.
It should be recognized that NEI/NUSMG 97-07 is programmatic and
does not fully address all the elements of a comprehensive Y2K program.
In particular, augmented guidance in the area of risk management,
business continuity and contingency planning, and remediation of
embedded systems is needed to fully address some Y2K issues that may
arise in licensee program implementation. The NRC staff believes that
the guidance in NEI/NUSMG 97-07, when properly augmented and
implemented, presents an example of one possible approach for licensees
when addressing the Y2K problem at nuclear power plant facilities.
Another document that provides a useful overview of the elements of
an effective Y2K program is a guide issued by the Accounting and
Information Management Division (AIMD), U.S. General Accounting Office
(GAO), GAO/AIMD-10.1.14, ``Year 2000 Computing Crisis: An Assessment
Guide,'' September 1997. This guide is a distillation of the best
practices of the Government and the private sector for dealing with the
Y2K problem.
It should be noted that the guidance in NEI/NUSMG 97-07 and GAO/
AMID-10.1.14 provides a framework only. Any Y2K program employed at a
nuclear facility must be tailored to meet the specific needs and
requirements of that facility and should, in general, be composed of
the following phases: Awareness, assessment, remediation, validation,
and implementation. Completion of the Y2K program means the attainment
of the program objectives, which could range from all computer systems
and applications, including embedded systems, being Y2K compliant, to
some being Y2K compliant and the remaining retired or with permanent
and/or temporary compensatory measures or work-arounds in place. Also
to be considered are the future maintenance requirements for keeping
the systems and applications Y2K ready, for example, when the ``fixed
date window'' approach is used.
t is recognized that in spite of every reasonable effort by
licensees to identify and correct Y2K computer system problems at their
facilities, some software, applications, equipment, and systems may
remain susceptible to the problem. Additionally, software, data, and
systems external to the facility could potentially affect the facility
adversely. Therefore, to ensure continued safe operation of the
facility into the Year 2000 and beyond, contingency plans should be
formulated for affected systems and equipment. The concept of Y2K
readiness includes the planning, development, and implementation of
appropriate contingency plans or compensatory actions for items that
are not expected to be Y2K compliant or ready and to address the
possible impact of unidentified items and their effect on safe plant
operation.
Because of the limited time remaining in which to address the Y2K
problem, at some facilities it may be necessary that some remediation
and implementation activities he performed during normally scheduled
plant outages in order to avoid additional outages to effect these
activities. Hence, licensees should plan for this work accordingly. The
NRC staff notes that unless the majority of the Y2K program
remediation, validation, and implementation activities are completed at
a facility by mid-1999, leaving only a few such activities scheduled
for the third and fourth quarters of 1999, the facility may not be Y2K
ready by the year 2000.
In the course of implementing the Y2K program, problems could be
identified that potentially affect the licensing basis of the plants.
In certain cases, license amendments may be needed to address the
problem resolution. Licensees should plan to submit such license
amendments to the NRC on a timely basis. The utility Y2K programs and
schedules should have the flexibility to accommodate such an
eventuality. In addition, licensees are reminded that any changes to
their facilities that affect their current licensing basis must be
reviewed in accordance with existing NRC requirements and the change
properly documented. Finally, we strongly encourage licensees to share
information regarding identified remediation and implementation
activities in order to maintain the likelihood that all Y2K problems
are identified. We understand that Owners' Groups are implementing this
and we encourage this effort.
required response
In order to gain the necessary assurance that addressees are
effectively addressing the Y2K problem with regard to compliance with
the terms and conditions of their licenses and NRC regulations, the NRC
staff requires that all addressees submit a written response to this
generic letter as follows:
(1) Within 90 days of the date of this generic letter, submit
a written response indicating whether or not you have pursued
and are continuing to pursue a Y2K program such as, or similar
to, that outlined in NEI/NUSMG 97-07, augmented appropriately
in the areas of risk management, contingency planning, and
remediation of embedded systems. If your program significantly
differs from the NEI/NUSMG guidance, present a brief
description of the programs that have already been completed,
are being conducted, or are planned to ensure Y2K readiness of
the computer systems at your facility(ies). This response must
address the program's scope, assessment process, plans for
corrective actions (including testing and schedules), QA
measures, contingency plans, and regulatory compliance.
(2) Upon completing your Y2K program or, in any event, no
later than July 1, 1999, submit a written response confirming
that your facility is Y2K ready, or will be Y2K ready, by the
year 2000 with regard to compliance with the terms and
conditions of your license(s) and NRC regulations. If your
program is incomplete as of that date, your response must
contain a status report, including completion schedules, of
work remaining to be done to confirm your facility is/will be
Y2K ready by the year 2000.
Address the written reports to the U.S. Nuclear Regulatory
Commission, Attention: Document Control Desk, Washington, D.C. 20555-
0001, under oath or Summation under the provisions of Section 182a,
Atomic Energy Act 1954, as amended, and 10 CFR 50.54(f). In addition,
submit a copy to the appropriate regional administrator.
backfit discussion
This generic letter requires information from addressees under the
provisions of Section 182a of the Atomic Energy Act of 1954, as
amended, and 10 CFR 50.54(f). The required information will enable the
staff to verify that each nuclear power plant licensee is implementing
an effective plan to address the Y2K problem and provide for safe
operation of the facility before January 1, 2000, and is in compliance
with the terms and conditions of their license(s) and NRC regulations.
The following NRC regulations form a basis for this requirement:
--10 CFR 50.36, ``Technical Specifications,'' paragraph (c)(3),
``Surveillance Requirements,'' and paragraph (c)(5),
``Administrative controls.'' These sections relate,
respectively, to requirements pertaining to testing,
calibration, or inspection to ensure that the necessary quality
of systems and components is maintained and to provisions
relating to management, procedures, recordkeeping, and review
and audit necessary to ensure operation of the facility in a
safe manner.
--10 CFR 50.47, ``Emergency Plans,'' paragraph (b)(8), which relates
to the provision and maintenance of adequate emergency
facilities and equipment to support the emergency responses.
--Appendix B to 10 CFR Part 50, Criterion III, ``Design Control,''
requires that design control measures shall provide for
verifying or checking the adequacy of design, such as by the
performance of design reviews, by the use of alternate or
simplified calculational methods, or by the performance of a
suitable testing program.
--Appendix B to 10 CFR Part 50, Criterion XVII, ``Quality Assurance
Records,'' requires that sufficient records shall be maintained
to furnish evidence of activities affecting quality. The
records are to include operating logs and the results of
reviews.
--Appendix A to 10 CFR Part 50, General Design Criterion (GDC) 13,
``Instrumentation and Control,'' which addresses the provision
of appropriate instrumentation and controls to monitor and
control systems and variables during normal operation,
anticipated operational occurrences, and accident conditions,
as appropriate, to ensure adequate safety.
--Appendix A to 10 CFR Part 50, GDC 19, ``Control Room,'' which
requires the provision of a control room from which actions can
be taken to operate the nuclear plant safely.
--Appendix A to 10 CFR Part 50, GDC 23, ``Protection System Failure
Modes,'' which requires that the protection system shall be
designed to fail into a safe state or into a state demonstrated
to be acceptable on some other defined basis.
paperwork reduction act statement
This generic letter contains information collections that are
subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et
seq.). These information collections were approved by the Office of
Management and Budget (OMB), approval number 3150-0011, which expires
on September 30, 2000.
The public reporting burden for this collection of information is
estimated to average 100 hours per response, including the time for
reviewing the instructions, searching data sources, gathering and
maintaining the needed data, and completing and reviewing the
information collected. This estimate assumes a licensee's response
simply confirms the existence of a Y2K program, similar to that
outlined in NEI/NUSMG 97-07, and that the program will be completed by
July 1, 1999. Licensees whose Y2K program significantly differs from
the NEI/NUSMG guidance or whose Y2K program will not be completed by
July 1, 1999, must submit additional information to the NRC.
The NRC is seeking public comment on the potential impact of the
collection of information contained in this generic letter and on the
following issues:
1. Is the proposed collection of information necessary for
the proper performance of the functions of the NRC, including
whether the information will have practical utility?
2. Is the estimate of burden accurate?
3. Is there a way to enhance the quality, utility, and
clarity of the information to be collected?
4. How can the burden of the collection of information be
minimized, including the use of automated collection
techniques?
Send comments on the burden estimate and any aspect of this
collection of information, including suggestions for reducing this
burden, to the Information and Records Management Branch, T-6 F33, U.S.
Nuclear Regulatory Commission, Washington, D.C. 20555-0001, and to the
Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202
(3150-0011), Office of Management and Budget, Washington, D.C. 20503.
The NRC may not conduct or sponsor, and a person is not required to
respond to, a collection of information unless it displays a currently
valid OMB control number.
If you have any questions about this matter, please contact one of
the technical contacts listed below or the appropriate Office of
Nuclear Reactor Regulation (NRR) project manager.
Jack W. Roe, Acting Director,
Division of Reactor Program Management,
Office of Nuclear Reactor Regulation.
Technical Contact: M. Chiramal, NRR 301-415-2845, E-mail: [email protected]
Lead Project Manager: Allen G. Hansen, NRR, 301-415-1390 E-Mail:
[email protected]
ATTACHMENT--LIST OF RECENTLY ISSUED NRC GENERIC LETTERS
------------------------------------------------------------------------
Date of
Generic letter Subject issuance Issued to
------------------------------------------------------------------------
97-06.............. Degradation of 12/30/97 All holders of OLs
Steam Generator for pressurized-
Internals. water reactors,
except those who
have permanently
ceased operations
and have
certified that
fuel has been
permanently
removed from the
reactor vessel.
97-05.............. Steam Generator 12/17/97 All holders of OLs
Tube Inspection for pressurized-
Techniques. water reactors,
except those who
have permanently
ceased operations
and have
certified that
fuel has been
permanently
removed from the
reactor vessel.
96-06, Sup. 1...... Assurance of 11/13/97 All holders of OLs
Equipment for nuclear power
Operability and reactors except
Containment those who have
Integrity During permanently
Design-Basis ceased operations
Accident and have
Conditions. certified that
fuel has been
permanently
removed from the
reactor vessel.
91-18, Rev. 1...... Infommation to 10/08/97 All holders of OLs
Licensees for nuclear power
Regarding NRC and NPRs,
Inspection Manual including those
Section on power reactor
Resolution of licensees who
Degraded and have permanently
Nonconforming ceased
Conditions. operations, and
all holders of
NPR licenses
whose license no
longer authorizes
operation.
------------------------------------------------------------------------
OL=Operating License
CP=Construction Permit
NPR=Nuclear Power Reactors
______
Responses of Shirley Ann Jackson to Questions
Submitted by Chairman Bennett
Statement: ``All of our other mission-critical systems are on
schedule to be Year 2000 compliant in accordance with OMB guidelines,
with three currently being repaired, and three being replaced'' (page
2, para.1).
Question 1. What is the target completion date for the NRC
mission-critical systems?
Answer. Two of NRC's seven mission-critical systems have been
completed. Four of NRC's five remaining mission-critical systems are on
schedule to be completed on or before January 1, 1999. The final
mission-critical system is on schedule to be completed by March 1999.
MISSION-CRITICAL SYSTEM STATUS
----------------------------------------------------------------------------------------------------------------
Renovation Validation Implementation
-----------------------------------------------------------------------------
System name Milestone Percent Milestone Percent Milestone Percent
date complete date complete date complete
----------------------------------------------------------------------------------------------------------------
Repair
Emergency Response Data System.... 08/1998 66 01/1999 35 03/1999 0
Emergency Telecommunications
System........................... 08/1998 65 09/1998 0 10/1998 0
Operations Center Information
Management System................ 09/1998 42 12/1998 0 01/1998 0
Replace
Agency Upgrade of Technology for
Office Systems................... ........... ........... ........... ........... 12/1998 76
Licensing Tracking System......... ........... ........... ........... ........... 10/1998 40
----------------------------------------------------------------------------------------------------------------
Statement: ``The concept of Year 2000 readiness includes the
planning, development, and implementation of appropriate contingency
plans or compensatory actions for items that are not expected to be
Year 2000 compliant, to address the possible impact that unrecognized
problems may have on safe plant operation'' (page 5, para. 1).
Question 2. What contingency plans exist and what types of
compensatory actions might be taken in the event such problems occur?
Answer. As part of the programs being pursued by nuclear power
plant licensees to address the Year 2000 problem, all licensees are
developing contingency plans in the event unanticipated problems arise.
The Nuclear Energy Institute (NEI) in conjunction with the Nuclear
Utilities Software Management Group (NUSMG) is developing additional
guidance for nuclear power plant licensees on contingency planning.
This guidance will be available later in the Summer of 1998. We
currently do not have detailed information on power reactor licensees'
contingency plans. However, contingency planning is one of the areas
that licensees are to address in their Year 2000 programs in response
to NRC's Generic Letter 98-01 Year 2000 Readiness of Computer Systems
at Nuclear Power Plants. Further, the NRC will review licensees'
contingency planning as part of the Year 2000 readiness sample
inspections.
While contingency plans will be specific to the individual plant
based on the specific impact of the Year 2000 problem on the facility,
some general types of compensatory actions will likely be established.
Examples of these include:
(1) Provision for access control by augmenting the number of guards
on site in the event of a failure in the security computer which
prevents the ability to lock doors.
(2) Provision for additional technical staff to perform engineering
calculations in the event computer programs fail to work properly.
(3) Provision for additional supplies of required materials such as
fuel oil for backup diesel generators in the event of longer than
anticipated loss of offsite power.
Statement: ``In addition to written responses, we plan to conduct
inspections, on a sample basis, to assess licensee preparedness for the
Year 2000'' (page 3, para. 3).
Question 3a. Describe the Year 2000 readiness inspection process.
How many inspectors are there?
Answer. The NRC staff has developed a draft Temporary Instruction
containing guidance for conducting the Year 2000 readiness sample
inspections. The draft is currently out for comment and will be
finalized in August. The NRC staff currently plans to use approximately
4 inspectors to conduct the Year 2000 readiness inspections.
Question 3b. What are the inspectors' backgrounds?
Answer. The NRC staff Year 2000 readiness inspectors are
electrical/electronics engineers with backgrounds and knowledge in the
review of the design of digital (software) based systems. These
inspectors will have specific knowledge in the area of potential Year
2000 problems.
Question 3c. What time frame is in place regarding the inspections?
Answer. The NRC staff plans to begin the Year 2000 readiness
inspections in September 1998 and complete them by March 1999.
Question 4. To what extent are NRC's nuclear power plant Year 2000
readiness assessments ``self-verifying.'' Would a greater extent of
independent verification be more useful?
Answer. In response to our Generic Letter, power reactor licensees
will confirm and provide information regarding Year 2000 readiness of
their facilities. The NRC will review licensee response to the GL 98-
01. The NRC staff assessments and inspection-related activities of
licensee Year 2000 programs are fully independent of any activities
performed by the licensee. Therefore, the NRC staff review effort on
licensee Year 2000 readiness is sufficiently independent to permit
decisions to be made on the need for any subsequent actions. If the
results of the sample inspections described in response to Question 3
identify generic concerns, either additional inspections will be
conducted or additional guidance will be issued.
Statement: ``It should be noted that NEI/NUSMG 97-07 (Nuclear
Utility Year 2000 Readiness framework document prepared by the Nuclear
Energy Institute) is programmatic and does not address fully all the
elements of a comprehensive Year 2000 program. In particular, augmented
guidance in the area of risk management, business continuity and
contingency planning and remediation of embedded systems is needed to
fully address some Year 2000 issues that may arise in licensee program
implementation'' (page 8, para. 2).
Question 5. Who will be the source of this guidance, and how can it
be best coordinated across the nuclear power industry?
Answer. As mentioned above in the response to Question 2., NEI/
NUSMG is developing additional guidance for the nuclear power industry
on contingency planning. Guidance on risk management, business
continuity and remediation of embedded systems is provided in the
General Accounting Office (GAO) document, GAO/AIMD-10.1.14, ``Year 2000
Computing Crisis: An Assessment Guide'', September 1997 which is
referred to in the NRC Generic Letter 98-01, ``Year 2000 Readiness of
Computer Systems at Nuclear Power Plants'' dated May 11, 1998.
Additionally, the NRC plans to participate in an industry-sponsored
workshop to be offered later this year on industry Year 2000 progress.
The NRC will use this opportunity to discuss its initial findings from
the Year 2000 inspections it will begin in September.
Statement: ``Notwithstanding our regulatory limits, we recognize
the national importance of a broader focus that helps to ensure that
potential concerns with electrical grid reliability are identified and
resolved'' (page 9, para. 1).
Question 6. What can be done to assure this broader focus?
Response: A broader focus for nuclear power plant Year 2000
readiness beyond nuclear safety is provided in NEI/NUSMG 97-07. This
document addresses Year 2000 readiness of all nuclear power plant
systems including not only safety-related systems, but those necessary
for continued plant operation in order to maintain supply to the
electrical grid. Moreover, NRC is fully supporting the broader focus as
a member of the Energy Sector Working Group of the President's Council
on Year 2000 conversion.
Statement: ``To date, we have not identified or received
notification from licensees or vendors that a Year 2000 problem exists
with safety-related initiation and actuation systems'' (page 9, para.
2).
Question 7. What are the exact reporting requirements of 10 CFR
Part 21, 10 CFR 50.72, and 10 CFR 50.73, which mandate that the NRC be
notified of such instances? How do these regulations relate to the
vendors?
Answer. 10 CFR Part 21, Reporting of Defects and Noncompliances,
specifically requires nuclear power plant licensees and vendors
providing safety-related equipment or equipment providing safety
functions to report defects and noncompliances identified in that
equipment to the NRC. A Year 2000 problem in a safety-related
initiation and actuation system is an example of such a reportable
defect. 10 CFR 50.72, immediate notification requirements for operating
nuclear reactors, requires nuclear power plant licensees to immediately
notify the NRC of emergency situations and promptly notify the NRC of
other non-emergency events such as deviations from plant technical
specifications including unanalyzed conditions that significantly
compromise plant safety or could prevent the fulfillment of a safety
function.
10 CFR 50.73, Licensee Event Report System, requires licensees to
submit a Licensee Event Report (LER) within 30 days after discovery of
an event which is prohibited by plant technical specifications or
results in the plant being in an unanalyzed condition that
significantly compromises plant safety or was outside the design basis
of the plant. Events covered by 10 CFR 50.72 and 10 CFR 50.73 include
equipment failures and design errors such as may result from a Year
2000 problem in a safety-related initiation and actuation system. 10
CFR 50.72 and 50.73 do not apply to vendors.
__________
Prepared Statement of John A. Koskinen
Good morning, Mr. Chairman. I am pleased to appear before the
committee to discuss the activities of the President's Council on Year
2000 Conversion and the year 2000 problem's implications for the energy
industry.
Let me begin, however, by expressing my support for the work of
this committee. I am confident the committee will play a key role in
helping to address the year 2000 problem, and I appreciate your
commitment to focus not only on year 2000 activities within the Federal
Government, but in the private sector as well, where it is clear we
face a real challenge in raising awareness among small and medium-sized
organizations. I would also like to express my appreciation to you, Mr.
Chairman, and to Senator Dodd, for the work that you both have done to
increase awareness of the problem in the financial services industry.
The Council has formed a financial institutions group to work with
industry leaders in this important area, and we look forward to working
with you as well.
As you know, like the financial sector, energy is a key part of our
Nation's infrastructure. While people in other sectors are focused on
ensuring that their systems and date-sensitive embedded chips are ready
for the new millennium, that work will be irrelevant if we have power
failures on January 1, 2000. To prevent such an outcome, we need to
work together in an ongoing dialogue with the industry to raise
awareness of the problem and to facilitate information exchanges.
Today's hearing is a valuable contribution to that dialogue.
council structure--economic sectors
As you know, I returned to Federal Government in March to chair the
President's Council on Year 2000 Conversion. The Council's mission is
two-fold: To assist Federal agencies as they work to prepare their
systems for the new millennium and to coordinate agency efforts to
increase awareness of the problem among private sector entities, State
and local governments, and international organizations.
The Council is made up of senior executives from more than 30 major
Federal executive branch, regulatory, and independent agencies who were
personally chosen by their agency heads and have the authority to
commit their agencies to action on the spot. The full Council meets at
least monthly to discuss not only agency efforts to increase awareness
of the problem outside of the Federal Government, but agency progress
in ensuring that Federal mission-critical systems will be year 2000
compliant.
While several of the agencies confront significant management
challenges, I am confident that the vast majority of Federal mission-
critical systems will be ready for the year 2000. In the ongoing
discussion about the Federal response to this problem, we often
overlook the fact that many agencies are making excellent progress.
According to the most recent OMB quarterly report, 71 percent of
mission-critical systems in the nine agencies assigned OMB's highest
ranking are year 2000 compliant--nine months ahead of the government-
wide goal.
An important fact in our favor is that senior managers in the
Federal Government are very much aware of the year 2000 problem. I've
met individually with the heads of more than 40 agencies, and their
agencies are working hard to ensure that critical Federal systems are
compliant. I wish I could be as certain that is the case in every
organization outside of the Federal Government. Unfortunately, many
organizations are not paying appropriate attention to the problem. That
is why our outreach efforts are so important.
One of the things I emphasized in my meetings with the agency heads
was that, while it is very important for agencies to focus on fixing
their own systems, they also have a responsibility to reach out to
organizations within their policy areas to increase awareness of the
problem and to offer support. The agencies have accepted that
challenge, but that does not mean the Federal Government has the
authority or the responsibility to fix others' systems. The Government
has no such authority in many areas of our economy, and getting people
to take personal responsibility for ensuring that their systems work is
key to the success of the Nation's year 2000 preparations.
So how can we most effectively reach out to organizations outside
the Federal realm? This was one of the first questions the Council
addressed. We decided that, to be most effective, we needed to build on
existing organizational relationships between agencies and outside
groups, which are in many cases their normal constituencies. We asked
the agencies to also consider reaching out to important sectors we
don't regularly contact and to coordinate outreach efforts to ensure
there are no gaps in coverage. Fortunately, our normal working
relationships reach into many important areas of the economy. The
Federal Reserve, for example, has an ongoing relationship with the
Nation's banks. The Federal Aviation Administration has an ongoing
dialogue with the airline industry. And there were obvious industries
we could initiate contact with, such as having the Environmental
Protection Agency discuss the year 2000 problem with the operators of
local wastewater treatment plants.
