[Senate Hearing 105-692]
[From the U.S. Government Publishing Office]
S. Hrg. 105-692
TELECOMMUNICATIONS AND Y2K:
COMMUNICATING THE CHALLENGE OF
THE YEAR 2000
=======================================================================
HEARING
before the
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
UNITED STATES SENATE
ONE HUNDRED FIFTH CONGRESS
SECOND SESSION
on
GETTING TELECOMMUNICATIONS READY FOR THE YEAR 2000
__________
JULY 31, 1998
__________
Printed for the use of the Committee
Available via the World Wide Web: http://www.access.gpo.gov/congress/senate
U.S. GOVERNMENT PRINTING OFFICE
50-323 CC WASHINGTON : 1998
_______________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office
Washington, DC 20402
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
[Created by S. Res. 208, 105th Cong., 2d Sess. (1998)]
ROBERT F. BENNETT, Utah, Chairman
JON KYL, Arizona CHRISTOPHER J. DODD, Connecticut,
GORDON SMITH, Oregon Vice Chairman
SUSAN M. COLLINS, Maine JEFF BINGAMAN, New Mexico
TED STEVENS, Alaska, Ex Officio DANIEL PATRICK MOYNIHAN, New York
ROBERT C. BYRD, West Virginia, Ex
Officio
Robert Cresanti, Staff Director
Andrew Lowenthal, Acting Minority Staff Director
(ii)
C O N T E N T S
------
OPENING STATEMENT BY COMMITTEE MEMBERS
Hon. Robert F. Bennett, a U.S. Senator from Utah, Chairman,
Special Committee on the Year 2000 Technology Problem.......... 1
Hon. Jeff Bingaman, a U.S. Senator from New Mexico............... 3
Hon. Christopher J. Dodd, a U.S. Senator from Connecticut, Vice
Chairman, Special Committee on the Year 2000 Technology Problem 13
CHRONOLOGICAL ORDER OF WITNESSES
Judith List, Ph.D., vice president and general manager,
Integrated Technology Solutions Business Unit, Bellcore........ 4
Michael K. Powell, Defense Commissioner, Federal Communications
Commission..................................................... 18
John S. Edwards, Co-Chair, Network Group, the President's
National Security Telecommunications Advisory Committee........ 21
Diane Fountaine, Deputy Manager, National Communications System.. 23
Joseph Castellano, president, Network and Corporate Systems, Bell
Atlantic....................................................... 38
A. Gerard Roth, vice president, Technology and Systems, GTE, on
behalf of the TELCO Year 2000 Forum............................ 41
Ramu Potarazu, vice president and chief information officer,
INTELSAT....................................................... 44
Gary Beach, publisher, CIO magazine.............................. 46
APPENDIX
Alphabetical Listing and Material Submitted
Beach, Gary:
Statement.................................................... 46
Prepared statement........................................... 55
Responses to questions submitted by Chairman Bennett......... 57
Bennett, Hon. Robert F.:
Opening statement............................................ 1
Prepared statement........................................... 59
Bingaman, Hon. Jeff:
Opening statement............................................ 3
Prepared statement........................................... 60
Castellano, Joseph:
Statement.................................................... 38
Prepared statement........................................... 61
Responses to questions submitted by Chairman Bennett......... 64
Collins, Hon. Susan M.: Prepared statement....................... 65
Dodd, Hon. Christopher J.:
Opening statement............................................ 13
Prepared statement........................................... 65
Edwards, John S.:
Statement.................................................... 21
Prepared statement........................................... 66
Responses to questions submitted by Chairman Bennett......... 84
Fountaine, Diane:
Statement.................................................... 23
Prepared statement........................................... 85
Responses to questions submitted by Chairman Bennett......... 88
Kyl, Hon. Jon: Prepared statement................................ 90
List, Judith:
Statement.................................................... 4
Prepared statement........................................... 91
Responses to questions submitted by Chairman Bennett......... 97
Potarazu, Ramu:
Statement.................................................... 44
Prepared statement........................................... 99
Responses to questions submitted by Chairman Bennett......... 102
Powell, Michael K.:
Statement.................................................... 18
Prepared statement........................................... 104
Responses to questions submitted by Chairman Bennett......... 114
Roth, A. Gerard:
Statement.................................................... 41
Prepared statement........................................... 121
Responses to questions submitted by Chairman Bennett......... 124
Smith, Hon. Gordon: Prepared statement........................... 128
Additional Material Submitted for the Record
Statement from Hewlett-Packard Medical Products Group............ 129
Statement of Sandia National Laboratories........................ 132
TELECOMMUNICATIONS AND Y2K: COMMUNICATING THE CHALLENGE OF THE YEAR
2000
----------
FRIDAY, JULY 31, 1998
U.S. Senate,
Special Committee on the Year 2000
Technology Problem,
Washington, DC.
The committee met, pursuant to notice, at 9:33 a.m., in
Room 192, Dirksen Senate Office Building, Hon. Robert F.
Bennett (chairman of the committee), presiding.
Present: Senators Bennett, Collins, Smith, Dodd, and
Bingaman.
OPENING STATEMENT OF HON. ROBERT F. BENNETT, A U.S. SENATOR
FROM UTAH, CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 2000
TECHNOLOGY PROBLEM
Chairman Bennett. The committee will come to order. We wish
you good morning, and welcome to the fifth hearing of the Year
2000 technology problem. To date, we have held hearings on the
energy utilities, financial services industry, and health care.
Those who follow the committee's activities know that our
future hearings will include transportation, general government
services, and general business issues.
I am gratified to be able to report that the previous
hearings have produced some results. For example, last week's
hearing, which was on health care issues, exposed the fact that
many manufacturers of health care instruments have been
derelict in their reports to various government agencies, and
between last week and this week, there have been a deluge of
such reports. Apparently, we got some people's attention and
that is one of the main purposes of the committee and the
hearings. We hope that some beneficial results will come out of
today's hearing on the global telecommunications
infrastructure.
Let me begin the hearing by noting that this global
infrastructure is the central nervous system of modern society.
Daily, 270 million Americans depend upon this complex web of
voice, data, and video services that enable their telephones,
radios, fax machines, computer networks, and televisions and
other information appliances, including the pagers that call
the Members of the House of Representatives to come vote. We
had a failure in that system a little bit ago and the House was
forced to go back to systems of bells and hand signals and
they, frankly, did not quite know how to react. I am not sure
the Senate would do any better if our pagers were to go down.
Major national and international enterprises, such as
emergency response, national security, finance, transportation,
health care, government, energy distribution, and others are
critically dependent on reliable, 24-hour-a-day, 7-day-a-week
telecommunications. That is why this hearing is so important.
Without these services, our ability to receive, gather, and
respond to information would be as limited as it was for our
forbearers before Alexander Graham Bell invented the telephone.
Some critical enterprises which depend upon telecommunications
services include the National Weather Service, the Department
of Defense, the Federal Reserve System and Wall Street, the
National Airspace System, the American Red Cross's blood
service and the United Network for Organ Sharing, as well as
the national electric power grid. I can go on and on, but I
think I have made the point.
I have great concerns that our global telecommunications
infrastructure can ride out the millennium date change without
significant disruptions for three reasons. First, it is a
highly complex system of systems. The opportunity for a
breakdown in one place to ricochet around through other places
is very, very high.
Second is the fact that there is no identifiable U.S.
public or private body taking the lead on the global aspects of
Y2K telecommunications problems. Not only is it a complex
system of systems, it is multifaceted in its regulatory and
ownership structure.
And finally, the fact that to have successful
communications, both parties must be able to send and receive
information. It is not enough just to be ready yourself. So the
solution to this problem for those who are working on it
depends upon cooperation from others.
Now, with regard to the complexity of global
telecommunications, the sheer number of players illustrates the
problem. Today in the United States, there are five long
distance carriers, not including the growing number of long
distance resellers, five major national television
broadcasters, six Regional Bell Operating Companies, more than
1,000 small telephone companies, 16 communications satellite
providers, more than 4,500 Internet service providers, hundreds
of cellular phone companies, thousands of broadcast radio
stations, and over 11,000 cable service companies. This just
captures the infrastructure in the United States. It does not
include the thousands of large and small communications
equipment manufacturers.
Finally, it must be pointed out that this infrastructure
relies on hundreds of millions of lines of computer code. It is
too great a leap of faith to believe that all the elements of
an endeavor this complex will be ready at the stroke of
midnight just 17 months from today, especially in light of the
limited readiness the industry has shown to this committee so
far.
As for coordination and oversight of telecommunications,
let me note something from a 1995 National Research Council
report, and I am quoting, ``In 1984, it was clear what the
telecommunications information infrastructure was and who
defined it. It was, in essence, the telephone and broadcast
networks. The defining players were AT&T, the Federal
Communications Commission, and the broadcasters. You got only
the connectivity and services that were offered; compared with
what is available today, it was not much.''
``All of this has changed radically. Instead of being
defined by monopoly suppliers and regulators, the
telecommunications infrastructure has become more closely
defined by both market demand and an explosion of supporting
technologies that have been brought to the market by myriad
suppliers. There has been much movement away from a supplier-
defined infrastructure to a user-and market-defined
infrastructure.''
In this new world of telecommunications which has given
rise to a revolution of new services, no one party is charged
with the task of assuring the reliability and interoperability
of the entire network, and this is what has made the millennium
bug a much harder beast to squash, as it only has to show up in
one link in a communications chain to cause mayhem.
Finally, let me return to the two-way nature of
telecommunications. Simply put, if the long distance carrier is
up and running but the regional carrier is down, the long
distance call does not go through. If the Internet backbones
are working but the local Internet service provider is off-
line, the World Wide Web is inaccessible to the user. And if a
financial payment can be received in New York but cannot be
sent from overseas, the transaction will not occur.
Like it or not, there is a link-to-link connectivity that
starts locally, goes regionally, continues on nationally, and
finally ends internationally in this network upon which
telecommunications and the enterprises supported by
telecommunications critically depend. I am expecting today's
panel to tell us how they are going to take charge and address
this challenge. Getting telecommunications ready for the Year
2000 is a massive task that will require tremendous cooperation
and coordination, but it is a task we must complete.
I am informed that Senator Dodd is tied up in D.C. traffic.
I am sure the telecommunications industry controlling traffic
lights by satellite had nothing whatever to do with his problem
and that he will be here shortly and we will look forward to
his opening statement when he arrives.
We will go ahead with our first witness. We are beginning
with a staff presentation on the complexity and
interdependencies of global communication.
Senator Bingaman, I apologize. I was so wrapped up in my
own rhetoric, I did not see you come in. [Laughter.]
Senator Bingaman. I am sure that we all were, Mr. Chairman.
[Laughter.]
Chairman Bennett. I am sure that has never happened to any
other chairman before.
Senator, we welcome you this morning and would be happy to
have you make an opening statement.
OPENING STATEMENT OF HON. JEFF BINGAMAN, A U.S. SENATOR FROM
NEW MEXICO
Senator Bingaman. Mr. Chairman, you have made a very
excellent opening statement and I will just briefly say, I
think this is a very important hearing. I believe there are a
great many complexities that I do not begin to understand about
the telecommunications infrastructure that we all depend upon
for national security needs as well as our economic welfare. I
hope that this hearing will help to elucidate some of that and
I hope it will also help us to sort out who is doing what to
ensure that the system continues to function properly after the
first of January of the Year 2000. So thank you for scheduling
the hearing and I look forward to the witnesses.
Chairman Bennett. Thank you.
We will begin with a staff presentation on the complexity
and interdependencies of global telecommunications. Dr. Judith
List, vice president of Y2K Programs at Bellcore, a leading
supplier of telecommunications software and engineering
services, will describe the scope of the Y2K problem in the
context of the national and global telecommunications
infrastructure and she will identify specific vulnerabilities
facing the industry.
STATEMENT OF JUDITH LIST, PH.D., VICE PRESIDENT AND GENERAL
MANAGER, INTEGRATED TECHNOLOGY SOLUTIONS BUSINESS UNIT,
BELLCORE
Ms. List. Thank you, Senator Bennett, Senator Bingaman, for
inviting me to testify on how telecommunications networks could
be affected by the Year 2000 technology problem. I am Judy
List, vice president and general manager of Integrated
Technology Solutions for Bellcore.
Bellcore, an SAIC company headquartered in Morristown, NJ,
is a leading provider of communications software, engineering,
consulting, and training services based on world class
research. Our customers include major telecommunications
carriers as well as telecom companies of all sizes, both in the
United States and abroad. The business I head for Bellcore
provides Year 2000 services primarily in the telecommunications
industry, carriers and suppliers, financial institutions, and
power utilities.
In response to your request, I will focus today on what
Bellcore is doing for the industry concerning Year 2000 on
elements of telecommunications networks that could be impacted
by the Year 2000 problem, on the challenges of testing, on the
outlook for the problem as I see it, and on what positive steps
can be taken to help with the problem. I would be happy to
answer your questions during my briefing.
To set the stage, let me say that Bellcore has been working
on the Year 2000 problem since 1993, with concerted effort
beginning in 1995. Bellcore currently supports approximately
150 software system products that are installed in the networks
or operations of its licensed customer users. Those users
include top tier local exchange carriers, among others. The
software systems products include operation support systems and
network system that support provisioning, maintenance, and
other management functions for local telephone services. All
Bellcore-supported software system products either are now, or
will be by the end of 1998, Year 2000 functional.
We have also been actively providing our licensees and
other customers with Year 2000 information through information
kits, our website, and through customer meetings and forums.
Bellcore also worked with telecommunications carriers and
equipment suppliers to develop a set of generic requirements
for Year 2000 functionality. Bellcore's GR-2945 was available
to the industry on January 1, 1997.
In both private and public networks, as in software and
hardware computing systems, Year 2000 impacts are possible at
every layer of the computing infrastructure. That is, Year 2000
problems can be found in applications, operating systems,
databases, file systems, protocols, middleware, and hardware
platforms, as well as in the interfaces between interconnected
systems.
I would like to turn your attention to the chart at the
side of the room so that I can describe how calls are processed
through our communications network as a means of illustrating
where Year 2000 vulnerabilities are and where they are not.
Networks are large distributed computing environments. The
point that I would like to leave you with before I go through
the chart is that where we see Year 2000 vulnerabilities in the
network is not in the fundamental call processing and data
routing of information through the network. Rather, the
vulnerabilities are largely in the operations, administration,
and maintenance functions that support that fundamental call
processing, and I hope that by going through this chart and
following the path of a telephone call through the network that
you will understand that point.
Senator Bingaman. Could I ask you to be a little more
specific? Are you saying that the calls will continue to go
through but the ability of companies to track what they are
doing and all is what is in danger? They are not going to be
able to send accurate bills out and that sort of thing
afterwards?
Ms. List. Right. To set up a telephone call, from the time
somebody picks up a receiver on one end until it is connected
on the other end through the various switches and other network
equipment across various telephone carriers, carries very
little date information that is processed in order to set up
that call and establish that connection. The date-sensitive
processing that goes on is largely for billing purposes, to
provision the service, to maintain services so that you can
detect faults and alarms in the network.
Problems in those functions could ultimately impact the
ability to provide service. So, for example, if there is an
alarm condition in a switch and it is unable to be detected
because a technician cannot get into an administrative system
to look at the error log because passwords have aged, could
ultimately impact the ability for the switch to function. But
in terms of the actual setup of a call, from the time somebody
picks up a telephone until it is connected on the other end,
there is very little date-sensitive information that is
processed to set up that call.
Senator Bingaman. So you are saying that you do not expect
an interruption in the ability to use the telecommunications
system on the first of January of the Year 2000. What you do
think is that some of these embedded problems may cause the
system to deteriorate over a period after that, is that right?
Ms. List. That is the more likely scenario.
Senator Bingaman. Thank you, Mr. Chairman.
Ms. List. Thank you. Let me just orient you to the chart
initially. There are two large ovals that represent local
exchange carrier networks. In between them is an interexchange
carrier network, and I am primarily addressing a domestic
telecommunications network, although the points are applicable
to an international carrier, as well. In addition, we have
represented a competitive local exchange carrier in yellow that
we are representing as a wireless carrier.
On the top, in the light purple shading, are many of the
administrations and operations functions of a network--service
activation, the service ordering process, service assurance,
detecting faults and troubles and sending technicians out to
them, billing processes, a lot of the network management kinds
of capabilities.
On the far right, we have represented a portion of a large
commercial enterprise. This is not a complete private network.
What it represents is a call center network, where customer
service representatives might be taking calls, and in the
example that I will use, you could imagine this might be a
large mail order catalog company that is receiving a variety of
customer calls from customers and they are being routed to
different service representatives.
Chairman Bennett. Could we consider the pink portion the
U.S. Senate with all of its telephone calls?
Ms. List. Absolutely.
Chairman Bennett. OK. That will help us understand what
disaster awaits us.
Ms. List. There you go. The red boxes inside of the network
elements and the red lines between network elements indicate
where there is date-sensitive processing in the
telecommunications network. Analyses that we have done for our
customers indicate that 75 percent of voice networking devices
have date-sensitive processing in them. About 25 to 35 percent
of data networking devices have date processing in them. And
almost 100 percent of the network management devices have date-
sensitive processing in them. The question is, what do those
dates do?
What I would like to do is walk you through an 800 call
through the network so that you can see how calls are processed
through the network and where date-sensitive information comes
into play. In many ways, an 800 call is like a typical
telephone call. There is a little bit of added complexity to an
800 call because of the nature of that call that I will explain
in just a moment.
Let us say that the scenario is that a caller wants to
place a call to a mail order catalog or perhaps they are trying
to call into the Senate offices. The person picks up the
telephone. What happens is the switch detects that someone has
picked up the telephone and sends a dial tone to that
telephone. It happens in milliseconds. The person dials the
telephone number. Those tones are received by the switch and
the switch recognizes that this is an 800 call and that it
needs to do some special processing on the 800 call.
At that point, it sends a question or a query up to a
service control point, or an SCP. The SCP's function is to take
the 800 number and translate it into an actual destination
telephone number. Let us say that they are calling into
Washington and the actual destination is Washington, D.C., or a
mail order catalog company in Idaho, for example. It sends that
actual destination telephone number back down to the switch.
That is the special processing that goes on in an 800 call.
At that point, the call is treated very much like any other
telephone call. The switch knows, based on the area code and
the three-digit exchange, which end office switch to route the
call to across the network. Let us assume that it is a long
distance call. It goes through a local tandem to an access
tandem. The access tandem hands off the call to an
interexchange carrier. The interexchange carrier then hands off
to a local exchange carrier on the other end, back through
again an access tandem, a local tandem, to an end office
switch, and ultimately terminates at a private branch exchange,
which is a small private switch at the end user's site, whether
it is the catalog company or in the Senate offices.
The information that is used to set up that call is the
telephone number of the person who is calling, the telephone
number of the person who is being called, and there is date and
time information in that call setup message, primarily for
billing purposes. It is not used to actually establish the
call.
Where we see date processing is in the support functions
for the network, and these support functions may sometimes be
in the network equipment themselves, in the switches, the boxes
in the local exchange network where you see red marks, or it
may be in the support systems, the purple shaded areas as well
as the other green rectangles at the top, that support those
functions.
Let me again use 800 service. Eight-hundred service has a
service management system where when a large mail order catalog
orders service, they call into the telephone company and they
say, ``I want to get an 800 number.'' That order is processed
through a customer negotiation system service order and then
that service is entered into the service management system.
The kinds of things that are entered, an 800 telephone
number is reserved. It is reserved for a certain period of
time. Activation of that service may be scheduled for a future
date. All of that is date-related information that is important
in the support and providing 800 service, but it is not
directly involved in the processing of an 800 call itself.
In another instance, a billing example, for example,
telephone companies use date and time information to provide
detailed records to customers of their calling, as well as in
some instances to time the amount of the call or to use
different rates for daytime versus evening or weekends, et
cetera.
Senator Bingaman. I was just going to ask, taking the
example you are using, a 1-800 number that is reserved for a
period of time to a particular customer, if the system reflects
or does not accurately register the fact that you are now in
the Year 2000 and you are still within the right period of
time, would the customer's ability to use that 1-800 number be
lost?
Ms. List. That is a possible scenario. It is a 6-month
window that an 800 number can be reserved or scheduled up to be
activated within 6 months. If that 6-month period covers the
boundary over the millennium rollover, it is a possible
scenario if there is a Year 2000 problem that it could not
recognize--it may decide that that time period has expired. It
may not recognize that, in fact, the service should be
activated after that window.
I have discussed service activation processes as well as
billing processes. Another example is service assurance. If
there is a problem with a network element, it will detect that
problem and report it into a fault management system. The fault
management system does root cause analysis to determine the
cause of the problem and date and time information is passed
with that reporting of the trouble so that the network can
establish when the trouble was first detected. It then has a
trouble ticket issued.
All of those dates and times are important, for example, in
addressing service agreements that carriers may have with their
customers where they have to provide rebates if they do not
recover service within a particular period of time. So dates
and times are used in the fault management and network
management service assurance part of the network for those
kinds of purposes.
There also are scheduling dates and times that are used in
the service assurance part of the support systems. So, for
example, if a technician is required to go out and fix a
problem with some lines that are out in the field or at a
customer's premises, those technicians are scheduled and there
is date and time information that is involved in scheduling
technicians for resolution of those problems.
Finally, let me turn to E-911 service, which I am sure is
of particular interest. E-911 services are provided, in many
ways, very much like a regular telephone call. Somebody picks
up the phone to place an E-911 service. It is routed to the end
office switch. The switch recognizes that it is an E-911 call,
sends it out over special dedicated lines to an E-911 tandem,
and the E-911 tandem, which is a switch, then routes the call
to the appropriate public safety answering point, or PSAP.
PSAP's may be in county offices, they may be in police
departments, they may be in local fire departments.
Again, date and time information is passed along with the
E-911 call, primarily for record keeping in the call, not for
actual setup of that call. However, date and time information
is very important for the PSAP's because they date and time
stamp the record of when the call came in and maintain those
records on tape, primarily for emergency response recovery
time, as well as for legal reasons to have a record of the date
and time that an emergency call came in. So the PSAP equipment
has date and time stamping information that is important in it.
But the calls will terminate in much the same way that a
regular telephone call would flow through the network.
I hope this discussion has helped you to see where the Year
2000 vulnerabilities are in communications networks. So while I
indicated that a large proportion of network devices have date-
sensitive processing in them, that processing is primarily in
the operations, administration, and maintenance functions of
the equipment, not in the call processing or data routing
capabilities. However, if Year 2000 problems are not found and
fixed in these operations, administration, and maintenance
functions, they could impact service.
Bellcore has conducted assessments of network equipment in
a number of major domestic and international carrier networks,
as well as risk assessments of the networks of a number of
Fortune 50 companies. These analyses we have conducted on the
Year 2000 issues in network equipment have covered thousands of
voice and data products manufactured by hundreds of United
States and international companies. We have analyzed the data
gathered from a variety of sources, including manufacturers'
responses to questionnaires, information available on
manufacturer websites, and other publicly available sources. We
have gathered and analyzed this information in support of our
customers. We have not embarked on a comprehensive survey of
all carriers, large enterprises, or equipment manufacturers.
The charts at the side of the room summarize our analyses
of these data based on our experience, but they have not been
independently verified. The first chart covers voice network
products and shows for each quarter the percentage of
manufacturers who plan to have their equipment Year 2000
functional in that quarter. Combining the data from the third
and fourth quarters of 1998, 87 percent of the products we
surveyed are planned to be Year 2000 functional by the end of
1998. An additional 5 percent are planned to be Year 2000
functional by the end of first quarter 1999. Of the remaining 8
percent, there are 5 percent of those products that will never
be made Year 2000 functional, largely because they are
manufacturer discontinued products. The additional 3 percent
will be made Year 2000 functional sometime during or after the
second quarter of 1999.
The second chart refers to information on data network
products. Again, of the products for which we have collected
data, if we combine the first 2 bars, 91 percent of the
products are planned to be Year 2000 functional by the end of
this year. An additional 5 percent are planned to be Year 2000
functional by the end of the first quarter of 1999. And of the
remaining 4 percent, there are 3 percent of the products that
will not be made Year 2000 functional and 1 percent are planned
to be Year 2000 functional sometime during or after 1999.
Senator Bingaman. Could I ask, now, are these charts
indicating that that percentage of the products being produced
and sold are Year 2000 functional or that that percentage of
products in use are Year 2000 functional?
Ms. List. It is the percent of products of the
manufacturers that we have surveyed. So they are products that
are currently in the inventories of a number of domestic and
international carriers as well as a number of Fortune 50
companies.
Senator Bingaman. So you are actually talking about the
percentage of the equipment that is being used as part of the
infrastructure right now?
Ms. List. That is correct, the things that are currently
being used. But, for example, for equipment that is
manufacturer discontinued, if, in fact, it has Year 2000
vulnerabilities, it will need to be replaced in the network or
retired if the functionality can be provided by another piece
of equipment.
Chairman Bennett. Thank you, Dr. List. This has been very
helpful. Your full statement will be included in the record.
Just to reinforce a few things, on your first chart,
everything that has red in it has a date-sensitive problem?
Ms. List. Yes.
Chairman Bennett. So the deterioration that you talk about
over time could occur at any one of those points?
Ms. List. Potentially, yes.
Chairman Bennett. Potentially. So we know that problems are
everywhere.
Ms. List. Right. The data that we have says that about 75
percent of voice networking devices have date-sensitive
information in them.
Chairman Bennett. Seventy-five percent, if I got it from
your statement, of voice networking equipment is date-
sensitive, 25 to 35 percent of the data networking equipment,
and 100 percent of the network management services.
Ms. List. Close to 100 percent, correct.
Chairman Bennett. So it could strike anywhere. Now, I
think, given the size and complexity of the problems, it is
critical that contingency planning and disaster recovery be
implemented. You mentioned that in your statement. I understand
that, statistically, for every 4.5 code corrections that are
made in the telecommunications software code, one new error
occurs.
Ms. List. According to the Software Engineering Institute,
it is not just the telecommunications industry, it is software
development in general.
Chairman Bennett. Software in general?
Ms. List. Yes.
Chairman Bennett. That emphasizes the importance of
testing----
Ms. List. Absolutely.
Chairman Bennett [continuing]. To find those errors. Nobody
deliberately puts an error in every 4.5 lines of code. But
simply opening it up and fixing the code, you could go 30 lines
of code and have no errors, and then you could go two lines of
code and produce two or three errors, and statistically, it
works out that for every 4.5 lines of code that are fixed,
there is an error.
So while your second chart was encouraging, the number of
people who expect to have things compliant at a relatively
early date, the question that I have to raise is, do we have
enough time for testing? Could you address that before you are
through?
Ms. List. Certainly. The testing, manufacturers have
different definitions of what it means to be Year 2000
functional. I will talk about what Bellcore's approach is for
Year 2000 functionality just to give you a sense of what that
means for us.
We consider a product to be Year 2000 functional when we
have completed unit testing of the particular part of the
software code that has been changed, multiunit testing, so
looking at different modules of the software that need to work
together. We then do a product test in a clock rollover
environment, where we actually roll the clock over, the
millennium date, the leap year, a variety of other dates, and
then we do a capability test between our systems that interact
with one another in order to test those interfaces.
So when we say a system is Year 2000 functional, it has
gone through an extensive program of testing in order to
understand whether, in fact, we have addressed the Year 2000
problem in our software and whether there have been other
issues that have been introduced as a result of those fixes. So
testing is very important.
Ideally, you would like to test everything that you could
test, but that is not feasible, nor does it necessarily make
good business sense. It is a risk-benefit issue that needs to
be addressed. There is not enough time nor resource to test
everything. Even if we had started many years ago, there is not
enough time or resource to address everything.
What most companies are doing is addressing the most
critical systems first and then working through their inventory
and doing various kinds of testing, depending on how much risk
is presented by various pieces of equipment. Things that are
critical to the network, large network elements that provide
switching capability, for example, many companies are relying
on vendor testing, they are doing their own testing once they
get the equipment, they are doing interoperability testing to
make sure that the interconnections between that equipment and
other pieces of equipment are, in fact, functional, whereas
other types of equipment that may serve a much smaller role in
the network and may not be as critically involved in the
provision of services may not go through such an extensive type
of testing.
Chairman Bennett. Let me raise one more issue with you and
then we will turn to Senator Dodd. One of the areas where the
Year 2000 problem has already hit us is credit cards. In the
Christmas buying season last year, December 1997, people would
have credit cards that would have an expiration date of 00 or
01 and they would be rejected as having been 98 years out of
date.
I have talked with American Express, who has an obvious
interest in seeing that this gets fixed, and they said, we are
moving rapidly towards fixing the point-of-sale device--you
swipe the credit card in the point-of-sale device and it
works--and fixing our receiving device where that information
comes in and says, no, this really is a current credit card, so
we get that to work. But we cannot test the system, running a
credit card here and making sure it works there, until the
telecommunications system is up to Y2K standards because that
is the link between A and B, and even though we can certify
that A is Y2K-compliant and B is Y2K-compliant and the
telecommunications systems say the link is Y2K-compliant, we
are still not sure the system is going to work because the
three fixes might not talk to each other.
So it becomes imperative from their point of view that the
telecommunications system not only be Y2K-compliant by December
of 1999, but that it be compliant much earlier than that so
they can run their own tests on it to see to it that the whole
system works. Do you have a comment on that challenge?
Ms. List. Well, in your particular example, they are really
passing data over a telecommunications transmission facility
and they can do that today. If they have a Year 2000-compliant
device on one end and a Year 2000-compliant device on the other
end and they want to pass the information about the credit card
number and the expiration date----
Chairman Bennett. They can do the passing, but they cannot
do the hookup test to see to it that the way you, and by you, I
mean generically telecommunications, not you, Judith List, the
way you have hooked up your device is, in fact, going to work
with the way they have hooked up their device, because we go
back to this chart. There is a red square virtually at every
step along the way that may or may not hook up correctly with
their red square.
Ms. List. Right. But in trying to send this information
through the telecommunications network, nothing is done with
the date information that is being sent by the credit card
company to--from the point-of-sale terminal to the credit card
company. It is simply a set of bits that are being passed
through the telecommunications network.
In terms of the connections through the network, as I have
mentioned, the call processing part of the network has very
little date-sensitive processing in it. The carriers do need to
worry about the operations, administration, and maintenance
functions, but that is not directly involved in the point-of-
sale terminal sending that data to the credit card company.
Chairman Bennett. OK, fine. Thank you.
Senator Dodd?
Vice Chairman Dodd. Thank you very much, Mr. Chairman. Let
me first of all, apologize to you and others for being a few
minutes late coming in, and thanking our witnesses and
particularly thanking our colleague, Senator Bingaman. He and
his staff have done a terrific job in putting this part of our
overall set of hearings together here and focusing it.
I have a statement I want to make, but let me just ask you
something quickly, Ms. List. We have had a number of different
witnesses and trying to get sort of a set of common usages of
words or common language in this discussion is not an
insignificant problem. I have heard people talk about being Y2K
compliant, Y2K ready. You have repeatedly used the word
``functional'' in lieu of the words ``ready'' and
``compliant''. Should I read something different in the word.
Are functional and compliant synonymous?
Ms. List. People have varying definitions of compliance and
it has been used so broadly within the industry that there is
confusion about what compliant means. So Bellcore has chosen to
be very specific in what it means about being Year 2000
functional, which is the definition I provided in my testimony,
in order to make sure that it is clear what we are referring to
when we say a system and we warrant our systems as being Year
2000 functional.
Vice Chairman Dodd. Can something be functional and non-
compliant?
Ms. List. Well, it depends on what your definition of
compliant is. I mean, therein lies the problem. [Laughter.]
I mean, that is the problem. There are various definitions
and there are no standard definitions of what it means to be--
--
Vice Chairman Dodd. Could you be compliant and non-
functional?
Ms. List. It is possible, depending on what your definition
of compliance is.
Vice Chairman Dodd. OK. That is very helpful. [Laughter.]
I appreciate that very much.
Senator Bingaman. You ought to pursue a career in politics.
[Laughter.]
Vice Chairman Dodd. Maybe she already has. [Laughter.]
OPENING STATEMENT OF HON. CHRISTOPHER J. DODD, A U.S. SENATOR
FROM CONNECTICUT, VICE CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR
2000 TECHNOLOGY PROBLEM
Vice Chairman Dodd. Let me just make a couple of
observations if I could, Mr. Chairman. Again, I thank you
immensely. These have been so important, these hearings, and I
think shedding a lot of light on what needs to be done and
really pointing out the importance of these issues.
One of the reasons I was a little late getting in here this
morning was because of some traffic congestion all related to,
and I know everyone in this room and across the country feels
as strongly as all of us in this building do about the very sad
loss a week ago today of Officer Gibson and Officer J.J.
Chestnut, and this morning, as the chairman knows and Senator
Bingaman knows, there is a funeral for J.J. Chestnut. Again,
all of us, while we are having this hearing here and we are
focusing on this issue, all of us are very mindful, as well, of
the significant loss that all of us suffered last week with the
senseless killing of these two officers.
Second, Mr. Chairman, and I gather you mentioned this, we
had a pretty good hearing here a week or so ago on the medical
implications of the Y2K issue. I thought it might be worthwhile
just to sort of take a minute and bring you up to date on where
we are with all of that.
Chairman Bennett. I did mention it, but I think it would be
helpful if you have some specifics.
Vice Chairman Dodd. As you know, the chairman, as well as
myself, expressed our disappointment with the medical device
manufacturers who had chosen not to comply with either the Food
and Drug Administration's request for information or the
request from the Veterans Administration regarding these
medical devices and medical equipment.
In particular, Dr. Kaiser of the Veterans Administration
testified that there were 233 manufacturers who had failed to
respond to their requests for information about this medical
equipment. However, we have been informed, the chairman and I
have, that after he returned to the VA from this very hearing
room, his phone started ringing off the hook, and as of today,
the list of 233 has been reduced to a list of 99.
I also want to tell you, Mr. Chairman, that I met, as well
as you did, with the senior officials from the Health Industry
Manufacturers Association earlier this week, and at that
meeting, HIMA, as it is called, told us that they are going to
reverse their policy of non-cooperating with the Food and Drug
Administration's requests for information and they are going to
issue a letter early next week urging their 800 members to
cooperate with all requests for information.
There are a lot of other medical devices, but there are
2,700 manufacturers that may have Year 2000 complications. HIMA
represents 800 of that 2,700, so it is not all inclusive, but
they are urging very strongly their members to cooperate fully
with the requests from the Food and Drug Adminstration and from
hospitals and clinics around the country.
We have, after much unnecessary obstruction, I might point
out, from the Health and Human Services Agency, obtained from
the FDA the list of the 2,200 manufacturers of computerized
medical devices that have not responded to their June 29
letter. We are going to guard it closely right here for a few
weeks. I said I would earlier release that this week if people
did not start complying. They have, and we will wait another
couple of weeks to see whether or not the progress on that is
as good as it has been in the first week. If it is not, then my
intention would be to release the list of companies that are
not responding to these basic requests for information about
their equipment.
Chairman Bennett. They are not compliant or they are not
functional or they are not ready.
Vice Chairman Dodd. Well, maybe neither in this case. It is
hard enough to fix these issues and talk about them, but if the
companies are not letting the agencies know and the Veterans
Administration know whether or not their equipment is going to
work or not, that is just pretty standard stuff, if you cannot
even communicate with them. So we will see how it progresses
here over the next couple of weeks.
On this issue here, just very briefly, when it comes to
telecommunications, I guess the bottom line in some ways is
that the telecommunications industry will be collectively
calling, I guess, sort of 911, and if we do not deal with this
problem effectively, they could end up with a busy signal there
come January 1 and that is the reason for getting into all of
this issue this morning.
I will reserve, Mr. Chairman, the balance of the statement
for the record.
[The prepared statement of Senator Dodd can be found in the
appendix.]
Vice Chairman Dodd. I just would raise a couple of
questions here. One is, this is a unique problem in the sense,
and the chairman has already addressed it in part, in that
everyone else we have talked to gets a period for testing. We
have talked to people who say, well, we are going to do it on
weekends. There will be holidays when the businesses are down.
We can bring people in. We can spend a couple of days and
really run the traps on this. The problem in the sense of
telecommunications is there are no weekends off. There is no
holiday in which you can sort of take a break from all of this
and run systems to see how well they work. I am very interested
in pursuing the testing element of all of this and the
contingency ideas.
Second, I wonder if you might address the global questions
here, as well. As I understand it, this chart here represents
domestic systems, and that what you have not included here or
we have not included is the global communications. We have done
a lot of work on financial services, but utilizing global
telecommunications as a way of transmissions of major monetary
denominations and securities and the like, it seems to me, is
critical, and obviously, our systems link up--I presume they
do--with international communications systems.
If you had to take this chart and add a new egg, or
whatever you want to call those round pieces here, and put the
international quotient in there, how many red boxes would we,
to put it very sort of non-technically here, how many red boxes
would we see had we had an international communications
function included in this graph?
Ms. List. I would be happy to address both of those
questions. First, the testing one. You are absolutely right.
One of the challenges with telecommunications networks is you
cannot take them off-line to do testing and you do not want to
do testing in a live network. So the challenge is to find
enough facilities between various laboratories the carriers may
have, the suppliers may have, that other service providers may
have in order to do both stand-alone testing as well as
interoperability testing, because you not only want to test
individual networks, obviously, this is a complex
interconnected system and there is a need to do
interoperability testing between those systems.
I believe some of my esteemed colleagues on the industry
panel later on will be addressing some of their efforts with
regard to doing that kind of interoperability testing, but it
does pose a particular challenge for the telecommunications
industry.
With regard to international issues, the networks of
international carriers and of telephone companies within
particular countries do not look vastly different than the
interexchange carrier picture here or the local exchange
carrier picture in the sort of aqua shading in terms of the
ways in which those networks are configured. They have
switches. They have tandems. They have other network elements
that provide service. So they do not look terribly different.
There are different equipment manufacturers who are
represented largely in the international marketplace versus
some of the equipment manufacturers that are represented
domestically, but much of the functionality is the same. And
the way in which calls are processed also is very much
paralleled by the domestic picture that I have provided here.
So, again, in terms of actually setting up a call, there is
not a lot of date-sensitive processing that goes on in that
call setup. My concerns have to do with the general lack of
attention to Year 2000 in some parts of the world. It is not
just the telecommunications industry, it is the financial
industry, it is the bank, it is the public utilities, and that
those may have an impact on the ability of a telecommunications
carrier in another part of the world to be able to continue to
be operational, because they may have extended power outages or
they may not be able to pay their employees or collect revenues
and that may impact our ability to originate or terminate calls
in those parts of the world.
Vice Chairman Dodd. Just last on that, at some point here,
we joke about it a little bit, but we have got to have some
clarity here on the definition of terms. I tease a bit about
it, but I am not terribly comfortable with the notion that the
word ``functional'' that is being used here and what we mean by
``compliant'' and ``ready'' and what you mean by ``functional''
or what others mean by ``functional'' is disconcerting to this
one member. Maybe I am the only one, but it is troubling to me
that you have got a distinction between the words
``functional'' and ``compliant''.
Ms. List. It is really just a clarification issue. I mean,
if you read the definition, the definition says that our
systems will process dates in the same manner before the Year
2000 as after the Year 2000 and that they will process dates
over the leap year rollover. We also are very clear about what
our testing strategy is and the extent of the testing that we
do on our products before we will call them Year 2000
functional.
Our concern really is that there are very various
definitions of compliance, many of which we do not believe go
as far as our definition of functional does.
Vice Chairman Dodd. Is this the legal department that came
up with that word?
Ms. List. Of course. [Laughter.]
And it is better than Year 2000 hopeful. [Laughter.]
Chairman Bennett. Thank you. It is, indeed. It is, indeed.
Ms. List. I am waiting for people to start using that term.
Chairman Bennett. Senator Collins, we welcome you.
Senator Collins. Thank you very much, Mr. Chairman. I have
an opening statement that I would request be submitted for the
record.
Chairman Bennett. Without objection.
[The prepared statement of Senator Collins can be found in
the appendix.]
Senator Collins. I apologize for being unable to be here
earlier. I have reviewed the testimony of Dr. List and I
appreciate her being with us this morning.
Dr. List, in your written testimony, you talked about large
corporations being more attentive to the Y2K problems than are
small Main Street businesses. Now, obviously, a lot of the
telecommunications network is controlled by large corporations,
but certainly small businesses also have their own internal
systems. Could you comment and expand on your comment on what
the impact on small businesses will be with regard to the
telecommunications Y2K problem?
Ms. List. Yes. It really depends on what their own internal
network looks like. Many small businesses rely on the public
switch carriers to provide their telecommunications services
for them, in which case many of the things that I have
discussed in terms of the public switch network would address
the kinds of services that they can expect to receive after the
turn of the century.
Some small companies, though, do have some of their own
private equipment. They may buy or lease a private branch
exchange, which is simply a kind of switching system that
allows you to do four-digit dialing inside the office and those
kinds of things. They may have an automatic call distribution
system. For example, I would imagine the Senate does. When
calls come in, they may be routed automatically to different
Representatives who are service providers, who may be able to
answer questions or those kinds of things.
Those pieces of equipment do have some date-sensitive
information in them. For the private branch exchange, the small
switch, it is very similar to what a larger switch has. So it
may do some date and time stamping so that they can keep
records of when calls came in, how long they lasted, how
quickly they were answered. It may also do some administration
and maintenance functions on a scheduled basis that would carry
date and time information, and they would want to know that the
manufacturer who produced that equipment, if they bought it, or
the company who is leasing it to them is addressing the Year
2000 issues in that equipment so that it will continue to
perform those functions.
Automatic call distribution equipment is of particular
interest because there are automatic call distribution pieces
of equipment that do schedule changes of routing over time. Let
me give you an example. This is really for a larger company,
but I think the example may be applicable to smaller ones.
Some companies that provide customer service want to do it
on a 24-by-seven basis, so 7 days a week, 24 hours a day, they
want to be able to provide services, or they want you to be
able to order from their catalog anytime you want to. In order
to do that, they very often have call centers that are in
different time zones, and this automatic call distribution
equipment routes the calls depending on the time of day, day of
the week. That is date-sensitive information and that routing,
if the Year 2000 issues are not addressed, may not work
effectively when the rollover of the millennium happens.
The other places that you see date-sensitive information
are in voice mail systems. So, again, date and time stamping of
when messages are left, as well as in some of the routine
maintenance and operations functions.
Small businesses really need to be aware that there are
Year 2000 issues and work with their suppliers, whether it is a
supplier of public switch service, whether it is a supplier of
a piece of equipment, either on a purchased or leased basis, in
order to assess and address any Year 2000 problems they may
have.
Senator Collins. Is the telecommunications industry making
an effort to reach out to smaller businesses? Are suppliers of
the automatic call distribution equipment, for example,
contacting their customers to let them know that there may be
these problems?
I am fairly confident that large corporations are going to
be able to solve the Y2K problem, but I am very concerned about
small businesses that may be linked to larger companies and
what the impact will be on them. It seems to me there is some
obligation on larger companies, the suppliers in the
telecommunications industry, to do affirmative outreach. I do
not know whether a lot of small companies would even realize
they were vulnerable in exactly the way that you very
articulately explained.
Ms. List. Yes. I cannot really say whether, across the
board, companies are doing that. I think some of the members of
one of the later panels might be able to address the activities
that they have in place in that regard.
I can tell you that for our company, we are proactively
contacting our customers to let them know about the state of
readiness of our systems, our products, as well as to advise
them of some of the consulting services that we provide for
them, that they need to address Year 2000 issues in networks
that they are putting in place and those sorts of things.
Senator Collins. Thank you, Dr. List.
Thank you, Mr. Chairman.
Chairman Bennett. Thank you. We appreciate your
presentation. We anticipated that it would be a brief scene
setting and the interest of the members of the committee have
kept you here longer than you anticipated. We are grateful to
you.
Ms. List. Thank you.
[The prepared statement of Ms. List can be found in the
appendix.]
Chairman Bennett. We now welcome the Honorable Michael
Powell, Defense Commissioner of the FCC; Dr. Jack Edwards,
speaking for the President's National Security
Telecommunications Advisory Committee; and Ms. Diane Fountaine,
Deputy Manager of the National Communications Systems.
We appreciate your being here. You have heard the testimony
and the questions, so I think you have got a flavor now overall
of the main concerns that we have on this committee.
Commissioner Powell, we will start with you and welcome you
here to the committee. I will say that Commissioner Powell has
been to see me privately in advance of this hearing and we have
had conversations about this and he has made it clear the FCC
is anxious to work on this issue and he himself is going to be
available, and we are very grateful to you, sir, for that
willingness to help.
STATEMENT OF MICHAEL K. POWELL, DEFENSE COMMISSIONER, FEDERAL
COMMUNICATIONS COMMISSION
Mr. Powell. Thank you, Mr. Chairman. It is a pleasure to be
here, and Senator Dodd, it is good to see you. I have also met
with you prior to the hearing. And Senator Collins, I hope to
see you at some point at your desire.
I commend the Senate Special Committee on the Year 2000
Technology Problem for its active participation on this issue.
I welcome this opportunity to share with you what the Federal
Communications Commission has learned about industry efforts to
address the Year 2000 problem and to discuss the fundamental
importance of the national telecommunications infrastructure
and the potential impact of the Year 2000 problem on embedded
telecommunications networks and systems.
At the FCC, we are working to promote an effective public-
private, mission-oriented, partnership to ensure that users of
telecommunications services enjoy as close to the same level of
quality and reliability on and after January 1, 2000, as they
do today. We believe that the FCC can play an important role in
facilitating the development and dissemination of critical
information among carriers and to their key customers. Timely
dissemination of information will increase the sharing of
solutions, avoid duplicative testing, help companies spot
undetected problems, and reduce customer uncertainty and
anxiety.
We have developed and continue to work on strategies for
outreach and advocacy to all the industries we regulate,
including wireline and wireless telephony, cable, radio and
television broadcasting. We also have been looking into ways to
facilitate the development of effective contingency plans in
the event that a major disruption to the network should occur
under our authority and in cooperation with NCS.
Although we have Y2K programs for all the various
telecommunications industries, my remarks today will focus
mainly on wireline telecommunications carriers, and Mr.
Chairman, I would ask that my full statement be entered in the
record.
Chairman Bennett. Without objection.
Mr. Powell. Thank you. As an initial matter, it is
important to remember that no single entity owns or controls
the public switched telephone network, and this is part of the
challenge. In addition to the major telecommunications
companies that provide service to the majority of the country,
there are also 1,400 small to mid-size independent telephone
companies that serve many rural and insular parts of the
country, as well as U.S. territories and possessions. And each
of these companies is only one in a long chain of
interdependent companies required for the network to operate.
Without a doubt, the telecommunications network is a
tremendously complex and interdependent thing, and consists of
millions of interconnected parts.
As a result, the ways in which the Year 2000 problem could
affect telecommunications companies is almost unlimited.
However, I believe that with time and greater knowledge of the
scope of the problem and by maximizing the amount of
information available to all companies facing the Year 2000
problem, we will be able to better predict where and how the
problems in the network are likely to occur. In my role as
Defense Commissioner, I plan to work closely with the industry,
NCS, and the Network Reliability and Interoperability Council
to help attack these problems.
We have sent over 200 letters to major companies and
organizations in all sections of the telecommunications
industry, asking them about their efforts to become Year 2000
ready. In June and July alone, we organized eight informational
forums with representatives of different sectors of the
industry to facilitate information sharing and learn how the
FCC can further assist industry efforts to tackle this issue.
I also represent the Commission on the President's Council
on Year 2000 Conversion and co-chair the Telecommunications
Sector Group of that organization. In an attempt to better
facilitate communication, I have asked also representatives
from each of the communications industries to sit on that
group.
Our general assessment of the telecommunications industry
remains positive, much as Dr. List described. Our inquiry
letters, for example, asked 20 wireline carriers, accounting
for more than 97 percent of the country's access lines, to
report on their critical systems. We learned that, generally,
the carriers have completed their review of the inventory for
these systems. They have completed assessing the impact of the
Year 2000 problem on these systems and have set completion
dates for remediation, testing, and integration by the second
quarter of 1999.
The information we have received suggests that the major
U.S. equipment manufacturers also will be able to meet
projected demands for equipment. The manufacturers report that
most of their software and hardware products are already Year
2000-ready and have been made available to customers. They have
further targeted the end of this year and the first quarter of
next for general availability of all their products.
The major carriers also are cooperating on integration and
interoperability testing, as you heard. The Telco Year 2000
Forum has contracted with Bellcore and is already performing
integration testing on Year 2000-ready equipment. ATIS will
conduct inter-network interoperability testing in January and
February of 1999 and is also working with Bellcore.
The Network Reliability and Interoperability Council, NRIC,
as it is called, will also play an oversight role with respect
to testing. I would like to take this opportunity to announce
that, at our request, Michael Armstrong, the Chairman and CEO
of AT&T, has agreed to be the chair of NRIC. NRIC will play a
central role in our Year 2000 effort. We believe that that
organization will be invaluable in coordinating overall
testing, collecting and disseminating information, and advising
the FCC on the status of industry readiness, and assisting in
the facilitation and development of contingency plans. A
representative of NRIC will also sit on the Telecommunications
Sector Group of the President's Council.
While we have programs in place to work this problem, all
that we have observed is not comforting. With regard to the
independent telephone companies, it is important to note there
are some 1,400 of them that serve the rural and insular parts
of our country. The Commission is working continuously to find
ways to reach out to these companies and make sure that they
are aware of the problems and are taking steps to address it.
But that pales in comparison to our concern about
international telecommunications carriers. The United States,
Canada, and the U.K. are forging ahead, but we have many
profound concerns about carriers in other nations, especially
those in developing countries, that have not yet taken
necessary steps to prevent system failures. We have been
working independently to address this issue, as well as
monitoring the work of the International Telecommunication
Union.
In my role as Defense Commissioner, I have endeavored to
make sure that the FCC is ready to continue its own operations
in the event of national emergency. In this regard, the FCC's
Compliance and Information Bureau has been revising the
agency's continuity of operations plan as well as a plan to
maintain our ability to coordinate and grant special authority
to help companies continue operating in time of emergency. With
respect to national emergency plans, CIB is reviewing and are
updating these now. I will work with NCS and the industry to
continue to examine the appropriate role of the FCC in the
event of an emergency.
Without a doubt, I should say, the legal liability issue
which has been raised is a serious impediment and continues to
impede the flow of timely and candid information. We support
the efforts to pass legislation that would promote the exchange
of information by limiting the way such information could be
used against a company. I believe there is a significant role
to be played by the Congress and the administration with regard
to the legal liability issue and other barriers to information
flow.
As we move closer to the millennium, all of our concerns,
of course, become more acute. I believe that the FCC has begun
to establish the kind of inter-company and private-public
partnership that will facilitate the flow of information and
get it to those who need it most. It will also permit the
government to become aware of and respond to the needs of the
industry as they arise. Our national well-being is dependent
upon the reliability of the nation's telecommunications
networks, and government and industry must work together to
ensure that whatever disruptions occur do not lead to
widespread outages and failures. To that end, the FCC is
committed to taking whatever actions it can to facilitate the
industry compliance efforts.
Thank you, Mr. Chairman, for the opportunity to be here and
I am happy to answer any questions may have.
Chairman Bennett. Thank you very much. We will get to the
questions at the end of the panel.
[The prepared statement of Mr. Powell can be found in the
appendix.]
Chairman Bennett. Dr. Edwards, you may proceed.
STATEMENT OF JOHN S. EDWARDS, CO-CHAIR, NETWORK GROUP, THE
PRESIDENT'S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY
COMMITTEE
Mr. Edwards. Thank you, Mr. Chairman, for the opportunity
to testify here today on behalf of the President's National
Security Telecommunications Advisory Committee, NSTAC. I am
Jack Edwards, an Industry Executive Subcommittee member of the
committee and chair of its Network Group.
For the past 16 years, the Committee has worked jointly
with the National Communications System to advise the President
on national security and emergency preparedness issues
pertaining to the reliability and the security of
telecommunications and information infrastructure, issues
critical to national security and commercial interests. The Y2K
changeover is an urgent matter, Mr. Chairman, and it is at the
forefront of our effort.
In January 1998, the manager of the National Communications
System asked the NSTAC to update the President on the
telecommunications industry's actions to ensure continuity of
service through the millennium change. In response to this
request, the NSTAC's Network Group addressed the Y2K problem
and is developing a report on the efforts to prepare the
telecommunications infrastructure for Y2K, factors affecting
these efforts, and possible implications if these efforts are
not fully effective.
We broadly reviewed the telecommunications industry status
by soliciting briefings from interchange carriers, local
exchange carriers, switching system vendors, large-scale
systems integrators, and Y2K risk assessment and remediation
solution providers. We heard from all of these sectors.
