[Senate Hearing 106-22] [From the U.S. Government Publishing Office] S. Hrg. 106-22 YEAR 2000 COMPUTER PROBLEM ======================================================================= HEARINGS before the COMMITTEE ON APPROPRIATIONS UNITED STATES SENATE ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ SPECIAL HEARING __________ Printed for the use of the Committee on AppropriationsAvailable via the World Wide Web: http://www.access.gpo.gov/congress/senate ______ U.S. GOVERNMENT PRINTING OFFICE 54-532 cc WASHINGTON : 1999 _______________________________________________________________________ For sale by the U.S. Government Printing Office Superintendent of Documents, Congressional Sales Office, Washington, DC 20402 ISBN 0-16-058384-5 COMMITTEE ON APPROPRIATIONS TED STEVENS, Alaska, Chairman THAD COCHRAN, Mississippi ROBERT C. BYRD, West Virginia ARLEN SPECTER, Pennsylvania DANIEL K. INOUYE, Hawaii PETE V. DOMENICI, New Mexico ERNEST F. HOLLINGS, South Carolina CHRISTOPHER S. BOND, Missouri PATRICK J. LEAHY, Vermont SLADE GORTON, Washington FRANK R. LAUTENBERG, New Jersey MITCH McCONNELL, Kentucky TOM HARKIN, Iowa CONRAD BURNS, Montana BARBARA A. MIKULSKI, Maryland RICHARD C. SHELBY, Alabama HARRY REID, Nevada JUDD GREGG, New Hampshire HERB KOHL, Wisconsin ROBERT F. BENNETT, Utah PATTY MURRAY, Washington BEN NIGHTHORSE CAMPBELL, Colorado BYRON L. DORGAN, North Dakota LARRY CRAIG, Idaho DIANNE FEINSTEIN, California KAY BAILEY HUTCHISON, Texas RICHARD J. DURBIN, Illinois JON KYL, Arizona Steven J. Cortese, Staff Director Lisa Sutherland, Deputy Staff Director James H. English, Minority Staff Director C O N T E N T S ---------- Friday, January 15, 1999 Page Statement of John Koskinen, Chairman, President's Commission on Year 2000 Conversion........................................... 1 Opening statement of Hon. Ted Stevens............................ 1 Statement of Hon. Christopher S. Bond............................ 2 Prepared statement of Senator Christopher S. Bond................ 3 Prepared statement of Senator Patrick J. Leahy................... 4 Prepared statement of John A. Koskinen........................... 9 7th Quarterly Report--Progress on Year 2000 Conversion........... 21 The President's Council on Year 2000 Conversion--First Quarterly Summary of Assessment Information--January 7, 1999............. 48 Wednesday, January 20, 1999 Statement of David M. Walker, Comptroller General of the United States, General Accounting Office.............................. 95 Opening statement of Hon. Ted Stevens............................ 95 Prepared statement of David M. Walker............................ 103 The Federal Government has enhanced its approach................. 104 GAO's efforts to help meet the challenge......................... 106 Serious risks remain............................................. 106 The Nation as a whole faces significant year 2000 challenges..... 108 GAO reports and testimony addressing the year 2000 problem....... 110 (iii) YEAR 2000 COMPUTER PROBLEM ---------- FRIDAY, JANUARY 15, 1999 U.S. Senate, Committee on Appropriations, Washington, DC. The committee met at 9:32 a.m., in room SD-192, Dirksen Senate Office Building, Hon. Ted Stevens (chairman) presiding. Present: Senators Stevens, Bond, Gorton, Burns, Bennett, Campbell, Craig, Kyl, Reid, and Durbin. PRESIDENT'S COMMISSION ON YEAR 2000 CONVERSION STATEMENT OF JOHN KOSKINEN, CHAIRMAN opening statement of hon. ted stevens Chairman Stevens. Good morning. This is the first hearing of the Senate Appropriations Committee for this One Hundred Sixth Congress. The topic is the year 2000 computer conversion. Let me first tell you what this is not. I have been reading the periodicals concerning Y2K. This is Jane Bryant Quinn's ``Help, Y2K is on the Way'' article in Newsweek. This is the Time Magazine, ``The End of the World: Y2K Insanity,'' et cetera. And they talk about the end of the world as we know it, the millennium bug. Now, that is a very serious proposition and I think we are all interested in those articles. But that is not what we are talking about. We believe that this is one of the top priority items for the Federal Government, and we are going to start a series of oversight hearings. That is why I have decided to try and start off with this one. I am very grateful to the Chairman of the President's Council on the Year 2000 Conversion, John Koskinen. He has agreed to come today so we can make some inquiries about this subject. To give you a little bit of background, in 1997 our committee directed the Office of Management and Budget to make quarterly reports to Congress on the progress of efforts to fix the Y2K community computer problems for the Federal systems. The seventh quarterly report was issued in early December. As of that time, six agencies were listed as not making adequate progress, seven agencies were making progress but some concerns still remained, and eleven agencies were making satisfactory progress. We are interested in knowing what Mr. Koskinen's--am I saying that right? ``KOS-ki-nen''; I'm sorry, apologies--group is doing to assist those Federal agencies. Within his responsibility is the effort to coordinate the overall compliance effort, including not only the Federal Government, but the State and Federal Governments too, as I understand it, John. We hope to get some information from him on what progress that he believes is being made before we call some of these Federal agencies to come and tell us how they're doing. At the request of this committee last year, we started off without a request from the President a $3.35 billion emergency funding, which finally became part of the omnibus appropriations bill. We earmarked $1.1 billion for defense- related activities, $2.25 billion for non-defense activities, which included $29.9 million to be transferred to the Legislative Branch, General Accounting Office (GAO), and the Judicial Branch. There were two rounds of allocations from these funds, I'm informed, these emergency appropriations funds. We hope to learn about those allocations and the plans of the administration, if Mr. Koskinen can tell us, for the remaining funds. In addition, we want to learn more about the outreach to State and local governments, and to the private sector. I do not know if you know it, but I asked Senator Bennett to loan me his staff and we had a sort of a seminar in Anchorage last year to discuss with Alaskans and Alaskan business, State government, local government, what was being done to become compliant with the Y2K. We believe we are probably more affected than most people because we rely so much upon the transportation, communication and distribution efforts of the systems and we are sort of the end of the line, totally dependent upon air transportation and the communications capability that is regulated by the Federal Government. I know that this is short notice. I personally feel that the dire predictions we are reading can be averted and it is necessary that we take steps to assure that the Federal Government leads the system in terms of compliance. I expect that several of our members will want to have an opportunity to discuss these concerns with you this morning, and I would say I would hope that under the circumstances--we all know we have about 2 hours--that we would all keep our comments short, and that is what I have tried to do. So let me yield here at this time to see if any of my colleagues has any opening statement. Senator Campbell? Senator Campbell. No, I have none. Chairman Stevens. Senator Reid? Senator Reid. Mr. Chairman, I am wondering if, just because you are chairman of the committee, does this room have to feel like we are in Alaska? Chairman Stevens. Well, I knew how it would feel, so I wore one of these nice little sweaters, you see. Senator Reid. I have no statement. Chairman Stevens. I think it is just because we have not been in here for a while. We are starting to heat it up now. Senator Bond. statement of hon. christopher s. bond Senator Bond. Mr. Chairman, I have this wonderful lengthy statement that I have a feeling I am going to submit for the record. I thank you and Mr. Koskinen for being here. Chairman Stevens. Well, why do you not summarize it for us. Senator Bond. It is important for us to oversee Congress' efforts to help the Executive Branch become Y2K compliant. We are anxiously watching all of the agencies under our jurisdiction to see that they are in fact compliant, and we would like assurances that their kind words and encouraging outlooks are in fact reliable. As the chairman of the Small Business Committee, I am most anxious to see small businesses become Y2K compliant, and I think that agencies that deal with the small business community must realize that this is one of the great areas of danger that many smaller businesses, not necessarily the smallest ones that operate on a yellow pad and a calculator, but some of the smallest ones, could face. We are trying in the Small Business Committee to address that problem with a loan guarantee program and some other activities. I hope that when you establish the strategic advisory group you will have bona fide representatives of small business--and by small business we mean not just the manufacturing sector, but the service sector--so that you will be able to provide assistance to them as well. I thank the Chair. [The statement follows:] Prepared Statement of Senator Christopher S. Bond I want to thank Chairman Stevens for holding this important hearing on the Year 2000 (Y2K) computer problem and holding it this early in the session. This hearing is a good example of how we are continuing to do the people's business, despite all that is occurring now. One of those issues that is a priority for the nation is the Year 2000 computer problem. I would like to thank Mr. Koskinen for appearing today to update this Committee on the Administration's efforts to ensure that the Executive Branch is Y2K compliant. It is incumbent on Congress to closely oversee each agency's efforts to make its systems Y2K compliant. I look forward to addressing with Mr. Koskinen the compliance status of those agencies over which my subcommittee has jurisdiction. In addition to the government's Y2K compliance, Congress and the Administration, together, should also do everything practicable to ensure that the private sector is ready for the Y2K problem. The economic consequences will be extreme if numerous businesses fail or face prolonged periods for which they cannot do business because of the Y2K problem. As Chairman of the Senate Committee on Small Business, I have been specifically concerned about the nation's small businesses being aware of the Y2K problem and then becoming Y2K compliant. That is why last Congress I introduced the Small Business Year 2000 Readiness Act. This bill would have provided small businesses with the resources necessary to repair Year 2000 computer problems. The Committee on Small Business adopted the bill by a unanimous vote and the full Senate approved by unanimous consent. Unfortunately, the House of Representatives did not act on the legislation prior to adjournment. I intend to reintroduce a similar bill at the earliest possible time. The consequences of Congress not taking action in assisting small businesses to become Y2K compliant are too severe to ignore. Last June, the Committee on Small Business, which I chair, held hearings on the effect the Y2K problem will have on small businesses. The Committee learned that an estimated 4.75 million small employers are exposed to the Y2K problem. This is 82 percent of all small businesses that have at least two employees. Moreover, the Committee also received information indicating that 700,000 small businesses may either shut down due to the Y2K problem or be severely crippled. Such failures will affect not only the employees and owners of failed small businesses, but also their creditors, suppliers and customers. Given these facts, it is easy to forecast that there will be severe economic consequences if small businesses do not become Y2K compliant. In addition to the foregoing, concerns have recently been raised that there may be a credit crunch this year with businesses, especially small businesses, unable to obtain financing if they are not Y2K compliant. This was not foreseen by the Appropriations Committee last year when it put together the supplemental appropriation legislation providing federal agencies with funds to fix their Y2K problems. It may be appropriate to review whether a portion of those funds may be available to assist the private sector in obtaining loans to become Y2K compliant. Again, I would like to thank Chairman Stevens for holding this hearing and I look forward to hearing from Mr. Koskinen. additional submitted statement Chairman Stevens. Senator Leahy has requested that this statement be included in the Record. If there are any other statements they will be included also. [The Statement Follows:] Prepared Statement of Senator Patrick J. Leahy Mr. Chairman, the countdown keeps ticking on America's computer readiness for the year 2000. This hearing continues Congress' efforts to monitor Y2K readiness progress. Even in these very difficult times, I was very pleased with the Congress' bipartisan approach regarding the Hatch-Leahy Y2K readiness law that we passed last Congress. A team of Senators from both parties worked together to enact a law that will help ensure that everyone--consumers, small business owners, our military forces, corporations, local governments, and federal agencies--will be as ready as possible for the year 2000. I was pleased that we produced a bipartisan consensus bill supported by the Administration, and the industries most engaged in resolving Year 2000 problems such as the following industries: telecommunications, electric utilities, manufacturers, auditors, the computer hardware and software manufacturers, banking, financial services and information technology. In addition, in my home state of Vermont I am sponsoring-- with the Small Business Administration--a symposium on Y2K issues and solutions that will be carried live state-wide on February 19 on Vermont Interactive Television. I want to make sure that all Vermonters are able to get the information they need well ahead of midnight on December 31. In this same vein, the Hatch-Leahy Y2K readiness law contained an amendment which I included to mandate operation of a massive Y2K website for consumers, small businesses and local governments. This websites contains numerous valuable links and serves as a starting point on were to obtain Y2K conversion assistance. The address is: www.itpolicy.gsa.gov/mks/yr2000/ y2khome.htm and is also easy to locate on any website searchers under simply ``Y2K''. Also, I want to thank the President for his efforts regarding getting the federal government ready for the year 2000. On December 28, 1998, the President announced that on New Year's Day 2000 that the ``millennium bug will not delay the payment of Social Security checks by a single day'' and that the social security system is 100 percent ready for the year 2000. This is extremely important to thousands of Vermonters. In addition, the Chair of the President's Council on Year 2000 Conversion, John Koskinen, has been working hard to prevent Y2K conversion problems. I appreciate his efforts. At least thousands, and possibly millions, of information technology computer systems, software programs, and semiconductors are not capable of recognizing certain dates in 1999 and may not interpret dates in the Year 2000 correctly. These Year 2000 problems could cause incapacities in essential systems which, in turn, could affect our electric power grids and telecommunications, financial markets and health care, and government and defense systems. Reprogramming or replacing computer systems in a timely and thorough manner is thus a matter of paramount necessity for U.S. economic and national security. The purpose of the ``Year 2000 Information and Readiness Disclosure Act'', S. 2392, which passed last year, was to help break the silence and encourage full disclosure and exchange of Year 2000 computer problems, solutions, test results, and general readiness. The bill provides limited liability protection for a limited time for specific types of Year 2000 information that is considered essential to remediation efforts. What the bill does not do is provide liability protection for failures that may arise from Year 2000 problems. The bill thus promotes company-to-company information sharing while not limiting rights of consumers. Mr. Chairman, I look forward to working with you on Y2K funding issues and appreciate your willingness to provide additional support for federal agencies and their Y2K efforts. The Omnibus Appropriations Bill which I supported last year provided a total of $3.35 billion for emergency expenses related to Year 2000 conversion of Federal information technology systems and related expenses. Chairman Stevens. Well, Senator, I think that is an interesting comment, because I am hopeful that the subcommittees will now, once we get through this and maybe another hearing that we will have, will pursue this and make the Y2K issue a priority issue for each of the subcommittees. For instance, I have been told that the Agency for International Development has not received Y2K supplemental funds. We are very interested in that in Alaska because of our relationship to Eastern Russia and what we are trying to do to help them become part of the free enterprise system. We are also told that the date that we should all realize has been established by the Federal Government--I do not know whether it was you or the GAO--the goal is that all agencies will be compliant by March 30th of this year, 1999. We do intend to ask the GAO to come in and tell the full committee, hopefully next week, what has been done in their opinion. Then I want to urge each subcommittee to call in agencies under the jurisdiction of that subcommittee and ask them what they are doing and do they have the funds necessary. I still believe the $3.35 billion was necessary and should be sufficient, but if more funds are needed we need to know soon if we should urge Office of Management and Budget (OMB) to give us a request for additional money. These dire predictions of doomsday