The Council has organized itself to take advantage of these
relationships. We have identified roughly 30 economic sectors and
enlisted agencies who have policy interests in, or connections to,
these areas to serve as ``coordinators,'' to increase awareness of the
problem and to offer support. In this role, agencies are also getting
feedback on organizations' progress in addressing the problem, which
will help us identify areas of concern. In particular, agencies are
working with industry trade associations, who have unique capabilities
for communicating with their members about the problem, individual
companies, State and local governments, and international institutions.
For example, the Transportation Department will soon be holding an
Intelligent Transportation Systems summit in Washington that will bring
together industry leaders, State and local transportation officials,
and transportation technology suppliers to discuss solutions for
possible year 2000-related disruptions in the operation of traffic
control systems. The Federal Communications Commission last week held a
roundtable of industry leaders to discuss the year 2000 problem's
implications for public safety systems. The Small Business
Administration will run a series of public service announcements on the
problem aimed at small business owners. The Department of Health and
Human Services and the Veterans Administration are working with
hospital trade associations and the American Medical Association to
increase awareness of the problem among the Nation's hospitals. And the
Food and Drug Administration is again surveying medical device
manufacturers about the year 2000 compliance of their equipment.
We are also using other ``leverage points'' in our outreach
efforts. These are organizations who, by virtue of their actions or
opinions, can be a powerful influence to encourage others to ensure
that their systems are ready for the new millennium. This is
particularly important for small and medium-sized organizations that
seem to be the least aware of the problem's significance to their
operations. Therefore, I have met with several rating agencies and the
year 2000 task force of the American Institute of Certified Public
Accountants to encourage them to reiterate to their clients the
importance of addressing the year 2000 problem.
council structure--working groups
The Council has formed agency working groups to coordinate agency
outreach activities in several key parts of the Nation's infrastructure
that require an intensified focus. We have working groups that cover
telecommunications, financial institutions, workforce issues, emergency
preparedness, and energy. I will address the energy working group's
activities in greater detail momentarily.
The telecommunications group, which the FCC chairs, is working with
industry groups and the Nation's largest telecommunications service
providers to minimize potential disruptions to the communications
network we have all come to rely upon. One of the real challenges in
this area is international telecommunications. In countries that have
thus far done very little to address the problem, there is a
significant chance for telecommunications failures on January 1, 2000.
For financial institutions, I did not initially plan to form a
working group because of the good progress being made, thanks to hard
work of agencies like the Fed, the Office of Thrift Supervision and
other members of the Federal Financial Institutions Examination
Council, and the Securities and Exchange Commission. Recognizing this
is an area of unparalleled importance to the Nation's economy, however,
the Council decided we should form a working group. This Fed-chaired
group is now working to address the problem not only with U.S. banks,
but with the securities industry, mortgage companies, and government
sponsored entities.
The Labor Department chairs the workforce issues group, which is
focused not only monitoring the Federal Government's supply of workers
for its year 2000 remediation activities, but on ways to help mitigate
some of the potential year 2000 workforce shortages in the economy as a
whole. Labor has electronic job and talent banks that will be modified
to contain a special section devoted to the year 2000 problem. This
will enable job-seekers to connect with organizations that are in need
of assistance. The group is also working to form relationships with
outside parties such as the American Association of Retired Persons
that have unique capabilities for reaching those retirees with special
skills for addressing the problem.
The emergency services working group, chaired by the Federal
Emergency Management Agency, is concentrating on ensuring that State
and local emergency response officials are addressing the year 2000
problem. Emergency response agencies need to assess their own systems
to make sure they are year 2000 compliant. But they also need to
prepare for potential problems caused by failing computer systems and
embedded chips in their communities just as they would a major storm or
earthquake, since the year 2000 problem has the potential for causing
disruptions in key infrastructure segments.
energy
Because it is such a critical part of the Nation's infrastructure,
we are very concerned about year 2000 progress in the energy industry.
The wide range of companies active in the production and transportation
of power, which include investor-owned utilities, publicly owned
utilities, Federal power marketing associations, and oil and gas
producers, makes the challenge of outreach all the more difficult.
As a result, the Council has taken the step of appointing two
chairs--the Energy Department for electric power, and the Federal
Energy Regulatory Commission for oil and gas. The entire group is
working to engage industry in an ongoing dialogue about the level of
awareness, assessment, and remediation that is underway, and is
offering Energy and FERC to coordinate the activities of Federal
agencies in this area. Again, while the Government does not have direct
control over most of these organizations, we can play an important role
in facilitating an information exchange on year 2000 best practices and
shared experiences among those in the industry.
We are also very concerned about the implications of date-sensitive
embedded chips for the energy industry. Some of these chips help to
carry out critical functions in power plants and oil production
facilities, and we are encouraged that the industry recognizes the
importance of this issue.
Thus far, we have been delighted with the response we have received
from various energy trade associations. The working group has met with
the North American Electric Reliability Council, which has agreed to be
our contact with the electric power industry. In a meeting last week,
the American Petroleum Institute and the Natural Gas Council agreed to
use their capabilities as umbrella organizations to raise awareness of
the problem within their industries and to survey the progress of their
members. While it is difficult to make estimates at this stage in the
process, the consensus is that the largest companies in the energy
industry are actively working to ensure their ability to function as we
move into the new millennium.
moving forward
There is no doubt the year 2000 problem poses a significant
challenge to the global economy. I am confident that Federal agencies
will live up to their end of the bargain, both in fixing their critical
systems and in increasing awareness beyond the Federal Government. We
will continue to reach out to public and private organizations--
particularly in key infrastructure areas such as energy--to encourage
people to take personal responsibility for solving their year 2000
problems. As I have often said, there is no guarantee that every
critical system will be fixed. But if we work hard, and if we work
together, I think we will be well-positioned to achieve our ultimate
goal of ensuring that any inconveniences caused by the year 2000
problem will be relatively minor.
I thank the committee for its interest in the year 2000 problem.
You are making a valuable contribution to the public dialogue about
this matter. I look forward to working with you, and I would be happy
to answer any questions that you may have.
______
Responses of John A. Koskinen to Questions Submitted by Chairman
Bennett
Question 1. You stated several times that sector groups will be
both raising awareness and trying to develop assessments. What
deadlines are being placed on the working groups to finish these
assessments and at what point do they begin contingency planning?
Answer. The Council's sector groups are working closely with
industry trade associations, companies, State and local governments,
and international entities to raise awareness and gain an understanding
of the state of year 2000 preparedness in various sector areas. While
there is no deadline for this work, we expect to be able to make
assessments in many areas by the end of this year. In Federally
regulated areas, such as banking, many oversight agencies already have
information available from preliminary and ongoing assessments.
With regard to contingency planning, the Council's sector groups
will not be drawing up plans for each sector. Instead, as part of their
efforts to increase awareness of the year 2000 problem, agencies are
encouraging organizations outside the Federal Government to focus on
contingency planning as part of preparing for the year 2000. (Federal
agencies have already been required to begin contingency planning for
their activities.) The Council itself will begin to consider
appropriate contingency plans for a Federal response to possible third-
party failures as we move toward the end of this year, when those
organizations have a better sense for which of their systems are
unlikely to meet the January 1, 2000 deadline.
Question 2. Could you please elaborate on the role the Vice
President is playing in the Y2K challenge? What exactly is his level of
involvement?
Answer. The Vice President is actively involved in the
Administration's year 2000 efforts. He and the President have spoken to
the Cabinet and emphasized to the agency heads that they must take
personal responsibility for ensuring that their agency's mission-
critical systems are ready for the year 2000. The Vice President has
also worked to focus the President's Management Council, a group
composed of agency deputy secretaries, on the issue, meeting with them
to stress the importance of agencies preparing their systems for the
new millennium. In addition, the Vice President receives briefings and
reports from me, and he and his staff are working closely with the 32
``high impact'' agencies that most directly relate to the public, to
emphasize that solving the year 2000 problem is critical to their
ability to deliver services to the American people.
Question 3. What do you see as the greatest national and economic
security risks associated with the Year 2000 computer problem?
Answer. The greatest risks both to national and economic security
come from outside the United States. We truly live in a global economy
that is increasingly interrelated and dependent upon the electronic
exchange of information for financial and other transactions.
Unfortunately, a large number of countries have thus far paid little or
no attention to the year 2000 problem. Part of our concern is based on
the fact that we have little control over other countries' year 2000
preparations. Thus, while we are actively reaching out, through
international organizations as well as our embassies, to encourage
other countries to address the problem in areas such as finance and
national security, there is little we can to do ensure that their
critical systems will be ready.
We are also concerned that countries take appropriate actions to
ensure the safety of weapons systems that could be affected by the
problem, and we have been working through the Defense Department, State
Department, and other channels to encourage foreign governments to
address this critical area. Council members from the State Department
recently met in London with the international year 2000 experts from
other G-8 countries to discuss trans-boundary aspects of the problem in
areas such as defense and finance. Finally, we have discussed with the
National Security Council and other security agencies our concern about
possible problems raised by work done abroad on U.S. systems.
Question 4. You stated that FEMA will be chairing the emergency
services working group. How will this group facilitate contingency
planning when there are no accurate assessments of the potential Y2K
problems? How will the emergency services group interface with the
other working groups?
Answer. As chair of the emergency services sector group, FEMA is
working to increase awareness of the year 2000 problem among State and
local disaster officials and to stress the importance of contingency
planning for failures that are likely to occur in systems that support
key segments of the infrastructure. The FEMA-led group includes a wide
range of Federal agencies, such as the SBA, the Defense Department, and
GSA, with experience in responding to State requests for assistance.
The group is reviewing what, if any, additional work is needed to
prepare for possible infrastructure failures, since the effect of year
2000-related infrastructure failures will be similar to that created by
natural disasters such as hurricanes and earthquakes. As noted above,
we expect to begin to have better assessments of where the country may
have difficulties by the end of this year, and FEMA and its working
group will have full access to such information.
Question 5. In your testimony you mentioned that you asked agencies
to consider reaching out to sectors they would not normally contact to
ensure that there are no gaps. Could you give an example of such a
sector?
Answer. As noted in my testimony, I have asked agencies ``to reach
out to organizations within their policy areas to increase awareness of
the problem and to offer support.'' Some of these organizations will be
outside of the agency's normal contacts. The food supply sector
provides an excellent example of an agency reaching out to
organizations with whom it would not normally have contact. The
Agriculture Department, the sector group's lead agency, has a
longstanding relationship with farmers and other producers in
implementing food safety regulations. But since this sector group is
looking at the concept of food distribution from farm to table, the
Department is now reaching out to shippers, grocers, and others with
whom they would normally have very little contact to increase awareness
of the problem and offer support.
Question 6. Has the Council considered a public awareness campaign
to educate and inform the general public about how to prepare for Y2K?
For example, would you recommend people keep copies of their previous
utility bills and bank statements in case there are problems with
billing and accounting systems?
Answer. At this time, our major focus in terms of public campaigns
is on raising awareness of the problem among small and medium-size
businesses. The SBA has a major national campaign underway, supported
by a series of private sector partners from several industries, that
includes public service announcements, a web page, and distribution of
printed materials. As we move forward, an important part of our
communications efforts will be to ensure that the general public has
available information about what works and what doesn't. On the Federal
level, we have an obligation to advise the public directly about
Government services that are year 2000 compliant, as well as those that
are not. We will also be working with the private sector and State and
local government to encourage them to share similar information about
their services and products on an organization-by-organization basis.
With regard to retaining bills and statements, information is not
available at this time that would indicate the public should be advised
that such actions are necessary, although many individuals already
preserve such records for future reference.
Question 7. You briefly touched on the global implications of Y2K.
Have you seen any indications that we could suffer disruptions in our
oil imports?
Answer. Thus far, we do not have indications that Y2K will disrupt
our oil imports. But energy generally, and oil and gas in particular,
is an area of great concern to the Council. The Transportation
Department is working to reach out to worldwide insurers and shippers,
because there may be substantial risks in the embedded chips area to
ports and ships' ability to operate effectively. Also, the oil and gas
portion of our energy sector group is working closely with the industry
on the problem, and part of their efforts will be to reach out to
foreign counterparts as well.
Question 8. Some Year 2000 experts have pointed to other dates
which could be problematic such as September 9, 1999. What attention is
being paid to the possibility that this date could trigger disruptions
in the different infrastructures?
Answer. While use of the date, September 9, 1999 (9/9/99), in
programming could be a problem in specific instances, it is not likely
to be a widespread problem. Unlike using a two-digit year, which was
accepted programming practice, programmers' use of 9s to do things such
as signal an end of a file or table have been viewed as bad programming
practice. Furthermore, where a programmer used such a marker, it is
much more likely they would use 99/99/99, instead of 9/9/99, since it
is both logically higher than any possible date field and does not
represent an actual date. Nevertheless, the problem could occur, and
agency technicians are looking for it as part of their year 2000 fixes.
The fact that 2000 is a leap year also may be a problem in a few
cases. But again, this should not be a widespread problem. The same
logic (i.e., this system will not be in place when the year 2000
arrives) that caused programmers not to use a four-digit year, also
works to mitigate the leap year problem. If the program was not
expected to be running in 2000, there was little likelihood that there
would be a focus on a complex way to calculate a leap year. The easiest
way to calculate a leap year is: if the year is divisible by four, it
is a leap year. Therefore, most programmers would have coded that
logic. That logic will work in the year 2000 because, unlike 1900 or
2100, 2000 actually is a leap year. Programmers that were meticulous,
and coded their programs to address the leap year in 2000, would have
investigated the rules for 2000 and accommodated it. Here again,
however, notwithstanding all of the above, the problem may occur and
agency technicians are checking for it and testing to be sure that
systems will work through the leap year.
Question 9. I understand that you have two assistants and a
secretary. Is that the extent of your staff? If so, do you really think
this is sufficient staff for this daunting management task?
Answer. My direct administrative staff, at this time, consists of
two professionals, an administrative assistant, a senior-level
detailee, and an intern. I believe that is an appropriate level of
administrative staff in light of the structure we have created. We also
receive direct support from several professionals at OMB and GSA, which
provides logistical support for the Council. More significantly, each
of the Council's 34 sector groups is chaired and supported by senior
executives and support staff from the agencies heading up the groups.
Thus, hundreds of individuals are working under my direction on the
year 2000 problem as part of the Council's operations.
Question 10. What are the long-term effects of the Year 2000
computer problem? Will we suffer from the increased vulnerabilities of
patched systems? Or will we benefit from strengthened and updated
infrastructures?
Answer. I think the most important positive long-term effect of the
problem is that it has forced organizations to conduct extensive
inventories of their systems. This is leading to greater efficiency
because, in the process, they are discovering new and better ways for
carrying out business processes, in addition to retiring systems they
no longer need. Unfortunately, one of the problem's negative effects is
that, in some areas, organizations are delaying much-needed
modernizations and upgrades just to ensure that they can keep their
core business processes operating. These organizations are making
investments, but they are investments to stay in business, not to
improve productivity. On the latter point, we could suffer from
increased vulnerabilities of patched systems, but we are just as likely
to benefit from strengthened and updated infrastructures.
Question 11. What is the greatest challenge you face in reaching
out to the public sector?
Answer. Our greatest challenge in reaching out to the public sector
is increasing awareness among local governments. While I am reasonably
confident that most States have a good handle on the problem, I am not
as confident about county and town governments. However, we are working
with groups such as the National Governors' Association, the National
Association of Counties, and the National League of Cities to increase
awareness of the problem among local officials.
__________
Prepared Statement of Senator Jon Kyl
Mr. Chairman, let me begin by commending you on your leadership on
this vital issue. While there has been some activity in the Congress on
Year 2000 related matters, up until now it has not received the
prominence or the sustained focus it deserves. I want to thank you for
recognizing the need for this Committee, for taking on the time
consuming and difficult task of chairing this Committee, and for your
personal commitment to the welfare and security of our nation.
As we begin today's hearing, I am reminded of a statement Henry
Kissinger made in 1975 ``Competing pressures tempt one to believe that
an issue deferred is a problem avoided: more often it is a crisis
invented.'' \1\ Kissinger's statement is particularly true of the Year
2000 Technology Problem (Y2K). Y2K is an issue which has been deferred,
and a problem that has been largely avoided. Now it may well escalate
into a national crisis.
---------------------------------------------------------------------------
\1\ Henry Kissinger, TIME Magazine 1975.
---------------------------------------------------------------------------
In fact, we do not know the scope or the severity of the problem.
Right now speculation about the consequences of Y2K runs the gamut from
a low of doomsday thinking to a high of reckless optimism. The
empirical data needed for accurate infrastructure assessments and
development of broad-based contingency planning does not exist.
I can only say two things for certain about the Y2K problem. The
deadline is fixed and the litigation could be fierce. The Y2K
environment is already a highly charged legal atmosphere. As we will
hear, fears of liability and litigation are impeding some efforts to
share information about Y2K readiness.
The Y2K problem is simple to state. Some software and computer
chips interpret ``00'' of 2000 as the year 1900 which may result in
miscalculations and even system failures. Fixing the problem is
straightforward, but also time consuming and expensive, because it
requires the careful correction, testing and replacement of affected
software and chips. So for companies and government agencies alike,
coordinating the Y2K readiness of computerized and embedded systems is
principally a management problem.
But on a national level, Y2K is not simply a management problem. We
need clear leadership from the White House, and effective public policy
initiatives to prepare the country for the far reaching ramifications
of Y2K requirements and effects.
With the establishment of the President's Council on Year 2000
Conversion, we are seeing some of that much needed leadership emerge.
But the Clinton Administration has come surprisingly late to this task.
One of the hallmarks of the Clinton Administration has been its
focus on the ``information superhighway.'' In 1993, the President
established an Advisory Council on the National Information
Infrastructure (NII) to examine a wide-range of NII relevant issues.
Despite the Council's three committees, seven interagency working
groups, and countless meetings and reports, no attention was paid to
the coming Y2K challenge. Early assessments of the potential effect of
Y2K on the NII may have helped prevent the growing frenzy we are
witnessing today.
The President's Commission on Critical Infrastructure Protection
(PCCIP) was formed in July, 1996 to address new threats and
vulnerabilities emerging in the information age. While tasked to
formulate a national strategy for protecting the infrastructures
critical to our national life, the Commission was not asked to examine
the implications of Y2K on those systems. And yet, the Commission
warned that Y2K corrections could provide an opportunity for would be
hackers and cyber terrorists to ``design a subtle or comprehensive
attack'' against critical systems.\2\
---------------------------------------------------------------------------
\2\ Critical Foundations: Protecting America's Critical
Infrastructures. The President's Commission on Critical Infrastructure
Protection, October 1997.
---------------------------------------------------------------------------
In my Judiciary Subcommittee on Technology, Terrorism and
Government Information, we have been examining threats to the nation's
critical infrastructures from hackers, terrorists, and foreign states
employing the new techniques of information warfare. At our March 17
hearing, Senator Sam Nunn testified in his role as Co-Chair of the
Advisory Committee to the PCCIP:
The Year 2000 problem is a specific threat deserving immediate
attention. Clearly, there is nothing hypothetical about this
problem--we know that it is coming and we know when--and its
effects will be far-and wide-ranging in both the private sector
and the government.\3\
---------------------------------------------------------------------------
\3\ Senator Sam Nunn, Testimony Before the Senate Committee on
Judiciary Subcommittee on Technology, Terrorism and Government
Information, March 17, 1998.
Clearly, at both the national and local level, we will need serious
and well founded contingency planning for Y2K related disruptions, to
ensure, at a minimum, the provision of essential government emergency
services. When I asked John Koskinen, Chairman of the Y2K Council what
the government was doing in the area of contingency planning, he wrote
back that ``FEMA will take the lead in assuring that the Federal
government is doing all that is necessary to be ready should serious
disruptions occur.'' \4\
---------------------------------------------------------------------------
\4\ Letter from John Koskinen, Chairman of the Year 2000 Conversion
Council, April 23, 1998.
---------------------------------------------------------------------------
But I had also written to James Lee Witt, the director of the
Federal Emergency Management Agency (FEMA), to inquire about their
assessments of possible disruptions in the electric power grid and
their associated contingency plans. The FEMA Assistant Director wrote:
FEMA has performed no assessments of the Y2K computer problem
on the telecommunications and electric power infrastructures.
FEMA has no contingency plans specifically designed to address
network interoperability or embedded chip failures in either
the telecommunications or electric power industriesd.\5\
---------------------------------------------------------------------------
\5\ Letter from Kay C. Goss C.E.M., Associate Director for
preparedness, Training and Exercises.
If the agency charged with contingency planning has no contingency
plans, then either the Administration does not expect to have any
emergency preparedness needs that are Y2K specific, or the federal
government is failing in its responsibility to our citizens and needs
to correct that deficiency immediately.
Mr. Chairman, the hearing you have called today is especially
timely. The purpose of today's hearing is to allow us to gain insight
into the electric power infrastructure and the special challenges Y2K
poses to generation, transmission, and distribution systems. The
electric power industry is very complex because there are no standard
control center system configurations. They range from isolated,
mainframe-based systems developed in-house more than 20 years ago to
off-the-shelf, commercially developed, networked, client/server
systems. These system are also tied to automated substations and a
variety of intelligent electronic devices which are all susceptible to
Y2K problems with software and embedded chips.\6\
---------------------------------------------------------------------------
\6\ Electric Power Risk Assessment. The President's National
Security Telecommunications Advisory Committee, March 1997.
---------------------------------------------------------------------------
It would also be extremely helpful to hear an accurate assessment
of the effects of Y2K on the electric power infrastructure, and to
examine how disruptions could impact national and economic security.
Unfortunately, what we will learn today is that no such reliable
assessment exists. Throughout our proceedings we will hear an all too
familiar refrain in the world of Y2K: ``Nobody really knows.''
Earlier this year, the Electric Power Research Institute (EPRI)
took the lead in beginning to examine the possible effects of embedded
chip failures in the electric power industry. We are very fortunate to
have Dr. Charles Siebenthal, Director of EPRI's Y2K Embedded Systems
Program testifying before us today. According to EPRI:
Embedded systems perform mission-critical functions in all
parts of utility operations, communications, and business.
Therefore it is important, particularly for infrastructure
industries, to recognize the linkages upstream and downstream
of their own operations. Failure to address the problem in one
part of the larger system can have repercussions elsewhere.