Representatives freely reported to us as NSTAC promised to use
the information without attribution. Our report includes a
consideration of the current Y2K readiness of the major
telecommunications service providers and equipment vendors.
Efforts to make the telecom infrastructure Y2K ready are
well underway. In fact, the major service providers and the
vendors have been working on these issues for several years.
Those who briefed the Network Group on their Y2K initiatives
expect the majority of critical products and networking to be
Y2K ready between late 1998 and early 1999.
However, in spite of the resources being devoted to this
complex task, all agree that it is not possible to foresee and
test for every possible adverse interaction. Since Y2K
readiness preparation is a massive software augmentation, even
the most thorough, exhaustive efforts may fail to achieve 100
percent success.
No organization in private or government in its brief to
the NSTAC's Network Group offered a guarantee of total Y2K
eradication from its network, services, or systems. In
addition, these organizations could not offer guarantees of the
adequacy of the Y2K internetwork interoperability testing.
Compounding the problem, many felt that the millennium
change was not a January 1, 2000 problem, but could begin
before and extend well after that date.
The Network Group's Y2K report is pending final approval by
the NSTAC, so I apologize for being unable to make specific
comments on the Group's findings and recommendations at this
time. However, I can say that our report will recommend actions
for the President to enhance the Y2K readiness for national
security and emergency preparedness telecommunications and to
mitigate any impact of Y2K-induced service disruptions in the
nation's security and emergency preparedness posture. Further,
it recommends actions for the NSTAC to help the Government
respond to Y2K-induced service disruptions. When approved, the
recommendation will be forwarded to the President and
subsequently made available to all interested parties.
We have also been asked to comment this morning on the
NSTAC's 1997 report to the President addressing the probability
of a widespread telecommunications outage. While this report
preceded and is not directly connected to the NSTAC's current
Y2K assessments, it is highlighted today to convey our
understanding, contingency planning for, and recovery from a
severe telecommunications outage, should one occur.
For the purposes of the report, NSTAC developed a
definition of a widespread telecommunications outage.
Specifically, a widespread outage would be a sustained
interruption of telecommunications service. It would last for
at least a significant portion of a business day, interrupt
both local and long distance services in at least one region of
the country and including at least one major metropolitan area,
and significantly degrade the ability of other infrastructures
to function.
While we determined the likelihood of a widespread
telecommunications outage was low, the potential impact
warrants careful consideration. Service availability and
reliability are hallmarks of the telecom industry. With respect
to internetwork connectivity, there are agreements in place
amongst the carriers whereby, in the face of trouble, the local
exchange carrier can redirect traffic to an alternative
interexchange carrier. However, in the new regulatory
environment, business restructuring to accommodate competition,
the deployment of new technologies and the introduction of new
services do create unknowns. In this environment, it is
critically important to do nothing to increase the probability
of a widespread outage. Continual attention needs to be placed
to how these unknowns affect security requirements.
In all this, contingency planning is key. Recognizing there
can be no ironclad guarantee against a widespread outage, the
report offered several cost-effective recommendations for the
President and the NSTAC to further decrease the overall
probability of a widespread outage and to improve recovery
plans and procedures. These recommendations centered on the
coordination amongst the operators, improvements of software
integrity checking, and information sharing amongst the various
entities.
Our critical national infrastructure relies on a growing
and vital web of communications, computer, and associated
information technologies. Furthermore, the gamut of threats,
including those posed by Y2K, could disrupt critical
infrastructures, for example, electric power, on which the
infrastructure is highly dependent for sustained operation.
Understanding and addressing the interdependent nature of
critical infrastructures are immensely important to protecting
the Nation from unmanageable crises, such as a Y2K problem, and
must not be overlooked.
The NSTAC believes the telecommunications infrastructure is
robust and reliable, but even the most exhaustive efforts
cannot guarantee total eradication of problems from the network
services or systems. The NSTAC will continue to focus on
national security and emergency preparedness communications
problems and overall continuity of service in light of the Y2K
problem.
We appreciate the opportunity to testify today. The NSTAC
looks forward to sharing the results of the Y2K analysis with
you pending final consideration and approval of this report.
Thank you, Mr. Chairman.
Chairman Bennett. Thank you, Dr. Edwards.
[The prepared statement of Mr. Edwards can be found in the
appendix.]
Chairman Bennett. Ms. Fountaine, we appreciate your being
here and look forward to your testimony.
STATEMENT OF DIANE FOUNTAINE, DEPUTY MANAGER, NATIONAL
COMMUNICATIONS SYSTEM
Ms. Fountaine. Thank you, Mr. Chairman. Good morning to
you, Senator Collins, Senator Dodd, and Senator Bingaman. I
appreciate the opportunity to address you on behalf of the
National Communication System's Executive Agent, Defense
Secretary Cohen, and its Manager, Lieutenant General Kelley, on
the crucial role and initiatives that the National
Communications System is taking to meet the Year 2000 challenge
as it applies to national security and emergency preparedness
telecommunications.
The National Communications System is a confederation of 23
agencies across the Federal Government tasked with ensuring the
availability of a viable national security and emergency
preparedness telecommunications infrastructure. National
security emergency preparedness telecommunications are those
emergency communications required by the Federal Government
during the conduct of business under all conditions, including
and ranging from peacetime to national emergencies to
international crises or war.
The Manager, National Communications System, is also the
designated Federal official for the National Security
Telecommunications Advisory Committee, which was established in
1982 by President Reagan in anticipation of the divestiture of
AT&T. The Committee is limited to 30 Presidentially-appointed
senior executive industry leaders, often chief executive
officers, who provide the President with a unique source of
national security and emergency preparedness telecommunications
policy expertise and advice.
Mr. Chairman, the Office of the Manager, National
Communications System, shares in the concerns expressed by this
committee relating to the Year 2000 compliance issue. In
addressing the Year 2000 issue, we are focusing on three
primary areas: First, on the national security emergency
preparedness capabilities that we contract with the
interexchange and local exchange carriers to develop and
maintain in the commercial public networks; second, on the
overall voice services in the public networks which are the
primary foundation of national security emergency
communications; third, on the contingency plans that we follow
during a national security or emergency event.
First, let me address the unique capabilities that we have
implemented in the commercial network for national security
emergency telecommunications. We have contracted with the
primary interexchange and local exchange carriers to develop
and implement a capability in the public network to identify a
priority national security or emergency call and then give that
call priority treatment through the network. This Government
emergency telecommunications service allows national security
and emergency response users to use a dedicated area code, 710,
to receive priority switched voice and voice band data service
in the public switched network.
In addition, for a Federal user or a federally-sponsored
user who requires priority restoration or activation of a
telecommunications service for national security or emergency
reasons, we have implemented the telecommunications service
priority system. This system allows us to identify to the
telecommunications companies the circuits which should be given
priority during activation or restoration.
Testing of the telecommunications service priority system
for Year 2000 compliance can be conducted independent of the
live public network and has been completed. Minor problems were
discovered which are being corrected. Because the Government
emergency telecommunications service capabilities are internal
to the operational switches in the networks, we will test those
functions in a test network.
To achieve this, we are collaborating with the Alliance for
Telecommunications Industry Solutions, which is establishing a
Year 2000 test network that will emulate major portions of the
public switched network. The Government emergency
telecommunications service testing requirements were outlined
at the last meeting of the Alliance's network testing
committee, which was held in June. They accepted the proposed
scenario for Government emergency telecommunications service
testing and requested further details to include a draft test
script and an implementation summary, which we will present at
their next meeting in August. Bellcore is assisting us in this
effort and this testing should be completed in March of 1999.
Specific testing will include the ability to recognize the
710 area code and successfully complete priority calls end-to-
end over local and interexchange carrier networks. While the
scope of this government emergency telecommunications service
testing is limited, it does provide us with a single test bed
of our major service providers and the benefits gained from
internetwork testing among several major carriers in the U.S.
telecommunications infrastructure are substantial.
To assess the overall voice services required for national
security telecommunications, the Manager requested that the
National Security Telecommunications Advisory Committee focus
on the Year 2000 issue as it relates specifically to national
security, emergency preparedness, and the national
telecommunications infrastructure. The committee's Network
Group has completed the initial assessment of this subject, as
you have heard from Dr. Edwards, who is the Network Group's
chair. This report will be reviewed by the National Security
Telecommunications Advisory Committee principals at their
upcoming meeting on September 10.
As I indicated earlier, in implementing special national
security emergency capabilities in the public network, we chose
the major interexchange service providers and the primary local
exchange companies.
Based on information gathered by the National Security
Telecommunications Advisory Committee Network Group and
discussion with individual companies, we believe that there
will be little or no interruption of service from these major
service providers due to the Year 2000. While the individual
companies are conducting extensive network element testing and
intranetwork interoperability testing, the biggest challenge,
we believe, for all of these companies will be the testing of
their networks' external interfaces, both domestic and
international. Ensuring the interoperability of these various
solutions is critical, particularly in a system as complex as
the U.S. telecommunications infrastructure, and this is why the
Alliance for Telecommunications Industry Solutions internetwork
testing is so important.
Even though we do not expect a major telecommunications
service interruption resulting from Year 2000, we are putting a
great deal of emphasis on proper planning for a contingency in
this area. In 1983, we established an operations center,
staffed by both government and industry personnel, for the
coordination of telecommunications required during a national
security or emergency event. The National Coordinating Center
for Telecommunications is reviewing current operational
response procedures and the existing national
telecommunications coordinating network, looking for variations
to current process or backup connectivity that might be
peculiar to the Year 2000 problem. For example, we may add
connections to software experts from the telecommunications
switch manufacturers which, up until now, we have not done.
Since 1992, we have had a system for communications with
key telecommunications locations that is independent from the
public network and we use primarily high-frequency radio
capabilities. We are now augmenting that capability with
additional non-public network and satellite communications
connectivity among critical national security emergency
preparedness operational sites, major service providers and
equipment manufacturers. This additional connectivity will
allow us to coordinate with the telecommunications industry and
key Federal operations centers in the event of service
disruption resulting from Year 2000 complications.
Additionally, we are adding a state-of-the-art capability
to cross-connect various communications media that will be
available in the coordinating center by the end of this Year.
This capability will extend to our continuity of operations
site in the event relocation out of this area becomes
necessary.
In conclusion, Mr. Chairman, we are working with the
National Communications System Federal agencies and departments
and the National Security Telecommunications Advisory Committee
member companies to provide continuous national security,
emergency preparedness telecommunications services prior to,
through, and beyond the millennium change. While we have
accomplished a lot, there is still much to be done,
particularly regarding internetwork Year 2000 testing and
contingency planning. I would urge the committee to support the
efforts underway in the telecommunications industry and
continue to stress the importance of internetwork
interoperability testing as this work progresses.
Mr. Chairman, this concludes my statement on our efforts
toward solving the Y2K problem and I would be happy to take any
questions that you have at this time.
Chairman Bennett. Thank you very much.
[The prepared statement of Ms. Fountaine can be found in
the appendix.]
Chairman Bennett. We have had so far today a picture that
is basically reassuring. That is, yes, that this is a serious
problem. Yes, it is very complicated and very complex, but we
are pretty much on top of it and we are going along just fine
and, basically, we are going to be all right.
I hope that is true, but I have to share with you before I
get to specific questions some of the reactions of people
outside looking in on the telecommunications challenge. In an
earlier hearing by this committee on financial services, one of
the witnesses, Tanya Bader, who is a principal in the Capital
Markets Advisors Financial Group, said, and I quote, ``Most
large financial firms conduct 80 percent of their transactions
electronically and 25 percent or more of their transactions in
the inter-bank market. To summarize the remarks that many Y2K
chiefs have in this area, `We do not have a clue.' This leads
me to conclude that reliability in telecommunications is a Y2K
wild card.''
Now, I have to add that Ms. Bader was one of the more
thoughtful and well-versed witnesses that we had appear before
this committee. I hope she is listening to this and I hope she
will be reassured by this panel that that demonstrates that
there is at least that aspect outside the telecommunications
industry that is concerned.
Now, another one from overseas. This comes from the Year
2000 task force chairman in the United Kingdom named Ron Balls,
addressed to our committee staff. He says, ``Further to our
discussion, please find associated a copy of the ITU
questionnaire. As you can see, this was sent out on April 17
with a request for information by May 25. Responses from the
USA have been poor so far in terms of the number received and
the reference to the legal position. I would like the FCC to
take an active role in assuring that we receive quality
responses from, (A) U.S.-based carriers, (B) U.S.-based
regional operators, or RBOCs, and to consider how best to deal
with the USA local operators. The intent is to publicize the
general position of each operator on the ITU external web site
within the next 2 weeks and continue to update this as more
information is received. I hope this assists,'' signed by Ron
Balls.
There is a little bit of a disconnect here, of the
perception outside of the telecommunications industry and the
rather rosy picture we have received today. So against that
backdrop, let me say, Commissioner Powell, you mentioned in
your statement that the FCC had sent out letters of inquiry to
200 major companies and organizations, asking them about their
efforts to become Year 2000-compliant. Can you tell us when you
sent those letters out and how many of those 200 organizations
that responded?
Mr. Powell. Senator, it has been a rolling process, but the
vast majority of the letters went out in May and the beginning
of the summer. Let me break them down for you, because that 200
covers all the industries we regulate.
With respect to wireline carriers, we sent out 20 letters
to the top carriers that cover more than 97 percent of the
country's total access lines, and one thing I am pleased to
report is we have a 100 percent response rate from that
category, so we have received letters from all 20.
Other areas are not as responsive, but somewhat
encouraging. With respect to mass media, which is broadcasting
properties, television and radio, we have about a 31 percent
response rate. With respect to wireless telecommunications
systems, which would include about 53 wireless commercial and
private entities, and another segment which we worry about
quite a bit, the public safety community, we sent another 55
letters. With respect to the commercial and private wireless,
we received to date only 11 responses. With respect to----
Chairman Bennett. Eleven out of how many?
Mr. Powell. Fifty-three. Wireless is one of our areas of
concern, for obvious reasons.
Chairman Bennett. So that is about 20 percent.
Mr. Powell. Yes. Public safety is even of greater concern.
This is not an entity we specifically regulate, but it is an
area we are concerned about because they operate a lot of
privately-held wireless equipment. This is fire departments,
police departments. We got 1 response out of 55.
What this helps us do is understand where there needs to be
a much more dramatic outreach effort. We tend to see that,
often, lack of responses is a result of lack of awareness and
lack of understanding of how to respond, so we are going to try
to do something to ramp up our efforts with regard to that last
segment.
Chairman Bennett. Thank you. I will reserve my time and we
will go to Senator Bingaman, who has made this something of a
specialty, and we are grateful to him for his expertise on
this.
Senator Bingaman. I do not claim any expertise, Mr.
Chairman. I have an interest.
Let me ask about the extent of the interoperability
testing. I think the previous witness testified that this was
very important and we needed to have more interoperability
testing. I think that was one of the recommendations that
Bellcore has made. How extensive is this testing at the present
time? Who should I ask that to, Dr. Edwards?
Mr. Edwards. Thank you, Senator Bingaman. In our
information gathering in the Network Group, we had occasion to
hear from several interested parties and one of the things that
comes to mind earlier in remarks, contrasted--taking systems
off-line and testing them in the telephone industry, you do not
have that luxury. There are two things that come to my mind.
One is that the telecommunications business is--the
programs are complex, but they are very single-minded and the
main function is to make phone calls happen. Changes come
rather slowly by comparison to changes in other kinds of
programs that you might buy commercially.
We had testimony or a report in our group from a
corporation which was doing Y2K remediation testing in the non-
telecom market. They indicated a difficulty because when they
went to test the systems, the systems owners and operators
really did not know what they had because they had been
modified over the years. Things had been added, features had
been changed and modulated.
In the telecom industry, features are added very carefully
and tested very carefully. We do a complete regression testing,
where we have a set of test conditions and if you change
something in the program, you have to repeat the test over the
total path of this. Consequently, all of the people that came
to our committee told us how much resource was devoted to just
sheer testing, because once the systems are returning to the
service, you do not have the luxury of turning them off and
trying it again, so the testing is terribly important, as you
will hear from the next succeeding panel. They will go into
that in great detail, I am sure.
But there is a very good contrast between the telecom
example and the non-telecom example in that the first step they
had to do in the non-telecom example is to find out exactly
what they had, to develop a regression test, because it is one
thing to fix the Y2K and get that right, but you may change
something else. The comment about the errors, the errors that
you introduce are not always in the code you are changing. You
can introduce an error which shows up over someplace else, and
unless you test the entire system when you are done, you cannot
be sure. It may be Y2K-compliant, but it may fail for some
other reason later on because you introduced a spurious error.
So testing is terribly complicated and has to be done with the
entire system under test.
Senator Bingaman. What I am trying to figure out is how
much of this interoperability testing ought to occur and how
much of it has occurred or is occurring? I mean, have we done
10 percent of what ought to be done? Have we done 90 percent of
what ought to be done? I guess that is where I trying to----
Mr. Edwards. As you will hear from the next two panels, the
Y2K Forum people and the ATIS people both came to our group,
testing is proceeding this fall up through February.
Senator Bingaman. Now, ATIS, I was led to believe, only
involves a very few companies. Am I wrong about that?
Mr. Edwards. Well, the testing is interoperability testing
amongst the local exchanges and interexchange carriers.
Senator Bingaman. I will wait and hear from the
Commissioner. Mr. Powell, did you want to say something?
Mr. Powell. Yes, just to help clarify a little bit. There
really are two testing forums. There is the Telco Year 2000
Forum, which is a coalition of the major local exchange
carriers. This would be Bell Atlantic, Ameritech, the sort of
large local exchange carriers, and they are primarily focusing
their testing efforts--and they are here on the second panel
and you can ask them with specificity--they are testing the
components and the intra-network operations. And then,
essentially, there is sort of this roll-up to the
interoperability testing, which is being facilitated by the
ATIS forum.
The Telco Year 2000 Forum's testing efforts are presently
underway and will continue, I think, for the rest of this year,
and then that will turn to the interoperability testing phase
with ATIS beginning in January and hopefully concluding in
February.
ATIS is an extensive organization. It includes not only
local exchange carriers to some degree but it also includes the
majority of the long distance carriers. It includes equipment
manufacturers. Believe it or not, it also in some respects has
other kinds of service providers, like cable representatives,
et cetera. It is a very--a pretty extensive organization, the
interoperability testing element.
Senator Bingaman. Let me ask Dr. Edwards one other issue
here. In the recommendations that NSTAC makes, you have one in
here, the second one, I believe, to remove the legal and
regulatory obstacles for widespread outage recovery, and
underneath that you say it was recommended that the President
encourage the FCC to guard against premature implementation of
unseasoned technologies that might contribute to the
possibility of a widespread outage.
Does the FCC have the authority and the capability to guard
against the implementation of unseasoned technologies? That
seems like a pretty tall order, to me.
Mr. Edwards. Yes.
Senator Bingaman. Yes, they have got the authority, or yes,
it is a tall order?
Mr. Edwards. Yes, it is a tall order. [Laughter.]
What we were trying to do there is concerned with how new
technologies and new entrants come into the business, and I
think it is more at that level. As competition arises, we are
concerned that it be expanded in a careful, rational method and
the possibility for entrants into the marketplace that are not
careful, that bring in untested technologies, is one that could
cause some concern to us, and that is the reason for the
recommendation.
Senator Bingaman. I can share the concern. I guess I just
have never thought the FCC was staffed and equipped to perform
that function. Commissioner Powell?
Mr. Edwards. I think we hope that the NRIC will help
provide some rationalization in that area, not the FCC itself,
necessarily, but the FCC with the help from the NRIC, which is
looking into security issues and robustness issues.
Senator Bingaman. Let me just ask Commissioner Powell, is
there any capability to do this in the FCC or anywhere else
that you know of? Is there any governmental entity that is
taking on the job of guarding against premature implementation
of unseasoned technologies? That is an interesting concept.
Mr. Powell. Yes, Senator. Candidly, not really, in the
sense that there is little in our economic regulatory authority
that allows us to prevent the introduction of new technologies
by private carriers in a competitive environment, and the
strain is even greater as we implement the Telecommunications
Act of 1996, which expressly contemplates, as the will of
Congress, the sort of greater increased deregulation and lesser
input on the business decisions about the deployment of
technologies. So we, as a large measure, have a technology-
neutral policy, and even if we did not, we would have an
incredibly limited ability to prevent the introduction of new
goods and services in the market.
I would also say I am not so sure you would always want to
do that. A lot of the new and advanced technologies that are
bringing great benefits to consumers also potentially provide
new solutions to problems that might be more acute in the
legacy systems.
I think the concern is a valid one, though. That is, we
want to be sensitive to the hastiness that sometimes excitement
about new competition can bring. But beyond articulating the
concern, I have a hard time understanding practically how the
FCC could sort of execute that recommendation.
Senator Bingaman. Let me ask one other question of you,
Commissioner Powell. You are the Defense Commissioner, correct?
Mr. Powell. Yes.
Senator Bingaman. Could you tell me what authority that
office carries with it? I mean, what can you do as the Defense
Commissioner that another FCC commissioner could not do?
Mr. Powell. It is a fair question. It is evolving, to some
degree. But, essentially, what it does is that there has been a
clear recognition that the national security and emergency
preparedness apparatus of the United States in the execution of
their operations have a real-time need for a single point of
contact in the Federal independent regulatory agency simply
because we are the steward of the legal and regulatory regime
that can influence or impede the ability to sort of reach
certain national objectives.
So in large measure, I serve as that single point of
contact at the Federal Communications Commission for that
apparatus. So, in a sense, it is a point of contact role. It is
a coordination role. But there are some limited circumstances
under which, in the execution of continuity of operations
plans, I have some authority to take action on behalf of the
Commission without needing the vote of the full Commission.
If the President--you know, I do not want to go through
them in complete detail in this open forum, but if the
President were to declare a national emergency and execute his
authorities under that regard, there would be certain steps
that I had the authority to take and would not have to call a
meeting and get the majority vote of three of the five.
So that is largely what it has been, and it has been
natural to use that position--that is how I sort of got into
being the principal representative of the Commission on efforts
like this, when the White House is looking for someone who
oversees those sorts of issues.
Senator Bingaman. Thank you, Mr. Chairman.
Chairman Bennett. Thank you. Senator Dodd.
Vice Chairman Dodd. Thank you very much, Mr. Chairman, and
I thank all of you for being here, and Mr. Powell, thank you,
as well, for coming by the office a few weeks ago and bringing
us up to date on your efforts.
I want to sort of pick up on, I think it was the lead
question the chairman had, and this is sort of a theme we are
working through these issues as they come before us. As I said
earlier, there is a tendency, and I think it is true of any
institution, obviously, to try and put the best foot forward in
public hearings like this, and yet I think it is important for
us to also gather information from outside to determine whether
or not we are moving as aggressively and as thoroughly as could
be the case.
In addition to the comments at an earlier hearing that this
committee had in New York that the chairman quoted from one of
the witnesses, and the letter from ITU in London regarding the
response of companies, and we will get to some of those
questions, I suppose, when the industry panel appears, but
Commissioner Powell, I do not know if you are aware or not, but
the Federal Reserve Board Governor Edward Kelly testified in
April to the Senate Commerce Committee here regarding the
telecommunications industry.
He said in that hearing, and I am quoting him here, ``We
are particularly sensitive to telecommunications, an essential
infrastructure element, and our ability to maintain a
satisfactorily high level of financial and business services.
We have been working with our financial institutions and our
telecommunications servicers to find ways to facilitate
preparations that will ensure Y2K readiness. Nonetheless''--
this is the important part of this--``nonetheless, this is an
area that many financial institutions regard as needing
attention.''
Now, I do not know how many of you are aware of Fedspeak,
but let me translate that last sentence in Fedspeak. ``Houston,
we have got a problem,'' is sort of how I would translate that
line, and that is just adding an element to this here. When the
Federal Reserve Board begins to raise concerns and questions--
now, this was April, late April. I wonder if you maybe could
just pick up even further on the comments of the chairman about
this as to sort of where are we in all of this. That is April
28.
Mr. Powell. The first thing I would say is, particularly
with respect to Senator Bennett's suggestion that our comments
are rosy, let me assure you, I do not think it is rosy at all.
What I am confident about is that we have a system and a
process to work. I do not express any rosiness about whether
they will get there, only that I think I have some confidence
that we have the instruments, and some indications of the level
of effort that give one reason to have some confidence that we
may, with the little remaining time, be able to successfully
navigate these waters.
It is not surprising for me to hear the concerns from the
outside community seeming to be at odds with our own. I hear
it, as well. I meet with these groups quite frequently. I have
met often with the banking community, and, indeed, a few weeks
ago spent 3 or 4 hours at the Federal Reserve briefing people
by video on the efforts of the telecommunications industry.
I would offer this, which I think helps understand this.
There are sort of in my mind three levels of concern. The first
kind of concern is concern about telecommunications because you
ought to be. It is a critical infrastructure and that is a kind
of concern that we should have all the way through the date and
long after, because we understand that while the probabilities
may be low, consequences are dramatic and no one can rest with
respect to that concern. I would say that energy and other
critical infrastructures have the same kind of component.
The second kind of concern is concern because you do not
know. Now, what I have tended to find is that what we are
finding with a lot of critical users, like the Federal Reserve
and others, is that the anxiety is not that they see things
that suggest failure, but they are not getting information that
gives them confidence, either. This is the barrier to
information problem.
When I took over these responsibilities in May--that is not
an attempt to hide from what was going on in April--we made it
a critical component of what we thought we could do, is to help
facilitate and improve that level of anxiety, and I can say a
little bit more about that in a minute.
The third level, I think, is that you see and you do not
like what you see. That is, you are beginning to get
information and the information is disturbing.
I think part of the disconnect is that the three of us, at
least, have had a lot more opportunity to see, and what I am
happy to say is that the more I did, while I do find new things
to be concerned, my confidence improves rather than falls. The
key is to make sure that we proselytize that, make sure that
the Fed and other people are getting what they need to have
their own confidence or make their own decisions about what
contingencies. That is a cornerstone of our efforts to try to
fix that problem. We are doing it both through the surveys and
figuring out how to cull information and then disseminate it to
key users.
Our forums have been particularly helpful. When I hold a
forum with the wireline carriers, I have the carriers at the
table, I have the equipment manufacturers at the table, I have
the industry groups that represent them at the table, and I
have major end user groups. I have the Fed. I have had Sears. I
have had UPS. I have had any number of people who can speak to
the problems. And when they are talking right in front of us,
we try to serve as sort of a tough referee to pry out the
problems, and I think legal concerns have been a big part of
why companies have not told their story more fully, and so we
are just trying to work through that.
Vice Chairman Dodd. I think that is a very good analysis of
the three areas of concern. I was pleased to hear you announce
that the chairman of AT&T will be the chairperson of this NRIC
group, but speaking to the very set of issues you just raised
and identified in the three categories: First, because you
ought to; second, because of what you do not know; and third,
because of what you do know, we have 17 months left, about 520
days. This is not a question where we get it done this month,
next month, there is some give. In Washington, typically,
things can be delayed. We are on a real clock here, and,
obviously, things have to happen before January 1, 2000.
Chairman Kennard promised back in April that there would be
the NRIC organization up and moving. It is 3 months, and I am
pleased to hear the announcement today. I do not want to sound
like I am being a nit-picker here, but every day that goes by
gets really problematic. When it takes 3 months to get
something up and going and announce a chairman, it is
disconcerting and maybe fall under that second category or
third category here for me.
I would hope we might get some sense of what the timeframe
is now for NRIC to respond to these and give us some sense of
where this is going and a broader sense of the problem that we
have. Do you have any idea of that at all? Is there a time
table? Have you insisted, or has the Commissioner insisted on
the chairman getting back in a very time certain period with
information?
Mr. Powell. First of all, to clarify some misunderstanding
about that, I am disappointed, too. I have the same sense, that
every day is a day lost and we were probably slower than we
should have to get that operating. But I will say, it was in
operation. The key is that it did not have a chairman, which is
normally a CEO, because the previous chairman had elapsed, but
the NRIC operation has been in effect all of that time and what
we have been doing is making sure that the vast majority of its
mission, which is not exclusively Y2K, it is network
reliability in general, that the vast majority of its mission
was redirected to be exclusively about Y2K.
The other thing that has really been difficult, which has
been part of my challenge, is sometimes there are too many
cooks in the kitchen. NRIC will be important, but it is one of
many, many organizations worrying about telecom. I mean, three
of them are right here and that does not even hardly scratch
the surface. So I would say that there have been a number of
people trying to do monitoring and assessment of the
telecommunication industry from different venues.
To me, when you have an urgent situation in terms of time,
efficiency becomes really important, and what really becomes
important is getting an effort that is relatively coordinated
so people do not ask Bell Atlantic ten times the same question,
that we have some way to bring some efficiency into that
response.
The key to the NRIC effort is not that I am going to turn
the job over to them, and so, in a sense, there is not this,
they will get back to me on this date sort of thing. They are
part of my process which I personally intend to try to drive.
That is, they sit at the table of the Telecommunications Sector
Group. They report back to us. We talk to them almost daily
with respect to the kinds of things that we would hope that we
do. We have already had one significant opening meeting with
their presence this month, earlier this month, and I intend to
put that on an almost monthly update basis in that we will
develop in that group specific taskings with specific times for
responses to them.
But what we do not want to do is drive in and try to quash
really good efforts underway. It would be, in my opinion, not a
good use of NRIC to tell them to buffalo into the Telco Year
2000 Forum and start changing the great efforts that they have
undertaken with respect to testing.
So I hope that is a satisfactory answer to the question,
but I assure you, we are taking that urgency seriously.
Vice Chairman Dodd. At some point, we would like to know
who the lead chef is.
If the chairman would yield for just one question, because
this ties in with this.
Chairman Bennett. Surely.
Vice Chairman Dodd. First of all, I am very heartened by
the good response you have had from a number of companies, and
I had earlier sort of prepared a question to ask you about the
911 issue. In fact, I used the 911 analogy and talked about
what can happen here. For a lot of folks out there, this is a
very personally critically issue. The other stuff we talk
about, financial services will impact them, maybe directly,
maybe indirectly, more likely indirectly. But the 911 issue is
one that has a very direct impact.
You mentioned only about 1 out of 55 wireless companies
that are heavily involved now in this area have responded to
inquiries. I would----
Mr. Powell. Public safety. If I could correct, the public
safety community.
Vice Chairman Dodd. The public safety community. I think it
might be helpful if you could provide this committee with a
list of those companies and we will add that to our group of
companies that we would make in a very public setting here
today, saying you have got a couple of weeks. We are going to
be calling Commissioner Powell back and asking him whether or
not you have responded to these letters, and if you have not, I
am going to add you to that public notice about companies that
are not doing their job in responding to this problem.
So I will make a formal request of you that we have a list
of those companies. We will keep it confidential, I hope, Mr.
Chairman, in the committee----
Chairman Bennett. Yes. Yes.
Vice Chairman Dodd [continuing]. And we will call you back
in a couple of weeks and find out whether or not they have been
more responsive.
Mr. Powell. Absolutely.
Vice Chairman Dodd. And if they have not, I will let you
know today, be prepared to read your names and hear about them
in a very public setting.
I thank the chair.
Chairman Bennett. Thank you. Senator Smith?
Senator Smith. Thank you, Mr. Chairman. I apologize for
being late. I was in the Judiciary Committee giving testimony
on the issue of assisted suicide, which affects my State a
great deal. On the way over here, I was wondering if we are not
in a different context talking about assisted suicide on Y2K.
[The prepared statement of Senator Smith can be found in
the appendix.]
Senator Smith. I apologize if I am plowing old ground, but
with Senator Dodd, I serve on the Foreign Relations Committee
and I am very interested in how well prepared the rest of the
world is. That clearly may affect some political stability
around the world and certainly has an impact on our country. I
wonder, is there an international organization that is helping
on this issue? Are we doing anything to provide that leadership
internationally? Any of you can speak to that.
Mr. Powell. Senator, I can offer a little bit on that.
There are any number of people trying to work on the issue on
the international front, but let me point out what I think are
some of the critical forums.
First of all, there are regional organizations. The
European Union has its own Y2K operation. There are other
regional operations. But the one to my mind that is probably
playing the most critical role and the most umbrella role is
the International Telecommunication Union, which meets
frequently and is part of--it historically is part of an effort
that coordinates international telecommunications generally.
You know, we share spectrum around the world. People have to
figure out how to do that, and so they are a very fundamental
player in that.
That is chaired by an individual named Ron Ball, who is
from Britain, who is an extremely gifted individual and I am
personally very heartened that he is chairing that effort over
others.
They have been engaged in an effort to do monitoring and
assessment much like we do domestically and have sent out a
significant number of surveys around the world to try to get
detailed responses and it is pretty dismal. Senator Bennett was
right in his assessment of how that has gone, and the United
States is a little vulnerable on this, as well, and we are
doing stuff to make sure that gets fixed. So that is part of
their effort.
They have deputized what they call ``Y2K Ambassadors.''
That is, they are individuals or institutions that are
responsible for particular parts of the world, sort of in an
effort to delegate some responsibilities across the board.
The State Department has been engaged in an effort through
state-to-state contacts to raise the profile of the issue
through its ambassadors. I know it has dispatched
communications to the field in that regard.
Indeed, the President raised this as part of the G-8
summit, again, another interaction that was not heartening. We
sat--not me, personally, but the United States sat at that
table with an extensive amount of materials, I think, prepared
to begin working on that issue in a much more serious way. The
vast majority of people had nothing to hand out and barely want
to talk about the problem. There are others. I mean, there are
other forums being put together and being worked on.
One of the things I do is lean heavily on American
companies who I think have the contacts that matter. State-to-
state contact is useful, but the truth to it is, you have got
to talk to Deutsche Telecom. You have got to talk to the
companies. You have got to talk to KDD and NTT and Singapore
Telecommunications. The AT&Ts of the world do that frequently,
and if they are taking the problem seriously, everyone they
interact with should be taking the problem seriously.
As I understand it, for example, a company like British
Telecom begins to now have important contract provisions and an
insistence that we are going to look for new relationships if
you cannot give me some assurances you are working on the
problem.
So that is some of the effort that is underway, but you
point out rightfully what concerns me. Thankfully, in the
United States, for the most part, there are not a ton of things
competing for national attention with regard to this issue. But
when I talked, for example, to the president of Deutsche
Telecom, I said, what about the Year 2000 problem? He said, ``I
have two of them, the euro and this.'' There are an
extraordinary amount of world events that are competing for
attention. One gets concerned about how those priorities are
assessed.
Japan has a ``right now'' problem, and the notion that
they, sort of as a national priority, have this at the top of
this, it worries me that they do not.
Indonesia, significant parts of the world who are critical
to the international payment system, very critical to other
things that we rely on, are sort of in woeful straits in that
regard.
So the bottom line, to tie your comment together with
Senator Dodd's, is that there cannot be an interaction in which
this issue is not raised. I think if any government official or
any private sector individual who has an interaction with a
foreign carrier, foreign government, does not raise Y2K every
time they run into someone, they have made a substantial error.
Senator Smith. Is the United Nations doing anything on
this?
Mr. Powell. I am not personally aware of the extent of the
United Nations' involvement. I thought that I understood, and I
would have to verify that there were some resolutions that
either were passed or were pending, but I am not specifically
aware of it. I do not think the ITU is an element of the United
Nations, or has a component of the United Nations, but I stand
to be corrected on that.
Senator Smith. Does this have any implications for--it
seems apparent to me that it does--for the Aura, that
transition? This is occurring simultaneously with it. I would
think that would greatly complicate their financial system.
Mr. Powell. It is huge. Put simply, it is huge. Next to Y2K
remediation, I cannot imagine a more complex transition than
changing your currency. I have had some discussions with
presidents of foreign carriers and the kinds of things they
have to work through are astonishing, where the commas go in
terms of the bills, what systems have to be reprogrammed, the
training of employees.
I am not one to tell Europe what to do, and in a sense in
this regard, they are way too far down the road, but I think
what everyone needs to do throughout the world is understand
what things are not essential to happen now. This one has to
happen now. You do not have a choice. Other things do not. I
think nations, including this one, need to make some national
priorities about what things can be put on the back burner as
we hit the red zone to make sure that we do not blow this
deadline.
Senator Smith. Thank you, Mr. Chairman.
Chairman Bennett. Thank you, Senator.
I would point out, I have met with Ambassador Kamal, who is
head of the Informatics Committee at the United Nations. He and
I have appeared on common speakers' platforms and we are in
touch with this committee. He has described his relationship to
the United Nations as much the same as my relationship to the
Congress, somebody who is trying to get everybody interested
when they have other things on their minds.
Thank you all. One last comment, Commissioner Powell. With
respect to the announcement you made today of the appointment
of a chairman of this group, I would hope that the group would
formalize some kind of link to the staff of this committee so
that there could be an exchange of information.
This committee is performing, I think, a serious function
in that we are becoming the repository of information. There
does not seem to be any other place where information on Y2K
across the spectrum of industries, States, government agencies,
and so on is accumulating other than this committee, and I
think your group would benefit from that context, and, frankly,
so would we if, in performing this role as the repository of
that information, we had a conduit of connection. So I would
appreciate if it you would take the charge to see to it that
that conduit is created and the opening is made.
Mr. Powell. Senator, I will, and I would also issue a
standing invitation to anyone on the Hill, your staff, in
particular, to ever attend any of these telecommunications
working groups. I would be more than happy to have them there.
We will make sure that they know about them, when they are
occurring.
Chairman Bennett. Thank you. That is very much appreciated
and I am sure someone will attend.
Thank you all. We appreciate your being here.
Chairman Bennett. We will move now to the final panel. We
appreciate this final panel. I have to make an editorial
comment. Those that are worried about the lateness of the hour,
it is unusual on a Friday morning after a recess has started
with no votes on the Senate floor for as many Senators to
attend a committee meeting as have come to this one and as have
stayed. Senator Stevens has told me he is still coming. He has
a number of other pressures on him as chairman of the
Appropriations Committee.
So it is a testimony to the importance of the issue that we
are going as late as we are and that you do not usually get
left solely to the tender mercies of the chairman, that other
members of the committee have shown up and demonstrated an
interest and continued to question. That is why we have gone on
as long as we have.
Our first witness will be Joseph Castellano, president of
Network and Corporate Systems at Bell Atlantic. He is
representing the efforts underway and difficulties facing the
local and long distance common carriers.
He will be followed by Gerry Roth, vice president for
Technology and Systems at GTE, who is representing the TELCO
2000 Forum, an organization of telecommunications companies
established explicitly to focus on testing common carrier
interoperability.
He will be followed by Ramu Potarazu, vice president and
chief information officer of INTELSAT, a leading provider of
commercial communications satellite services.
Our final speaker will be Gary Beach, publisher of CIO
Magazine, a bimonthly publication reaching over 125,000 IT and
business executives.
We will have other telecommunications experts who are
providing statements for the record.
[The prepared statements can be found in the appendix.]
Chairman Bennett. Gentlemen, we appreciate your being here.
I make one comment, highlighting what Commissioner Powell said.
If we are going to get the international problem under some
degree of control, it is going to be more company-to-company
conversations than it is government-to-government
conversations. We are sorry to have to put that big a burden on
you, but the nature of this particular problem simply requires
it. So that is why we are delighted to have you here and
delighted to have the level of interest that your presence here
represents.
Vice Chairman Dodd. Mr. Chairman, just before they start, I
want to thank all of them, as well. I have a flight problem
that is going to cause me to leave, but I wanted to apologize
in advance to the witnesses. It is my fault. We went on with
some of these other panelists a little longer than the chairman
probably anticipated. But I appreciate immensely your presence
here today.
I just would like to pick up on the comment we made
earlier, and this is a group that can really be of help to us
and I suspect, based on Commissioner Powell's response, that we
are not talking about anyone here at this table, in terms of
just keeping communication lines and responding to these
inquiries that come from the FCC.
But if you would use your good offices, particularly you,
Mr. Beach, in having the advantage of reaching a lot of people
out here. how important it is that that information that is
being requested be provided. I have no desire to get into the
business of releasing the lists of companies who are not
responding, but I do not know of any way to get attention. What
I try to do is announce that we are going to do it, give plenty
of time for people to know that I am not doing it today or
tomorrow or next week, but at some point, you are going to
provoke me into saying, look, I will use the bully pulpit of
the U.S. Senate to do so. So I would hope that we might get
that message out to people. It is in their interest. It is in
all of our interest that they respond.
I apologize, Mr. Chairman, but I may not have a chance to
raise that with you by the time you complete your testimony, so
I just wanted to raise it here before we started.
Chairman Bennett. Thank you. We all understand about
airplane problems.
Mr. Castellano.
STATEMENT OF JOSEPH CASTELLANO, PRESIDENT, NETWORK AND
CORPORATE SYSTEMS, BELL ATLANTIC
Mr. Castellano. Good morning, Chairman Bennett and members
of the committee. I appreciate being invited to address you on
the Year 2000 issue. My name is Joseph Castellano and I am the
president of Network and Corporate Systems for the Bell
Atlantic Corp. I am also the officer responsible for leading
the company's Year 2000 program. In that capacity, I chair Bell
Atlantic's Year 2000 steering committee.
Bell Atlantic is a communications and information company
with more than 41 million telephone access lines and 6.7
million wireless customers worldwide. I have been asked to
offer testimony today about the Year 2000 vulnerabilities
facing telecommunications carriers and the legal complexities
of information sharing.
As you are aware, the Year 2000 challenge is to ensure that
information technology accurately processes data into the Year
2000. For the telecommunications industry, this is a
significant challenge and one we must meet in order for our
communications networks and services to continue to perform as
our customers expect. Communications networks are comprised of
a number of computer-controlled network elements which operate
together to allow voice and data to be transported and
switched. Bringing all of these network elements into Year 2000
compliance is the goal of the telecommunications industry.
To understand the vulnerabilities facing our industry, it
is helpful to consider the scope of the effort that is required
in order to insure that carriers' communications networks are
Year 2000-compliant.
In addition to the industry-wide activities discussed by
others here today, each telecommunications carrier must
undertake its own effort to identify Year 2000 concerns in its
operations and to devise a plan to address each concern. The
first step in this effort is to inventory all of the network
elements, information systems, and computers that could
possibly be affected by the century change.
To give the committee an idea of the size of this effort,
Bell Atlantic's inventory includes the following: Over 350
types of network elements which Bell Atlantic has deployed tens
of thousands of times in its network; more than 1,200 software
applications with over 250 million lines of computer code,
which support Bell Atlantic's business processes; approximately
88,000 personal computers, 800 mid-range computers, 40
mainframe computers, and hundreds of supporting software
products; hundreds of unique security access, air conditioning,
elevator control, and similar systems servicing thousands of
buildings, garages, and other facilities.
Once inventoried, each type of network element and computer
in each information system must be assessed to determine if it
is Year 2000-compliant, and if not, when and how it would most
likely fail. Knowing when a component may fail is important
because this will influence the sequence and prioritization for
correcting that component. Because telecommunications carriers
purchase the vast majority of their network elements,
information systems, and computers from others, an extensive
program of equipment vendor communication at this stage and
throughout the process is necessary. The carriers must know
what steps an equipment vendor is taking to make its products
Year 2000-compliant.
Detailed planning follows assessment. In this phase, plans
are developed for the remediation or replacement of each type
of network element and computer and for each information
system. Even components found to be compliant during assessment
will require testing or verification to validate manufacturer-
provided information. For those components evaluated as non-
compliant, we must determine if they should be fixed or
replaced. Detailed plans must include all activities required
to insure that the particular components within a carrier's
network will operate correctly.
The next stage of a Year 2000 plan consists of testing
compliant components, remediating and testing non-compliant
components that will be retained, and replacing those
components that will be retired. This is the stage most
carriers are at currently, and it is by far the most complex.
During this phase, new and remediated network elements,
computers, and information systems are comprehensively tested.
Once network elements, computers, and information systems are
fully tested, they can be deployed. Deployment for most
companies has begun and will continue through early 1999, with
some additional deployment occurring after that.
It is also important for carriers to develop comprehensive
contingency plans. These plans should address actions required
in the event that scheduled activities, such as the replacement
of a particular software application, do not occur on time, as
well as planning for possible failures. A contingency plan
should also include the establishment of internal, industry,
and customer command structures to effectively manage critical
situations.
In general, the performance and integrity of the worldwide
telecommunications network is primarily dependent upon three
factors: First, the performance of the various network
components and software manufactured by numerous equipment
vendors; second, the integration of these network components by
telecommunications carriers within their networks; and third,
the interoperability of the separate networks owned and managed
by numerous telecommunication carriers throughout the world and
their customers.
If an equipment vendor is not able to provide functional
Year 2000-compliant replacements or upgrades, that failure will
likely have a material adverse impact on the carrier's Year
2000 efforts. Likewise, if the carrier fails to properly
address its Year 2000 issues and a service disruption occurs,
not only will that carrier's customers be affected, any
interconnecting network operated by another carrier might also
feel consequences.
Given this interdependency, it is critical that each
equipment vendor and each carrier properly address its own Year
2000 issues and that equipment vendors and carriers work
cooperatively to ensure a seamless, uninterrupted operation of
the global network. Information sharing among carriers and
between carriers and their equipment vendors is, therefore,
essential in the successful implementation of any Year 2000
plan. Likewise, information sharing between carriers and their
customers is equally critical to enable customers to understand
and address their Year 2000 requirements.
This is an area in which government can help private
industry. Our experience has been that liability concerns have
had an adverse impact on the free exchanges of Year 2000-
related information among businesses. These concerns affect not
only the level or content of disclosure, but also the timing of
the information exchange.
Given the compelling need to share Year 2000 information
within the telecommunications industry, legislative action is
needed to reduce liability concerns among companies. That is
why we support legislation such as the proposed Year 2000
Information Disclosure Act to facilitate a more open and timely
disclosure of Year 2000 information, and we urge the members of
this committee to support its passage, as well.
In addition, Federal and State regulatory agencies are in
the process of gathering as much information as possible from
the entities within their jurisdiction in an effort to
understand the issues, problems, and progress on Year 2000
matters. While we applaud and encourage these efforts, we
believe that consideration should be given to the development
of a more uniform approach to information gathering from the
telecommunications industry. Such a uniform approach to
information gathering would improve the usefulness of the
information provided and minimize the impact of these requests
on personnel working to address the Year 2000 problem.
I thank the committee for allowing me to address the Year
2000 issues facing the telecommunications industry and I stand
prepared to answer any questions the members of the committee
may have.
Chairman Bennett. Thank you very much.
[The prepared statement of Mr. Castellano can be found in
the appendix.]
Chairman Bennett. Mr. Roth, we thank you and appreciate
your being here.
STATEMENT OF A. GERARD ROTH, VICE PRESIDENT, TECHNOLOGY AND
SYSTEMS, GTE, ON BEHALF OF THE TELCO YEAR 2000 FORUM
Mr. Roth. Thank you, Senator. Chairman Bennett, members of
the committee, my name is Gerry Roth. I am responsible for
GTE's Year 2000 program, but today, I am here to represent the
Year 2000 TELCO Forum. We have submitted a written testimony,
but with your permission and in the interest of time, I would
like to summarize those remarks, sir.
Chairman Bennett. By all means.
Mr. Roth. The TELCO Forum is a voluntary, self-funded group
formally established in 1997 to address Year 2000 issues
potentially impacting the telephone industry. Its membership
consists of Ameritech, Bell Atlantic, Bell South, Cincinnati
Bell, GTE, SBC, Southern New England Telephone, and U.S. West.
Additionally, AT&T, Worldcom/MCI, Sprint, and USTA have been
invited to participate as full or supporting members.
The Year 2000 Forum is chartered by the Council of
Telephone Company CIO's to address the potential impact of the
Year 2000 on the telecommunications industry. Major priorities
for 1998 and 1999 include information and best practices
sharing in all areas of Y2K, network interoperability testing
for Y2K compliance, and contingency planning, to include
command structure planning for network coordination efforts
across our industry.
The TELCO Year 2000 Forum initiated a concept for
interoperability testing with three important goals: First, to
minimize the risk of network failures; second, to minimize the
risk of service failures; and third, to ensure functionality of
date-and time-sensitive operations is not adversely affected by
Year 2000. This intranetwork interoperability component testing
includes tests of robust interactions between network elements,
data transport systems, operational support systems, and the
network elements that they support.
Our service cluster approach includes testing essential
features of the public switch network, such as the public
safety and emergency services systems, such as E-911, basic
enhanced and intelligent network services, network management
systems, and data network services.
Some of the characteristics of our testing include 16
separate configurations for network element and data testing
and 40 separate network management configurations which span
all service clusters. Testing is being conducted in five
separate laboratories established across the United States in
members' facilities, using 82 common communications products
from 21 suppliers. This equipment comprises the major
components of the standard North American suite of equipment
and systems in use in the public switch network. In addition,
four members have compiled and assessed product information on
93 other vendors with 470 separate products.
Information sharing is certainly an extremely important
issue for the Forum and for the public, as we have heard here
today. It has always been the intention of the TELCO Forum to
make available the scope, the plans, and the outcome of our
Year 2000 testing. As the committee is aware, several issues
remain unanswered about either the advisability or the
appropriateness of some aspects of this general information
sharing. Nevertheless the Forum will continue to make this
information available to the maximum extent possible in light
of those issues.
Our network interoperability testing began on July 6 with
operational support systems and network element management
testing. This was followed on July 13 with the start of testing
for data transport systems. Network element testing is planned
to begin the first week of August. All testing to date has been
successfully executed and testing is proceeding according to
schedule. Test completion is planned in December 1998, with a
final report being submitted on the first week of January 1999.
In an affiliated activity, the Forum is actively working to
establish a plan for interoperability testing with a similar
Canadian Year 2000 Forum, and we have begun discussions with
the ITU concerning international interoperability test support.
I would like to spend a minute to discuss the relationship
of these network testing activities that you have heard about.
In previous testimony, you heard discussions of at least two
major related Y2K interoperability test activities, the TELCO
Year 2000 Forum and the Alliance for Telecommunications
Industry Solutions, or ATIS. Although these groups operate
independently, all members of the TELCO Year 2000 Forum are
members of ATIS. The co-chair of the ATIS network test
committee is also in the Year 2000 Forum. And the Forum will be
represented in the ATIS network test committee as a separate
entity. Year 2000 test planning for both the TELCO Forum and
ATIS are intentionally complimentary.
After each company and/or supplier has completed Year 2000
remediation and tested at that level, the next step is to test
component interoperability between companies and products. The
last leg of that testing, then, is network interoperability
testing, which stresses network features and services in an
operational test environment.
The TELCO Year 2000 Forum testing, the intranetwork
testing, is being conducted in late 1998. This is the first leg
of testing which assesses network component interoperability,
basically answering the question, ``Do the major network
support and management elements continue to operate
appropriately among and between carriers in a Year 2000
environment?'' An example of this is the 800 number data base
support services.
This is then followed by the ATIS testing, or the
internetwork testing, in early 1999. Internetwork testing will
assess network interoperability with respect to service and
operations once component interoperability has been
demonstrated. This testing deals with such issues as potential
network congestion on December, 31 1999, or January 1, 2000,
time zone transition issues, Year 2000 impacts on local number
portability enhancements, voice and data transmission between
local and interexchange carriers, and real-time network
management and control.
We have often been asked about our concerns about
interoperability, which is a expressed concern of this
committee. We have every reason to believe that the U.S. public
switch network will continue to operate with no major service
disruptions due to the Year 2000. However, full international
interoperability is of concern due to many late starts and the
uncertain program status in many countries.
The Year 2000 brings a unique and unprecedented potential
for network stresses for several reasons. The anticipated
increases in call volume crossing multiple time zones,
increased international telecommunications interactions to
usher in the new millennium, and then, due to the high profile
of the Year 2000 as both a technology challenge and a new
millennium, network security concerns will also be at peak
because everyone out there is not just ``calling to say they
love you.''
Any Year 2000 glitch which may appear at this otherwise
teeming confluence of unique events would certainly exacerbate
any performance issues.
We have been asked by Congress and others, what could
others do to help our efforts, and some suggestions would
include support of good Samaritan legislation, such as the Year
2000 Information Disclosure Act; work to remove the specter of
antitrust claims against companies which cooperate in good
faith on Year 2000 remediation; continued awareness campaigns
through hearings like this; work to support efforts to enhance
international interoperability; and finally, work with other
government agencies to consolidate queries and streamline
information sharing to prevent unessential duplication of
effort.
In conclusion, the members of the TELCO 2000 Forum believe
that this cooperative, voluntary testing effort will go a long
way toward removing public anxiety over the Year 2000 status of
the public switch network in the United States. Despite the
fact that the live network cannot be 100 percent tested in
advance of the Year 2000, we believe our individual and
collective actions in Year 2000 remediation and subsequent
tests and validation provide a basis for sustaining public
confidence that the telephone and data networks will continue
to operate in the Year 2000 and will continue to provide the
outstanding services we have come to expect.