I think are going to increase through the year unless we really make this the priority it should be. Any other comment from members? [No response.] Chairman Stevens. Let me thank you again for coming. You have a very important job, in my opinion. I believe this is the first priority of Congress and the Executive Branch, is to get this issue behind us. So thank you very much for coming. Mr. Koskinen. Thank you, Mr. Chairman. As Chair of the President's Council on Year 2000 Conversion, I am pleased to appear before the full committee---- Chairman Stevens. Would you pull that mike up toward you, please. Mr. Koskinen. Yes. I am pleased to appear before the committee to discuss the Federal Government's progress on the Year 2000, or Y2K as it is known, computer problem and the contingency emergency funds that have been provided by Congress for this important work. With your permission, Mr. Chairman, like Senator Bond, I would like to submit my full statement for the record and summarize it here, and also for the record submit the most recent OMB quarterly report, the report of the two submissions under the emergency funds, and a recent quarterly report from the President's Council summarizing the assessment information which we have from the private sector about its state of readiness. Chairman Stevens. Your statement is fairly short, but do whatever you want. Mr. Koskinen. That is fine. Thank you. I appreciate the strong support this committee and you in particular, Mr. Chairman, have provided the Federal agencies in their Y2K efforts, and I especially appreciate your strong leadership in building upon the President's fiscal year 1999 request for a general emergency fund to create a specific designated emergency contingency fund for Y2K remediation. The creation of this fund was an important step because, as you know, the Y2K problem presents us with a management challenge unlike any we have ever seen. As a result, the experience in the private sector as well as in Federal agencies has been that it is impossible to predict with total accuracy the precise demands associated with completing Y2K work. With 350 days remaining, the government does not have time for the normal supplemental appropriations process to provide funding for critical needs in this area, which is why the contingency funding you have provided is so significant. I am pleased to report that the Federal Government continues to make strong, steady progress in solving its Y2K problems. As you know, the Federal Government is the only large organization in the world with a transparent process for reporting on its progress in addressing the Y2K problem. Each quarter, as you noted, agencies report in detail to the Office of Management and Budget and to the Congress on the state of progress of their Y2K work. According to the most recent OMB report, released last month, 61 percent of all Federal mission critical systems are now Y2K compliant, more than double the 27 percent that were compliant a year ago. Senator Reid. What was that number again? Mr. Koskinen. 61 percent. The report also states that, of critical systems requiring repair work, 90 percent had been fixed as of the beginning of November and are now being tested. Let me share with you a few examples of recent progress. Referring again to Senator Bond's comment on and great interest in small business, as of November 15th the Small Business Administration had completed all of its work on all of its critical systems, ensuring that Small Business Administration (SBA) assistance to the Nation's 24 million small businesses will not be interrupted in January of the Year 2000. At the end of last month, as I am sure you noted, the President announced that, thanks to the joint efforts of the Social Security Administration and Treasury's Financial Management Service, the Social Security System is now Year 2000 compliant. The President has established an ambitious goal of having 100 percent of the government's mission critical systems Y2K compliant by March 31, 1999, 9 months in advance of the transition to the Year 2000, which is well ahead of many private sector system remediation schedules. As the chairman noted, I think it is appropriate and I think it will be important for the Federal Government to establish that in fact, while there has been a lot of grumbling about and criticism of its efforts, we expect that the government will complete its work in advance of many private sector industries. Although much work remains, we expect that over 80 percent of the government's mission critical systems will meet the March goal, and monthly benchmarks with a timetable for completing the work will be available for every mission critical system still being tested or implemented at that time. We expect that all of the government's mission critical systems will be Year 2000 compliant before January 1, 2000. This does not mean that we are without significant challenges. For example, while the Defense Department continues to make progress in addressing its massive Y2K challenge, OMB reported that the Department of Defense (DOD's) rate of progress indicates that all of its systems will not meet the March goal of 100 percent compliance. At a day-long meeting last Saturday at the Pentagon to review the status of all DOD mission critical systems, Deputy Secretary Hamre and I were advised that most systems will either meet the March date or be in the process of implementation at that time. At Health and Human Services (HHS), the Health Care Financing Administration has now finished renovating and testing all of its internal systems. However, a tremendous amount of systems work and contingency planning will remain after March by its Medicare contractors, 60 large companies that administer the system. Nonetheless, while that work remains, those same contractors are expected to complete renovation and testing by the government-wide goal of March 31. At the Transportation Department, the Federal Aviation Administration (FAA's) rate of progress has improved dramatically, but the percentage of the Department of Transportation's critical systems that have been tested and implemented continues to lag behind the government-wide schedule. Nonetheless, I am confident that the air traffic system will be totally compliant well in advance of the Year 2000. The availability of emergency contingency funding is playing an important role in the ability of agencies to meet the Y2K challenge head on, even as they encounter new and unexpected Y2K expenditures. Last year's omnibus appropriations bill provided, as the chairman noted, a total of $3.35 billion, $2.25 billion for non-defense agencies and $1.1 billion for defense, for emergency expenses related to Year 2000 conversion of Federal information technology systems and related expenses. Since the completion of the fiscal year 1999 appropriations process, OMB has worked with the agencies to identify activities that were included in the President's fiscal year 1999 budget that Congress directed to be funded from the contingent emergency reserve, as well as critical requirements that have been identified since the President's fiscal year 1999 budget was transmitted last February. For these new requirements, OMB is reviewing each agency request carefully to ensure that funds requested were unanticipated and will solve the Year 2000 problem. Of the $2.25 billion available for non-defense agencies, $1.2 billion has been allocated to date. On November 6, 1998, OMB requested the release of $891 million in non-defense spending for 17 agencies. OMB requested an additional $338 million in non-defense spending for 21 agencies on December 8th. These transfers will support a wide range of activities to ensure that important computer systems throughout the Federal Government will operate smoothly through the Year 2000 and beyond. As noted, I have submitted for the record with my testimony a copy of the December 8 OMB document which summarizes both requests. A third request for expenditures from the emergency funds is expected to be transmitted to Congress by OMB before the end of this month. With regard to the $1.1 billion made available by Congress for defense activities, the Defense Department furnished OMB with a report on January 8th, last Friday, on how DOD plans to use its portion of the supplemental appropriation. OMB is currently reviewing the proposal and anticipates making recommendations shortly. It has been clear from the start that, to operate effectively, Federal systems often depend upon a large number of outside, non-Federal systems. State systems that support State-administered Federal programs such as unemployment insurance and Medicaid must work properly for Federal systems to effectively carry out their tasks in those areas. At United States (U.S.) embassies around the world, Federal systems depend on the functioning of host country systems for their operations. The Federal Government does not have a responsibility to fix or pay for the fixes to non-Federal systems, whether they be in the private sector, at the State and local level, or internationally. However, in some areas it is appropriate for the Federal Government to support planning activities and the sharing of best practices related to remediating non-Federal systems insofar as this contributes to Federal interests and the effective operation of Federal systems. This support could be critical in key infrastructure areas, such as telecommunications and transportation, where States and international entities are working together to ensure a seamless transition to the Year 2000. Progress is being made on the Y2K problem in the Federal Government, at the State and local level, in the private sector, and internationally. But much work remains to be done and I think it is appropriate, Mr. Chairman, for this to be the highest priority for Congress and the Executive Branch. As I have said often, not every system is going to be fixed by January 1, 2000. However, I am confident that difficulties for the economy or the public will not be the result of the direct failure of any Federal system. Agencies are focused on this problem and are managing toward ambitious goals for completing their work. The Federal Government's successful resolution of the Year 2000 problem in its systems will be a tribute to the skill, dedication, and hard work of thousands of career employees working across the government. It is my pleasure to assist them in whatever way I can as part of this vital national effort. prepared statement I thank the committee again for its support on this important matter and I would be happy to answer any questions that you may have. [The statement follows:] Prepared Statement of John A. Koskinen Good morning, Mr. Chairman. As Chair of the President's Council on Year 2000 Conversion, I am pleased to appear before the Committee to discuss the Federal Government's progress on the Year 2000 (Y2K) computer problem and contingency funding for this important work. I appreciate the strong support the Committee has given to Federal agencies and their Y2K efforts. I especially appreciate your leadership, Mr. Chairman, in building upon the President's fiscal 1999 request for a general emergency fund to create a specific, designated emergency contingency fund for Y2K remediation. The creation of this fund was an important step because, as you know, the Y2K problem presents us with a management challenge unlike any we have ever seen. As a result, the experience in the private sector as well as in Federal agencies has been that it is impossible to predict with total accuracy the precise demands associated with completing Y2K work. With 350 days remaining, the Government does not have time for the normal supplemental appropriations process to provide funding for critical needs in this area, which is why the contingency funding you have provided is so significant. Federal Agency Progress I am pleased to report that the Federal Government continues to make strong, steady progress in solving its Y2K problems. As you know, the Federal Government is the only large organization in the world with a transparent process for reporting on its progress in addressing the Y2K problem. Each quarter, agencies report in detail to the Office of Management and Budget (OMB) and to Congress on their Y2K efforts. The number of mission-critical systems in each agency has been identified, and progress is reported in terms of assessment, remediation, testing, and implementation. For the past two years, OMB has been issuing public summary reports on the status of agency Y2K activities. According to the most recent OMB report released last month, 61 percent of all Federal mission-critical systems are now Year 2000 compliant--more than double the 27 percent compliant a year ago. These systems have been tested and implemented and will be able to accurately process data through the transition from 1999 into the Year 2000. The report also states that, of critical systems requiring repair work, 90 percent have been fixed and are now being tested. Let me share a few examples of recent progress. As of November 15, the Small Business Administration (SBA) had completed work on all of its critical systems, ensuring that SBA assistance to the Nation's 24 million small businesses will not be interrupted in January 2000. The Interior Department posted a 50 percent increase in its number of Y2K compliant systems compared to the last quarter that includes the U.S. Geological Survey's National Seismic Network, which provides early warnings of earthquakes. The Education Department's number of critical systems, many of which are an integral part of processing student loans, that are now Y2K compliant increased by more than one-third. And at the end of last month, the President announced that, thanks to the joint efforts of the Social Security Administration and Treasury's Financial Management Service, the Social Security system is now Y2K compliant. The President has established an ambitious goal of having 100 percent of the Government's mission-critical systems Y2K compliant by March 31, 1999--well ahead of many private sector system remediation schedules. Although much work remains, we expect that over 80 percent of the Government's mission-critical systems will meet the March goal, and monthly benchmarks with a timetable for completing the work will be available for every system still being tested or implemented. We expect that all of the Government's critical systems will be Y2K compliant before January 1, 2000. This does not mean that we are without significant challenges. While the Defense Department continues to make progress in addressing its massive Y2K challenge, OMB reported that DOD's rate of progress indicates that all of its systems will not meet the March goal of 100 percent compliance. At a day-long meeting last Saturday at the Pentagon to review the status of all DOD mission-critical systems, Deputy Secretary Hamre and I were advised that most systems will either meet the March date or be in the process of implementation. In the Department's case, implementation includes installing completed Y2K- compliant systems across the services and the Department. According to the last OMB quarterly report, the Energy Department had completed testing on only 53 percent of its critical systems--below the government-wide average. Secretary Richardson made clear at the beginning of his tenure at the Department that this issue will receive his personal attention. At HHS's Health Care Financing Administration (HCFA), HCFA has finished renovating and testing all of its internal systems. Although a tremendous amount of systems work and contingency planning will remain after March, most Medicare contractors are expected to complete renovation and testing by the government-wide goal. The State Department faces a significant challenge in simultaneously managing its complex Y2K project and completely replacing information systems installed around the world. At the Transportation Department, the FAA's rate of progress has improved dramatically, but the percentage of DOT's critical systems that have been tested and implemented continues to lag behind the government-wide schedule. Nonetheless, I am confident that the air traffic system will be totally compliant well in advance of the Year 2000. Let me be clear: Fixing the Year 2000 problem in Federal agencies is not a question of commitment. As you know, since last summer I have been participating in the monthly Y2K meetings of the senior managers in agencies whose systems are most at risk. I can attest that they and their staffs are focused on getting the job done. It is more a question of doing whatever it takes to overcome obstacles and accelerate progress in remediating systems. I am confident that these agencies will be able to do that and ensure that their critical systems will be ready for the Year 2000. Contingency Funding The availability of emergency contingency funding is playing an important role in the ability of agencies to meet the Y2K challenge head-on, even as they encounter new and unexpected Y2K expenditures. It has been especially helpful to have an expedited process for OMB and congressional review of agency needs. Last year's Omnibus Appropriations bill provided a total of $3.35 billion--$2.25 billion for non-defense agencies and $1.1 billion for defense--for emergency expenses related to Year 2000 conversion of Federal information technology systems and related expenses. Since the completion of the fiscal 1999 appropriations process, OMB has worked with the agencies to identify activities that were included in the President's fiscal 1999 budget that Congress directed to be funded from the contingent emergency reserve as well as critical requirements that have been identified since the President's budget was transmitted last February. For these new requirements, OMB is reviewing each agency request carefully to ensure that funds requested were unanticipated and will solve a Year 2000 problem. Of the $2.25 billion available for non-defense agencies, $1.2 billion has been allocated to date. On November 6, 1998, OMB requested the release of $891 million in non-defense funding for 17 agencies. OMB requested an additional $338 million in non-defense funding for 21 agencies on December 8. These transfers will