Because of the characteristic interconnectivity of the
Information Age, Year 2000 problems experienced by major
suppliers, vendors, and customers could also affect crucial
business and infrastructure functions.\7\
---------------------------------------------------------------------------
\7\ Electric Power Research Institute http://www.epriweb.com/
year2000/power.html
There is clear reason for concern, as we will discuss today. But I
also want to point out that despite difficulties, fears, and rising
costs, the Y2K problem may also provide some unexpected benefits. For
example, some computer dependent industries and public utilities are
getting the opportunity to make much needed upgrades, which, if done
properly, may make them more resilient to other kinds of disruptions in
the future. Y2K is also prompting both private and government
organizations to review their contingency plans and improve their
readiness against information system failures, whether from internal
glitches or deliberate attack.
As we enter the next century, we will continue to build on this
vast technological landscape. The Y2K problem is the first collective
technological challenge to the nation. Like it or not, Y2K provides a
nation-wide test bed for dealing with what the effects of a deliberate
attack on the infrastrucutres might look like. We can benefit from this
opportunity to enhance government/industry cooperation and endeavor to
learn about its implications for the reliability of our critical
infrastructures With well reasoned measures, and working together, our
nation can come through this challenge stronger, wiser, and better
prepared.
__________
Prepared Statement of Louis J. Marcoccia
Part 1
introduction
The year 2000 is an event that will impact a large percentage of
existing software. Most of the existing software has the year
represented as a two character field (i.e. 1996=96). This will cause a
problem for all dates that start in the year 2000. For example, the
year 1999 is stored as 99 and the year 2000 will be stored as 00. Any
comparisons between the two dates will cause inaccuracies within the
existing systems. The year 2000 date change is one of the most
significant changes ever faced by the Information Technology Industry,
and will have an enormous impact on business applications, package
solutions, and systems software, even putting some companies out of
business. Also be aware that this problem also effects elevators, test
equipment, personal computers, and pre-packaged software. All
Information Technology and Business Units should be reviewing all
applications in its enterprise. All applications that will not be
replaced or retired by the year 2000 will have to be reviewed in
detail. The applications that will exist past the year 2000 will have
be modified to correctly handle dates in the Year 2000 and beyond. Most
of the required changes should be completed by the end of 1998. This
will allow for a complete year-end processing of all applications that
have became Year 2000 compliant and to allow for additional work on
applications not completed by December 1998, and most one year
calculations will fail in January 1999 and not December 1999.
There are two primary ways of correcting the year 2000 problem. The
first is to expand all date fields to a four character representation
and leave the existing software logic intact. The second is to leave
the date fields as two characters but modify the software logic to
handle the two character representation correctly. Organizations should
look at each application separately and determine which approach is
suitable and most cost effective. Within most organizations, there are
``client developed'' systems that the Technology Division does not
support. These systems were developed or purchased over a period of
years by the business units. It is important that Department Heads have
their representatives produce a list of all software they are
responsible for supporting.
A decision must be made to either retire, replace, or modify each
system to handle the Year 2000. In addition, plans for each application
must be made, detailing the time frame and resources necessary for
analysis, program changes, testing, conversion, and implementation.
This includes all in-house developed and purchased software. The
planning has to be done now or there may not be enough time to correct
the year 2000 problem. In addition, since this problem is so widespread
the resources necessary to make the appropriate changes will become
more expensive and less available as the year 2000 approaches. The
Technology Divisions should coordinate and assist client organizations
in developing the appropriate cost matrix for estimating the resources
needed for this project.
the problem
All application code modules that deal with date oriented
calculations must be identified for legacy system applications. Most of
these modules deal with the six digit date field, of which the last two
digits represents the year. This will cause the Year 2000 to be less
than the Year 1999. These modules must be changed to accommodate the
processing of the four digit year. All current and historical data
files and databases must be converted and reformatted to reflect the
expanded four digit year. There are alternatives that can be
implemented:
--Year field expansion from `00' to `2000'
--Add century field--add one digit
--Introduce logic algorithm--change program logic, not data
--Retire existing system with a Year 2000 compliant software package
--Rewrite system
--Retire system
--Do nothing and let systems fail--NOT A VIABLE ALTERNATIVE
In order to easily see and convince people how the Year 2000 effect
everyone we will perform a simple test using your home computer. This
is just a test. It'll only take five minutes. It won't be painless, but
the results may save a lot of anguish in the not too distant future.
Set the date on your Personal Computer to December 31, 1999.
Set the time to 11:59 pm and then turn your computer off (power-
down). Wait several minutes to allow the PC clock to go beyond the Year
2000. Power-up your computer and check to see what is the date and time
is now displayed. If your computer does not reflect the Year 2000 than
all calculation used within your computer applications will be
inaccurate.
This will apply to spreadsheets, software packages, utilities, etc.
The current date formats stored in computer environments exist in
several different two digit year formats: MM/DD/YY, YYDDD, MMYY, YYMM,
YYMMDD, etc.
In the past, in order to save computer storage and save on data
entry keystrokes the computer industry standard for storing the year
field was to use a two digit field. All computer systems must be
changed to process the two digit Year. Either the year digit must be
expanded to four digits or a logical translation that is coded to
recognize the differences between centuries.
why systems will fail
When computer systems clocks reaches the Year 2000 computer
programs will recognize the date as 1900 because of the current two
digit format: Incorrect calculations. If we do not change the computer
logic to recognize the new the Year 2000 software will assume the year
field to be 00 to be the 19 hundreds, an erroneous answer will result:
Problem A
Current Should happen Will happen
99 2000 00
55 1955 55
-- ---- --
44 45 55
Problem B
Should happen Will happen
2000 00
1996 -96
Erroneous comparisons
Computer comparisons will produce an incorrect results.
Should happen Will happen
2000 > 1996 00 < 1996
What has to be changed:
--Computer programs with date routines for (in-house programs and all
third party software packages)
--Data Storage (files), Current and Historical?
--Data Display (screens, reports)?
--Interfaces (system to system)
--External Interfaces
--Data Center Operations
tape management systems
scheduling systems
operating environment (CICS, MVS, etc.)
--Computer Hardware (mainframe, mid-range, personal computers)
--Embedded Systems
--It is a multi-platform/multi-language problem
--IT IS A BUSINESS PROBLEM
why isn't addresses already
Impacted systems are old and not state of the art technology
therefore, IS industry does not see glory in doing this project. Dates
are distributed throughout the enterprise and locating and correcting
these dates are an enormous task. This project for most organizations
will be costly with no Return of Investment, except that the billions
of dollars invested in our legacy systems will not operate properly. As
with all legacy systems, this problem is messy, expensive, and
unromantic. No one wants to go in and tell management ``they have a
multi-million dollar requirement just to keep the business running and
that they really have no options.'' For the last thirty years,
programmers have been writing programs which calculate dates for most
business applications such as; pension checks, social security checks,
mortgage calculations, credit card processing, etc. As the year 2000
creeps upon us, organizations across the world have been ignoring the
Year 2000 problem. The IT community as well as senior management are
still in denial and apparently expects a magic pill to be developed to
solve this problem. It is not that the programmers do not know how to
fix the date problem, or that current programming languages are
incapable of handling dates in the next century. The problem is that
millions of lines of old, legacy code, primarily on the mainframe, is
still in use in business around the world processing mission critical
systems. These systems have been around for the last ten to thirty
years, were coded in a non-structured spaghetti code, and changes to
these systems over the years have made them very difficult to modify
these programs and maintain in good shape. The programmers that coded
these programs are no longer around, or third-party software is no
longer maintained by the vendor or organizations have taken over the
responsibility of the third-party software. The world has a business
disaster, that is well known, be predicted, and we know how to fix it.
The time and date on which the meteor will hit earth is known. Like a
``Legal Virus'' ( receiving data from another system that was
calculated incorrectly from another system that was not processing the
Year 2000 correctly). It will descend upon us like a plaque. When I
testified in front of the first United States Congressional Hearing, as
an expert witness on the Year 2000 on April 16, 1996, I said that the
only way we can delay the implementation of this problem was to
``Legislate the Year 2000 away.'' This is only dead line that cannot be
pushed back and still the Business and IT community continues to ignore
it.
I also stated that the Year 2000 is a management problem, not a
technical problem. There is plenty of technology issues that IT needs
to help senior management solve this business problem. And if we
haven't address this problem now--we are now late to avoid some degree
of severe business problems by the year 2000 and even earlier. Many
business systems will fail much earlier than January 1, 2000.
year 2000 realities
As the Year 2000 approaches and organizations starts to address
this problem IT organizations will experience high turn-over rates. As
the worlds gears up for the battle, the old Mainframe Cobol Programmer
will be the most desired creature in IT. Forget about Visual Basic,
Oracle, Client-Server--Learn Cobol. Consultant firms and the company
across the street will offers huge salary increases to your staff to
change jobs. Expect all computer programmer salaries to EXPLODE as the
deadline approaches. Many firms may have large numbers of computer
tapes and files unexpectedly erased due to automated systems that
haven't been told that time has reversed! Fallout from this is
difficult to predict. Probably these same firms will try to hire more
of those overpriced programmers. Look for possible quick fixes for some
systems The cleanest way of applying the four-digit fix is to expand
all date fields in every program, data-file, and database. The
difficulty in making these changes is the size of how many fields and
files that needs to be changed, assuming you can easily identify where
these date are located (this is no easy task). Getting there. Think
about researching the following organization:
number of modules = 25,000
number of jobs = 7,000
number of lines of code = 15,000,000
number of dates = 200,000
number of interface files = 250
platfomms = IBM mainframe, AS/400, System/38, PC, Client-Server
languages = Cobol II, SAS, Culprit, Assembler, etc.
file structures = IMS, CICS, VSAM, Flat Files, Third-party
Software
embedded processes = 175 embedded processes
Data is passed among hundreds of files dealing with thousands of
programs both batch and on-line. Data is also sent to and from outside
applications and organizations via magnetic tape, cartridges,
diskettes, Internet, Intranet, EDI, Local Area Networks, etc. If a
company applications, that you do business with, does not work properly
after the Year 2000 then your company may suffer financially, fails to
sell or ship any product; fails to bill for your product; or may place
your employees life or health at risk. The U.S. has thousands of
lawyers and they will be in a position to put your organization liable
for failed applications. Auditors, and Outsourcers, financial backers,
and software suppliers, and their consultants would potentially become
liable. Data files (current, historical), computer programs, interface
files, and all other programs and files affected, from the same or
other systems, would have to be syncrinized, tested and implemented at
the same time into production or bridges must be developed and
implemented for the transitional period.
Their are two Basic approaches for fixing code: Expansion and
Windowing Expansion: The Expansion of two digit year field to four
digit year field (MM/DD/YY/CC). It is the most cleanest and straight
forward solution. For the long term and for maintaining those
applications in the future. It will be very difficult to control
downstream impact on sorts, DASD, file sizes, etc.
Advantages of the Expansion Approach:
1. Will be a long term viable solution.
2. Application will not be dependent on different algorithm.
3. Single technique for all modules.
4. Conversion of many modules might simply require a
recompile.
Disadvantages of the Expansion Approach:
1. Requires conversion of ALL program modules.
2. Conversion of programs and data may have to occur
simultaneously.
3. Many business application's can not afford to be down the
required time for such massive, simultaneous conversions,
especially database systems.
4. Because interfaces between systems are significant,
(foreign keys, referential integrity issues), there would have
to be one mass conversion of segment of work would have to be
partitioned.
5. Change Control, Version Control, would have to be tightly
controlled and managed since programs need to be implemented
simultaneously. Changes to the source code, keeping the
converted Year 2000 code in sync with updates to the current
code will be difficult to control and manage. The alternative
is to freeze all maintenance and enhancements until conversion
is completed. This option is very difficult for organizations
with market pressures.
The Windowing Approach becomes a viable alternative for some
systems. The Windowing approach ignores the expansion of all date
fields and will code standard copy routines, per application
requirement, several standard date routine using date window to
represent the century in performing calculations on 2-digit years. No
expansion of current or historical files, except for some system
interfaces, dates used in key files, and fields that span over 100
years.
Advantages of the Windowing Approach:
1. No physical conversion of data (current or historical). No
required synchronization of data and program conversion.
2. Program conversion can be phased in--one program at a
time.
3. Some modules will require no conversion while other
modules will require only minor changes
4. Only dates used in calculations will have to be dealt
with. Dates used in display or definition are not required to
be corrected.
Disadvantages of the Windowing Approach:
1. Many program modules will require extensive code changes
for date fields used in calculations.
2. Will not handle cases where 100 year span is involved.
Those applications will have to be expanded to a eight digit
date. This is typical with birth date, land acquisition date,
etc.
3. All programming staff will have to be made aware of the
subroutines for determining century by each application.
4. Each application in your organization can have different
number for it's logic comparison.
major steps to implementation
I. Legacy System Clean-Up
II. Change Control Environment
III. Successful Year 2000 Implementation
IV. Testing
I. Legacy System Clean-Up Process
overview
This process, or any piece of it, will be required for many
organizations dealing with the Year 2000 in which these deficiencies
exist in their organizations. If any part of these conditions exist in
your shop, they will have to be resolved before the Year 2000 project
is implemented.
Description
This process requires a number of tasks to be performed
housekeeping/repair function involving all systems. The purpose of the
project is to establish a stable production environment by installing a
Corporate Change Control process at the application level, cleaning-up
production jobs while maintaining functionality, developing standards
on-line, and monitoring the changes on an ongoing basis. These
activities are to prepare systems for correction of deficiencies in
Applications.
Background, statement of problem
Examination of the current environment should determined what
percent of the production jobs had adequate operating instructions also
determine duplication of software modules in multiple development
libraries was extensive, and the manpower needed to support production
in the applications.
An analysis of the production log should be examined to determine
what production jobs are being run from development libraries, by non-
operations personnel. A protracted, round-robin implementation cycle
which forces the applications to circumvent industry accepted
production migration routes. The primary users of several major
applications insist that the time has come for either an extensive
improvement of their application, or, a complete re-write, because of
the lead time necessary to change a function within these systems. This
is a symptom of old program code.
Deficiencies identified
Listed below are problems that may exist in production systems
which require analysis and re-certification during the execution of the
Legacy System Clean-Up:
Application Environment Deficiencies:
1. Normal migration routes are being circumvented.
2. There exists a duplication of software modules within
multiple development libraries.
3. There is a low level of program update activity resulting
in extensive lead time for maintenance changes.
4. Insufficient system documentation.
5. Latent error conditions exist in Production Jobs.
6. Inadequate and non-existing job operation documentation.
7. Production Jobs being run from non-production libraries.
8. `Dirty coding' exists in Production programs.
9. There is an absence of documentation which identifies
Interface files.
10. A lack of a data dictionary which is a repository for all
applications components and elements.
Legacy system clean-up deliverables
Task 1: Installation of a single production module
Task 1 General approach
All Production programs in a System must be researched for
compliance to the above Task 1 General Approach. It is not intended
that is render an opinion on the quality, effectiveness, or suitability
of a given module with regard to its intended business function.
Must check for multiple modules of a Program, determine which is
the current version running in production or quasi-production status
conduct testing to confirm that said determination is correct, and
install that current version into the Production Library. To the
maximum extent possible, freeze windows for each Application will be
established and agreed to by IT and the client. Once a single
Production module has been identified, it will be necessary to match it
to its source code and to place the source code into protected archive.
This ensures that future modifications will be applied to the correct
source code.
Task 1 Deliverable
A Production library containing a single version of Production
Programs for each application. Programs for each application must be
installed into a Production Library.
Task 2: Document all interfaces
Task 2 General approach
Identify each data file that enters and/or leaves and application
from/to another application. Define all external interface files.
Task 2 Deliverable
Deliverable: A report produced for each system, in control document
format, that identifies and describes all interface files existing in
all Production systems, containing:
--The System and Job names that created the file.
--The Systems(s) and Job Name(s) and/or foreign designation of the
file.
--The data set name of the file.
--The data field content of the file.
--The media on which the file resides.
--Timing of file creation.
Task 3: Analyze and prioritize production systems
Determine whether an Application should undergo major rewrite,
partial rewrite, revision, or acceptance.
Task 3 General approach
The reports must address all production applications and highlight
those programs or current business functions supported by an
application, that are candidates for revision, and their type. The
Company Strategic Plan should provide the starting point for assessing
each application's ``candidacy'' for replacement, re-write or revision.
Task 3 Deliverable
Deliverable: Systems/Programs Evaluation Reports that states which
Production Application should undergo major re-writing, minor revision,
or require no revision. Also, recommendations will be made about
whether certain applications can be reengineered or right-sized.
II. Change Control Environment
preface
The Corporate Change Control Management System (CCM) process as
controls the migration of source modules, load modules, execute JCL,
production PROCS, file definitions, and screen maps, executables, etc.
for each application from test environments to production for all
platforms. This process is also intended to provide line-item level
change tracking in test or production environments, and is designed to
track items in non-source-editable form (e.g., RACE changes, CICS RDO
table changes). Vendor supplied updates to package software is
facilitated by using a distinct ``language type'' value to identify
package source.
The previous version would be archived during this process.
Maintenance of customized software package modules should follow the
standard change control procedures defined in this process.
overview
Continual change is a characteristic of nearly all application
software systems. Management and effective control of the change
process is key to ensuring that systems are developed and maintained to
provide their users with the service they require at an acceptable
cost. The procedures defined in any CCM procedure is to promote
effective control of the changes made to applications during the course
of new development, routine maintenance, and emergency modifications.
The CCM procedures are derived from a number of specific objectives for
the CCM process, and embody a number of design principles.
The OBJECTIVES of the change control management process are:
1. Consistency.--There should be a standard set of
environments through which applications are migrated during
development and maintenance. Although every application will
not necessarily make use of every defined environment, the set
of environments should be the same for all systems.
2. Flexibility.--Some applications may use a subset of the
full set of environments. However the migration rules should be
consistent for all applications.
3. Audibility.--It should be possible to trace the history of
and the reasons for any changes made, including emergency
fixes.
4. Ease and Speed of Operation.--The procedures for effecting
migrations should be such as to enable applications to be moved
through the required stages of development or maintenance
quickly. The activities needed to perform a particular
migration should be carried out automatically by the system
following receipt of such input.
5. Uniqueness.--A given source module should exist in only
one of the Development environments at any one time, in
addition to Production.
6. Concurrency.--The system must permit the emergency repair
of a given module without jeopardizing ongoing maintenance of
that module.
7. Access Control.--Access to entities and activities should
be emulated according to the appropriate authority levels
(i.e., only staff assigned to a given Applications group may
access module types for that group, and only Project Leaders
may initiate forward migrations).
8. Recoverability.--Back out procedures must exist to cover
cases where an attempted activity is not completed
successfully. Information relating to the system must be clear
and statement of rules published should be kept up to date and
preferably on-line. To enable these objectives to be achieved,
the following PRINCIPLES have been incorporated into the design
of the CCM system:
Library Control.--A software product should be used
to provide the basic facilities used to implement the
Change Control Management system. The facilities
provided will be supplemented by other automated/manual
procedures.
Security Software.--Will be used to control access to
an activity or entity not under control of Library
Control software product.
Environment.--Specific environments will be
recognized by Change Control Management, and will apply
to all applications. These are comprised of
Development/Test, System Test (optional), User
Acceptance Test, Quality Assurance, Production and Post
Production Support.
Migration Rules.--For the transfer of applications
between environments will be incorporated within the
Change Control Management system.
Module Versions.--The software system source archival
facility will be used to store prior versions of a
given module release level while it exists in a given
environment. Although this facility is available in all
environments, its use outside of Production is not
necessary.
Other Environments.--(e.g., Training) which may be
created for specific applications, will be controlled
by the Change Control Management system.
Existing Operating Environment.--Existing operating
environment like, should be used wherever possible, to
enter and initiate Change Control Management (CCM)
activities.
III. Successful Year 2000 Implementation
phase 1--analysis
Purpose
To estimate the cost and resources needed to implement all
application software on diverse software/hardware platforms, including
in-house developed and third-party vendor software and hardware.
Steps
1. Establish a Year 2000 project manager and team.
2. Develop a communications network with the organization.
3. Establish a date standard for all in-house and package software.
4. Develop a portfolio of all third-party software and hardware.
Formally notify and coordinate with software providers for their plans
to become Year 2000 compliant.
5. Have all business units within an organization agree on one
overall strategy, recognizing that the tactical implementations might
be different.
6. Secure consulting services, if required, by class for all
platforms or perform analysis with internal staff.
class 1--turn-key solution
class 2-project management firm
class 3--body shop firm
7. Produce the Phase I analysis for all systems by category.
category 1--applications retained and to be converted
category 2--current ACTIVE plan to replace application's
category 3--applications already year 2000 compliant
phase i--technical reports (analysis)
1. Impact estimates
--resources required for the Year 2000
--identification of each computer module impacted
--total number of impacted lines per program
--total work hours/cpu time required for conversion
2. Where dates are located
--locate and print out every impacted line in each impacted program
module
phase i--management reports (analysis)
3. Business impact statements
--describes what the business impact will be for each application if
not Year 2000 compliant
4. Project schedule
--enterprise detail schedule for all category 1 applications
5. Cost matrix report
--cost estimate for all resources needed for all category 1
applications--hardware, software, testing, staffing, data center
upgrades, etc.
--preliminary cost estimate for category 2 applications
--listing and confirmation of category 3 applications
ii. phase 2--implementation
Purpose
To implement the tactical plan developed in Phase 1 analysis.
Steps
1. Secure and mobilize the necessary resources defined in Phase 1
(Analysis).
--in-house team fixing and testing
--consulting services
--software purchases
2. Select a pilot application to verify the cost model developed in
Phase 1--Make the necessary cost adjustments based on the pilot
results.
3. Resolve the necessary legal /procurement issues.
--third-party providers questionnaire
--third-party software and hardware
--Year 2000 compliant statement in contracts
IV. Testing
definitions
Year 2000 Compliant Application.--The application has been
successfully tested (included century tests) on compliant operating
system software in all test regions. It has also been moved to
production and is running on the same compliant platform that was
tested upon.
Year 2000 Capable Application.--The application has been
successfully tested (including century tests) and moved to production.
At least one test platform and/or the production platform is non-
compliant. It is assumed that the test and production platforms will be
made compliant at some point. Century testing will take place again for
critical applications to ensure the application is compliant. If
testing is successful, the application becomes Year 2000 compliant when
the application is replaced in production.