Mr. Chairman, I thank you for this opportunity to testify
on behalf of the Year 2000 Forum.
Chairman Bennett. Thank you very much.
[The prepared statement of Mr. Roth can be found in the
appendix.]
Chairman Bennett. Mr. Potarazu.
STATEMENT OF RAMU POTARAZU, VICE PRESIDENT AND CHIEF
INFORMATION OFFICER, INTELSAT
Mr. Potarazu. Good morning, Mr. Chairman, members of the
committee. My name is Ramu Potarazu. I am the Vice President
and Chief Information Officer of INTELSAT, the international
telecommunications satellite organization.
I appreciate the opportunity to testify before you today on
the important issues raised by Year 2000. I also wish to thank
Chairman Bennett and the committee for your leadership in
addressing such a complex and global problem.
This morning, I will concentrate on what INTELSAT is doing
to address the Year 2000 issues. In fact, we calculate that we
have 370 business days left before the Year 2000 is upon us.
Let me begin with a brief history of INTELSAT. INTELSAT was
established in 1964 as a global commercial cooperative on the
initiative of the United States. INTELSAT's main mission is to
provide the space segment for public satellite communications
services throughout the world on a non-discriminatory basis.
Today, INTELSAT has 143 member countries and connects virtually
every country and territory in the world. INTELSAT provides
international, domestic, and regional satellite communications,
services such as telephone, television, Internet, and data.
INTELSAT began its official Year 2000 program several years
ago to make sure that we are ready for this challenge. In
preparation for today's hearing I was asked to address several
specific questions. The first question asked was, how does the
Year 2000 problem affect satellite communications? I would like
to spend a few moments to explain the four basic elements of
the INTELSAT global system.
The first part is the satellites. Behind Senator Bingaman
is a picture of a satellite located 23,000 miles above the
equator in geosynchronous orbit. INTELSAT maintains a fleet of
satellites in geosynchronous orbit which together provide
global coverage, meaning we reach every person in the world.
The second part is the INTELSAT control system which is
pictured to the chairman's right. The satellite control
facility allows us to control and monitor our satellites, parts
of which are located throughout the world.
The third part is the customers' earth stations, consisting
of satellite dishes and other equipment.
The fourth part is essentially our entire user community--
the local phone companies, broadcasters, business networks,
Internet service providers, and other end users.
I will first explain what INTELSAT is doing with the
satellites. Our satellite manufacturers have advised us that
there are no known Year 2000 problems on our satellites.
typically, a communications satellite does not use a time and a
date. It uses a satellite reference, what we commonly refer to
as satellite local time. This is a reference to the sun, and
when there is a reference to the sun, there is usually no
reference to a specific year.
INTELSAT's own analysis and testing will seek to confirm
this information. At this time, however, we believe that our
INTELSAT satellites have no Year 2000 issues, but satellites
are only one piece of the INTELSAT system.
For the INTELSAT control system, which are the systems that
allow us to control and monitor our satellites, we have adopted
a five-step approach to resolving our Year 2000 issues.
The first step is the preliminary assessment phase, where
inventory for software and hardware is done.
The second step is the analysis and plan phase where the
inventory is analyzed and a remediation plan is established.
The third step is the remediation phase, where the actual
hardware and software is fixed.
The fourth phase is the test phase. As stated earlier by
Senator Dodd, this phase is the most difficult. At INTELSAT, we
are not a 9-to-5 business. We are a global business that must
serve the world 24 hours per day, 365 days per year. We simply
cannot shut down our daily operations to test hardware and
software. Therefore, new test facilities have to be set up in
temporary locations. We are currently preparing to conduct such
tests as soon as the software remediation is complete.
The fifth and final phase is the deployment phase, where
systems are put into production and operation. INTELSAT's Year
2000 program has primarily focused on our ground systems that
fly, command, control, and monitor our satellites.
Now let me turn to your next question. What are INTELSAT's
concerns about international communications? This, quite
frankly, is INTELSAT's biggest concern and is the one that is
mostly out of our control. The customer satellite dishes and
the local phone companies, broadcasters, business networks, and
other end users are the biggest challenge in addressing the
Year 2000 issue. Because these entities are out of our control,
our emphasis has been on education. Many of the customer
stations throughout the world have several hundred pieces of
computer equipment from various manufacturers that control
their ability to send and receive telecommunications
information.
For example, if the antenna control unit fails at the
customer location, this failure could cause complete loss of
pointing to the INTELSAT satellites by the antenna, and no
information could be sent or received, even though INTELSAT's
portion of the communications link is compliant.
Perhaps I can use an illustration to demonstrate INTELSAT's
concern and those raised earlier by the chairman about Year
2000 issues affecting international satellite communications. A
significant percentage of INTELSAT's international traffic is
two-way communication links that use an INTELSAT satellite
between country A and country B. Suppose country A's ground
network is Year 2000-compliant. INTELSAT, being the supply
chain in the middle, is also compliant. And suppose further
that country B's ground network is not Year 2000-compliant. The
result is that you have a failure of the complete chain. This
is why INTELSAT has some concerns about the Year 2000
compliance of all international communications.
To this end, INTELSAT has been proactive in working with
our customers and our owners and other international
organizations to exchange and gather information relevant to
Year 2000 issues. INTELSAT has also teamed up with the World
Bank and the International Telecommunication Union on several
initiatives to promote the awareness of the Year 2000 problem
throughout the world via seminars and the use of INTELSAT
capacity on a no-charge basis for promotion of the Year 2000
issues.
In closing, INTELSAT has a plan in place to address the
INTELSAT satellites and the INTELSAT control systems. We are
confident that we will be ready in the new millennium. Our main
concern is with our customers' satellite dishes and all of the
business entities at both ends of the supply chain. It is
important that we all continue our education efforts in this
area throughout the world.
We need the ability to share information relating to the
Year 2000 issue. We urge the administration and Congress to
work together to allow us to share information more freely so
that the Year 2000 problem can be resolved in an expeditious
manner. Thank you very much.
Chairman Bennett. Thank you.
[The prepared statement of Mr. Potarazu can be found in the
appendix.]
Chairman Bennett. Mr. Beach, you get to be the clean-up
hitter here.
Mr. Beach. I hope I can hit a home run.
Chairman Bennett. Please do.
Mr. Beach. No pressure here. [Laughter.]
STATEMENT OF GARY BEACH, PUBLISHER, CIO MAGAZINE
Mr. Beach. Mr. Chairman, Senator Bingaman, my name is Gary
Beach. I am publisher of CIO magazine, a magazine written for
chief information officers who are responsible for building the
largest information technology infrastructures here in America.
These are the people, Mr. Chairman, that you were mentioning
who are responsible for the company-to-company communication
that is going on.
I feel a special akin to the Year 2000 problem, having been
publisher of Computer World in September 1993, when Peter
Deyager wrote the famous article that brought this problem to
many people's attention. While I was not as smart as Peter to
become a consultant back at that time on Year 2000, my
conversations with users and chief executive officers of
several large telecommunications companies this spring led me
on June 15 to the write the following in the pages of CIO.
``The Year 2000 safety net for the telecommunications
industry, our nation's backbone for voice, data, and Internet
transmission, is nonexistent, will never be built, and as such,
presents the global economy with its most significant Year 2000
problem.''
I would paraphrase Senator Dodd's comments of a moment ago,
``Houston, no, you do not have a problem. Planet Earth, we have
a problem.''
Here is why I feel this way. It has been an incredible 3
years for users in large, medium, and small companies. At once,
the most diligent of them have addressed the Year 2000 problem,
but as we said earlier this morning, some of that testing will
be done erroneously.
On top of that, an issue that we have not talked about
today at all that is compounding not only the time problem is
the labor problem. Here in America and around the world, we
have a critical shortage of information technology workers, men
and women who could address this issue.
At the same time in the last 3 years, another technology
phenomena, the World Wide Web, has expanded the dependence of
companies on telecommunications, linking customers, partners,
and suppliers in global networks.
Mr. Chairman, have you ever played dominoes? No? Well, one
of my favorite games of dominoes, not particularly the game but
setting them all up and hitting that first domino and watching
them all fall down, the single effect theory.
As you were mentioning aptly this morning, we live in a
system of systems, an interdependent world, and we have seen
examples of how a single event can impact us all. Just in the
last year, the UPS strike crippled many in the industry. In the
spring, the PanAm satellite interrupted pager transmission. And
just this week, we saw the conclusion of the General Motors
strike, in which a single event in Flint brought that company
to its knees.
The major fear of CIO's is this. While they may be
compliant with Year 2000, their partners, their suppliers,
their customers, all linked in this food chain, may not be and
their non-compliance could in that domino effect impact their
company.
Some companies have extraordinarily large food chains.
General Motors, the company I just mentioned, has 35,000
partners. Again, as Senator Dodd was talking about this morning
with Judith List, it is my opinion some of those 35,000
partners will be Year 2000 functional, some will be Year 2000-
compliant, and many will be Year 2000 dysfunctional.
As Commissioner Powell talked about in terms of the
legality issues, this is an incredible challenge, preventing
many companies from fully declaring their Year 2000
operability. As several members of this panel and before have
aired, I strongly support the administration and the
Congressional efforts to get the Year 2000 Information
Disclosure Act passed and passed fast.
CIO's express a particular concern, and we have heard this
morning Senator Collins and others, about small companies.
There are 23 million small companies in America. Wells Fargo
Bank just this week released a report where they interviewed
500 small companies, those who have 100 or fewer employees, and
found 50 percent are planning to ignore the Year 2000 entirely.
We have talked about the global issues. The World Bank in
March of 1998 released the results of a survey it did among 128
borrowing nations. Seventy-one percent did not even know what
the Year 2000 problem was.
The telecommunications industry in America, while many are
familiar with the names on this panel, is really made up of
many, many small companies. The United States Telephone
Association has 1,100 members. There are 4,500 members, as you
mentioned earlier, Mr. Chairman, who are Internet service
providers. I am concerned about the readiness of this sector of
the telecommunications industry.
While the United States Telephone Association does a fine
job managing its members, last evening, I went on their website
and I challenge anybody to go on that website and find right up
front information about the Year 2000.
ISP's, Internet service providers, who is even monitoring
them?
So, in essence, the telecommunications industry faces what
I call a great paradox. If the system works as advertised, as
we have heard here this morning, then the global infrastructure
will act as a massive conduit, spreading Year 2000 problems,
not theirs, but from partners and suppliers in their
information food chains. If it does not work, we all know where
that is going to lead.
I have several recommendations. First, I would encourage
this committee to raise the awareness of the Year 2000
challenge with small independent telephone companies and small
internet service providers while abating the potential for
panic.
Second, I would encourage all sectors of the
telecommunications industry to follow the example of the TELCO
Year 2000 Forum and expand their efforts as they have in an
invitation to long distance carriers, competitive LEC's, et
cetera. This is critical.
Third, I would encourage Commissioner Powell and the FCC to
put enforceable Year 2000 compliance policies in place
immediately for all groups it monitors, plus hold the chief
executive officers and board directors of those companies
personally responsible for Year 2000 compliance statements they
share and file with the FCC. We need an independent
verification process.
Fourth, I would recommend that the FCC impose immediate
moratorium on telecommunications mergers and acquisitions. Why?
The FCC needs to focus its finite resources on issues of
national, not corporate, interest.
Fifth, I would consider the formation of a Year 2000
information center across America to inform consumers not only
of the likely impacts on communications but the services they
will purchase from banks and utilities. CIO magazine surveyed
in May 400 households. Four out of ten Americans are totally
unaware of the Year 2000 problem.
Sixth, I would mobilize millions of Americans to join a
grassroots volunteer effort to help solve the problem. That
same survey found 45 percent of Americans willing to serve if
asked. I applaud the President for his efforts on July 14 to
encourage retired Federal workers to come back, but more could
be done. Possibly, we could follow the example of President
Roosevelt and create a digital Civilian Conservation Corps.
I would challenge the telecommunications industry to report
back to this committee with in-depth contingency plans on what
happens if the network goes down, particularly in rural parts
of America.
I would encourage you, Mr. Chairman, to talk to Ambassador
Kamal, who headed the Informatics Committee, and possibly have
a summit at the United Nations this fall.
So my basic report is this. I am concerned. I am close to
this issue. When someone asked me the other day, what am I
going to do with my money, I do not know, but we all have to
work on this together. We should prepare for the worst, pray
for the best, and hope between now and the Year 2000,
everything we do can bolster those dominoes so when one of them
falls, and one of them is going to fall, all the rest do not
fall. Thank you.
Chairman Bennett. Thank you very much.
[The prepared statement of Mr. Beach can be found in the
appendix.]
Chairman Bennett. I gather from your presentation, Mr.
Beach, that you agree with my concern that things as presented
earlier were a little too rosy. Is that an understatement of
where you are?
Mr. Beach. No, that is an affirmative.
Chairman Bennett. Thank you. Given the hour, I have a whole
series of things I want to get into, but let me focus on just a
few.
You have all talked about the need for legislation. Senator
Dodd and I have introduced by request the administration's bill
as it was presented to us. For those of you who are not
following the committee's activities, I will tell you that I
have given the assignment to work on this legislation to
Senator Kyl. Senator Kyl is chairman of the Subcommittee on
Technology in the Judiciary Committee, so there is a nice fit
here. Since this committee has no legislative authority, the
committee with legislative jurisdiction probably would be the
Judiciary Committee and Senator Kyl is going to work with his
staff, the Judiciary Committee staff, and our committee staff
through August to try to have something for us to consider in
September.
I am convinced that it must be passed in this session of
Congress, that we cannot wait until next Year on this one. We
are trying to draft a careful bill. We will use the
administration draft as a beginning point, but we have had a
number of people say that the administration draft is
inadequate in a variety of ways and we will do our best to try
to see to it that it gets improved.
I would like you briefly to comment what you would see life
like a Year from now, in, say, summer of the Year 1999, if this
legislation is passed. What do you see the impact of this
producing in the next 12 months? Mr. Beach?
Mr. Beach. I would just like to comment that while I
support the legislation and the goals of it, it can be
difficult to have companies share best practices, particularly
in a very competitive environment. So I would only caution. I
applaud the goals and the spirit of the law. In reality,
companies may not share as much as they should.
Chairman Bennett. Does anyone else have a comment,
specifically on the President's legislation, because you have
not seen the draft that we will inevitably come up with?
Mr. Castellano. Chairman Bennett, I think that as a result
of the legislation, we will see a better flow of information
between suppliers and customers at all levels. I think that is
very important to address some of the comments that were made
earlier about the concerns people have about not knowing what
the status of things are and I think the legislation would
improve that tremendously. Also in the working relationships
between the various firms, it would facilitate coming to
conclusions on how to fix the problem.
Chairman Bennett. Senator Bingaman, you have a strong
interest in this. We will go to you now and I will reserve the
balance of my time.
Senator Bingaman. Thank you, Mr. Chairman. It seems to me
we have got sort of two schools of thought presented today. Mr.
Beach may represent one of those.
I noticed in the testimony that Ms. Fountaine gave us from
the National Communications System, she says here, ``In
implementing special national security emergency preparedness
capabilities in the public network, we chose the major
interexchange service providers, as well as the primary local
exchange companies.'' It says, ``We believe, based on the
information they gave us, we believe that there will be little
or no interruption of service from these major service
providers due to the Year 2000.'' I would be interested in Mr.
Castellano's view as to whether he agrees with that.
Mr. Castellano. I actually do, because we have been working
very diligently, all of us, for several Years now and doing all
of the steps that you need to do in order to be prepared, and I
think we have reached the point where we are starting to feel
confident that our own networks within individual companies
will be ready and ready, willing, to begin the testing process
between the networks to make sure they will be ready.
We feel for the most part that most of the problem will
take place, if it takes place at all, towards the later half of
next Year. We are aiming to be ready in the second quarter and
we think we have some contingency time to do additional testing
before the actual date. So I think our level of confidence with
the major carriers is pretty high.
Senator Bingaman. Now, when you say the major carriers, one
of the statistics we heard earlier was that 98 percent of the
communication traffic is carried by the major carriers,
something over 98 percent. Is that what you are talking about?
You are saying that 98 percent of the communications traffic
that we have, at least in this country, should not be
interrupted, based on your assessment?
Mr. Castellano. I think that is a pretty good assessment.
It may be more than 98 percent, but I think there is less
certainty about the rest at this point in time, based on the
conversation we have had today.
Senator Bingaman. Does anybody on the panel want to dispute
that?
Mr. Beach. I will not dispute it, Senator, but I will
comment that I support broad-based interoperability testing. I
would only comment that the logistics of creating a broad-based
test that replicate exactly what happened in our lives day in
and day out in America is extraordinarily difficult, and just
leave with the thought that we really have until this time next
Year to control possible public panic about this issue. We
asked those same people in the survey questions, and this time,
in the summer of 1999, if it becomes apparent that this problem
is not solved, there is a possibility for public concern, and
``panic'' is not too strong a word.
Senator Bingaman. Let me also just ask, Mr. Potarazu, your
testimony says, ``At this time, we do not believe that the
INTELSAT satellites have any Year 2000 issues.'' So if we do
not have any problem with the telecommunications
infrastructure, at least 98 percent of it, and we do not have
any problem with INTELSAT satellites, are there communication
satellites that are not INTELSAT satellites that you believe
will be affected by this, or are you speaking generally of
communications-related satellites?
Mr. Potarazu. My comments specifically addressed INTELSAT
satellites. We have three manufacturers that build our
satellites, Hughes Space and Communications Co., Space Systems/
Loral, and Lockheed Martin. Other international satellite
companies may have different vendors, but with the three
vendors which manufacture INTELSAT's satellites, we have
assurances that our satellites are compliant.
Senator Bingaman. But there is no reason to believe that
they would be making Y2K-compliant satellites or satellites
that are not affected by this problem for you and making
satellites that are effective on this problem for others, is
there? Just those three?
Mr. Potarazu. With those three, that is correct. We do not
believe so. The satellite manufacturer's have advised INTELSAT
that they know of no Year 2000 problems with our satellites.
Senator Bingaman. And those are the three major U.S.
manufacturers?
Mr. Potarazu. In the United States, correct.
Senator Bingaman. Are we down to trying to figure out the
extent to which the small telecos are going to create a problem
for the rest of the system here, the less than 2 percent of
traffic that goes over these 1,200 or so small companies? Is
that where the effort ought to be concentrated, Mr. Castellano,
and if so, what is being done to bring them up to speed?
Mr. Castellano. At the present time, I agree with that, and
I also think the international carriers should also be included
in that statement. I think the next step is for those of us who
have been in ATIS or part of the TELCO Forum. We are going to
try to reach out to those companies and have them be involved
in our activities. I think that would be the next step.
Frankly, we have not paid them a great deal of attention.
We have been very involved with our own issues, trying to get
to the point where we can say, yes, you were competent about
our own efforts, but I think it is now time for us to try to
help the others to get ready, as well.
Senator Bingaman. Is there a plan to do that in place? I
mean, as you move into the fall and the rest of this summer, is
there a plan to get information out to these folks and bring
them in and share what you have learned with them?
Mr. Castellano. Well, we are at the beginning of that. Last
week, we had a meeting and we discussed the possibility of
describing how we would work with others and writing a white
paper on that issue as part of the next step in our activities,
at the TELCO Forum meeting.
Senator Bingaman. That is very useful. Thank you very much,
Mr. Chairman. I appreciate it.
Chairman Bennett. Thank you.
Mr. Beach, you have raised an interesting question that,
frankly, had not occurred to me before, but it is obvious once
it is laid out. You call it the great paradox in your prepared
statement. You say, let us say the telecom industry's Y2K
remedial efforts are 100 percent compliant, not a likely
outcome, and the system works as advertised. The
telecommunications infrastructure then becomes a powerful
conduit for spreading Y2K problems.
Mr. Beach. Yes.
Chairman Bennett. That is an interesting paradox.
Let me go back to the statistic we had at the beginning of
the hearing, which says, statistically, every time you fix 4.5
lines of code, you introduce an error into the system. Mr.
Beach, as you look at that, do you have any sense of how big a
problem that is going to be, to find those errors, or in the
spirit of what you said here, a powerful conduit for spreading
problems. Are those part of the errors that will be spread?
Mr. Beach. Yes and yes. I mean, one of the problems, Mr.
Chairman, is that information technology workers, once they
have felt they have scrubbed a line of code, there is a
perception that that has been done correctly and they have
moved on to others. Some companies have 800 million lines of
code to create.
What I would also like to comment on is I believe Judith
List talked about this morning rather well, and it is the
latency factor of the ability of a telecommunications network
to spread these problems, whether they are billing problems or
what have you. We are all preparing for January 1, 2000, which
might even be before that, but there is a possibility that
latent Year 2000 problems could be much like digital microbes
that are invisible.
Deputy Secretary Hamre from the Department of Defense
recently said, on the Year 2000, if the computers go down, it
is not fine, but at least he knows where the problem is. A
bigger problem for him, and, I argue, a bigger problem for
users is if the system continues to work. I mean, if Ramu sends
a satellite off and it is only one degree off, over time, that
one degree becomes a huge gap.
Chairman Bennett. You are going in the direction that I was
going. I am beginning to realize that the life of this
committee may extend far beyond January of 2000, not because I
want to empire-build but because the problems are going to be
there. We have seen that in testing, and I am going to end the
hearing with this comment about testing and our experience and
what we have seen in the committee and, hopefully, through this
group, send a message to the telecommunications industry.
The military has done some testing. They found several
things. The most disquieting one is that a majority of things
that have been certified as Y2K-compliant on subsequent testing
have been found not to be, and they have had to go back again.
The second is that the problems, as indicated in this last
exchange, are cumulative. Something is compliant on January 1.
It is functional on January 2. The degradation in its function
begins to accumulate and it fails in February or March, and you
find in the meantime that it may very well have been putting
bad data into the database during the time it appeared to be
functional.
We are not going to really know whether the
telecommunications system has gotten by the millennium bug if
all the phones have dial tones and everything is going through
on the second of January. We may very well have problems that
come along and bite us and bite us badly in the middle of
January or February or later on, and finding the source of
those is going to be much more difficult than finding the
original problems when you do the first remediation.
I am seeing some nods. Is that a fair characterization of
the problem that we have?
Mr. Roth. Absolutely.
Chairman Bennett. Finally, we have the experience of last
week's hearing. Last week, I had to do what Senator Dodd has
had to do. I had to leave. I left him the gavel. At the end of
the hearing, someone was called out of the audience who was not
scheduled to be one of the witnesses but was connected with one
of the witnesses who described the experience of standing there
in a hospital holding in his hand the letter of certification
from a manufacturer that a piece of equipment was Y2K-
functional and watching it fail as the clock was set ahead to
the Year 2000. If the hospital had depended upon the
manufacturer's certification that everything was fine, someone
would have died.
The witness, as I understand it, described several such
circumstances, and one of the most frustrating ones, a piece of
equipment where, when the clock was turned forward to the Year
2000, failed, would not recover when the clock was back off. By
merely testing the piece of equipment, they ruined it, which
raises another specter that I have heard about and we will hear
about in subsequent hearings of the company that tried to set
its clock forward to test and discovered that the failure that
occurred in that instance was wiping out all the passwords. As
a consequence, their database was rendered inoperable by virtue
of the test because they could not get in it, and the passwords
had all been deleted by the Year 2000 problem.
So my conclusion here, which I am leaving everyone who may
be watching, either in the overflow room or on television or
the journalists taking things down or those of you representing
various industries, we cannot depend on the first test or the
first certification or the first comfort letter that we get
from a manufacturer or somebody looking at this. The testing
has got to be extensive, it has got to be continuous, and it
has got to extend beyond the Year 2000 because we absolutely
cannot allow the telecommunications systems to fail, or
everything else goes under.
I appreciate the reassurances that we have gotten, but I
also appreciate the warnings that we have had that those
reassurances need to be checked and rechecked and then checked
again before we can take them at face value.
My thanks to all of the members of the committee. To all of
the witnesses, thank you for your patience. The hearing is
adjourned.
[Whereupon, at 12:30 p.m., the committee was adjourned.]
A P P E N D I X
------
ALPHABETICAL LISTING AND MATERIAL SUBMITTED
------
Prepared Statement of Gary Beach
My name is Gary Beach. I am publisher of CIO, a magazine written
for chief information of officers--men and women who build and manage
our nation's information technology infrastructure. These executives
work in major corporations and in many government agencies nationwide.
The subject of my testimony is ``Industry Concerns about the
Preparedness of the Telecommunications Industry As It Faces the Year
2000 Challenge.'' My perspective comes from 17 years in the information
technology publishing business and from private discussions about the
Year 2000 with CIO's and other technology and business executives.
No one today can dispute that we live in a globally interconnected,
interdependent information society--an information society increasingly
built on fragile supply chains. To give you a sense of the intricacy of
this interconnectedness, consider these examples. Last year the United
Parcel Service strike crippled many segments of the U.S. economy. This
spring a single satellite malfunction caused millions of pagers to go
down. A strike at a plant in Michigan disrupted the entire North
American operations of General Motors.
Despite the calamity described in the above examples, our societal
web of supply chains has shown the ability to take a hit in one place
and maneuver resources from another locale to recover. But never has
society in general or the telecommunications industry specifically
faced the daunting, hard-stop challenge posed by the Year 2000 problem.
In the past two months many witnesses have come before this committee
professing their industry or their company will be Year 2000 compliant.
My conversations with chief information officers and key executives of
long distance and regional telephone companies have convinced me those
claims of compliance may be based more on hope than on actual fact.
This should not come as a surprise as we've never faced such a daunting
challenge. True, the telecommunications industry has been working on
Y2K compliance. Many have devoted efforts to the problem since the mid-
1990's. At the same time, however, use of another technology, the World
Wide Web, skyrocketed and millions of corporations have extended their
internal information technology networks to external partners,
suppliers, customers, yes, even competitors. Sears, for example, has
5,000 suppliers linked to its information infrastructure. Chief
information officers are concerned that regardless of what they've done
to make their own systems compliant, they may still fall victim to
their connected partners' problems. And partner failures could have
devastating economic results for a company no matter what it has done
to become Y2K compliant.
This scenario presents the telecommunications industry with what I
call the ``The Great Paradox.'' Let's say the telecom industry's Y2K
remedial efforts are 100 percent compliant--not a likely outcome--and
the system works as advertised. The telecommunications infrastructure
then becomes a powerful conduit for spreading Y2K problems. Technical
problems will be passed down the information technology (IT) food chain
as quickly as telephone connections occur. On the other hand, if the
telecommunications system experiences significant Y2K problems, not
only businesses but lives could be lost. Think about how much we depend
on 9-1-1 for example. What if it doesn't work when we punch in those
numbers?
Of particular concern is the Y2K readiness of the 23 million small
businesses in America. And why should we all care? Because small
businesses may not have the fiscal or human resources or the know-how
to address Y2K. In a survey of 500 American businesses that employ 100
or fewer people, Wells Fargo Bank reported earlier this month that an
incredible 50 percent of respondents plan to ignore Y2K issues
entirely. The 23 million small businesses in America employ more
Americans than any other sector by far. If the Wells Fargo Bank survey
is accurate, many of America's small businesses will not be Y2K
compliant, many will suffer Y2K disruptions, and some may go out of
business causing our nation's unemployment rate to rise.
Why my concern about small businesses and the food chain analogy?
Because the United States telecommunications industry reflects in many
ways the percentage composition of the general American economy. While
most Americans are aware of names like AT&T, Bell Atlantic and GTE, the
United States telecommunications industry is in reality an intricate
web of over 1,100 small independent telephone companies and
approximately 4,000 small Internet service providers. Day in and day
out these companies rely on each other to complete the voice and data
calls that make up the fabric of life in America today. What are those
small telephone and Internet service providers doing to become Y2K
compliant? Are they following the example of small businesses sampled
in the Wells Fargo survey? And our concern should cover not only small
businesses but also our global business partners. Many multinational
corporations do business with countries around the world. In March
1998, the World Bank reported that of the 128 borrowing countries it
monitors, only 37 even knew what the year 2000 problem was.
Earlier this week I visited the Web site for the United States
Telephone Association, the group that represents these 1,100
independent telephone companies. I am disappointed to say that if what
I found represents the USTA's interest in the Y2K issue for its
members, many of those small telephone companies will not be Y2K
compliant by the end of next year. I started my testimony talking about
the intricate information chains that bind our society and economy. In
Boston when I call the West Coast, my call has to proceed from a Bell
Atlantic switch to the long distance carrier of my choice to the local
telephone company servicing my end destination on the West Coast. The
players large and small in the extremely competitive telecommunications
industry need each other to complete those voice and data calls. What
are they doing to join arms and fight the Y2K battle? While I applaud
the efforts of the Telco Year 2000 Forum, it is largely an effort of
the major local exchange carriers. I urge AT&T, MCI, and others to
accept Telco Year 2000 Forum's invitation to join. As the days to 1/1/
00 dwindle, the telecommunications industry must put aside its partisan
nature for an all-hands-on-deck run at this problem. When American
citizens are unable to make phone calls on January 1, 2000, they will
not have the patience for finger pointing that may ensue among local,
long distance and Internet services. The telecommunications industry is
increasingly a global business as seen by this week's announcement of
the AT&T/British Telecom joint venture. Chief information officers are
increasingly concerned about data such as earlier reported from the
World Bank: What kind of impact could a Y2K failure in a foreign PTT
(Post, Telegraph, Telephone) have on their global information
technology infrastructure. Alan Greenspan recently testified before the
Senate Banking Committee that a small problem beginning somewhere in
the international banking community could snowball into a Gargantuan
problem. Could his point of view be transferred to our nation's
telecommunications industry as it prepares for the Year 2000? Could a
small Y2K problem beginning in some small European, Pacific Rim or
Latin American country snowball into a large Y2K problem here in
America? As the International Telecommunications Union recently
reported, could Y2K unpreparedness cut off the developed countries that
have worked on the Y2K problem from the developing countries, creating
in essence a digitally disconnected Fourth World of nations? On July 23
Senator Dodd said in these hearings, ``We are no longer talking about
whether there will be any Y2K disruptions--only how serious those
disruptions will be.'' On June 4 in Omaha, Nebraska, CIO magazine and
the International Data Corporation released the industry's first
predictive tool that helps companies gauge their Y2K vulnerability. We
call it the Beach/Oleson Pain Index and it can be found at www.cio.com/
y2k.html The index is based on the interconnectedness of corporations
sharing applications with external partners. We quantify the problem
into four states: catastrophic, meaning the problem experienced could
cause socioeconomic harm; business critical, which refers to a Y2K
problem that brings down an entire business for more than 24 hours;
disruptive, including problems causing outages that are fixed within 24
hours; and annoyances, nonessential Y2K problems such as your e-mail
password claiming it has expired. For example, a corporation or
telecommunications company sharing 55 applications with external
partners has a 57 percent probability that its Y2K problem will be an
annoyance, a 34 percent probability the problem will be disruptive, a
11 percent probability the problem will be business critical and a 0.6
percent probability the problem will be catastrophic. While most
companies will not experience catastrophic problems, the
telecommunications industry certainly falls within the group that will
suffer deeply if partners' appropriate preparedness action steps are
not taken. These are our recommendations to this committee moving
forward:
1. Raise awareness of the Y2K challenge with small independent
telephone companies and small Internet service providers while abating
the potential for panic.
2. Encourage all sectors of the telecommunications industry to
follow the example of the Telco Year 2000 Forum and expand their
efforts to long distance carders, competitive LEC's, etc.
3. Encourage the FCC to put enforceable Y2K compliance policies in
place immediately for all groups it monitors and hold the chief
executive officers and board directors personally responsible for Y2K
compliance statements shared with the FCC.
4. Recommend that the FCC impose an immediate moratorium on
telecommunications mergers and acquisitions. The FCC needs to focus its
finite resources on issues of national not corporate interest.
5. Consider the formation of Y2K Information Centers across America
to inform consumers about not only likely impacts on communications but
also the services they purchase from utilities, banks and the like. A
recent survey by CIO magazine found nearly 4 in 10 Americans are
totally unaware of Y2K. Of those that were aware, one in four plans to
put his or her money under their mattress if it becomes apparent the
Y2K challenge will not be solved by this time next year.
6. Mobilize millions of Americans to join a grass-roots volunteer
effort to help solve the problem. The same CIO survey reported 45
percent of Americans said they would serve if asked. Earlier this month
the president challenged retired federal workers to come back and help.
This effort needs to be expanded to all. In the CIO survey the under 25
age group responded with most enthusiasm to volunteer. President
Roosevelt mobilized this nation early in the century with his visionary
civilian conservation corps. People can similarly join to attack the
Y2K problem.
7. Create a telephonic version of the Federal Emergency Management
Agency that small telephone companies and small Internet service
providers could tap into for funds to hire workers to help meet the Y2K
challenge.
8. Challenge the telecommunications industry to report back to this
committee with an in-depth contingency plan on what will happen if the
network goes down. Have the group particularly focus on the contingency
plans for rural America, an area largely served by small telephone and
Internet service providers. Moreover, task the industry with explaining
how it plans to handle the extraordinary volume of calls from consumers
demanding Y2K information from their banks, health care providers etc.,
anticipated in November and December 1999.
9. Work with Ambassador Kamal, head of the Informatics Committee at
the United Nations, and encourage the ambassador to hold a major global
summit at the United Nations on Y2K this fall.
American lives and the American economy live on the bandwidth
provided by our nation's telecommunications infrastructure. Whatever
threatens the delivery of that bandwidth threatens lives and the
economy in America. The Y2K problem is threatening our nation's ability
to deliver noninterrupted bandwidth. No one can come before this
committee and say for certain how our national and global
telecommunications infrastructure will fare during the digital tsunami
known as Y2K. Several things are certain. We are all in this together.
We should all prepare for the worst. And we should all pray for the
best. Thank you for the opportunity to share this testimony with this
distinguished committee.
______
Responses of Gary Beach to Questions Submitted by Chairman Bennett
Question 1. You recommend the establishment of a special telephonic
version of the Federal Emergency Management Agency (FEMA) to provide
financial assistance to small telephone and Internet providers. How
would you propose this be organized and funded?
Answer. Using the same FEMA infrastructure and processes, have
Congress or the administration increase and/or create a special Y2K
fund that could be used by companies with 50 or fewer employees.
Question 2. Could you please elaborate on assessment of United
States Telephone Association members lack of Y2K preparedness?
Answer. What I have come to learn about publishing information on
the World Wide Web is that if a topic is important to Web site editors
and their audience, it is prominently displayed on the home page.
In preparation for testimony on July 31, 1998, CIO visited the
USTA.org site. Then as now the USTA home page--or other areas on the
site--lacks information that would lead CIO to believe the USTA is
concerned about the Y2K situation.
Many USTA members are small, independent telephone companies. It is
our belief that they employ old telephone switching technology and that
many of those USTA members are in rural areas of the United States.
All USTA members are linked to our nation's long distance telephone
networks. It follows that Y2K problems in these small telephone
companies could be passed along to larger companies.
Question 3. What evidence can you cite to support your assertion
that claims of Y2K compliance by the industry are based on hope rather
than fact?
Answer. The best evidence of this is the actual testimony of
industry representatives at the July 31, 1998, hearing. They conveyed
the hope that the industry would be 98 percent Y2K compliant by January
1, 2000, or sooner but confessed that the networks have significant Y2K
latency problems.
When a deadly infection enters a body, that body is 99 percent
infection free. However, the body can succumb to infection as it
spreads. Nothing I heard at the hearing convinced me that the
telecommunications industry knows just how compliant it will be on Jan.
1, 2000.
Question 4. What do you predict the state of Y2K readiness will be
in the telecom industry on January 1, 2000 based upon your contacts
with CIO's nationwide?
Answer. Based on my conversations with CIO's, I predict there will
be widespread telecommunication outages across America, particularly in
rural parts of our country served largely by small, independent
telephone companies without the resources to identify and fix the Y2K
problem. Moreover, I predict latent Y2K bugs will continue to plague
the nations telecommunications network well into the year 2000.
Question 5. You refer in your testimony to ``the great paradox''
whereby Y2K compliant telecommunications infrastructures will become
``powerful conduits for spreading Y2K problems.'' Would you elaborate
on this and cite specific examples?
Answer. The Great Paradox concept espouses this point of view: Even
if the nation's telecommunications infrastructure is 100 percent Y2K-
compliant, it may act as a superconductor that will pass Y2K erroneous
data through companies connected via that infrastructure in large
supply chains.
If the telecommunications infrastructure fails the nation, the
consequences will be dire.
For example, many small companies in America--either because they
do not have the IT manpower to correct Y2K code beforehand or because
they didn't try to fix the code--will incubate errant information. They
will pass this information to other companies they are linked to in
information food chains.
That errant data could take the form of inaccurate invoices,
payments or patient information. Or there could be significant
disruptions in our nation's distribution of food, supplies and so on.
CIO recommends that the Senate pay particular attention to the
northern areas of the United States from Alaska to Maine because Y2K
hits these areas in the dead of winter and major disruptions in
telephone, electricity, and heat could prove disastrous.
Question 6. We have heard this morning about the non-participation
of the long distance carriers in the Telco 2000 Forum. In you
testimony, you recommended that this situation be corrected. Why do you
think broader participation is important? What might occur if this
situation is not remedied?
Answer. As I stated in my testimony, the Telco 2000 Forum is a
positive step. Its major limitation is that it does not include the
long distance carriers, though I understand they have invited this
group to participate.
This cuts to my major critique of this industry as it faces Y2K.
If, for instance, I want to call San Francisco from my offices outside
Boston, my voice and/or data call emanates from a local telco (Bell
Atlantic), then moves to the long distance carrier of choice (AT&T) to
another local telco (GTE) in San Francisco. Unless all of these
entities are entirely Y2K functional on January 1, 2000, the
probability that my voice/data call will go through decreases.
The nation's telecommunications infrastructure is only as strong as
its weakest noncompliant Y2K company.
Question 7. You talk in your testimony about the growing reliance
of large and small businesses on their information infrastructures,
i.e., electronic data interchange with suppliers and customers. Would
you describe examples of the impact of failed telecommunications
infrastructure on these businesses?
Answer. Here's an example: Large companies are starting to perform
Y2K IT triage with their partners connected in massive EDI or other
telecommunication networks where they are abandoning entirely those
companies not essential to their critical business processes that may
not be Y2K-compliant. Sears Roebuck, Inc. has 5,000 vendors linked in
its network. It has identified 900 of those companies--or 18 percent--
as critical to making sure Sears does business on Jan. 1, 2000. The
``other'' 82 percent of its current partners--or 4,100 companies, most
small--did not make the cut. It is my opinion that as they perform Y2K
triage larger firms will never go back to doing business with a portion
of those smaller suppliers deemed noncritical.
The loss of a Sears type contract could devastate a small business.
__________
Prepared Statement of Chairman Robert F. Bennett
Good morning, and welcome to the fourth hearing on the Year 2000
Technology Problem. To date, we have held hearings on energy utilities,
financial services industries, and health care. Future hearings will
include transportation, general government services, and general
business issues.
Let me begin today's hearing by noting that the global
telecommunications infrastructure is the central nervous system of
modern society. Daily, 270 million Americans depend on this complex web
of voice, data, and video services that enable their telephones,
radios, fax machines, computer networks, televisions and other
information appliances. Major national and international enterprises,
such as emergency response, national security, finance, transportation,
health care, government, energy distribution, and others, are
critically dependent on reliable, 24 hours a day, 7 days a week
telecommunications.
Without these services, our ability to receive, gather, and respond
to information would be as limited as it was for our ancestors before
Alexander Graham Bell invented the telephone. Some critical enterprises
which depend upon telecommunications services include: The National
Weather Service; the Department of Defense; the Federal Reserve Board &
Wall Street; the National Airspace System; the American Red Cross's
Blood Service and the United Network for Organ Sharing; the national
electric power grid; and on and on.
However, I have great concerns that our global telecommunications
infrastructure can ride out the millennium date change without
significant disruptions for three reasons. First, it is a highly
complex system of systems. Second is the fact that there is no
identifiable U.S. public or private body taking the lead on the global
aspects of the Y2K telecommunications problems. Lastly, is the fact
that to have successful communications, both parties must be able to
send and receive information. It is not enough to be ready just
yourself.
With regard to the complexity of global telecommunications, the
sheer number of players illustrates the problem. Today in the United
States, there are five long distance carriers (not including the
growing number of long distance resellers), five major national
television broadcasters, six Regional Bell Operating Companies, more
than 1,000 small phone companies, 16 communications satellite
providers, more than 4,500 Internet Service Providers, hundreds of
cellular phone companies, thousands of broadcast radio stations, and
over 11,000 cable services companies. And this just captures the
infrastructure of the United States and does not include the thousands
of large and small communications equipment manufacturers.
Finally, it must be pointed out that this infrastructure relies on
hundreds of millions of lines of computer code. It is too great a leap
of faith to believe that all the elements of an endeavor this complex
will be ready at the stroke of midnight just 17 months from today,
especially in the light of the limited readiness the industry has shown
to this committee.
As for coordination and oversight of telecommunications, let me
note something from a 1995 National Research Council report.\1\
---------------------------------------------------------------------------
\1\ The Changing Nature of Telecommunications/Information
Infrastructure, The National Academy Press, 1995.
In 1984 it was quite clear what the telecommunications/
information infrastructure was and who defined it. It was, in
essence, the telephone and broadcast networks. The defining
players were AT&T, the Federal Communications Commission (FCC),
and the broadcasters. You got only the connectivity and
services that were offered; compared with what is available
today, it was not much.
All of this has changed radically. Instead of being defined
by monopoly suppliers and regulators, the telecommunications
infrastructure has become more closely defined by both market
demand and the explosion of supporting technologies that have
been brought to market by myriad suppliers. There has been much
movement away from a supplier-defined infrastructure to a user-
and market defined infrastructure.
In this new world of telecommunications which has given rise to a
revolution in new services, no one party is charged with the task of
assuring the reliability and interoperability of the entire network.
This has made the millennium bug a much harder beast to squash as it
only has to show up in one link in a communications chain to cause
mayhem.
Finally, let me return to the two-way nature of telecommunications.
Simply put, if the long distance carrier is up and running, but the
regional carrier is down, the long distance call doesn't go through. If
the Internet backbones are working, but the local Internet Service
Provider is off-line, the World Wide Web is inaccessible to the user.
And if a financial payment can be received in New York, but it cannot
be sent from overseas, the transaction will not occur.
Like it or not, there is a link-to-link connectivity that starts
locally, goes regionally, continues on nationally, and finally, ends
internationally in this network upon which telecommunications and the
enterprises supported by telecommunications critically depend. I am
expecting today's panels to tell us how they are going to take charge
and address this challenge. Getting telecommunications ready for the
Year 2000 is a massive task that will require tremendous cooperation
and coordination, but it is a task we must complete.
__________
Prepared Statement of Senator Jeff Bingaman
Mr. Chairman, today's hearing is very timely. We have only 518 days
to make sure that our nation's telecommunications networks are prepared
for the Year 2000 (Y2K).
The telecommunications infrastructure has been revolutionized
by advances in information technology in the past two decades
to form an information and communications infrastructure. * * *
Taking advantage of the speed, efficiency and effectiveness of
computers and digital communications, all the critical
infrastructures are increasingly connected to networks. * * *
Networking enables the electronic transfer of funds, the
distribution of electrical power, and the control of gas and
oil pipeline systems. Networking is essential to a service
economy as well as to competitive manufacturing and efficient
delivery of raw materials and finished goods. The information
and communications infrastructure is basic to responsive
emergency services. It is the backbone of our military command
and control system.\1\
---------------------------------------------------------------------------
\1\ Critical Foundations: Protecting America's Critical
Infrastructures. The President's Commission on Critical Infrastructure
Protection; October 1997.
We look forward to another century of exciting advances in
communications. Yet, we face an unprecedented assault on the
reliability and the resiliency of our telecommunications infrastructure
because of Y2K problems. While there are many positive indications that
the industry is working very hard to solve the Y2K problem, it is
critical that we as the Congress, the Federal Government and the nation
understand the awesome task facing the telecommunications industry.
Telecommunications provide the flow of information on which we depend
for national and economic security. Significant failures or unforseen
Y2K telecommunications outages could have dramatic impacts on our
ability to do maneuver military forces, respond to emergencies or
simply do business.
We currently lack the assessments necessary to model potential Y2K
failures. Experience, however, does tell us that hardware and software
can fail unexpectedly. Private industry and government are both adept
at surviving systems failures. But our ability to coordinate and
continue operations in the event of a simultaneous wide spread failure
is uncertain.
The susceptibility of the current generation of switching
equipment to software based disruption was demonstrated in the
collapse of AT&T's long distance service in January 1990. A
line of incorrect code caused a cascading failure of 114
electronic switching systems.* * * [Again] the potential for
software-based disruption of common channel signaling was
demonstrated in June 1991, when phone service in several
cities, including 6.7 million lines in Washington, DC, was
disrupted for several hours due to a problem with the network's
Signaling System 7 protocol. The problem was ultimately traced
to a single mix-typed character in the protocol code.\2\
---------------------------------------------------------------------------
\2\ Critical Foundations: Protecting America's Critical
Infrastructures. The President's Commission on Critical Infrastructure
Protection; October 1997.
In software engineering, it is common to find that very process of
correcting code introduces new errors. The amount of telecommunications
software that must be examined and then corrected is enormous, and it
is inevitable that new errors will creep in. While a wide area outage
is not necessarily going to result from errors caused through fixing
the Y2K bugs, we must be ready for such, and contingency planning must
be done.
I am increasingly concerned that the impact of Y2K on the
telecommunications industry is not being fully addressed as a national
security issue. Could a Y2K related failure cause such a problem in
telecommunications? Could an error entered during the millions of lines
of code correction cause a serious disruption? If so, would our current
emergency response mechanisms be enough? What specific types of
contingency planning do we need to consider?
Throughout today's hearing we will endeavor to understand the
serious Y2K vulnerabilities facing the telecommunications industry. As
we begin this hearing, I think that it's particularly important to
remember that the United States has by far the most resilient and
reliable telecommunications infrastructure of any nation in the world.
In fact, despite the news of network outages and the Galaxy IV
satellite failure, the telecommunications industry maintains a 99.9
percent success rate.\3\
---------------------------------------------------------------------------
\3\ Network Reliability--The Path Forward, The Network Reliability
Council; February 1996.
---------------------------------------------------------------------------
As Americans, we look to the future in anticipation. We continually
strive to improve the quality of life by improving communications and
advancing technology. It is my hope that prompt action and technical
communication about Y2K readiness will prevent significant problems. I
am confident that the telecommunications industry is determined to meet
the communications challenges of the next century. But, I also believe,
to assume that the Y2K problem will not affect U.S. telecommunications
``* * * is a dangerous complacency.'' \4\
---------------------------------------------------------------------------
\4\ Steve Prentice, Director of Research for the Gartner Group in
Europe Year 2000 Telecommunications Conference, sponsored by GSA, MITRE
Corporation, McLean, VA, April 29, 1998.
---------------------------------------------------------------------------
__________
Prepared Statement of Joseph Castellano
i. introduction
Good morning Chairman Bennett and other members of the Senate
Special Committee on the Year 2000 Technology Problem. I appreciate
being given the opportunity to address the Committee on the Year 2000
issue.
My name is Joseph Castellano and I am the President--Network and
Corporate Systems for the Bell Atlantic Corporation. I am also the
officer responsible for leading the Company's Year 2000 program. In
that capacity, I chair Bell Atlantic's Year 2000 Steering Committee.
Bell Atlantic is a communications and information company. With
more than 41 million telephone access lines and 6.7 million wireless
customers worldwide, Bell Atlantic companies are premier providers of
advanced wireline voice and data services, market leaders in wireless
services, and the world's largest publishers of directory information.
Bell Atlantic companies are also among the world's largest investors in
high-growth global communications markets, with operations and
investments in more than 20 countries.
I have been asked to offer testimony today about the Year 2000
vulnerabilities facing telecommunications carriers and the legal
complexities of information sharing.
ii. the year 2000 problem
As you are aware, the Year 2000 challenge is to ensure that
information technology accurately processes date/time data from, into
and between the years 1999 and 2000. For the telecommunications
industry, like other industries that are so technology dependent, this
is a significant challenge, and one we must meet in order to ensure
that our communications networks and services continue to perform as
our customers expect.
A telecommunications carrier depends to a great extent on computers
and their related software to deliver telecommunications services.
Communications networks are comprised of a number of network elements,
which together allow voice and data to be transported and switched.
Many of these network elements contain computers and related software,
and they interoperate with other network elements that are also
controlled by computers and associated software. Bringing all of these
network elements into Year 2000 compliance is the primary Year 2000
goal of the telecommunications industry.
The Year 2000 problem also affects other aspects of the
telecommunications business in addition to the network itself. Like
other businesses, our key business processes--ordering, provisioning,
billing, payroll, etc.--are driven by information systems which rely on
computers and related software that must be tested and confirmed as
being Year 2000 compliant. Similarly, we face Year 2000 issues in
connection with the continued operation of our general business
infrastructure--elevator controls, air conditioning systems, security
systems and even office equipment are all dependent to some degree on
computers and related software.
So, like any other business, a telecommunications carrier must also
deal with Year 2000 issues outside of its traditional ``core
business.'' However, today I will focus my comments on Year 2000 issues
uniquely affecting the telecommunications industry, and in particular
its network services.
iii. how the industry is addressing the issue
A. Industry group efforts
The telecommunications industry has at least three industry groups
which are involved in the Year 2000 effort--the Telco Year 2000 Forum,
the Alliance for Telecommunications Industry Solutions (ATIS), and the
International Telecommunications Union (ITU). Although each group
operates as an independent entity, they are all addressing Year 2000
compliance testing of network components, interoperability of the
network components, and in some cases, testing between different
networks. Other speakers will be addressing industry group efforts in
greater detail in testimony today.
B. Individual carrier's year 2000 compliance efforts
In addition to the industry level activities, each
telecommunications carrier must undertake an effort to identify Year
2000 concerns in its operations and to devise a plan to address each
concern. The first step in this effort is to inventory all of the
network elements, information systems and computers that could possibly
be affected by the century change. As an example of the size of this
effort, Bell Atlantic's inventory includes the following:
--Over 350 different types of network elements which Bell Atlantic
has deployed tens of thousands of times in its network;
--More than 1,200 software applications, with over 250 million lines
of computer code, which support Bell Atlantic's business
processes;
--Approximately 88,000 personal computers, 800 mid-range computers,
40 mainframe processors and hundreds of supporting software
products;
--Hundreds of unique security access, air conditioning, elevator
control, and similar systems servicing thousands of buildings,
garages, and other facilities.
Once inventoried, each type of network element and computer and
each information system must be assessed to determine if it is Year
2000 compliant and, if not, when and how it will most likely fail.
Knowing when a component may fail is important because this will
influence the sequence and prioritization for correcting that
component. Because telecommunications carriers purchase the vast
majority of their network elements, information systems and computers
from others, an extensive program of equipment vendor communication is
necessary. Carriers must know what steps an equipment vendor is taking
to make its products Year 2000 compliant.
Also, as part of this inventory and assessment activity, it is
necessary to assign some level of priority for the remediation or
replacement of network components. For example, network elements and
related software that would have an immediate and severe impact on
customer service in the event of failure should be assigned a higher
priority than that given to a non-critical system.
Detailed planning follows assessment. In this phase, plans are
developed for the remediation or replacement of each type of network
element and computer and for each information system. Even components
found to be compliant during assessment will require testing or
verification to validate manufacturer-provided information. For those
components evaluated as non-compliant, we must determine if they should
be fixed or replaced. Detailed plans must include all activities
required to insure that the particular components will operate
correctly. Thousands of such plans must be developed by a carrier and
its vendors. By the third quarter of this year, detailed planning
should be completed or nearly complete.
As part of this planning phase, special attention must be paid to
telecommunications systems and network components supporting emergency
services, such as 911 services. Together with cities, towns and
municipalities who operate such emergency service systems, and the
manufacturers of the equipment used in these systems,
telecommunications carriers share a common goal--to ensure that these
and similar essential services remain unaffected by Year 2000 problems.
Emergency services should remain a top priority in any
telecommunications carrier's overall Year 2000 plan.
The next stage of a Year 2000 plan consists of testing compliant
components; remediating and testing non-compliant components that will
be retained; and replacing those components that will be retired. This
is the stage most carriers are at currently and it is by far the most
complex. Carriers on track to meet Year 2000 targets would have begun
this phase in 1997; however, the majority of the work will be completed
in 1998 with some to be completed in 1999. During this phase, new and
remediated network elements, computers and information systems are
comprehensively tested. These tests include testing for date handling,
interface testing and regression testing. Regression testing assures
that no other function of the component has been adversely affected by
the remediation.