support a range of activities to ensure that important computer systems will operate smoothly through the Year 2000 and beyond. Federal agencies would use this funding for additional remediation of information technology systems, testing to ensure that systems are Y2K compliant, replacement of embedded computer chips, creation and verification of continuity of operations and contingency plans, and outreach to non-Federal entities by agencies in support of the Council. I have submitted for the record with my testimony a copy of the December 8 OMB document, which summarizes both requests. OMB has also notified agencies that, should they continue to identify unforeseen Year 2000-related funding requirements, they should forward these requirements to OMB for consideration as items that may be funded from the contingent emergency reserve. A third request is expected to be transmitted to Congress before the end of the month. With regard to the $1.1 billion made available by Congress for defense activities, the Defense Department furnished OMB with a report on January 8 on how DOD plans to use its portion of the supplemental appropriation. OMB is currently reviewing the proposal and anticipates making recommendations shortly. It has been clear from the start that to operate effectively, Federal systems often depend upon a large number of outside, non- Federal systems. State systems that support State-administered Federal programs such as unemployment insurance and Medicaid must work properly for Federal systems to effectively carry out their tasks in these areas. At U.S. embassies around the world, Federal systems depend on the functioning of host country systems for their operations. The Federal Government does not have a responsibility to fix, or pay for fixes to, non-Federal systems--whether they be in the private sector, at the State and local level, or internationally. However, in some areas, it is appropriate for the Federal Government to support planning activities and the sharing of best practices related to remediating non-Federal systems, insofar as this contributes to Federal interests and the effective operation of Federal systems. This support could be critical in key infrastructure areas such as telecommunications and transportation, where States and international entities are working together to ensure a seamless transition to the Year 2000. We have provided the Committee copies of the most recent OMB report on Federal agency Y2K progress and the Council's quarterly summary of assessments regarding private sector and State and local Y2K efforts. Looking Forward Progress is being made on the Y2K problem--in the Federal Government, at the State and local level, in the private sector, and internationally. But much work remains to be done. As I've said often, not every system is going to be fixed by January 1, 2000. However, I am confident that difficulties for the economy or the public will not be the result of a direct failure of Federal systems. Agencies are focused on this problem and are managing toward ambitious goals for completing their work. The Federal Government's successful resolution of the Y2K problem in its systems will be a tribute to the skill, dedication, and hard work of thousands of career employees working across the Government. It is my pleasure to assist them in whatever way I can as part of this vital national effort. I thank the Committee for its support on this important matter, and I would be happy to answer any questions that you may have. ______ The White House, Washington, December 8, 1998. The Speaker of the House of Representatives. Sir: In accordance with provisions of Public Law 105-277, the Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999, I hereby request the following transfers from the Information Technology Systems and Related Expenses account: department of agriculture Executive Operations, Office of the Chief Information Officer: $28,731,000 department of commerce General Administration, Salaries and Expenses: $5,350,000 Economic Development Administration, Salaries and Expenses: $694,000 Bureau of the Census, Salaries and Expenses: $10,000,000 Bureau of the Census, Periodic Censuses and Programs: $10,900,000 Export Administration, Operations and Administration: $330,000 National Technical Information Service, NTIS Revolving Fund: $1,000,000 National Institute of Standards and Technology, Industrial Technology Services: $21,000,000 department of education Office of Postsecondary Education, Federal Direct Student Loan Program, Program Account: $531,000 Office of Postsecondary Education, Federal Family Education Loan Program Account: $794,000 Departmental Management, Program Administration: $960,000 department of housing and urban development Management and Administration, Salaries and Expenses: $12,200,000 department of the interior Departmental Management, Working Capital Fund: $17,701,200 department of labor Employment and Training Administration, Training and Employment Services: $804,000 Mine Safety and Health Administration, Salaries and Expenses: $2,259,000 Departmental Management, Salaries and Expenses: $1,170,000 Departmental Management, Office of the Inspector General: $1,000,000 department of state Administration of Foreign Affairs, Capital Investment Fund: $10,000,000 department of transportation Office of the Secretary, Salaries and Expenses: $7,054,000 Coast Guard, Operating Expenses: $20,505,000 Federal Aviation Administration, Operations: $9,699,000 Federal Aviation Administration, Facilities and Equipment: $86,612,000 Federal Aviation Administration, Research, Engineering, and Development: $147,000 Research and Special Programs Administration, Research and Special Programs: $182,000 Research and Special Programs Administration, Pipeline Safety: $150,000 Maritime Administration, Operations and Training: $530,000 department of the treasury Departmental Offices, Automation Enhancement: $37,403,000 Bureau of Alcohol, Tobacco and Firearms, Salaries and Expenses: $2,665,000 federal emergency management agency Salaries and Expenses: $3,641,000 Emergency Management Planning and Assistance: $3,711,000 general services administration General Activities, Policy and Operations: $12,701,023 international assistance programs Agency for International Development, Operating Expenses of the Agency for International Development: $10,200,000 Overseas Private Investment Corporation, Overseas Private Investment Corporation Noncredit Account: $840,000 Overseas Private Investment Corporation Program Account: $1,260,000 African Development Foundation, African Development Foundation: $137,485 small business administration Salaries and Expenses: $890,000 district of columbia District of Columbia Courts, Federal Payment to the District of Columbia Courts: $2,248,660 national archives and records administration Operating Expenses: $6,662,000 office of special counsel Salaries and Expenses: $100,000 railroad retirement board Federal Payment to the Railroad Retirement Accounts: $340,000 smithsonian institution Salaries and Expenses: $4,700,000 This funding will support efforts to make Federal information technology systems Year 2000 compliant and outreach to non-Federal entities in support of the Year 2000 Conversion Council. I hereby designate all of the above requests as emergency requirements pursuant to section 251(b)(2)(A) of the Balanced Budget and Emergency Deficit Control Act of 1985, as amended. The details of these actions are set forth in the enclosed letter from the Director of the Office of Management and Budget. I concur with his comments and observations. Sincerely, William J. Clinton. Enclosure. ______ Executive Office of the President, Office of Management and Budget, Washington, December 8, 1998. The Honorable Bob Livingston, Chairman, Committee on Appropriations, U.S. House of Representatives, Washington, D.C. Dear Mr. Chairman: In accordance with provisions of Public Law 105- 277, the Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999, I am transmitting a proposed allocation and plan for the following agencies to achieve Year 2000 (Y2K) compliance for technology information systems: Department of Agriculture Department of Commerce Department of Education [revision] Department of Housing and Urban Development Department of the Interior [revision] Department of Labor [revision] Department of State [revision] Department of Transportation Department of the Treasury [revision] Federal Emergency Management Agency General Services Administration [revision] Agency for International Development Overseas Private Investment Corporation African Development Foundation Small Business Administration District of Columbia Courts National Archives and Records Administration Office of Special Counsel Railroad Retirement Board Smithsonian Institution As noted, for six of the agencies listed above, the materials transmitted revise the allocations and plans for these agencies that were submitted on November 6, 1998. In monitoring Federal agency progress towards Y2K compliance, OMB has directed agencies to estimate the total fiscal year 1999 resources necessary for Y2K compliance and related expenses. Further, OMB and the agencies have worked together to determine whether resource requirements associated with Y2K can be accommodated within appropriated levels, or whether contingent emergency funds should be allocated. For the agencies listed above, the allocation of contingent emergency funds required at this time is displayed on the enclosed table. The table indicates which agencies will be receiving a second allocation of emergency funding--those allocations and plans that are being revised--to demonstrate how their resource requirements have been addressed over time. In addition, all of the agencies listed above have been directed to provide detailed justification materials for these requirements to the committees specified in Public Law 105-277, as well as to the relevant appropriations subcommittees, concurrent with the transmittal of this allocation and plan. These materials detail agency funding requirements associated with systems remediation, and discuss how that funding--both base funding and emergency supplemental funding--will assist an agency in achieving Y2K compliance. In addition, funding for activities in support of the President's Council on Year 2000 Conversion is discussed. OMB will continue to monitor agency requirements and will address additional funding needs as they emerge. OMB's strategy to ensure agency Y2K compliance is predicated on agency accountability. We have systematically monitored agency progress through agency goals for: compliance of mission critical systems, progress on the status of mission critical systems, status of mission critical systems being repaired, and agency Y2K cost estimates. These performance measures have proved useful in ensuring agency accountability without diverting vital resources from Y2K compliance activities to reporting requirements. Provided with this package is OMB's November 1998 Y2K Quarterly Report to the House and Senate Appropriations Committees, which includes an assessment of these performance measures and the Government's overall progress. In assessing agency progress towards compliance, OMB has focused on the four measures described above. The report also details other initiatives--such as our work with the States on data exchanges--that are part of the Administration's overall plan for achieving Y2K compliance. For most of the agencies listed in this transmittal, the following constitutes the agency plan as required by Public Law 105-277: OMB Quarterly Report; and, the justification materials provided by the agencies concurrent with the transmittal of this letter. For several small, independent agencies included in this transmittal--Overseas Private Investment Corporation, African Development Foundation, District of Columbia Courts, Office of Special Counsel, Railroad Retirement Board, and Smithsonian Institution--the justification materials provided serve as the agency plan. OMB has been monitoring the progress of these small agencies, and will ask them to report back on their status early next year. Thank you again for your cooperation on this important issue. Sincerely, Jacob J. Lew, Director. ______ [Estimate No. 25, 105th Congress, 2d Session] Executive Office of the President, Office of Management and Budget, Washington, DC, December 8, 1998. The President, The White House. Submitted for your consideration are requests to transfer $338 million from the Information Technology Systems and Related Expenses Account for year 2000 (Y2K) compliance to 20 Federal agencies. This is the second release of contingent emergency funding for Y2K from funds appropriated in Public Law 105-277, the Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999. On November 6, 1998, you allocated $891 million to 17 Federal Agencies. These transfers will support a range of activities to ensure that important computer systems will operate smoothly through the year 2000 and beyond. Contingent emergency funding would be allocated both for activities that were included in your fiscal year 1999 Budget but were not funded in the fiscal year 1999 appropriations process, and for critical Y2K requirements that have been identified since the fiscal year 1999 Budget was transmitted. Federal agencies would use this funding for additional remediation for information technology systems, testing to ensure that systems are Y2K compliant, replacement of embedded computer chips, creation and verification of continuity of operations and contingency plans, and outreach to non-Federal entities by agencies in support of the Year 2000 Conversion Council. Your fiscal year 1999 Budget anticipated that Y2K requirements would emerge over the course of the year and included an allowance to provide flexible funding to address emerging needs. As you requested, Public Law 105-277, the Fiscal Year 1999 Omnibus Consolidated and Emergency Supplemental Appropriations Act, provided contingent emergency funding for Y2K computer conversion activities--$1.1 billion for defense-related activities and $2.25 billion for non-defense activities. The enclosed requests for transfers are for non-defense agencies; therefore, the funds would be transferred from the Information Technology Systems and Related Expenses account established by Public Law 105-277. OMB continues its oversight of Federal agency progress toward fixing the Y2K problem. We are working to ensure that Federal agencies have sufficient fiscal year 1999 resources to address Y2K and that flexible contingent emergency funding remains available to address emerging needs. Pursuant to the requirements of Public Law 105-277, OMB will prepare and submit reports to Congress on the proposed allocation and plan for each affected agency to achieve year 2000 compliance for technology information systems before funds can be released to the agency. The report for agencies represented in this second release of Y2K contingent emergency funds will be transmitted to the congressional committees specified in Public Law 105-277 concurrent with this request for release of the funds. In addition, OMB has directed each affected agency to provide detailed justification materials in support of its plan and allocation to the relevant appropriations subcommittees. OMB will continue to monitor agency requirements and will address additional funding needs as they emerge. I recommend that you designate the amounts listed on the enclosure as emergency requirements in accordance with section 251(b)(2)(A) of the Balanced Budget and Emergency Deficit Control Act of 1985, as amended. No further congressional action will be required. Pursuant to Public Law 105-277, funds will be made available to agencies 15 days after this designation is forwarded to Congress. I have carefully reviewed these proposals and am satisfied that they are necessary at this time. Therefore, I join the heads of the affected Departments and agencies in recommending that you make the requested funds available by signing the enclosed letter to the Speaker of the House of Representatives. Sincerely, Jacob J. Lew, Director. Enclosure. Emergency Appropriations: Amounts Previously Appropriated Made Available by the President Year 2000 (Y2K) Conversion: Department of Agriculture: Executive Operations, Office of the Chief Information Officer........... $28,731,000 Department of Commerce: General Administration, Salaries and Expenses... 5,350,000 Economic Development Administration, Salaries and Expenses.................................. 694,000 Bureau of the Census: Salaries and Expenses. 10,000,000 Periodic Censuses and Programs.............. 10,900,000 Export Administration, Operations and Administration................................ 330,000 National Technical Information Service, NTIS Revolving Fund................................ 1,000,000 National Institute of Standards and Technology, Industrial Technology Services................ 21,000,000 Department of Education: Office of Postsecondary Education: Federal Direct Student Loan Program, Program Account................................... 531,000 Federal Family Education Loan Program Account................................... 794,000 Departmental Management, Program Administration. 960,000 Department of Housing and Urban Development: Management and Administration, Salaries and Expenses.......................................... 12,200,000 Department of the Interior: Departmental Management, Working Capital Fund.............................. 17,701,200 Department of Labor: Employment and Training Administration: Training and Employment Services............ 804,000 Mine Safety and Health Administration, Salaries and Expenses.................................. 2,259,000 Departmental Management: Departmental Management......................... 1,170,000 Office of the Inspector General................. 1,000,000 Department of State: Administration of Foreign Affairs, Capital Investment Fund.................. 10,000,000 Department of Transportation: Office of the Secretary, Salaries and Expenses.. 7,054,000 Coast Guard, Operating Expenses................. 20,505,000 Federal Aviation Administration: Operations.................................. 9,699,000 Facilities and Equipment.................... 