Year 2000 Non-Compliant Application.--The application has not been
tested, or the application has failed to test successfully.
introduction
The Testing approach should describes the Year 2000 overall testing
approach. It should be noted that this is a planned approach, not an
absolute approach, and may need to be adjusted per application based on
such factors as application criticality, who converts the application,
and other project impacts upon an application. Several early
conversions will help ``prove out'' the direction specified in this
document. Corrections or adjustments to the plan should be made as
appropriate.
Conversions to supported applications may be made either in-house,
by the vendor owning the code (which potentially means upgrades to
compliant releases for packages), or by a third-party vendor.
Regardless of who actually converts and tests the applications, the
Year 2000 team will need verification that all applications are year
2000 compliant. An overall test plan, test specifications, test
scripts, and test report will be required for each application to be
certified as compliant. The amount of detail within these deliverables
will vary according to the application. Test scripts will be automated
as much as possible to provide a repeatable test process.
century test
The Test team will generate the test material needed for Century
Test. This will be a set of test cases to test specific date related
functions extending into the next century or back into the previous
century. The Test team will also create separate processing ``Jobs'' to
``age'' test data as the system date is rolled forward. At this time,
century testing will be accomplished using a date simulation tool or
advancing the system date manually. The `basic' Century Test is to take
the test data produced for system testing and repeat the test in the
next century with a range of system clock settings. Applications may
have additional dates, beyond the core set of dates to check, which
must be tested. These additional dates will depend on what is critical
to each application. The depth of century testing must be decided on an
application by application basis. Testing is resource and man-hour
intensive and the effort required to achieve close to 100 percent level
of confidence may not be commensurate with business risk.
steps to implementation
These steps will be used for all platforms and embedded systems for
the Year 2000 project. Included are assumptions, and the strategy to be
used for testing applications after the code is modified for year 2000
compliance. While some applications may choose not to follow this
approach, this is the preferred approach.
1. At the time that an application (or bundle of applications) is
sent out for actual modification, a copy of this application is
``saved'' as the Baseline code.
2. The code is ``checked out'' using the change control process and
process code for modification. Ideally, this would be a freeze point
for code modifications. An ``emergency fix'' process will be in place
to ``get around'' the freeze.
3. When the source is returned, the first test executed should be a
``no damage'' test. This test is to establish that the application
still functions as it did before changes were made.
3.4 Compile the Baseline code on the test system (new
machine or LPAR).
3.5 Establish data for testing the application.
3.6 Run the application and unload results to a file for
comparison.
3.7 Re-establish the same data in step 3.2.
3.8 Compile the modified code on the test system (new
machine or LPAR)
3.9 Run the application using the modified code and unload
results to a file for comparison.
3.10 Electronically compare the results from step 3.3 and
3.6. Any discrepancies will have to be researched and possibly
logged as a problem to be fixed.
4. Year 2000 century tests should be done to ensure that the code
handles year 2000 correctly. After this test, you can be reasonably
assured that year 2000 changes were correctly applied. Parts of this
testing can occur in the ``no damage'' test--if the scripts include
simple date testing. An official acceptance of the code should be done
by if all test results are acceptable to this point.
Retrofits should be applied. Any changes to code and moved to
production while the code was out for modification will have to be re-
applied to the modified code.
Note: This does NOT include changes that were in development at the
time baseline was created that have not already moved to production.
Prepared Statement of Louis J. Marcoccia
Part 2
introduction
The Utility Industry has not met the criteria for a successful
implementation of a Year 2000 project for their mission critical
systems. Therefore they have failed in their responsibility to their
stockholders, partners, and customers. The Industry regulators have
also failed in their responsibility to the American people. I believe
their failure will cause major disruptions here in the United States
and overseas. I say this based on the following analysis.
Criteria for my Analysis
All mission critical computer and embedded systems must be
compliant by 12/31/1998. There are 5 major reason why the Industry
needs to be compliant by this date:
1. To allow for a complete year-end process of corrected code
and take advantage of factory shutdowns before the Year 2000.
2. To allow for a contingency for unexpected problems not
resolved in 1998 or if the project is generally running late.
3. To allow for Integration testing within an organization
and between external partners.
4. To allow for replacement or upgrades of computer software,
computer hardware and embedded systems that were delayed and
not completed in 1998.
5. A one year calculation, which are present in many systems,
will fail in 1/1/1999 and not 1/1/2000.
I used the following criteria to establish a successful Year 2000
implementation:
--All mission critical systems that require corrections are fixed,
tested, implemented into a Year 2000 production environment.
--Formally document which systems are going to be retired.
--The current software, hardware, and embedded systems that were
candidates for replacement have in fact been replaced.
--All major external interfaces have been identified and contacted.
--The strategy for the Year 2000 correction and implementation has
been agreed to and documented.
Readiness of Computer Systems
--Currently, many large Utilities have not identified what needs to
be corrected.
--The Industry has not yet determined how they will fix or test what
they have found.
--The Industry has not yet determined the resources requirements for
the entire life cycle. (finding the problem, fixing the
problem, testing the problem)
--The Industry has not developed contingency plans for it's mission
critical systems if failure occurs.
--The Industry is not in a Triage mode in determining what systems
must be compliant by 12/31/1998.
--Replacement strategies for non-compliant computer systems with
compliant software purchases or converting these systems to
another platform have started to late to avoid fixing the
existing systems. It is risky for these companies that are not
in the implementation phase to begin a replacement project.
--The Industry is finding it extremely difficult to Retire systems.
They have not identified all elements of a system in-order make
the retirement decision.
--Many Utility companies have found it extreme difficult to identify
it's entire portfolio of systems and all the elements that make
up that system. This type of environment is called a `dirty
shop'. The clean-up process of a dirty shop must be done before
the Year 2000 process begins. This activity can take anywhere
between on week to six months to complete.
There are several major Utility companies that have not even placed
one line of compliant computer code into a Year 2000 production
environment or have a complete documented understanding of a process
that will allow them to implement a lot of computer code in the
shortest period time. Many of these companies have over 25 million
lines of code to be made compliant. At this point in time they should
have implemented 60 percent of their application into a Year 2000
production environment. If history is a predictor of the future, it
will take approximately 10-15 months, for a committed company, to make
10 million lines of mainframe code Year 2000 compliant.
Embedded Systems
Because of the slow start in dealing with the computer systems the
embedded systems is the area the Industry has fallen far behind in
their understanding on how to find, fix, and test these embedded
systems. We currently know that there are embedded systems that will
either fail or not work for a period of time. For example, we have
known for years that many systems associated with oil tankers will not
work beyond the Year 2000. The Industry will probably tell us that they
have done an inventory and/or assessment of their embedded systems. The
Industry have not answered the following questions:
--They have not identified those individual components that will
fail.
--They have not identified unknown or obsolete components.
--They have not developed a fix or test solution for those components
that have a problem.
--They have not identified all the resources required to find, repair
and test a component, process or system. The IEEE organization
have identified approximately 34 different types of tests that
can be performed on an embedded system.
--They have not identified the lead time requirements and cost for
replacing existing non-compliant components with new purchased
components.
--They have not developed a contingency plan in case the replacement
strategy is not executed in time.
--They have not associated individual components with their
processes. One component that fails in a process, that uses
several components, can bring down an entire system.
Interfaces
Since the Industry and the Regulators started late in the Year 2000
process their efforts to effectively communicate with their partners,
suppliers and customers have been hampered. Most attempts of
communication have been legally sanitized at best. Many Utility
companies depend on suppliers for raw material and if there is a delay
in the flow of that material disruptions will occur. As late as the
United States is in dealing with this problem overseas companies are in
worse shape. For example, if an Oil company depends on crude oil
shipments from overseas companies and that company has not corrected
it's Year 2000 a ripple effect of delays will occur that will result in
effecting the American consumer.
The fallout of the Industry self protection mode has resulted in
the following:
--The most mission critical suppliers and customers have not been
notified in a meaningful way as to the status of the Year 2000
as it relates to them.
--The integration testing required between supplier and customer has
not been fully communicated, understood or documented.
--The two basic interface question that are not yet answered:
1. When will you be Year 2000 compliant for each
interface that exist?
2.What format will you use for each interface that
exist?
Regulators
The NRC, FERC, State Regulators, and others have and continue to
be missing-in-action in helping to solve this problem. The Regulators
have lagged behind in taking a more proactive role. The Regulators have
failed at the following activities:
--Gathered appropriate level information and the right information.
--Determine or understood how the Industry plans to test and
implement the their solution.
--They do not have a effective way of analyzing the information they
received.
--They cannot determine the accuracy of the information they
received.
--Appropriate level of audits are not being done.
--And finally, regulators did not insist that the Industry complete
it's Year 2000 solution by 12/31/1998.
Conclusion
There are pockets of successes that exist within the Industry. But,
when I take a pragmatic look at the information I have seen, things I
have experienced and people I have talked to in this Industry I can
only conclude that the readiness of the Utility Industry is not
acceptable.
______
June 16, 1998.
Senator Robert F. Bennett,
Chairman Special Committee on the Year 2000 Technology Problem
Dear Senator Bennett: I appreciate the opportunity to appear before
your committee last Friday concerning the Year 2000 issue as it relates
to Utilities. As I testified, many utilities face serious obstacles in
reaching an appropriate state of readiness before we reach the
millennium date. My comments were based on comprehensive discussions
and knowledge with numerous utility companies.
Upon reflection, I want to clarify one potential area for
misunderstanding related to the hearing. During the opening remarks, I
was associated with several of my utility clients. I want to assure you
that my testimony did not reflect my views on the state of Year 2000
readiness of these companies. For example, Duke Energy, where I have
served in a technical consulting capacity for the past 19 months, is
regarded by me and several other knowledgeable outside expert as an
industry leader in terms of Year 2000 readiness. They will have
substantially completed their needed Year 2000 readiness efforts by the
end of the year.
In addition to Duke Energy, there are many other utilities that are
successfully addressing the Year 2000 issue. However, I still remain
concerned that the industry as a whole has not yet taken sufficient
steps to meet this serious problem.
If you need additional information, please let me know.
Yours very truly,
Louis J. Marcoccia.
__________
Prepared Statement of Elizabeth A. Moler
Mr. Chairman and Members of the Committee: It is an honor for me to
appear before you today at the Committee's inaugural hearing. You have
asked me to focus on the readiness of the utility industry, including
electric and gas utilities, to deal with the Year 2000 technology
problem.
Before I turn to the specifics of my testimony, let me commend you,
Mr. Chairman, as well as Senator Dodd, the Committee's Ranking Democrat
and the other Members of this Special Committee for your willingness to
invest your time and energy on this important subject matter. Computer
technology has become a pervasive part of our society and our Nation's
well being. Both techologists and leaders in all sectors of our society
must work together to insure that we are investing adequate energy, and
resources, in addressing this important potential problem.
President Clinton and Vice President Gore have paid particular
attention to the need to address the Year 2000 issue. They personally
recruited the former OMB Deputy Director for Management to Chair the
President's Council on Year 2000 Conversion. You will hear testimony
from Mr. Koskinen later today. The President and the Vice President
have spoken repeatedly on the need for both Government and the private
sector to address the issue. Back in February, when the President's
year 2000 Conversion Council was being formed, the Vice President met
personally with the Members of the President's Management Council on
the Year 2000 and stressed the importance of the issue. He made it very
clear that we, as managers, must pay particular attention to the issue.
We have used the Year 2000 Conversion Council as a vehicle for the
Administration to identify the Adminstration's key participants who
will focus on various sectors of our economy. You will hear more about
that management structure in Mr. Koskinen's testimony later today. The
Energy Working Group of this Council includes all relevant agencies.
The Department of Energy has agreed to take the lead on the electricity
sector, so my testimony will focus on that sector. The Federal Energy
Regulatory Commission (FERC) has agreed to take the lead on the oil and
gas subgroup, so you will hear from FERC Chairman Hoecker on that
sector.
Electricity is one of those ubiquitous things Americans take for
granted. It is also the lifeblood of our modern economy. Simply put,
our Nation depends upon a reliable supply of electricity. We cannot
afford to have the Year 2000 technology issue disrupt our Nation's
supply of electricity.
Our domestic electricity industry has had a long and proud history
bringing reliable, affordable supplies of electricity to American
consumers. The industry has its own reliability organization, the North
American Electric Reliability Council (NERC), which was formed in the
aftermath of the 1965 Northeast power outage. When I think about
reliability issues, I automatically think of NERC. It is the industry
organization that has been responsible for electric reliability for the
past 30 years. NERC is a privately chartered, industry run
organization. While the Administration's Comprehensive Electricity
Competition Plan calls upon Congress to strengthen the government's
authority and oversight of NERC, at present there is little in the way
of either Federal or State regulatory authority to address reliability
issues.
Consequently, when the Department of Energy agreed to take the lead
in assessing the electricity sector's Year 2000 readiness, Secretary
Pena and I turned to NERC. On May 1, 1998 we wrote to Erle Nye,
Chairman of the Board and Chief Executive of Texas Utilities Company,
who is also the current Chairman of NERC. We asked NERC to undertake a
comprehensive assessment of the industry's Year 2000 readiness. Our
letter is attached to my testimony. NERC agreed to our request and has
taken on the key task of best assessing the industry's state of
readiness, and coordinating the industry efforts. We expect to receive
an interim report this fall, and a complete assessment next July. We
will closely monitor progress along the way.
Let me emphasize that the Federal government cannot solve this
problem. It is up to the industry itself to do so. Every leader, every
officer, and every manager in this industry must feel a sense of
responsibility for solving this problem. That is the only way we'll get
it done. The Government's primary role is to facilitate industry
efforts, without getting in the way or creating needless bureaucratic
hurdles that distract attention rather than add value.
With these introductory remarks in mind, let me describe the
industry and the Year 2000 technology issue in a little greater detail.
the y2k technology problem
The Year 2000 challenge facing energy utilities is in some respects
comparable to that in other sectors. As in other sectors, noncompliant
software in a computer can affect a company's back office operations,
such as financial control, human resources (payroll, benefits, etc.),
purchasing, inventory, plant maintenance, and other administrative
operations, and can impact direct operations and exchanges of
information. Energy companies use computers to connect plants,
refineries, district offices, and major administrative and operational
systems that interface with large data centers. Computers are also used
to remotely control transmission system breakers, coordinate power
generation schedules, compensate for transmission line outages, and
provide protection against voltage, current, and frequency
fluctuations.
Year 2000 readiness for energy utilities and other sectors also
necessitates attention to the performance of embedded microprocessors.
Embedded systems are present at plants, pipelines, control and dispatch
centers, headquarters, and other energy facilities. Identifying Year
2000 problems in embedded systems can require significant hands-on
effort. Inventory, assessment, and remediation of embedded systems can
be difficult, expensive, and time consuming. Many experts believe that
embedded hardware systems pose the most significant Y2K readiness
challenge to energy utilities.
the electricity industry and y2k
The electric industry includes entities that generate, transmit, or
distribute power, or do all three. Although security and reliability
are also very important to natural gas and oil pipeline operations,
electricity has some extraordinary features that make it somewhat
unique as a commodity. Electricity flows across large regional networks
according to physical laws and cannot be routed by switches or stored
in large quantities. Supply and demand for electricity must be kept in
balance at each instant in time on a continuous basis. Reliability is
essential and can be maintained only through constant cooperation among
many parties. Grid control is decentralized into approximately 150
power control areas within the contiguous 48 states that are
interconnected and must coordinate their activities to maintain
reliability. There are three large transmission grids: one in the
Eastern part of the United States, one in the Western part of the
United States, and one in Texas.
In addition to its unique characteristics as a commodity,
electricity also has a unique importance in the economy and the lives
of our citizens. The $212 billion domestic electricity industry is a
backbone industry, one on which all other industries and the general
population depend.
Business and personal activities across our nation rely on billions
of daily applications involving electric devices, that, in turn, depend
on a reliable source of electricity. Experience with major
interruptions in electricity supplies due to this past winter's ice
storms in upstate New York, Maine, and Quebec graphically illustrates
the disruption and dislocation that can arise from extended outages.
y2k readiness for the electricity industry
The operators of the electricity system and the vendors who supply
it, together with industry-wide organizations such as the North
American Electric Reliability Council and the Electric Power Research
Institute (EPRI), are the main sources of the skills and resources
needed to assure a smooth transition. While many components of the
industry are ``attending to business'' with respect to their individual
Y2K preparations, it is important that individual companies'
preparations be recognized as contributing to the totality of all such
preparations. It is for this reason, that Secretary Pena and I
specifically asked that NERC undertake the leadership role within the
electric power industry to assure that the Y2K problem is resolved in a
comprehensive way so that no serious electrical disruption occurs. We
also asked that NERC report to the Department by July 1, 1999, that
critical systems needed to maintain the integrity of the interconnected
grid have been tested and will be ready for the Year 2000.
The Department and the Y2K Energy Working Group felt strongly that
NERC was the natural focal point for this activity for several reasons.
First, as I mentioned earlier, NERC was established in the aftermath of
the major Northeast power disruption in 1965. It is the industry's
organization that has been responsible for electric reliability for the
past 30 years. We believe this to be truly a reliability issue and NERC
has both an excellent record and a well-deserved reputation for
resolving reliability issues. Second, NERC includes all segments of the
industry from large to small, from generation to consumer, and from
region to region. This initiative must be coordinated so as to embrace
the entire community. (A membership list of NERC's Board of Trustees
and Observers has been provided to the Committee.) NERC's Board of
Directors agreed to undertake the assessment and coordinating role; we
appreciate their very positive, enthusiastic response. Of course, it
goes without saying that we stand ready to assist NERC in every way
possible.
I understand that NERC's President will appear before this panel
later today, so I will not address their plan in detail. NERC's Y2K
program will focus both on the interconnected grid of major generating
stations, substations, and high voltage transmission lines and on
distribution networks. Clearly, protecting the bulk power system is a
top priority in the electric sector. However, Y2K readiness needs to
extend beyond this system, to the distribution networks that serve
America's electric consumers. Distribution systems are extremely
diverse in nature. While large investor-owned utilities serve the
majority of customers, municipal utilities and electricity
cooperatives, including both large and small entities also play an
important role. These parts of the electricity supply system will also
need to address the Y2K issue.
the y2k issue and electricity competition
We do not see Y2K concerns as an impediment to efforts to promote
greater competition in electricity markets. Progress on federal
legislation will help to provide appropriate institutional structures
for protecting reliability that are compatible with the emerging
competitive marketplace for electricity. Many of the toughest Y2K
issues concern embedded hardware, which involves different resources
than software. In any event, I do not believe that the Y2K issue should
be viewed as a competitive issue; it should instead be viewed as a
reliability issue.
Early updates already being planned to make industry information
systems consistent with competition can actually advance our Y2K
interests. Some industry sources have commented to me that they think
that California's investment in systems compatible with competition,
all of which are Y2K compliant, have put them ``ahead of the game'' in
terms of their Y2K response.
beyond electricity: the y2k issue
As I mentioned earlier, the President has established a Council on
Year 2000 Conversion, under the Chairmanship of John Koskinen, which is
looking at the Y2K issue from an economy-wide perspective. Clearly, the
energy utilities cannot assure their Y2K readiness in a vacuum. It is
clear, for example, that electric utilities will need access to timely
and accurate assessments regarding the likely status of their fuels and
transportation infrastructure, as well as the situation in industries
that account for a major portion of electricity demand, as they plan
for a smooth transition. Like other enterprises where industry-wide
information-sharing can play an important role in Y2K planning, energy
utilities will also be interested in ways that government might provide
assurance that legitimate activities to promote Y2K readiness will not
run afoul of antitrust rules or increase liability exposure.
conclusion
The American people have a right to expect the electricity sector
to be prepared for a smooth Year 2000 transition. People can dream up
doomsday scenarios of what might happen if the industry is not ready.
We need the facts, not doomsday scenarios. Once we know what the facts
are, we can go from there to solve any problems that emerge.
Ultimately, the electricity industry itself bears the primary
responsibility for addressing the challenge of assuring a smooth
transition through critical dates surrounding the Y2K issue, as well as
the skills and knowledge needed to meet that challenge. Government's
role is to facilitate their efforts by promoting the sharing of Year
2000 information within the industry, its companies, suppliers,
consultants, and state and local regulators. We can help disseminate
what is known in other industries about similar products and problems,
and we can maintain an awareness about factors external to the industry
upon which energy depends. We can also help to keep government speaking
with a consistent, calm, voice and cooperate with other levels of
government to minimize requirements that do not add value.
We look forward to working with the Special Committee in the months
ahead and we welcome both your input and your questions.
______
The Secretary of Energy,
Washingion, DC, May 1, 1998.
Mr. Erle Nye,
Chairman of the Board,
North American Electric Reliability Council,
1601 Bryan Street, Dallas, TX
Dear Mr. Nye: We are writing to seek the North American Electric
Reliability Council's (NERC's) assistance in assessing whether the
Nation's electricity sector is adequately prepared to address the
upcoming year 2000 computer problem.
The Administration is undertaking a coordinated effort to assess
various sectors' readiness to address the issue. The Department of
Energy (DOE) is taking the lead in working with the electricity
industry to facilitate actions necessary for a smooth transition
through this critical period. To this end, we are requesting that NERC
undertake the coordination of an industry process to assure a smooth
transition.
The electric system is such a highly interdependent network, and so
vital to the security and well-being of the Nation, that there is very
little margin for error or miscalculation. The Department realizes that
activities designed to address this issue are already underway in many
electric utilities, the Electric Power Research Institute (EPRI), and
in other Federal agencies. We are concerned, however, that these
activities may not be fully coordinated, or worse, may be incomplete.
The Nation needs to know that a systematic process is in place to
ensure that the electric supply system will not experience serious
disruption.
This is truly a reliability issue, and NERC has demonstrated over
the last 30 years that it is capable of coordinating the activities of
electric market participants to resolve such issues. NERC is the most
appropriate body to organize this process and report periodically on
its status. We are confident that NERC will be able to mobilize the
necessary cooperation from the Regional Reliability Councils, their
members' utilities, and other industry organizations, to develop and
implement a process that is both efficient and effective. We are asking
that you provide us with written assurances by July 1, 1999, that
critical systems within the Nation's electric infrastructure have been
tested, and that such systems will be ready to operate into the year
2000. The DOE is prepared to work with NERC to help overcome any
obstacles that you might encounter in carrying out this effort.