Once network elements, computers and information systems are fully
tested, they can be deployed. For network elements, this requires the
development of extensive deployment schedules, which must be
coordinated with other network changes and supported by equipment
vendors. Where a new information system is being installed to replace a
non-compliant system, deployment will require that employees receive
training in the new system. In addition, personal computers have to be
replaced or upgraded, requiring extensive fieldwork by maintenance
personnel. Deployment for most companies has begun and will continue
through early 1999, with some additional deployment occurring after
that.
Finally, it is important for a carrier to develop comprehensive
contingency plans. These plans should address action required in the
event that scheduled activities, such as replacement of a particular
software application, do not occur on time, as well as planning for the
possible failures of suppliers and internal operations. A contingency
plan should also include the establishment of internal, industry and
customer command structures to effectively manage critical situations.
Initial contingency plans should be developed by the end of 1998, but
these plans will necessarily evolve as circumstances require.
A comprehensive and effective Year 2000 program should also include
a company-wide management structure and process--a senior officer
responsible for overall leadership; an officer level steering committee
(or similar group) representing all critical operations of the business
with responsibility for establishing policy, resolving issues and
monitoring the progress of the Year 2000 program; and a Program Office
which provides a dedicated staff for central management and support of
all Year 2000 activities.
C. Interrelated nature of telecommunications industry--a year 2000
concern
The performance and integrity of the worldwide communications
network is primarily dependent upon: (i) The performance of the various
network components and software manufactured by numerous equipment
vendors; (ii) the integration of these network components by
telecommunications carriers within their networks; and (iii) the
interoperability of the separate networks owned and managed by numerous
telecommunications carriers throughout the world.
Given this interdependency, it is critical that each equipment
vendor and each carrier properly address its own Year 2000 issues, and
that equipment vendors and carriers work cooperatively to ensure a
seamless, uninterrupted operation of this global network. Information
sharing among carriers and between carriers and their equipment vendors
is essential. Likewise, information sharing between carriers and their
customers is equally critical to enable customers to understand and
address their Year 2000 requirements.
If an equipment vendor is not able to provide and support
functional, Year 2000 compliant replacements or upgrades, that failure
will likely have a material adverse impact on a carrier's Year 2000
efforts. Likewise, if a carrier fails to properly address its Year 2000
issues and a service disruption occurs, that carrier's customers will
be affected, as will interconnecting carriers. The telecommunications
industry is also dependent upon other suppliers of essential services,
such as electric utilities, to successfully address their Year 2000
issues. For example, a serious disruption in electric power supply that
results from a Year 2000-related failure will certainly interfere with
a telecommunications carrier's ability to provide uninterrupted network
services.
Although contingency planning will help mitigate the impact of
supplier and carrier Year 2000 failures, contingency planning cannot be
the solution. Each supplier and carrier must address its Year 2000
issues, and must share with others the status of its Year 2000 efforts
and other relevant Year 2000 information.
iv. legal concerns impeding information sharing
In recent times, ``Year 2000'' has become a topic of considerable
interest within the legal community. One has only to attend a few of
the numerous seminars on the subject given by law firms, legal
education organizations and others, with titles such as ``[t]he Next
Wave of Year 2000 Litigation'' or ``Year 2000 Liability'' to understand
why these issues are steadily driving businesses and their attorneys to
distraction.
Year 2000-related liability is often mentioned in connection.with a
variety of possible claims, including: actions under the federal
securities laws; breach of contract or warranty; negligence (including
negligent misrepresentation); product liability; antitrust; and
defamation or product disparagement.
As discussed above, information sharing plays a critical role in
the successful implementation of Year 2000 plans. Our experience has
shown that liability concerns have an adverse impact on the free
exchange of Year 2000-related information among businesses. These
concerns affect not only the level or content of the disclosure but
also the timing of the information exchange.
Given the compelling need to share Year 2000 information, we favor
legislative action to reduce liability concerns in this area. In
particular, we support legislation such as the proposed Year 2000
Information Disclosure Act to encourage the disclosure of Year 2000
information and urge your Committee to support its passage as well.
v. specific government actions to support remediation
Government can play a key role in supporting the telecommunications
industry in our Year 2000 efforts.
First, passage of legislation such as the Year 2000 Information
Disclosure Act to facilitate a more open and timely disclosure of
information would be quite helpful.
Also, both federal and state agencies are properly attempting to
gather as much information as possible from the entities within their
jurisdiction in an effort to understand the issues confronting
businesses and progress on Year 2000 matters. We believe that
consideration should be given to the development of a more uniform
approach to information gathering from the telecommunications industry.
A uniform approach to information gathering would improve the
usefulness of the information provided and minimize the impact on
personnel working to address Year 2000 problems.
vi. conclusion
I would like to thank the committee for allowing me to address the
issues facing the telecommunications industry with respect to the Year
2000.
______
Responses of Joseph Castellano to Questions Submitted by
Chairman Bennett
Question 1. In your discussion on the steps to remediate systems
with Y2K problems, you said regarding testing that ``carriers on track
to meet Year 2000 targets would have begun this work in 1997.'' What
does this imply for companies that are just starting or haven't started
testing yet?
Answer. This question, as stated, does not fully capture my
testimony. In my statement, I testified that: ``The next stage of a
Year 2000 plan consists of testing compliant components; remediating
and testing non-compliant components that will be retained; and
replacing those components that will be retired. This is the stage most
carriers are at currently and it is by far the most complex. Carriers
on track to meet Year 2000 targets would have begun this phase in 1997;
however, the majority of the work will be completed in 1998 with some
to be completed in 1999.'' This phase of an overall Year 2000 plan
includes much more than just testing. In addition, work in this phase
of the plan will continue through 1999.
Thus, in our view, carriers who are ``on track'' would have at
least started this phase in 1997. Viewed from a different perspective,
if by the end of 1997 a major carrier has not at least started these
activities--testing compliant equipment, remediating and/or testing of
remediated components--meeting 2000 objectives would be more of a
challenge. Of course, each company's situation is unique to the size
and nature of its operations network. Therefore, no generalization
should be made based on my testimony without looking at the nature and
magnitude of a particular company's network facilities.
Question 2. Would you please elaborate for the Members of the
Committee on the anticipated effect of the legislation proposed by the
White House if it passes Congress this year? Will it change the picture
of the telecommunications information landscape?
Answer. The Year 2000 Information Disclosure Act provides some
protection against liability to the maker of a statement regarding Year
2000 processing in actions based on an allegedly false, inaccurate or
misleading Year 2000 statement, and defamation or product disparagement
actions. By addressing these concerns, the Act will clear the way for
timely, meaningful and necessary disclosures. Obviously, the more
information that is exchanged efficiently between and among
manufacturers, suppliers and customers, the more effective each company
can become in addressing its Y2K issues.
Bell Atlantic's experience has been that companies are reluctant to
make statements about Year 2000 readiness. If such statements are made,
the maker most likely will require the recipient to sign either a non-
disclosure or a limitation of liability agreement, or both. These non-
disclosure agreements often impede the further dissemination of the
relevant information, which reduces the effectiveness of a company and
the industry in addressing the Y2K issues. In addition, negotiation of
these agreements occupies precious time and can delay the remediation
and testing process. Bell Atlantic believes that the proposed
legislation will lower the concerns of companies making Y2K statements,
expedite the exchange of information and allow companies to fully focus
on evaluating and fixing any Y2K problems.
Question 3. What are the potential impacts of the proposed merger
between Bell Atlantic and GTE on their individual and combined Y2K
readiness? Won't the merger disrupt Y2K programs as the combined
company strives to integrate systems and services?
Answer. We believe that our proposed merger with GTE will have no
discernable impact onY2K readiness of Bell Atlantic or GTE. At least
for the foreseeable future, each company will continue to manage its
Year 2000 Programs independently through completion. Also, we believe
that most merger integration activities are likely to occur shortly
before or even after January 1, 2000, and will, therefore, have little
impact on each company's individual Y2K readiness.
__________
Prepared Statement of Senator Susan M. Collins
Let me first thank you Mr. Chairman for holding today's hearing on
this important topic. As you have mentioned before, a breakdown in the
telecommunications sector could lead to a modern day version of the
Tower of Babel. However, rather than not being able to speak to each
other because of a language difference, this time it would be because
our communication systems malfunctioned.
We have a couple of recent examples of the consequences of a
failure in our communications systems. On April 13, AT&T's high-speed
data network failed, leaving banks, retailers, and even the Red Cross
scrambling to adjust to a telecommunications breakdown. And as I think
most of us learned, on May 19, a communications satellite went into an
uncontrolled spin, dizzying credit card authorization services and
disrupting paging services for almost all of the pagers in the United
States.
Obviously, a safe and viable telecommunications system is
absolutely critical to our daily lives. I look forward to our
witnesses' testimony.
__________
Prepared Statement of Vice Chairman Christopher J. Dodd
Thank you Mr. Chairman. I also want to express my appreciation to
our colleague Senator Bingaman, who has taken on the difficult task of
acting as the committee's point person on the telecommunications issue.
Before we turn to this very important topic, let me provide the
members of the committee with a brief follow-up on our hearing last
week.
As you may recall, both Chairman Bennett and I expressed our
disappointment with those medical device manufacturers who had chosen
not to comply with either the FDA's requests for information, nor with
four separate requests for information from the Veterans
Administration.
In particular, Dr. Kizer of the VA testified that 233 manufacturers
had failed to respond, to their requests for information. However, I
have been informed that after he returned to the VA from the hearing,
his phone started ringing off the hook. As of today, that list of 233
has been reduced to a list of 99.
I also want to report that the chairman and I met with senior
officials from the Health Industry Manufacturers Association earlier
this week.
At that meeting, HIMA told us that they are going to reverse their
policy of not cooperating with the FDA's requests for information, and
will issue a letter early next week urging their 800 members to
cooperate more fully with requests from both FDA and from the hospitals
and clinics that use their medical devices.
We have, after much unnecessary obstruction from HHS, obtained from
FDA the list of 2,200 manufactures of computerized medical devices that
have not responded to their June 29 letter; we will watch closely over
the next week or so to see how many of them begin to comply with FDA's
information request.
We also have the list of the 99 manufacturers who still have not
complied with VA's request for information and will also watch closely
to see if that list continues to shrink.
We will also be watching to see that both HHS and FDA follow the
injunction given to them by OMB way back on May 15 to become more
aggressive in pursuing this information.
In order to mare sure that everyone has incentives to work
cooperatively and voluntarily on this matter, Senator Bennett and I
will be introducing legislation that mandates the cooperation of
medical device manufacturers with FDA's request for information.
While I hope that it will not be necessary to pass such
legislation, our forebearance will depend on FDA and the device
manufacturers honoring their commitments to improve their performance
to date.
I don't want to delay the hearing much longer with extended
remarks, so let me just say that while I believe that the
telecommunications industry has made good progress to date, I am
somewhat disappointed that there has been no single entity designated
to act as a clearinghouse for all the participants in the
telecommunications industry.
While key individual companies have done assessing their Y2K
problem, the real proof will come in the testing.
Unlike the securities and banking industries, it isn't possible for
the telecommunications industry to take their system off-line to run a
test. There are no weekends or holidays for phone service.
As a result, creating a sound testing environment, and in
particular, trying to mare sure that the tests involve as many segments
of the industry as possible, are critical hurdles that the telecom
industry has yet to face.
I also hope that the panel of experts will focus on the readiness
of foreign telecom companies and will assess for us the possibility of
international disruptions impacting both U.S. domestic telecom service
and, perhaps more importantly, whether there is a real possibility that
we will not be able to communicate with people and businesses operating
abroad.
As the committee has noted in each of its previous three hearings,
contingency planning that starts today is a necessary part of any
meaningful effort to confront the year 2000 problem.
Given the necessity of telecom service to continued economic growth
and given the importance of simple phone service to every household in
America, serious and significant plans must be in place soon to deal
with any possible disruptions.
Thank you Mr. Chairman and Senator Bingaman for all of your work on
this important topic and I look forward to the today's testimony.
__________
Prepared Statement of John S. Edwards
i. introduction
Thank you, Mr. Chairman, for the opportunity to testify here today
on behalf of the President's National Security Telecommunications
Advisory Committee (NSTAC). My name is Dr. John S. Edwards, and I am a
member of the NSTAC's Industry Executive Subcommittee (IES) and Chair
of its Network Group. For 16 years, the NSTAC has advised the President
on issues pertaining to the reliability and security of
telecommunications and the information infrastructure--issues critical
to national security and commercial interests. The year 2000 (Y2K)
issue is at the forefront of current NSTAC work and we, particularly
the Network Group, have been aggressively addressing Y2K issues for
some time. If approved by the NSTAC at its twenty-first meeting on
September 10 of this year, the NSTAC will forward its Y2K
recommendations to President Clinton.
Disclaimer
The NSTAC, a presidential advisory committee, provides industry-
based telecommunications policy advice directly to the President, and
its activities are governed by the Federal Advisory Committee Act
(FACA). The NSTAC principals must approve any findings/recommendations
of the subordinate working groups before they are officially declared
NSTAC positions. Therefore, any information on the findings/
recommendations of NSTAC's subgroups cannot be disseminated or
discussed until approved by the NSTAC principals. All approved NSTAC
reports and recommendations are posted on the NSTAC homepage at http://
www.ncs.gov.
ii. nstac
Established by President Ronald Reagan in 1982 in anticipation of
the divestiture of AT&T, the NSTAC, a high-level industry advisory
group, provides the President with a unique source of national security
and emergency preparedness (NS/EP) telecommunications policy expertise
and advice. Membership in NSTAC is limited to 30 presidentially
appointed industry leaders who are senior executives (often chief
executive officers) representing major telecommunications carriers,
information system providers, manufacturers, electronics and aerospace
firms, system integrators, and the financial services industry.
(NSTAC's membership list is attached as Appendix A.) The IES, the
principal NSTAC working body, consists of representatives appointed by
each NSTAC principal. In accordance with FACA, the Manager, National
Communications System (NCS), serves as the Designated Federal Official
for the NSTAC. Through the NCS, the NSTAC coordinates its activities
with the Federal Government. An interagency group created in 1963
initially to address communications failures during the Cuban Missile
Crisis, the NCS was re-chartered in 1984 to plan and coordinate NS/EP
telecommunications during times of crisis or disaster.
The NSTAC and NCS are long-standing and successful industry-
Government and intergovernmental partnerships on NS/EP
telecommunications, respectively. In December 1982, the NSTAC formed a
task force to facilitate industry-Government response to the
Government's growing NS/EP telecommunications service requirements in
the post-divestiture environment. The task force was charged to
identify and establish the most cost-effective mechanism to coordinate
industry-wide response to NS/EP telecommunications requests. To that
end, the task force report, submitted to the NSTAC in 1984, led to
formation of the NCS's National Coordinating Center for
Telecommunications (NCC). The NCC emergency response coordination
center supports the Government's NS/EP telecommunications requirements
and assists with the provision and restoration of telecommunications
services during emergencies. Entities such as the NCC and the separate
NSTAC and Government Network Security Information Exchanges are
examples of existing coordinating partnerships developed by the NCS and
NSTAC. They have established levels of industry-Government trust,
cooperation, and information exchange critical to protecting the
Nation's telecommunications infrastructure. To further enhance the
trusted environment for information exchange, participation in NSTAC
and in NSTAC-related activities is done on a non-attribution basis.
During its 16-year history, the NSTAC has evolved to mirror the
dynamic changes in the telecommunications industry. As information
systems have become more critical to the day-to-day operations of
telecommunications and computing networks, the NSTAC has broadened its
focus to consider potential NS/EP implications. In addition, and in
keeping with the national security strategies articulated by Presidents
Bush and Clinton, the NSTAC has considered the economic security
dimensions of telecommunications and information system issues.
Today, the NSTAC is recognized as a model for industry-Government
collaboration. Its substantive recommendations to the President have
led to enhancements of the Nation's NS/EP telecommunications and
information systems posture. Enhancements in the form of operational
programs and policy solutions benefit both industry and Government as
the Nation's security requirements and telecommunications
infrastructure continue to evolve.
iii. nstac y2k analysis
In January 1998, the Manager, NCS, asked the NSTAC to update the
President on the telecommunications industry's actions to ensure
continuity of service through the millennium change. In response to
this request, the NSTAC directed its Network Group to address the Y2K
problem. The group's review of Y2K readiness covered the national
telecommunications infrastructure and related NS/EP issues.
The Network Group broadly reviewed the telecommunications industry
Y2K status by soliciting briefings from interexchange carriers, local
exchange carriers, switching system vendors, large-scale system
integrators, and Y2K risk assessment and remediation solution
providers. Several NSTAC member companies described their companies'
Y2K initiatives and provided their perspectives on the Y2K problem. In
addition, the Network Group heard briefings from the Telco Year 2000
Forum and the Alliance for Telecommunications Industry Solutions (ATIS)
on their respective, cross-industry Y2K initiatives. By providing a
unique forum for open discussion, the NSTAC's Network Group was able to
generate valuable insight into the state of the industry. Based on the
information gathered, the group's report to the IES included a
consideration of the current Y2K readiness of the major
telecommunications service providers and equipment vendors. I would
like to share some of our observations.
In a briefing to the Network Group, the following information was
offered to provide perspective on the magnitude of the Y2K problem for
the telecommunications industry:
--A telecommunications company is generally a ``large enterprise.''
For example, there may be 1,400 to 1,600 switches, 30 to 50
signal transfer points, 5 to 60 service control points,
thousands of transport component systems, and many element
management systems and operations systems, any one of which
could have multiple date-sensitive functions.
--75 percent of voice networking devices are date-sensitive.
--25 percent of data networking devices are date-sensitive (25-35
percent for intelligent devices).
--100 percent of network management devices are Y2K impacted.
Clearly, the telecommunications industry needs to be aggressive in its
Y2K approach--and it is. Efforts to make the telecommunications
infrastructure Y2K-ready are well underway. In fact, the major service
providers and their vendors have been working on these issues for
several years. The Telco Year 2000 Forum and others (e.g., the General
Services Administration and ATIS) are planning interoperability testing
for critical products, networks, services, and systems. Those who
briefed the Network Group on their Y2K initiatives expect the majority
of critical products and networking to be Y2K-ready between late 1998
and early 1999.
According to the Telco Year 2000 Forum's briefing to the Network
Group, the objective of the forum's network interoperability testing is
to minimize the risk of network and service failures and ensure that
functionality of date/time sensitive operations is not adversely
affected. The forum also serves to provide a common view to
telecommunications hardware/software suppliers regarding Y2K solutions,
and encourages hardware/software providers to adhere to product and
service implementation schedules. The forum's test of Y2K compliant
products and services, scheduled for 3rd-4th quarter 1998, is designed
to address the interoperability of components within discrete networks,
rather than between networks. This intra-network interoperability
testing will include the major North American suite of equipment and
will cover emergency services (E911/911); basic, enhanced, and
intelligent services; network management and operations,
administration, maintenance, and provisioning operations support
systems; data networks; and customer premises equipment. The
interexchange carriers are not participating in the Telco Year 2000
Forum's intra-network interoperability test but are conducting their
own intra-network tests of their products and services.
In a briefing by ATIS, the Network Group learned that ATIS is
planning to conduct internetwork interoperability Y2K readiness testing
to verify that there are no adverse effects on interconnected networks.
The pretest and set-up work to support the testing is currently
underway, with an anticipated completion date in 4th quarter 1998. This
testing will be conducted during January and February 1999. The items
identified for testing include mass calling events on December 31,
1999; potential congestion; cross-network services; rollover to Y2K in
the local number portability (LNP) environment; impact of time zones;
and key dates in an LNP environment (December 31, 1999, February 29,
2000, and December 31, 2000). Although ATIS plans to test the effects
of mass calling events on the switching networks, it does not plan to
test network management controls within network management operations
support systems. ATIS's internetwork interoperability testing
initiatives will include inter-exchange carrier participation.
Service providers and vendors know their companies' futures depend
on how effectively they address their Y2K problems. Consequently, they
are devoting substantial resources to achieving Y2K readiness. Their
initiatives include taking comprehensive inventories of their systems,
prioritizing them, assessing the extent to which they are date-
sensitive, and then implementing and testing solutions. The
telecommunications industry has been able to sustain its high level of
reliability, in part, because it has traditionally conducted extensive
regression testing. This should minimize the adverse effects to the
reliability of the public network (PN) caused by efforts to correct Y2K
problems. However, as with any software implementation, it is not
possible to foresee, and test for, every possible adverse interaction.
Since Y2K readiness preparation is a massive, diverse, pervasive, and
complex software augmentation, even the most thorough, exhaustive
efforts may fail to achieve 100 percent success.
No organization, either private or Government, in their brief to
the NSTAC's Network Group offered a guarantee on total eradication of
the Y2K problem from their networks, services, or systems. In addition,
these organizations could not offer guarantees of the adequacy of Y2K
internetwork interoperability testing. Many felt the millennium change
was not a January 1, 2000, problem, but a problem that would begin
before, and extend well beyond, that date.
Though not yet approved by the NSTAC, the Network Group's report
focuses on the current status of efforts to prepare the
telecommunications infrastructure for Y2K, factors affecting these
efforts, and problems possibly resulting if these efforts are not fully
effective. Because the telecommunications infrastructure is essential
to maintaining the national security posture and responding to man-made
and natural disasters, the Y2K report gives particular attention to NS/
EP telecommunications. The report recommends actions to the President
to enhance the Y2K readiness of NS/EP telecommunications and to
mitigate the impact of Y2K-induced service disruptions on the Nation's
NS/EP posture. Further, the Network Group's report recommends actions
for the NSTAC to help the Government respond to Y2K-induced service
disruptions.
Because the the Network Group's Y2K report is pending final
approval by the NSTAC, specific comments on the group's findings and
recommendations are not available for public disclosure at this time.
If the report is approved as anticipated at the September NSTAC
meeting, the recommendations will be forwarded to the President and
subsequently made available to interested parties. It would be our
pleasure to forward copies to you, Mr. Chairman, and to other members
of this committee at that time.
iv. nstac 1997 widespread outage subgroup report
In addition to reporting on our important Y2K work, we also have
been asked to comment this morning on the NSTAC's 1997 report to the
President addressing the probability of a widespread telecommunications
outage. (The report is attached as Appendix B.) While this report
preceded and is not connected to NSTAC's current assessment of Y2K
issues, it is highlighted today to convey our understanding of
contingency planning for, and recovery from, a severe
telecommunications outage, should one occur.
In April 1997, Dr. John Gibbons, Assistant to the President for
Science and Technology, asked the NSTAC to provide its views on the
possibility of a widespread service outage in the public telephone
network. The NSTAC's Widespread Outage Subgroup (WOS) was established
in July 1997 to address Dr. Gibbons' inquiry. The NSTAC approved and
forwarded to the President on December 10, 1997, the group's final
report.
The WOS began its task by developing a definition of a widespread
telecommunications outage. It was defined as--
A sustained interruption of telecommunications service that
will have a strategic significance to Government, industry, and
the general public. Such an outage would likely affect the
telecommunications service in at least one region of the
country including at least one major metropolitan area. It
would involve multiple carriers, affecting both long distance
and local service, and significantly degrade the ability of
other essential infrastructures to function. Such an outage
would have an impact on the availability and integrity of
telecommunications service for at least a significant portion
of a business day.\1\
---------------------------------------------------------------------------
\1\ ``Report on the Likelihood of a Widespread Telecommunications
Outage,'' The President's National Security Telecommunications Advisory
Committee, December 1997. (See Appendix B.)
The WOS report recognized threats to, and vulnerabilities of, the
public telecommunications network, such as equipment malfunctions,
natural hazards, sabotage, and physical design. It also assessed
potential concerns posed by the changing network environment (e.g., new
technologies and regulatory mandates), as well as concerns that the
growing threat from information intrusions could trigger systemic
network failures.
Findings of the widespread outage report
The U.S. telecommunications service providers have historically
offered unparalleled robustness, availability, and quality. Although
the track record of the PN is superlative, natural and technological
threats could adversely affect telecommunications services. These same
threats could also disrupt other critical infrastructures, such as
electric power, on which the PN is highly dependent for sustained
operation. While the PN's supporting technologies provide an expanding
array of services and features, and facilitate robustness, these same
supporting technologies can introduce exploitable vulnerabilities with
adverse effects on service availability and reliability.
The WOS report addressed several key issues. Perhaps most
important, it examined the extent to which a widespread, sustained
interruption of public telephone service--caused by common equipment or
software failures, sabotage, or any other factor--was a realistic
concern. The WOS determined the probability of such an outage to be
low. Nevertheless, because of the potential impact of a widespread
outage, industry's response to such an event must be given
consideration.
To that end, the report looked at industry's plan for intercarrier
coordination to facilitate recovery of the network from a widespread
outage. The WOS found that existing carriers had disaster recovery
plans in place for quickly recovering from outages. Many of these
recovery plans include bilateral and multilateral mutual aid
agreements, designed to address multicarrier network problems. These
agreements focus on resource sharing, such as supplies, portable
equipment, motor vehicles, personnel, and may also dictate arrangements
for temporary routing of traffic and services over another carrier's
spare facilities. In addition to formal agreements, informal
arrangements were found to exist throughout the industry for
intercarrier and carrier-vendor communication and cooperation during
emergencies. The vast majority of telecommunications disruptions
requiring a multicarrier/vendor response effort are addressed through
industry cooperation. Instead of precisely defining the scope of
network sharing or resource lending arrangements, the industry
approaches each incident with a customer-focused ``can do'' approach
with a long history of success. Informal arrangements offer additional
flexibility in dealing with emergencies because each telecommunication
outage situation is unique. These informal arrangements leverage
relationships between network managers already established within the
industry through day-to-day interaction and operations.
The industry has had limited experience with a systemic, widespread
network outage. Therefore, the WOS found there was no industrywide plan
to facilitate intercarrier coordination for recovering from a
widespread outage of this nature. While an industrywide plan had not
yet been developed, companies had prepared internal plans and processes
for maintaining the integrity of their own networks. These plans and
processes included specifics for diagnosing problems, identifying
solutions, and ensuring service could be restored as rapidly and
orderly as possible.
Looking further at contingency planning and recovery from a
widespread outage, the NSTAC's subgroup also questioned whether
existing communication and coordination mechanisms among service
providers were adequate for the efficient diagnosis of the problem,
identification of technical solutions, and restoration of service.
Although some agreements, communications systems, and coordinating
mechanisms were found to exist between and among carriers, it was
questionable whether they would be sufficient response to a severe
widespread service outage. To assist in service restoration, most of
the larger telecommunications companies have alternate communications
capabilities between critical centers in their networks. Reconnection
with other networks would be initiated only after individual carriers
were confident of the health of their own network and those to which
they were connecting. During this phase, a means of communication and
coordination between and among critical centers would be indispensable.
Several communication capabilities exist outside the PN for
intercarrier coordination of service, including, for example, the NCC's
network, the National Telecommunications Coordinating Network (NTCN).
The WOS report also identified legal and regulatory obstacles to a
rapid recovery from a widespread outage. The NSTAC's Legislative and
Regulatory Group (LRG) further analyzed these legal and regulatory
obstacles and found the most significant barrier to be uncertainty
regarding which authority could expeditiously address carriers'
concerns regarding their compliance with relevant laws or regulations
during emergency situations. The LRG is investigating the seriousness
of that concern and will present its findings and recommendations at
the September 10 NSTAC meeting.
Finally, the WOS report found the NCC to be the appropriate
interface between the telecommunications service providers and the
Government. This interface will assure the President that restoration
priorities meet the national interest. For many years, the
telecommunications industry has voluntarily provided the NCC with
relevant information pertaining to major outages. In addition to having
notable experience, the Office of the Manager, NCS, has a direct
communications capability with the Executive Office of the President to
keep the President apprised of the progress of restoration efforts in
the event of an outage affecting multiple companies.
Recommendations of the widespread outage report
Contingency planning is key. Recognizing that there can be no
ironclad guarantee against a widespread outage, the report offered
several cost-effective recommendations for the President and the NSTAC
to further decrease the overall probability of a widespread outage and
to improve recovery plans and procedures. The following recommendations
are quoted from the report:
--Improve Intercarrier Coordination for Widespread Outage Recovery.
Because industry plans and coordination procedures for
responding to a widespread telecommunications outage were found
to be company-oriented, the Network Group recommended that the
President direct the appropriate Federal departments and/or
agencies to work with industry to improve intercarrier
coordination plans and procedures.
--Remove Legal and Regulatory Obstacles to Widespread Outage
Recovery. The WOS recommended that the President encourage the
Federal Communications Commission (FCC) to maintain a Defense
Commissioner at all times to help industry and Government
overcome legal and regulatory impediments to widespread outage
recovery. In addition, it was recommended that the President
encourage the FCC to guard against premature implementation of
``unseasoned'' technologies that might contribute to the
possibility of a widespread outage.
--Advance the State-of-the-Art for Software Integrity and
Interoperability to Reduce the Probability of a Widespread
Outage. All U.S. infrastructures, including the PN, continue to
be increasingly reliant on software-controlled information
systems. Security analysis of software products is not
universally practiced by major equipment manufacturers. It is
possible, because of the complexity of the large systems
involved, that hidden, malicious code, or unintentional code
interactions could allow unauthorized access to network systems
or lead to protracted denial of service. The WOS recommended
that the President task the appropriate Federal departments and
agencies to work with industry to advance the state-of-the-art
for software integrity. In addition, the WOS recommended that
the NSTAC work to increase awareness within the
telecommunications industry of the importance of software
security and the use of best business practices for managing
complex automated systems.
--Expand Research and Development (R&D) Efforts to Address
Telecommunications Technology Vulnerabilities. The WOS advised
the President to direct the expansion of government R&D efforts
to address the most significant vulnerabilities of new and
evolving telecommunications technologies and services. As a
specific case, the WOS recommended that the President encourage
the FCC to examine and assist with the implementation of the
Network Reliability and Interoperability Council (NRIC)
recommendations related to potential widespread outage
vulnerabilities attributed to physical network design and new
supporting technologies.
--Foster Education and Awareness. The WOS recommended that NSTAC, as
part of its outreach efforts, offer the NSIE model to the
Network Interconnection/Interoperability Forum (NIIF) for
consideration and potential use by network operations managers.
The NSTAC was also encouraged the use the NSIE model to help
foster effective plans, procedures, and intercarrier
relationships in the increasingly competitive
telecommunications environment.
The NSTAC is continuing to monitor issues related to the
reliability and security of the PN and will provide future
recommendations in that area should they be necessary.
v. closing
In light of the potential threat posed by Y2K, we are experiencing
a heightened emphasis on protecting our Nation's critical
infrastructures. Simultaneously, ``worse case scenario'' contingency
planning has gained broader public interest in the face of what is a
widely publicized technology and management problem. Our national
infrastructures--including telecommunications, financial services,
electric power, and transportation--represent the cornerstone of our
Nation's economic, political, and military strength. These
interdependent infrastructures rely on a growing and vital web of
communications, computer, and associated information technologies.
Similarly, natural and technological threats--including those posed by
Y2K--could disrupt other critical infrastructures, specifically
electric power, on which the information infrastructure is highly
dependent for sustained operation. Understanding and addressing the
interdependent nature of critical infrastructures is immensely
important to protecting the Nation from an unmanageable Y2K crisis and
must not be overlooked.
The NSTAC believes the telecommunications infrastructure is robust
and reliable, but even the most exhaustive efforts can not guarantee
total Y2K eradication from networks, services, or systems. Further, we
must understand that the millennium change is not a January 1, 2000
problem; it is a long-term problem beginning before, and extending well
beyond the ringing in of the new century. The NSTAC will continue to
focus on NS/EP communications and overall continuity of service in
light of the Y2K problem. Of course, information sharing is crucial to
our efforts, and for that, we will rely on our long-standing success as
a unique and trusted environment for high-level industry exchange of
critical NS/EP telecommunications information.
We appreciate the opportunity to testify today. The NSTAC looks
forward to sharing the results of its Y2K analysis with you pending
final consideration and approval of the report.
Appendix A.--NSTAC Members
The President's National Security Telecommunications Advisory Committee
(NSTAC)
membership (as of july 21, 1998)
Mr. Lester M. Alberthal, Jr., Chairman and CEO, Electronic Data Systems
(EDS)
*Mr. John H. Mattingly, President, COMSAT Satellite Services, COMSAT
Corporation
*Mr. C. Michael Armstrong, Chairman and CEO, AT&T
*Mr. Michael T. Smith, Chairman and CEO, Hughes Electronics Corporation
*Mr. James W. Evatt, President, Information Services and Communications
Systems, The Boeing Company
Dr. J. Robert Beyster, Chairman and CEO, Science Applications
International Corporation (SAIC)
Ms. Margo H. Briggs, President and CEO, Executive Security and
Engineering, Technologies, Inc. (ESET)
Dr. Vance D. Coffman, CEO and Vice Chairman, Lockheed Martin
Corporation
*Mr. J. D. Cosgrove, President, Avionics and Communications Rockwell
Collins, Inc. Rockwell International Corporation
Mr. D. Travis Engen, Chairman, President and CEO, ITT Industries, Inc.
Mr. William T. Esrey, Chairman and CEO, Sprint Corporation
Mr. Joseph T. Gorman, Chairman and CEO, TRW, Inc.
Mr. William J. Hilsman, Chairman, Advanced Digital Technologies Company
(ADTC)
Mr. Van B. Honeycutt (NSTAC Vice Chair), President and CEO, Computer
Sciences Corporation (CSC)
Mr. Charles R. Lee (NSTAC Chair), Chairman and CEO, GTE Corporation
Mr. Craig O. McCaw, Chairman, Teledesic Corporation
Mr. Solomon D. Trujillo, President and CEO, US WEST, Inc.
Mr. Robert W. Orent, First Vice Chairman, U.S. Telephone Association
(USTA)
*Mr. Dennis J. Picard, Chairman and CEO, Raytheon Company
Mr. Bert C. Roberts, Jr., Chairman and CEO, MCI Communications
Corporation
Mr. Charles E. Robinson, Chairman, President and CEO, Pacific Telecom,
Inc. (PTI)
Mr. Donald J. Schuenke, Chairman, Northern Telecom, Inc. (Nortel)
Mr. Larry Schumann, President and CEO, National Telecommunications
Alliance, Inc.
*Mr. John W. Sidgmore, Vice Chairman and CEO, WorldCom, Inc.
Mr. Martin A. Stein, Vice Chairman, Automation and Support Services,
BankAmerica Corporation
*Mr. Gary L. Tooker, Chairman, Motorola, Inc.
*Mr. Lawrence A. Weinbach, Chairman and CEO, Unisys Corporation
* Approval pending at The White House.
Appendix B.--Network Group 1997 Widespread Outage
Subgroup Report
executive summary
In April 1997, Dr. John Gibbons, Assistant to the President for
Science and Technology, requested that Mr. Charles Lee, Chairman of the
President's National Security Telecommunications Advisory Committee
(NSTAC), provide NSTAC's forward-looking views on the possibility of a
widespread service outage in the public telephone network. The
Widespread Outage Subgroup was established in July 1997 to address Dr.
Gibbons' letter.
A widespread outage is defined as a sustained interruption of
telecommunications service that will have strategic significance to
government, industry, and the general public. Such an outage would
likely affect the telecommunications service in at least one region of
the country including at least one major metropolitan area. It would
involve multiple carriers, affecting both long distance and local
service, and significantly degrade the ability of other essential
infrastructures to function. Such an outage would impact the
availability and integrity of telecommunications service for at least a
significant portion of a business day.
U.S. telecommunications service providers have historically offered
robustness, availability and quality unparalleled by other public
services. Although the public network (PN) track record is superlative,
natural and technological threats could adversely affect
telecommunications service. These threats could also disrupt other
critical infrastructures, such as electric power, on which the PN is
highly dependent for sustained operation. While the PN's supporting
technologies provide an expanding array of services and features, and
facilitate robustness, these same supporting technologies can introduce
exploitable vulnerabilities with adverse effects on service
availability and reliability. Considering these threats and
vulnerabilities, the potential concern for a widespread network outage
is reasonable. Given the limited precedent for telecommunications
outages of this magnitude, NSTAC members' prior experiences with
smaller-scale outages lead them to believe there is a low probability
of a widespread, sustained outage of public telephone service. The
potential societal impacts of such an outage are high enough to warrant
consideration.
The Widespread Outage Subgroup offers the following cost-effective
recommendations for the NSTAC and the President to decrease the overall
probability of a widespread outage. These measures will further
facilitate the readiness of the PN for a more open, interconnected, and
uncertain global information infrastructure.
--Improve Inter-Carrier Coordination for Widespread Outage
Recovery.--Current industry plans and coordination procedures
for responding to a widespread telecommunications outage are
company oriented. The President should direct the appropriate
Federal departments and/or agencies to work with industry to
improve inter-carrier coordination plans and procedures. To
support this mechanism, communications capabilities are
required between Government and the telecommunications industry
to respond to and recover from a possible widespread outage
affecting National Security Emergency Preparedness (NSEP)
services.
--Remove Legal and Regulatory Obstacles to Widespread Outage
Recovery.--It is not clear who has the authority to resolve
legal and regulatory impediments to the rapid and orderly
restoration of service during a widespread outage. The
President should encourage the Federal Communications
Commission (FCC) to maintain a Defense Commissioner at all
times to help industry and Government overcome these
impediments and to clarify the Defense Commissioner's authority
to address NSEP telecommunications regulatory concerns. The
President should also encourage the FCC to ensure Local Number
Portability (LNP) national standards and requirements,
including NSEP, are agreed on and adhered to before
implementing LNP on a widespread basis. Sufficient time to
complete reliability, interoperability, and security testing of
new services and products should be allowed prior to
implementing regulatory mandates.
--Advance the State-of-the-Art for Software Integrity and
Interoperability to Reduce the Probability of a Widespread
Outage.--All U.S. infrastructures, including the PN, continue
to be increasingly reliant on software-controlled information
systems. Security analysis of software products is not
universally practiced by major equipment manufacturers. It is
possible, because of the complexity of the large systems
involved, that hidden, malicious code or unintentional code
interactions could allow unauthorized access to network systems
or lead to protracted denial of service. The President should
task the appropriate Federal departments and agencies to work
with industry to advance the state-of-the-art for software
integrity. The NSTAC should work to increase awareness within
the telecommunications industry of the importance of software
security and the use of best business practices for managing
complex automated systems.
--Expand Research and Development (R&D) Efforts to Address
Telecommunications Technology Vulnerabilities.--The President
should direct the expansion of government R&D efforts to
address the most significant vulnerabilities of new and
evolving telecommunications technologies and services. As a
first step, existing R&D efforts should be examined and
coordinated to determine any necessary increases. Industry
should be urged to participate in these efforts. As a specific
case, the President should encourage the FCC to examine and
assist with the implementation of the Network Reliability and
Interoperability Council (NRIC) recommendations as they relate
to potential widespread outage vulnerabilities attributed to
physical network design and new supporting technologies.
--Foster Education and Awareness.--The NSTAC, as part of its outreach
efforts, should offer the NSIE model to the Network
Interconnection/Interoperability Forum (NIIF) for consideration
and potential use by network operations managers. The NSTAC
should encourage the use of this model to help foster effective
plans, procedures, and inter-carrier relationships in the
increasingly competitive telecommunications environment.
1.0 introduction
1.1 Background
In April 1997, Dr. John Gibbons, Assistant to the President for
Science and Technology, wrote to Mr. Charles Lee, Chairman of the
President's National Security Telecommunications Advisory Committee
(NSTAC), seeking the NSTAC's forward-looking views on the possibility
of a widespread, sustained interruption of the public telephone
network. In response, the NSTAC's Network Group and Operations Support
Group established the Widespread Outage Subgroup (WOS) to answer Dr.
Gibbons' inquiry. This report provides NSTAC's views on the validity of
this concern, considering the rapid changes foreseen in the industry
structure, regulation, and technologies of the public
telecommunications network and other critical infrastructures.
1.2 Scope
This report focuses on the current public telecommunications
network and recognizes traditional threats and vulnerabilities, such as
equipment malfunctions, natural hazards, sabotage, and physical design.
It also addresses potential concerns as the network evolves through new
technologies and regulatory mandates, as well as the growing threat
from information system intrusions which could trigger systemic network
failures.
The specific issues addressed are drawn directly from Dr. Gibbons'
letter, including: (1) the likelihood of a widespread outage; (2)
possible causes of outages; (3) coordination mechanisms required for
recovery of network operations; and (4) the ability of service
providers to keep the President apprised of recovery activities and
status.
1.3 Widespread Outage Definition
A widespread outage is defined as a sustained interruption of
telecommunications service that will have strategic significance to
government, industry, and the general public. Such an outage would
likely affect the telecommunications service in at least one region of
the country including at least one major metropolitan area. It would
involve multiple carriers, affecting both long distance and local
service, and significantly degrade the ability of other essential
infrastructures to function. Such an outage would have an impact on the
availability and integrity of telecommunications service for at least a
significant portion of a business day.
2.0 objective
This report answers the following questions:
--To what extent is a widespread, sustained interruption of public
telephone service--because of common equipment, software,
single point of failure, sabotage, or any other factor--a
realistic concern?
--What plan does the industry have for inter-carrier coordination to
facilitate recovery of the network from a widespread outage?
--Are existing communication and coordination mechanisms among
service providers sufficient for the efficient diagnosis of the
problem, identification of technical solutions, and restoration
of service from an outage of this type?
--Are there legal or regulatory obstacles that would hinder recovery
from such an outage?
--What interface between the telecommunications service providers and
the Government would allow the President to be sure that
restoration priorities meet the national interest? How would
the service providers keep the President apprised of the
progress of restoration efforts in the event of an outage
affecting multiple companies?
In responding to Dr. Gibbons' questions, this report acknowledges
both the current and future states of the public network (PN).\2\ It
further discusses the potential impact of new technologies and
regulatory mandates on robustness and reliability.
---------------------------------------------------------------------------
\2\ ``The PN includes any switching system or voice, data or video
transmission system used to provide communications services to the
public (e.g., public switched networks, public data networks, private
line services, wireless systems, and signaling networks)'' ANSIE Risk
Assessment, December 1995.
---------------------------------------------------------------------------
3.0 findings
United States (U.S.) telecommunications service providers have
historically offered unparalleled service robustness, availability, and
quality. The June 1997 Network Reliability Steering Committee report
acknowledged that the PN has maintained a 99.9 percent operational
availability while the network has experienced significant growth and
technological change. Although the PN's track record is superlative,
known threats do adversely affect telecommunications service. Natural
disasters such as earthquakes and hurricanes have disrupted elements of
the PN, but overall the industry has been successful in mitigating the
service impact. Outages in other critical infrastructures, such as
electric power,\3\ also stress the PN's reliability. While the PN's
evolving technologies provide an expanding array of services and
features and facilitate robustness, these same technologies can
introduce vulnerabilities which, if exploited, could adversely affect
service availability and reliability. The rapid implementation of
changes to the network fostered by the Telecommunications Act of 1996
(e.g., Local Number Portability, interconnection, unbundling,
infrastructure sharing, and collocation) have the potential to
introduce further vulnerabilities into the PN. Considering these
factors, it is prudent to consider the possibility of an unprecedented
and widespread telecommunications outage.
---------------------------------------------------------------------------
\3\ On July 2, 1996, a massive power blackout swept across the
western United States. One telecommunications carrier reported that 87
of its 1,475 switches used backup generators or batteries to remain in
service. Technicians were sent to switches where batteries were being
used and in some cases secondary generators were sent to central
offices where heat-caused battery exhaustion threatened to shut down
the system. Switches on backup power served about 70,000 customers, yet
the network remained ``fully operational'' throughout the power
interruption.
---------------------------------------------------------------------------
3.1 To what extent is a widespread, sustained interruption of public
telephone service--because of common equipment, software,
single point of failure, sabotage, or any other factor--a
realistic concern?
Given the limited precedent for telecommunications outages of this
magnitude, NSTAC members' prior experiences with smaller-scale outages
lead them to believe that there is a low probability of a widespread,
sustained outage of service. However, the potential impact on society
of such an outage is high enough to warrant consideration. As an
example, the Common Channel Signaling (CCS) disruptions experienced in
1991 \4\ by some of the NSTAC member companies provided a strong
impetus for subsequent improvements to network standards, software, and
hardware.
---------------------------------------------------------------------------
\4\ In June and July 1991, network outages occurred in several
parts of the United States that were attributed to software errors in
the control elements of the SS7 network. Network switching outages and
call processing delays were experienced in Los Angeles, CA, San
Francisco, CA, Pittsburgh, PA, and parts of Maryland, Virginia, West
Virginia and the District of Columbia.
---------------------------------------------------------------------------
Several additional examples of contributing factors are described
in the following subsections.
3.1.1 Software
Within the modern PN, all of the nodes within each network, as well
as those within interconnecting networks, are controlled by software
furnished by the node equipment manufacturers or their vendors. This
software, as with all computer software, is vulnerable to design flaws,
implementation errors, and other problems that could cause it to fail
or not function as desired, despite its designers' best efforts.
Software patches are frequently released to add minor feature
enhancements, as well as to correct previous errors. While testing is
performed to ensure the software operates as designed and intended, it
is not feasible to test for and against every conceivable network
condition. Finding and mitigating software mistakes is often a
difficult and imperfect process. Detecting subtle but intentional and
destructive software alterations could be much more problematic.
Destructive code, if propagated through large portions of the PN (for
example, in a commonly-used equipment node, database, or protocol),
could cause widespread turmoil when activated.
Security analysis of software products, including patches, minor
version updates, and full new releases, is not universally practiced by
many manufacturers. Adequate tools to verify the anti-tampering
integrity of the product are not widely used or, in some cases, may not
be available. Most software testing is performed to ensure the program
features interact and operate as intended. It is possible, because of
the complexity of the large systems often involved, that hidden,
malicious code or unintentional code interactions could allow
unauthorized access to network systems or lead to a protracted denial
of service. For example, the urgent need to update software-dependent
systems, nodes, and databases to accommodate Year 2000 or Local Number
Portability (LNP) functionality could create an environment where
software introduced into the network fabric may result in
unintentionally anomalous network behavior.
3.1.2 SONET operations control
The incorporation of Synchronous Optical Network (SONET) as the
transport medium of choice for trunks, data communications lines,
asynchronous transfer mode (ATM) and common channel signaling (CCS)
links (also known as Signaling System 7) makes it among the most
crucial of PN components. Despite its importance to the health of
SONETbased networks, SONET's address resolution functions support
almost no security measures that could prevent an intruder from
subverting it. An attack on the control protocols within portions of a
SONET network could degrade operations, with a resulting loss of
control of the SONET network elements and transport capabilities.
3.1.3 CCS (SS7) gateway screening
Public networks are dependent on CCS, a packet-switched data
network employing Signaling System 7 (SS7) protocols, to set up and
terminate calls as well as transmit advanced feature data such as
Caller ID. A second application of SS7 is its use as a rapid transport
network for fraud protection and billing authorization within wireless
and wireline networks. Because of publicly-available detailed
information about SS7 protocols, an adversary could potentially exploit
the CCS packet data network by independently generating SS7 messages
and injecting them into the PN signaling links.
SS7 is one of many network capabilities subject to unbundling and
widespread interconnection as part of the regulatory scheme
implementing the Telecommunications Act of 1996. In addition, a number
of commercially-available devices and tools have SS7 message generation
capabilities. The pro-competitive impetus to open SS7 networks up to
traffic other than that generated by the service provider operating
those networks, coupled with the proliferation of third parties who
desire to access it, reflects the SS7 network's importance. Loss of, or
damage to, the SS7 network almost inevitably precipitates a
corresponding degradation or interruption of service to the PN. SS7
network and software security is therefore a requirement of substantial
significance to reliability.
Gateway screening is one of a very limited set of SS7 security
tools currently available to all network service providers and is
implemented at the interface between service providers' networks.
Presently, there is no industry-wide understanding of how gateway
screening should be extended into the new competitive network
environment. Without ``standardized'' screening, large quantities of
malicious or erroneous messages could lead to a widespread degradation.
Many network subsystems, such as operations support systems (OSS),
which are used by incumbent carriers for operations, maintenance and
billing, were not designed for third-party access. This may be
particularly problematic considering the number of potential new
service providers that will need access to incumbent networks and
subsystems, including the CCS network and OSSs. Many of these new
providers are not familiar with security considerations and practices
and could present risks to overall network reliability. There is
currently no overall unified scrutiny of the interconnected CCS
networks for real-time management and control to guard against
intrusions and unauthorized users.
3.1.4 Physical design
The U.S. public networks have been designed to preclude single
points of failure above the local switching level. This has been
accomplished through substantial investments in both physical and
logical diversity. As examples, signal transfer points (STP) of SS7
systems are commonly deployed in mated pairs that are physically and
electronically redundant as well as geographically diverse. Long-haul
transmission links between switches are increasingly designed to be
resilient and self-healing (e.g., SONET rings). Networks are utilizing
dynamically-controlled routing, with non-hierarchical network
architectures capable of routing traffic around damaged or congested
portions of the network in real time. These factors, coupled with the
diversity of carriers that exist in the United States, contribute to a
high level of PN reliability and robustness. It is therefore highly
unlikely that a single point network failure would result in a
widespread outage of service. This conclusion is supported by the
continuing success of carriers providing reliable service even while
experiencing the impact of traditional threats such as natural
disasters, cable cuts, and power failures.
Economic tradeoffs, enabled by technological advances, continue to
cause some carriers to consolidate and collocate both facilities and
network operations functions. While somewhat decreasing the physical
diversity of the PN, it has enabled the rapid introduction of advanced
network management technologies into consolidated control centers. It
will be important for carriers, service providers and vendors to
continue to employ ``best practices'' for reliability and security as
new technologies are deployed, networks continue to expand, and new
providers connect to the network.
3.1.5 Sabotage
The act of sabotage can take many different forms. Two primary
forms of sabotage are damage (physical or electronic) or interference
with normal operation. Both of these acts result in disruption of
service. To cause a widespread outage, these disruptions would have to
occur at a number of facilities, affect multiple carriers, and be
successfully coordinated to have a significant and measurable impact.
Sabotage can be instigated by either insiders (e.g., employees,
contractors), outsiders (e.g., hackers, criminals, nation-states), or--
more likely--both. Multiple acts of sabotage may use different attack
methods and have different goals, which would increase the confusion
and diminish service providers' ability to effectively restore network
services. The massive coordination and long-range planning required to
execute such an attack, while eluding law enforcement and intelligence
agencies, coupled with the physical and logical diversity of the PN,
implies a low probability of success.
In summary, the likelihood of a widespread, sustained outage of
service resulting from sabotage is remote.
3.1.6 Introduction of new technologies or services
New technologies, by their nature, are often more complex and
sometimes create unintended consequences and unexpected interactions
among subsystems. Because new technologies cannot be tested for and
against every conceivable set of events or network conditions,
unforeseen vulnerabilities may be introduced into the network.
Rapid introduction of changes mandated by the Telecommunications
Act of 1996 (e.g., Local Number Portability, seamless interconnection,
unbundling, infrastructure sharing, and collocation) could potentially
introduce unforeseen vulnerabilities into the PN. The
Telecommunications Act requires existing carriers to allow new carriers
to interconnect with existing networks ``at any technically feasible
point.'' \5\ The lack of standards and interfaces to support multiple
carrier use of OSS's increases the likelihood of potential conflicts
and mistakes. Additionally, security and privacy concerns must be
addressed as these standards and interfaces are developed. Conflicts
and mistakes, or overt malicious actions, increase the probability of a
significant outage. The Network Reliability and Interoperability
Council's (NRIC) report to the FCC, published in July 1997, provides
additional guidance and recommendations to be considered in developing
such standards.
---------------------------------------------------------------------------
\5\ Telecommunications Act of 1996 (47 U.S.C. Section 251c(2)(B)).
---------------------------------------------------------------------------
Increasing connectivity of OSS and PN control mechanisms to the
Internet remains an item of NSTAC concern. As described in ``An
Assessment of the Risk to the Security of Public Networks'' in December
1995:
Connections to the Internet are increasing, and while many
service providers have exercised due care in isolating critical
network systems and components from more open-enterprise data
networks and the Internet, there may still be potentially
exploitable connectivity, such as through a restrictive router
or firewall. An error in the design, configuration, or
implementation of such a protective barrier could lead to
compromise of critical systems from anywhere in the world.''
\6\
---------------------------------------------------------------------------
\6\ ``An Assessment of the Risk to the Security of Public
Networks,'' Network Security Information Exchange (NSIE), December
1995.