86,612,000 Research, Engineering, and Development...... 147,000 Research and Special Programs Administration: Research and Special Programs............... 182,000 Pipeline Safety............................. 150,000 Maritime Administration, Operations and Training 530,000 Department of the Treasury: Departmental Offices, Automation Enhancement.... 37,403,000 Bureau of Alcohol, Tobacco and Firearms, Salaries and Expenses......................... 2,665,000 Federal Emergency Management Agency: Salaries and Expenses........................... 3,641,000 Emergency Management Planning and Assistance.... 3,711,000 General Services Administration: General Activities, Policy and Operations............................. 12,701,023 International Assistance Programs: Agency for International Development, Operating Expenses of the Agency for International Development................................... 10,200,000 Overseas Private Investment Corporation: Overseas Private Investment Corporation Noncredit Account......................... 840,000 Overseas Private Investment Corporation Program Account........................... 1,260,000 African Development Foundation, African Development Foundation........................ 137,000 Small Business Administration: Salaries and Expenses 890,485 District of Columbia: District of Columbia Courts, Federal Payment to the District of Columbia Courts............... 2,248,660 National Archives and Records Administration: Operating Expenses................................ 6,662,000 Office of Special Counsel: Salaries and Expenses.... 100,000 Railroad Retirement Board: Federal Payment to the Railroad Retirement Accounts...................... 340,000 Smithsonian Institution: Salaries and Expenses...... 4,700,000 The funds made available will enable these agencies to address the Y2K problem by supporting additional remediation for information technology systems, testing to ensure that systems are indeed Y2K compliant, replacement of embedded computer chips, creation and verification of continuity of operations and contingency plans, and outreach to non-Federal entities by agencies in support of the Year 2000 Conversion Council. ALLOCATION OF FISCAL YEAR 1999 Y2K FUNDING [Budget authority, in thousands of dollars] ---------------------------------------------------------------------------------------------------------------- Financed From Estimated ------------------------------------------ Agency/Bureau/Account Agency Fiscal Year 11/06/98 12/07/98 Requirement 1999 Emergency Emergency Appropriation Release Release ---------------------------------------------------------------------------------------------------------------- DEPARTMENT OF AGRICULTURE: \1\ Agency-wide funding................................ [71,883] [43,152] ............ [28,731] Farm and Foreign Agricultural Services............. 7,304 5,719 ............ 1,585 Food, Nutrition, and Consumer Services............. 2,550 1,800 ............ 750 Food Safety........................................ 6,488 4,110 ............ 2,378 Marketing and Regulatory Programs.................. 11,004 10,804 ............ 200 Natural Resources and Environment.................. 13,624 9,717 ............ 3,907 Research, Education, and Economics................. 4,301 2,413 ............ 1,888 Rural Development.................................. 9,890 1,390 ............ 8,500 Administration..................................... 16,722 7,199 ............ 9,523 -------------------------------------------------------- Total, Agriculture............................... 71,883 43,152 ............ 28,731 ======================================================== DEPARTMENT OF COMMERCE: General Administration/Salaries and Expenses....... 5,350 ............. ............ 5,350 Economic Development Administration/Salaries and 694 ............. ............ 694 Expenses.......................................... Bureau of the Census: Salaries and Expenses.......................... 10,000 ............. ............ 10,000 Periodic Censuses and Programs................. 10,900 ............. ............ 10,900 Economic and Statistical Analysis/Salaries and 105 105 ............ ............ Expenses.......................................... Export Administration/Operations and Administration 360 30 ............ 330 National Oceanic and Atmospheric Administration/ 1,994 1,994 ............ ............ Operations, Research, and Facilities.............. Patent and Trademark Office/Salaries and Expenses.. 2,877 2,877 ............ ............ National Technical Information Service/NTIS 1,250 250 ............ 1,000 Revolving Fund.................................... National Institute of Standards and Technology: Scientific and Technical Research and Serv- 1,200 1,200 ............ ............ ices.......................................... Industrial Technology Services................. 21,000 ............. ............ 21,000 National Telecommunications and Information 20 20 ............ ............ Administration/Salaries and Expenses.............. -------------------------------------------------------- Total, Commerce................................ 55,750 6,476 ............ 49,274 ======================================================== DEPARTMENT OF EDUCATION: Office of Postsecondary Education: Federal Direct Student Loan Program, Program 531 ............. ............ 531 Account....................................... Federal Family Education Loan Program Ac- 1,950 1,156 ............ 794 count......................................... Departmental Management/Program Administration..... 4,399 1,878 1,561 960 -------------------------------------------------------- Total, Education................................. 6,880 3,034 1,561 2,285 ======================================================== DEPARTMENT OF ENERGY: \2\ Atomic Energy Defense Activities: Weapons Activities............................. 15,066 15,066 ............ ............ Defense Environmental Restoration and Waste 26,631 16,291 10,340 ............ Management.................................... Defense Facilities Closure Projects............ 9,514 6,014 3,500 ............ Defense Nuclear Waste Disposal................. 1,306 1,306 ............ ............ Other Defense Activities....................... 853 853 ............ ............ Energy Programs: Science........................................ 566 566 ............ ............ Energy Supply.................................. 1,201 1,201 ............ ............ Fossil Energy Research and Development......... 94 94 ............ ............ Energy Information Administration.............. 596 596 ............ ............ Nuclear Waste Disposal Fund.................... 67 67 ............ ............ Power Marketing Administrations: Construction, Rehabilitation, Operation and 73 73 ............ ............ Maintenance, Western Area Power Administration Bonneville Power Administration Fund............... 550 550 ............ ............ Departmental Administration/Departmental 11,623 1,623 10,000 ............ Administration.................................... -------------------------------------------------------- Total, Energy.................................. 68,140 44,300 23,840 ............ ======================================================== DEPARTMENT OF HEALTH AND HUMAN SERVICES: \3\ Departmental Management/Public Health and Social [285,300] [96,247] [189,053] ............ Services Emergency Fund (75-1040)................. FDA................................................ 13,328 2,215 11,113 ............ HRSA............................................... 10,000 ............. 10,000 ............ IHS................................................ 25,700 2,300 23,400 ............ CDC................................................ 6,800 1,900 4,900 ............ NIH................................................ 10,825 4,832 5,993 ............ SAMSHA............................................. 100 ............. 100 ............ AHCPR.............................................. 420 ............. 420 ............ HCFA............................................... 194,200 82,500 111,700 ............ ACF................................................ 6,225 1,500 4,725 ............ AoA................................................ 600 ............. 600 ............ OS................................................. 2,719 ............. 2,719 ............ OIG................................................ 5,400 ............. 5,400 ............ PSC................................................ 8,983 1,000 7,983 ............ -------------------------------------------------------- Total, Health and Human Services................. 285,300 96,247 189,053 ............ ======================================================== DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT: Federal Housing Administration/FHA--Mutual Mortgage 5,000 5,000 ............ ............ Insurance Program Account......................... Management and Administration/Salaries and Expenses 18,200 6,000 ............ 12,200 -------------------------------------------------------- Total, Housing and Urban and Development....... 23,200 11,000 ............ 12,200 ======================================================== DEPARTMENT OF THE INTERIOR: \4\ Departmental Management/Working Capital Fund....... [57,776] [7,175] [32,900] [17,701] BLM................................................ 5,146 250 4,896 ............ MMS................................................ ............ ............. ............ ............ OSM................................................ 413 413 ............ ............ Bur Rec............................................ 3,907 2,975 444 488 USGS............................................... 14,447 110 8,439 5,898 FWS................................................ 1,192 700 ............ 492 NPS................................................ 13,612 ............. 8,720 4,892 BIA................................................ 12,526 2,500 8,526 1,500 Department-wide systems/Office of the Secretary.... 3,622 227 1,875 1,520 OIA................................................ 2,350 ............. ............ 2,350 Office of the Solicitor............................ 561 ............. ............ 561 -------------------------------------------------------- Total, Interior.................................. 57,776 7,175 32,900 17,701 ======================================================== DEPARTMENT OF JUSTICE: General Administration: Salaries and Expenses.......................... 120 ............. 120 ............ Office of Inspector General.................... 2,835 ............. 2,835 ............ United States Parole Commission/Salaries and 20 ............. 20 ............ Expenses.......................................... Legal Activities and U.S. Marshals: Salaries and Expenses General Legal Activities. 6,389 ............. 6,389 ............ Salaries and Expenses, Antitrust Division...... 8 ............. 8 ............ Salaries and Expenses, United States Attor- 427 ............. 427 ............ neys.......................................... Salaries and Expenses, United States Marshals 700 ............. 700 ............ Service....................................... United States Trustee System Fund.............. 1,003 ............. 1,003 ............ Federal Bureau of Investigation/Salaries and Ex- 10,293 ............. 10,293 ............ penses............................................ Drug Enforcement Administration/Salaries and 1,967 ............. 1,967 ............ Expenses.......................................... Immigration and Naturalization Service/Salaries and 9,268 ............. 9,268 ............ Expenses.......................................... Federal Prison System/Salaries and Expenses........ 200 ............. 200 ............ -------------------------------------------------------- Total, Justice................................... 33,230 ............. 33,230 ............ ======================================================== DEPARTMENT OF LABOR: Employment and Training Administration: Training and Employment Services............... 2,095 500 791 804 Program Administration......................... 3,293 1,721 1,572 ............ Employment Standards Administration/Salaries and 4,405 4,405 ............ ............ Expenses.......................................... Occupational Safety and Health Administration/ 1,130 1,130 ............ ............ Salaries and Expenses............................. Mine Safety and Health Administration/Salaries and 4,634 575 1,800 2,259 Expenses.......................................... Bureau of Labor Statistics/Salaries and Expenses... 137 137 ............ ............ Departmental Management: Salaries and Expenses.......................... 4,657 400 3,087 1,170 Office of the Inspector General................ 1,469 469 ............ 1,000 Assistant Secretary for Veterans Employment and 173 173 ............ ............ Training.......................................... -------------------------------------------------------- Total, Labor................................... 21,993 9,510 7,250 5,233 ======================================================== DEPARTMENT OF STATE: Administration of Foreign Affairs/ 57,890 ............. 47,890 10,000 Capital Investment Fund............................... ======================================================== DEPARTMENT OF TRANSPORTATION: Office of the Secretary/Salaries and Expenses...... 8,475 1,421 ............ 7,054 Coast Guard/Operating Expenses..................... 23,505 3,000 ............ 20,505 Federal Aviation Administration: Operations..................................... 9,699 ............. ............ 9,699 Facilities and Equipment....................... 131,612 45,000 ............ 86,612 [Host replacement]............................. [72,000] [20,000] ............ [52,000] [Other F&E request]............................ [59,612] [25,000] ............ [34,612] Research, Engineering, and Development......... 147 ............. ............ 147 Federal Transit Administration/Administrative Ex- 1,900 1,900 ............ ............ penses............................................ Research and Special Programs Administration: Research and Special Programs.................. 182 ............. ............ 182 Pipeline Safety................................ 150 ............. ............ 150 Maritime Administration/Operations and Training.... 700 170 ............ 530 Other Administrations.............................. 1,264 1,264 ............ ............ -------------------------------------------------------- Total, Transportation............................ 177,634 52,755 ............ 124,879 ======================================================== DEPARTMENT OF THE TREASURY: Departmental Offices: Salaries and Expenses.......................... 1,238 ............. 1,238 ............ Automation Enhancement......................... 40,165 ............. 2,762 37,403 Financial Management Service/Salaries and Ex- 6,000 ............. 6,000 ............ penses............................................ Bureau of Alcohol, Tobacco, and Firearms/Salaries 7,665 ............. 5,000 2,665 and Expenses...................................... United States Customs Service/Salaries and Ex- 10,200 ............. 10,200 ............ penses............................................ Bureau of the Public Debt/Administering the Public 1,000 ............. 1,000 ............ Debt.............................................. Internal Revenue Service/Information Systems....... 483,000 ............. 483,000 ............ United States Secret Service/Salaries and Expenses. 3,000 ............. 3,000 ............ -------------------------------------------------------- Total, Treasury.................................. 552,268 ............. 512,200 40,068 ======================================================== OTHER DEFENSE--CIVIL PROGRAMS: Selective Service System 564 314 250 ............ ======================================================== EXECUTIVE OFFICE OF THE PRESIDENT: Office of Administration........................... 12,200 ............. 12,200 ............ Office of Management and Budget.................... 1,600 1,600 ............ ............ Office of the United States Trade Representative... 498 ............. 498 ............ -------------------------------------------------------- Total, Executive Office of the President......... 14,298 1,600 12,698 ............ ======================================================== FEDERAL EMERGENCY MANAGEMENT AGENCY: Salaries and Expenses.............................. 4,541 900 ............ 3,641 Emergency Management Planning and Assistance....... 3,711 ............. ............ 3,711 -------------------------------------------------------- Total, FEMA...................................... 8,252 900 ............ 7,352 ======================================================== GENERAL SERVICES ADMINISTRATION: \5\ General Activities/ 24,012 6,511 4,800 12,701 Policy and Operations................................. ======================================================== INTERNATIONAL ASSISTANCE PROGRAMS: Agency for International Development/Operating 23,900 13,700 ............ 10,200 Expenses of the Agency for International Develop- ment.............................................. Overseas Private Investment Corporation: Overseas Private Investment Corporation 840 ............. ............ 840 Noncredit Account............................. Overseas Private Investment Corporation Program 1,260 ............. ............ 1,260 Account....................................... African Development Foundation/African Development 189 51 ............ 137 Foundation........................................ -------------------------------------------------------- Total, International Assistance Programs....... 26,189 13,751 ............ 12,437 ======================================================== SMALL BUSINESS ADMINISTRATION: Salaries and Expenses... 2,816 1,926 ............ 890 ======================================================== CORPORATION FOR NATIONAL AND COMMUNITY SERVICE: 800 ............. 800 ............ Domestic Volunteer Service Programs, Operating Expenses.............................................. DISTRICT OF COLUMBIA: District of Columbia Courts/ 2,249 ............. ............ 2,249 Federal Payment to the District of Columbia Courts.... FEDERAL COMMUNICATIONS COMMISSION: Salaries and 8,516 ............. 8,516 ............ Expenses.............................................. FEDERAL TRADE COMMISSION: Salaries and Expenses........ 550 ............. 550 ............ NATIONAL ARCHIVES AND RECORDS ADMINISTRATION: Operating 6,662 ............. ............ 6,662 Expenses.............................................. OFFICE OF SPECIAL COUNSEL: Salaries and Expenses....... 100 ............. ............ 100 RAILROAD RETIREMENT BOARD: Federal Payment to the 6,041 5,701 ............ 340 Railroad Retirement Accounts.......................... SECURITIES AND EXCHANGE COMMISSION: Salaries and 7,400 ............. 7,400 ............ Expenses.............................................. SMITHSONIAN INSTITUTION: Salaries and Expenses......... 4,700 ............. ............ 4,700 UNITED STATES HOLOCAUST MEMORIAL COUNCIL: Holocaust 680 ............. 680 ............ Memorial Council...................................... UNITED STATES INFORMATION AGENCY: Technology Fund...... 7,062 ............. 7,062 ............ ======================================================== TOTAL, EMERGENCY RELEASES........................ ............ ............. 890,680 337,802 ---------------------------------------------------------------------------------------------------------------- \1\ Emergency funds will be transferred to the Office of the Chief Information Officer. Detail illustrates allocation by mission area (additional detail is included in agency plan). \2\ Certain Bureau-level requirements will be addressed with centrally-administered funding ($10 million in Departmental Management). \3\ All emergency funding will be transferred to the Public Health and Social Services Emergency Fund. OPDIV detail illustrates HHS distribution. \4\ All emergency funding will be transferred to the Working Capital Fund Bureau detail illustrates Interior's reported distribution. \5\ Amount financed from fiscal year 1999 appropriations is for internal systems conversion and represents agency total. ______ 7th Quarterly Report--Progress on Year 2000 Conversion u.s. office of management and budget data as of november 15, 1998 issued december 8, 1998 Executive Summary The Administration is committed to ensuring that Federal agencies meet the challenges posed by the year 2000 (``Y2K'') computer problem so that critical government services will not be disrupted. The Office of Management and Budget (OMB), in close cooperation with John Koskinen, Assistant to the President and Chair of the President's Council on Year 2000 Conversion, continues to work closely with individual agencies to ensure that they will be ready for the year 2000. Since August, most agencies have made significant progress in their Y2K efforts. Some agencies remain behind the government-wide goals. As of November 15, 1998: --Of 6,696 mission critical systems identified by agencies, 61 percent are now Y2K compliant, compared to 50 percent in August. These compliant systems include systems that have been repaired or replaced, and those that were already compliant. OMB has established a governmentwide goal of March 1999 for reaching 100 percent compliance. --Of the remaining 39 percent, 30 percent are still being repaired, seven percent are still being replaced, and three percent will be retired (totals differ due to rounding). --Of those systems that have been or will be repaired, 90 percent have completed renovation, an increase from 71 percent in August. Sixty percent have now completed validation, while implementation is now 52 percent complete. --There are now six Tier 1 agencies (not making adequate progress), down from seven in August; seven Tier 2 agencies (making progress, but with concerns), down from eight; and 11 Tier 3 agencies (making satisfactory progress), up from nine. The Department of Education moved from Tier 1 to Tier 2; the Departments of Housing and Urban Development and of Interior moved from Tier 2 to Tier 3. --Agencies estimate they will spend $6.4 billion fixing the problem from fiscal year 1996 through fiscal year 2000, an increase from the August 1998 estimate of $5.4 billion. This increase is not unexpected, and the President's fiscal year 1999 budget included an allowance to address emerging requirements. --Agencies are developing contingency plans for systems that are not expected to be ready by March 1999, and continuity of business plans to ensure that vital public services will continue. Agencies have made progress on assuring that data exchanges with other systems, particularly systems operated by the States, will occur without problems. Although most agencies are progressing well, and some have improved sufficiently to be moved to a higher Tier ranking, several agencies are still behind the government-wide goals. These agencies must intensify their efforts, particularly in the areas of validation, contingency planning, and continuity of business planning. In October, legislation was enacted to provide for emergency funding for agency year 2000 fixes. The Omnibus Consolidated and Emergency Supplemental Appropriations Act included a provision for emergency funding for unexpected Y2K conversion activities, consisting of $1.1 billion for defense-related activities and $2.25 billion for non-defense activities. This action will help ensure that agencies have sufficient resources to make a smooth transition to and beyond 2000. In addition to the emergency fund, OMB continues to ensure adequate funding and resources through the regular budget process. Throughout the budget process for fiscal year 2000, OMB has been working closely with agencies to ensure that adequate funding and management resources will be available. Progress on Year 2000 Conversion Report of the U.S. Office of Management and Budget as of November 15, 1998 i. introduction This report is the seventh is a series of quarterly reports to Congress on the Administration's progress in fixing the year 2000 (``Y2K'') computer problem in Federal systems. This report builds on previous reports by including more information on the Federal government's work with State governments to ensure that Federal/State data exchanges are ready and that Federally supported, State run programs will provide uninterrupted public health and safety services. This report also provides more information on the efforts that Federal agencies are undertaking on contingency planning, continuity of business planning, and independent verification and validation of their systems. In summary, the report constitutes the Federal government's plan to achieve year 2000 compliance of Federal systems. This report summarizes data received on November 15, 1998, from the 24 agencies that make up the Federal Chief Information Officers' (CIO) Council and from nine small and independent agencies.\1\ The 24 agencies are ranked into Tier 1 (insufficient evidence of adequate progress), Tier 2 (progress, but concerns), or Tier 3 (satisfactory progress). It also describes the status of a number of government-wide activities underway, including the areas of telecommunications, buildings, and biomedical devices and equipment. --------------------------------------------------------------------------- \1\ Except where noted, the summary data provided in this report refer solely to the 24 agencies. --------------------------------------------------------------------------- This report and all previous reports are available on OMB's web site [http://www.whitehouse.gov/WH/EOP/omb/], on the web site for the President's Council on Year 2000 Conversion [http://www.y2k.gov], or the CIO Council's web site [http://cio.gov].\2\ --------------------------------------------------------------------------- \2\ A list of key Federal year 2000 web sites may be found in Appendix B. --------------------------------------------------------------------------- OMB's initial report on the Y2K problem, entitled ``Getting Federal Computers Ready for the Year 2000,'' was transmitted to Congress on February 6, 1997. The report outlined the Federal Government's strategy to address the Y2K problem in Federal systems; that strategy remains predicated on agency accountability. In cooperation with the President's Council on Year 2000 Conversion, the agencies are now being held accountable at the highest of levels. The Federal government's approach to fixing the problem follows the five phases of awareness, assessment, renovation, validation, and implementation. Working with the CIO Council, OMB set government-wide milestones for the completion of each phase. Agencies then established plans for each phase. The five phases overlap; for example, validation of some systems continues, while some systems are being implemented, and yet others may still be undergoing renovation. The Administration continues to direct high level attention to this issue within and beyond the Federal government to ensure readiness for the year 2000. Within the Federal government, the additional focus on the year 2000 problem through the budget process has allowed agencies to take a close look at their resources and needs and has focused management attention on the issue. The year 2000 emergency fund has also raised the profile of this issue, while helping to ensure that agencies will be ready on time. John Koskinen, Assistant to the President and Chair of the President's Council on Year 2000 Conversion, along with OMB, continues to participate in monthly meetings with senior management of Tier 1 agencies, while agencies in Tiers 1 and 2 continue to submit monthly reports to OMB on their progress toward their milestones. ii. summary of government-wide progress Summary of Systems Progress Most agencies are on target to meet the government-wide milestones of completion of renovation by September 1998, validation by January 1999, and implementation by March 1999. Notably, SBA has completed its work, while SSA is ahead of schedule and will be finished shortly. (See Appendix A, Table 1.) There are now six Tier 1 agencies, down from seven in August; seven Tier 2 agencies, down from eight; and 11 Tier 3 agencies, up from nine. Senior Federal managers continue to reevaluate which systems are critical to their organizations' missions and to set their priorities accordingly. Agencies now identify 6,696 mission critical systems, a reduction from the 7,343 mission critical systems identified in the August report. Changes at this time are usually the result of recategorizing and reprioritizing of systems. (See Appendix A, Table 2.) Of the 6,696 mission critical systems, 61 percent are now Y2K compliant, compared to 50 percent from August. These compliant systems include systems that have been repaired or replaced, and those that were already compliant. (See Table 1, below, and Appendix A, Table 2.) Of the remaining 39 percent, 30 percent are still being repaired, seven percent are still being replaced, and three percent will be retired (totals differ due to rounding). The increase in systems being retired reflects new decisions by managers to retire some systems that were to have been repaired. (See Appendix A, Table 2.) Of those systems that have been or will be repaired, 90 percent have completed renovation, an increase from 71 percent from August. Sixty percent have now completed validation, while implementation is now 52 percent complete. (See Appendix A, Table 3.) Senior management at all large agencies are relying on independent verification of the validation process and other internal performance measures to ensure that their systems will be ready on time. All agencies have begun work on continuity of business plans. Most agencies have focused their plans on core business functions to ensure that vital public services continue. Developing solid continuity of business plans, and contingency plans for systems that will miss the March 1999 goal, will be a top priority in the coming months. Cost Summary Agencies now estimate they will spend $6.4 billion fixing the problem from fiscal year 1996 through fiscal year 2000, an increase from $5.4 billion from August 1998.\3\ (See Appendix A, Table 4.) This increase is not unexpected, and the President's fiscal year 1999 budget included an allowance to address emerging requirements. --------------------------------------------------------------------------- \3\ These estimates include the costs of identifying necessary changes, evaluating the cost effectiveness of making those changes (fix or scrap decisions), making changes, testing systems, and preparing contingencies for failure recovery. They include the costs for fixing both mission critical and non-mission critical systems, as well non- information technology products and systems such as air conditioning and heating. They include outreach activities to non-federal entities. They do not include the costs of upgrades or replacements that would otherwise occur as part of the normal systems life cycle. They also do not include the Federal share of the costs for state information systems that support Federal programs. --------------------------------------------------------------------------- Most of these cost increases are attributable to refinement of estimates as agencies move through the validation phase and find that some systems need to be reworked, obtain more information about the costs of fixing the embedded chip problem, and develop continuity of business plans. Other increases reflect decisions to repair legacy systems in case those systems are not replaced on time. To the extent that agencies encounter additional requirements, these estimates will continue to rise. The three largest cost increases are: Defense, up $591 million to cover increased independent verification and end-to-end testing; HHS, up $165 million to cover potential contingencies in fiscal year 2000; and Treasury, up $53 million to cover increased testing and validation. Summary of Other Progress The Federal government is continuing to work closely with State governments to ensure that data exchanges between the two are compliant, and that Federally supported programs that are run by the States will be able to provide vital public services. For most agencies, embedded chips are used primarily within their buildings' systems; at this time, good progress has been made, and GSA is confident that this area is under control. A small number of agencies use embedded chips in specialized areas, such as scientific equipment; these agencies are working hard to fix these systems as well, but much work remains. Most agencies report that they have completed their assessments of non-mission critical systems and are making progress on remediation. By definition, such systems are less critical to the functioning of the agencies, but many are still important. All of the agencies report active programs to fix these systems, albeit as a lower priority. TABLE 1.--GOVERNMENT-WIDE SUMMARY--YEAR 2000 STATUS--MISSION-CRITICAL SYSTEMS [In percent] ---------------------------------------------------------------------------------------------------------------- Systems Being Repaired All Systems ------------------------------------------------------- Agency Status Y2K Compliant Assessment Renovation Validation Implementation \4\ Complete Complete \5\ Complete \6\ Complete \7\ ---------------------------------------------------------------------------------------------------------------- Tier Three (DOI, VA, EPA, FEMA, GSA, HUD, 84 100 99 90 82 NASA, NRC, NSF, SBA, SSA)............... Tier Two (USDA, DOC, Education, DOL, DOJ, 67 100 91 70 63 Treasury, OPM).......................... Tier One (DOD, DOE, HHS, State, DOT, AID) 51 100 87 43 34 All Agencies............................. 