Finally, we wish to work with you to provide a suitable public forum in
the late summer or early fall of this year at which NERC and others
could report on the industry's assessment of this issue and outline its
plans to address this challenge.
Public events on this subject are important and valuable for two
reasons. First, they will convey to the public and public officials
that the industry is indeed preparing systematically for the
transition. Second, they will confirm to the industry that Government
agencies and the public are depending on them to ensure that the
transition goes smoothly.
We are looking forward to further discussions with you on this
important issue.
Sincerely,
Federico Pena,
T3Secretary.
Elizabeth A. Moler,
Deputy Secretary.
______
Responses of Deputy Secretary Elizabeth A. Moler to Questions Submitted
by Chairman Bennett
Question 1. Prior to this request, what had been done in the
industry and by DOE in the Y2K area?
Answer. Prior to the Department's May 1, 1998 letter to the North
American Electric Reliability Council (NERC), most large electric
companies appear to have been working on their own on Y2K issues. In
terms of collaborative efforts, the Electric Power Research Institute
had launched a series of workshops and a shared information database on
embedded chips, the Nuclear Energy Institute and the Nuclear Utilities
Software Management Group had prepared documentation on year 2000
readiness for nuclear utilities, and the Edison Electric Institute
worked with its members on other software issues related to Y2K
readiness.
In terms of the Department's own energy sector operations, the Y2K
issue has been actively addressed by the Power Marketing
Administrations, such as the Bonneville Power Administration and the
Western Area Power Administration. The Tennessee Valley Authority, an
independent federal agency that generates more electricity than any
other company or entity in the United States, has also been actively
engaged in Y2K preparations.
Question 2. What leadership or responsibility roles does the
Department of Energy see itself taking in order to help NERC guide the
power utilities to achieve year 2000 compliance?
Answer. As indicated in our letter to Chairman Nye of the North
American Electric Reliability Council (NERC), we believe that the most
productive role for the government is to facilitate the efforts of
industry to address the Y2K issue. We believe we can contribute best by
concentrating our efforts in two areas: (1) a clear vesting of
authority in NERC to take responsibility for organizing and
coordinating the national campaign to achieve Y2K readiness in the
electric power industry; and (2) coordinating with other industry
sectors through the President's Council on Year 2000 Conversion
(PCY2KC) on crosscutting issues or intersectoral linkages. The latter
role focuses on efforts to address issues which industry is not likely
to be able to resolve for itself, but which have the potential to
significantly slow progress toward Y2K readiness. This is clearly an
example of government/industry teamwork in which each partner
contributes what it does best.
In this role, we will work especially closely with the PCY2KC so
that the energy sector can benefit from the work and accomplishments of
other sectors. For example, two of the earliest ``barriers'' we
discovered (through NERC) to information sharing among industry Y2K
technical teams involved their concerns over anti-trust and liability
exposure. The PCY2KC had already identified these as very real and
significant ``barriers'' to information sharing in a variety of sectors
and was working with the Department of Justice in those areas. Since
that time, the Department of Justice has issued a ruling that
cooperative efforts to address Y2K issues on an industry-wide basis
would not be construed as a violation of antitrust laws.
In terms of intersectoral linkages, it is clear that the
electricity industry does not function in isolation from the rest of
the economy. In assuring its own Y2K readiness, the electricity sector
will need reliable information regarding the state of preparedness
among its major customers, fuel transportation systems, and
telecommunications systems. The PCY2KC can serve as an important
clearing house for information sharing across sectors.
Question 3. The Office of Management and Budget has set a date of
March 31, 1999, for all Federal agencies to have fully implemented
their year 2000 compliance programs. They also require contingency
plans for those critical systems that will not make OMB's March 31,
1999, deadline. Given OMB's requirements for all Federal agencies, why
has the Department of Energy ``lowered'' the requirements on NERC as
they have been in the reliability business for more than thirty-three
years?
Answer 3. We have asked the North American Electric Reliability
Council to undertake and complete a national Y2K leadership and
coordination effort and to provide us with written assurances of
industry Y2K readiness, all in a period of 14 months. We consider this
to be an ambitious undertaking that would not be served by adopting
unrealistic deadlines.
Question 4. What actions can the Department of Energy take now to
speed up the process of NERC's phases so that this critical national
infrastructure does not end up on July 1, 1999, (the currently reported
end of NERC's Phase 3) finding out that things don't work as heretofore
reported?
Answer 4. We have asked the North American Electric Reliability
Council (NERC) to develop and implement a plan which represents
industry's best efforts to deal effectively and efficiently with Y2K
preparations. Since May 1, 1998, the day the Department asked NERC to
take on this responsibility, we have seen a commitment by them and do
not think there is a need for us to request a change in their planned
schedule.
Given the complexity of the nation's electric system, neither we
nor NERC are depending on all aspects of industry Y2K preparations
working flawlessly on January 1, 2000. Instead, NERC has included in
its Y2K program plan a significant amount of attention to the study and
development of contingency plans to be in place during the transition
in order to deal with problems that may arise in spite of everyone's
best efforts. For our part, we have begun working with the Federal
Emergency Management Agency and other federal agencies with various
connections to the electric power sector (e.g., the Army Corps of
Engineers, the Tennessee Valley Authority, the Power Marketing
Administrations, the Rural Utilities Service, and the Bureau of
Reclamation) to assure that contingency plans for electric power are in
place at the transition.
Question 5. Does the Department of Energy plan to independently
verify and validate the year 2000 compliance status of the electrical
national infrastructure as they go through their three phases, which
concludes with the reported implementation to the Department of Energy
of year 2000 compliant systems? If so, when and how?
Answer. We have asked the North American Electric Reliability
Council (NERC) for written assurances by July 1, 1999, that critical
systems will be ready to operate into the year 2000. From now until
then the Department will receive interim reports on their activities.
We have defined critical systems to encompass activities within the
transmission, generation, and distribution segments of the industry.
With NERC's access to virtually all the resources of the industry, it
would be impossible for the Department to duplicate their assessment,
much less improve upon it. It is important for the Department and the
federal government to remain focused on facilitating industry's Y2K
readiness efforts in this critical sector, and to avoid duplicative
reporting requirements that can only serve to distract attention from
the task at hand rather than add value.
Question 6. What mechanisms will be utilized to monitor (NERC's)
progress?
Answer. We are in contact with North American Electric Reliability
Council (NERC) staff regarding their progress on the Y2K project on a
regular basis, typically with one or more contacts each week. In
addition, we are meeting with federal agencies participating in the
electricity working group on a monthly schedule to see that they, too,
are making satisfactory progress.
Question 7. What is DOE doing to team with NERC and others to
actually be involved in leading this critical effort?
Answer. We are meeting periodically with the North American
Electric Reliability Council, the Electric Power Research Institute,
the Edison Electric Institute, the American Public Power Association,
the National Rural Electric Cooperatives Association and others to
assure that no barriers to progress have been encountered and that all
segments of the industry are making satisfactory progress toward Y2K
readiness. We are including the Y2K issue in the remarks of senior
Administration officials, such as those of former Secretary Peha at the
American Public Power Association national convention in San Antonio in
the week following the June 12 hearing. The September 1998 National
Electricity Forum, co-sponsored by the Department and the National
Association of Regulatory Utility Commissioners (NARUC) will include a
session at which NERC and others will review the industry status on Y2K
preparations and discuss lessons-learned so that others might take
advantage of them.
Question 8. Do you have any recommendations regarding this Plan's
implementation regarding how it might be used to impact on Y2K issues?
Answer. It is our view that the industry has the resources,
expertise and incentives to deal with the Y2K challenge. If the
electric power industry needed additional motivation, over and above
their own business interests, we believe the Department provided it by
formally and publicly asking the North American Electric Reliability
Council, the pre-eminent reliability organization in the country, to
undertake a leadership role in assuring Y2K readiness. We recognize
that it is possible for legal barriers or resource barriers to slow
progress and have asked NERC to identify these potential barriers. As
noted earlier, the President's Council on Year 2000 Conversion is
dealing with legal issues involving anti-trust and liability exposure.
Question 9. When will DOE be in a position to inform this Special
Committee on the Year 2000 Technology Problem if any additional funding
or legislation is needed to speed up the electrical utilities' year
2000 compliance?
Answer. We have noted above that the electric sector and other
industries have raised concerns regarding the potential for
information-sharing activities regarding Y2K preparations to increase
corporate liability exposure. This issue is not specific to the
electric utility sector, and the appropriate response, which may
involve narrow legislation, is under consideration within the
Administration. The President's Council on Year 2000 Conversion is
taking a leading role in this effort. Clearly, it is important to
``open up'' the sharing of Y2K information and lessons learned so
everyone doesn't have to reinvent the same wheel to attain readiness.
In terms of financial resources, there may be an appropriate role
for the federal government to play in assuring the widest possible
participation in information-sharing consortia, such as the Electric
Power Research Institute program on embedded hardware issues. There may
also be a role in providing support for some of the information-sharing
activities that will take place as part of the response of the North
American Electric Reliability Council to the Department's May 1, 1998
request. We are not aware of other legislative needs at the present
time. We would plan to identify any additional issues or financial
needs at least by the time NERC reports to us in September 1998 on the
results of their initial assessment of industry status on Y2K
preparations.
Question 10. Has DOE asked the Bonneville and Western Area Power
Administrations (that report to DOE) for inputs on year 2000 problems
they have encountered with their Supervisory Control and Data
Acquisition Systems (SCADA) or other systems that would help other
components of the electrical utility industry?
Answer. In the normal course of conducting their business, the
Power Marketing Administrations function as integral parts of the
electric power industry and, as such, are participating members of the
appropriate North American Electric Reliability Council (NERC) regions.
They abide by NERC standards, guidelines and reporting requirements
and, consequently, will report their experiences with Y2K problems and
fixes in the NERC survey of all industry experiences. We are also
considering the possibility of having the Tennessee Valley Authority
share some of its Y2K experience with the wider industry.
We do, of course, have our own discussions with these federal
entities as part of our federal sector electricity activities and are
concerned that they have and are applying adequate resources to the
problem. We are doing our best to avoid any duplication of work being
done by NERC.
Question 11. How can this best be promoted? (Refers to following
statement on page 8, paragraph 1 : ``I do not believe that the Y2K
issue should be viewed as a competitive issue; it should instead be
viewed as a reliability issue.'')
Answer. Having the North American Electric Reliability Council
(NERC), the industry association with responsibility for and expertise
in reliability, take a leadership role in the Y2K effort will provide
for the widest possible sharing of information among federal and non-
federal elements of the electric power industry and assure that
reliability considerations dominate.
Question 12. Can you provide specifics on the legislation? (Refers
to following statement on page 8, paragraph 1: ``Progress on federal
legislation will help to provide appropriate institutional structures
for protecting reliability that are compatible with the emerging
competitive marketplace for electricity.'')
Answer. With respect to reliability, the Administration's
Comprehensive Electricity Competition Plan Act proposes creation of a
self regulating reliability organization with authority to mandate
compliance with standards and guidelines. This is important because
competitive market participants will not have the same incentives to
participate in voluntary activities to protect reliability were
sufficient for a regime in which the costs associated with protecting
reliability could be passed through to consumers on a virtually
automatic basis as a part of the cost of service.
A copy of the legislation can be downloaded from the DOE Home Page
at the following address--www.doe.gov/ceca/ceca.htm
Question 13. Which agencies are included, and can you discuss their
individual roles if any have been identified? (Refers to the following
statement on page 2, paragraph 2: The Energy Working Group includes all
relevant agencies.'')
Answer. Individual federal agencies included in the electric power
portion of the Energy Working Group are, in addition to the Department,
the Nuclear Regulatory Commission (NRC), the Federal Energy Regulatory
Commission (FERC), the General Services Administration (GSA), the
Department of Defense (Army Corps of Engineers) (DOD/ACE), the
Department of Interior (Bureau of Reclamation) (DOI/BR), the Department
of Agriculture (Rural Utilities Service) (USDA/PUS) and the Tennessee
Valley Authority (TVA). Regular meetings provide opportunities for
sharing status and progress updates among the participants and to
assure that no obstacles have been encountered which could effect
readiness. Roles are fairly self-evident. Each agency either
participates directly in some aspect of the electricity sector or has
oversight responsibilities for some component of the sector: NRC, over
nuclear power plant licensees; FERC, over rates for wholesale electric
sales of electricity and transmission in interstate commerce for
private utilities, power marketers, power pools, power exchanges and
independent system operators; GSA, over federal procurement of utility
services and vendor lists of Y2K compliant utility equipment; DOD
(Corps of Engineers), over dams and hydropower operations; DOI (Bureau
of Reclamation), over dams and hydropower operations; USDA (Rural
Utilities Service), over nonprofit and cooperative associations, public
bodies, and other utilities; and, the TVA, the nation's largest
electric-power producer, a regional economic-development agency, and a
national center for environmental research. We have added the Federal
Emergency Management Agency (FEMA) to cover the contingency planning
and response areas of Y2K preparations.
__________
Prepared Statement of Senator Daniel Patrick Moynihan
I am delighted to see that the Special Committee on the Year 2000
Technology Problem is getting off to a brisk and productive start. This
is largely due to the hard work and dedication of Senator Bennett on
this issue. Let this first hearing mark the beginning of the Special
Committee's efforts to bring awareness, debate, and activity to
addressing the year 2000 computer problem.
It was almost two years ago that I wrote the President to warn him
about the ``Year 2000 Time Bomb.'' The Year 2000 Time Bomb has the
potential to ripple through all parts of our society--it could cause
everything from the failure of weapons systems, widespread disruption
of business operations, the miscalculation of taxes by the Internal
Revenue Service, possible misdiagnosis or improper medical treatment
due to errors in medical records, to incorrect traffic signals at
street corners across the country. And today, Senator Bennett and the
Special Committee will address the impact of the year 2000 computer
problem on the electric, gas, and nuclear industries.
Our utilities are all deeply dependent on software and embedded
microprocessors to operate smoothly. In order for gas and electricity
to be delivered to customers, a series of integrated parts--production
facilities, transportation networks, and distribution systems--all must
function properly. If one of this integral parts is not year 2000
compliant, then gas and electricity will not be delivered to such
crucial entities as hospitals, businesses, and homes. We must all work
together in an open and honest manner to avoid this dismal and
dangerous scenario.
As a Member of the Special Committee, I will continue with my
efforts to make the public aware of this problem. Senator Bennett has
asked me to focus my attention on the financial sector with regard to
the millennium bug. There is little doubt that the year 2000 computer
problem could greatly affect the economy--some put the likelihood of
recession at 60 percent. I am anxious to start working on this facet of
the year 2000 computer problem and will soon hold a field hearing in
Manhattan--the Financial Capital of the world--on this aspect of the
millennial malady.
__________
Prepared Statement of James A. Rubright
Mr. Chairman: I am Jim Rubright, Executive Vice President of Sonat
Inc. Sonat owns interests in 13,852 miles of interstate natural gas
pipelines that serve the Southeastern United States and the state of
Florida and that transport gas from the offshore continental shelf to
the onshore interstate pipeline grid. Sonat also is a large independent
producer of oil and natural gas, a wholesale marketer of natural gas
and electric power, and owns interests in electric generation capacity
in the United States. I am here today representing the Interstate
Natural Gas Association of America (INGAA), the trade association that
represents substantially all interstate natural gas pipelines in the
United States, as well as Canada and Mexico.
I am here today to report that the natural gas interstate pipeline
industry has taken the issue of the Year 2000 (Y2K) problem seriously,
that we are moving forward on fixing systems prior to the millennial
change, and that we have surveyed our industry to help determine
progress in this area. As a result of that survey we are pursuing a
number of initiatives to foster cooperation in various segments of the
energy industry. I also want to point out some areas where I think this
Committee and the Congress can help to expedite the effort.
the natural gas pipeline industry
Before getting into some specifics on Year 2000, I thought it would
useful to describe our industry to the Committee. Natural gas is a
major energy source for our economy, second only to petroleum in total
energy usage (see Appendix A). Natural gas provides 24 percent of the
nation's energy, for use in homes, businesses, industrial facilities,
and electric power plants. Clean burning natural gas currently fuels
about 11 percent of all electric power production in America, but that
percentage is expected to grow sharply in the future. Industry experts
generally agree that current domestic consumption of 22 Trillion cubic
feet (Tcf) will increase to 30 Tcf in the next decade.
The natural gas industry can be thought of as consisting of several
segments, each of which is regulated differently (see Appendix B).
Natural gas production takes place throughout North America, primarily
in the Gulf of Mexico, the Southwest, northern Appalachia and western
Canada. Congress removed the economic regulation of natural gas
production a decade ago. From production areas, natural gas moves
through small gathering pipelines (regulated, if at all, at the state
level) to central collection points. Gas is then placed into interstate
(or in some cases, intrastate) transmission pipelines for transport to
market areas (see Appendix C). The Federal Energy Regulatory Commission
(FERC) has economic regulatory authority over interstate transmission
pipelines based on their ``open access'' rules. Pipelines do not own
the gas that moves through their systems; rather, customers contract
with the pipelines to move gas that they have purchased from producers
or marketers. Local gas utilities what we call local distribution
companies or LDCs are one of the major customers of pipelines that are
regulated by state governments just like other utilities.
The FERC recently completed a major restructuring of our industry
intended to increase competition in the markets for natural gas. The
principal component of this restructuring involved changing pipelines
from merchant sellers of bundled gas and transportation services to
open-access transporters of gas owned by others. This change in our
business has forced pipelines to accelerate the application of computer
and communications technology to our industry, as the demands for
flexible and responsive gas transportation service have increased as
our markets have indeed become more competitive. This high degree of
reliance on computers is one reason why our industry takes the Year
2000 problem so seriously. We want to ensure that our reliable and
customer-friendly systems remain so on January 1, 2000.
surveying the potential problem
Toward that end, in March 1998 INGAA conducted a voluntary high-
level survey of the INGAA membership to determine the progress of the
membership. Seventy-five percent of INGAA members responded to the
survey, which represent over 80 percent of the U.S. interstate natural
gas transmission capacity. Since the survey was directed to members, it
did not include upstream or downstream partners or service providers
(electricity, telecommunications, etc.). All respondents had a Year
2000 plan in place and were in the process of implementing their plan.
The survey questions asked respondents to address the following
business functions: accounting, purchasing, administration, gas
management, operations, engineering, and general services. An analysis
of the survey responses concluded that respondents believed that they
would complete their own Year 2000 plans, including analysis,
modification, implementation, and testing by October of 1999 (see
Appendix D). Although the major pipelines, including Sonat's, that I am
familiar with had begun to prepare for the Year 2000 well before this
issue began to rise, our trade association undertook in early 1998 to
conduct an assessment of pipeline preparedness to determine the need
for industry coordination.
Discussions that INGAA has had with individual companies revealed
consistent trends in priorities for addressing the problem. In order of
importance, these priorities are:
(1) Protecting People and Ensuring System Safety
(2) Maintaining the Flow of Natural Gas to Markets
(3) Accounting for the Flow of Gas
(4) Maintaining Internal Business Systems
The first priority for our industry is ensuring public safety.
Based on survey results, the operations area had the most work to be
done. This is largely because the automated equipment that the industry
uses to operate and monitor pipeline facilities are replete with
embedded chips placed in service over very long periods of time. The
diversity and large quantity of such equipment with date sensitive
embedded chips makes implementation and testing very time consuming. In
many cases, the digital equipment monitors rather than controls the
operation of the pipeline. While a tremendous amount of operational and
safety systems also contain embedded chips, fortunately, they are, by
design, the functional areas that have the most redundancy, including
extensive use of non-electronic equipment. Natural gas transmission
systems are designed with multiple safeguards to avoid the escape of
gas from the pipelines. In addition to sophisticated digital control
systems, operating and safety systems use many systems and
applications, automatic-analog, pneumatic and mechanical control
devices. Also, in the event of an emergency, operating and safety
systems are equipped with manual override capabilities. The federal
Pipeline Safety Act and the U.S. Department of Transportation define
these minimum design, maintenance and operating procedures for our
pipelines. Therefore, despite the work ahead, INGAA is confident that
pipeline systems will safeguard our people in January of 2000 even in
the face of digital device failures.
At Sonat, taking the one example I am most familiar with, our Year
2000 team has worked to identify hardware, software applications, and
service providers that are potentially susceptible to a Year 2000
problem. As part of our hardware assessment, we are not only looking
exhaustively at our computing infrastructure, but also at our pipeline
and monitoring control systems and other hardware components. We have
categorized electronic devices in our pipeline systems by business
criticality and asset type. If the existing electronic device was
supplied by a vendor, we have requested certification that the device
is Year 2000 compliant. We require all new devices to be certified as
compliant. In addition, we are performing on-site certification testing
to the maximum extent feasible. We are also developing contingency
plans for our systems based on their business criticality.
INGAA's second priority is continuity of service. Many customers
depend heavily on the availability of natural gas. The millennial date
change just so happens to occur during the middle of winter always the
busiest season of the year for the natural gas industry. Again, the
primary functional area within a pipeline system to ensure gas
deliverability is operations. As we make upgrades due to safety
considerations, we also help to maintain the reliability of the gas
delivery system.
As with safety, redundant systems are the key to continuity of
service. The supply system is dispersed among tens of thousands of
wells geographically spread throughout the U.S. and Canada. These wells
are backed-up with numerous storage sites that can increase or decrease
natural gas in the system. Many pipelines use on-site natural gas to
self-generate electricity and operate extensive private communications
systems. All of these systems are designed for major natural and/or
man-made disasters. In many cases local distribution companies (LDCs)
are supplied by several pipeline systems and have their own storage
facilities. This system provides significant flexibility for customers.
The third INGAA priority is maintaining an accurate accounting of
gas flows and management. In this area, a significant amount of Year
2000 work has already been completed. Most survey respondents expect to
have Year 2000 work in this area, including testing, done by the first
quarter of next year. The present natural gas transmission business
system relies heavily on electronic transactions for business
activities such as nominations, confirmations, and actual flows. The
smooth operation of this system is key to the competitive marketplace
that has been created over the last decade.
The last priority is maintaining internal company business systems.
These applications are, in most cases, the easiest to analyze and
repair, since they tend to involve mainframe and PC-based systems,
rather than field-based or embedded controller components. These
systems are typically back-office applications for such functions as
payroll, purchasing, and e-mail. In many cases, these solutions are
dependent on software vendors and the diligence of business partners.