Conversely, the Internet is highly dependent on PN-based switching and
transport networks for long-haul transmission of traffic. A disruption
or outage in the PN will likewise interfere with Internet traffic.
3.2 What plan does the industry have for inter-carrier coordination to
facilitate recovery of the network from a widespread outage?
There are two categories of widespread outages. The first type is
caused by the impact of traditional hazards, threats, and
vulnerabilities. The other is characterized by a systemic and
widespread network failure.
3.2.1 Traditional hazards, threats, and vulnerabilities
Existing carriers have disaster recovery plans and a proven track
record of quickly recovering from traditional outages. Included in many
of these recovery plans are bilateral and multilateral mutual aid
agreements, designed to address multicarrier network problems. These
agreements focus on resource sharing, such as supplies, portable
equipment, motor vehicles, personnel, and may also dictate arrangements
for temporary routing of traffic and services over another carrier's
spare facilities. In addition to formal agreements, informal
arrangements exist throughout the industry for inter-carrier and
carrier-vendor communication and cooperation during emergencies. The
vast majority of telecommunications disruptions that require a multi-
carrier/vendor response effort are addressed through industry
cooperation. Instead of precisely defining the scope of network sharing
or resource lending arrangements, the industry approaches each incident
with a customer-focused ``can do'' approach that has a long history of
success. Informal arrangements offer additional flexibility in dealing
with emergencies because each telecommunication outage situation is
unique. These informal arrangements leverage relationships between
network managers already established within the industry through day-
to-day interaction and operations.
3.2.2 Systemic and widespread network failure
The industry has had limited experience with a systemic, widespread
network outage. Currently, there is no industry-wide plan to facilitate
inter-carrier coordination for recovering from a widespread outage of
this nature. While an industry-wide plan has not yet been developed,
companies have prepared internal plans and processes for maintaining
the integrity of their own networks. These plans and processes include
specifics for diagnosing problems, identifying solutions, and ensuring
service can be restored as rapidly and orderly as possible.
3.3 Are existing communication and coordination mechanisms among
service providers sufficient for the efficient diagnosis of the
problem, identification of technical solutions, and restoration
of service from an outage of this type?
Although some agreements, communication systems, and coordinating
mechanisms do exist between and among carriers, it is questionable
whether they would be a sufficient response to a severe widespread
service outage. In the event of an outage affecting multiple carriers,
individual carriers will first concentrate on restoring service in
their own systems before reestablishing connections with other
carriers. To assist in service restoration, most of the larger
telecommunications companies have alternate communications capabilities
between critical centers in their networks. These alternatives include
private line networks, high frequency (HF) radio, and satellite
telephone systems.
Reconnection with other networks would only be initiated after
individual carriers are confident of the health of their own network
and those to which they are connecting. It is during this phase that a
means of communication and coordination between and among critical
centers is indispensable. Several communications capabilities exist
outside the PN for inter-carrier coordination of service restoration.
The Backup Emergency Alerting Management System (BEAMS) is a switched
private line network operated by the National Telecommunications
Alliance (NTA) connecting selected telecommunications carriers,
equipment and switch vendors, and the National Communications System
(NCS). The National Telecommunications Coordinating Network (NTCN), a
multimedia network administered by the NCS's National Coordinating
Center for Telecommunications (NCC), provides emergency communications
among critical Federal Government and industry operations centers.
Although some of the major U.S. carriers are connected via BEAMS and/or
NTCN, both networks would require expansion to meet an emerging need
for inter-carrier coordination of restoration from a widespread
telecommunications outage.
Several industry fora have taken strides to alleviate potential
coordination problems in the event of a catastrophic outage. For
example, the Network Interconnection/Interoperability Forum (NIIF) of
the Alliance for Telecommunications Industry Solutions (ATIS) developed
emergency traffic management guidelines for network management
personnel at local and interexchange carriers. The guidelines provide
alternatives for dealing with network emergencies, including network
congestion, switch or network failures, and SS7 failures. In addition,
the NIIF maintains contact directories for use in emergencies. These
directories are targeted toward incident type and include contact and
reporting numbers for network management centers, for use in the event
of catastrophic SS7 failures, media simulated mass calling events, and
other service troubles. The NIIF and other committees within ATIS
address industry-wide issues concerning telecommunications
interconnection and interoperability, network reliability analyses, and
implementation and deployment of new technologies, including
Synchronous Optical Network (SONET) and Advanced Intelligent Network
(AIN) services.
A successful coordinating mechanism requires a high level of mutual
trust and information sharing. An example of such a mechanism is the
Network Security Information Exchange (NSIE),\7\ whose goal is to share
information and experiences among telecommunications network security
managers. The NSIE has established trusted relationships among and
between the government and industry members. Trust among industry and
government participants facilitates responses to routine and emergency
security incidents.
---------------------------------------------------------------------------
\7\ The Network Security Information Exchange (NSIE) is a forum for
industry and Government members to share and coordinate information
security knowledge that will assist in preventing, detecting, and/or
investigating public network penetrations. The NSIE identifies issues
involving penetration or manipulation of software and databases
affecting NSEP telecommunications, and exchanges views on threats,
incidents, and vulnerabilities affecting the PN. The current NSIE
membership includes 9 Government organizations from the law
enforcement, national defense, and intelligence communities, and 19
NSTAC member companies representing the telecommunications, information
systems, and financial industries.
---------------------------------------------------------------------------
Much of the telecommunications industry's success in recovering
from outages is attributed to long-standing inter-carrier relationships
existing among incumbent network managers that arise from day-to-day
interaction and operations. In the increasingly competitive
telecommunications market, this level of cooperation and trust may be
difficult to sustain. Although not a perfect model, the NSIE example
could be offered to industry network operations managers. Through the
auspices of the NIIF, industry might benefit from an NSIE-like body to
share their inter-carrier operations concerns in the increasingly
diverse and competitive environment.
3.4 Are there legal or regulatory obstacles that would hinder recovery
from such an outage?
NSTAC members have identified several legal and regulatory barriers
to the rapid and orderly restoration of service during a widespread
outage. For example, the ability of a local exchange carrier to provide
emergency inter-Local Access Transport Area (LATA) communications to
state or Federal agencies may prove to be critical to their ability to
protect the interests of public safety and national security.\8\ In
addition, it may also be necessary for a carrier to utilize the
resources of its affiliates to make necessary physical repairs to the
network that could be perceived to involve manufacturing of
telecommunications hardware.\9\ Finally, domestic carriers may often
need to call on the assistance of international carriers to recover
from a significant outage. While many companies are not prohibited from
providing in-region inter-LATA and manufacturing services, Sections 271
and 273 of the Telecommunications Act require that Regional Bell
Operating Companies (RBOC) satisfy a number of requirements and receive
Federal Communications Commission (FCC) approval to offer these
services. No RBOC currently has approval to perform these services, and
until such approval is requested and obtained, this obstacle remains
and could potentially hinder recovery from a future widespread outage.
Additionally, other regulatory safeguards imposed on other companies
and RBOCs alike could likewise affect the ability of carriers to fully
use their corporate resources to respond effectively to a widespread
outage (e.g., restrictions imposed on the financial, marketing, and
operational interactions of dominant and non-dominant carriers, and FCC
requirements for carriers to keep their regulated and unregulated
businesses completely separated).
---------------------------------------------------------------------------
\8\ In 1991, BellSouth experienced a 1-year delay in receiving a
Modification of Final Judgment (MFJ) exception. Hurricane Hugo caused
disruption to the State of South Carolinas private line network. As a
result, the BellSouth Corporation asked the Department of Justice (DOJ)
to support a petition seeking an exemption from part of the MFJ in
order to provide emergency inter-LATA communications for the State of
South Carolina. After a year delay, and following an extensive public
comment and review period, the DOJ endorsed the petition.
For reference, a copy of the request, dated 18 March, 1991, from
Mr. Ted Lightle, Director, Division of Information Resource Management,
State of South Carolina, to Ms. Constance K. Robinson, Esq., Acting
Chief, Communications and Finance Section, Antitrust Division, U.S.
DOJ, is attached in Appendix C.
\9\ In 1991, Bell Atlantic Corporation requested Bellcore's
assistance to restore part of the PSN serving the mid-Atlantic region,
including Washington D.C. and the Federal Aviation Administration's air
traffic control system at Newark International Airport. As a Regional
Bell Operating Company (RBOC) affiliate, however, Bellcore was
concerned that physical repairs made to the network might be viewed as
``manufacturing'' and thus violate the then existing MFJ provisions
prohibiting the manufacturing of telecommunications equipment by the
RBOC's or their affiliates.
---------------------------------------------------------------------------
The Telecommunications Act of 1996 transfers many
telecommunications policy enforcement responsibilities from a single
Federal judicial official to the FCC and, to a lesser extent, the
Department of Justice (DOJ). This transfer of authority raises
questions about the appropriate official(s) or organization(s)
telecommunications companies should approach for swift and consistent
guidance in an emergency. It also is unclear whether the FCC has the
authority to grant temporary waivers of applicable sections of the
Telecommunications Act during a widespread outage recovery effort, even
when the waiver is in the public interest. Currently, existing
regulations regarding the National Security and Emergency Preparedness
(NS/EP) responsibilities of various Federal officials and
organizations, as described below, do not place a single Federal
official in charge of deciding whether to enforce or waive compliance
with applicable laws or regulations.
3.4.1 Federal Communications Commission
Executive Order (E.O.) 12472 requires the FCC to perform functions
during national non-wartime emergencies, including the investigation of
violations of pertinent law and regulations and the initiation of
appropriate enforcement actions.\10\ The FCC's rules accordingly assign
the FCC Defense Commissioner the specific duties of assuring continuity
of the Commission's NS/EP functions and of approving NS/EP plans and
programs (including the provision of service by common carriers and the
investigation and enforcement of violations of Federal law).\11\ These
regulations task the Defense Commissioner to uphold carriers'
compliance with applicable law. The rules are unclear, however, as to
whether they extend to the Defense Commissioner or the entire
Commission (with or without consultation with the DOJ) the power to
forbear from enforcing relevant provisions of the Telecommunications
Act during a crisis. Even if the rules did place one official in
charge, that one Commissioner may not have the authority to override
the Telecommunications Act (i.e., permit something that is specifically
prohibited or precluded by the Act) in an emergency such as a
widespread outage.
---------------------------------------------------------------------------
\10\ Executive Order 12472, ``Assignment of National Security and
Emergency Preparedness Telecommunications Functions,'' April 3, 1984.
\11\ Federal Communications Commission rules, ``Defense and
Emergency Preparedness Functions,'' 47 C.F.R. 0.181-0.186.
---------------------------------------------------------------------------
3.4.2 The President
Section 706(e) of the Communications Act of 1934, as amended,
empowers the President to suspend or amend, during a national
emergency, FCC rules applicable to any wire communications facilities.
Section 706(g), however, prohibits the President from making any
amendment to the FCC's rules that the agency would not itself be
authorized by law to make.\12\ Because it is questionable whether the
FCC Defense Commissioner or the entire Commission by itself could grant
to service providers waivers from complying with relevant portions of
the Telecommunications Act, it follows that the President's power to do
so is also questionable.
---------------------------------------------------------------------------
\12\ Section 706 of the Communications Act of 1934 (47 U.S.C. 606),
``War Emergency--Powers of President.''
---------------------------------------------------------------------------
3.4.3 The National Security Council (NSC) and Office of Science and
Technology Policy (OSTP)
Section 2(c)(1)(a) of E.O. 12472 instructs the NSC to coordinate
the development of policy, plans, programs, and standards within the
Federal Government for the use of the Nation's telecommunications
resources during non-wartime conditions. Section 2(b)(2) charges the
Director, OSTP, to provide appropriate guidance and assistance to the
President and other Federal organizations responsible for the
provision, management, or allocation of telecommunications resources
during such conditions. Section 2(b)(3) further assigns the Director,
OSTP, with establishing and chairing a Joint Telecommunications
Resources Board (JTRB) to assist the Director in exercising non-wartime
telecommunications functions.\13\ Although the NSC and the JTRB might
help craft future policy initiatives to address the industry's legal
concerns prior to the occurrence of a widespread outage, it is unclear
whether either group would play a significant role during an actual
recovery effort.
---------------------------------------------------------------------------
\13\ Executive Order 12472, ``Assignment of National Security and
Emergency Preparedness Telecommunications Functions,'' April 3, 1984.
The JTRB's membership consists of the Assistant Secretary of Defense,
Command, Control, Communications, and Intelligence; the Assistant
Secretary, Communications and Information, of the Department of
Commerce; the Commissioner, Federal Telecommunications Service, of the
General Services Administration; the Associate Director, Operations
Support, of the Federal Emergency Management Agency; the Defense
Commissioner of the FCC; and the Manager, NCS.
---------------------------------------------------------------------------
3.5 What interface between the telecommunications service providers
and the Government would allow the President to be sure that
restoration priorities meet the national interest? How would
the service providers keep the President apprised of the
progress of restoration efforts in the event of an outage
affecting multiple companies?
For many years, the telecommunications industry has provided the
NCC with relevant information pertaining to major outages. More
recently it has also provided the FCC with reports of outages that
conform to the FCC's specific requirements. Because the NCC's mission
is to monitor NSEP telecommunications, and experience has shown that
industry willingly provides relevant outage information to the NCC,
then the NCC is positioned to collect widespread outage information for
the President. To support this function, the Office of the Manager,
National Communications System (OMNCS), has a video teleconferencing
system that is used to communicate directly with the Executive Office
of the President. The NCC Vision Subgroup is addressing the issue of
sharing intrusion and network outage information among industry and
government.
4.0 conclusions/recommendations
While the PN is robust and highly reliable, it is also built on a
complex, interconnected set of heterogeneous technology platforms. The
PN can be disrupted by natural calamities, electric power outages, or
assaulted by hostile forces. In addition, rapid legislative, regulatory
and market changes could potentially introduce unforeseen vulnerability
into the PN. Although the probability of a widespread sustained outage
is low, the high potential societal cost of such an outage requires
that the concern be addressed. Industry and government can take cost-
effective measures to reduce the overall risk of a widespread outage
and enable an orderly restoration of service if such an outage occurs.
Other Industry Executive Subcommittee groups, including the
Intrusion Detection Subgroup, Information Infrastructure Group,
Legislative and Regulatory Group, and the NCC Vision Subgroup, are
examining several of the issues addressed in this report that would
improve the overall ability of the United States to respond to a
widespread telecommunications outage. We recommend that their
conclusions be examined in light of our findings.
Pursuant to the concerns expressed in Dr. Gibbons' letter, the
Widespread Outage Subgroup offers the following recommendations:
4.1 Recommendations
4.1.1 Improve inter-carrier coordination for widespread outage
recovery
Current industry plans and coordination procedures for responding
to a widespread telecommunications outage are company-oriented. Inter-
carrier coordination plans and procedures for responding to a
widespread telecommunications outage require upgrading to meet new and
emerging threats.
The President should direct the appropriate Federal departments
and/or agencies to:
--Cooperate with industry to build a mechanism to upgrade current
industry:
--Recovery plans
--Coordinating mechanisms, and
--Emergency communications capabilities.
--Ensure adequate communications capabilities are available between
Government and the telecommunications industry, as well as with
other critical infrastructures, to respond to and recover from
a possible widespread outage affecting NS/EP services.
4.1.2 Remove legal and regulatory obstacles to widespread outage
recovery
There are potential legal and regulatory impediments to the rapid
and orderly restoration of service during a widespread outage. It is
not clear who has the authority to resolve these impediments. The
relative specificity of the rules governing the FCC Defense
Commissioner's responsibilities suggests that this individual could
help industry and Government overcome these impediments.
The President should encourage the FCC to:
--Appoint and maintain a Defense Commissioner
--Clarify the Defense Commissioner's authority to:
--Address NSEP telecommunications regulatory concerns
in Commission activities, rulemaking, and particularly
during emergency situations.
--Establish a process for the expeditious resolution of
NSEP issues and other impediments affecting industry
recovery from a widespread telecommunications service
outage.
Competitive market and legislative mandates often create a rush to
introduce new products and services before they are fully evaluated in
the laboratory and under live network conditions (e.g., Local Number
Portability [LNP]). Before schedules are mandated through FCC
regulations, reliability, interoperability, and security concerns need
to be carefully considered to guard against premature implementation of
``unseasoned'' technologies that may contribute to the possibility of a
widespread outage. An additional concern is the impact of industry
restructuring on NSEP communications, especially considering the entry
of new carriers under the Telecommunications Act.
The President should also encourage the FCC to:
--Minimize the possibility of a widespread outage by ensuring LNP
national standards and requirements, including NSEP, are agreed
on and adhered to before implementing LNP on a widespread basis
--Allow sufficient time to complete reliability, interoperability,
and security testing of new services and products prior to
implementing regulatory mandates.
4.1.3 Advance the state-of-the-art for software integrity and
interoperability to reduce the probability of a widespread
outage
All U.S. infrastructures, including the PN, continue to be
increasingly reliant on software-controlled information systems.
Security analysis of software products is not universally practiced by
major equipment manufacturers. It is possible, because of the
complexity of the large systems involved, that hidden, malicious code
or unintentional code interactions could allow unauthorized access to
network systems or lead to protracted denial of service.
The President should:
--Task the appropriate Federal departments and agencies to work with
industry to lead the advance of the state-of-the-art for
software integrity through intense research, development, and
operational investigations.
The NSTAC should:
--Increase awareness within the telecommunications industry of the
importance of software security and the use of best business
practices for managing complex automated systems.
4.1.4 Expand research and development (R&D) efforts to address
telecommunications technology vulnerabilities
New technologies, by their nature, often are more complex,
sometimes resulting in unintended consequences and unexpected
interactions among subsystems. Because new technologies cannot be
tested for and against every conceivable set of events or network
conditions, unforeseen vulnerabilities may be introduced into the
network.
The President should:
--Direct the expansion of government R&D efforts to address the
resolution of the most significant vulnerabilities of new and
evolving telecommunications technologies and services. As a
first step, identify or coordinate more closely existing R&D
efforts in order to determine any necessary increases.
--Encourage industry to assist in these efforts.
--Encourage the FCC to examine and assist with the implementation of
the Network Reliability and Interoperability Council (NRIC)
recommendations as they relate to potential widespread outage
vulnerabilities attributed to physical network design, and new
supporting technologies.
4.1.5 Foster education and awareness
Trust among telecommunications network managers facilitates the
effective response to routine and emergency network incidents. Much of
the telecommunications industry's success in recovering from outages is
attributed to long-standing inter-carrier relationships among network
managers arising from day-to-day interaction and operations. Achieving
and maintaining this level of trust becomes more difficult in an
increasingly competitive environment.
The NSTAC should, as part of its outreach efforts:
--Offer the NSIE model to the Network Interconnection/
Interoperability Forum (NIIF) for consideration and potential
use by network operations managers.
--Encourage the use of this model to help foster effective plans,
procedures and inter-carrier relationships in the increasingly
competitive telecommunications environment.
Annex A.--References
--``Potential Legal and Regulatory Obstacles to Widespread Outage
Recovery,'' Draft Report of the Legislative and Regulatory Group
(LRG) of The President's National Security Telecommunications
Advisory Committee (NSTAC), September 30, 1997.
--``Network Interoperability: The Key to Competition,'' Network
Reliability and Interoperability Council (NRIC) of the Federal
Communications Commission (FCC), July 1997.
--``Electric Power Information Assurance Risk Assessment Report,''
Information Assurance Task Force (IATF) of The President's NSTAC,
March 1997.
--``Analysis of Power Related Network Outages,'' Alliance for
Telecommunications Industry Solutions, Network Reliability Steering
Committee, August 29, 1996.
--``An Assessment of the Risk to the Security of Public Networks,''
Network Security Information Exchange (NSIE), December 1995.
--``Final Report of the Common Channel Signaling Task Force,'' The
President's NSTAC, January 1994.
--``Network Reliability: A Report to the Nation,'' Network Reliability
Council of the FCC, June 1993.
--FCC Common Carrier Bureau Report on Network Outages, July 1991.
--``Growing Vulnerability of the Public Switched Networks,'' National
Research Council, 1989.
Annex B.--Acronyms
AIN = Advanced Intelligent Network
ATIS = Alliance for Telecommunications Industry
Solutions
BEAMS = Backup Emergency Alerting Management
System
CCS = Common Channel Signaling
DOJ = Department of Justice
EO = Executive Order
HF = High Frequency
JTRB = Joint Telecommunications Resources Board
LATA = Local Access Transport Area
LNP = Local Number Portability
NCC = National Coordinating Center for
Telecommunications
NCS = National Communications System
NIIF = National Interconnection/Interoperability
Forum
NRIC = Network Reliability and Interoperability
Council
NSEP = National Security Emergency Preparedness
NSIE = Network Security Information Exchange
NSTAC = President's National Security
Telecommunications Advisory Committee
NTA = National Telecommunications Alliance
NTCN = National Telecommunications Coordinating
Network
OMNCS = Office of the Manager, National
Communications System
OSS = Operations Support System
OSTP = Office of Science and Technology Policy
PN = Public Network
R&D = Research and Development
SONET = Synchronous Optical Network
SS7 = Signaling System 7
STP = Signal Transfer Point
U.S. = United States
WOS = Widespread Outage Subgroup
Annex C.--Widespread Outage Subgroup Members
NTA--Mr. Bob burns, Chair
AT&T-- Mr. Dave Bush
Bellcore--Mr. Carl Ripa
GTE--Ms. Ernie Gormsen
MCI--Mr. Mike McPadden
OMNCS--Mr. Bernie Farrell
SAIC--Mr. Hank Kluepfel
USTA--Dr. Vern Junkmann
US West--Mr. Jon Lofstedt
Annex D.--Letters
(1) April 24, 1997, letter from Dr. John H. Gibbons, Assistant to
the President for Science and Technology, to Mr. Charles R. Lee,
Chairman, National Security Telecommunications Advisory Committee
(NSTAC), Chairman and Chief Executive Officer, GTE Corporation.
(2) March 18, 1991, letter from Mr. Ted L. Lightle, Director,
Division of Information Resource Management, State of South Carolina,
to Ms. Constance K. Robinson, Esq., Chief, Communications and Finance
Section, Antitrust Division, U.S. Department of Justice.
(3) August 24, 1992, letter from Mr. Richard L. Rosen, Esq., Acting
Chief, Communications and Finance Section, Antitrust Division, U.S.
Department of Justice, to Mr. Michael J. Schwartz, Esq., General
Attorney, BellSouth Corporation.
______
Responses of Jack Edwards to Questions Submitted by Chairman Bennett
Question 1. One of the recommendations of the NSTAC report was that
the legal and regulatory obstacles to widespread outage recovery be
removed. For example, in an emergency could a regional Bell Operating
Company be permitted to provide temporary long distance service? Has
the NSTAC seen any actions taken on these recommendations?
Answer. Since the President's National Security Telecommunications
Advisory Committee (NSTAC) issued its Widespread Outage Subgroup (WOS)
Report in December 1997 at NSTAC XX, two of its recommendations have
been acted upon. The recommendations are as follows:
improve inter-carrier coordination for widespread recovery
--The National Coordinating Center for Telecommunications (NCC) has
initiated an effort to expand the National Telecommunications
Coordinating Network (NTCN) to improve communications
capabilities with critical entities, for both Government and
industry, during network outage conditions.
remove legal and regulatory obstacles to widespread outage recovery
--The Federal Communications Commission (FCC) appointed a FCC Defense
Commissioner.
--The NSTAC Legislative and Regulatory Group (LRG) and the FCC have
worked together to establish a procedure to resolve regulatory
issues with the FCC, on an expedited basis, which will minimize
delays in the provision and restoration of emergency
telecommunications services during major service disruptions.
This procedure is intended for use during and outside of normal
business hours. NSTAC and the FCC approved the new procedure in
August 1998.
Question 2. Will NSTAC continue to examine the national security
implications of Y2K on telecommunications?
Answer. The Network Group will continue to monitor the Year 2000
(Y2K) readiness of the telecommunications infrastructure as test
results become available and provide its insight on the matter, through
the NSTAC, to the President.
Question 3. Could you please describe the role of the National
Telecommunications Alliance in emergency preparedness?
Answer. The National Telecommunications Alliance (NTA),
incorporated by the Regional Bell Operating Companies (RBOCs) in
December 1995, serves as an industry consortium supporting the
reliability and security of its clients' networks, and the
interoperability and interconnectivity of their networks with other
networks. In support of this critical mission, NTA's CEO serves on the
President's NSTAC.
In 1997, NTA became the NS/EP single point of contact between the
federal government and its clients. NTA operates the National Emergency
Control Center (NECC) from its Washington, D.C. headquarters, as well
as a National Emergency Relocation Center (NERC) outside of Washington,
D.C., which has the same capabilities as the NECC.
During any crisis affecting an NTA client, all information is
channeled through the NECC, which keep the Government, NTA clients'
operation centers and staffs, and other affected parties informed. In
addition, NTA operates the Alerting and Coordination Network (ACN), a
dedicated telecommunications system separate from the public switched
telephone system that is operated from the NECC and NERC. All NTA
clients have links from their own Emergency Control Centers and
Emergency Relocation Centers directly into the ACN. Also, the ACN
provides direct connectivity to Government agencies, other telephone
companies, and telecommunications equipment manufacturers.
The source for the information on NTA can be found at http://
www.nta-inc.org.
__________
Prepared Statement of Diane Fountaine
Good morning, Mr. Chairman, and distinguished members of the
Special Committee on the Year 2000 Technology Problem. I appreciate the
opportunity to address you on behalf of the National Communications
System's Executive Agent, Defense Secretary William S. Cohen, and its
Manager, Lieutenant General David J. Kelley, on the crucial role and
initiatives that the National Communications System is taking toward
tackling the Year 2000 as it applies to national security and emergency
preparedness telecommunications.
The National Communications System is a confederation of 23
agencies across the Federal Government (listed in attachment 1) tasked
with ensuring the availability of a viable national security and
emergency preparedness telecommunications infrastructure. The President
designates member organizations that own or lease telecommunications
facilities and services of significant value to national security and
emergency response or that have important telecommunications policy,
regulatory, or enforcement responsibilities. The assets of these 23
organizations comprise the bulk of the Federal Government's
telecommunications resources. National security/emergency preparedness
telecommunications, in general, are considered to be the necessary
communications for the Federal Government under all conditions, ranging
from peacetime to national emergencies to international crises or war.
The Manager, National Communications System, is also the designated
Federal Official for the National Security Telecommunications Advisory
Committee. Established in 1982 by President Ronald Reagan in
anticipation of the divestiture of AT&T, the National Security
Telecommunications Advisory Committee is a high-level industry advisory
group that provides the President with a unique source of national
security and emergency preparedness telecommunications policy expertise
and advice. Membership in the National Security Telecommunications
Advisory Committee is limited to 30 Presidentially appointed industry
leaders who are senior executives (often chief executive officers)
representing major telecommunications carriers, information system
providers, manufacturers, electronics and aerospace firms, system
integrators, and the financial services industry. (The National
Security Telecommunications Advisory Committee's membership is listed
in attachment 2.)
I will specifically address implications of the Year 2000 problem
on national security/emergency preparedness telecommunications issues
and the role of the National Communications System in ensuring these
telecommunications remain fully operational. I will also address the
Office of the Manager, National Communications System views of the
nation's telecommunications industry preparedness for Year 2000 as it
relates to national security/emergency preparedness.
Mr. Chairman, the Office of the Manager, National Communications
System, shares in the concerns expressed by this committee relating to
Year 2000 compliance. in addressing the Year 2000 issue, we are
focusing on three primary areas: First, on the national security/
emergency preparedness capabilities that we contract with the
interexchange and local exchange carriers to develop and maintain in
the commercial public networks (e.g., priority call recognition and
handling); second, on the overall voice services in the public network
which are the primary foundation for our national security/emergency
preparedness communications; last, on the contingency plans that we
follow during a national security or emergency event. We have taken the
following actions in each of these areas.
unique national security/emergency preparedness network features &
capabilities
In conjunction with our primary contracting offices within the
Defense Information Systems Agency and the Defense Information
Technical Contracting Organization, my office is requesting from its
contractors verification that services or systems being provided to the
National Communications System are year 2000 compliant.
National security/emergency preparedness telecommunications
services provided by the Government Emergency Telecommunications
Service, the Telecommunications Service Priority Program, and the
Emergency Response Link are required to be Year 2000 compliant as a
result of modifications to the associated contracts. (more detailed
descriptions of these programs are contained in attachment 3.)
Additionally, all new or replacement contracts for National
Communications System-provided national security and emergency
preparedness telecommunications services contain Year 2000 compliance
requirements consistent with Department of Defense policy.
Where possible, we will test the national security/emergency
preparedness features for Year 2000 compliance, to include practical
demonstrations, in addition to written certification by our
telecommunications service providers. We plan to complete these tests
before January 1, 1999.
Testing for the Telecommunications Service Priority has been
completed with minor problems discovered which are being corrected.
Testing for the Emergency Response Link is slated for completion in
September.
In order to achieve Government Emergency Telecommunications Service
internetwork interoperability testing, we are collaborating with the
Alliance for Telecommunications Industry Solutions. The Alliance for
Telecommunications Industry Solutions is establishing a test network
that will emulate major portions of the public switched network. The
Government Emergency Telecommunications Service testing requirements
were outlined at the last meeting of the Alliance for
Telecommunications Industry Solutions Network Testing Committee held
from June 29 and 30, 1998. The network testing committee accepted the
potential scenario for Government Emergency Telecommunications Service
testing and requested further details, to include a draft test script
and an implementation summary, that will be presented at the next
meeting from August 24-25, 1998. Bellcore is assisting the Office of
the Manager, National Communications System in this effort, and this
testing will be completed in March 1999.
Specific testing will include the ability to recognize the
Government Emergency Telecommunications Service 710 area code and
successfully complete Government Emergency Telecommunications Service
calls end-to-end over local and interexchange carrier networks. While
the scope of this Government Emergency Telecommunications Service
testing is limited, the benefits of the Alliance for Telecommunications
Industry Solutions internetwork testing among several major carriers in
the U.S. Telecommunications Network are substantial.
assessment of basic network service
The Manager, National Communications System, requested that the
National Security Telecommunications Advisory Committee focus on the
Year 2000 issue as it relates specifically to national security/
emergency preparedness and the national telecommunications
infrastructure. The National Security Telecommunications Advisory
Committee's network group has completed its initial assessment of this
subject, and you will hear from Dr. Jack Edwards of Nortel, the network
group's chair. This report will be reviewed by the National Security
Telecommunications Advisory Committee principals at their upcoming
meeting on September 10.
In implementing special national security/emergency preparedness
capabilities in the public network we chose the major interexchange
service providers, i.e., AT&T, MCI, Sprint, and the primary local
exchange companies (e.g., Bell Atlantic, Cincinnati Bell, etc).
Based on information gathered by the National Security
Telecommunications Advisory Committee working group and discussions
with individual companies, we believe that there will be little or no
interruption of service from these major service providers due to Year
2000. While they will have conducted extensive network element testing
and intranetwork interoperability testing, the biggest challenge for
all of these companies will be the testing of their network's external
interfaces, both domestic and international. Ensuring the
interoperability of these various solutions is critical, particularly
in a system as complex as the U.S. telecommunications infrastructure,
and this is why the Alliance for Telecommunications Industry Solutions
internetwork testing is so important.
The Office of the Manager, National Communications System is also
coordinating on the Year 2000 Telecommunications Compliance Program of
the General Services Administration. This program was established to
provide a focal point for Year 2000 telecommunications compliance
information across the Federal Government and to facilitate government/
industry partnership in addressing Year 2000 compliance challenges. We
are participating in periodic forums being held by the Program
Management Office and facilitate their interaction with the National
Security Telecommunications Advisory Committee.
While I have only focused on those large telecommunications
providers on which we depend, I believe that Commissioner Powell will
address the state of preparedness of the industry in the broader
context of all companies and services.
contingency plans
Even though we do not expect a major telecommunications service
interruption resulting from Year 2000, we are putting a great deal of
emphasis on proper planning for a contingency in this area. The
National Coordinating Center for Telecommunications is reviewing
current operational response procedures and the existing national
telecommunications coordinating network, looking for additions to
current process or backup connectivity peculiar to Year 2000 (for
example, connections to software experts from the telecommunications
switch manufacturers.)
In addition to its current HF radio capabilities, the National
Telecommunications Coordinating Network is being augmented with non-
public network and satellite communications connectivity among critical
national security/emergency preparedness operational sites, major
service providers, and equipment manufacturers. This additional
connectivity will allow the national coordinating center for
telecommunications to coordinate with the telecommunications industry
and key Federal operations centers in the event of service disruption
resulting from Year 2000 complications.
HF radio connectivity is currently available to AT&T, Sprint, The
National Telecommunications Alliance, The Federal Communications
Commission, Bell Atlantic, The National Aeronautics and Space
Administration, GTE, Bell South, AmeriTech, Southwestern Bell, The
Federal Emergency Management Agency, AT&T Wireless, and Pacific Bell.
Through the shared resources high frequency radio program these sites
have HF message relaying support from over 1,000 government and
telecommunications company HF locations worldwide.
Currently, the National Coordinating Center for Telecommunications
has private line national telecommunications coordinating network
connectivity to the FCC; all of the regional Bell operating companies;
GTE; Sprint; and switch manufacturers, DSC, Ericsson, Lucent, Nortel,
and Siemens. The National Coordinating Center for Telecommunications is
exploring extending connectivity to the general service
administration's FTS-2000 Consolidated Operations Center, The Office of
Science and Technology Policy, The National Infrastructure protection
center, and The Bellcore Year 2000 Test Bed Site. The National
Coordinating Center for Telecommunications Industry members are also
compiling point of contact lists that will be utilized for Year 2000
problem referral and escalation within their companies.
An additional, state of the art capability to cross-connect various
communications media will be available in the National Coordinating
Center for Telecommunications by the end of December 1998. This
capability will extend to our continuity of operations site in the
event relocation out of the immediate area becomes necessary.
In conclusion, Mr. Chairman, we are working with The National
Communications System departments and agencies, and The National
Security Telecommunications Advisory Committee member companies, to
provide continuous national security/emergency preparedness
telecommunications services prior to, through, and beyond the
millennium change. While much has been accomplished, there is still
much to be done, particularly regarding internetwork Year 2000 testing
and contingency planning. As the National Security Telecommunications
Advisory Committee Year 2000 report points out, efforts to make the
public network Year 2000 ready will go a long way toward making
national security/emergency preparedness telecommunications services
year 2000 ready. I would urge the committee to support the efforts
underway in the telecommunications industry and continue to stress the
importance of internetwork interoperability testing as this work
progresses.
Mr. Chairman, this concludes my statement on our efforts toward
solving the Year 2000 problem, and I am prepared to take your questions
on this issue.
Attachment 1.--National Communications System Member Agencies and
Departments
Department of State
Department of Treasury
Department of Defense
Department of Justice
Department of Interior
U.S. Department of Agriculture
Department of Commerce
Health and Human Services
Department of Transportation
Department of Energy
Veterans Affairs
Central Intelligence Agency
Federal Emergency Management Agency
U.S. Information Agency
Joint Staff
General Services Administration
National Aeronautics and Space Administration
Nuclear Regulatory Commission
National Telecommunications and Information Agency
National Security Agency
U.S. Postal Service
Federal Reserve Board
Federal Communications Commission
Attachment 2.--National Security Telecommunications Advisory Committee
Members
Advanced Digital Technologies Company (ADTC)
AT&T
BankAmerica
Boeing
Comsat
Computer Sciences Corporation
Electronic Data Systems
Executive Security & Engineering Technologies
GTE
Hughes
ITT
Lockheed Martin
MCI
Motorola
Nortel
National Telecommunications Alliance
Pacific Telecom, Inc.
Raytheon
Rockwell
Science Applications International Corporation
Sprint
Teledesic
TRW
Unisys
United States Telephone Association
U.S. West
Worldcom
Attachment 3.--Program Descriptions
Government Emergency Telecommunications Service supports national
security/emergency preparedness telecommunications users with priority
switched voice and voice band data service in the public switched
network. it provides authenticated access, enhanced routing, and
priority treatment in local and long-distance telephone networks. users
acquire access through a simple dialing plan featuring a dedicated area
code (710) and personal identification number.
Telecommunications Service Priority System enables priority
provisioning and restoration of national security/emergency
preparedness telecommunications services obtained from the
telecommunications industry companies.
Telecommunications Electric Service Priority Program promotes
modification of the existing electric utility emergency priority
restoration systems to include telecommunications facilities considered
critical to national security/emergency preparedness. it utilizes the
existing processes in place for restoring electric service to specific
customers in the event of threatened or actual electric power supply
emergencies.
Emergency Response Link provides a controlled access web site
designed to assist the emergency response community in sharing disaster
response planning and operations information. the response community
includes the signatory agencies to the federal response plan and state
and local agencies and organizations.
Shared Resources High Frequency Radio Program provides emergency
communications in support of special operations and all-hazards
situations, incorporating the resources of 1098 HF radio stations,
contributed by 63 Federal, State, and industry organizations, into a
nationwide emergency message handling network.
______
Responses of Ms. Diane Fountaine to Questions Submitted by
Chairman Bennett
Question 1. Bellcore suggested that because of the size and
complexity Y2K problems in the telecommunications industry, it is
absolutely critical that contingency planning and disaster recovery
planning and training be implemented. They also stated that multiple
carrier failures should be entertained. How is the NCS working with
industry on these issues?
Answer. In collaboration with its industry representatives the
National Coordinating Center (NCC) for Telecommunications is working to
insure that national security and emergency preparedness
telecommunications contingency planning fully addresses year 2000
problems, to include:
--Formulation of a joint government/industry Y2K-specific Contingency
Plan to be completed by April 1999.
--Verification of non-public switched network (PSN) connectivity to
major operations centers from the NCC.
--Identification of those operation centers (industry & government)
which have connectivity via non-PSN voice and/or data
connectivity to vendors, suppliers, subject matter experts,
etc. that might play a key restoral role in any Y2K-related
telecommunications outage.
--Identification of key Y2K-related facilities, elements, vendors,
suppliers, subject matter experts with which the NCC does not
currently have non-PSN connectivity that should be provided
connectivity to the NCC.
The NCC is also currently fielding an upgraded National
Telecommunications Coordinating Network (NTCN) which will allow the NCC
to bridge any type of communications terminating on the NTCN to any
other subscriber regardless of communications vehicle. This includes
connecting any combination of HF, UHF, and VHF radios, private lines,
ring downs, satellite, and wireless to any of the other media. The
bridge is Y2K compliant, and will have a backup with redundant
capabilities located at the NCS Continuity of Operations site.
Question 2. Could you please describe how the National Coordinating
Center for Telecommunications works in a time of crisis?
Answer. The National Coordinating Center for Telecommunications
(NCC) has three Emergency Operations Teams (EOT) manned with experts in
various emergency response disciplines from the Office of the Manager,
NCS staff, and industry representatives of the NCC. The Manager, NCC
activates the on-call team to support a declaration of the Federal
Response Plan or if required by other emergency. The three teams allow
for ramping up to 7 days a week, 24-hour a day operation, if the
situation warrants that level of support. A team will be activated
prior to each critical year 2000 switch over date.
Question 3. How would the NCS and the FCC interact in the event a
Y2K telecommunications crisis?
Answer. The FCC has a representative assigned as a member of the
NCC. Operational issues would be coordinated with that representative.
The NCC or the FCC representative can also contact the FCC Duty Officer
at the FCC's Communications and Crises Management Center, which
operates on a 24-hour, 7 days a week basis. The Duty Officer is
responsible for locating senior FCC staff to apprise them of status of
ongoing events, or to get an action officer to assist the NCC in
addressing FCC-related issues. The FCC Center is connected to the NCC
through the National Telecommunications Coordinating Network (NTCN) and
the NTCN has connectivity to the FCC regional representatives through
connections to each of the Federal Emergency Management Agency regional
offices.
Question 4. When does a network outage advance from an economic
concern to a national security concern?
Answer. Determination that a telecommunications public network
failure impacting the economy has reached a national security concern
would ultimately be made with Cabinet and/or National Security Council
level deliberations.
Question 5. Besides, helping the industry to exchange the
information it needs to solve its Y2K problems, do you think the
proposed safe harbor legislation would also make it easier for the NCS
to obtain the information needs to ensure national security and
emergency preparedness telecommunications?
Answer. Although NCS has not experienced any reluctance on the part
of the telecommunications industry to provide information on Year 2000
readiness, the legislation should help the NCS to continue to obtain
the information it needs to ensure national security and emergency
preparedness telecommunications.
Question 6. I noticed that the NCS is not represented on the
telecommunications working group or the emergency services of the
President's Y2K Conversion Council, Chaired by John Koskinen. Is there
any particular reason why the NCS was not asked to participate in these
groups?
Answer. The NCS has been an active participant in the
Telecommunications Working Group since its first meeting and will
attend the next meeting of the Emergency Services Working Group. NCS
membership and attendance on these working groups has been considered
part of the Department of Defense representation.
Question 7. Has the NCS done any studies looking into how failures
in foreign networks could impact U.S. Communications? If not are you
aware of any such studies?
Answer. The NCS has not done any independent studies regarding
failures in foreign networks impacting U.S. communications. We are,
however, aware of the special Year 2000 Task Force established (Mar
1998) by the International Telecommunication Union to ``provide
information on and promote Year 2000 compliance standards amongst ITU
members to create greater global consistency and a common
understanding.'' One of their first actions was to issue a Year 2000
questionnaire regarding ``Millennium Compliance'' and promoting ISO
Standard 8601 ``Data elements and interchange formats--Information
interchange--Representation of dates and times.'' A Generic Year 2000
Testing Checklist was adopted to define the minimal set of tests which
will be required to demonstrate that a network system or component is
Year 2000 compliant. Additionally promoted is a British Standards
Institute publication from January 1997, Definition of Year 2000
Conformity Requirements.
Question 8. Is the NCS relying upon vendor certification or is it
also conducting independent tests as Bellcore recommends to ensure
equipment is Y2K functional?
Answer. The NCS is relying on vendor certification as well as the
performance of independent tests. We are working with Bellcore in this
area to help ensure that independent testing being performed by the
Alliance for Telecommunications Industry Solutions (ATIS), Network
Testing Committee, includes scenarios developed by the NCS. These
scenarios focus on maintaining reliable communications in the public
networks for national security and emergency preparedness purposes.
This independent testing is planned to be completed in the spring of
1999.
__________
Prepared Statement of Senator Jon Kyl
Mr. Chairman, I would like to thank you and Senator Bingaman for
your efforts in putting this hearing together.
Y2K will cross the globe in a 24 hour period. It has the potential
to wreak havoc with our communications networks and consequently with
all of our critical infrastructures. Our first concern must be with the
readiness of the nation's telecommunications system to smoothly
transition into the next century. But we must also recognize the
potential for disruptions that may pose serious public safety as well
as national security concerns, and to plan accordingly. We have a
distinguished panel of witness today who will help us to understand the
Y2K problems facing the telecommunications industry. We will also hear
testimony from the National Communications System, a little known but
very important entity.
The NCS was created by President Kennedy, in response to
communications problems that arose during the Cuban Missile Crisis. It
has the responsibility to ensure enduring communications in times of
crisis, ranging from national disasters to acts of war. And it has
enjoyed a unique and close working relationship with the
telecommunications industry, in designing and implementing preparedness
plans programs. I look forward to learning the status of contingency
planning for national security and emergency preparedness in
anticipation of potential Y2K disruptions. The Defense Authorization
Act of 1996 directed the President to report to Congress on the future
of the NCS. We recognized that the telecommunications infrastructure
was facing new threats, especially from information warfare tools and
techniques; and that the NCS has unique experience and resources to
contribute to an overall strategy to protect the nation against such
threats. While Y2K is not an information warfare threat per se, its
overall effects could be very similar to a deliberate attack on the
nation's information systems. I am sorry to report that, 3 years later,
the President still has not filed this report. My most recent letter
from Sandy Berger on this subject, dated February of this year,
promised that the report would be forthcoming promptly. We are still
waiting.
In March, I wrote to FCC Chairman Kennard, to recommend that the
Network Reliability and Interoperability Council (NRIC) be directed to
examine Y2K concerns. I was pleased to receive his response in May,
informing me that the NRIC would be tasked to undertake this effort. I
am concerned, however, that this work is not yet underway, and that the
hour is late. I look forward to learning about the NRIC's plans for
addressing Y2K in the limited time they have.
A key element in solving the Y2K equation is information. We have
heard reports that corporate concerns over liability are restricting
the flow of technical information and statements of Y2K readiness which
telecommunications carriers need for remediation and preparedness
efforts. It is vital that industry, as well as consumers, have access
to the information needed to fix Y2K problems, and for contingency
planning. To the extent liability concerns are chilling this necessary
exchange of information, we will need to find ways to alleviate those
concerns.
Time is very short. The Y2K Committee and the Judiciary Committee
will be working with industry associations, consumer groups, and other
interested parties during the August recess to evaluate legislative
options to help meet those needs. I would like to invite our witnesses
to offer their thoughts and recommendations on such legislative relief.
__________
Prepared Statement of Judith List
introduction
Thank you Chairman Bennett, Vice Chairman Dodd, and members of the
Special Committee for inviting me to testify on how telecommunications
networks could be affected by the Year 2000 technology problem. I am
Judy List, Vice President and General Manager of Integrated Technology
Solutions for Bellcore.
Bellcore, an SAIC company headquartered in Morristown, New Jersey,
is a leading provider of communications software, engineering,
consulting, and training services based on world-class research. Our
customers include major telecommunications carriers as well as telecom
companies of all sizes both in the United States and abroad. The
business I head for Bellcore provides Y2K services--primarily to
telecommunications carriers and suppliers, financial institutions, and
power utilities.
In response to your request, I will focus today on what Bellcore is
doing for the industry concerning Y2K, on elements of
telecommunications networks that could be impacted by the Y2K problem,
on the challenges of testing, on the outlook for the problem as I see
it, and on what positive steps can be taken to help with the situation.
background/bellcore's role in y2k readiness
To set the stage, let me say that Bellcore has been working on Y2K
solutions for our own software products since 1993, with a concerted
effort begun in 1995. Bellcore currently supports approximately 150
software system products that are installed and deployed in the
networks or operations of its licensed customer users. Those users
include the top tier local exchange carriers, among others. The
software system products include operations support systems and network
systems that support provisioning, maintenance and other management
functions for local telephone services. All Bellcore-supported software
system products either are now or will be, by year-end 1998, Year 2000
Functional.\1\
---------------------------------------------------------------------------
\1\ As used here, the term ``Year 2000 Functional'' is the ability
of software to record, store, process, recognize, display and calculate
calendar dates falling on or after January 1, 2000, in the same manner,
and with the same functionality as such software records, stores,
proceesses, recognizes, displays and calculates calendar dates falling
on or before December 31, 1999.
---------------------------------------------------------------------------
In addition, Bellcore has taken a proactive role in providing our
licensees and other customers with Year 2000 information. We have been
sharing information about Year 2000 functionality in the following
ways, to name just a few:
--by issuing information kits that include Bellcore's Y2K Test
Strategies, methodologies and results of our Year 2000
functionality testing;
--by placing information on Bellcore's website, which includes Y2K
Frequently Asked Questions and Bellcore software product
information; and
--by hosting and participating in customer meetings and forums.
All of this information will continue to be provided and updated
regularly by our Year 2000 Program Office.
telecommunications networks
Like many companies, Bellcore assists clients by providing
comprehensive services that cover the entire lifecycle for fixing the
Year 2000 problem for information technology, or IT, systems. However,
in addition to the considerable industry attention on IT systems,
Bellcore has supported increased attention on networks. Networks are
large, distributed computing environments. While the major
telecommunications carriers have recognized the Year 2000 challenges
that confront their core business, many commercial companies have been
relatively late in recognizing that the Year 2000 problem affects not
only their IT systems, but their private networks as well.
In both private and public telecommunications networks, as in
software and hardware computing systems, Y2K impacts are possible at
every layer of the infrastructure. That is, Y2K problems can be found
in applications, operating systems, file systems, databases, protocols,
middleware, and hardware platforms, as well as in the interfaces
between interconnected systems.
To aid in the remediation and testing process for network
equipment, Bellcore worked with telecommunications carriers and
equipment suppliers to develop a set of generic requirements for Y2K
functionality (Bellcore's GR-2945, ``Year 2000 Generic Requirements:
Systems and Interfaces''). In general, this document contains
requirements for both telecommunications network elements and
operations systems and covers a variety of date-sensitive functions.
Let me give you just one example. There is a ``common platform''
section that specifies the minimum date range for all systems as 1/1/
1980 through 12/31/2036. The former limit was chosen because it is the
date when PC-based management systems began counting time. The latter
limit was chosen because this is the date just before many UNIX
' -based system clocks will fail. GR-2945 simply sets this
range as the minimum requirement every system should meet. However,
some vendors may choose to design their systems to operate well outside
of this range, which is completely acceptable. Bellcore's GR-2945 was
available to the industry on January 31, 1997.
---------------------------------------------------------------------------
\'\ UNIX is a registered trademark of NOVELL, Inc.
---------------------------------------------------------------------------
In addition to using GR-2945, we recommend that companies follow a
structured approach in addressing Y2K issues. This approach starts with
establishing a corporate program office that manages the scope of the
program, including schedules, resource allocation and budgets,
awareness of Y2K issues throughout the company, and quality assurance.
The subsequent activities are: assessment, remediation, testing, and
deployment. It has been our experience in working with major US
telecommunications carriers and several Fortune 50 clients that a
structured approach is being taken with respect to Y2K.
network assessment
Bellcore has conducted risk assessments of major domestic and
international carrier networks as well as risk assessments of the
networks of a number of Fortune 50 companies. Risk assessments begin
with a comprehensive inventory of all network equipment in the carrier
or private network. Then, detailed questionnaires are sent to the
suppliers of this network equipment inquiring about the Y2K readiness
of the equipment. This information, along with information from the
carrier or company about the extent of equipment deployment in their
network, network architecture and topology, services, and other
information, is used to assess the risk of Y2K vulnerabilities in
providing services.
In our work, we have found that approximately 75 percent of voice
networking equipment has date sensitive processing in it, 25-35 percent
of data networking devices have date-sensitive processing, and almost
100 percent of network management devices have date-sensitive
processing in them. The kinds of functions that are date sensitive
include: service routing and scheduling, message reporting, network
administration and management, system clock maintenance and
restoration, event/alarm time-stamping, history sorting and reporting,
security (e.g., logins and passwords), user interface displays and user
input, trend analyses, logging of information, reports, and data
processing functions.
The data we have gathered and the analyses we have performed
through these risk assessments, as well as high-level, preliminary
experiments we have conducted in our labs, support the conclusion that
there is little date sensitive information in the fundamental call
processing or data routing capabilities of networks. Where we do see
date sensitive information is in the operations, administration, and
maintenance functions of networks. Examples of the latter type of
functions include: billing, provisioning of services, network
surveillance and maintenance, and other network management and
administration functions. Let me refer to the chart in the front of the
room for a quick look at the complexity of communications networks and
to explain where Y2K vulnerabilities are in these networks. (See
attached diagram.)
These functions are provided by network equipment that carriers and
large corporations license from equipment suppliers as well as in
systems that many companies develop themselves. Thus, fixing the
software code sometimes means that the company's own organizations are
responsible for the fixes, and sometimes means that the equipment
manufacturer or software provider is responsible for the fixes. In some
instances, a carrier or commercial enterprise may decide not to solve a
Y2K issue by having the code fixed. Instead, they may replace the
system with a new one or retire the system altogether because the
functionality can be provided somewhere else in the network. It is
equally important to manage and track progress for the replacement or
retirement of systems, because if they are not replaced or retired on
schedule, there could be Y2K impacts.