61 100 9 60 52 ---------------------------------------------------------------------------------------------------------------- \4\ Percentage of all mission-critical systems that will accurately process data through the century change; these systems have been tested and are operational and includes those systems that have been repaired and replaced, as well as those that were found to be already compliant. \5\ Percentage of mission-critical systems that have been or are being repaired; ``Renovation complete'' means that necessary changes to a system's databases and/or software have been made. \6\ Percentage of mission-critical systems that have been or are being repaired; ``Validation complete'' means that testing of performance, functionality, and integration of converted or replaced platforms, applications, databases, utilities, and interfaces within an operational environment has occurred. \7\ Percentage of mission-critical systems that are being or have been repaired; ``Implementation Complete'' means that the system has been tested for compliance and has been integrated into the system environment where the agency performs its routine information processing activities. For more information on definitions, see GAO/AIMD-10.1.14, ``Year 2000 Computing Crisis: An Assessment Guide,'' September 1997, available at http:// cio.gov under Year 2000 Documents. iii. government-wide issues Validation and Verification Efforts Government-wide, 60 percent of mission critical systems have been validated. Validation involves multiple phases of testing, including a combination of testing of individual components (unit testing), testing of entire systems (integration or systems testing), and in some cases, testing of a string of systems of interdependent systems (end-to-end testing). This incremental approach allows agencies to efficiently locate any problems and fix them. It also ensures that the implementation phase will be as smooth as possible. All agencies are required to independently verify the validation process. Senior management at all large agencies are now relying on independent verification to provide a double-check that their mission- critical systems will, in fact, be ready. All large agencies are relying on a combination of their Inspectors General and contractors to verify the results of agency testing and other measures of progress. Now that the government-wide level of validation of mission-critical systems has reached 60 percent, verification efforts are particularly important. Some agencies have discovered that some systems, which were considered compliant, were not. As a result, these non-compliant systems will be or have been fixed, and management is afforded a higher degree of confidence that the agency will achieve compliance on time. Continuity of Business Planning and Contingency Planning \8\ --------------------------------------------------------------------------- \8\ See GAO report, a shared effort with the Year 2000 Committee of the CIO Council, ``Year 2000 Computing Crisis: Business Continuity and Contingency Planning.'' July, 1998; GAO/AIMD-10.1.19. In addition, model Business Continuity and Contingency Plans, including that of the Social Security Administration, were shared with other agencies as models. --------------------------------------------------------------------------- All agencies, regardless of progress, are required to develop continuity of business plans. Such plans should describe risk mitigation strategies and work-around alternatives to ensure the continuity of the agency's core business functions. Such functions rely not only on the agency's internal systems, but also on services outside of the agency's control, such as the ability of suppliers to provide products, services, or data, or the loss of critical infrastructure. For this report, all agencies described their progress on developing continuity of business plans. Most agencies are basing their plans on certain core business functions that the agency believes are essential to ensuring that the agency is able to perform its mission. Agencies are using a variety of approaches, including ensuring that back-up resources are available, determining if paper processes will work, and making sure that regional offices can operate independent of headquarters, if necessary. Contingency plans, described below, are a subset of continuity of business plans. Contingency plans are required for those systems that have been behind the agency's internal schedule for two months or more over two reporting periods or that won't meet the March 1999 goal. (See Appendix C.) During this quarter, few agencies reported slippage from their internal schedules. On the other hand, more agencies reported increasing numbers of systems that would not meet the March 1999 goal. (See Appendix C.) Although some agencies have contingency plans, many did not mention this subject in their report. Notably, Defense listed a large number of systems, and while many had contingency plans, Defense did not indicate that contingency plans were in place for all of them. While Justice has forwarded more than 140 contingency plans to an independent validation and verification contractor for review, it indicated that, to date, the contractor had reviewed only five plans of the 11 systems behind schedule. Despite uneven progress, agencies are now focusing their efforts on developing solid contingency plans and continuity of business plans. As the President's Council on Year 2000 Conversion develops a national risk assessment, agencies will have better information on internal and external risks and how best to prepare for them. For the next report, OMB plans to require more information on continuity of business plans and contingency plans, including a description of plans so far, completion dates for plans, and a description of how the continuity plan will be tested. Costs and Funding Agencies now estimate they will spend $6.4 billion fixing the problem from fiscal year 1996 through fiscal year 2000, an increase from $5.4 billion from August. (See Appendix A, Table 4.) Most of these cost increases are attributable to refinement of estimates as agencies move through the validation phase and decide to increase testing and independent verification activities, find that some systems need to be reworked, obtain more information about the costs of fixing the embedded chip problem, and develop continuity of business plans. Other increases reflect decisions to repair legacy systems in case those systems are not replaced on time. To the extent that agencies encounter additional requirements, these estimates will continue to rise. These increases were not unexpected. The President's fiscal year 1999 budget requested approximately $1.1 billion in appropriations for Y2K. It also included an allowance of $3.25 billion to cover emerging and potential costs for Bosnia, natural disasters, and Y2K. This spring and summer, the Administration worked with the Congress on a contingent emergency funding proposal specifically for unforeseen Y2K requirements. In August OMB asked agencies for their current estimates of Y2K expenses, distinguishing between requirements included in the President's budget and unforeseen requirements. In September, the Administration requested a supplemental appropriation of $3.25 billion in contingent emergency funding for Y2K conversion, consistent with Senate action to that point. The Omnibus Consolidated and Emergency Supplemental Appropriations Act for Fiscal Year 1999 includes contingent emergency funding for Y2K computer conversion activities: $1.1 billion for defense-related activities and $2.25 billion for non-defense activities. In order to determine how to best to allocate available base and emergency funding, OMB evaluated agency requirements. OMB also worked with the agencies to identify activities that had already been included in the President's fiscal year 1999 Budget, but that Congress directed be funded from the contingent emergency reserve. These redirected requirements total approximately $590 million, of which: $30 million was allocated on October 23, 1998, (for the Legislative and Judiciary branches); $464 million was allocated on November 6, 1998; and, $94 million is being allocated concurrent with the transmittal of this report. Additionally, OMB has approved approximately $676 million of new funding for Y2K requirements that was not included within agencies' fiscal year 1998 appropriated levels. Of this, $427 million was allocated on November 6, 1998, and $244 million is being allocated concurrent with the transmittal of this report. In total, $891 million was allocated on November 6, 1998, and $338 million is being allocated concurrent with the transmittal of this report. All amounts allocated to date are for non-defense activities. Additional transfers from the contingent emergency reserve will be made in the future to ensure that all agencies have sufficient resources to achieve Y2K compliance. OMB has also notified agencies that, as they identify unforeseen funding requirements, they should forward these requirements to OMB for evaluation. The Department of Defense is reviewing its requirements for the defense contingent emergency fund. Government-wide Initiatives Telecommunications Systems GSA owns, manages, or resells consolidated telecommunications services to Federal agencies throughout the United States. Like the private sector, the Federal agencies are reliant upon commercial vendors and the information they supply to address the compliance of their telecommunications systems. In most cases, agencies must work with telecommunications vendors to receive system upgrades; a number of agencies, including GSA, continue to express frustration that some vendors are not more forthcoming with information about the compliance status of their products and services, have been slow to repair their systems, or are slow in the delivery of necessary product upgrades, often as a result of a shortage of technicians. In fact, many companies have indicated that their systems won't be fully compliant until June 1999, leaving many agencies concerned that they will not have adequate time to conduct thorough validation and end-to-end testing. The Telecommunications Subcommittee, chaired by GSA's Federal Technology Service (FTS), is working with industry to ensure that the telecommunications services and systems provided to the Federal Government are Y2K compliant. FTS has completed its inventory and assessment for all GSA Consolidated Systems, which provide local telecommunications services (including hardware, licensed proprietary software, and features such as voice mail) to Federal agencies nationwide. All Consolidated Systems will be compliant by March 1999. GSA also provides voice mail to agencies that purchase services from Consolidated Systems using 184 different systems. Although GSA considers voice mail a non-mission critical system, it does plan to upgrade 63 and replace one system so that all are compliant by the year 2000. With respect to service obtained from Local Exchange Carriers (LEC's), GSA has contacted LEC service providers for information on their Y2K status which it then provides to other Federal agency users. LEC's are dependent upon major network switch manufacturers for software upgrades to address the Y2K problem. Switch suppliers have committed to shipping these packages by the end of 1998 with LEC deployment to follow in the spring of 1999. Responses GSA has received to date indicate that most LEC's will complete equipment modifications and testing for Y2K compliance by mid-1999. GSA continues to request written responses from those LEC's that have not responded and believes the passage of the Year 2000 Information Disclosure Act will facilitate this process. The Act may also assist Federal agencies that buy services from LEC's directly to obtain Y2K compliance status for their affected office locations. Besides GSA, Federal agencies own and operate or are otherwise dependent upon a wide variety of telecommunications systems and components. Interagency special interest groups (SIG's) have been formed to assist agencies to collectively resolve the Y2K status of these items through collaborative testing of telecommunications equipment with industry. SIG's are formed by agencies that may rely on systems or equipment from one vendor. SIG's either conduct the tests themselves or work with the manufacturer to obtain test results which are then shared across the government. The SIG's are also taking a lead in addressing commonly acquired communications services such as wireless and internet access. Equipment testing by the SIG's began in December of 1997 and will continue throughout 1999. A web site, http:// y2k.fts.gsa.gov, lists the compliance status of commonly used telecommunications equipment and has links to some sixty Y2K industry sites. Agencies are responsible for accessing this information, determining what equipment they must upgrade, and making the appropriate repairs. The SIG's continue to provide a valuable forum to share information regarding repairing or replacing telecommunications components. The telecommunications industry, through associations such as the Alliance for Telecommunications Industry Solutions (ATIS) and the U.S. Telco Year 2000 Forum, has begun programs for interoperability testing between long distance providers and local service carriers. The Federal government is an active participant in these efforts. The testing is to be performed in early 1999 with the final reports expected to be publicly released in January and July 1999. In the Washington Metropolitan Area, Washington Interagency Telecommunications Systems (WITS) provides approximately 170,000 analog and digital lines supporting both data and voice applications to Federal agencies. The system was fixed in July 1998. Voice mail obtained from WITS is already Y2K compliant. FTS2000.--GSA, through its FTS2000 contracts, provides most of the Federal Government's long distance telecommunications services. GSA is thus responsible for ensuring that the two FTS2000 vendors (Sprint and AT&T) are Y2K compliant. GSA is conducting an ``FTS2001'' acquisition to replace the expiring FTS2000 contracts. The FTS2001 contracts require the winners to provide Y2K compliant services. Where possible, GSA and many agencies intend to transition to the FTS2001 contracts before the onset of the year 2000 to ensure compliance and a smooth transition. GSA expects to extend the current FTS2000 contracts to support those agencies that have not completed the transition to FTS2001 by January 1, 2000. Both FTS2000 vendors have made formal commitments that their systems will be Y2K compliant prior to the year 2000. GSA sent letters to both Sprint and AT&T to clarify these commitments. In their response, AT&T stated that they were on target to complete network element certification by year-end 1998 and to complete full testing of the network no later than June 30, 1999. Sprint expects to meet similar dates for its network but anticipates completion of repairs to several supporting and billing systems in June 1999. Sprint also identified some customer premise equipment that it provided to agencies under terms of the FTS2000 contract which may not be compliant. GSA is working with both vendors and agency customers to resolve this and other issues related to FTS2000 network compliance. International Telecommunications.--Within the United States, the International Direct Distance Dialing contract with AT&T that is managed by FTS has been certified compliant. Overseas, however, Federal agencies that have extensive foreign operations are increasingly concerned about the effect that the Y2K may have on their ability to communicate with offices located in foreign nations. Some locations may be totally dependent upon the telecommunications infrastructures of the host nations. The State Department has determined that more than 95 percent of the telephone equipment it operates overseas is compliant or can be operated in a manual mode. In addition, the State Department's Diplomatic Telecommunications Services Program Office (DTS-PO) continues to assess and upgrade its network and expects to complete its efforts in December of 1998. On the other hand, roughly five percent of the Department's telephone services are met by equipment that is operated by host nations. In many cases, links between State Department locations and other U.S. government offices overseas rely on host nation services. This reliance on foreign networks has led several agencies, including the Peace Corps and the Agency for International Development, to anticipate that operations in some countries, particularly in more remote locations, may be adversely affected by telecommunications problems. In these instances, international agencies are working together to develop contingency plans or to identify backup systems, such as satellites, to ensure communications are maintained. Their efforts have been somewhat complicated by the lack of information regarding the Y2K compliance status of alternative communications services, including new satellite-based mobile communications systems. Other Government-wide Telecommunications Services.--The equipment supplied by GSA under the Federal Wireless Telecommunications Service (FWTS) has been certified compliant by GTE. GSA-maintained, government- wide contracts for Wire and Cable Service; Electronic Commerce, Internet, and E-Mail Access; and Technical and Management Support all contain Y2K compliance clauses. All task orders for the Telecommunications Support Contract 2, which provides consulting and telecommunications services, include Y2K compliance clauses. Telecommunications Contingency Planning.--In September, GSA prepared and distributed a Telecommunications Contingency Plan for the Year 2000. The document describes plans and responsibilities for local service and long distance network providers--both GSA and commercial firms--leading up to January 1, 2000. It also outlines plans to restore service if failures occur. The contingency plan is a dynamic document that will be revised if contracts change, vendors modify their services, or testing identifies additional requirements. The Contingency Plan offers guidance on forming Business Resumption Teams that would take the lead in resolving service disruptions. Buildings Systems Many products or systems in buildings, such as those that control or interact with security systems, elevators, or heating and air conditioning systems, contain embedded chips. These chips can include a date function that helps run the system--for example, to time maintenance procedures or to regulate temperature. If this date function is not Y2K compliant, then the chip may not work. This problem is particularly complex, because chip manufacturers do not closely track how these chips are programmed and used. In addition, a manufacturer of equipment (such as a security system) is unlikely to know the compliance status of the particular chips used. It may also be difficult to accurately test the compliance of these chips in a working environment. Once non-compliant chips are identified, they must be replaced. In response, GSA has established a public web site (http:// globe.lmi.org/lmi--pbs/y2kproducts/) that provides Y2K information for building systems. There are now over 10,000 products listed on this site (up from 9,000 in the previous report), and fewer than four percent of all products are identified as non-compliant. Another web site has been established which allows personnel from Federal agencies to determine the Y2K compliance status of Federally owned and leased facilities. This site is for Federal government use only. The Year 2000 Buildings Subcommittee of the CIO Council, chaired by GSA's Public Buildings Service (PBS), continues to meet about every four to six weeks and exchange relevant information. Additionally, GSA continues to partner with the private sector on year 2000 building systems matters. Both the Building Owners and Managers Association and the International Facility Managers Association are polling their membership to gather information regarding the Y2K readiness of this sector. They will share this information with the Federal government to assist the President's Council on Year 2000 Conversion with its overall assessment of Y2K readiness in the public and private sectors. To ensure that buildings used by the Federal government are ready for the year 2000, the Building Systems Subcommittee is focusing on the charge to ensure that any equipment that contains embedded chips is Y2K compliant. The Committee is working with all Federal agencies, whether they work in GSA owned or managed space, whether it is space that is leased by GSA, or whether it is space that is owned or