At Sonat, we have identified all software applications and defined
their business criticality. Since we are heavily dependent on vendors
to ensure that their applications are Year 2000 compliant, we have
asked for certification from each vendor on their product. In addition,
we are performing certification testing based on defined test criteria
for all applications.
where do we go from here?
Now that we have assessed the progress of our Year 2000 efforts,
our plan of action is the following. First, we will continue to work on
fixing the problems associated with Year 2000 and increasing
coordination on the problem areas.
Second, we are reaching out to our customers, service providers and
others, to ensure that this is a coordinated effort. As you might
expect, many of the potential risks associated with the Year 2000
problem may very well come from parties and systems beyond our control.
Our energy delivery system is like a chain, and as the old saying goes,
a chain is only as strong as its weakest link. With this in mind, INGAA
is recommending a natural gas industry conference in September to
discuss our preparedness. We will encourage all segments of the
industry to participate, including service providers such as
electricity and telecommunications. Sharing information and raising the
visibility of the Year 2000 problem, is the best way to ensure that
every interested party is taking the steps needed while there is still
time.
Finally, INGAA is working to develop Year 2000 contingency plans,
similar to the contingency plans currently in place to deal with
natural or man-made disasters. We want to work with our partners in the
natural gas industry to develop a more extensive Year 2000 contingency
plan that ensures the smooth operation of the natural gas delivery
system.
what can congress do?
Congress can play a role in addressing the Year 2000 problem.
Perhaps the most important role is the one this Committee is engaging
in today raising the visibility of the issue and searching for
solutions before Year 2000 becomes a serious national crisis. I want to
acknowledge the foresight of the Senate leadership, and of Special
Committee Chairman Bennett, in fighting to put this issue on the
national agenda. This problem has the potential to do serious harm to
our national economy in ways that would affect every American.
I would encourage you to continue reaching out to various sectors
of the economy. Our energy system, and indeed our entire national
economy, is so interconnected that a problem in one sector may very
well have a ripple effect throughout other sectors. For example,
interstate pipelines rely heavily on both the electric and
telecommunications industries. Natural gas pipelines depend on electric
utilities to power many of our compressor stations and other pipeline
systems; telecommunication companies help us track and record the gas.
Failure by any of these service providers could impact the transmission
of natural gas. The Year 2000 effort needs to be coordinated across
industries.
As part of developing a government response to the Year 2000
problem, we encourage the Committee to look at ways to streamline the
amount of reporting that needs to be made to governmental entities, and
minimizing significant electronic commerce mandates until after the
millennium. We all know this is a time-sensitive problem. Private
industry employees working on this problem need to be spending their
critical time working on solutions not responding to multiple
government data requests and reporting requirements. A coordinated
government effort would be helpful in this regard.
Our industry is also concerned with the litigation risk that we all
foresee. It is a huge problem for America. We do not see how our
economy can possibly benefit from devoting the estimated one trillion
dollars to allocating blame among the blameless for the consequences of
an eventuality that was simply not foreseeable in the infancy of the
computer industry. In the finite amount of time left to deal with the
Year 2000 problem, we need to concentrate our efforts at the
engineering and systems level, instead of worrying about anticipated
litigation, and then doing battle with the plaintiff's bar later. INGAA
thus respectfully suggests to the Committee that Congress needs to
seriously consider limiting liability for Year 2000 events. Few things
Congress could do would be more beneficial to expediting the national
response to this potential crisis. Needless to say, we believe that new
laws creating new statutory liability where none now exists is
counterproductive and will lead to further enormous waste.
On a more encouraging note, the Administration has proposed an
anti-trust exemption for those industry parties who want to work
together on solving the Year 2000 problem. This would be an excellent
idea; the more resources that are pooled together to correct this
problem, the faster and more effective the overall response will be.
INGAA encourages Congress to work with the Administration on an anti-
trust exemption.
conclusion
Once again, INGAA congratulates the Special Committee for its
leadership on a crucial national economic issue. Our society has grown
to depend on instantaneous computing and communications to perform the
most important, as well as the most mundane, of tasks. If we all do our
jobs right, the general public will wake up on New Years Day 2000 and
go about their lives normally, without ever appreciating the amount of
effort that has been undertaken to address to Year 2000 problem. The
alternative, of course, is what motivates us all to make sure we do a
thorough job. I thank the Committee for giving me the opportunity to
testify today.
APPENDIX A.--TOTAL U.S. ENERGY CONSUMPTION, BY SOURCE, 1996
------------------------------------------------------------------------
Source Percent
------------------------------------------------------------------------
Coal........................................................... 22
Natural Gas.................................................... 24
Petroleum...................................................... 38
Nuclear........................................................ 8
Hydroelectric.................................................. 4
Renewable...................................................... 4
------------------------------------------------------------------------
Source: Energy Information Administration, U.S. Department of Energy,
1998.
[GRAPHIC] [TIFF OMITTED] T2JU98G.003
[GRAPHIC] [TIFF OMITTED] T2JU98G.004
APPENDIX D.--INGAA YEAR 2000 COMPUTER SURVEY
--------------------------------------------------------------------------------------------------------------------------------------------------------
Identified Identified Identified Average Standard Average Standard
problem problem problem (N/ percent deviation date Latest date deviation
(yes) (no) A) complete (percent) complete complete (days)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Accounting
Accounts Payable.................................... 10 4 0 52 27 11/30/98 09/01/99 111
Accounts Receivable................................. 9 4 1 48 36 12/04/98 09/01/99 111
Gas Accounting...................................... 9 4 0 49 37 12/22/98 09/01/99 130
Regulatory Accounting............................... 6 5 2 46 36 11/30/98 09/01/99 120
Tax Accounting...................................... 9 4 1 39 34 11/23/98 09/01/99 127
Purchasing
Purchasing.......................................... 8 5 1 44 33 12/30/98 09/01/99 130
Materials Management................................ 8 5 1 43 37 12/07/98 09/01/99 142
Administration
Human Resources..................................... 10 4 0 34 27 12/21/98 09/30/99 154
Payroll............................................. 11 3 0 40 30 11/24/98 09/01/99 129
Training............................................ 5 6 3 32 28 12/30/98 09/01/99 160
Gas Management
Contract Administration............................. 11 2 1 44 36 11/16/98 12/31/99 213
Gas Measurement Systems............................. 11 2 1 35 32 01/15/99 12/31/99 188
Nomination Systems.................................. 12 2 0 46 37 12/26/98 12/31/99 188
Bulletin Board Systems.............................. 8 4 1 36 32 02/06/99 12/31/99 167
Operations
Field Communication Systems......................... 9 0 3 26 27 01/30/99 12/31/99 134
Gas Control SCADA Systems........................... 11 1 1 24 21 03/17/99 12/31/99 145
Automated Compressor Systems........................ 11 1 2 30 25 03/02/99 12/31/99 133
Automated Auxiliary Plants.......................... 5 1 6 29 28 02/14/99 12/31/99 146
Maintenance Management Systems...................... 6 6 1 27 27 03/15/99 12/31/99 145
Land & Easement Management Systems.................. 7 4 1 40 31 12/25/98 12/31/99 174
Engineering
Government Permit Management Systems................ 4 4 4 23 22 02/14/99 12/31/99 157
Drafting & GIS Systems.............................. 4 6 3 27 28 01/27/99 12/31/99 154
Engineering Record Management....................... 6 4 2 31 32 01/09/99 12/31/99 167
Design Software..................................... 3 6 3 26 30 12/23/98 09/01/99 110
Construction Project Management Systems............. 3 5 3 30 32 02/05/99 12/31/99 154
General
E-Mail Software..................................... 6 6 1 25 27 12/10/98 09/01/99 120
Phone Systems....................................... 8 2 3 37 33 11/03/98 09/01/99 178
Computer Backup Systems............................. 7 4 2 31 30 12/25/98 09/01/99 113
Office Systems (Word Processing).................... 6 5 2 49 37 11/23/98 09/01/99 136
Server Operating Systems............................ 9 3 2 36 27 01/07/99 09/01/99 79
PC Operating Systems................................ 9 3 2 41 31 12/23/98 09/01/99 97
Mainframe Operating Systems......................... 8 1 3 60 29 12/16/98 09/01/99 157
Mini-Computer Operating Systems..................... 6 3 4 42 29 01/09/99 09/01/99 87
Other Systems....................................... 1 1 2 50 0 12/31/98 12/31/98 0
--------------------------------------------------------------------------------------------------------------------------------------------------------
Number of Miles of Pipe in Survey: 232,435.
Number of Survey Respondents: 16.
Year 2000 Compliance Plan: Yes-16--No-0.
Responses of Jim Rubright to Questions Submitted by Chairman Bennett
Question. Describe in more detail the results of this study. How do
you define ``a significant amount of work?'' What continuing efforts
are being made to further monitor industry-wide progress in the Y2K
area?
Answer. Further details of the survey results are enclosed. Note
that the completion dates include testing. By ``significant amount of
work'' we mean that many companies have been addressing this issue for
up to four years. This work includes identification of the problem,
analysis of solutions, correction, and testing. INGAA will continue to
coordinate the interstate natural gas pipeline Y2K effort. Since our
testimony, I have agreed to head up the Natural Gas Council's Y2K Task
which will work with FERC and other government agencies as we go
forward. This effort will include the gas and oil industries. (See
Appendix D of the prepared statement.)
Question. What is the expected time frame for completion of work in
this critical area? Does it allow for sufficient time for adequate
testing of the systems?
Answer. As shown in the survey results enclosed, pipelines
responded that they intend to have solutions in place by March 1999 for
operational areas. This timing is designed to allow time to test the
solutions during our less busy off-peak months.
Question. Have you experienced any difficulty in attempting to get
vendors to certify compliance? If so, describe those difficulties and
explain what steps may be taken to overcome them.
Answer. I can respond to this question only as to Sonat's
experience in requesting certification. Some vendors responded that
systems were not compliant and that no actions would be taken. Also,
some vendors were not able to identify precisely which models of a
certain product were compliant. As a result, Sonat will not rely solely
on vendor certification but will be performing on-site certification to
the maximum extent possible. Sonat will focus on those devices critical
to our business.
Question. What is the long-term viability of operations if running
under such redundant systems? How long could a pipeline operate in a
self-sustaining mode?
Answer. Redundant power systems are built into pipeline facilities
so if we lose our commercial power, we have standby resources to
perform the necessary functions. Our redundant systems are quite
robust. For instance, adverse weather conditions sometimes take out
essential facilities, yet the gas industry's reliability has remained
excellent. Some of the backup systems, such as self-sustaining
generators, can perform their function for an extended period of time.
While other forms of backup, such as battery power, are generally more
limited in time, their duration can be extended in certain
circumstances (e.g., by recharging or replacing batteries).
Question. How can the government most effectively monitor industry
progress without becoming a source of interference?
Answer. The government can be a constructive force by holding or
participating in industry-wide meetings to obtain progress reports. By
calling such meetings from time to time, the industry is strongly
encouraged to step back from the day-to-day detail of implementing
solutions and check the overall path. These checks, if not too
frequent, are helpful in keeping us focused. Such meetings allow the
industry to allocate resources in a planned manner and will not unduly
interfere with industry efforts. Surveys are burdensome, labor-
intensive, and generally involve tight deadlines. Industry would prefer
to organize its own survey and administer it as needed to provide
progress reports.
Question. What limits do you suggest be placed on liability, and in
what ways could such limits speed Y2K readiness if adopted?
Answer. First, limit the liability that may be imposed on those
providing information about the Y2K problem. Doing so will stimulate
the transfer of information among companies. Second, companies that
make good faith efforts at solving the Y2K problem should at most be
faced with liability based on actual costs incurred, rather than vague
liabilities such as business lost.
__________
Prepared Statement of Charles D. Siebenthal
introduction
Mr. Chairman, it's a privilege to address this Special Committee on
a subject of vital importance to our country. All economic sectors,
including the electric utility industry, are preparing their business
operations to be Year 2000-ready. Since this is a complex topic, a
number of government and private organizations are briefing you today
on the steps being taken by the electric power industry in response to
the Year 2000 (Y2K) problem. We all share the goal of having this
essential industry well prepared for the Year 2000 transition. The
cooperative efforts of everyone involved are necessary to attain the
objective.
The specific role of EPRI in the Y2K effort is to serve as a focal
point for the electric power industry's sharing of information about
embedded systems technical issues.
epri
A little background information about EPRI will help you understand
why industry leaders chose EPRI for this particular collaborative
assignment. EPRI was founded in 1973 as the Electric Power Research
Institute. We are a nonprofit collaborative science and technology
consortium with headquarters in Palo Alto, California. Members of EPRI
represent about 87 percent of the U.S. regulated electric power
industry and international participation is growing significantly. EPRI
has a twenty-five year record of providing highly respected and
objective science and technology to address important energy and
environmental questions.
origin of the epri y2k embedded systems program
EPRI staff became aware in mid 1997 of growing concern among
utility staff about the embedded systems aspects of the Y2K problem.
EPRI quickly held a problem assessment workshop in September 1997,
which was attended by nearly 200 people, representing 42 U.S. and
Canadian utilities, and one middle eastern utility. The oil, pulp and
paper, and printing industries were also represented.
Three major concerns emerged from this workshop: (1) the technical
nature of the embedded systems problem was poorly understood, (2) the
extent to which we could depend on our vendors to help solve this
problem was not clear, and (3) there was confusion as to how to design
and carry out a cost effective and timely program to achieve Y2K
readiness. EPRI was asked to create a program which would address these
concerns based upon the assumption that participating companies would
agree to share information.
epri y2k embedded systems information sharing program
EPRI launched a Y2K Program on October 1, 1997 to act as a forum
and shared source of practical technical information for organizations
able and willing to share their data about embedded systems. I am
pleased to be able to say that even in an electric power industry
restructuring for competition, the overriding importance of sharing
technical information about Y2K embedded systems was recognized. Today
we have 74 companies including 3 major oil companies participating in
the program. Additional utilities and organizations in a number of
different industries are considering joining. From the beginning,
participants have been actively involved in designing the scope,
schedule and content of the program as well as the content and
functionality of our electronic data base.
U.S. utility participants in the EPRI Y2K program represent more
than 70 percent of the electric power generation capacity in the U.S.
As a result of deregulation, a significant portion of the nation's
electric generation capacity is owned and operated by independent power
producers. Some of the largest of these companies are subsidiaries of
utilities participating in our program. However, there are still major
blocks of independent power outside of the program. They are welcome
and encouraged to join this collaborative program and share their data.
Major features of the EPRI program are:
--Facilitation of open communications and technical information
sharing between program participants, electronically and in
workshops.--Workshops that provided interactive discussion of
problems, processes, testing methods and results were held in
January and May of 1998. The next one will be held August 24-
28, 1998 in San Diego. We are currently selecting the date and
location for a January 1999 workshop. We expect the workshops
to continue through 1999.
--Development and operation of an internet-based clearinghouse for
participants to share their knowledge on component and system
testing.--EPRI's internet web site for program participants was
activated March 15, 1998. Utilities began up-loading their data
to our electronic knowledge-base in early April 1998. Currently
most of this information consists of equipment inventories,
program plans, and document templates. During May 1998 utility
test data began appearing and we expect growth of the test
result information in the knowledge-base to accelerate
significantly during the third-quarter of 1998. This is based
upon our expectation that by the end of third quarter 1998 most
participants in our program will have identified and initiated
testing on the mission critical elements of their systems.
Testing results to date have been largely limited to off-line
testing of individual components. On-line testing requires that
the off-line results be understood in order to minimize the
potential for equipment damage and/or shut-downs which might
impact electrical service. Component testing to date has
identified primarily nuisance type failures such as erroneous
dates on computer screens. To date, instrument and controller
functionality appears to be largely unaffected. Some testing of
larger integrated systems such as distributed control systems
in power plants has been started. These tests have produced
some conflicting results which are being resolved through
collaborative efforts within our program.
All testing information is being produced and provided by
participating companies and the vendor organizations. It is
expected that participating companies will use the information
which they obtain from the program web site to check their own
inventory, assessment, and test results. All program
participants must carefully evaluate the test procedures and
results they obtain from the EPRI program data base to
ascertain the applicability and reliability for their own
particular situation. Each company must make its own decisions
based on its particular configurations and the results of its
own test programs.
During mid-May, those vendor organizations which have agreed to
provide information to the program began to up-load their
information into the data base. We look forward to the
continued growth of the vendor knowledge-base and very much
appreciate the willingness of those organizations to provide
and maintain information.
--Facilitation of the utility teams to work collaboratively with key
equipment vendors to document programs, methods and results.--
This program is currently underway. Program participants have
identified over 45 major vendors in power generation and over
20 major vendors in transmission and distribution. A number of
meetings have already been held with vendors. We expect to
expand this to include vendors of electronic communications
hardware as well. This part of the program is intended to
improve industry understanding of vendor statements regarding
product Y2K compliance. Groups of utilities have met with
individual vendor organizations to discuss exactly what was
tested, how it was tested, what result was obtained and how
that result was interpreted to mean Y2K compliance. Vendors
have also been requested to work with the utilities to develop
a test plan for each of their products which can then be used
by utilities in field tests.
To date the great majority of vendor organizations which have been
asked to participate in such meetings have agreed to do so. We
are quite pleased that the vendor organizations recognize the
need to work in partnership with us to resolve the many
questions which must be addressed.
--Development of collaborative relationships with Y2K embedded
systems programs in other industries to facilitate inter-
industry information sharing.--EPRI and the American Petroleum
Institute (API) are discussing possible ways of sharing
information between their embedded systems programs. On April
15, 1998, EPRI and API hosted a meeting of industry trade
associations to see if other industries have similar
collaborative data-sharing efforts. Unfortunately, no similar
data bases were discovered. We will continue to monitor this
situation and hope that other industries will be able to
mobilize as we did and that we will be able to arrange
information sharing protocols with them.
The telecommunications industry will be a primary objective of
our effort to achieve inter-industry cooperation. While many
utilities have their own internal electronic communications
systems, all utilities depend to some degree upon
telecommunications service providers for inter-utility
communications within individual reliability regions. Initial
efforts at contingency planning for Y2K induced events have
made us very aware of the critical dependence of electric power
industry response plans upon electronic communications. We are
sure that reliable electric power is a critical feature of the
contingency plans of the telecommunications industry. To begin
the dialog, we are currently designing a pilot program for
utilities and their telecom service providers to sit down and
discuss their mutual dependence and identify areas of common
concern and possibly joint action.
Contingency planning work has also identified many other
dependencies on events and services outside of the direct
control of utilities and their subsidiary companies. In
addition to telecommunications, Y2K preparedness of local
governmental service providers is important. For example, local
governments need to be sure that vehicular traffic control
measures are in place to enable utility workers to respond to
contingency plan requirements and customer service requests.
Additionally, Y2K preparedness of coal transport railroad and
gas pipeline operations are essential to the electric power
industry's ability to provide uninterrupted electric service.
As we analyze all facets of the industry's operations, the list
of important services outside of the electric power industry's
direct control grows. We continue to have concerns about the
degree to which many of these other vital services will be able
to operate effectively during Y2K transition dates. We are
actively seeking electronic linkages to other internet-based
information sources and expect this feature of our program web
site to be activated before the end of this month.
additional related considerations
I have given you an overview of the EPRI program. Some additional
comments are in order to more fully understand the situation:
--Legal considerations.--The importance of sharing information to
resolve this technical problem in a timely fashion is difficult
to overstate. It is our opinion that there is additional
valuable information regarding embedded systems which exists
within individual companies (utilities, vendors and other
companies in other industries) but is not being shared, often
due to fears about future litigation. From our own experience I
can state that the legal system and the concerns of those who
elect to guard their litigation position have impeded efforts
to populate the EPRI Y2K data base. EPRI corporate counsel and
counsel for participating companies have worked long and hard
to overcome these shared concerns. Those who have weighed these
risks and recognized that the overriding public interest and
the magnitude of the business problem is so pressing that it
should take precedence over the litigation concerns are to be
commended.
We believe the government could advance the remediation process
by stating a public policy which encourages the noncompetitive
resolution of Y2K problems and acting to address legal
liability concerns associated with sharing Y2K technical
information.
--Readiness of suppliers to the electricity industry.--More work
needs to be done to understand the state of Y2K readiness of
key suppliers for the electric power industry. For example,
will the providers of the necessary raw materials for making
electricity, such as coal transport railroads and gas pipeline
suppliers be Y2K ready and able to provide service at the level
necessary to sustain electric power production?
--Readiness of major users of electric power.--More work needs to be
done on the necessary communications between major users of
electricity and their major electricity suppliers to understand
the likely power demand at the critical times. Some industries
may decide to shut down their business operations during Y2K
transition events. Others which co-generate electric power may
decide to shut down their electric power generation equipment
and take power off the grid during Y2K transition events. Still
others may simply decide to try to ``ride through'' the Y2K
transition dates and hope for the best. Utilities trying to
plan their Y2K event management programs and develop
contingency plans need to understand what major electricity
customers are going to do during these potential critical time
periods.
--Regional and National Grid Operations Planning and Management.--
This topic has been discussed in depth in the NERC testimony
and is outside of the EPRI program scope.
In conclusion, I would like to make the following points:
--The electric power industry is working hard to ensure that electric
service remains reliable through the critical Y2K transition
periods.
--Significant additional work remains to be done. The EPRI embedded
systems information sharing program is only one of the
important components of the industry's work to prepare for Y2K.
Other issues include software remediation, legal constraints,
readiness of power industry suppliers, each individual
companies' own actions, readiness of power users and
consideration of the operation of the grid.
--The companies themselves are responsible for the actual solutions
and implementation.
--The sharing of technical information and collaboration where
appropriate should be officially recognized and encouraged.
--EPRI views its role as one of public interest and is pleased to
have been invited to brief the committee on our Y2K embedded
systems activities.
attachments
--Lists of members of EPRI Y2K Embedded System Information Sharing
Program
--Frequently Asked Questions About the EPRI Program
--Milestones of the EPRI Program
EPRI's Y2K Members List
y2k agreements finalized and/or in process as of 6/5/98
Alberta Power (Canada)
Allegheny Power System
Ameren Union Electric
American Electric Power
Arizona Public Service
Baltimore Gas & Electric
Boston Edison
Carolina Power & Light
Central Hudson Gas & Electric
Central & Southwest
Chevron
Chugach Electric Association
Cinergy
Commonwealth Edison
Consolidated Edison
Consumers Energy
Dairyland Power Coop
Dayton Power & Light
Detroit Edison
Dominion Resources
Duke Energy
Duquesne Light Company
East Kentucky Power Coop
Edmonton Power (Canada)
Entergy
Eskom (So. Africa)
First Energy Corp.