[GRAPHIC] [TIFF OMITTED] T1JL98G.001
ACD = Automatic Call Distributor
BS = Base Station
BSC = Base Station Controller
CAD = Call Access Device
CDR = Call Detail Recording
CLEC = Competitive Local Exchange Carrier
CMS = Call Management System
Collector = Billing Collector
CO = Central Office, End Office Switch
CRD = Corporate Record Database
CSM = Customer Service Management
CTI = Computer Telephony Integration
DLC = Digital Loop Carrier
DPS = Dispatch System
EBI = Electronic Bonding Interface
FMS = Fault Management System
HLR = Home Location Register
IP = Intelligent Peripheral
LAN = Local Area Network
LEC = Local Exchange Carrier
LSMS = LNP Local SMS
MDR = Message Detail Recording
MSO/VLR = Mobile Switching Office/Visitor Location
Register
NPAC = Number Portability Administration Center
System
OSS = 0perator Services System
PBX = Private Branch Exchange
PSTN = Public Switch Telephone Network
PSAP = Public Safety Answering Point
RAOS = Revenue Accounting Office System
SMDI = Simplified Message Desk Interface
SMDR = Station Message Detail Recording
SMS = Service Management System
SCP = Service Control Point
SNS/DOE = Service Negotiation System/Data Order Entry
SOP = Service Order Processor
SSP = Service Switching Point
STP = Signal Transfer Point
TAN = Technician Access Network
TAS = Trouble Administration System
TPU = Technician Portable Unit
UCD = Uniform Call Distributor
VLR = Visitor Location Register
VMS = Voice Messaging System
VRU = Voice Response Unit
WOP = Work Order Processor
The analyses we have conducted on the Y2K issues in network
equipment have covered thousands of voice and data products,
manufactured by hundreds of US and international companies. We have
analyzed the data gathered from a variety of sources, including
manufacturer's responses to questionnaires, information available on
manufacturer websites, and other publicly available sources. We have
gathered and analyzed this information in support of our customers; we
have not embarked on a comprehensive survey of all carriers, large
enterprises, or equipment manufacturers. The charts at the front of the
room summarize our analyses of these data, based on our experience, but
they have not been independently validated.
Figure 1. Percentage of Voice Network Products Reported by
Manufacturers to be Y2K Functional by Quarter.
[GRAPHIC] [TIFF OMITTED] T1JL98G.002
Note: 3Q 98 date includes products that have no date sensitivity
and products that will be Y2K functional by the end of 3Q 98, according
to vendor-supplied information. 2Q 99 and beyond includes products that
will not be Y2K functional by 2Q 99 and those products that the vendor
will not make Y2K functional (e.g., manufacturer discontinued
products), according to vendor-supplied information.
Figure 2. Percentage of Data Network Products Reported by Manufacturers
to be Y2K Functional by Quarter.
[GRAPHIC] [TIFF OMITTED] T1JL98G.003
Note: 3Q 98 date includes products that have no date sensitivity
and products that will be Y2K functional by the end of 3Q 98, according
to vendor-supplied information. 2Q 99 and beyond includes products that
will not be Y2K functional by 2Q 99 and those products that the vendor
will not make Y2K functional (e.g., manufacturer discontinued
products), according to vendor-supplied information.
The first chart presents data on voice network products. According
to various sources, for the products on which we have collected data,
83 percent of the products are planned to be Y2K functional by the
third quarter of 1998, while another 4 percent are planned to be Y2K
functional by the end of 1998. An additional 5 percent are planned to
be Y2K functional by the end of the first quarter of 1999, and the
remaining 8 percent will either not be made Y2K functional (because,
for example, they are discontinued products) or are planned to be Y2K
functional sometime during or after the second quarter of 1999.
The second chart presents information on data network products.
Again, of the products for which we have collected data, 89 percent of
the products are planned to be Y2K functional by the third quarter of
1998, while another 2 percent of the products are planned to be Y2K
functional by the end of 1998. An additional 5 percent are planned to
be Y2K functional by the end of the first quarter of 1999, and the
remaining 4 percent will either not be made Y2K functional or are
planned to be Y2K functional sometime during or after the second
quarter of 1999.
These results indicate that over 85 percent of the
telecommunications network products we have surveyed for our major
carrier and large commercial enterprise customers are planned to be Y2K
functional by the end of 1998, according to their manufacturers.
Further analysis of the detailed information we have gathered indicates
that the majority of critical network components in carrier networks
will be Y2K functional by year-end 1998. It is largely the peripheral
devices that will not be Y2K functional until first quarter 1999 and
beyond. For example, according to manufacturers, most of the major
central office switches used in the US are planned to be Y2K functional
by year-end 1998.
Within a commercial enterprise, there are a small number of Private
Branch Exchanges (PBXs), voice mail systems, and automatic call
distribution systems (ACDs) that will not be Y2K functional by year-end
1998. This market is very diverse and the consequence of non-compliance
of any one vendor's device is significantly less. In addition, the non-
compliant devices tend to be older and smaller, which again lessens the
impact because fewer users are affected. While many of the devices that
will not be Y2K functional by the end of this year are peripheral, many
of them interact with more critical devices. It is important to test
how non-compliant devices (e.g., a network management system) might
interact with a Y2K functional device (e.g., a PBX).
Finally, the upgrades to this equipment may still need to be tested
by the carrier or commercial enterprise in whose network it is used and
then installed in the network. It is important to schedule and track
delivery of equipment upgrades and the subsequent testing and
installation.
testing
Once the software is fixed (either by a supplier, the carrier, or
the carrier's agent), the software should be tested. For a software
application, this includes unit testing of the code changes, as well as
integration testing of various modules of the application together. In
addition, system tests are conducted to incorporate the operating
system environment, the hardware platform the application runs on, as
well as any third party software that may work with the application
software. Finally, the interfaces between systems should be tested,
particularly for high risk systems, to assess the impact of Y2K
remediation on interoperability between systems.
Year 2000 poses significant testing challenges. First, there are a
variety of dates that need to be tested; this increases the number of
tests that need to be conducted. Second, tests should be repeated--for
example, as problems are found and fixed or as additional changes or
enhancements are made to the system between the time the code is Y2K
functional and the rollover of the millennium. Third, there are
difficult test environment issues due to the general need to test
applications in a ``clock rollover'' environment. It is not feasible
for carriers to roll the clocks forward in a live network; therefore,
doing system clock rollovers requires either extensive laboratory
environments or significant investment in parallel systems to test for
year 2000 functionality. Testing requires specialized expertise and
tools. Finally, industry analysts have estimated that testing is at
least 50 percent of the effort in Year 2000. The most significant
challenge is that there is too much to test in too little time.
Not only must testing of individual network elements be completed,
but interoperability testing is needed as well. We recommend that
interoperability testing be conducted for several reasons. There are
some interfaces in networks over which date information is passed, and
processing on the date information occurs on one side or the other of
the interface or on both sides of the interface. In these instances,
interoperability testing is needed to assess the extent to which dates
are passed and processed correctly on both sides of the interface.
However, there are many more instances in networks where date
information is not passed or processed across an interface between two
systems. While the need for Y2K interoperability testing is less
obvious in these instances, it may be possible that while fixing code
to address Y2K in one of the systems, some non-date related
functionality may be inadvertently ``broken'' in the interface between
the systems.
Finally, because both private and public networks in the US are
quite heterogeneous in the types of equipment and the number of
equipment vendors who supply equipment, it is often the case that the
equipment on either side of the interface is manufactured by different
vendors, who may use different date standards. Interoperability testing
helps to address these issues.
outlook
Mr. Chairman, you asked for my personal outlook on the situation in
the ttelecommunications industry, and so I will make four points in
that regard.
First, as is the case in most other industries, it has been my
experience that larger corporations have been more attentive to and
more active in resolving the Y2K issue than have smaller companies. All
of the major carriers have corporate-level Y2K programs, they
understand and are actively working the problem, and they have the
ability to work with their major equipment vendors to address the
issue. In addition, the US is ahead of most of the rest of the world.
Europe lags behind the US in their attention to this issue, and
generally, with some exceptions, so does the rest of the world. South
America, much of Asia/Pacific (with the exception of Australia), and
Africa are quite far behind. I do have a concern that the general lack
of attention to Y2K in some parts of the world could adversely impact
our ability to communicate with them, largely because of failures in
critical infrastructures like power that may impact their
telecommunications providers.
Second, as I've mentioned, the Y2K vulnerabilities in the
telecommunications network do not appear to be in the fundamental call
set-up and processing or data routing capabilities of the network.
Rather, they appear to be in the operations, administration, and
maintenance functions that support these fundamental capabilities.
While this suggests that getting basic dialtone at midnight on January
1, 2000 is less likely to be a problem, it is possible, in my opinion,
that there may be disruptions in billing, processing service orders,
and so on. In addition, continued difficulties with operations,
administration, and maintenance functions could eventually impact
service.
Third, telecommunications manufacturers indicate that the majority
of them will be Year 2000 functional by the third quarter of this year.
Furthermore, our analysis of vendor responses indicates that the
majority of critical network components will be Y2K functional by the
end of 1998. However, testing and deployment/installation are still
required, as is ongoing attention to timely delivery of upgrades.
Finally, there will be problems, and there is a level of
uncertainty in this area that makes it difficult to predict where the
problems will be. In the software industry today, the best in class
companies find 95 percent of code anomalies before the software ever
gets to the field. That means that 5 percent of software anomalies are
found after the code is operational Furthermore, according to the
Software Engineering Institute, a new defect is introduced with every
approximately 4\1/2\ fixes of software code. Both of these statistics
suggest that, given the pevasiveness and extent of Year 2000 elements,
there will be problems. It is critical that contingency and disaster
recovery planning and training be implemented. Furthermore, Y2K
contingency planning and disaster recovery needs to address plans
differently than traditional business continuity plans because backup
systems are likely to have the same Year 2000 problems, issues may be
more widespread across a number of industries, and problems may last
for a longer period of time.
recommendations
In closing, let me make the following brief recommendations on
positive steps that could be taken to help with the Y2K issue in
telecommunications. First, the entire industry should be doing whatever
it can to promote interoperability testing.
Second, the industry should work on a plan for cooperation in the
event that emergency business recovery should become necessary. This
should include scenarios where only one company is affected as well as
scenarios where multiple carriers are affected.
Third, the government could help by continuing to promote awareness
of the Y2K problem, as this Committee and others are doing. Raising
awareness is particularly important among small and medium-sized
businesses.
Finally, there might--at some point--be a need for safe harbor
legislation. Such legislation would be designed to protect responsible
companies from some of the torrent of litigation we know is headed our
way--much of which could be frivolous and could distract attention and
divert resources from the most critical work: fixing the problem. This
should remain the industry's primary concern, and anything you can do
to allow us to focus our efforts on that would be most appreciated.
Again, thank you for the opportunity to testify before you today. I
will be happy to take your questions.
______
Responses of Judith List to Questions Submitted by Chairman Bennett
Question 1. It strikes me that there is no comprehensive industry
wide test planned. SIA just began end-to-end (street-wide) testing of
all partners in the securities industry. When will the
telecommunications industry begin such testing, and who should
coordinate such a test?
Answer. In my written testimony before the Committee, I emphasized
the challenge of Y2K testing for telecommunications networks and wish
to restate that point here. Year 2000 testing for networks is critical
but complex because of the variety of dates that need to be tested, and
tested repeatedly, the difficult test environment issues, and the need
for specialized expertise and tools to conduct tests of networks.
However, I do believe that Y2K testing of telecommunications networks
is an integral phase in a Year 2000 program. Specifically, it is
essential that testing encompass both the interfaces between systems to
assess Y2K impacts and interoperability across networks, in addition to
stand-alone product testing. As others testified before the Committee,
both types of testing are in process through several industry efforts,
namely through the Y2K Telco Forum for testing of network interfaces
and through the Alliance for Telecommunications Industry Solutions
(ATIS) for interoperability testing.
Question 2. You mentioned that according to the Software
Engineering Institute that an error is introduced for every 4.5 lines
of software fixed. Can you estimate the amount of errors which have
been introduced into the system? Could such software errors result in
an expected systems failure?
First, a point of clarification. The statistic, as it was presented
to me, was that for every approximately 4\1/2\ (it actually was 4.4)
fixes of software, a new error is introduced. There can be multiple
fixes per line of code; conversely, some programs have many lines of
code that require no Y2K fixes. Thus, without knowing about a
particular application, it is impossible to estimate how many fixes are
required to make the program Y2K functional and therefore, to estimate
how many new errors might have been introduced. In this context, I
would again emphasize the importance of testing, including testing of
the remediated portions of code, product test, as well as interface and
interoperability testing. Regression testing is the process by which
modified software code is tested against a baselined version of the
code to assess the extent to which planned, and only planned, changes
to the code have been correctly implemented. Regression testing should
be conducted and repeated so that, as additional fixes are made to the
code, or new features are added, these can be tested to assess the
extent to which new errors may have been inadvertently inserted into
the code. With respect to systems failures attributable to newly
introduced errors, the potential impact could be different than
existing Y2K errors. Our work thus far has indicated there is little
date sensitive information in the fundamental call processing or data
routing capabilities of networks and that there are relatively few
interfaces between network equipment that involve date processing..
However, it is possible that while fixing Y2K problems in some parts of
software, errors could be inserted inadvertently that affect non-date
related functionality. This possibility, again, emphasizes the need for
extensive and repeated testing of the types described above.
Question 3. I understand that much of the code correction for U.S.
carriers has been done in foreign countries. What kind of a security
risk does this present?
Answer. The issue of security for both the public switched
telephone network (PSTN) and private networks as it relates to year
2000 remediation is of paramount importance. As a critical
infrastructure supporting the provision of local emergency response,
national security preparedness, and commerce and economic transactions
throughout the nation and the world, telecommunications networks must
be protected from threats, both domestic and international, to their
functioning and reliability. Such assurances are fundamental to a
robust and reliable telecommunication infrastructure.
There is the possibility that security risks can be introduced into
any code that is being remediated, not just code that is corrected in
foreign countries. Programmers can, for example, introduce trap doors
or back doors for non-malicious reasons, for example, to make it easier
for them to maintain the code. These trap doors or back doors can then
be used for other purposes to obtain unauthorized access to the
software program. In other instances, security problems can be
introduced for directly malicious purposes during the code remediation
process. To date, I know of no easy way to assess code to ascertain the
existence of these types of security risks. It requires labor intensive
examination of the code, line by line. Companies can work to protect
themselves from such risks by conducting adequate due diligence of
employees, contractors, and service providers that they may hire to
remediate Y2K problems. In addition, implementing various policies
(such as code inspections) to monitor the code remediation process also
can help reduce risk.
Question 4. Your recommend that the industry should be preparing
contingency plans for scenarios with multiple carrier failures. In what
forum should this occur? In your opinion should this be coordinated
through the FCC, National Telecommunications Alliance or though the
National Communications System? Or would you suggest another entity?
Answer. The telecommunications industry has been successful in the
past in providing quick response to problems impacting service both at
the individual company level and in working collaboratively to respond
to common service-related issues. With the advance knowledge that
service could be impacted due to the year 2000 problem, the industry
has a unique opportunity to undertake advance contingency planning for
potential service degradation or loss. My recommendation on emergency
business recovery is for an industry-based effort to be undertaken in
advance that would address scenarios in which one company as well as
multiple carriers might be affected by Y2K problems.
Such a coordinated effort could be managed by one of a number of
entities including those identified above. Rather than recommend a
preferred forum for business recovery planning, I would suggest that
such a forum be as inclusive as possible with representation from all
segments of the telecommunications industry--local and long distance
carriers, wireless companies, and equipment manufacturers, for example.
Question 5. Do you suggest interoperability testing between foreign
carriers and domestic carriers?
Answer. The challenges of interoperability testing discussed above
and in my written testimony apply as well to testing between domestic
and foreign carriers. However, such challenges may be heightened by
virtue of the geographic and political divisions of the world's
countries, the sophistication of their telecommunications
infrastructure and their level of awareness and remediation of Y2K-
related problems. U.S. companies, I believe, can serve as leaders in
the international arena through their international operations and
through partnerships with foreign carriers to increase awareness, to
exchange information and knowledge, and to engage in testing where
feasible. International organizations, such as the International
Telecommunications Union (ITU), can also play an instrumental role in
supporting these activities for telecommunications carriers around the
globe. Clearly, the importance of interoperability testing both
domestically and internationally cannot be overstated and to the extent
that it can be facilitated with the support and encouragement from
Congress, international organizations, and the carriers, the more
likely testing will be conducted.
Question 6. Are the Year 2000 telecommunications test beds
available for application testing (such as business applications)? When
could such testing begin and who would coordinate them?
Answer. Bellcore has some central-office laboratories that have
been used extensively by telecommunications carriers and suppliers for
both stand-alone product testing as well as interoperability testing.
For example, we recently conducted extensive interoperability tests for
local number portability under the oversight of the Alliance for
Telecommunications Industry Solutions (ATIS). These laboratory
facilities include several of the major switching systems in use in the
United States, as well as a hub capability that allows for
interconnection with remote laboratories located at carrier or supplier
sites. Bellcore also has a separate testing platform in its Quality
Assurance testing labs to enable product and interoperability testing
of Bellcore's licensed software products in a clock-reset environment.
This is a key component of our Y2K testing strategy.
Question 7. You mention that in your assessment of fortune 50
companies you discovered that 25-35 percent of data networking devices
have date problems. Isn't that number as high as 50 to 65 percent with
(Automated) Intelligent Networks (AIN)? What is the implications of
these failure rates?
Answer. The risk assessments we have conducted for carriers have
included network equipment that provides Advanced Intelligent Network
(AIN) services. The Y2K vulnerabilities of this equipment are similar
to the vulnerabilities identified in voice networks. That is,
approximately 75 percent of these devices have date-sensitive
processing in them, and this date processing is largely in the
administrative, maintenance, and operations functions. AIN services
can, at times, involve some additional capabilities in call processing
(e.g., time-of-day, day-of-week flexible scheduling or routing logic)
that may increase exposure to Y2K risks. In addition, AIN is a
distributed network environment, so interoperability testing between
distributed network elements is critical.
With regard to data networking devices in large commercial
enterprises, we've found that 25-35 percent of those devices have date-
sensitive processing in them. The higher number (i.e., 35 percent)
reflect intelligent data networking devices. That is, data devices that
have network management capabilities included as part of the network
device itself (as opposed to a separate system) are somewhat more
likely to have date processing than data devices that do not include
network management intelligence. This is consistent with our overall
conclusion that it is the operations, administration, and management
capabilities that are most at risk.
__________
Prepared Statement of Ramu Potarazu
Good morning Mr. Chairman, members of the Special Committee. My
name is Ramu Potarazu, and I am the Vice President and Chief
Information Officer of INTELSAT, the International Telecommunications
Satellite Organization. I appreciate the opportunity to testify before
you today on the important issues raised by Year 2000.
This morning, my testimony will concentrate on what INTELSAT is
doing to address the Year 2000 issues. In fact, we calculate that we
have 370 business days left before Year 2000 is upon us.
Let me begin with a very brief history of INTELSAT. INTELSAT was
established in 1964 as a global commercial cooperative on the
initiative of the United States. At that time, President Kennedy said
``I invite all nations to participate in a communications satellite
system, in the interest of world peace and closer brotherhood among
peoples of the world.'' President Kennedy's bold and prescient
statement led to passage by the United States Congress of the
Communications Satellite Act of 1962, which, in turn, resulted in the
formation of INTELSAT in 1964, the initiation of commercial satellite
service in 1965, and the establishment of full global coverage by
INTELSAT in 1969.
INTELSAT's main mission is to provide the space segment for public
satellite communications services throughout the world on a non-
discriminatory basis. ``Non discriminatory'' means that INTELSAT
provides services to all countries of the world at the same prices.
Today, INTELSAT has 143 member countries and interconnects virtually
every country and territory in the world. INTELSAT provides
international, domestic and regional satellite communications services
such as telephone, television, Internet and data.
INTELSAT began its official Year 2000 program several years ago. We
recognize that INTELSAT potentially could be affected by the Year 2000
in several areas--from our desktop computing, to our regular daily
business transactions, to our ground systems which control our
satellites, ground stations operated by our Signatories and direct
access users and even the power, air conditioning and security of our
headquarters building here in Washington.
INTELSAT adopted a standard, five-step approach to resolving our
Year 2000 issues. In the first phase, the Preliminary Assessment Phase,
INTELSAT produced an inventory of all equipment that included computer
software or hardware (or embedded systems) that could be affected by
dates. INTELSAT's second phase is the Analysis and Plan Phase. After we
created an inventory in the first phase, we analyzed the inventory and
developed plans to remediate any Year 2000 issues. In the Analysis and
Plan Phase, we first sub-divided INTELSAT's inventory into three
categories: critical, essential and non-essential. INTELSAT's plans, at
this time, are to remediate the Year 2000 issues in the critical and
essential systems by the end of the first quarter of 1999. INTELSAT's
focus would then shift to the remediation of the less urgent, non-
essential systems.
The third phase, which we are currently in, is called the
Remediation Phase. In this phase, INTELSAT is remediating the critical
and essential systems for Year 2000 compliance. INTELSAT is making
progress and is on schedule for completion in the first quarter of
1999, as planned at this time.
After remediation of its Year 2000 issues, INTELSAT will engage in
the fourth phase: the Testing Phase. The Testing Phase is very complex
because, at INTELSAT, we cannot simply shut down our daily operations
and easily test software and hardware. Therefore, new facilities have
to be set up in temporary locations. We are currently preparing to
conduct such tests as soon as the software remediation is complete.
INTELSAT's fifth and final phase is the Deployment Phase. In this
phase, INTELSAT will put the systems into production and operation.
When this phase is complete, INTELSAT will be ready to operate into the
new millennium.
Out of the five phases, the two phases that are the most
complicated and manpower-intensive are the Remediation and Testing
Phases. As I stated earlier, testing is very difficult but we have very
thorough test plans to implement and complete this phase.
In the invitation letter from Chairman Bennett to testify today, I
was asked to address four questions. The first question asked was,
``How does the Year 2000 problem affect satellite communications?''
INTELSAT has received information from our satellite manufacturers
that indicates that the INTELSAT satellites do not have Year 2000
problems. INTELSAT has three satellite vendors, all from the United
States, that comprise our current and planned fleet. These vendors are
Space Systems/Loral, Lockheed Martin and Hughes Spacecraft. All of our
vendors have advised us that there are no known problems on the
spacecraft. Typically, a communications satellite does not reference a
time and a date; rather, a satellite references what we commonly refer
to as ``satellite local time,'' that is a reference to the sun. When
there is a technological reference to the sun, there usually is no
reference to a specific year. INTELSAT's own analysis and testing will
seek to confirm this information. Thus, at this time, we do not believe
that our INTELSAT satellites have any Year 2000 issues.
As a result, INTELSAT's Year 2000 emphasis primarily has focused on
our ground systems that fly, command and control, and monitor our
satellites.
The second question asked was what are ``INTELSAT's concerns about
international communications?'' This, quite frankly, is INTELSAT's
biggest concern and is one that is mostly out of our control.
To respond to this question, I will describe the Year 2000 issue as
it affects three major groups of INTELSAT users, each of whom operates
its own incountry ground network to access the INTELSAT satellite
network. The first group is the high tech user group that has a
familiarity with computers, is aware of the Year 2000 issue, knows what
to do, and is remediating any Year 2000 issues.
The second group is composed of users who have computer systems
that may not have been replaced over the last 10 or 15 years. These
users have a more limited knowledge of computers because they only
repair the computer system when it breaks. They may or may not be fully
aware of the Year 2000 issue, and they may or may not be remediating
any Year 2000 issues.
The third group is composed of users throughout the world who have
``antiquated'' technological systems. They generally do not use
computer systems at all to run their systems, and use a lot of manual-
intensive labor to perform operations.
Categories 1 and 3 present the smallest problems from INTELSAT's
perspective. Our focus is on the users in the middle category--the
users that have outdated systems, do not have money to remediate any
Year 2000 issues, and sometimes, don't even have the money to recognize
that they have a Year 2000 problem.
Many of the earth stations throughout the world have several
hundred pieces of computer equipment from various manufactures that
control their ability to receive telecommunications information. For
example, if antenna control units fail, this failure could cause
complete loss of pointing to the satellite by the antenna and no
information could be sent or received.
Perhaps I can use an illustration to demonstrate INTELSAT's
concerns about Year 2000 issues affecting international communications
in satellite communications. A significant part of INTELSAT's
international communications is a two-way communication that uses an
INTELSAT satellite between country A and country B. If country A's
ground network is Year 2000 compliant; and INTELSAT, being the supply
chain in the middle, is also compliant; and country B's ground network
is not Year 2000 compliant, then you will have a failure of the
complete chain. To summarize, INTELSAT has some concerns about the Year
2000 compliance of all international communications.
The third question asked was, what is ``The general preparedness of
the satellite industry?'' I cannot answer on behalf of any other
satellite competitors or satellite industry leaders. However, INTELSAT
has a thorough remediation plan and we are working very diligently to
make ourselves Year 2000 compliant. The most appropriate way for me to
answer at this time is to say that, yes, we at INTELSAT have a plan in
place to be prepared for our global satellite system.
In addition, INTELSAT has been proactive in working with our
customers, our Signatories and other international organizations in
regard to the Year 2000 issues to exchange and gather information. Here
is a brief overview:
With the World Bank: INTELSAT's CEO, Irving Goldstein, recently met
with the World Bank President, James Wolfenson to discuss cooperation
on Year 2000 technical awareness issues. INTELSAT has offered free
usage of the INTELSAT space segment to the World Bank for promulgation
of Year 2000 issues on a more global basis. INTELSAT understands that
the World Bank and other intergovernmental financial institutions have
made funding available to governments and the private sector for the
Year 2000 program. Last month, INTELSAT participated in the World
Bank's Multilateral Development Bank Conference in Washington, D.C.
INTELSAT also will be providing technical awareness assistance at the
World Bank-sponsored Year 2000 seminars for developing nations. Over 10
seminars in different countries are scheduled between July-October
1998, and the first seminar was held earlier this month, in Brazil.
With the International Telecommunication Union: INTELSAT provided
Year 2000 speakers at the ITU Africa Telecom conference in South Africa
earlier this year and INTELSAT has been assisting the ITU with other
Year 2000 initiatives.
With the Caribbean Telecommunications Union: INTELSAT spoke about
the Year 2000 issue at the CTU Annual Policy Seminar earlier this
month.
With the INTELSAT Advantage Program: INTELSAT has developed a Year
2000 seminar for its customers and users, and will be offering this
information throughout the world over the next 12 months.
With the INTELSAT Corporate Intranet/Seminars: INTELSAT has
developed an extensive corporate Intranet on Year 2000 issues as a
technical resource for our staff and our customers. Because this
Intranet includes proprietary business information, its use is
restricted. However, INTELSAT would be pleased to meet separately in a
seminar format with those interested in learning more about INTELSAT's
Year 2000 Program.
The fourth question asked was, what ``Specific actions that you
believe the Congress or others should take to facilitate the Year 2000
remediation efforts?'' From a conceptual point of view, INTELSAT's
policy is to encourage the implementation, in every country throughout
the world, of some type of legislation which allows INTELSAT and others
to share information more readily. Right now, many entities are
reluctant to share information because of legal ramifications. As a
result, testing and remediation is often duplicated at great expense.
In a perfect world, any effective legislation to limit legal liability
should have been implemented a year or two ago. Nevertheless, INTELSAT
encourages implementation of any legislation that can help alleviate
some of the potential legal liabilities that have created a ``chilling
effect'' on the remediation of Year 2000 issues among organizations and
businesses around the world.
INTELSAT also encourages continued congressional support for
efforts throughout the world, and particularly in the developing
countries, to educate and promote awareness about the Year 2000 issues
in order to facilitate technical remediation efforts.
In conclusion, we at INTELSAT have made the Year 2000 issue a top
priority and hope that the rest of the industry takes this issue as
seriously as we do. And, we believe today's hearing is a very useful
way to promote awareness of this very important issue. Once again, I am
honored to be here today and will be happy to answer any questions
regarding the Year 2000 issues in regard to INTELSAT.
______
Responses of Ramu Potarazu to Questions Submitted by Chairman Bennett
Question 1. Could you tell the committee how long your satellites
would be recoverable without control from the ground. What is the
longest time in the recent past that you have lost contact with a
satellite due to failure in ground station software and still have
managed to regain satellite control and operations?
Answer 1. Answering the second half of the question first, the
longest time in the recent past that INTELSAT has lost contact with a
satellite due to a ground station failure is approximately two minutes.
This is due to the fact that the INTELSAT system has backup redundancy
whereby a failure at one ground station is immediately backed up by a
second ground station. The second ground station is fully capable of
providing the necessary requirements to operate the satellite,
including: telemetry processing, tracking, commanding and ranging.
The basic operation of a satellite, however, is autonomous from its
ground control station. Therefore, should INTELSAT lose both the
primary and backup ground stations for a satellite, then under normal
atmospheric conditions, INTELSAT would expect to be able to recover the
satellite up to one week after the commencement of the double outage at
the ground stations. The only known exception to INTELSAT's estimated
``one week'' window of recovery is during the two eclipse periods that
occur every year. The eclipse periods are two 45-day windows that begin
22 days before and end 22 days after the 15th of March and the 15th of
September. During these periods, INTELSAT conducts critical commands
and monitoring controls on an hourly basis, 7 days a week, 24 hour a
day. If INTELSAT loses its ability to communicate with a satellite
during either of these annual eclipse periods, then INTELSAT's failure
recovery window of one week could potentially be reduced to half a day.
The time frame of most concern for the Year 2000 issue is a period
of 2 days, 31 December 1999 through 1 January 2000. Therefore, even
under the extreme and unlikely circumstances of a double outage at the
ground stations, as described above, the critical 2-day Year 2000 time
period is well within INTELSAT's anticipated ``one week'' window of
recoverable failure time. Moreover, the transition to the new
millennium is not during an eclipse period.
Question 2. Can you say how many developing nations are
significantly threatened by major communications disruptions due to Y2K
problems impacting their ground station or wireline telecommunications?
Answer 2. Although INTELSAT has not conducted its own study with
regard to the Year 2000 ``readiness'' of developing nations, INTELSAT
is a member of the ITU Year 2000 Task Force. This ITU group has issued
a questionnaire and is conducting a study on this issue. The ITU has
indicated that, as of 13 August 1998 over 200 operators from around the
globe have responded to its questionnaire. The ITU's questionnaire
asked several Year 2000 management questions, and asked the respondents
to provide a number rating (1 = high level of confidence, to 4 = low
level of confidence) for such areas as:
(a) Systems and Applications,
(b) Networks (domestic, interconnect, international and
telex),
(c) Products and Services,
(d) Communications to Customers,
(e) Communications to Suppliers,
(f) Supplier Relationships,
(g) Integration and Testing, and
(h) Business Continuity Planning.
The ITU's questionnaire also asked for the respondents to indicate
an expected system compliance date and a final testing-completion date.
The summarized results can be found on the ITU's web site at http://
www.itu.int/y2k/.
Additionally, as stated in the 31 July 1998 U.S. Senate testimony
of Mr. Ramu Potarazu, INTELSAT's Vice President and Chief Information
Officer, INTELSAT is participating as a technical telecommunications
representative in the World Bank's InfoDev Program, which focus is on
Year 2000 issues in developing nations. To date, INTELSAT has
participated in the World Bank's regional seminar in Jamaica and the
national seminar in Brazil. INTELSAT is scheduled to participate in
several additional World Bank seminars by the middle of October 1998.
Question 3. Are you aware of and satisfied with the changes being
made to the voice networks you will have to connect to?
Answer 3. By way of background, INTELSAT only provides the space
segment portion of a global commercial telecommunications satellite
system. Therefore, all connectivity to INTELSAT's network must be made
through antennas owned by other entities. These antennas primarily
exist at earth stations. Most earth stations have multiple antennas.
INTELSAT has no ownership interest in any of the earth stations (or
antennas) connecting to its satellite communications network. There are
two types of earth stations that connect to INTELSAT. First, Telemetry,
Tracking and Commanding (TT&C) earth stations connect to INTELSAT's
network. Second, a large number of traffic earth stations that carry
commercial services are connected to INTELSAT's network. Each of these
types of earth stations are discussed in greater detail below.
TT&C Earth Stations.--All of the TT&C earth stations that connect
to INTELSAT's network are independently owned. The TT&C earth stations
provide the services necessary for INTELSAT to fly its satellites, and
these stations provide for the safety of INTELSAT's satellite fleet as
required. INTELSAT has a contractual relationship with specific TT&C
earth station sites to provide services. In addition, as part of
INTELSAT's Year 2000 Program, INTELSAT has agreements with these TT&C
earth station sites to conduct end-to-end testing of the telemetry,
tracking and commanding services that they provide to INTELSAT.
INTELSAT expects to conduct this end-to-end testing during the fourth
quarter of 1998.
Traffic Earth Stations.--The traffic earth stations that connect to
the INTELSAT system for commercial voice networks, video, data,
Internet, etc. consist of hundreds of earth stations and thousands of
antennas. These earth stations and antennas are owned and operated by
INTELSAT's customers. INTELSAT recognizes that it is impossible to
conduct end-to-end testing with all of these earth stations and
antennas prior to the year 2000. Therefore, INTELSAT has embarked on an
awareness campaign to inform these traffic earth station operators
about INTELSAT's Year 2000 remediation program, and the critical need
for these operators to develop their own Year 2000 program. As part of
INTELSAT's Year 2000 Program, it has: written letters to all of the
Operation Representatives (technical operators of earth stations
connected to the INTELSAT network) and written letters directly to each
traffic earth station terminal about INTELSAT's Year 2000 efforts. In
addition, INTELSAT has made several Year 2000 presentations at various
INTELSAT fora including: the INELSAT Global Operation Representatives
Conference (GORC), the INTELSAT Global Traffic Meeting (GTM), the
INTELSAT Meeting of Signatories, and the INTELSAT Board of Governors
meetings and its many committee meetings. As a result of INTELSAT's
dissemination of Year 2000 information, INTELSAT has an acceptable
level of confidence that the traffic earth station operators are aware
of their individual Year 2000 responsibilities.
Finally, the thousands of domestic terrestrial telecommunications
operators throughout the world connect to the traffic earth stations
described above. Therefore, these terrestrial operators are at least
one step beyond the earth stations in the distribution chain of
INTELSAT telecommunications services, and INTELSAT does not see the
need to directly participate in further end-to-end testing with these
operators at this time.
Question 4.--Can you say anything about the readiness or
preparations for Year 2000 in these (Far East) countries at this time?
Should we be extra concerned given the other problems some of these
economies and political systems are already having at this time?
Answer 4. INTELSAT has participated in a number of forums in which
it has discussed its Year 2000 Program, including: INTELSAT's
involvement in the ITU and World Bank programs (discussed in the answer
to Question 2, above), INTELSAT's Advantage Program (which provides
technical seminars and training for developing countries who are
members of INTELSAT) and INTELSAT's meetings with its Signatories who
represent INTELSAT's 143 nation membership. Both the World Bank's
InfoDev Program and INTELSAT's Advantage Program have scheduled
regional seminars in the Far East during September and October of 1998.
Countries on the World Bank's InfoDev current schedule include: India,
Pakistan, China, Vietnam, Indonesia, and tentatively Thailand.
While INTELSAT is concerned with the Year 2000 readiness of the Far
East, especially in light of the recent economic and political
situation, we are somewhat encouraged by the published results of the
ITU Year 2000 Task Force questionnaire, previously cited above. The ITU
has indicated that, of the 50 questionnaires returned by operators in
Asia and ``Australasia,'' only seven operators have given any
indication that Year 2000 work has not yet been initiated. According to
the ITU's study, the remaining 43 operators have Year 2000 programs in
place and the vast majority of these were willing to offer a completion
date.
__________
Prepared Statement of Michael K. Powell
introduction
Good morning, Mr. Chairman, Senator Dodd and distinguished members
of the Committee. I commend the Senate Special Committee on the Year
2000 Technology Problem for its active participation on this issue. I
welcome this opportunity to share with you what the Federal
Communications Commission (FCC) has learned about industry efforts to
address the Year 2000 Problem, as well as to discuss the fundamental
importance of the national telecommunications infrastructure and the
potential impact of the Year 2000 Problem on embedded
telecommunications networks and systems.
My comments today will focus primarily on wireline
telecommunications services. However, it is important to note that the
FCC is engaged in outreach and assessment initiatives in each of the
different subsectors of the communications industry, including
terrestrial wireless, radio and television broadcast, cable television,
international telecommunications and satellites. Appended to my
testimony, as Appendix A, is a summary of how each of these different
industries may be affected by the Year 2000 Problem and what industry
and the FCC are doing to address these problems.
background
As you are aware, there are many automated and intelligent systems
that were not designed to account for the millennial date change of
January 1, 2000, and if not addressed, the Year 2000 Problem or so-
called ``Millennium Bug'' could consequently affect every
telecommunications subsector. At the FCC, we have developed and
continue to develop outreach and advocacy strategies to raise industry
awareness of the issue, as well as methods for assessing and monitoring
the industries' efforts to address the problem. Finally, we have been
looking into ways to facilitate the development of effective
contingency plans in the event that a major disruption to the network
should occur.
As an initial matter, it is important to remember that no single
entity owns or controls the public switched telephone network. There
are the major telecommunications carriers, like the Bell Operating
Companies, GTE, AT&T, MCI and Sprint, that provide service to the
majority of the country. But there are also 1,400 small to mid-size
independent telephone companies that serve many rural and insular parts
of the country as well as the U.S. territories and possessions. And
these companies are only one in a long chain of interdependent
companies required for the network to operate domestically.
For example, in order to fix the Year 2000 Problem, the carriers
rely on manufacturers of central office switches and other network
equipment. And then there are the end users which must make sure their
equipment such as their telephones, voice mail systems, Private Branch
Exchanges (PBX's), and local area computer networks are all Year 2000-
ready otherwise they will not be able to send or receive voice and data
traffic. These groups are, in turn, dependent upon other manufacturers
for their equipment, who are, in turn, dependent yet again on other
providers for parts and services like power. And on it goes.
Without a doubt, the telecommunications network is a tremendously
complex and interdependent thing, and consists of millions of
interconnected parts. The public switched telephone network processes
millions of calls per minute. To transit each and every call, automated
and intelligent machines and systems (in the possession of the
thousands of telecommunications carriers and users described above)
make calculations for the most efficient multi-path, real-time
interaction of all points along the established circuit between the
call's origination and destination.
For example, in milli-seconds, a phone call from Washington, D.C.
to New York travels from your telephone, to the Private Branch Exchange
(i.e., switchboard) in your building, to the local exchange carrier's
central office switch, through the carrier's network components and
systems that route your call to an inter-exchange carrier (or
carriers), through long-distance trunk lines (or other
telecommunications facilities like microwave, satellite, fiber optic),
to another local exchange carrier's central switch, and ultimately to
the telephone on the other end. Make the same call two minutes later
and the call may be routed in a completely different manner as
calculated by the network.
The foregoing description points to the mathematical impossibility
(i.e., the infinite number of permutations and combinations of routing
possibilities and service events to transit a voice or data call) of
testing the entire public telephone network for Year 2000-readiness or
of expressing a high degree of confidence about the readiness of the
network. If any one of those components/systems (e.g., central office
switch), network elements (e.g., advance intelligent network, Signaling
System 7), or network interconnectors (e.g., local exchange carrier,
interexchange carrier, Internet Service Provider, private
telecommunications network user) is affected by the Year 2000 Problem,
a call might be disrupted.
However, I believe that with time and greater knowledge of the
scope of the problem, and by maximizing the amount of information
available to all companies faced with this problem, we will be able to
better predict where and how problems in the network are likely to
occur. In my role as Defense Commissioner, I plan to work closely with
the industry and the Network Reliability and Interoperability Council
to help them address these problems.
fcc efforts
In mid-March, the Commission created its Year 2000 Task Force. In
mid-April, at the request of FCC Chairman William Kennard, I agreed to
oversee the FCC's Year 2000 efforts and represent the agency on the
President's Council on Year 2000 Conversion, which was established on
February 4, 1998. I also co-chair with Dennis Fischer of the General
Services Administration (GSA) the Council's Telecommunications Sector
Group.
At the FCC, we are working to promote an effective public-private,
``mission-oriented'' partnership to ensure that users of
telecommunications services enjoy as close to the same level of quality
and reliability on and after January 1, 2000, as they do today. We
believe that the FCC can play an important role by encouraging
companies to share information with each other and with their
customers. This will increase the sharing of solutions, avoid
duplicative testing, help companies spot undetected problems, and
reduce customer uncertainty and anxiety.
In Appendix A, attached to my testimony, you will find summaries of
actions that the FCC has taken to promote its outreach and assessment
efforts. As a result, I will only highlight those efforts here.
In an attempt to encourage private sector compliance efforts and to
foster information sharing we have set up a special Internet site
(www.fcc.gov/year2000/) which has received over 24,000 hits to date.
Chairman Kennard, myself, the other commissioners, and FCC staff are
all highlighting this problem in speeches and in meetings with leaders
in the telecommunications industry.
We have sent over 200 letters to major companies and organizations
in all sectors of the telecommunications industry asking them about
their efforts to become Year 2000-ready. In June and July alone, we
organized eight informational forums with representatives of different
sectors of the telecommunications industry to facilitate information
sharing and see how the FCC can assist industry efforts to tackle the
Year 2000 Problem. In addition, I have asked representatives of each of
the communications subsectors to participate on the Telecommunications
Sector Group of the President's Council. We had our first meeting with
the industry participants on July 17, 1998. I believe that their
participation in the sector group will better facilitate communication
and information sharing between government and private industry.
We have elected this engagement approach, rather than an
adversarial, regulatory one for a number of reasons. First and foremost
among them is that there is very little time to get this job done. Only
private firms can fix these problems and we must have their full
cooperation and must obtain timely and candid disclosure of
information. We are of the opinion that a heavy regulatory approach
will lead to guarded communications, the involvement of lawyers rather
than technologists and managers, and a huge loss of time while we
haggle over requests and regulatory demands. Furthermore, most formal
regulatory actions require compliance with standard procedures which
often take months, time we do not have. Moreover, significant time
would be lost to developing, issuing, evaluating and compiling lengthy
data requests. Such efforts would divert both the FCC's limited
resources and those of the companies from actually working the problem,
which after all is what matters most.
Only the industry can fix this problem. It is important to remember
that telecommunications carriers and users rely upon a complex,
technical network that is engineered for near unfailing reliability.
The Bellcore standard is 99.9999 percent up time. (For example, the
Bellcore standard for switch reliability requires that any given switch
not be inoperable for more than 3 minutes per year. That is 3 minutes
of 525,650 minutes in a year.) Thus, these companies have a strong
stable of trained experts in network reliability issues. They have
experience with identifying threats to network reliability, planning
corrections and executing those corrections. They also have experience
doing similarly Herculean tasks, having pulled the public switched
telephone network apart during the AT&T divestiture and the re-
engineering that took place when the country instituted the three-digit
area code convention.
assessment
Our general assessment of the telecommunications industry remains
positive. Our inquiry letters dispatched in late April, for example,
asked 20 telecommunications carriers, accounting for roughly 98.1
percent of the country's access lines, to report on their critical
systems. We learned that generally, the carriers have completed their
review of the inventory for these systems, have completed assessing the
impact of the Year 2000 Problem on these systems, and they have set
completion dates for remediation, testing and integration by the
second-quarter of 1999.
We are led to believe that most major U.S. equipment manufacturers
will be able to meet projected demands for equipment. The major
manufacturers have had extensive Year 2000 programs in place for some
time, and have been working closely with both local and long distance
carriers to develop strategies for Year 2000-readiness. Manufacturers
report that most of their software and hardware products are already
Year 2000-ready and have been made available to customers. They have
targeted end-of-year 1998 or first-quarter 1999 for general
availability for all Year 2000-ready products. Our continuing dialogue
with the industry should allow us to assess any change due to
unexpected increases in the demand for products.
The carriers are also cooperating on interoperability and end-to-
end testing. Testing is (and will continue to be) the hardest, yet most
important, part. Most telecommunications companies estimate that
testing comprises 50-70 percent or more of their Year 2000 efforts. And
we have learned that testing often uncovers more problems that need to
be fixed.
The Telco Year 2000 Forum, which is comprised of eight large
regional local exchange carriers, has contracted with Bellcore and is
already performing integration testing on Year 2000-ready equipment.
ATIS, which is an industry-funded organization whose mission is to
advance new telecommunications technologies, will conduct inter-network
interoperability testing in January and February 1999, and is also
working with Bellcore. According to ATIS, the interoperability tests
should encompass network configurations that serve over 90 percent of
the country. This type of cooperative industry testing is very
important because it is nearly impossible to conduct interoperability
and end-to-end tests on the actual public switched telephone network.
Unlike the Securities Industry Association's interoperability tests
where the securities exchange network can be shut down from daily
traffic, the nation's phone network has to be up and running 24 hours a
day, 7 days a week and it involves millions of different elements. The
telephone companies cannot disconnect their network and turn the clock
ahead to the year 2000 to do a test.
I would also like to announce that C. Michael Armstrong, Chairman
and Chief Executive Officer of AT&T, has agreed to chair the Network
Reliability and Interoperability Council (NRIC) which will play a
central role in our Year 2000 efforts. The new Council will have a
staff group dedicated to the Year 2000 effort, headed up by A. John
Pasqua, Vice President-Corporate Year 2000 Program, also from AT&T, and
we hope a representative from a major equipment manufacturer. We
believe that NRIC will be invaluable in coordinating overall testing,
advising the FCC on the status of the industries' readiness, and
assisting the Commission in facilitating the development of contingency
plans. A representative of NRIC will also sit on the Telecommunications
Sector Group of the President's Council, which will facilitate
constructive dialogue between the industry and those government
entities that rely most heavily upon the telecommunications
infrastructure.
While we have programs in place to address this problem, all that
we have observed is not comforting. At this juncture, with respect to
the telecommunications industry, the FCC continues to be concerned
about the effect of Year 2000 problems on small to mid-size independent
carriers as well as on international telecommunications carriers. These
two areas of concern arise from the numerous informational meetings the
FCC's Bureaus have conducted and the reports received that many of the
companies: (1) may not realize (or may be slow to realize) the
seriousness of the problem; and (2) will not have the financial
resources, available personnel, or management structure to begin
implementing appropriate Year 2000 compliance measures.
With regard to the independent telephone companies, as I stated,
there are some 1,400 small to mid-size companies that serve many rural
and insular parts of the country. The Commission is working
continuously with various trade associations, to which many small and
mid-size carriers belong, in an effort to alert their members that they
need to begin Year 2000 remediation efforts now. Moreover, the FCC has
commenced a dialogue with the National Association of Regulatory
Utility Commissioners (NARUC), and specifically the association's
Communications Committee for the purpose of promoting State-level
awareness of the Year 2000 Problem because of the close regulatory
relationship between telecommunications carriers and their State
regulators. In fact, just two days ago I attended NARUC's annual Summer
meeting where they convened a Communications Committee panel on State-
level Year 2000 initiatives. Finally, the FCC intends to transmit
letters to each and every one of the 1,400 small and independent
carriers in the coming weeks.
We are even more concerned about international telecommunications
carriers. The United States, Canada and the U.K. are forging ahead, but
we have many concerns about carriers in other nations, especially those
in developing countries, that have not yet taken the necessary steps to
prevent system failures. We are further concerned that international
economic challenges may prevent foreign carriers and users from
addressing the Year 2000 problem. For example, in Europe, we have
concerns as to whether carriers and users will be ready for the onset
of the Euro and still be able to implement Year 2000 compliance
efforts. Moreover, in Asia, we are concerned that the current recession
and economic difficulties could prevent carriers and users from
satisfactorily meeting the Year 2000 challenge.
In concert with the other Bureaus and offices of the Commission,
the FCC's International Bureau hosted a series of roundtable
discussions with the U.S. communications sector to raise awareness,
seek solutions, and informally survey progress of industry efforts. In
tandem with these roundtables, we have raised the issue with foreign
delegates in the context of the FCC Visitor's Program and Foreign
Regulator Workshops. The Year 2000 problem has also been addressed in
speeches presented in bilateral discussions and international forums.
We have also circulated letters to the U.S. international
telecommunications companies informing them of our efforts and
encouraging them to take prompt and effective action, including with
their foreign correspondents.
In addition, the International Telecommunications Union (ITU) has
been addressing this issue. The ITU has established a Year 2000 Task
Force with five subgroups (including a contingency planning subgroup)
spearheaded by British Telecom's Ronald Balls to increase international
awareness and provide direction on the global Year 2000 Problem. The
ITU also has circulated ``The Year 2000 Millennium Compliance
Questionnaire'' to its 5,000 members governments, telecommunications
carriers, and operators however, the response has been poor. The ITU is
redoubling its efforts to mobilize governments to put pressure on
operators to respond to the questionnaire. The questionnaire will serve
to uncover where efforts are needed and what resources should be
directed to those countries.
Other activities of the ITU include hosting workshops, making
presentations, and participating in discussions and roundtables. It has
established a ``Y2K Ambassadors'' program to serve as regional
coordinators for assistance on Year 2000 Problems and activities around
the world. The FCC has agreed to be such an Ambassador for the region
of the Americas. The ITU is supporting and involved with Year 2000
testing in Europe and Africa, and dispersing information on various
Year 2000 standards such as those of the British Standards Institute
(BSI) to telecom and satellite operators, which are its members.
impact of year 2000
As I stated earlier, the telephone network is a very complicated
and interdependent thing and consequently it is difficult to predict
with any level of certainty all the ways that the failure of one piece
of the network could trigger failures elsewhere in the system. For
example, if calls to a particular country fail to be completed, there
will likely be many redial attempts, which will place increased burden
on one central office switch. Securities trading may target a specific
country at a particular time of day. Calls that do not go through will
result in increased and unexpected traffic at that switch. In addition,
a carrier may be unable to bill correctly for calls. As a result, the
carrier receives no revenue or delayed revenue from its customers. As a
consequence, the carrier is unable to pay its suppliers in a timely
manner.
There are also secondary effects to consider. For example, although
no date-sensitive information crosses the interface between two
carriers, the Year 2000 issue poses problems when carriers try to
conduct maintenance on systems. Performance data is collected on either
side of the interface. Some reports are generated on a date/time basis.
The problem arises when a failure occurs. If one carrier sees a problem
and the other does not, it is difficult to determine which carrier is
right, and therefore difficult to identify the root of the problem.
There could also be testing and coordination delays. Most carriers are
planning to conduct Year 2000 tests with each other.
These are only examples of the types of problems the industry must
confront in addressing the impact of the Year 2000 Problem. I believe
our role is to facilitate the sharing of information that both raises
concerns like these and facilitates the search for solutions.
the role of the fcc defense commissioner
In addition to my role as FCC Commissioner and member of the
President's Council, I have additional responsibilities in connection
with my role as the designated Defense Commissioner. Section 0.181,
Title 47 of the Code of Federal Regulations sets out the duties of the
Defense Commissioner at the FCC. In Appendix B, appended to this
statement, you will find a copy of this section of the code.
In my role as Defense Commissioner, I have endeavored to make sure
that the FCC is ready to continue operations in the event of a national
emergency. In this regard, our Compliance and Information Bureau (CIB)
has been revising the agency's continuity of operation plan to ensure
that the agency will continue its work in the event of an emergency
that affects FCC headquarters. The revised plan was developed with the
help of an expert from National Communications System (NCS) who was
detailed to the Commission to help with this project.
In addition, CIB has recently reviewed and evaluated its plan to
handle emergency authorizations and other industry-related needs if an
emergency were to occur after business hours. In general, this
procedure grants CIB the authority to authorize special temporary
authority for services requested that it believes are necessary to
ensure safety and the continued operation of the network.
With respect to national emergency plans, I inherited some plans
when I took on the role of the Defense Commissioner. CIB is reviewing
and updating these plans. Any plans will be coordinated with NCS. As I
stated earlier, it is premature to make even educated guesses on where
our efforts in contingency planing will best be served, but I will work
with NCS and the industry in this regard.
actions that the congress and the administration should take to
facilitate year 2000 compliance efforts
Without a doubt, the legal liability issue is one of the most
serious impediments that continues to impede the flow of timely and
candid information. Concerns with respect to releasing information
related to Year 2000 compliance have been raised at every one of our
informational forums. The concerns proffered by industry are associated
in part with issues of product disparagement, antitrust violations,
third-party liability, carrier-vendor contractual relations, and so on.
Consequently, some companies have been reluctant to divulge information
due to concerns about liability.
We support the efforts to pass legislation that would promote the
exchange of information by limiting the way such information could be
used against the company. Respondents to FCC requests for information
have requested confidential treatment, invoking 47 CFR Sec. 0.459.
Several others have labeled their submissions to the letters
``proprietary information.'' Others have expressed reluctance at our
sharing this information, despite having not made an explicit
confidentiality request. Another factor that interplays is the Trade
Secrets Act, 18 U.S.C. Sec. 1905, which provides criminal penalties for
unauthorized disclosure of information. Thus, I believe there is a
significant role to be played by the Congress and the Administration
with regard to the legal liability issue and other barriers to the
information flow.
conclusion
As we move closer to the Millennium, all of our concerns become
more acute. Our efforts so far have begun to establish the kind of
inter-company and private/public partnerships that will facilitate the
flow of information and get it to those most in need. It will also
permit the government to become aware of and respond to needs of the
industry as they arise. Our national well-being is dependent upon the
reliability of all the nation's telecommunications networks, and
government and industry must work together to ensure that whatever
disruptions occur do not lead to widespread outages and failures. To
that end, the FCC is committed to taking whatever actions it can to
facilitate information sharing and industry compliance efforts.