managed directly by the agencies. In space where GSA is the owner, PBS continues to thoroughly review inventory and coordinate with vendors and manufacturers of equipment that contains embedded chips. PBS is now finalizing its test plans, in coordination with vendors and regional personnel, and will soon begin testing. Additionally, a government-wide contingency plan for buildings is under development to prepare for unexpected system failures and utility outages. The Subcommittee is also working closely with the owners of buildings that are leased by GSA. For leased space, GSA sent letters requesting that lessors certify their spaces as Y2K compliant. About 40 have responded, and GSA has sent follow-up letters and surveys to ``high-risk'' leased locations. Finally, a year 2000 clause was developed for inclusion in all Solicitations For Offers. Biomedical and Laboratory Equipment As of November 17, 1998, the Biomedical Equipment Subcommittee had received responses from 70 percent of the 1,932 medical device and laboratory equipment manufacturers who make products containing electronic components. This highly improved response rate is the result of both Congressional attention to this issue, and the efforts of HHS (especially the FDA), the Department of Veterans Affairs, the Department of Defense, and the President's Council on Year 2000 Conversion. In addition, the enactment of the Administration's ``Year 2000 Information Disclosure Act'' \9\ has helped. The key agencies are following up with the non-respondents. --------------------------------------------------------------------------- \9\ The ``Year 2000 Information Disclosure Act,'' S. 2392, enacted into law on October 19, 1998, encourages companies to share information about possible solutions to year 2000 problems. The Act provides limited liability protections for companies that share information about their year 2000 risks and possible solutions. However, the law does not affect liability that may arise from year 2000 failures of systems or devices. --------------------------------------------------------------------------- In addition, the Working Group continues to expand the National Biomedical Clearinghouse, a database containing information on compliant equipment. The information has been provided by HHS and the Department of Veterans Affairs, based on their knowledge and experience in using the equipment. The Department of Defense will begin formal participation soon. This database is publicly available at http:// www.fda.gov/cdrh/yr2000/year2000.html. State Issues The Federal government sends and receives data from hundreds of different partners in support of thousands of different programs. Probably the single most important partnership is with the States. The data exchanges that enable Federal and State governments to communicate with each other must be fixed on both sides in order to work. Without functional data exchanges, important Federal and/or State programs won't work. In response, the Federal CIO Council, in cooperation with the National Association of State Information Resource Executives (NASIRE) first agreed at a summit in October of 1997 to make the issue of fixing data exchanges a top priority. The CIO Council and NASIRE also agreed to continue to meet and to resolve issues between Federal CIO's and State CIO's. Data Exchanges with States.--To assist in the coordination of data exchange activities between Federal agencies and the States, the CIO Council has developed the Federal/State Data Exchange Database, managed by GSA, which contains the status of exchanges from both the Federal and State perspectives. The Federal government has provided information to the database on all of its data exchanges with the States, including a point of contact and phone number and the status of the Federal government's work on the exchange. While many States are actively working on their side of the data exchanges and are making excellent progress, a number of States and territories are still not participating in the database, and accordingly, their progress is completely unknown. In particular, as of November 16, Alaska, Arkansas, West Virginia, the District of Columbia, Guam, and Puerto Rico have not provided any information about their data exchange activities. A number of others, including Alabama, Oklahoma, Rhode Island, Wisconsin, and Wyoming, have only recently begun providing information and are substantially behind. This is of concern not only because these data exchanges may not be ready in time, but also because this may be symptomatic of overall Y2K efforts within these States. According to the database, notwithstanding those States that are not participating in the database, overall progress on data exchanges is proceeding well. (All Federal agencies are participating, except for the FBI and the IRS, who are working directly with State partners to avoid security risks associated with the database.) To date, 62 percent of Federal/State data exchanges are fixed, successfully bridged, tested by both parties and/or are fully compliant. All data exchanges are to be fully implemented by March 1999. Critical Public Health and Safety Programs.--The CIO Council and NASIRE are also focusing on other issues of mutual importance. For example, the Federal government is working closely with State governments to ensure that not only will individual systems run, but that Federally supported programs that are run by the States will continue to provide vital public services. Such programs include Unemployment Insurance, Medicaid, and income maintenance programs such as child support and food stamps. Federal agencies will be specifically evaluating the impact of the year 2000 on their programs, and OMB will report on that in future reports to the Congress. Other Joint Initiatives.--Meanwhile, the CIO Council and NASIRE continue to meet regularly to discuss other issues. Progress on joint issues with those States that are participating continues. Recently, for example, at a meeting on October 18 in San Diego, participants agreed to work on the following issues: --Jointly ensure that the names of data exchanges are the same on both the Federal and State sides to improve tracking. --Jointly focus on the needs of State Unemployment Insurance programs and Medicaid. State Unemployment Insurance (UI) systems have a unique Y2K failure horizon date of January 4, 1999 \10\, while Medicaid is expected to encounter unique difficulties in completing its work. --------------------------------------------------------------------------- \10\ UI systems look forward one year to calculate a beneficiary's UI entitlement. Any State that has not implemented a new year 2000 compatible system will have a Benefit Year End (BYE) problem and will have to go to its contingency plan. The five ``high alert'' or ``at risk'' jurisdictions (the District of Columbia, Louisiana, New Mexico, Puerto Rico, and the Virgin Islands) are expected to have to implement their contingency plans, in most cases using a ``hard coding'' solution to override the system's calculation; that is, December 31, 1999, will be manually entered as the end date for beneficiary benefits calculations through 1999. While this is only a temporary solution, it gives those States additional months to remediate their systems. Four ``yellow caution'' States (Montana, Arkansas, Illinois, and Maine) expect to bring their new systems on line in December; if their schedules slip, they, too, will have to go to their BYE contingency plans. --------------------------------------------------------------------------- --Identify the critical public health and safety programs (such as unemployment insurance, Medicaid, food stamps, child support, job training, and housing), supported by data exchanges, that are administered through States, counties, and cities. --Jointly undertake the development of Business Continuity and Contingency Plans to ensure that these critical programs will continue to provide services to the public. Other Information Sharing Initiatives Year 2000 Information Directory.--The Government-wide Year 2000 Information Directory web site, managed and maintained by GSA on behalf of the CIO Council, has some new additions, including topics of interest for the average consumers. In addition, the site has been redesigned to enhance appearance and navigation. Also available at this site is a ``Year 2000 and You'' brochure developed for citizens. The web site address is: http://www.itpolicy.gsa.gov/mks/yr2000/ y2khome.htm. The brochure is also available from GSA's Consumer Information Center at 1-888-878-3256 in Pueblo, Colorado. The brochure will soon be available in Spanish. Database of Compliant COTS Products.--GSA also manages and maintains a database of compliant, COTS Products that are used by Federal agencies. This information is available to the public at http:/ /y2k.policyworks.gov. The database includes information from 756 vendors and 90 Federal agencies on 2364 products. Agencies are now beginning to provide information on the results of product testing they have undertaken. iv. agency specific progress Process of Agency Evaluation Nearly all agencies have made good progress in the last quarter. Even many of the agencies that are still behind have made good progress in the last quarter, appear to have engaged the proper level of management attention, and are working hard. Nevertheless, a number of agencies are still remain behind the government-wide goals, and, as a result, some of their systems may not be ready on time. For this reason, all agencies have been asked to heighten efforts on contingency planning and continuity of business planning. In evaluating agency progress, OMB used the following criteria: --Measurable improvement.--Has the agency completed the renovation phase? Is there measurable and adequate progress on validation, and implementation of computer systems, including data exchanges? Is there progress on addressing other systems, including buildings, telecommunications, and systems and products containing embedded chips? --Schedule for completion of best practices phases and overall prognosis.--Has the agency adopted a realistic schedule that is consistent with the government-wide goals? Has there been a change in the number of mission critical systems that are expected to miss the March 1999 implementation date? Does the agency have a strong management team and a credible strategy in place? --Risk management.--Is the agency preparing a workable continuity of business plan for its core business functions? Does the agency have a deadline for when plans must be complete? Does the agency have an effective validation and independent verification program in place? Is there adequate oversight of efforts to replace non-compliant systems? Are systems previously reported behind being brought back on schedule? Are agencies which have systems which are expected to miss the March 1999 goal working on contingency plans? --Dramatic changes in previously reported information or other indications of concern.--Have there been dramatic changes in cost, schedule, changes to the number of systems, or changes to the number of systems behind schedule? Are there any concerns with the availability of key personnel? Tier One Agencies Tier One comprises agencies where there is insufficient evidence of adequate progress. There are now six agencies in Tier One, as the Department of Education has moved into Tier Two. Department of Defense The Department of Defense continues to make progress in addressing its massive Y2K problem, albeit at a rate too slow to meet the March 1999 goal. The percentage of mission critical systems compliant has risen to 53 percent from 42 percent reported in August. The Department also reports that 86 percent of its mission-critical systems to be repaired have now completed renovation, an increase from 70 percent reported in August. Defense also reports that 36 percent of those systems have been tested and implemented, an increase from 27 percent reported last quarter. As a result, the Secretary and Deputy Secretary have taken a number of actions to accelerate the Department's progress toward Y2K compliance, including exercising direct personal leadership, requiring commanders and service chiefs to personally certify the Y2K status of each major information system, and withholding funding for non Y2K work on information systems unless and until Military Departments demonstrate Y2K progress. In addition, the Department is planning to conduct large-scale Y2K operational evaluations and functional tests in 1999. Finally, the Department is preparing operational plans to ensure that all critical functions will continue and that the effect of any Y2K related problems will be minimized. Department of Energy Compliance has increased from 40 percent to 50 percent in the last quarter, and progress has been made in the other phases. The Department, however, has not completed its renovation work, finishing renovation on 88 percent of its mission critical systems. Likewise, the Department has completed validation on only 53 percent of its mission critical systems. In addition, 11 mission critical systems are anticipated to miss the government-wide target of January 1999 for finishing the validation phase. The Department notes in this quarter's report that the ``steep slope of the planned completion schedule [for implementation of compliant systems] is a cause for concern within the Department.'' Work to identify new mission critical systems at its Government and contractor sites, and assessment of the Department's embedded chips and lab equipment continues. Although DOE has identified 420 systems as mission critical, up from 411 in last quarter's report, it has only begun to prioritize and allocate resources among those systems. The Department's independent Office of Oversight has recommended that DOE ``focus management attention on complex, critical systems that face moderate to significant risk.'' Data exchanges have improved. Intra-departmental data exchanges have improved in compliance from 63 percent to 68 percent, while the percentage of compliant data exchanges with other Federal agencies has also increased from 56 percent to 68 percent. Embedded systems remain a concern. An additional 29,000 embedded chip systems, including workstations, lab equipment, and other unspecified embedded chip devices, were identified since the last quarter's report. On the positive side, between 60 and 75 percent of the embedded chip systems are already Y2K compliant. The Department's CIO is conducting site compliance reviews in cooperation with the Office of the Inspector General and Office of Oversight. The compliance reviews have increased awareness of the severity of the problem and the need for high-level management attention. The Office of Oversight reviewed 52 mission critical systems in the past quarter and found that, in general, the Department is well positioned to complete the majority of its mission critical systems by the government-wide goal of March 1999. In addition, the Office of Oversight identified some problems that will require follow-up. These include: (1) testing continues to be a weakness; (2) DOE and contractor management have not consistently implemented effective quality assurance into Y2K efforts; and (3) DOE management at both headquarters and regional offices, as well as contractor line management, have not been actively involved in Y2K efforts and do not have a detailed understanding of the efforts at their respective sites. Department of Health and Human Services The Department's Health Care Financing Administration (HCFA) has made significant progress on renovating its internal and external systems. However, HCFA remains a serious concern due to the external system remediation schedule and high contingency cost estimates. Medicare contractors will have to make an intensive, sustained effort to complete validation and implementation of their mission critical systems by the government-wide goal of March 31, 1999. As of November 13, 1998, all 25 internal mission critical systems have been renovated, 36 percent have completed all three levels of testing, and 20 percent have been implemented. Medicare contractors, while making progress, are still behind the government-wide goals. Over 74 percent of external systems have been renovated, but none have completed testing or implementation. HCFA's independent verification and validation (IV&V) contractor estimates that 95 percent of external lines of code has been renovated, and the number of renovated systems should increase sharply in the next month. Virtually all critical systems at HHS will be subject to independent verification. In addition to using IV&V on HHS systems, HCFA is using an independent verification and validation contractor to assist in evaluating Y2K remediation efforts with the States. Data on State compliance remains inconsistent, and a recent GAO report (``Year 2000 Computing Crisis: Readiness of State Automated Systems to Support Federal Welfare Program'') clearly suggests that more work needs to be done. However, HCFA's ability to require state compliance is limited by law. All operating divisions are developing contingency plans in case some mission critical systems fail in 2000. Of particular importance are HCFA's plans. One major contingency HCFA must plan for is external system contractors who are permitted under contract to notify HCFA as late as June 1999 that they will leave the Medicare program before January 1, 2000. This would leave HCFA with only six months to transfer workload to another contractor with little margin for error to deal with unanticipated problems. Given HCFA's lack of competitive contracting flexibility, the Administration strongly urges Congress to pass contracting reform legislation, which was transmitted on May 19, 1998, as soon as possible to ensure that HCFA is able to contract with any qualified entity in the case of a claims processing system failure. Other HHS operating divisions have had mixed progress. Renovation has been completed for all operating divisions' mission critical systems except for the Centers for Disease Control (CDC), which had completed renovation on 9 of 15 systems; the Indian Health Service (IHS), which had not completed its sole system renovation; the