Florida Power Corp.
Florida Power & Light
GPU Generation, Inc.
Houston Industries
Illinois Power Company
Indianapolis Power & Light
Israel Electric
IVO (Finland)
Kansas City Power & Light
Long Island Lighting Co.
Los Angeles Dept. of Water and Power
LG&E Energy Corp.
Lower Colorado River Authority
Manitoba Hydro (Canada)
MidAmerican
Minnesota Power
Montana Power
Nebraska Public Power District
Nevada Power Company
New York Power Authority
Niagara Mohawk
Northeast Utilities
Northern States Power
Nuclear Electric (England)
Omaha Public Power District
Orange & Rockland
PacifiCorp
Pacific Gas & Electric Co.
PECO Nuclear
Potomac Electric Power Company
Public Service Co. of New Mexico
Public Service Electric & Gas
Salt River Project
SASK Power (Canada)
Shell
Southern California Edison
South Carolina Electric & Gas
Southern Company
Tennessee Valley Authority
Texaco
Texas Utilities Electric Company
Trans Alta (Canada)
Washington Public Power Supply System
Western Resources
Wisconsin Electric Power
Wisconsin Power & Light
Wisconsin Public Service Corp.
Frequently Asked Questions From Utilities About EPRI's Y2K Embedded
Systems Program
Question 1. What is the purpose of EPRI's Y2K Embedded System
Program?
Answer. EPRI's program is designed to serve as a focal point for
systematically collecting, assembling, organizing, sharing and
discussing technical information about embedded systems that will help
participants inventory, assess and mitigate potential problems. EPRI is
also facilitating meetings with vendors leading to coordinated field
testing and the sharing of test information and lessons learned.
Participants in EPRI's Y2K program will share their own, vendor, and
other industry information and take advantage of the lessons learned by
participants. This non-competitive approach to solving the problem has
also been adopted by other industries such as oil, gas and chemicals.
The EPRI program is focused on embedded systems and will not address
back-office equipment such as mainframe and PC software.
Question 2. What is an embedded system and what is different about
EPRI's Y2K Program versus others?
Answer. For this program, embedded systems are taken to be any
system that utilizes a microprocessor.
EPRI's program is unique in several ways:
--It is vendor and solution provider independent. There is growing
evidence that generic vendor testing upon which compliance
certifications are based often yields results that are
different from testing within a specific field environment.
--The focus is on collecting test data rather than a web search of
existing data like many existing commercial databases.
--EPRI is facilitating vendor-utility interactions and in some cases
getting answers utilities have not been able to obtain
themselves. All vendors contacted to date have agreed to share
information.
--EPRI is facilitating collaborative field testing.
--The EPRI program is working with many other industry groups
(utility and non-utility) to maximize testing information
available to participants.
--The EPRI program includes contingency planning to provide extensive
information relating to the full range of Y2K efforts.
Question 3. Will EPRI develop generic solutions to industry Y2K
problems?
Answer. EPRI will not develop solutions. The nature of each
company's problems depends on its specific applications and electronic
hardware. Consequently, each company will have to make its own
decisions about priorities, risks and remediation. But, the EPRI
program will serve as a clearinghouse for Y2K information which will
provide value by freeing utility resources from the data gathering
steps to focus on problem identification and solution instead.
Question 4. How does the EPRI Program help me?
Answer. EPRI's program can help in a number of ways:
--The overall EPRI program is designed to help participants utilize
their resources in the most effective manner. By participating
in a collaborative program, duplication of effort can be
minimized. Test results from participants, vendors, and service
providers will be centralized and conveniently available via a
searchable electronic database. EPRI is facilitating the
formation of collaborative utility test teams who will obtain
vendor specific test information and share it with all
participants. Test teams will use this information to perform
field testing and these results will also be shared. First hand
experiences and lessons learned (both good and bad) will be
shared and may be used by others to avoid costly mistakes or to
capitalize on successful results. Member interactions at
periodic workshops will provide invaluable networking for all
participants.
--If your organization is about to begin its Y2K embedded systems
project, you will benefit from interacting with and learning
from others who have developed successful Y2K programs. The
database and lessons learned will help speedup your program and
minimize expenditure of scarce resources.
--If your organization has already begun the inventory you will be
able to benchmark your inventory results against those of
others. Most program participants are learning that initial
inventories find on the average only about 70 percent of the
potentially Y2K impacted items.
--If your organization is in the assessment or testing phase, you
will be able to compare your program and results to those of
others as part of your effort to exercise due diligence. The
vendor interactions and field testing will provide valuable
input. Evaluation of embedded systems testing tools will be of
immediate value. Contingency planning will also be of value.
Question 5. What do I get for my money? What are the deliverables?
When?
Answer. The $75,000 participation fee will provide the following:
--A database presenting extensive test results of components and
systems (Operational March 17th and continuously updated)
--A web site for rapid dissemination and discussion of results
--System and component testing guidelines (Some available now and
others under development)
--Reporting of lessons learned developed by others including those of
other industries (Ongoing)
--Workshops for discussion of approaches and results (Jan. 28-29
Atlanta, May 4-8 Dallas, Aug. 24-28 San Diego & Q4-TBA).
--Contingency plans and reactive strategies (To be established in
August/San Diego Workshop)
--Facilitation of the formation of collaborative test teams for
vendor specific components and systems (Ongoing-Approximately
30 teams formed to date)
Question 6. Who can join? Do you have to be an EPRI member? Are
there any exclusions?
Answer. EPRI's database and workshops are focused on the equipment
and systems used in the generation and/or transmission and/or
distribution of electric power. Therefore, any organization having
embedded systems and equipment that are similar to those found in the
electric power enterprise would find immediate value in becoming a
participant and would be eligible to join. The only other requirement
is that the joining organization agree to share its Y2K information
with the other participants. It is not necessary to be an EPRI member
to join. The only exclusions would be those organizations who are not
in the process of addressing embedded systems Y2K issues and therefore
do not have their own technical information to share.
Question 7. How many participants do you have?
Answer. At the present there are approximately 74 participants. We
anticipate that the eventual membership will be close to 100.
Question 8. Can I use the EPRI program to help my customers become
Y2K ready?
Answer. The database information is designed to address the needs
of the electric utility enterprise and is not designed to develop Y2K
readiness in utility customers. However, the database, vendor
information, and testing methodologies developed by the electric power
industry will have information of value to other industries that share
common equipment (many of whom are key customers). We recommend that
you encourage such customers to join the program.
Question 9. If I join the EPRI program will I still have to test my
own equipment and develop my own solutions?
Answer. The nature of each company's problems depends on its
specific applications and electronic hardware. Every utility should
test its mission critical equipment. Non-mission critical equipment
might be tested by groups of utilities; however, utilities must make
their own decisions on what and how much testing will be done based on
their own risk-based evaluations. Contingency plans for potential
failures also should be developed by each organization. To encourage
the candid production of valuable data, information provided through
the program is not warranted for any particular purpose within another
participant's organization. Testing of any equipment by EPRI is not
within the scope of this program.
EPRI's Year 2000 (Y2K) Embedded Systems Program
program milestones
09/97:
--Meeting with 42 utilities held in Scottsdale Arizona. EPRI asked to
put together a collaborative program of information sharing to
address Y2K embedded systems issues.
10/97:
--EPRI provides $200,000 ``seed money'' to initiate program.
--Program organization formed. Project plan and budget developed.
--Program announcement sent to all electric utilities and placed on
EPRI's public web site. Announcement stated that program was
open to any organization having information and willing to
share.
12/97:
--First Advisory meeting held in Atlanta, at Southern Company
offices. EPRI's project plan and budget approved. Web site and
data base schedule accelerated. Quarterly workshops requested.
--Web site and data base specification developed.
--Approximately 15 members.
01/98:
--Web site and data base design initiated. Web site activated in late
January.
--First Y2K Workshop and Seminar held in Atlanta, approx. 250
attendees.
--Second Advisory meeting held. EPRI's workscope expanded to include
vendor test teams (teams to visit key equipment suppliers to
develop consistent testing methodologies).
--Vendor Test Teams formed.
--Marketing brochure published.
--Approximately 45 members.
02/98:
--Data Acquisition Teams formed to secure utility and vendor
information for data base.
03/98:
--Data base fully functional. First data sets populated.
--Letter from EPRI's CEO Kurt Yeager sent to CEOs of utilities
encouraging them to collaboratively share technical information
about Y2K.
04/98:
--Over 100 data sources in database.
--Texaco, Chevron & Shell join Program as first non-utility
participants.
--EPRI and the American Petroleum Institute held inter-industry
discussions.
05/98:
--Second Y2K Workshop held in Dallas. Over 450 attendees.
--Third Advisory meeting held. EPRI asked to look into natural gas
issues, utility related telecommunications issues and to
increase emphasis on contingency planning.
Today:
--Approximately 74 members (see attached listing) representing over
70 percent of the electric sales in the USA and approximately
65 percent in all of North America.
--Advanced search capabilities fully implemented in data base.
--Y2K web site drawing over 6500 ``hits'' per month.
Future:
--6/98-8/98--Regional training on web site and data base usage.
--6/98--Web site chat rooms and bulletin boards on line.
--6/25--Workshop on Y2K legal issues, San Francisco.
--8/24--Third Y2K Workshop, San Diego: Over 600 attendees expected.
--8/27--Advisory meeting to approve EPRI's 1999 scope of work and
budget.
--Continuing--Add to and update information in data base.
--Continuing--Vendor Test Team meetings with key equipment suppliers.
______
Responses of Charles Siebenthal to Questions Submitted by
Chairman Bennett
Question 1. You mentioned that the testing of larger more
integrated systems such as distributed control systems have produced
conflicting results. Could you explain what you mean by conflicting
results?
Answer. We have knowledge of several utilities that have tested
their distributed control systems and associated control consoles for
Y2K readiness and experienced different results. Some have found no Y2K
impacts and others, using similar tests, have found problems. Since
these systems are of various software and hardware vintages and are
configured differently, software and hardware, more investigation is
necessary. Therefore, within the EPRI program, the utilities conducting
these tests are working together with the provider to understand the
differences in test results and the actions necessary.
Question 2. You noted the mutual dependence of the electric power
industry and the telecommunications industry. Do you have any thoughts
on how these two industries could work together to facilitate cross-
industry sharing?
Answer. All utilities have extensive private communications
systems. Utilities either own and operate their own systems, own part
and lease the remainder from others, or lease all of their
communications systems from other providers. Utilities will be testing
and correcting any Y2K problems within their own telecom systems just
as the telecom providers are doing. The industries could share test
data and vendor response data to insure that remediation processes are
based on the same perception of the problem. This collaborative
approach would benefit the nation. It is critical that at the
interfaces between the telecom service providers and the utilities, the
Y2K remediation actions of both sectors are compatible. This requires
that these two industry groups share remediation plans and mutually
agreed upon standards to minimize interface compatibility problems.
Within the EPRI program we are having technical meetings between
utilities and their telecom service providers to understand the
technical issues and identify potential joint actions.
Question 3. You made reference to the difficulties of sharing Y2K
issues within the industry because of fears about future litigation. Do
you have any suggestion on how the government might help facilitate
this problem?
Answer. The government could help facilitate information sharing
with regard to Y2K technical information by taking appropriate steps to
assure companies:
a. That sharing of such information in good faith will not be
construed as anti-competitive conduct under state and federal
antitrust laws. (We note that the Justice Department's approval
of the plan presented by the securities industry has
substantially alleviated these concerns with respect to
industry-wide programs such as EPRI's, provided the information
exchanged is limited as set forth in the ruling).
b. That technical and factual information about specific
products/vendors which is reasonably believed to be correct and
exchanged in good faith among those with a common interest in
remediating systems utilizing such vendors products cannot be
used as the basis of a trade libel claim by a vendor;
c. That technical and factual information about specific
products which is reasonably believed to be correct and
exchanged in good faith between vendors and customers with a
common interest in remediating systems utilizing such vendors
products cannot be used as the basis of a lawsuit against such
vendor (or some other action which will encourage greater
cooperation by vendors of products with embedded systems);
d. That technical and factual information about specific
devices, test plans and results, contingency plans and project
management techniques exchanged in good faith among those with
a common interest in remediating similar Y2K technical problems
cannot be used against the company providing the information to
establish lack of due diligence; and
e. That technical and factual information about specific
devices, test plans and results, contingency plans and project
management techniques exchanged in good faith among those with
a common interest in remediating similar Y2K technical problems
cannot be introduced into evidence against the company
providing the information by another who relied on that
information and suffered a negative event allegedly caused by a
Y2K failure.
We believe these measures would facilitate the exchange of
necessary technical information industry-wide and cross industries
without prohibiting the use of otherwise available evidence to prove
any of the types of claims mentioned.
Question 4. What types of embedded systems did the EPRI study focus
on?
Answer. The EPRI Y2K program is not a study conducted by EPRI, but
is a shared compilation of utility experience in finding, testing, and
remediating embedded systems problems. This body of information
includes all microprocessor based equipment normally found in electric
power generation, transmission and distribution systems, and
facilities. Generically it includes ``smart'' sensors, digital controls
and data acquisition systems, receivers, actuators, remote meter
reading systems, ``smart'' protective relays, environmental controls,
and timing devices of all kinds.
Question 5. Could you explain the legal complications that EPRI
encountered in trying to facilitate the sharing of information?
Answer. EPRI has encountered difficulty with the perception of
legal risk created by the possibility of each of the types of events
described in Question 3 above. We applaud those companies and their
legal counsel who determined that the need to share Y2K technical
information (subject to appropriate confidentiality agreements)
outweighed the legal risks--but it is likely that even these companies
would exchange a greater volume of information if they were afforded
the protections mentioned above.
Question 6. Concerns have been expressed that some utilities may
shutdown prior to the date change in order to protect their equipment
from potential Y2K related damage. How probable do you think this might
be?
Answer. I have no personal knowledge of any utilities planning to
shutdown generating, transmission, and/or distribution systems due to
Y2K. At this point it would seem to me that such a decision would be
premature. Shutdown of a base-load power plant is a time-consuming,
expensive action. Reliability and system implications need to be
understood. The North American Reliability Council is tasked by the
Department of Energy with looking at system-wide implications of such
decisions.
Question 7. Some utilities claim that their generation and delivery
systems are purely reactive to sensors and are not date sensitive.
However, critics maintain that even some chips which do not have a date
function can still experience Y2K related problems due to built-in
logic problems. Can you please comment on this?
Answer. It is possible for chips to have a built-in time function
which includes a year date, regardless of whether the year date is used
in the application. At this point, we believe that there is no reason
to assume that lack of explicit use of time in an application is
grounds for assuming the application is Y2K ready. We would recommend
that any such device considered to be mission critical should be
evaluated.
__________
Prepared Statement of Senator Gordon H. Smith
Mr. Chairman, I would like to first commend you and Senator Dodd on
your leadership on the Year 2000 problem.
The need to provide solutions for all Americans is urgent and I am
proud to have the opportunity to serve on this committee with you.
Today's hearing on the year 2000 preparedness of our nation's power
grid is extremely important. Everything is powered by our electricity
and gas industries--from the heat in our homes to the bright lights in
Times Square.
I look forward to the testimonies of our distinguished witnesses
about their year 2000 problem contingency plans and am hopeful that
these organizations can assure us today that they will be ready on
January 1, 2000.
Our witnesses are leaders on this issue and I would be particularly
interested in finding out how the energy sector is reaching out to our
small and rural power plants who desperately need resources to prepare
for this problem.
The large power plants are undoubtedly in the process of evaluating
their systems and preparing for renovations, but what about small rural
cooperatives? How will small rural towns, like Fossil and Depoe Bay in
my state of Oregon, be able to operate without any power? Are there
enough resources available? Is there a network of utility sectors
sharing information to begin implementing solutions now? Is there a
coordinated outreach program to educate and prepare everyone?
Whatever the operating systems are, whether they may be embedded
microprocessors in power generators or desktop computers, we need to be
sure we are ready for the worst case scenarios and begin testing our
systems now. There are just 567 days left. Let's work together and
answer these questions before the unthinkable happens.
Thank you Mr. Chairman.
__________
ADDITIONAL MATERIAL SUBMITTED FOR THE RECORD
______
Statement of the National Rural Electric Cooperative Association--
Computers and the Electric Power Grid
The National Rural Electric Cooperative Association (NRECA)
appreciates the opportunity to provide information on the Year 2000
computer problem as it affects electric utility systems. We appreciate
and commend the leadership of Chairman Bennett and the members of the
Committee on this critical issue.
nreca and electric cooperatives
The National Rural Electric Cooperative Association (NRECA) is the
national service organization dedicated to representing the national
interests of cooperative electric utilities and the consumers they
serve. NRECA's 1,000 member cooperatives serve 30 million people in 46
states (about 11 percent of the U.S. population). Most of the more than
900 distribution systems are consumer-owned cooperatives; some are
public power districts. NRECA membership includes other organizations
formed by these local utilities: generation and transmission
cooperatives for power supply, statewide and regional trade and service
associations, supply and manufacturing cooperatives, and data
processing cooperatives.
Electric cooperatives are:
--private, independent electric utility businesses,
--incorporated under the laws of the states in which they operate,
--established to provide at-cost electric service,
--owned by the consumers they serve,
--governed by a board of directors elected from the membership, which
sets policies and procedures that are implemented by the
cooperatives' professional staff.
ELECTRIC UTILITY COMPARISONS
----------------------------------------------------------------------------------------------------------------
Investor Publicly
owned owned Cooperatives \1\ Industry
----------------------------------------------------------------------------------------------------------------
Number of Organizations........................... 243 2,010 960 3,213
Size (median number of customers)................. 341,300 1,700 9,600 ............
Customers, percent of total....................... 75 14 11 ............
Revenues, percent of total........................ 79 13 8 ............
kWh sales, percent of total....................... 76 14 8 ............
Sales (billions kilowatt hours):
Residential................................... 751 149 142 1,042
Commercial.................................... 713 111 38 862
Industrial.................................... 766 148 54 968
Other......................................... 62 24 6 92
-------------------------------------------------------------
Total....................................... 2,292 432 240 2,964
Density (consumers/mile of line).................. 34.85 47.76 5.76 ............
Revenue/mile of line (dollars).................... $59,355 $72,255 $7,038 ............
Distribution plant investment per consumer
(dollars)........................................ $1,549 $1,503 $1,975 ............
Assets (dollars in billions)...................... $587 $158 $62 $807
----------------------------------------------------------------------------------------------------------------
\1\ 900 Distribution, 60 Generation & Transmission cooperatives.
kWh = kilowatt hour.
Source: 1996 Dept. of Energy/Energy Information Agency/NRECA Strategic Analysis. March 1998.
how electric co-ops are organized to get power to the people
There are two distinct types of electric cooperatives: generation
and transmission cooperatives (G&Ts) and distribution cooperatives.
G&Ts
As their name implies, G&Ts generate and/or transmit electric power
on the bulk, or wholesale, level of the market. G&Ts are cooperatives
whose members are electric distribution cooperatives. Those members are
the owners of the G&Ts. Most G&Ts own transmission lines and
substations. Some own or operate electric generating plants. Almost all
buy and sell power on the wholesale level to ensure that electric power
flows to ultimate customers safely and reliably.
There are 66 G&Ts whose membership comprises all but 250 rural
electric distribution cooperatives. Together, they own approximately
60,000 miles of transmission or distribution lines, 4,451 substations
and 53 own or have an interest in electric generation facilities.
Distribution Cooperatives
Distribution cooperatives ensure that electric power gets delivered
locally. Their members are families, individuals, and businesses of
every size and type, from campgrounds to doctors' offices to automobile
manufacturers. Distribution cooperatives build and maintain the
electric lines that reach to homes and businesses, ensure that rights-
of-way stay clear of growth that could affect power distribution,
ensure that power flows from a G&T or another source to the
distribution system's delivery points and on to consumers, meter and
bill for the service.
Distribution lines owned by rural electric cooperatives cover
seventy-five percent (75 percent) of the land mass of the continental
United States. Some distribution systems own substations or other power
delivery points.
More information on how electric cooperatives are organized and
operate is provided in Appendix A.
how the electric utility industry works
We have provided a non-technical attachment (Appendix B) that
outlines how electricity is created and provided to homes and
businesses nationwide. Briefly, there are three broad components:
generation, transmission and distribution.
Generation.--Facilities generate electricity using a variety of
fuels--the power of flowing water (hydroelectric facilities), nuclear
power, thermal plants that burn some type of fuel (coal, natural gas,
diesel, biomass), or renewable resources such as wind. Electricity
cannot effectively be stored in large quantities. It must be created in
real time, to meet immediate needs. Generation facilities are designed
with differing capacities to compensate for variations in electric
demand.
Transmission.--Facilities are wires that conduct electricity from
generating plants to substations and other delivery points. Their
voltages range from about 115 kV to 500kV. They are designed to carry
large volumes of electricity, often over long distances. Transmission
lines and substations are often referred to as ``the grid.'' Actually
there are four (4) regional grids in North America--the Eastern
Interconnection, the Western Interconnection, the Texas Interconnection
and the Quebec Interconnection.
Utilities within each grid buy and sell bulk power on both the spot
market and through longer-term contacts to ensure a reliable supply of
electricity to their customers. Transmission systems within each grid
are interconnected to facilitate such transactions. The 4 grids have
limited direct current (DC) interties and isolated back-to-back AC-DC-
AC interties to help facilitate elasticity between the large regions.
Distribution.--Systems generally operate at voltage below
transmission voltages, stepping the voltage down gradually through a
series of transformers until it is suitable and safe for end-use.
Distribution systems receive electricity at transmission or sub-
transmission voltages at substations and pass it along to the
distribution wires, either overhead or underground, that deliver the
electricity to the customer. Distribution systems often have load
management capabilities installed at substations or end-user facilities
including Supervisory Control and Data Acquisition (SCADA) systems and
peak shaving systems.
the year 2000 and electric utilities
At this time, the year 2000 (Y2K) problem breaks down into 3 basic
areas for electricity utilities: embedded chips, software and the
upstream/downstream supply chain.