I would be happy now to answer your questions.
Appendix A.--Overview of the Year 2000 Problem in the Communications
Sector: Concerns and Actions
common carrier bureau
Biggest concerns
--Upgrading network switches (although manufacturers are on schedule
to provide fixes).
--Upgrading Customer Premises Equipment (CPE), voice mail systems,
Private Branch Exchanges (PBX's), ensuring interoperability
with the network.
--Ensuring telephone companies (telcos) cooperate fully with major
customers and each other to facilitate Year 2000
interoperability testing.
--Ensuring small telcos have the resources and expertise needed to
fix the problem.
--Dealing with billing and other internal systems.
What the FCC is doing
--Held roundtable forum, entitled Wireline Telecommunications
Networks and the Year 2000 Problem on June 29, 1998. In
attendance were representatives of users and user groups, large
local exchange carriers, and smaller independent carriers, as
well as long distance carriers, trade associations, the Telco
2000 Forum, ATIS and equipment manufacturers. The purpose of
the forum was to facilitate the sharing of solution to Year
2000 problems and to identify barriers to solving Year 2000
problems.
--Held meeting at the FCC of the Telecommunications Subcommittee of
President's Conversion Council on Year 2000, on July 17, 1998,
in which representatives from the telecommunications industry
including trade associations and industry groups, such as the
Telco 2000 Forum were deputized to ensure efficient and
responsive industry input to Conversion Council on Year 2000
issues.
--Met with large and small telcos, telephone trade associations,
switch manufacturers, financial interests (banks and clearing
houses) and other major users.
--Met with Year 2000 project managers from manufacturers and telcos
to impart the Commission's concern and to obtain additional
information about their Year 2000 programs.
--Requesting information from telcos, equipment manufacturers, trade
associations and Bellcore; and encouraging the sharing of Year
2000 information among industry participants.
--Assessing possible regulatory actions to facilitate Year 2000
readiness, including requiring detailed information on Year
2000 compliance, if necessary.
--Sharing information with other Federal agencies, and improving the
FCC Year 2000 website with updated information and links to
other Year 2000 websites.
--Analyzing responses to detailed information requests sent to all
local exchange carriers and interexchange carriers, as well as
to some smaller carriers, and to the major telephone equipment
manufacturers on their Year 2000 efforts. Responses have begun
arriving. As of June 11, 1998, nineteen companies had filed
responses. These efforts will help develop a clearer picture of
the Year 2000-readiness of the telecom sector.
--Encouraging companies and industry trade associations to make more
information about their Year 2000 efforts available to the
public through their websites.
--Continuing outreach efforts to ensure that all companies understand
the seriousness of the problem, as well as monitoring to obtain
as much information as possible.
What industry is doing
--Participated in FCC roundtable discussion on year 2000.
--Deputized representatives from telecommunications industry on
Telecommunications Subcommittee of President's Conversion
Council on Year 2000, in meeting held at FCC on July 17, 1998.
--Major telephone companies have been devoting significant resources
to ensuring that primary telecommunications networks continue
to function on and after January 1, 2000.
--Eight regional telcos have formed the Telco Year 2000 Forum to
share information and facilitate intranetwork testing of
remediated systems.
--The Alliance for Telecommunications Industry Solutions (ATIS),
funded by exchange and interexchange carriers, is undertaking
the development of laboratory tests (now scheduled for January-
February 1999) of inter-network interoperability of remediated
systems.
--Bellcore is providing expertise, leadership, testing facilities and
technical standards for Year 2000 compliance.
--U.S. Telephone Association sent out an advisory to its members in
mid-1997.
cable services bureau
Biggest concerns
--Power system failures could disrupt cable service, including the
cable system's emergency alerting system messages.
--Timed controllers used for pay-per-view and other video
programming, commercial insertion, local origination equipment
and converter boxes are examples of equipment which may
malfunction.
--Billing systems could generate faulty data.
--Satellite telecommunications links could be disabled.
What the FCC is doing
--Sent inquiries to major cable television companies, cable equipment
manufacturers and cable trade associations regarding Y2K.
--Posted questions on the internet regarding Year 2000 problems in
cable systems to more than 1,500 cable engineers and
technicians.
--Conferred with CableLabs, the research arm of a consortium of cable
companies, which has established an industry task force to
address Y2K issues. Will continue this dialogue.
--Trained Cable Services Bureau telephone contact representatives to
answer questions from the public and operators regarding Y2K
problems and compliance.
--Conducted six workshops on Y2K issues at the annual Cable Tec Expo
in Denver this June, which was attended by approximately 9,000
technicians, engineers and information technology specialists.
Also, discussed Y2K concerns, possible disruptions and
potential remedies with 37 equipment manufacturers and vendors,
programmers, a city official and large and small cable
operators on the exposition floor.
--Held a closed forum for the cable industry and will hold an open
forum for the public and the cable industry.
--Developing a cable Y2K fact sheet to be placed on the FCC Year 2000
website and distributed to the public and the cable industry
upon request.
--Continuing dialogue with cable operators and equipment
manufacturers, including informal sessions with multiple system
operators (MSO's).
What industry is doing
--CableLabs has formed a Year 2000 working group that consists of the
major cable multiple system operators. These MSO's encompass a
significant number of cable subscribers and a large majority of
the nation's cable systems. Cable operators who are not members
of the Year 2000 Working Group will still benefit from the
group's efforts because CableLabs is conducting a nationwide
assessment and will share information with all cable operators.
--To our knowledge, the CableLabs group intends to meet every two
months to monitor the progress of the industry and to provide
the industry with CableLabs' research. In addition, CableLabs
will monitor the equipment of cable suppliers to determine Y2K
compliance. In September, 1998 in Denver, CableLabs plans to
hold a cable vendors conference at which cable equipment
suppliers, cable billing systems vendors, and vendors of
television commercial insertion equipment are invited to attend
and confer on their progress in achieving Y2K compliance.
--Many cable associations, including NCTA, the Cable
Telecommunications Association (CATA), and the Small Cable
Business Association (SCBA) are actively involved in collecting
and disseminating Y2K information and solutions to its members.
--Many cable operators, independent of their activities at CableLabs,
are also actively working with equipment vendors to resolve Y2K
concerns for their systems equipment.
mass media bureau
Biggest concerns
--Emergency Alert System may fail just when it is needed most.
--Lack of broadcast news may result in misinformation and mass panic.
--Old transmitters with embedded microprocessor chips and stations
with customized transmitter control systems may be hard to test
or fix.
--Power system failures could disrupt broadcast service.
What the FCC is doing
--Speaking out on Year 2000 issues at National Association of
Broadcasters (NAB) convention and other fora.
--Writing to broadcasters networks and trade associations. Responses
received indicate dedicated staff and high priority to
minimizing disruption of on-air operations.
--Writing to largest radio and television station group owners, which
account for the majority of broadcast stations.
--Meeting with broadcasters and equipment manufacturers.
--Held Y2K forum with representatives of radio and television
broadcast associations, networks and large and small broadcast
station owners to discuss Y2K challenges to the broadcast
industry.
What industry is doing
--NAB has created a website on Year 2000 issues and assigned a Senior
Vice President to work on the issue.
--NAB is covering the issue in publications, addressing state
broadcast association conventions and planning seminars for its
own future conventions.
--Equipment and software vendors are contacting customers with
information on which equipment or systems are Y2K compliant,
which need hardware upgrades or software updates and which
equipment or software is so old or obsolete it is no longer
being supported and must be replaced.
wireless telecommunications bureau
Biggest concerns
--The public safety wireless community has only recently become aware
of the Year 2000 problem; and while most modern radio systems
in use by police, fire and other emergency services are not
expected to experience problems, the pervasive use of computers
in support roles such as computer-aided dispatch and the use of
older radio equipment raise questions of the vulnerability of
these important emergency services.
--FCC requires illumination of certain antenna structures or towers
where there is a reasonable possibility that a tower may cause
a hazard to air navigation. Potential failure of the power grid
in addition to the impact of possible Year 2000 problems in the
equipment that monitors, alarms and controls tower lighting
raises the possibility of a threat to air safety from unlit
towers.
What the FCC is doing
--Writing the major wireless companies, radio equipment
manufacturers, frequency coordinators and wireless community
associations.
--Convening roundtable discussions with the public safety community,
the commercial wireless community and the private wireless
community.
--Encouraging wireless industry and trade association publication of
articles on Year 2000 problems and experiences.
--Reviewing options to alert and educate the tower lighting
community, which includes registered tower owners, equipment
manufactures and also licensees; and to assure responsive
action assessing the potential for failure and preparing for
remedial action.
What industry is doing
--Radio manufacturer have surveyed their equipment, indicated that
most of the current equipment is compliant and made information
available to licensees for fixes, where necessary.
--The larger commercial wireless communications carriers have
surveyed their own equipment and the equipment and services of
suppliers and contractors for compliance; they are in the
process of taking remedial action. Future testing is planned.
international bureau
Biggest concerns
--Whether foreign telecommunications companies, especially large
segments of the developing world, will be able to provide
service on January 1, 2000. This could have a huge impact on
international trade, foreign investment, the global economy,
and even national security.
--Whether the operability of the global telecommunications network,
which is critical to public safety, emergency preparedness and
personal communications will be jeopardized.
--In many foreign countries, particularly in Asia and Africa,
telecommunications companies are only now becoming aware of the
Year 2000 problem and they lack the resources to fully address
it.
--We are concerned that some telecommunications carriers have not yet
taken the necessary steps to prevent system failures.
--We are concerned that international economic challenges may prevent
foreign carriers and users from addressing the Year 2000
problem, (e.g., in Europe, whether carriers and users will be
ready for the conversion of the Euro and still be able to
implement Y2K compliance efforts and in Asia, whether the
current recession and economic difficulties could prevent
carriers and users from addressing the Y2K challenge).
--We are concerned that terminating calls overseas, which relies on
the networks of foreign Public Telecom Operators (PTO's) could
be a problem.
--We are concerned about the Y2K readiness of satellite systems. The
primary concern regarding satellite systems appears to relate
to the earth stations, which control the satellites from the
ground, rather than the satellites, themselves, which generally
are not date-dependent.
--We are concerned whether revenue streams will be curtailed by
operations/support systems (billing) problems associated with
telecom networks and earth to space degradation and/or complete
failure.
What the FCC is doing
--Writing to international telecommunications companies and satellite
and HF service providers.
--Publishing letters in industry publications and ITU publications.
--Increasing international awareness through the International
Telecommunications Union's Year 2000 Task Force and providing
direction on Year 2000 readiness. Working with the ITU to
educate and motivate foreign telephone companies.
--Actively working with the ITU's Year 2000 Task Force to increase
international awareness and provide direction to member
governments and companies on Year 2000.
--Planning roundtable discussions to raise awareness seek solutions,
and informally survey progress of industry's efforts to ensure
that industry is doing all it can to avoid any disruptions in
service. A roundtable with international telecommunications
carriers was held on June 29. One for the satellite industry
was held on July 14.
--Raising issues with foreign delegates, in tandem with these
roundtables, in the context of the FCC's Visitor's Program and
Foreign Regulator Workshop.
--Speaking out about the Year 2000 problem at international
telecommunications meetings in bilateral talks and
international fora.
--Writing a letter to foreign regulators from Chairman Kennard and
Commissioner Powell discussing the Y2K problem, providing
information and asking about their needs.
We are considering
--Encourage companies, service providers and manufacturers to
complete the ITU questionnaire.
--Play a more active role in the ITU's contingency planning subgroup
of the year 2000.
--Work with our regulatory and governmental counterparts to get them
to press their PTO's to act more effectively and quickly.
--Play a coordinating role in the Year 2000 testing for U.S.
international carriers.
What industry is doing
--Telecommunications companies are working hard to fix Year 2000
problems.
--Most, if not all, U.S. telecommunications companies have
established Y2K czars and offices for Year 2000 compliance, and
are dedicating considerable resources to the issue.
--Satellite companies have set up ``war rooms'' to deal with the Year
2000 problems.
--A number of U.S. international companies have ambitious programs
underway to work with suppliers, customers and vendors to
address the problem in conjunction with well-designed
contingency programs. They have dedicated considerable revenues
to such initiatives. Some are scheduled to do Year 2000 testing
in 1999 before the Year 2000.
--A few U.S. international carriers plan to complete inventory
assessment and remediation by 1999 and dedicate 1999 to sample
testing with customers..
--Several countries, including the United Kingdom, Canada, and
Australia have high-profile efforts under way to tackle the
Year 2000 bug, and their telecommunications companies (e.g.,
British Telecom) are working with foreign partners on the
problem.
--U.S. and foreign carriers are working actively in the ITU Task
Force on Y2K and participating in subgroups pertaining to the
Task Force. Responding to the ITU Questionnaire on Y2K
compliance.
--A couple of foreign carriers (e.g. DT) have established testing
through the assistance of the ITU.
compliance and information bureau
Biggest concerns
--Ensuring that internal database systems and equipment used by the
Bureau for enforcement purposes is Year 2000-compliant.
--Preparing the National Call Center to collect data and respond to
inquiries relating to Year 2000.
What the FCC is doing
--Checking CIB database software and computers used in the
enforcement program, such as mobile and fixed direction finding
systems, Global Positioning System (GPS) receivers and the
software used to operate these systems.
--Preparing to collect data regarding calls received by the National
Call Center and to provide information to the Call Center
personnel from other Bureaus and Offices to use in responding
to incoming Year 2000 calls.
--Developing plans for continuity of operations, emergency
authorizations, and national emergency preparedness.
office of engineering and technology
Biggest concerns
--Telecommunications share best practices; appropriate
telecommunications network testing be conducted; appropriate
real-time telecommunications network monitoring take place.
--Telecommunications equipment testing labs not close down or
generate faulty data due to Year 2000 problems.
What the FCC is doing
--Working with member companies of NRIC to define NRIC role that adds
value to existing activities.
--Letters sent to more than 300 testing labs.Office of the General
Counsel
What the FCC is doing
--Reaching out to the Communications Bar to increase their awareness
of Year 2000 issues and urge them to press telcos to increase
their efforts to address the problem.
office of plans and policy
What the FCC is doing
--Examining whether the Internet will be affected by Year 2000
problems.
--Contacting Internet organizations and Internet equipment vendors.
office of inspector general
Biggest Concern
--The possibility that the Commission's mission-critical systems will
not be Year 2000 compliant.
What the FCC is doing
--Participating on a Year 2000 task force addressing the Commission's
mission-critical information systems and Information Technology
infrastructure.
--Participating on a Year 2000 task force monitoring the
telecommunications industry.
--Monitoring the activities of other Inspectors General, the Office
of Management and Budget, and the General Accounting Office.
Appendix B
Sec. 0.181 The Defense Commissioner.
A Defense Commissioner and two Alternate Defense Commissioners are
designated by the Commission. The Defense Commissioner directs the
defense activities of the Commission and has the following duties and
responsibilities:
(a) To keep the Commission informed as to significant
developments in the field of emergency preparedness, defense
mobilization, and any defense activities that involve
formulation or revision of Commission policy in any area of
responsibility of the Commission.
(b) To represent the Commission in national defense matters
requiring conferences or communications with other governmental
officers, departments, or agencies.
(c) To act as the Defense Coordinator in representations with
other agencies with respect to planning for the continuity of
the essential functions of the Commission under national
emergency conditions, and to serve as the principal
representative of the Commission to the Interagency Emergency
Planning Committee of the Federal Preparedness Agency/General
Services Administration.
(d) To serve as the principal representative of the
Commission to the Interagency Civil Defense Committee of the
Defense Civil Preparedness Agency of the Department of Defense.
(e) To serve as the principal point of contact for the
Commission on all matters pertaining to the National
Communications System.
(f) To take such measures as will assure continuity of the
Commission's functions under any foreseeable circumstances with
a minimum of interruption.
(g) In the event of enemy attack, or the imminent threat
thereto, or other disaster resulting in the inability of the
Commission to function at its offices in Washington, D.C., to
assume all of the duties and responsibilities of the Commission
and the Chairman, until relieved or augmented by other
Commissioners or members of the staff, as set forth in
Sec. Sec. 0.186 and 0.383.
(h) To approve national emergency plans and develop
preparedness programs covering: provision of service by common
carriers; broadcasting facilities, and the safety and special
radio services; radio frequency assignment; electromagnetic
radiation; investigation and enforcement.
(i) To perform such other duties and assume such other
responsibilities related to the Commission's defense activities
as may be necessary for the continuity of functions and the
protection of Commission personnel and property.
[29 FR 14664, Oct. 28, 1964, as amended at 41 FR 31209, July 27, 1976]
______
Responses of Commissioner Michael K. Powell to Questions Submitted by
Chairman Bennett
Question 1. I know that the telecommunications industry like other
industry sectors this Committee has reviewed suffers from a lack of
status information. Having said that, What is your assessment of the
preparedness of the telecommunications industry? Will there be outages?
What are the biggest Year 2000 vulnerabilities in the public-switched
networks?
Answer. The Federal Communications Commission's (``FCC'') overall
assessment of the wireline telecommunications industry continues to be
positive. Based on our current assessment of personnel resources
dedicated, financial resources allocated, time spent combating the
problem (on average, 2-3 years), and the sophistication of assessment
and execution plans devised, we currently believe that major U.S.
carriers (who, on average, have spent $300 to $400 million) and
equipment manufacturers are aggressively attacking the Year 2000
Problem. We are also relatively confident of the carriers'
representations that they are engaged in remediation efforts that will
provide users of telecommunications services with as close to the same
level of quality and reliability on and after January 1, 2000, as they
do today.
As I stated to the Committee on July 31, 1998, the Commission sent
inquiry letters in late April 1998 to the top 20 domestic
telecommunications carriers, accounting for more than 97 percent of the
country's total access lines, asking them to report on their critical
systems. We learned that, generally, those carriers have completed
their review of the Year 2000 Problem on these systems, and have set
dates for remediation, testing and integration that are scheduled to be
completed by the end of the second-quarter of 1999.
The information we have received suggests that the major U.S.
equipment manufacturers also will be able to meet projected demands for
upgraded equipment. The major manufacturers have had extensive Year
2000 programs in place for some time, and have been working closely
with both local and long distance carriers to develop strategies for
Year 2000-readiness. Manufacturers report that most of their software
and hardware products are already Year 2000-ready and have been made
available to customers. They have targeted end-of-year 1998 or first-
quarter 1999 for general availability for all Year 2000-ready products.
Domestic wireline carriers are also cooperating on interoperability
and end-to-end testing. The Telco Year 2000 Forum (which includes
Ameritech, Bell Atlantic, BellSouth, GTE, SBC Communications, Southern
New England Telephone Company, and U.S. West) has contracted with
Bellcore and has already begun to perform integration testing on some
equipment. The Alliance for Telecommunications Industry Solutions
(``ATIS''), a domestic wireline telecommunications industry funded
organization whose mission is to advance new telecommunications
technologies, will conduct inter-network interoperability testing in
January and February 1999, and is also working with Bellcore. According
to ATIS, the interoperability tests should encompass network
configurations that serve over 90 percent of the country.
It is important to note that there are more than 1,300 small to
mid-size companies that serve many rural and insular parts of the
country. We have a lesser degree of confidence about their Year 2000
readiness efforts. But that pales in comparison to our concern about
international telecommunications carriers, especially those in
developing countries, that have not yet taken the necessary steps to
prevent system failures. Because global telecommunications rely upon
the seamless interconnection of many different networks, the
international dimensions of the Year 2000 Problem are especially
significant. We note, however, that U.S. international carriers are
active participants in the ITU Y2K task force, its working groups, and
its correspondence groups, where their contributions are substantial.
Also, we are considering playing a more active role in the ITU's
contingency planning subgroup of the ITU's Year 2000 task force.
The Commission is also concerned about Year 2000 effects on
Customer Premises Equipment (``CPE'') that permit customers to access
the public switched telephone network. It is also important to note
that CPE is not part of the public switched networks that are operated
by telephone companies, but instead is owned by public and private
entities that must assume the responsibility for insuring that their
CPE will be Year 2000-ready. This concern extends more generally to all
internal communications networks, and especially to those
communications networks and systems that connect with public switched
networks. Private Branch Exchange (``PBXs''), CPE, internal networks
and connections, telephone systems and all other privately maintained
telephone equipment must be Year 2000-ready and able to access properly
the telephone network. Equipment manufacturers have stated that they
are ready to work with their customers on these systems, but have
expressed concern that not all customers are taking steps to insure
that their equipment and systems will be Year 2000-ready.
Finally, the Commission is concerned about the proper functioning
of the national power grid which supplies, in the first instance,
electricity for all telecommunications carriers. Telecommunication
carriers are, however, developing contingency plans in the event power
supply failures occur.
Question 2. It seems to me that the FCC has been very slow to
respond to Y2K and its impact on communications. Furthermore, the
Network Reliability and Interoperability Council's (NRIC) report on the
implementation of the Telecommunications Act of 1996 which was
completed on July 15, 1997, devoted only 3 sentences out of 266 pages
to Y2K. I commend you on the excellent choice of Michael Armstrong, CEO
of AT&T, to head NRIC. It is imperative at this late date that they get
to work. What is the status of the NRIC tasking? Why was NRIC not
tasked earlier? Would you please say more about NRIC's plans to assess
the impact of Y2K on all aspects of the communications industry (voice,
data, wire, broadcast, radio, wireless cable and satellite)?
Answer. I share the disappointment of some members of the Committee
that prior to 1998 the Network Reliability and Interoperability Council
(``NRIC'') devoted relatively little attention to the Year 2000
Problem. As originally chartered to implement the Telecommunications
Act of 1996, the NRIC was directed to provide recommendations both for
the Commission and to the telecommunications industry to assure optimal
reliability and interoperability of, and accessibility and
interconnectivity to, public telecommunications networks in an
increasingly competitive environment. The focus of the NRIC's
recommendations was to ensure the ability of users and information
providers to seamlessly and transparently transmit and receive
information between and across telecommunications networks. As a
consequence, the NRIC focused on its overall mission of network
reliability, interoperability and interconnectivity, rather than
focusing exclusively on the Year 2000 Problem.
We have been working to direct the focus of a newly constituted
NRIC to address more aggressively the Year 2000 Problem. Part of that
effort was the selection of C. Michael Armstrong, Chairman and Chief
Executive Officer of AT&T, as the NRIC Chairman. Another significant
component of that effort was the creation of a staff group dedicated to
the Year 2000 effort, headed up by A. John Pasqua, Vice President-
Corporate Year 2000 Program, also from AT&T.
The newly constituted NRIC--which will include representatives from
all the communications industries, including broadcast and cable, as
well as equipment manufacturers and Internet Service Providers
(``ISPs'')--will play an important oversight role with respect to
interoperability and end-to-end testing. We believe that this
organization will be invaluable in coordinating the overall testing,
collection and dissemination of information, in addition to advising
the Commission on the status of industry readiness, and facilitating
the development of contingency plans.
We have been working with the NRIC to develop a plan for addressing
the Year 2000 issue. The Council will be broken down into a series of
focus groups, each with a prominent leader/coordinator, that will look
at specific Year 2000 issues (i.e., assessment, network
interoperability, and end-user specific problems). Announcements
regarding this organizational approach, as well as the date of the re-
chartered NRIC's first meeting will be made shortly. Work on these
interoperability, interconnectivity and reliability issues, however, is
proceeding daily.
It is important to note, however, that the NRIC is only one of the
many tools the Commission is using to assist it in its effort to
address the Year 2000 Problem. There are also several prominent
telecommunications organizations that are actively engaged in
addressing the issue of testing and contingency planning. The Telco
Year 2000 Forum, ATIS and other industry groups are providing valuable
assistance in facilitating information sharing, building private
partnerships, and coordinating testing and contingency planning. The
Commission will continue to work with and rely upon these industry
organizations.
Question 3. We understand that FCC will eventually ask NRIC to
assess the impact of the Year 2000 Problem on our nation's network, to
encourage sharing of information on solutions, and to facilitate end-
to-end testing of networks. We understand that NRIC is not yet engaged,
but does FCC have any preliminary results in these areas?
Answer. Yes. The Commission is engaged in its own assessment of the
various communications industries. As stated in response to Question 1,
our current assessment of the wireline telecommunications industry is
relatively positive. That assessment is based on the responses--of
major U.S. telecommunications carriers and manufacturers--to our
written inquiries and is also based upon the numerous informational
meetings and forums that have been conducted by the FCC's Common
Carrier and International Bureaus.
It should be emphasized that the Commission has taken its
responsibility to monitor the pace and extent of the telecommunications
industry's Year 2000 compliance efforts seriously since first becoming
aware of the problem several years ago, and has been working to ensure
that the Year 2000 challenge is properly addressed. For example, the
Commission started to examine and fix its internal computer systems in
1995. In early 1997, the FCC's Bureaus and offices made a coordinated
effort to find out what the telecommunications industry was doing about
the problem, and continuing efforts have been underway to update and
improve our understanding of the nature, and extent, of all of the
issues that need to be addressed.
Question 4. Could you tell us, as the Chairman of the President's
Year 2000 Conversion Council Telecommunications Working Group, has the
Group developed a strategy and an action plan for assessing the Year
2000 readiness of the telecommunications sector?
Anwer. In late April 1998, at the request of FCC Chairman William
E. Kennard, I agreed to oversee the Commission's Year 2000 efforts and
represent the agency on the President's Council on Year 2000
Conversion, which was established on February 4, 1998. Immediately
following my selection to the Council, I was asked to co-chair with
Dennis Fischer of the General Services Administration (``GSA'') the
Council's Telecommunications Sector Group.
One of my first priorities upon assuming leadership was to devise a
sector outreach plan for the Commission and to use that document as the
model for the entire Telecommunications Sector Group. In brief, that
plan has contained three distinct, but interrelated operational
concepts: (1) outreach and advocacy, (2) monitoring and assessment, and
(3) contingency planning.
One of the primary objectives of the Commission's effort has been
to encourage private-sector Year 2000 compliance and to foster
information sharing. As part of its outreach and advocacy initiative,
the Commission has set up a special Internet site (www.fcc.gov/
year2000/) and sent over 200 letters to major companies and
organizations in all sectors of the communications industry--including
wireline telephony, terrestrial wireless, radio and television
broadcast, cable television, satellites, and international
telecommunications. Chairman Kennard, myself, the other commissioners,
and Commission staff are all emphasizing the importance of this problem
in speeches and in meetings with leaders in the telecommunications
industry.
Another critical obligation of the Commission is to monitor
industry Year 2000-readiness efforts and to assess the pace and extent
of the implementation of remedial actions. In June and July alone, the
Commission organized eight roundtables with representatives of
different sectors of the communications industry to facilitate
information sharing and see how the Commission can assist industry
efforts in addressing the Year 2000 Problem. The Network Reliability
and Interoperability Council is gearing up to advise the Commission on
technical issues and to take steps to foster industry cooperation on
Year 2000 compliance testing and other related problems.
Finally, the FCC is engaged in an effort to make sure that the
Commission is ready to continue operations in the event of a Year 2000
event, and is committed to working with the National Communications
System (``NCS'') and the communications industry to facilitate the
development and, if necessary, execution of contingency plans in the
event that a major service disruption should occur.
Question 5. I understand that, FCC has requested detailed
information from over 200 telecommunications companies, equipment
manufacturers, trade associations and contractors, but has only
received 19 responses. How do you account for this less than 10 percent
response rate? What are you doing to improve responsiveness?
Answer. The Commission has received 82 responses to the 200 inquiry
letters that were sent. While the letters to the wireline carriers,
manufacturers and related organizations mandated a response, the
letters to the other industries requested responses on a voluntary
basis, thus accounting for, to some degree, the difference between the
wireline and non-wireline response rates.
The comparatively low response rates that we have received from the
non-wireline sectors of the telecommunications industry has helped us
to understand that there needs to be a much more dramatic outreach
effort. In this regard, we are in the process of redoubling the efforts
of each Bureau to increase outreach efforts, especially in the wireless
area, and we have been working to improve the usefulness of the
information that is available on the Commission's Year 2000 Internet
site (www.fcc.gov/year2000/). The Commission also intends to send
additional letters to U.S. international telecommunications carriers
and organizations, and to all wireline telecommunications carriers, by
the end of September 1998, and to initiate a second round of
assessments across all industries.
Question 6. You note in your testimony that FCC's power to force
carriers, manufacturers and telecommunications users to address the Y2K
problem is limited. What specifically are the FCC's regulatory powers?
What can the FCC do to ensure that the telecommunication industry will
be ready in time? Will this be enough or does the FCC need more
authority?
Answer. The Federal Communications Commission has broad regulatory
jurisdiction over interstate and foreign (international)
telecommunications carriers (i.e., common carriers), whether such
service is provided by radio or wire. This includes, for example, the
authority to adopt rules and impose conditions in the public interest,
see, e.g., 47 U.S.C. Sec. Sec. 154(i), 201(b), 303(r); the authority
to issue radio licenses and common carrier certificates in the public
interest, 47 U.S.C. Sec. Sec. 214, 309; the authority to revoke radio
licenses, 47 U.S.C. Sec. 312(a); the authority to issue cease and
desist orders, 47 U.S.C. Sec. 312(b); the authority to impose
forfeitures, 47 U.S.C. Sec. 503(b); and the authority to collect
information, see, e.g., 47 U.S.C. Sec. Sec. 218, 308(b), 403, 409(e).
We do have some concerns, however, that an overly regulatory
approach could undercut more productive cooperative efforts by the
carriers involved. Consequently, the Commission has initially
implemented a Year 2000 effort designed to work cooperatively with the
carriers to help accomplish Year 2000 compliance. In this regard, we
have been working with each sector of the telecommunications industry
to promote a collaborative, ``mission-oriented'' partnership to ensure
that users of telecommunications services enjoy as close to the same
level of quality and reliability before and after January 1, 2000, as
they do today. We are taking a similar approach with other industries
regulated by the Commission (e.g., radio and television broadcast,
cable television).
Nevertheless, we continue to evaluate various regulatory options
and will not hesitate to use those that appear productive. While we
believe our existing jurisdiction over interstate telecommunications
carriers should be sufficient for any regulatory steps ultimately
deemed appropriate for such carriers, to the extent Congress wishes the
FCC to have unambiguous authority in this area with respect to
intrastate common carrier service as well, legislation would be
advisable. In addition, while the FCC does have ancillary jurisdiction
to take certain regulatory steps with respect to telecommunications
manufacturers and users, see generally 47 U.S.C. Sec. 151; United
States v. Southwestern Cable Co., 392 U.S. 157 (1968), to the extent
Congress wishes to ensure that the Commission has unambiguous
jurisdiction to take any regulatory steps that may subsequently be
deemed necessary in this area with respect to manufacturers and users,
legislation would be advisable.
Question 7. Testing has been described as a critical component of
Year 2000 risk management strategies, and some have said that one
should plan on testing everything that you possibly can. Yet
telecommunications service providers have previously stated that, due
to its very nature, it is simply impossible to recreate an ``off-line''
public switched network and therefore complex Year 2000
interoperability must be tested in pieces by various companies
separately. How will this critical testing be performed, who will do
it, and when will it begin? By breaking network testing into different
service components and chunks, what are the limitations on the results
of these test activities? How, if at all, can one ensure that the full
range of activities? How, if at all, can one ensure that the full range
of risks posed by Year 2000 to the public switched network have been
effectively and appropriately addressed? How involved is the FCC in
monitoring the testing of end-to-end connectivity?
Answer. Telecommunications service providers oppose ``live''
testing of operating telecommunications networks because of the risks
that such testing poses to the continued provision of service to their
telecommunications users and users of interconnected telecommunications
networks. As a consequence, efforts have been underway for some time
among manufacturers, testing labs such as Bellcore, carriers through
the Telco Year 2000 Forum, and industry organizations such as ATIS
which anticipate that arrangements for interoperability testing for its
members will be completed before the end of this year.
Because wireline carriers are on different schedules for Year 2000
remediation of equipment and systems, schedules necessarily vary with
respect to when they will be able to engage in interoperability
testing. AT&T, for example, states that it expects to complete its
remediation efforts by the end of this year, so that it will have all
of 1999 available for testing.
In addition to efforts by the Telco Year 2000 Forum and ATIS, one
of the functions of the newly rechartered NRIC will be to coordinate
the efforts of the various groups currently testing and facilitate the
sharing of that information so that carriers, and other interested
parties, will be able to use the results of those tests to further
their remediation efforts and to develop contingency plans--especially
by those carriers that will not be as far along in their remediation
efforts. We anticipate that the most critical interoperability testing
will occur first, with less critical systems being tested later. With
respect to the issue of comprehensive testing to insure that no service
disruptions will occur, it should be recognized that it is not possible
to ensure that all conceivable tests of all potentially interactive
combinations of equipment and software will be performed. For example,
one large carrier estimated that the number of tests that would be
required to test all combinations of its equipment and operating
systems would be exceptionally high--1029. Attempting to perform that
number of tests in the time remaining is simply impossible, even if
adequate test beds and other facilities were available to facilitate
such testing.
The FCC's monitoring efforts have been directed to regular
discussions with testing organizations and carriers.
Question 8. Your testimony describes contingency planning as a key
component of FCC's approach to the Year 2000 Problem. What is the
current status of contingency planning in the telecommunications
sector?
Answer. Effective contingency planning requires in-depth knowledge
of the different types of Year 2000 disruptions that can occur from
each piece of equipment, and each software system, operating
individually and interactively in the unique environment of each
carrier, as well as knowledge of the likely nature of Year 2000
disruptions that may arise from interconnected carriers. As a
consequence, detailed contingency planning depends, to some extent, on
the completion of Year 2000 assessment and remediation efforts by each
carrier.
Most of the carriers with whom we have discussed contingency
planning have stated that their efforts at this point are necessarily
focused on Year 2000 remediation efforts. Many companies have existing
contingency plans that will be used as inter-company procedures in the
event of a Year 2000 incident. Such plans include: (1) recognition of
the need for company-wide plans to handle Year 2000 incidents; (2) the
need for staff supplementation for troubleshooting Year 2000-related
incidents; (3) the acquisition of alternate suppliers and the
development of alternative deployment plans in case of third party
failure to meet commitment schedules; (4) the need to expand network
capacity to address network overloads or peaks that may result from
Year 2000 disturbances; and (5) reserves for additional resources of
electrical power (i.e., diesel generators).
We will coordinate through many groups, including the NRIC, to
assess regularly the progress of contingency planning and to help build
private partnerships needed for effective national responses.
Question 9. Executive Order (E.O.) 12472 requires the FCC to
perform functions during non-wartime emergencies. The FCC's rules
accordingly assign the FCC Defense Commissioner the specific duties of
assuring continuity of the Commission's national security/emergency
preparedness (NS/EP) plans and programs. Has the FCC developed the
plans and programs to the potential situations associated with the Year
2000 Problem? If not, why not? Isn't this also contingency planning?
Answer. As the FCC's Defense Commissioner, I have endeavored to
make sure that the Commission is ready to continue operations in the
event of a Year 2000 incident. In this regard, our Compliance and
Information Bureau (``CIB'') has been revising the agency's continuity
of operation plan to ensure that the agency will continue its work in
the event of an emergency that affects our Washington, D.C.
headquarters. The revised plan was developed with the help of an expert
from National Communications System (``NCS'') who was detailed to the
Commission to help with this project.
Moreover, CIB has recently reviewed and evaluated its plan to
handle emergency authorizations and other industry-related needs if an
emergency were to occur after business hours. In general, this
procedure grants CIB the authority to authorize special temporary
authority for services requested that it believes are necessary to
ensure safety and the continued operation of the network.
With respect to national emergency plans, CIB is reviewing and
updating these plans, and the Commission will coordinate with NCS.
Question 10. An issue which has prevented organizations to openly
share information relating to Year 2000 is the legal liability. What is
your opinion/recommendation on this issue? Will the President's
proposed ``safe harbor'' legislation be sufficient to stimulate
information exchange?
Answer. Without a doubt, the legal liability issue is a significant
barrier to the flow of information. The concerns proffered by
industry--some that appear to be overstated and some that appear to be
legitimate--are associated in part with issues of product
disparagement, antitrust violations, third-party liability, carrier-
vendor contractual relations, just to name a few. As a consequence,
some companies have been reluctant to divulge information pertaining to
their Year 2000 vulnerabilities and, additionally, have been largely
unwilling to guarantee or certify Year 2000-readiness due to concerns
about liability.
The Commission constantly deals with the anxiety that various
portions of the telecommunications industry, and its suppliers, have
about legal liability. In its collection of information from carriers
and equipment manufacturers, some respondents have requested
confidential treatment, citing Title 47, Section 0.459 of the Code of
Federal Regulations. Others have labeled their responses as
``proprietary information,'' and still others have expressed general
reluctance at sharing this information.
We believe there is a significant role to be played by the Congress
and the Administration with regard to the legal liability issue and
other barriers to the information flow. We thus support efforts to pass
legislation that will promote the exchange of information by limiting
the way such information could be used against entities that provide
such information.
I do not know whether the Administration's ``Good Samaritan''
legislation or Congressman Dreier's legislation will eliminate all the
barriers to information exchange, but am sufficiently confident that
the proposed bills will advance the effort. Additional measures,
however, may be needed.
Question 11. As noted in your written testimony, the response to
the International Telecommunications Union's (ITU) questionnaire was,
in your own words, ``poor.'' I understand that US companies were
queried, but few responded. Would you comment on this? Also, as noted
in your testimony, the ITU is re-doubling its efforts to mobilize
governments to put pressure on operators to respond to this
questionnaire. Will the FCC be doing this for US carriers?
Answer. Responding to the ITU's questionnaire was not mandatory
and, given the lack of authority of the ITU over the actions of its
membership (which is consensual), the disappointly low response rate is
not, in some respects, surprising. Also, we note that the ITU staff
explained the low response rate in part by acknowledging that the
letters were sent without adequate information on Year 2000 contacts--
in fact, this is the thrust of the first few questions on the ITU
questionnaire. We have taken steps to encourage domestic international
carriers to respond to the ITU questionnaire and will continue to do
so. We are also encouraging them to take all other actions that may be
necessary to avoid Year 2000-caused disruptions in service. It should
be noted that U.S. international carriers are active participants in
the ITU Year 2000 task force, its working groups, and its
correspondence groups, where their contributions are substantial.
In addition, as part of its advocacy and outreach effort, the FCC
is working to: assume a more active role in the ITU's contingency
planning task force; coordinate with our regulatory and governmental
counterparts abroad to encourage them to press their telecommunications
carriers to act more effectively and quickly; play a coordinating role
in testing for U.S. international telecommunications carriers and be
instrumental in urging other U.S. government agencies to reduce legal
barriers to communications. (Companies state that they feel constrained
by current laws and rules relating to sharing of information among
companies.)
Question 12. With respect to International telecommunications
services, it appears as though some foreign carriers' networks may not
be fully Year 2000 Compliant by January 2000. What risks, if any, does
that pose to other networks that may be linked to that non-compliant
infrastructure? What cascading effects, if any, might be expected? What
other risks could arise because of the failure of foreign carriers to
ensure that their networks and supporting business systems are Year
2000 compliant?
Answer. The Commission currently has no information to suggest that
there will be significant problems with international
telecommunications service. U.S. international telecommunications
carriers and equipment manufacturers that participated in the June 29,
1998 informational roundtable convened by the FCC's International
Bureau and other various meetings seemed to affirm this current
assessment.
Of course, at this juncture, we cannot specifically report on
whether the foreign telecommunications carriers' networks will be Year
2000-ready by January 1, 2000. However, we are still investigating the
ways in which the failure of one piece of the global telecommunications
network could trigger failures elsewhere.
The global telecommunications network is a very complicated and
interdependent thing and consequently it is difficult to predict with
any level of certainty potential Year 2000-related risks. For example,
small, sporadic outages distributed across the globe could
theoretically arise and affect voice and data service. These relatively
isolated incidents could arise on January 1, 2000 or several days
after. Furthermore, massive redial attempts and disabled central office
switches (due to power outages and related reasons) could result in
increased and unexpected traffic transiting through a foreign carrier's
remaining operational central office switches and impair service.
Moreover, there could be problems associated with billings, accounting
and data records (e.g., maintenance, performance information), or
service (i.e., activation or transfer of services) may be temporarily
delayed or interrupted.
Question 13. What is FCC's role in handling problems such as the
recent AT&T frame-relay outage and the Galaxy satellite paging system
problem? Did these problems provide FCC any lessons learned for
handling of potential Y2K problems?
Answer. Under Section 63.100 of the FCC's rules, 47 C.F.R. Sec.
63.100, wireline telephone carriers are required to report to the
Commission network outages of a certain size and duration--those
outages affecting the ability of at least 30,000 customers to make a
call for a minimum of 30 minutes. Although the outage reports are
required by the Commission, the information is reviewed primarily by
the Network Reliability Steering Committee, or NRSC. The NRSC was
created by ATIS for that specific role upon the recommendation of the
NRIC.
The NRSC makes the outage information available to industry, in
order to ensure continued network reliability, and so that future
outages may be avoided. The creation of these industry mechanisms
followed a number of highly publicized outages in the early 1990s,
which had different root causes but were the result of a market
failure: lack of information. Although the Commission has an outage
reporting requirement, the information submitted by industry, in
response to Section 63.100, is intended primarily for industry. Of the
two recent outages mentioned above, only one was required to be
reported under Section 63.100--the AT&T frame relay outage--whereas the
Galaxy IV satellite paging failure was not (because there is an
exemption in Section 63.100 for satellite systems). As a result, the
Commission is looking into the need for a more comprehensive reporting
requirement.
Both the AT&T and PanAmSat outages highlight how various systems
can be affected by the failure of a single piece of hardware. However,
communications networks are also designed to be fault-tolerant, robust
and redundant, and there is no reason to believe that Y2K-related
failures could lead to a chain reaction that could disable large parts
of the nation's telecommunications networks.
Question 14. In the June 16 hearing of the House Subcommittee on
Oversight, Committee on Ways and Means, the General Accounting Office
(GAO) testified that telecommunications readiness was critical, yet the
status of the industry is essentially unknown. What is your response to
that observation? What's the current status?
Answer. We do not agree with the assessment of the General
Accounting Office (``GAO'') that the status of telecommunications Year
2000-readiness is unknown. For the convenience of the Committee, I am
appending to my post-hearing responses a summary of how each of these
different industries may be affected by the Year 2000 Problem and what
industry and the FCC are doing to address these problems. Again, as I
responded in several questions above, our current assessment of the
telecommunications industry (i.e., in terms of inventory, assessment,
remediation, testing, and integration efforts) remains relatively
positive.
In addition, we have had several meetings with GAO in which we have
provided brief summaries of the responses to our Year 2000 inquiry
letters as well as summaries of the informational meetings and forums
that the FCC's Bureaus have conducted.
Question 15. Much of the discussion of the Y2K impact on the
telecommunications sector has focused on the steps that service
providers are taking to ensure that their respective systems and
networks are compliant, and that they will not experience major service
disruptions. However, there are considerable Customer Premise
Equipment, i.e., PBX machines, office LANs, and voice mail, with known
problems. In other words the long distance carriers may be ready, but
if the office telecommunications networks and devices are not, the call
won't go through. Has FCC done anything to alert businesses and
corporations to this potential problem?
Answer. As I stated in my response to Question 1, the Commission
shares the concern about the Year 2000 effects on CPE that access the
public switched telephone network. As part of its continuing outreach
and awareness initiatives, the Commission intends to host a public
forum on the effect of the Year 2000 Problem on CPE and other ancillary
equipment and services. We expect to convene the public forum during
October 1998. We should note, however, that we do not regulate these
areas of the network.
Question 16. While one's telecommunications equipment suppliers and
manufacturers may have contacted their customers and advised them of
any potential risks, I understand that there is a large re-sale market
for this equipment. To your knowledge, are the suppliers taking any
steps to ensure that these secondary market customers are notified of
potential Y2K problems with their equipment?
Answer. Yes, some are, but as one would expect, they are
encountering difficulties stemming, frequently, from their inability to
determine who the current owners of those systems are.
__________
Prepared Statement of A. Gerard Roth
Chairman Bennett and members of the Committee, my name is Gerry
Roth. I am responsible for GTE's Corporate Year 2000 Program Office,
and I am here on behalf of the Telco Year 2000 Forum. The Forum
commends the Committee for conducting this hearing, and I would like to
submit the following written testimony on the purposes and activities
of the Forum to address Year 2000 issues in the telecommunications
industry
background
The Year 2000 issue is a worldwide concern, which has been
identified by many industry experts as the largest single project that
companies will have to face. Many aspects of technology will be
affected including a variety of computer systems, hardware, operating
environments and networks.
As the end of the 20th Century approaches, it is becoming more
evident that the Year 2000 will cause problems for some systems due to
the limitation of the date field on some ``legacy'' and other older
systems. In a number of these older systems, the developers used a two-
digit year field with the assumption that the century is nineteen (19).
With the turn of the 21st century the need to differentiate between the
20th and 21st century (19 versus 20) will be required in some
applications.
The Chief Information Officer (CIO) Forum sponsored by Bellcore has
been considering the Year 2000 issue at its meetings for some time. The
Telco Year 2000 Forum was created as an outgrowth of these Bellcore CIO
Forum discussions. The Telco Year 2000 Forum was created to focus and
share information on a common, industry wide issue: the potential
impact of the Year 2000 on the telecommunication industry.
telco forum participants
The Telco Year 2000 Forum was formed with participation from some
of the largest U.S. telecommunication companies. The current
participants include the following companies:
Ameritech Corporation
Bell Atlantic
BellSouth Telecommunications, Inc
Cincinnati Bell Telephone Company
GTE
SBC
Southern New England Telecommunications Corporation
US West Communications Group, Inc.
The Forum has also invited AT&T, MCI/WorldCom, SPRINT and USTA to
be participants in the Forum activities. In addition, it has invited
some of the major telecommunications equipment suppliers to attend the
Forum meetings to discuss mutual concerns and issues.
The Forum acts as an informal working committee to address Year
2000 issues in the telecommunications industry. Its purpose is to share
relevant Year 2000 information, and the discussions are focused
exclusively on issues relating to the technical or operational aspects
of the Year 2000 problem. The intent of this information sharing is to
identify potentially common challenges and solutions to address Year
2000 issues and thereby facilitate and accelerate necessary responsive
actions by each of the member companies.
A principal activity of the Forum is to pool and share testing
resources for common network components and to perform network
interoperability testing.
Although the companies share relevant Year 2000 information, each
company is responsible for its own Year 2000 plan and activities. Each
member company has a very detailed and company specific plan to address
its particular Year 2000 issues.
telco forum structure
The Forum meets approximately six times a year. Sub-groups are
established to focus on some of the major issues in a more timely and
efficient manner. At the present time there are sub-groups in place to
address:
--Network issues
--Information technology issues
--Communications issues
The entire Forum and/or its sub-groups also participate in
conference calls to address specific issues or concerns between its
regularly scheduled meetings.
network interoperability testing initiative
A major initiative being undertaken by the Telco Year 2000 Forum is
the Network Interoperability Testing Project. This intra-network
testing initiative is a voluntary project, which is entirely funded by
the member companies to test the network and various services for Year
2000 readiness. Its purpose is to verify the operation of a multi-
vendor, multi-company environment.
The goals of the testing project are to:
--Minimize risk of network failures
--Minimize risk of service failures
--Test the functionality of date/time sensitive operations
The testing initiative is based on Bellcore's GR-2945 which has
emerged as an industry standard for telecommunications products for the
Year 2000 issue. The participating company laboratories are configured
for Year 2000 Interoperability testing to include:
--Emergency services
--Basic, enhanced, and intelligent services
--Network management systems
--Data networks
Within these test configurations, a number of individual services
such as 7-digit calls, 1+ 10 digit calls, operator-handled calls, 800
calls, etc. will be tested and documented. The test configurations will
test the Year 2000 readiness of approximately 21 suppliers and 82
network elements and/or management systems. Collectively this equipment
represents the suite of equipment commonly deployed in the network for
Northern America.
The Forum has already contracted with a project manager and has
concluded contract negotiations with an independent testing laboratory
to validate and document the test results. Detailed schedules are being
developed with the member company test laboratories and the equipment
suppliers to test the Year 2000 ready releases. It is anticipated that
the testing will be conducted in the 3rd and 4th quarter of 1998.
Testing is being conducted in five separate ``labs'' established
within our members' facilities. These test labs allow the Forum to test
the interoperability and compatibility of the major North American
suite of network and operational support equipment in a Year 2000
environment prior to nationwide deployment. Currently, the Forum
expects to test 16 separate configurations of network elements and data
transactions and 40 unique network management configurations. These
test configurations are made up of 82 commonly used telecommunications
products from 21 suppliers.
Actual network testing began on 6 July 1998 with the test of our
first management configuration dealing with the interaction of
operational support systems to discrete network elements. Data
transport testing began on 13 July 1998. Testing of Network Element to
Network Element configurations is expected to begin in August.
All tests to date have been successful, and active testing so far
is proceeding on schedule. We anticipate completion of all tests by
December 1998 with a final report in early January 1999.
In addition to this testing initiative, Forum participants'
laboratories will be used to support some of the inter-network testing
being performed by the Alliance for Telecommunications Industry
Solutions (ATIS) through its National Test Committee (NTC). The co-
chair of the NTC is also a Telco Forum participant working on the
Interoperability Testing Initiative. This will help ensure that there
is a linkage between the two testing initiatives, which are intended to
be complementary. Additionally, the Telco Forum will be formally
represented as a member of the ATIS National Test Committee. All
companies participating in the Y2K Forum are also members of the ATIS.
ATIS will be testing the internetworking aspects of the Public Switched
Telephone Network (PSTN)--focusing on time-critical network events on
31 December-1 January to model and monitor potential network
congestion, Year 2000 interactions with local number portability
modifications, transmission of voice and data from local exchange to
inter-exchange carriers, ``800'' number access, and network management
and control.
The benefit of the interoperability testing approach is that it
helps speed the deployment of Year 2000 ready products. It reduces the
need for each company to test every aspect of every new release and
permits each company to focus work efforts on its unique requirements
to deploy Year 2000 ready equipment. As noted previously, the
interoperability testing initiative is a completely self-funded,
voluntary undertaking. It will supplement individual supplier testing
and individual company testing of critical network elements and
systems.
In addition to the major interoperability testing efforts of the
Forum, some of the other on-going activities and accomplishments of the
Forum are outlined below.
Sharing information regarding best/representative practices
This is the purpose and major activity of the Forum. The sharing of
information on best/representative practices facilitates and
accelerates responsive actions by each of the member companies. The
sharing of information regarding the approach being used to take
responsive action and/or test some of the ``industry standard'' systems
permits individual companies to focus their resources on company unique
systems.
Working with major equipment suppliers
The Forum has met with and/or contacted some major
telecommunication equipment suppliers regarding their Year 2000 Ready
Releases. It has worked with some of these suppliers to improve
delivery dates and/or for an earlier testing date on some of their
products. The Forum plans to continue to work with suppliers to address
identified Year 2000 equipment issues.
Sharing information regarding network products
The network representatives on the Forum have developed an internal
data set of suppliers' Year 2000 ready releases and their availability
dates. This data set contains approximately 93 vendors and 470 network
elements. The database is a valuable resource to help ensure that all
participants are receiving and using consistent information regarding
Year 2000 product release and availability dates.
Meeting with various government and industry groups
Forum participants have met with various government and industry
groups to share the Forum's concept and benefits. It has been useful to
demonstrate the cooperative efforts being undertaken by the industry to
help minimize the risk of network or service failures. The Forum is
currently a member of the President's Year 2000 Telecommunications Task
Force, chaired by John Koskinen and Federal Communications Commission
(FCC) Commissioner Michael Powell.
Starting discussions on contingency planning
Although the individual members are responsible for their own Year
2000 plan and activities, the Forum has recently started discussing the
issue of contingency planning. Also, since GTE has a close affiliation
with the Canadian telecommunications industry, it has been able to
share some of the contingency planning concepts being used there. It is
expected that the issue of contingency planning will be addressed in
greater detail in the months ahead.
year 2000 information disclosure act
The Telco Year 2000 Forum supports the goals of the
Administration's Year 2000 Information Disclosure Act. We believe that
it is important--to our customers and to the public--to provide
relevant information regarding the Year 2000 readiness of
telecommunications equipment and the network. The proposed Act would
help allay some concerns about the legal liability associated with the
disclosure of Year 2000 Information. As such, it should help promote
disclosure of Year 2000 information readiness information in a more
timely fashion.
The Forum believes that the proposed Act will help foster
cooperation and information sharing within the industry and across
industry borders regarding the Year 2000 issue. In so far as the
sharing of Year 2000 information is the primary purpose of the Telco
Year 2000 Forum, it supports the objectives outlined in the Year 2000
Information Disclosure Act.
conclusion
The Year 2000 issue represents a significant challenge to business,
its customers, and the government. As noted at the outset, it is a
matter of worldwide concern, which has been declared by many industry
experts as the largest single project that companies will have to face.
It requires cooperation within the telecommunications industry and
across industry boundaries. It also presents an opportunity to work
with others on a common challenge. The Telco Year 2000 Forum is a
cooperative effort governed as a limited liability corporation actively
working to address the Year 2000 issue in the telecommunications
industry.
The members of the Telco Year 2000 Forum believe that this
cooperative, voluntary effort will go a long way toward removing public
anxiety over the Year 2000 status of the Public Switched Telephone
Network (PSTN) in the United States. Despite the fact that this network
cannot be 100 percent tested in advance of the Year 2000, we believe
our individual and collective actions in Year 2000 remediation and
subsequent test and validation provide a basis for continued confidence
that the telephone and data networks will continue to operate and
provide the outstanding services we have come to expect.
Mr. Chairman, I thank you for this opportunity to present this
testimony on behalf of the Telco Year 2000 Forum.
______
Responses of A. Gerard Roth to Questions Submitted by Chairman Bennett
Question 1. What percentage of the U.S. telecom industry is
represented by the Telco Year 2000 Forum?
Answer. Current participants in the Telco Year 2000 Forum include
the following companies: Ameritech Corporation, Bell Atlantic,
BellSouth Telecommunications, Inc., Cincinnati Bell Telephone Company,
GTE, SBC, Southern New England Telecommunications Corporation, and US
West Communications Group, Inc. While it is impossible to provide a
precise percentage of the telecom industry represented by these
companies, one measure of industry representation is access lines
served. Collectively these companies provide service for approximately
145 million access lines, a substantial majority of the switched access
lines in the nation.
Question 2. We understand that the Telco Forum will be examining
the emergency ``911'' system. What have you discovered in your
assessment and testing to date?
Answer. The emergency ``911'' service interoperability testing has
not yet begun. The testing of the various ``911'' configurations is
planned to begin in late September. The Forum will be pleased provide
the Committee information on this aspect of testing when it is
completed.
Question 3. A major initiative being undertaken by the Telco Forum
is the network interoperability-testing project. This intra-network
testing initiative is a voluntary project. Its purpose is to verify the
operation of a multi-vendor, multi-company environment. Although
several of the regional Bell companies are participating, the long
distance carriers are not.
--How do you account for such limited participation?
Answer. We cannot agree that there is ``such limited
participation'' in the Forum. Most of the equipment used in the North
American Public Switched Telephone Network--including equipment
deployed by smaller, regional telephone companies--is represented
through the participating local service companies. As you know, we have
extended invitations to major long distance carriers as well as USTA.
To date, USTA citing primarily logistical difficulties resulting from a
large and diverse membership, has been unable to agree to certain
confidentiality and information sharing guidelines required of all
Forum members. These agreements are intended principally: (1) to
prevent inappropriate use or disclosure of company proprietary material
which has been made available to assist in Year 2000 remediation and
testing; (2) to protect sensitive information provided by industry
suppliers and testing services vendors which would otherwise be unknown
to Forum members except for their cooperation on Year 2000. With
respect to long distance carriers, we have been told by some of these
carriers that it is simply a resource allocation issue. Also, as
discussed above, long distance carriers are participating in ATIS
testing and they anticipate that there will be considerable interaction
and information sharing between ATIS and the Telco Forum. In any event,
our invitation to those groups remains open.
--What are the pitfalls involved in such testing?
Answer. The Telco Forum has attempted to include those date-
sensitive network elements and management systems that interact
directly with the network and that are broadly deployed in North
America. The testing does not--and cannot--include all deployed network
elements and management systems or each combination thereof because of
time and cost constraints. It should be noted, however, that the
Forum's interoperability testing project is over and above the product-
specific testing being performed by individual suppliers and operating
telephone companies.
Also, the Telco Forum's testing efforts must be accompanied by
other testing to insure inter-network performance. All of the Forum
members, for example, are members of and active participants in the
Alliance for Telecommunications Industry Solutions (ATIS). Importantly,
some of the individual Forum member companies are providing their labs
and lab personnel for the Year 2000 testing being performed by ATIS.
The benefits of testing are many while the pitfalls are few. Any
failures found and fixed now only enhance, rather than distract from,
the industry's overall readiness for Year 2000.
--Have industry-wide standards for testing been established?
Answer. The Telco Forum is using the Bellcore GR 2945 ``Year 2000
Generic Requirements: Systems and Interfaces'' as the basis for its
interoperability testing project. As noted by Dr. Judith List in her
testimony before the Senate Special Committee on the Year 2000
Technology Problem these generic requirements have evolved as
important, de facto standards for Year 2000 on the Public Switched
Telephone Network.
--How accurately will Telco's testing conditions predict actual
conditions in the public network?
Answer. The Telco Year 2000 Forum is performing the tests in a
number of separate labs provided by its members. The testing will
involve the use of real equipment and systems in the test participants'
laboratories rather than simulators. The test cases may also involve
the use of select live data and live calls.
Because Forum members are continually deploying switch generic
upgrades and major new equipment in their network infrastructure,
upgrading network and management systems for the Year 2000 issue, while
broader in scope, is essentially conducting business as usual. The test
facilities being used in the Telco Forum's interoperability testing
project are the same as those used by the participants for testing
purposes before deploying switch generic upgrades or major equipment in
the live network.
--How is your proposed testing different from that proposed by the
Alliance for Telecommunications Industry Solutions' (ATIS)
testing?
Answer. The testing being performed by the Telco Year 2000 Forum
and the Alliance for Telecommunications Industry Solutions (ATIS)
through its National Test Committee (NTC) is intentionally
complementary. Furthermore, both bodies share membership and test
laboratories. The Co-Chair of the NTC is also a Forum participant
working on its interoperability testing initiative. Otherwise, the
Telco Forum is exclusively Year 2000-focused, while ATIS has a broader
industry-wide scope, which has been expanded further to include Year
2000 operational testing.
The focus of the Telco Forum's intra-network testing is on the
interoperability and compatibility of the major network and operational
support components in a Year 2000 environment and as they are
configured by the operators of the network. The participating company
laboratories are configured for interoperability testing of:
--Emergency services
--Basic, enhanced, and intelligent services
--Network management systems
--Data networks
Within these test configurations, a number of individual services
such as 7 digit calls, 1+ 10 digit calls, operator-handled calls, 800
calls, etc. will also be tested and documented. The test configurations
will test the Year 2000 readiness of approximately 21 suppliers and 82
network elements and/or management systems. Collectively, this
equipment represents the suite of equipment most commonly deployed in
the network for North America.
Once that has been accomplished, the inter-network testing planned
by ATIS will determine the extent to which the Public Switched
Telephone Network operations, under operational load as the millennium
date change occurs, continue as normal. ATIS testing will thus focus on
time critical events on 31 December-1 January to model and monitor
potential network congestion, Year 2000 interactions with local number
portability modifications, transmission of voice and data from local
exchange to inter exchange carriers, 800 number access, and network
management issues.
Lastly, individual company testing and operational performance
verification after the January 2000 transition will monitor and analyze
any potential "gradual degradation" due to subtle system dysfunction
from latent Year 2000 impacts.
--Wouldn't it be more efficient for the Telco Forum and ATIS to join
forces?
Answer. In fact, we have ``joined forces'' in terms of the overall
architecture of domestic telecommunications network testing. ATIS
testing will use aspects of the Telco Forum's efforts. However, each
sub-component of the overall testing effort is being handled by those
with the greatest knowledge of the equipment and services under review.
The testing being performed by the Telco Year 2000 Forum and ATIS
through its National Test Committee (NTC) are both necessary and
complementary. As noted above, the Co-Chair of the NTC is also a Forum
participant working on its interoperability testing initiative. The
Forum also has formed a sub-committee to formalize its linkages with
the ATIS Year 2000 testing.
Several of the individual Forum member companies are providing
their labs and lab personnel for the Year 2000 testing being performed
by the ATIS and, all of the Forum members are participants in ATIS.
The Telco Year 2000 Forum started to work on its interoperability
testing initiative in the early fall of 1997 with the issuance of a
Request for Proposal for the project. The test plans and test cases for
most of the testing have been prepared and actual testing has already
begun. It is expected that the testing will be completed in December
1998 with a final report in early January 1999. This would be the wrong
time to start restructuring the testing or testing administration.
Finally, much of testing being planned by ATIS was in the Telco
Year 2000 Forum's original RFP for the interoperability testing work.
It was removed because ATIS took the lead and was better positioned to
handle this aspect of the testing work effort. Since the actual ATIS
testing is planned to be initiated in January 1999, the Forum believes
that from a practical standpoint the industry has joined forces in its
efforts to address the Year 2000 issue.
Question 4. GTE currently offers its customers a wide range of
services: local and long-distance switched voice services; wireless
voice and data services; Internet and other data communications
services; as well as paging services.
--What are the specific Year 2000 issues and potential impacts to
those services?
Answer. GTE believes, as does the other major telecommunication
carriers, the United States Public Switched Telephone Network ("PSTN")
will continue to operate with no major service disruptions due to Year
2000 issues. Specific concerns do arise with respect to supplier
continuity and international response.
Telecommunication companies depend heavily on their suppliers
actually delivering on schedule the Y2K solutions to which they have
committed. These companies also depend upon their suppliers' ability to
sustain technical support and performance through the Year 2000
transition. To address this concern, GTE has established a Supplier
Management Program, headed by a vice president in GTE's corporate Year
2000 Program Management Office. This unit tracks the thousands of
products acquired by GTE and promotes the timely delivery of Year 2000
compliant versions. This organization also has the responsibility, and
authority, to negotiate appropriate, Year 2000 compliance terms and
conditions in contracts with its suppliers, and is responsible for
assessing the quality and completeness of Year 2000 testing of third-
party supplier products.
Otherwise, while the U.S. and Canadian telecommunications
industries are working closely to address and test Y2K readiness, the
international response to date has been inconsistent across the
industry and countries. Because of the global nature of the
telecommunications business and its customers, we must strive to ensure
Y2K awareness and enable full international network interoperability
assurance. Thus, GTE has been working through the Telco Year 2000 Forum
and otherwise (e.g. the Canadian Telco Y2K Forum and the ITU Y2K sub-
group) to promote Y2K information sharing and, possibly,
interoperability testing on an international basis.
--What are the Year 2000 issues and potential impacts that threaten
the proper functioning of the business systems that support
those services?
Answer. Because the operation, administration and maintenance
systems of telecommunications carriers do include date-sensitive
information for functions such as order-entry, billing, network
management, and administration, GTE prioritized and inventoried its
major support systems for Y2K conversion. Based on our planned
schedule, GTE currently expects its key legacy and support systems code
to have been Y2K converted (if necessary) and returned to production by
January 1, 1999. Full system enterprise testing is presently scheduled
to be completed by June 30, 1999.
--What steps should your users and customers be taking to ensure that
their services are not disrupted?
Answer. Residential Customers: Because most residential telephones
do not process date-sensitive information to enable basic telephone
service, residential customers will generally not be required to take
any steps to ensure uninterrupted service. However, residential
customers having more advanced equipment such as answering machines,
facsimile equipment, modems, etc., should contact their equipment
manufacturers regarding the Y2K compliance status of their products.
While the potential exists for these products to be impacted by the
Year 2000 (such as date displays and time stamps), it is unlikely to
prevent placing or receiving telephone calls.
Private Network Customers: Customers that operate more complex
premise equipment interfacing with the PSTN should, as part of their
Year 2000 compliance programs, conduct an inventory of that equipment
and work with their service providers and equipment suppliers to
determine the Y2K compliance status of their products and systems.
Question 5. Many federal, state, and local government agencies,
private businesses, and other entities operate their own networks.
--Do you have a sense of whether private versus public networks are
being addressed for Y2K problems?
Answer. To the extent this question refers to testing efforts by
the Forum, mainstream equipment is used in both public and private
networks. Therefore, any Telco Year 2000 Forum testing and other Year
2000 work with equipment vendors would, necessarily, benefit the owners
of private networks.
--If a private network is not Y2K ready, could the interface of a
non-compliant private network result in the degradation of
public telephone service?
Answer. The Forum does not believe that the interface of a private
network would pose any greater risk to the public telephone service
network than it does in today's environment. Obviously, a company
relying on private non-compliant network might need to secure an
alternative means of access to the public telephone network.
--Will extensive use of the Internet in any way degrade public
telephone service?
Answer. The Forum does not believe that the use of the Internet
would pose any greater risk to the public telephone network than it
does in today's environment. The network has various management systems
in place to deal with traffic congestion. Some of these systems will be
tested as part of the Telco Year 2000 Forum's and ATIS complementary
testing efforts.
Question 6. I see that the Telco Forum supports the ``goals'' of
the President's Year 2000 Information Disclosure Act and believes it
will help foster cooperation and information sharing. Your words sound
skeptical. Do you believe it will really result in better information
disclosure?
Answer. We believe that the enactment of legislation reducing
liability concerns for disclosure will enhance the free flow of testing
and product readiness information. The President's Year 2000
Information Disclosure Act is clearly helpful in this regard and would
result in better information disclosure.
--Are there other deterrents to disclosure?
Answer. Yes, ordinary commercial concerns, such as customer
relations and competitive issues, also play a large role in disclosure
decisions. In addition, disclosure activities are to some extent
impacted by resource constraints in companies, with many companies
focusing on their own internal remediation efforts.
--What more can be done to encourage disclosure?
Answer. In addition to the legislative efforts above, it would be
helpful to have disclosure related activities made more efficient and
effective. For example, a uniform approach to information gathering by
Federal and State authorities would allow companies on remediation and
would promote disclosure in a useful and consistent fashion.
__________
Prepared Statement of Senator Gordon Smith
Thank you Mr. Chairman.
I would like to thank all the distinguished witnesses before us
today for taking the time to help us address the challenges facing
telecommunications as we enter the year 2000.
Today's hearing is extremely important because our lives have
become intertwined with technology that runs our phones, banks,
electric power and way of life.
Did you know that at this very instant many long distance carriers
have not yet determined how to solve billings problems that affect the
amount you are charged for your long distance calls? I caution you to
stay off the phone at the stroke of midnight at the turn of the century
unless you are certain the computer bug has been addressed by your
carrier. You may be charged for talking on the phone for over a
century.
I make light of an enormous challenge the telecommunications
industry is facing.
I remember when a satellite stopped transmitting information
earlier this year, affecting thousands of people who relied on
telecommunications technology. Many Oregonians complained that their
pagers, cell phones and the local ATM's were no longer working. Little
did they know that the satellite that many of their daily activities
had changed its usual orbit. Much like this incident, imagine how our
daily lives would be altered if the chips in our satellites aren't
ready for the year 2000.
It is for this reason that we are here to discuss ways to prevent
this computer problem from bringing our nation to a halt and I look
forward to hearing about progress being made to avoid that end.
In talking to experts in the telecommunications field, I have
learned that the dial tone will most likely not be affected by the
arrival of the new millennium. We have received several calls from
large and small businesses who are trying to run tests on their
networks and are unable to. So my question to the panel is, what kind
of network components are susceptible to year 2000 errors?
Subsequently, what are you doing to address these problems? How will
these potential problems affect the speed of placing phone calls or
making internet connections?
Are equipment vendors supplying networks with the most recent
software that will protect them from any Year 2000 problems?
I'm also curious about how your efforts as an industry are being
coordinated. I understand the Federal Communications Commission has
been studying this issue, but can the network service providers rely on
the FCC for help?
As a member of the Senate Foreign Relations Committee, I am very
concerned that we will not be able to maintain communication with other
countries across the border and around the world. If we are cut off
from communicating with other nations, issues such as national
security, trade, information exchange and financial services will
become the headliners of our society. I'm hopeful that someone is
currently focusing on how to coordinate our systems with foreign
countries.
If there is no primary point of contact for the telecommunications
industry, I hope this hearing will provide direction for the entire
telecommunications industry so that all interested parties will know
where to turn for help.
I also understand that some legislation has been recently
circulated by the President regarding the ``Year 2000 Information
Disclosing Act'' that will offer legal protection to those who share
information on Year 2000 fixes, service opportunities and products. I
understand that the telecommunications industry was actively involved
in the negotiations with John Koskinen and the Office of the President
on this legislation, and I would be interested in our panel's comments
on this subject.
Again, thank you all for coming today. I look forward to learning
more about the specific challenges you are facing and specific steps
you are taking to meet them.
Thank you Mr. Chairman.
__________
ADDITIONAL MATERIAL SUBMITTED FOR THE RECORD
------
Statement From Hewlett-Packard Medical Products Group
rationale for hewlett-packard statement
Hewlett-Packard Company is a leading global provider of computing,
Internet and intranet solutions, services and communications products,
and measurement solutions, all of which are recognized for excellence
in quality and support. HP Medical Products Group (HP Medical) is one
of the world's largest suppliers of medical devices. HP is pleased to
have been invited to contribute to the Congressional deliberations on
the healthcare industry's readiness for the Year 2000, specifically
related to Y2K issues in medical devices. As the clock continues to
advances towards midnight, December 31, 1999, the sense of urgency
grows, particularly for medical devices for which date processing could
represent a serious threat to the safety of patients.
During the last year, HP Medical has worked closely with the FDA,
the Veterans Health Administration of the Department of Veterans
Affairs and the Department of Defense to better understand their needs,
requirements and issues related to Y2K. It is our position that the
more information we can make available to our customers about Y2K
issues in our medical devices, the better we can help them prepare for
the millenium.
HP Medical's primary concern with the Y2K issue is patient safety.
We were invited to submit this statement because of our proactive and
cooperative approach to helping our healthcare customers make a smooth
transition of their HP medical equipment to Y2K-compliant status. HP
Medical has been actively addressing Y2K issues, allocating dedicated
R&D resources to perform in-depth assessment and/or testing of our
products. We are also actively communicating with our customers to
inform them of Y2K issues related to HP medical products.
hp's commitment to medical customers
HP is making the following commitments regarding Year 2000
compliance for our medical products:
--All HP medical products that are currently shipping, or will ship
in the future are already Year 2000 compliant, will be
certified as Year 2000 compliant as of their next revision, or
at the very latest, will be certified by the end of 1998. Any
upgrades or modifications required will be made available to
our customers at no cost.
--All HP medical products that are no longer in production, but are
still eligible for HP support as of January 1, 2000 are being
evaluated for Year 2000 compliance. In some cases, a simple
``workaround'' solution (such as a manual reset) may be
identified. In the cases of products for which an acceptable
workaround solution cannot be identified, HP will make
available an upgrade or upgrade path. In some cases, there may
be a cost associated with the upgrade or upgrade path.
--HP medical products that are obsolete and are no longer eligible
for HP support as of January 1, 2000 will not be brought into
compliance by upgrades or modifications. In some cases,
products may not be affected because there are no date
processing requirements. HP will recommend replacement products
for those non-compliant products that are beyond their support
life, as well as providing risk assessment information for
those obsolete products that contain date processing functions.
testing must be thorough and complete
Any Y2K program must be based on evaluation and testing of the date
processing functions of equipment and systems. When patient safety is
at stake, care must be given to ensure that the testing is adequate and
robust. HP Medical believes that it is not enough to set the date in
the device to December 31, 1999 and run through the normal operating
performance. As a result, we have implemented a two-level testing and
Y2K certification process for all current products.
The testing protocol adopted by Hewlett-Packard Company on a
company-wide basis involves testing of all current products for Year
2000 compliance based on multiple dates and functional sequences (see
Attachment A). This functional testing takes into account leap year
calculations, as well as the transition between December 31, 2000 and
January 1, 2001.
In addition to the protocol above, HP Medical is also testing all
current products by performing a thorough review of software code,
carried out by a qualified HP medical device engineer. This additional
level of testing helps ensure that performance will not be affected by
dates embedded in the software that are not visibly apparent in the
normal operation of the devices.
This two-level testing and Y2K compliance certification is
consistent with the FDA's new Quality System Regulation. To date, HP
Medical has completed testing of 97 percent of all current products.
obsolete products are not immune
In the healthcare environment, it is not unusual for medical
devices to be in use for ten, fifteen, even twenty years--long after
the manufacturer has declared the product obsolete and discontinued
support on the product. For example, a patient monitor originally
purchased for the Intensive Care Unit could still be in use in the
Emergency Department twenty years after its purchase.
HP is concerned about obsolete equipment that may still be in use
throughout the healthcare system, and we are taking steps to ensure
that our customers are aware of which HP medical devices are out of
their support life and will not be brought into Y2K compliance by HP.
In addition, we intend to help our customers understand potential
patient safety risks that may be present if obsolete devices continue
to be used after the rollover to the Year 2000.
As a result of this concern, HP Medical is in the process of
performing risk assessments on obsolete devices for which the Y2K issue
could pose a threat to patient safety. As assessments are completed, HP
will make the results available to our customers, via our Y2K website,
along with attractive financial and support programs to help our
customers upgrade or trade-in those products that are deemed non-
compliant. HP expects to complete all necessary risk assessments and
make the results available to our customers no later than June 1999.
communication is key
HP believes that communication and access to information is
absolutely critical to helping our customers ensure that their HP
medical devices function properly during the transition to the
millenium. We have implemented a number of communications programs to
notify customers of the compliance status of their products, and to
make it easy for them to get information from HP.
HP has initiated the following communications programs to help our
customers understand Y2K compliance of their installed HP products:
--A comprehensive worldwide website which includes compliance status,
required actions and recommendations on all HP medical
products, as well as hotlinks to other Y2K information sources,
such as the FDA Y2K site (see the worldwide web at );
--Response to all customer inquiries on Y2K status by providing
complete listings of testing status, compliance status, actions
and recommendations, as well as Y2K warranty information;
--A process in the United States for responding to customer inquiries
about HP medical products within five working days;
--Mailing scheduled for August 1998 to 7,000 U.S. healthcare
locations to make them aware of our Y2K website;
--A second mailing scheduled for November 1998;
--Attractive financial and support programs to help customers to
upgrade or trade-in non-compliant HP medical products.
Similar programs are being undertaken by HP Medical's geographic
operations outside the United States.
We believe that full cooperation and open communication between
device manufacturers and healthcare customers is in the best interest
of our ultimate customer--the patient. It is our belief that as a
responsible supplier, HP must engage in an open dialogue with our
customers about Y2K issues, rather than approaching this issue
defensively.
HP commends President Clinton's proposal to seek legislation that
will help protect businesses that proactively address Y2K issues with
their customers from future costly litigation arising from Y2K issues.
We view the President's proposal as a good first step toward dealing
with the broader Y2K litigation issues that may be discouraging the
business community from taking a more aggressive approach to the Y2K
problem in a number of sectors of the U.S. economy.
HP also commends customers such as the Veterans Health
Administration, the Department of Defense, and Columbia/HCA for their
approach to Y2K issues with their suppliers. These customers have
engaged key suppliers like HP with a partnership approach to resolving
Y2K issues in their healthcare organizations, rather than addressing
suppliers in an adversarial manner. HP welcomes this open dialogue, and
has engaged in face-to-face meetings with several customers to help
them understand firsthand the vigor and breadth of our Y2K testing and
compliance programs.
in closing
HP Medical Products Group is concerned and proactive in addressing
and communicating Y2K issues. HP believes that there are three
essential elements to ensuring that the healthcare industry will be
fully prepared to face the Year 2000. Those elements are:
--Y2K compliance programs should include thorough and robust testing
of the functional performance of medical devices for which date
processing could represent a potential patient safety issue.
Ideally, this testing should include detailed review of
software code to identify embedded date processing.
--Full testing protocol and compliance status information should be
readily available to healthcare customers.
--Congress should take steps to encourage open dialogue between
manufacturers and customers in all sectors of the U.S. economy.
It is our belief that if medical device manufacturers and
healthcare providers collaborate and cooperate to identify and resolve
Y2K issues, the public will be able to approach the millenium with
confidence in their safety should they require medical attention.
Attachment A.--HP Year 2000 Compliance Definition
year 2000 compliance definition
If an HP product processes date data, then it is considered to be
Certifiably Year 2000 Compliant if the following conditions are met:
1. It processes date data accurately from, into and between the
twentieth and twenty-first centuries. This includes, but is not limited
to, calculating, comparing and sequencing dates, including leap year
calculations, when used in accordance with its product documentation,
and provided all other products used in combination with the product
properly exchange data with it.
2. It has successfully passed each test case listed in Table 1, and
the product's test suite permanently incorporates Table 1's test cases
and conditions.
3. It has successfully passed a review based on the checklist given
in Table 2.
TABLE 1.--MANDATORY TEST CASES FOR A PRODUCT TO BE CERTIFIABLY YEAR 2000 COMPLIANT
----------------------------------------------------------------------------------------------------------------
Date data \1\ Testing criteria
----------------------------------------------------------------------------------------------------------------
Dec. 31, 1998 to Jan. 1, 1999.................. Test for border line (beginning and ending of a year) for year
prior to year 2000:
System rollover in both powered-up and powered-down states,
or
Program rollover in both executing and non-executing
states.
Sept. 9, 1999 to Sept. 10, 1999................ Tests related to 9-9-99:
System rollover in both powered-up and powered-down states.
System date can be set to before date.
System re-initializes from cold start on before date, or
Program rollover in both executing and non-executing
states.
Program retrieves/accepts before date in executing state.
Program re-initializes from non-executing state on before
date.
Dec. 31, 1999 to Jan. 1, 2000.................. Test for critical transition of 1999 to 2000:
System rollover in both powered-up and powered-down states.
System date can be set to both before and after dates.
System re-initializes from cold start on both before and
after dates, or
Program rollover in both executing and non-executing
states.
Program retrieves/accepts both before and after dates in
executing state.
Program re-initializes from non-executing state on both
before and after dates.
Feb. 28, 2000 to Feb. 29, 2000................. Test to verify year 2000 is identified as a leap year:
System rollover in both powered-up and powered-down states.
System date can be set to after date.
System re-initializes from cold start on after date, or
Program rollover in both executing and non-executing
states.
Program retrieves/accepts after date in executing state.
Program re-initializes from non-executing state on after
dates.
Feb. 29, 2000 to Mar. 1, 2000.................. Another Year 2000 leap year test:
System rollover in both powered-up and powered-down states,
or
Program rollover in both executing and non-executing
states.
Dec. 31, 2000 to Jan. 1, 2001.................. Test for transition from 12-31-OO to 1-1-1:
System rollover in both powered-up and powered-down states,
or
Program rollover in both executing and non-executing
states.
----------------------------------------------------------------------------------------------------------------
\1\ Testing is conducted in this range of dates.
TABLE 2: MANDATORY CHECKLIST FOR A PRODUCT TO BE CERTIFIABLY YEAR 2000
COMPLIANT
------------------------------------------------------------------------
Components Specifics
------------------------------------------------------------------------
Basics.......................... 1. Data Structures Within the Product:
a. Database Structure.
b. File System Structure.
c. Holding or Working fields.
2. Date Manipulation Routines.
3. Called System Intrinsics.
4. Date Comparison Routines.
5. Date Fields on Reports.
Module Interfaces; Internal Date 6. Data Structures for Interfaces
Data Exchanges. Inbound to each Module.
7. Data Structures for Interfaces
Outbound from each Module.
Product Interfaces; External 8. Data Structures for Interfaces
Date Data Exchanges. Inbound to the Product.
9. Data Structures for Interfaces
Outbound from the Product.
Product Environment............. 10. Third Party Utilities or tools
used by/with the Product.
11. Date Logic Embedded in the JCL or
Run Logic of the Product.
------------------------------------------------------------------------
__________
Statement of Sandia National Laboratories
We are pleased to be given this opportunity to submit some thoughts
to the committee about how the Year 2000 problem might impact
telecommunications and to recommend some actions that might lessen the
severity of that impact.
Sandia is the DOE laboratory responsible for the ordnance
engineering for all U.S. nuclear weapons. Our responsibilities comprise
the design, certification, and assessment of the non-nuclear subsystems
of nuclear weapons, including arming, fuzing, and firing; safety,
security, reliability, and use-control; issues associated with the
production and dismantlement of nuclear weapons; and surveillance and
support of weapons in stockpile. We also perform substantial work in
programs that are closely associated with nuclear weapon research and
development, including nuclear intelligence, nonproliferation, and
treaty verification technologies.
We are, however, a multi-mission laboratory. Ten percent of our
work supports DOE's responsibilities for environmental remediation and
waste management, and another ten percent supports Department missions
in energy science, research, and development. When appropriate, we also
perform work for other government agencies, particularly the Department
of Defense, in programs where our unique capabilities, built to support
DOE's Defense Programs responsibilities, can be of value. Increasingly,
we are being called on to support other federal agencies, such as the
FBI, the National Institutes of Justice, NIST, and NASA, where we have
areas of expertise that can be of assistance.
The surety of the nation's telecommunications infrastructure is
absolutely essential for our national security. All businesses and
essential services require telecommunication for their operation. The
banking and finance sector exchanges billions of dollars a day across
telecommunications links. The ATM machine at the mall requires
operating phone lines to validate its transactions, as do the credit
card readers at the department store and the corner gas station. And of
course the whole spectrum of emergency response organizations, from the
National Guard to FEMA to police to hospitals, requires reliable
telecommunications to do their job. The Y2K crisis may require the
assistance of many of these organizations, and an additional Y2K-
induced failure of the telecommunications infrastructure during an
emergency would be catastrophic.
We've divided this document into seven parts: Public telephone
networks, data networks, satellites, international telecommunications,
dependencies of telecommunications on other infrastructures, other
issues, and finally recommendations. In each section, we discuss
potential Y2K vulnerabilities and mitigating actions that could either
prevent a failure or gracefully handle failures when they occur.
1. public telephone networks
Local phone companies
Over 1200 local telephone companies \1\ provide the primary
customer interface to the national telecommunications infrastructure.
These companies provide access not only to voice telephone service, but
also to the Internet for dialup users. Most of the larger local
companies, and certainly the Regional Bell Operating Companies
(RBOC's), are actively working Y2K issues.
These companies use switches and equipment made by a variety of
manufacturers such as Lucent, Nortel, and Siemens. All of these
manufacturers have made Y2K compliant upgrades to their major products
available, and most of the larger local phone companies are upgrading
or have already upgraded. While there is always the possibility for
hidden failures, the sensitivities in telephone switch gear that have
been located so far have had to do not with basic functionality but
with administration, management, and maintenance issues, as Dr. Judy
List of Bellcore has already testified.\2\ Such failures do not affect
dial tone, but can interfere with proper billing of call time, for
example. Thus, in older equipment that has not been upgraded, Y2K
failures are not likely to cause the local telephone system to go down,
but they may cause billing and revenue problems for companies that
don't upgrade. This may be a bigger problem for smaller local phone
companies because they are more cash-flow sensitive, and also because,
being resource-limited, they are less likely to upgrade their equipment
in the first place.
Again, we cannot be certain that basic system functionality will
not be compromised, because the variety of equipment that is critical
to call processing is too great and it has not all been analyzed as of
today (July 1998). The only way to be absolutely certain is with a
full-up system test, and that is impossible with the telephone
network.\2\ The telephone network cannot be taken offline for testing,
and even if it could, it contains embedded processors for which it will
not always be possible to manually roll the date forward. Partial
testing may be an option for certain critical nodes, but anything less
than a full system test is not guaranteed to catch the more insidious
bugs that are the whole reason testing is necessary. Absent tests, the
only alternative may be to do as much preventative repair as possible
and have well-oiled backup systems and well-trained repair crews in
place on January 1, 2000.
Major trunk carriers
Major trunk carriers such as Sprint, Worldcom, and AT&T carry
telephone traffic and data between the local phone companies. The
failure of even one of these carriers would be catastrophic. Because of
their interoperation agreements, a carrier experiencing difficulty can
route its traffic through the others. However, if a carrier fails
completely, the impact of all of its traffic suddenly being routed to
the others might cause an overload which, if not controlled quickly,
could conceivably bring down the others as well.
All the major carriers are spending millions of dollars working the
Y2K issue, and are deeply aware of the implications of failure. So far,
most of their equipment has the same Y2K issues as we discussed above:
it is less likely to affect basic service than administration,
management, and maintenance. Because of this and because all of these
companies are large and well-capitalized, total failure of the major
trunk carriers due to direct Y2K effects does not seem very likely.
However, we do find it plausible that Y2K could cause failure of
the telephone system through another mechanism: loss of electric power.
(More on this below.)
Wireless
Cellular phones, PCS phones, pagers, and other wireless mechanisms
that interface to the public telephone network must be examined for
their own Y2K vulnerabilities at the level of the equipment itself, the
transmitters/receivers (cells) and the interface points to the network.
We presume that the cellular providers are working the issue, but we do
not have any data at this point.
Local emergency and public safety organizations, such as police,
fire and EMS need to make sure that their wireless systems will
operate. We don't know their current status, but suspect that many may
be unaware of their Y2K vulnerabilities. These critical first responder
organizations need to be educated quickly and get their equipment
upgraded where appropriate.
Amateur radio operators must also examine their Y2K status. Hams
are frequently the only means of communication after a disaster, so it
is extremely imporant that their equipment operate correctly. The
American Radio Relay League and AMSAT, the Ham satellite organization,
have reported to us that most Ham equipment, as well as their
satellites, are not Y2K sensitive, and that they are updating software
that is. ``One of amateur radio's strengths is our adaptability,'' one
of the members of AMSAT told us. We find this encouraging, and believe
that Hams will be ready if there is a telecommunications emergency.
Customer-owned equipment
Much of the telephone system is customer-owned equipment installed
at the customer's premises. PBX systems, ISDN phones, answering
machines, voicemail systems, etc. are produced by myriad vendors and
largely are not under the control of the phone companies. Most of this
equipment is installed in businesses. While many vendors have produced
Y2K upgrades to their equipment, it is probable that a large fraction
of their customers have not upgraded, either because they are unaware
of the Y2K vulnerabilities in the equipment or because they cannot
afford to upgrade.
If this equipment goes down because of Y2K problems, companies who
own it and depend on it will certainly be at risk. But Y2K rarely
impacts a business in isolation; if a business goes down because of Y2K
and it's a critical customer or supplier of other businesses, it may
take the other businesses down with it, even if they are Y2K compliant.
Small-to-medium enterprises (SME's) are likely to be hardest hit by
this, because large companies will upgrade and can absorb the loss of
some trading partners. Loss of telecom and Internet equipment is one of
the most serious threats facing SMEs because this equipment is at least
as mission-critical as their computers and it is probably more
sensitive to Y2K. Encouraging SMEs to upgrade and encouraging vendors
to provide upgrades to SMEs at favorable terms should be strongly
considered. Because of the deeply interconnected nature of systems
vulnerable to Y2K failure, virtually all businesses must be compliant
or none are compliant.
911 call processing in public safety organizations must be
evaluated and upgraded where necessary. Because 911 processing usually
involves special equipment and is date-sensitive, it needs to be
checked carefully.
Indirect effects
Widespread outages in any of the infrastructures as a result of
Y2K, or widespread receipt of incorrect bills, could result in
thousands of complaint phone calls, which tie up the system. Procedures
are available to ensure that these calls do not block emergency users,
and the telecom system operators need to be prepared to invoke them if
necessary.
2. data networks
The Internet
Five years ago, the impact of losing the Internet would have been
minimal. Most users of the Internet were academic and government
organizations, and the loss of the Internet would have been a nuisance
at worst. Today, however, the Internet has become a business tool
almost as essential as the telephone. Many large companies today depend
on email and the Internet's ability to quickly move large quantities of
information between company sites. Some companies such as Yahoo! and
amazon.com derive virtually all their revenues through their Internet
services. The 1997 10-K filing of amazon.com states:
Amazon.com has grown rapidly since first opening its Web site
in July 1995. Through December 31, 1997, the Company had sales
of more than $164 million to approximately 1.5 million customer
accounts in over 150 countries.
The mail order company Land's End now takes orders over the
Internet. Mike Smith, their president, states in their annual report:
One area we will be spending more resources on is the Internet.
We feel the Internet could generate significant sales in the
future and will be investing accordingly. Obviously, the sooner
this medium takes off, the faster our payback on this
investment.
Besides the Internet-based merchants and advertisers, there are
also thousands of Internet Service Providers (ISPs) that exist solely
to connect customers to the Internet. The Internet has become an
extremely important engine of commerce. The loss of the Internet would
certainly have major economic consequences if it happened today, and
the consequences will be even greater on January 1, 2000, given the
continued exponential growth of the Internet between now and then.
But the Internet is also a social phenomenon. It began as a
convenient mechanism to allow computers to communicate. Today, it is an
essential mechanism to allow people to communicate. Continuing the
quote from amazon.com's 10-K filing:
Amazon.com strives to offer an online shopping experience that
involves discovery and fulfillment for its customers. The
Company believes that the sale of books and other products and
services over the Web can offer attractive benefits to
consumers, including, without limitation, enhanced selection,
convenience, ease-of-use, competitive pricing, depth of content
and information and personalization. Customers entering the
Amazon.com Web site can, in addition to ordering books and
other products, purchase gift certificates, conduct targeted
searches, browse highlighted selections, bestsellers and other
features, search for books by subject category, read and post
reviews, register for personalized services, participate in
promotions and check order status. The key components of
Amazon.com's offerings include browsing, searching, reviews and
content, online community, recommendations and personalization,
a gift center and an out-of-print book service.
This description hints at what the Internet is becoming: an
information mall; a centralized collection of information-related
services upon which people are learning to depend. It combines the
telephone, fax machine, television, and radio into a single two-way
information appliance in which the whole is greater than the sum of its
parts. This sounds like hyperbole, but the bottom line is that the
Internet is becoming an essential component of people's lives. The
Internet is a critical infrastructure, the surety of which must be
maintained both domestically and internationally.
The Internet is not centrally controlled or regulated. It is
largely governed by loose cooperation among its major stakeholders, and
by some informal policy-making and engineering committees. The self-
governing aspect of the Internet is one of its great strengths, but it
makes it difficult to study its vulnerabilities in detail or to mandate
remedial actions.
The Internet is heavily dependent on the public telephone networks,
especially the major trunk carriers. If they go down, the Internet as
we know it goes down too. The Internet is also dependent on the other
two pieces of the public telephone system: local phone companies and
customer-owned equipment. Local phone companies provide dialup service
to millions of individuals who access the Internet from home. They also
frequently provide connectivity for the lowest-tier ISPs and for
businesses that connect at higher bandwidths. (Even when they are not
the connectivity provider in name, local phone companies frequently own
the physical cable or fiber connection which has been leased by another
provider and resold to the ISP or end customer.) Therefore, if local
phone companies go out, they won't take down the whole Internet the way
the major trunk carriers might, but they will create islands of
Internet disconnection. In areas served by Y2K-affected local phone
companies, virtually no one may be able to connect to the Internet.
ISPs and Network Access Points (NAPs) must themselves have Y2K-
compliant equipment and like the small phone companies, the smaller
ones may be less likely to upgrade. ISP facilities also need to have
back-up diesel generators to cope with power failures. Today, ISPs do
not routinely install back-up generators the way local telephone
central offices do.
Most of the Internet actually resides inside corporate Local Area
Networks (LANs) that are dependent on privately owned equipment. If
this equipment is not upgraded for Y2K it may fail and not only disable
a business' connection to the ``main'' Internet, but take down the
corporate LAN as well. Again, the result is serious. Hundreds of people
lose access to the Internet, a business potentially grinds to a halt,
and its trading partners lose a valuable customer or supplier.
There are other pieces of the Internet that have no counterpart in
the telephone system, and which are critical to the Internet's
operation. The Domain Name Service (DNS) system comes to mind
immediately. If DNS is taken out by Y2K, the Internet becomes unusable.
In principle, it's a single point of failure. One master DNS machine
controls the whole system, and DNS tampering has taken down the
Internet in the past. In practice, DNS is probably more vulnerable to
terrorists and hackers than to Y2K. The systems are largely Unix-based
and so are unlikely to experience Y2K bugs, and new servers can be
switched in quickly if one fails. As long as the DNS servers are
adequately protected by backup electric power (not just battery-based
UPS systems, but generators with many days' capacity), DNS is not
likely to experience long-duration outages due to Y2K.
Specialized routers, bridges, concentrators, etc. are also used for
the Internet but not for the telephone system. All these pieces of
equipment must be checked and upgraded where necessary, and again, the
larger providers are more likely to have repaired their vulnerabilities
than the small players are. Provided the phone system remains
operational, the Internet will likely stay operational with localized
outages. If there are localized outages of the phone system in addition
to outages in the Internet infrastructure proper, the problem could be
much worse. Getting the system back online might then take much longer
because problems that are the fault of the Internet equipment could be
blamed on the phone system, and only after the phone system is back
online would it be possible to fix the Internet problems.
Other data networks
Almost all other data networks such as the Virtual Private Networks
used by private companies and governments rely on leased capacity from
the public telephone network, and they die if the telephone network
dies. Such networks may be even more critical to the nation's security
and economic health than the Internet simply because they have been in
use longer. Once again, upgrades to customer-owned equipment are very
important for maintaining these networks.
3. satellites
Satellites are vitally important to the world's telecommunications
capabilities. Although there is a trend to move two-way
telecommunications away from high-orbit satellites and onto terrestrial
cable, fiber, and new low-orbit satellites (because of the time delay
inherent in high-orbit satellites), they are all, nevertheless, still
important. Even though many satellites like GPS, sensing, military and
others are not involved with telecommunications per se, they all need
to be evaluated for Y2K vulnerabilities.
Three aspects of satellite systems are potentially vulnerable to
Y2K: platforms, payloads, and ground stations. Potential Y2K
vulnerabilities exist in all three places. A failure in the platform
may result in decreased orbital control, for example. In extreme cases
it could cause the satellite to drift so much it would have to use a
substantial amount of fuel to return to station, thus dramatically
decreasing its lifespan. A failure in the payload may result in loss of
service. A failure in the ground station may result in either loss of
control or loss of service.
The satellite platforms frequently contain older embedded
processors that may contain Y2K vulnerabilities. We have heard that the
satellite manufacturers have certified the platforms as Y2K compliant,
but as Senator Bennett has said, we should not accept the first
``comfort letter'' from the manufacturers. More investigation should be
done. The payloads vary tremendously and must be examined case-by-case.
If hardware Y2K vulnerabilities are found in the satellite platforms or
payloads, they will be virtually impossible to repair. We do know
something about the ground control stations. Many ground control
stations use 1970s vintage mainframe technology and almost certainly
will have problems. There are a limited number of these stations; their
use is shared among the satellite owners and prioritized according to
the criticality of the satellite. If several satellites have station-
keeping problems simultaneously, the wait to use the control stations
will be long. If the wait is too long, a satellite can drift away and
become temporarily lost and may have to be located again by radar.
Signal uplink/downlink ground stations, on the other hand, are very
numerous, but they are operated by a multitude of organizations and
almost certainly will have Y2K problems as well.
The week register rollover problem with GPS satellites is by this
time well known and should not be a problem for newer GPS receivers.
Extremely new low-earth-orbit (LEO) communications satellites like
Iridium and Teledesic are probably Y2K-compliant, but we haven't
confirmed this yet. If they are compliant, they will be useful as
backup communication mechanisms for critical users if land-based
telecommunications fail.
4. international telecommunications
If phone service is lost in other countries, we will be unable to
communicate with them, and that fact alone will have serious financial
repercussions. But the domino effect that is so prominent between
businesses with Y2K applies here between nations: even if the U.S.
telecommunications network is Y2K compliant, it could be jeopardized by
interactions with noncompliant networks.
The telephone companies in other countries buy switches from many
of the same manufacturers as do U.S. companies (as well as from several
others), and so theoretically they should be Y2K compliant as long as
they upgrade. But realistically, the response of other countries to the
Y2K situation varies dramatically, especially in the developing world.
Some countries have been very proactive at attacking Y2K, but most have
not. For those that have not, one way to measure a country's potential
telecommunications problems with Y2K might be to track its economic
prosperity over time.
The building of national telecommunications infrastructure tends to
be correlated with economic prosperity. Nations who became wealthy
selling national resources, for example, are likely to have built
state-of-the-art infrastructure at the time they became wealthy. During
a period of low economic prosperity--after the resources ran dry, for
example--a country would be unlikely to upgrade its infrastructures. So
countries that were wealthy in the 70s and 80s but are not so today are
likely to have Y2K problems, because they probably have not upgraded
their equipment. Countries that are prosperous today are less likely to
experience Y2K issues. Countries that never were very prosperous are
unlikely to have Y2K-telecom problems, because they're probably still
using mechanical switchgear. Economic prosperity trends (perhaps as
collected by the CIA) might thus be a useful starting point in gauging
the Y2K status of telecommunications in the developing world. Beyond
that, coordination with the ITU seems the best approach.
The Internet in other countries depends on telephone systems like
it does in the United States, so keeping the phones working there is
necessary for keeping the Internet working. The loss of the Internet in
other countries would be acutely felt by U.S. organizations that depend
on its ability to move data internationally. But we don't think it's
likely that an outage in another country would create a ``bottleneck''
in the United States since the United States already handles a large
percentage of the world's Internet traffic anyway. The ripple effect of
noncompliant Internet networks in other countries interacting with ours
and jeopardizing our functionality is certainly possible, but the
likelihood is difficult to predict without further analysis.
5. dependencies of telecommunications on other infrastructures
All telecommunications mechanisms depend on electric power. Most
have some power backup capacity, but if the electric grid in a city,
state, or nation goes down and stays down, virtually all
telecommunications there will go down soon after. The reliance of
global telecommunications on electric power is probably a more
immediate Y2K threat than that of direct Y2K-induced failure of
telecommunications systems. This is not a big problem with ``normal''
outages, where electric power is restored quickly after an incident
like a lightning strike and telephones continue to work as if nothing
happened. But because Y2K will affect several infrastructures
simultaneously, over a wide area, nonlinear effects may cause outages
to be longer and more widespread than normal. Nonlinear effects simply
mean that if it takes 1 day to recover a system after 1 incident, it
may 4 days, not 2, to recover from 2 simultaneous incidents. The delays
are not additive but multiplicative. The problem is greater than the
sum of its parts, but we cannot be sure how much greater.
Nonlinearities occur frequently in complex interconnected systems, of
which the infrastructure is a prime example. Nonlinearities are one of
the principal reasons why talk of Y2K contains such an atmosphere of
speculation, with phrases like ``likely"or ``possible'' or ``effect X
may happen.'' Exact prediction is not merely difficult; it is
impossible.
In the United States, most local switches are backed up by
batteries which last for a few hours, and by diesel generators that
last from a few days to a week or so. If electric power is off for a
week or more, and if diesel fuel cannot be replenished because the
transportation infrastructure is also affected by Y2K, the phones will
go dead, as will the Internet and all the other networks that depend on
the telephone system. Thus for telecommunications to survive Y2K, it's
absolutely critical that the electric power grid survive Y2K, and if it
does not, it is critical that fuel for generators be available where it
is needed.
Note that if the power grid goes offline, the electric company will
need communications to bring itself back online. Typically, it will
rely on its own private communications network (again, with power
supplied by temporary generators), but some electric utilities it may
be almost wholly dependent on the public telephone network. Thus, there
is a subtle and vicious cycle at work here. If power stays off so long
that the phone company runs out of diesel fuel, and the power company
runs out of fuel for the generators that power its own communications
network (or it is dependent on the telephone company), it may be
impossible for either power or telephones to be reactivated. Power
needs communication to restart, and communication needs power to work.
Keeping fuel flowing for emergency generators should be a top national
priority.
Another way to break the cycle is to emplace photovoltaic renewable
power systems at critical communications nodes. Because these systems
convert sunlight to electricity, they can provide virtually permanent,
free electricity with no external fuel requirement. From an engineering
point of view, they are a good match for telephone equipment because
the direct-current (DC) energy they supply is perfect for recharging
the battery bank that is already in place at the equipment. From an
economic point of view, PV power is usually too expensive where cheap,
reliable grid power is available. But in developing nations where grid
power is less stable than in the United States, and even in the United
States at sites that are remote and difficult for repair crews to reach
in an emergency, the promotion of PV power to telecommunications sites
for Y2K reliability (and for reliability in general) makes sense.
6. other issues
Common natural disasters such as earthquakes, ice storms, and the
like could compound the Y2K crisis if they occur near January 1, 2000.
The Leonid meteor storms which occur in November 1998 and 1999 will be
the most intense meteor showers in 30 years, and there is a possibility
that they will damage satellites.\4\ Man-made events like strikes, war,
etc. would also cause our Y2K remediation efforts to be spread thin.
Thinking that we will be so preoccupied with Y2K that we would not
notice deliberate malicious intent, terrorists, hackers and other
criminals might see Y2K as a prime opportunity to attack pieces of our
infrastructure. Or they might use Y2K-induced infrastructure failures
as cover for theft, arson, bombings, etc. We must be watchful of such
groups in the months leading up to Y2K and we must be especially
careful when monitoring the crisis as it occurs to discern deliberate
intent. New, automated indications and warnings mechanisms could be
useful for this purpose, and would continue to be useful after the Y2K
crisis for monitoring deliberate sabotage.
7. recommendations
Run system tests that exercise as many components of the system as
possible. A little planned pain now, while we have the time and
resources to fix problems, is better than a lot of pain on January 1,
2000 when repair crews already have their hands full.
Insist that all emergency response teams and public safety
organizations evaluate their Y2K status and upgrade immediately. Drill
emergency response teams with and without conventional telecom
capability. Recent experiences suggest that well-trained and well-
drilled ER teams work much more efficiently than those that do not
drill.\3\ At the same time, drill the ER teams whose job is to fix the
public telecommunication systems themselves, and perform extensive
scenario planning with them. (Utility companies that don't have ER
teams must establish them.) Much like the Pentagon stays prepared to
fight two wars simultaneously, we should be prepared to respond to
widespread outages in at least two major infrastructures
simultaneously.
Encourage private businesses--especially small-to-medium
enterprises--to upgrade their Y2K-sensitive equipment, including
privately owned telecommunications and Internet equipment. This effort
must of course include smaller phone companies and Internet Service
Providers who are especially critical to overall telecommunications
functionality.
Encourage other countries to upgrade their telecommunications
networks and indeed all their infrastructures to Y2K compliance.
Provide assistance where possible.
Ensure backup systems are in place and working, especially at the
more critical sites. Batteries should be fresh, generators maintained
(and themselves checked for Y2K compliance), and plenty of fuel should
be on hand. Allowing the stockpiling of extra fuel for the Y2K
emergency should be considered, even if it means suspending
environmental regulations to the contrary.
Keep oil wells, refineries, and fuel trucks running. They are
critical not just to telecommunications, but to all the Y2K-impacted
infrastructures.
Encourage solar-powered backups for critical remote sites and
foreign telecom systems where grid power is spotty anyway.
Install indications and warnings (I&W) systems at critical sites to
detect malicious sabotage and monitor Y2K cascade failures.
Finally, there are legitimate national security concerns that make
it necessary for the government to have access to detailed information
about the nation's telecommunications infrastructure, for Y2K
preparedness as well as other threats. We must encourage the
telecommunications companies to supply data (under nondisclosure
agreement of course, and without fear of having the information used
against them in litigation), so that the government can continually
evaluate the national security posture of its telecommunications
networks.
conclusions
Telecommunications is essential to our functioning as a nation, as
are all the other major infrastructures. The good news is that major
telecommunications outages resulting directly from Y2K are unlikely, at
least in the United States. The bad news is that Y2K has a good chance
of disrupting accounting and billing at telecommunications companies,
and without a stable revenue stream, those companies cannot stay in
business. Also, telecommunications is deeply dependent on other
infrastructures, which are much more likely to experience Y2K-induced
failures. Providing adequate slack and backup in all the critical
infrastructures will lessen the duration of outages and minimize the
ripple effect where one infrastructure takes down another.
The most important thing to remember about the Y2K crisis is that
people created it and people will solve it. It is fundamentally a
social problem, not a technological one. Since it is too late to
prevent all Y2K disruptions, the best way to prepare for them is to
fully disclose to the public what to expect and to practice scenarios
with the people who will be the first responders to the crisis.\3\ If
those first responders are prepared, and their families and personal
infrastructures are secure, they will be able to do their jobs and get
our infrastructures back on line quickly, with a little help from all
the rest of us.
references
\1\ http://www.telecompolicy.com/whoweare/
\2\ Testimony of Dr. Judith List, Bellcore, July 31, 1998 to the
Senate Year 2000 Committee.
\3\ Petersen, Wheatley, and Kellner-Rogers ``The Year 2000: Social
Chaos or Social Transformation?'' Global Business Network, http://
members.gbn.org/index/epress/multipleAuthors/jul98/y2k.pdf
\4\ http://cnn.com/TECH/space/9804/27/leonid.meteor/index.html