However, the severity of the problem is not dictated by a utility's
corporate structure. Rather, the magnitude of the problem in each
utility will be defined by the number of digital controllers in its
facilities, the number of computer-controlled processes (billing or
power plant control, for instance), and the number and type of
interactions it has with customers and suppliers upon which the utility
relies for mission-critical materials and services.
All electric utilities are required, by virtue of the business they
are in, and in some cases by regulators, to plan for contingencies.
Hurricanes, tornadoes, ice storms, wind storms, blizzards, power plant
outages (both scheduled and unscheduled) as well as transmission
outages (scheduled and unscheduled) all continually test electric
utilities' ability to plan for and mitigate situations that affect
system reliability. Facilities are generally engineered to have manual
overrides or resets and may have redundancy built in to ensure that
``the lights stay on.'' Y2K, although a new challenge for the industry,
is not completely insurmountable--utilities can and are testing,
mitigating and ensuring that workarounds are in place.
Each electric utility has a different mix of facilities for which
it is responsible--some operate generation assets; others own no
substations. Each has a different mix of mission-critical software
applications, often dependent upon the facilities owned or operated.
Finally, all have some kind of interconnection with other utility
systems. Electric utilities are interdependent to ensure reliability in
the delivery of electric power. In order to be Y2K ``ready,'' each
utility will have to work with those who buy power from it, those from
whom it buys power, and the entities that supply the transmission or
distribution capacity that ensure that electricity gets where it's
supposed to.
NRECA agrees with The North American Electric Reliability Council's
(NERC) assessment regarding the reliability of the bulk power system:
``* * * distribution systems are generally radial from the bulk supply
network and cannot function without a robust bulk supply network or
Interconnection.'' \1\ Most NRECA members are electric distribution
cooperatives. No matter how prepared they are, if power suppliers
selling power to them experience extreme Y2K difficulties, these rural
electric distribution systems will be left high and dry and their
consumer-owners will be freezing in the dark come January 1, 2000. G&Ts
report that their Y2K mitigation efforts, including system and/or
controller replacement are well under way as of June 1998. However, it
is difficult to discern at this writing how much coordination has
occurred in the bulk power market. NRECA also agrees with NERC's
assessment that the nature of distributions systems' Y2K challenges
will become more apparent as NERC's bulk power project ramps up.\2\
---------------------------------------------------------------------------
\1\ Testimony of Michehl Gent, President, North American Electric
Reliability Council, before the Senate Special Committee on the Year
2000 Technology Problem, June 12, 1998, page 3.
\2\ Ibid., page 3.
---------------------------------------------------------------------------
What follows immediately are brief descriptions of points of
vulnerability to Y2K that could be experienced by rural electric
cooperatives and other electric utilities. To learn what steps
cooperatives are taking to meet the challenge, see ``What Rural
Electric Cooperatives Are Doing'' below.
Embedded Chips.--Date-sensitive chips are found in a variety of
electric utility facilities, including but not limited to:
--power plant control systems of various kinds
--electronic transmission/distribution relays
--substation meters
--Supervisory Control and Data Acquisition (SCADA) Remote Terminal
Units (RTUs)
Software.--At this writing NRECA's understanding of the software
aspect of Y2K is threefold: SCADA; load management systems and
automatic generation control; and billing/CIS.
SCADA
A SCADA system, or Supervisory Control and Data Acquisition system,
can control an entire distribution substation system. The automation is
controlled by a main terminal in the headquarters office, which works
with remote terminal units or RTUs. These RTUs communicate information
continually exchange information with the main terminal, giving real-
time data and immediate control. SCADA systems allow continuous
monitoring of the system to look for unusual patterns, receive
instantaneous load profiles or note the highs and lows of the day. This
allows load rotation as conditions dictate.
SCADA systems can also be used to open or close breakers or reroute
power as well as automate substation transformers, breakers, regulators
and switch stations. A SCADA system operator can monitor all of the
controls at the substations, check the status of communication
channels, and, most importantly, can open switches and back-feed the
substation from other sources to get most consumers on immediately when
an outage occurs.
Load Management Systems (LMS) and Automatic Generation Control (AGC)
Load management systems are used on a daily basis to plan and
schedule generation and transmission resources. Automatic generation
control adjusts generation levels across a system to compensate for
variations in demand. Both LMS and AGC are used by control areas and
the reliability councils to coordinate generation and transmission
resources. Many of those systems are not under the direct control of
rural electric cooperatives. Therefore, we will be relying heavily on
NERC's Y2K program to ensure that they are Y2K ready. Control areas
that are maintained by rural electric G&Ts will be participating
actively in NERC's program.
Billing/CIS
About 400 rural electric distribution cooperatives employ the
services of data processing cooperatives. They provide such services as
billing, accounting, payroll, automated meter reading, computer
hardware and software. While data processing and information technology
entities were the first to broach the Y2K problem, these systems are
not mission critical to the delivery of electric power. The lights
would stay on if billing or automated meter reading systems failed, but
consumers would eventually face billing and accounting difficulties if
Y2K problems in these systems were not solved. One data processing
cooperative stated that a possible solution to this would be to
estimate bills based on usage and billing history.
Upstream/downstream supply chain.--``Upstream'' suppliers for the
electric utility industry include coal companies, transportation
companies and equipment manufacturers. Each of these suppliers will
have to be coordinated with to ensure that supplies of fuel and
equipment are readily available to generating plants. Again, bulk power
reliability is the keystone of electric system reliability. Customers'
and suppliers' impacts on a given electric system can vary. A large
industrial load's suddenly entering or departing the local distribution
system can have severe consequences. Fortunately, utilities and large-
load customers plan for such events. Rural electric cooperatives will
need to coordinate management of such loads during critical times in
the Y2K rollover period.
specific y2k impacts
The ``Grid''
As mentioned previously, there are actually 4 grids. NERC, at the
request of the U.S. Department of Energy (DOE), has taken on the
challenge of Y2K in coordinating the electric utility industry's
reliability. We commend NERC for their swift, thorough response in
drafting the implementation plan presented to the Special Committee.
NRECA expects that its G&T members with generation obligations,
transmission responsibilities and control areas will also work closely
with NERC. Further, we pledge to work with NERC to ensure that rural
electric distribution systems are Y2K ready. However, NRECA cannot fix
the problem for individual distribution systems.
Upstream Suppliers of Bulk Power and Transmission
We expect that suppliers of bulk power and transmission also will
work cooperatively with NERC, their customers and suppliers to ensure
reliability. Y2K is not a competitive issue, nor should it be used as a
tool to advance a competitive agenda. As Deputy Secretary Moler stated
in her testimony, ``I do not believe that the Y2K issue should be
viewed as a competitive issue; it should instead be viewed as a
reliability issue.'' \3\ NRECA agrees.
---------------------------------------------------------------------------
\3\ Testimony of Elizabeth Moler, Deputy Secretary, U.S. Department
of Energy, before the Senate Special Committee on the Year 2000
Technology Problem, June 12, 1998, page 8.
---------------------------------------------------------------------------
The Nuclear Regulatory Commission's (NRC) thorough program of
communication, testing and inspection of nuclear generating facilities
seems well placed to ensure the safety and reliability of that
particular type of generating plant during the critical Y2K period.
With regard to power suppliers, NRECA member G&Ts report that
contacts are under way and ongoing to ensure that appropriate planning
for generation resources. We are encouraging all of our members to
contact power and transmission suppliers and engage them in planning
for Y2K as well as to seek assurances that power supply and
transmission capacity will be maintained. This will also necessitate
contacts with the Power Marketing Administrations (DOE), the Tennessee
Valley Authority, the Bureau of Land Management (Department of the
Interior) and the Corps of Engineers (Department of Defense) to ensure
that their respective generation and transmission facilities will be
Y2K ready and that appropriate contingency plans are in place.
In addition, NRECA will contact the Federal Energy Regulatory
Commission (FERC) and the National Association of Regulatory Utility
Commissioners (NARUC) to discuss power supply issues.
what rural electric cooperatives are doing
NRECA has initially focused on the G&Ts because of their intrinsic
role in the nation's bulk power system.
A ``snapshot'' survey of G&Ts was undertaken by NRECA in May and
June 1998, targeted specifically on the embedded-chip question. The
overall results show that G&Ts are aware of the Y2K issue, are
surveying equipment and facilities and making replacements as needed.
Contingency planning efforts also are under way. We consider this an
informal survey, and have assured our members that their
confidentiality will be protected. In addition, it is reasonable to
assume that legal counsel has advised rural electric cooperatives to be
circumspect in their responses to surveys and public statements
regarding Y2K due to the litigation threat.
SNAPSHOT RESULTS
[Aggregate results covering all 66 G&Ts, including those that own no
facilities]
Number of interconnections with power suppliers/ 795 at a minimum.
wheeling entities.
ESTIMATED Y2K budget 1998 ONLY.................. $17.7 million.
Number of substations owned by G&Ts............. 4,451.
Number of substations owned by distribution 3,373.
members of G&Ts.
Y2K inventories completed for transmission 51 percent.
equipment.
Necessary replacements made..................... 44 percent.
------------------------------------------------------------------------
Completion dates for transmission system Y2K projects range from
already completed in two cases throughout 1998 and 1999, with many G&Ts
planning for completion early to mid-1999.
48 percent of G&Ts operate power plants. Of those, 33 percent have
completed Y2K inventories, with replacements 26 percent complete. Y2K
projects at these power plants have completion dates ranging from
December 1998 throughout 1999. One power plant project has been
completed.
49 percent have contingency planning under way with completion
dates ranging from December 1998 throughout 1999.
It is important to keep in mind that not every embedded chip must
be replaced in order for a system to be considered ``Y2K ready.''
Different utilities have differing mixes of analog and digital
controls. Power plants and transmission systems with analog controls,
by definition, do not have ``embedded chip Y2K'' problems in those
systems. Therefore, no replacements are necessary. Further, it may be
more reliable and cost-effective for a given plant or transmission
owner to implement a manual override on a digital control system or
other ``analog'' workaround than to embark on a wholesale replacement
of digital controllers. Replacing chips prior to 1999 is not always the
only solution to a Y2K problem. Each G&T is different, and it is
reasonable to assume that they each will have a different Y2K
mitigation plan and contingency plan.
FERC Chairman Hoecker stated in his testimony before the Special
Committee during the hearing on June 12, 1998, that, although some
utilities and associations have promoted awareness and have shared
information about Y2K industry readiness, ``[t]he state of awareness
and planning of * * * cooperatives is less certain.'' \4\
---------------------------------------------------------------------------
\4\ Testimony of James Hoecker, Chairman, Federal Energy Regulatory
Commission, before the Senate Special Committee on the Year 2000
Technology Problem, June 12, 1998, page 4.
---------------------------------------------------------------------------
We assume that the Chairman's stated uncertainty resulted merely
from being unaware of what rural electric cooperatives are doing, and
was not intended to suggest a belief that cooperatives are less aware
of the Y2K issue or are unwilling to share information similar to the
information shared by other industry segments. NRECA nevertheless
intends to contact Chairman Hoecker to assuage his concerns, if any.
NRECA and its members will be contacting other federal agencies
outlined above and will be recommending to its members that they
contact state regulators and lawmakers regarding Y2K readiness. While
many co-ops are not subject to state regulation, we feel that is
prudent for rural electric cooperatives to share their information with
public officials in order to help dispel fear-mongering by ill-
informed, possibly unscrupulous parties. Public officials have some
tools at hand with which to assist utilities in achieving Y2K
readiness, the most important being the ``bully pulpit.'' However, to
use that tool effectively public officials need reliable, balanced
information. We intend to be such a source of information.
NRECA intends to provide updates to the Special Committee and other
Congressional committees as the need arises. We look forward to
continuing our work with the Special Committee.
To that end, NRECA is developing a snapshot of distribution
cooperative readiness as well as guidelines and checklists that will be
provided to all NRECA members. The guidelines and checklists will be
targeted at distribution systems. We anticipate having these resources
in place later this summer. Coupled with the wealth of information
provided by NERC, EPRI and other reputable sources, we hope that these
guidelines and checklists will make Y2K readiness a thorough and timely
process for our member systems.
In addition, NRECA is featuring reporting on Y2K in its
publications, conferences and meetings targeted at members. We are
working with allied organizations and insurers. We have posted a page
of Y2K resources on our web site (www.nreca.org).
Finally, NRECA is in discussions with EPRI regarding an
``aggregation plan'' for their embedded chip program. We applaud their
efforts in this area and are attempting to find a solution so that even
the smallest cooperative with the smallest budget can have access to
EPRI's Y2K embedded chip knowledge base.
NRECA cannot solve individual co-ops' Y2K problems. However, we can
and will provide them with information, contacts, opportunities to
share knowledge and to inform consumers, legislators, regulators and
other important groups.
what congress can do
As Deputy Secretary Moler stated, government cannot solve the Y2K
problem for industry.\5\ Only industry can prepare itself to be ready
for the millenium. NRECA's members, as a vital part of the nation's
infrastructure, intend to meet the Y2K challenge.
---------------------------------------------------------------------------
\5\ Moler, page 3.
---------------------------------------------------------------------------
Congress can play several instrumental roles in making it easier
for utilities and others to meet the Y2K challenge.
The bully pulpit first occupied by Senator Bennett and now, under
his leadership, the entire Senate Committee, is a unique and powerful
forum. We are encouraged by the balanced approach taken by the Special
Committee in its inaugural Y2K hearing on utilities. Congress can help
dispel rumor, calm hysteria and disseminate reliable information on Y2K
through its everyday activities including hearings, web sites, press
conferences, speeches both on the floor and before constituent groups,
town meetings and other constituent communications.
We are also encouraged by recent reports out of the Department of
Justice indicating antitrust waivers for industries and segments of
industries that wish to work together on the Y2K challenge. We will
pursue discussions with other electric industry groups and the
Department on this subject.
Congress can help smooth the path to Y2K readiness by enacting
liability protections specific to Y2K for critical infrastructure
industries like all electric utilities. Fear-mongering as well as
outlandish reports of some in the legal community yearning for Y2K
lawsuits can have only a chilling effect on the all-important
cooperation and information-sharing that will be necessary for Y2K
readiness. As NERC President Michehl Gent said, ``Any restraint in
sharing known Y2K problems and solutions will be a direct challenge to
the reliability of the electricity supply.'' \6\ It seems to us that
any threat to electric system reliability, especially one embodied in
lack of communication on Y2K, should not be tolerated by Congress or
regulators. We therefore respectfully request that Congress enact
liability protections for the electric utility industry including
electric cooperatives.
---------------------------------------------------------------------------
\6\ Gent, page 6.
---------------------------------------------------------------------------
Further, Congress can, through its oversight powers, act to
investigate competitive roadblocks thrown up by companies that directly
impinge on any electric utility's ability to be Y2K ready. While
regulators have similar oversight responsibilities, there is nothing
like the glare of the Congressional spotlight to discourage nefarious
activity. It is entirely possible that Congress could enact special
penalties for companies and organizations that refuse to supply or drag
their feet on supplying vital Y2K information to critical
infrastructure industries and for companies within those industries who
are reluctant to share information with possible competitors. Again,
such reluctance would be a direct threat to system reliability and as
such, cannot be tolerated.
While the outlook is unclear that this point, it is entirely
possible that Congress might need to enact a special supplemental
appropriation to deal with its own Y2K readiness, or that of specific
federal agencies. During such legislative consideration, it might be
appropriate to ensure that lead agencies under the President's Council
also have an Y2K fund that would lapse shortly after the critical Y2K
transition period expires.
Finally, Congress can help ensure that additional, onerous, time-
consuming regulations or certification requirements regarding Y2K are
not put in place by well-meaning regulators. Regulators cannot solve
industry's Y2K problems, but they can require paperwork, proceedings,
certifications, conferences and other activities that will merely
reduce the time, money and energy needed by industry to meet this
challenge.
conclusion
Y2K is a serious challenge for all electric utilities based on
their usage of software and digital controllers on generation,
transmission and distribution systems. The industry as a whole, and
rural electric cooperatives in particular, are working hard to ensure
that the nation's electric supply is ``Y2K ready.''
Bulk power system reliability, both generation and transmission is
the keystone on which distribution system reliability relies. A great
deal of coordination, spearheaded by NERC, will be necessary to ensure
that reliability is maintained. Rural electric cooperatives will play a
role in that coordination, both through their ownership of generation
or transmission assets and their use, as customers, of such assets.
Y2K work at co-ops has been under way, in some cases since 1996 and
will continue through the critical period. Rural electric cooperatives
are aware of the problem, are doing or have completed inventories, are
designing and implementing solutions and are or will be testing
solutions, all to do their part to meet the overall Y2K challenge.
While neither Congress nor regulators can solve Y2K problems they
can take some helpful actions:
--Continue to spotlight the Y2K issue for the country at large.
Congress, and more specifically, the Special Committee has a
highly visible forum on this issue. Congress can help dispel
rumor, calm hysteria and disseminate reliable information on
Y2K.
--Congress can help smooth the path to Y2K readiness by enacting
liability protections specific to Y2K for critical
infrastructure industries like all electric utilities. It seems
to us that any threat to electric system reliability,
especially one embodied in lack of communication on Y2K should
not be tolerated by Congress or regulators.
--Further, Congress can, through its oversight powers, act to
investigate competitive roadblocks thrown up by companies that
directly impinge on any electric utility's ability to be Y2K
ready.
--It is entirely possible that Congress could enact special penalties
for companies and organizations that refuse to, or are
reluctant to, supply vital Y2K information to critical
infrastructure industries and for companies within those
industries who are reluctant to share information with possible
competitors.
--It might be appropriate for Congress to ensure that lead agencies
under the President's Council also have an Y2K fund that would
lapse shortly after the critical Y2K transition period expires.
--Congress can help ensure that additional, onerous, time-consuming
regulations or certification requirements regarding Y2K are not
put in place by well-meaning regulators.
Appendix A--Additional Information About Cooperatives
facts at a glance
--About 900 electric co-ops serve 31 million people in 46 states.
--Electric co-ops serve more than 13 million businesses, homes,
schools, churches, farms, irrigation systems, and other
establishments in 2,600 of 3,128 counties in the U.S.
--Electric co-ops serve 11 percent of the nation's population,
accounting for 7.9 percent of kilowatt-hours sold and 5 percent
of electricity generated by the electric utility industry.
--Electric co-ops own and maintain nearly half the electric
distribution lines in the U.S., covering three quarters of the
nation's land mass.
--Electric co-op assets exceeded $67 billion in 1996.
--Co-ops serve an average of 5.8 consumers per mile of line and
collect annual revenue of approximately $7,000 per mile of
line.
--Investor-owned utilities average 35 customers per mile of line and
collect $59,000 per mile of line.
--Publicly owned utilities, or municipals, average 48 consumers and
collect $72,000 per mile of line.
--There are 900 distribution cooperatives.
--There are 60 G&Ts, owned collectively by their member distribution
systems.
net margins and capital credits
Cooperatives are operated to provide at-cost electric service to
the consumer-owners. Investor-owned utilities are operated to maximize
profit for the shareholders. A co-op's net margin above expenses and
reserves does not belong to the utility; it belongs to the individual
consumer-owners of the co-op. The margins must either be used to
improve or maintain operations, or be distributed to those who use the
co-op's products or services.
An individual co-op member's share of each year's net margin is
proportional to the amount of electricity that member purchased and is
booked to that member in a capital credit account. A member's total
capital credit is his or her ownership equity in the cooperative.
Capital credits can be returned to members in cash. Total yearly
capital credit payments of some larger co-ops may amount to several
hundred thousand dollars, a substantial return to the local economy.
rate regulation
In 16 out of the 46 states where there are distribution
cooperatives, approximately 250 co-ops are subject to some form of rate
regulation and approximately 636 are not rate-regulated. Regulation is
offered to protect the consumers' interest. Where co-ops are not
regulated, the states accept that electric cooperatives already have
effective regulation because the consumer-owners elect or defeat co-op
boards of directors, which have rate-setting authority. The Rural
Utilities Service also has rate approval authority over those co-ops
that are borrowers from RUS-administered loan programs.
cooperative principles
Cooperative businesses adhere to seven guiding principles:
1. Voluntary and Open Membership.--Cooperatives are voluntary
organizations, open to all persons able to use their services
and willing to accept the responsibilities of membership,
without gender, social, racial, political, or religious
discrimination.
2. Democratic Member Control.--Cooperatives are democratic
organizations controlled by their members, who actively
participate in setting policies and making decisions. The
elected representatives are accountable to the membership. In
primary cooperatives, members have equal voting rights (one
member, one vote) and cooperatives at other levels are
organized in a democratic manner.
3. Members' Economic Participation.--Members contribute
equitably to, and democratically control, the capital of their
cooperative. At least part of that capital is usually the
common property of the cooperative. Members usually receive
limited compensation, if any, on capital subscribed as a
condition of membership.
Members allocate surpluses for any or all of the following
purposes: developing the cooperative, possibly by setting up
reserves, part of which at least would be indivisible;
benefiting members in proportion to their transactions with the
cooperative; and supporting other activities approved by the
membership.
4. Autonomy and Independence.--Cooperatives are autonomous,
self-help organizations controlled by their members. If they
enter into agreements with other organizations, including
governments, or raise capital from external sources, they do so
on terms that ensure democratic control by their members and
maintain their cooperative autonomy.
5. Education, Training, and Information.--Cooperatives
provide education and training for their members, elected
representatives, managers, and employees so they can contribute
effectively to the development of their cooperatives. They
inform the general public, particularly young people and
opinion leaders, about the nature and benefits of cooperation.
6. Cooperation Among Cooperatives.--Cooperatives serve their
members most effectively and strengthen the cooperative
movement by working together through local, national, regional,
and international structures.
7. Concern for Community.--While focusing on member needs,
cooperatives work for the sustainable development of their
communities through policies accepted by their members.
[GRAPHIC] [TIFF OMITTED] T2JU98G.005
[GRAPHIC] [TIFF OMITTED] T2JU98G.006
[GRAPHIC] [TIFF OMITTED] T2JU98G.007
[GRAPHIC] [TIFF OMITTED] T2JU98G.008
[GRAPHIC] [TIFF OMITTED] T2JU98G.009