National Institutes of Health (NIH), which had completed renovation on 6 of 10 systems; and SAMHSA, which had not completed its sole system renovation. The majority of biomedical equipment with embedded chips are in IHS, which is still continuing its assessment. The bulk of facilities requiring assessment are at NIH and IHS, and assessment on telecommunications and information technology infrastructure continues. Data exchanges remain a concern because of the large numbers. HHS has a total of 218,407 data exchange interfaces, with HCFA accounting for 99 percent of them, mostly with Medicare contractors. Currently, 78 percent of all HHS interfaces are compliant. With State entities, HHS reports a total of 1,121 data exchanges interfaces, an increase from 850 reported in the August Quarterly Report; 75 percent are compliant. Department of State The Department of State faces a significant challenge in managing its complex Y2K project while, at the same time, completely replacing information systems installed around the world. The Department continues to make progress in renovating and replacing its 59 mission critical systems. State has now completed renovation on two-thirds of its mission critical systems. Validation and implementation continue. The Department has obtained additional contractor support to address two key concerns: overall Y2K program management and technical ``strike force'' expertise to assist in problem areas. While momentum is increasing and results are improving, the Department remains behind government-wide goals for overall compliance as well as renovation. Concern is growing over delays in repairing or replacing systems and the implications this may have on the progress that the Department must make in order to meet the March 31, 1999 implementation goal. For example, slippage in renovating some of the Department's financial management systems continues to occur, although core financial management systems are now fully implemented. The Department must accelerate renovation and replacement if it is to meet the Department's own management goals. At the Department's current rate of progress, its ability to achieve Y2K compliance within the government-wide goals is in jeopardy. State has conducted a good assessment of a complex Y2K situation, particularly of its embedded systems, and is asserting a leadership role in providing Y2K support to U.S. operations overseas. State has made good progress in replacing and modernizing its worldwide, internal information and telecommunications infrastructure. This is particularly important, because State is the major provider of telecommunications services to U.S. government agencies operating overseas. Deployment of the ALMA (A Logical Modernization Approach) program is proceeding nearly on schedule and is critically important for posts to handle the Y2K transition. Department of Transportation The Department of Transportation's improved management oversight, combined with an accelerating rate at which the Federal Aviation Administration (FAA) is remediating air traffic control system components, is significantly mitigating risk. As of mid-November 1998, the Department-wide percentage of mission critical systems renovated stood at 95 percent, a significant improvement over the 64 percent reported in the previous quarter. However, with only 31 percent of its mission critical systems validated and 21 percent implemented, the Department continues to lag well behind the government-wide schedule. The FAA mirrors this improved trend with 99 percent of mission critical systems renovated, up from 59 percent in the last quarter. However, with 20 percent of its systems validated and 7 percent implemented, it remains significantly behind most agencies. To its credit, the FAA has paid serious attention to the Host computer system, which is the central operating system in each of the air traffic control centers, and to other critical air traffic control systems. It is proceeding with installation of new Host computers and has verified to a reasonable degree of certainty that the existing Host microcode is free of Y2K vulnerabilities which would affect the operational processing of flight and radar data. In addition, a date roll-back test was successfully demonstrated and serves as a contingency in the event that replacement efforts are delayed or that the Host system experiences unexpected Y2K problems. Notwithstanding this improvement, and given the number of systems which are not expected to be implemented until after March 1999, the FAA needs to continue to reevaluate its master schedule and make a concerted effort to accelerate its implementation schedule. The U.S. Coast Guard's continued careful management and operational attention to Y2K issues has also minimized risk, but its cost estimates have increased and two systems remain behind schedule. While still facing challenges, the Coast Guard continues to be well positioned to ensure continuity of its safety-related systems, although an increasing number of systems are falling behind schedule. The Department's other operating administrations seem to be on track to a smooth transition through and beyond the year 2000. U.S. Agency for International Development AID continues to make management improvements and has retained several contractors to assist project management including performing independent validation and verification of contractor deliverables. AID completed renovation of two additional systems and has begun the certification process. An expert systems and software management contractor provides project management assistance to AID and is performing assessments, renovations, validations, and implementation of other mission critical systems. Senior AID management has taken the lead in increasing agency-wide awareness of the Y2K problem. Renovation of AID's most important system is underway, including development of standard date/time processing functions and line-by-line assessment of the system. AID began its continuity of business planning process in August, identifying critical functions that must be supported and assessing the need for related contingency plans. The Agency has assumed a leadership role in performing year 2000 outreach and awareness training in the over 80 nations in which it operates, providing management assistance to host nations and other international aid organizations operating in these countries. The next months will be critical as AID faces many challenges in repairing the remaining four complex mission critical systems. Tier Two Agencies For agencies in Tier 2, OMB sees evidence of progress, but also has concerns. The seven agencies in Tier 2 are: the U.S. Department of Agriculture, the Department of Commerce, the Department of Education, the Department of Justice, the Department of Labor, the Department of the Treasury, and the Office of Personnel Management. Two agencies, Housing and Urban Development and Department of the Interior, were moved from Tier 2 to Tier 3. One agency, the Department of Education, moved to Tier 2 from Tier 1. A summary of progress and concerns for Tier 2 agencies appears below. TIER 2 AGENCIES--PROGRESS, BUT CONCERNS ------------------------------------------------------------------------ Agency Progress Concerns ------------------------------------------------------------------------ U.S. Department of Agriculture.. Management team Pace of work must active. Good increase if progress on government-wide business goals are to be continuity and met, particularly contingency with the Forest planning and Service. Many independent data exchanges validation and issues remain to verification. be worked out. Department of Commerce.......... Overall, making Lags behind progress. The new government-wide CIO is providing goals. Failed to leadership on the complete 100 year 2000 issue; percent of undertaking IV&V renovations by and contingency government-wide planning; PTO has goal (completed prepared a only 86 percent contingency plan of renovations). for the All 9 of NTIS Classified Search mission critical and Image systems remain to Retrieval System be renovated as which is not on of November's schedule for quarterly report. implementation PTO still has 3 prior to the systems to repair government-wide as of this goal of March quarter's report. 1999. NOAA has implemented an IV&V for mission- critical systems. Department of Education......... 95 percent of the The PELL system, Department's 175 which had slipped mission critical on its renovation and noncritical schedule by 5 systems are Y2K months in the compliant and August quarterly implemented. The report, is not Department has anticipated to completed complete renovation work renovation until on all but one December of 1998. mission critical The Department system by this has numerous data quarter's report. exchanges with The remaining state, local, and mission critical private sector system--PELL, entities which which operates may be at risk the Federal and will require grants program additional for higher oversight and end- education to-end testing. students--is 98 The Department percent completed recognizes this with renovation. potential risk The Department and has has been a leader instituted in outreach additional efforts to the oversight and nation's testing. elementary/ secondary schools and post secondary institutions on Y2K projects and readiness assessments. Department of Justice........... Justice made The Department significant and remains behind accelerated schedule and is progress on at risk of renovation and failing to meet implementation compliance goals. during this Only 54 percent quarter. of mission critical systems are now compliant and only 47 percent of the systems have been implemented. 11 systems are now identified as not meeting the March 1999 goal, up significantly from the three reported last quarter. Justice has addressed contingency planning for only 5 of those systems. Additionally, another 31 systems are 2 months behind the Department's internal milestones. Justice should take aggressive action to identify, remediate, and test remaining data exchanges. Department of Labor............. Good progress on A large and renovations for complex system, mission critical the Consumer systems. Price Index, will Renovation is not be completed completed for 27 with renovation of 28 systems until January with the last 1999. Five state system, the employment and Consumer Price security agencies Index, scheduled (SESA's) which for completing pay Unemployment renovation in Insurance January 1999. benefits are Renovation of the either on ``high CPI is currently alert'' or ``at 98 percent risk'' of not complete. completing the required Y2K conversions by January 1999. Four additional SESA's are receiving an increased level of oversight. The Department is ensuring through technical assistance and on- site monitoring that sound contingency plans will be operational for the seven SESA's at risk. Treasury........................ Strong project Rate of team in place. renovation, Good progress on validation, and embedded chip, implementation telecommunication must improve if s, contingency the Department planning, and and government- data exchange wide goals are to issues. be met for ATF. IRS should continue to focus on its implementation strategy that must take into account the tax processing season. Office of Personnel Management.. OPM continues to As of the end of have senior October, they management were only at 54 involvement and percent for is on target validation and according to implementation, their schedule which does meet and contingency their internal planning is schedule; underway. however, this is well behind government-wide goals. ------------------------------------------------------------------------ Tier Three Agencies There are now 11 agencies in Tier 3 (those making satisfactory progress), up from nine in the previous report. The Departments of Interior and of Housing and Urban Development were moved to Tier 3 from Tier 2. The other agencies in Tier 3 are the Social Security Administration, the Small Business Administration, the National Science Foundation, the Nuclear Regulatory Commission, the National Aeronautics and Space Administration, the General Services Administration, the Federal Emergency Management Agency, the Environmental Protection Agency, and the Department of Veterans Affairs. Status of Small and Independent Agencies For the May 15, 1998 report, OMB asked 41 small and independent agencies to report on their Y2K progress. While OMB is continuing to work with all small and independent agencies as appropriate, OMB has asked only 9 such agencies to report quarterly on their progress. Those agencies are: the Federal Communications Commission, the Federal Housing Finance Board, the National Archives and Records Administration, the National Labor Relations Board, the Office of Administration in the Executive Office of the President, the Peace Corps, the Tennessee Valley Authority, the U.S. Postal Service, and the Office of the U.S. Trade Representative. In the last quarter, John Koskinen met with selected small and independent agencies, including NARA and the Office of Administration. OMB will ask all small and independent agencies to report again on February 15, 1999. Previously, OMB had asked for these reports on May 15, 1999, but OMB has moved up the date in order to ensure a more complete picture of Federal progress before the March 1999 government- wide goal. TABLE 3.--SUMMARY OF SMALL AND INDEPENDENT AGENCY REPORTS -------------------------------------------------------------------------------------------------------------------------------------------------------- No. MC Total Cost Agency No. MC Systems (in Progress Concerns Systems Compliant millions) -------------------------------------------------------------------------------------------------------------------------------------------------------- Federal Communications 30 17 $14.8 Received additional funds from emergency Move to new building addresses problems Commission. fund, while also using excess regulatory with embedded systems, but complicates fees to fund efforts. Will obtain IV&V other year 2000 work. Agency renovation contractor in January 1999. IG involved. milestones call for two important Major licensing systems compliant. systems used to monitor the Cable Contingency plans based on manual Television industry to be completed in license processing or regulatory October 1999. Rate of progress must be changes. FCC is the lead on President's sustained, particularly in replacement Commission telecommunications efforts. systems. FCC should consider becoming a member of the CIO Council's Working Group on Telecommunications. Federal Housing Finance Board. 6 1 .34 New year 2000 Coordinator has been hired. Deadlines for two mission critical systems have slipped. Progress on renovation, validation, and implementation must increase in order to meet government-wide goals. Weak contingency plan. National Archives and Records 22 ......... 5.7 Has moved up the schedule for one mission NAIA began work late and is catching up, Administration. critical system that would otherwise but probably not fast enough to meet the have missed the March 1999 government-wide goals. Six mission implementation goal. Has begun critical systems are still estimated not contingency planning for some systems; to be renovated by March 1999. working on the security and Contingency planning has not begun for environmental control systems at the these. various Presidential Libraries; has joined the building Systems Working Group. National Labor Relations Board 29 14 \11\ 14.2 With move to contingency plan, NLRB is 3 systems have fallen behind schedule. In projecting that all systems will meet response NLRB plans to move to its the March 1999 goal. contingency plan for those systems, by having them repaired instead of replaced. NLRB has completed only 93 percent of assessment and 20 percent of renovation. No plan for IV&V. Should participate in the Year 2000 Building and Telecommunications Groups. Office of Administration, EOP. 86 1 17.1 A new project management team in place Behind government-wide goals; virtually has established a management strategy; all work is scheduled to be accomplished received funding from the emergency in fiscal year 1999. fund; work is underway. Senior White House management team is briefed weekly on progress. The EOP-wide Information Technology Management Team (an oversight entity) reviews progress monthly. Peace Corps................... 17 13 17.1 Payroll and personnel processing will Needs to accelerate validation and shift to USDA by June 1999. Renovation implementation. FMS projected to be of 15 critical systems has essentially implemented in June 1999. Has incurred been finished, and final user acceptance additional costs related to testing is scheduled for December. unanticipated delay in replacing FMS. Repair of two remaining systems has been Dependent on foreign banks for outsourced. A contract to renovate the disbursement--has received information Financial Management System (FMS) was from banks in 82 percent of host awarded in August. All non-critical nations. Heavy reliance on State systems will be renovated by November Department for disbursements and and tested by January 1999. Working with telecommunications services. Peace Corps State, Treasury, and Labor Departments is concerned that communications status to correct data exchanges. Cooperating in many posts remains unresolved and with international agencies and requires contingency plans. organizations to assess overseas issues. Completed embedded systems inventory. Good contingency and continuity planning process. Will begin a user verification process in December. Tennessee Valley Authority.... 488 169 37 The number of compliant, mission critical The majority of work remains to be done. systems has risen to 169 from the 104 reported last quarter. Business continuity plan under development. U.S. Postal Service........... 155 90 607 The USPS is making good progress in USPS has a substantial challenge given addressing the problem, having increased its size, the criticality of its mission its number of compliant, mission to other organizations, and the critical systems from 56 to 90 in the potential role it will play in last quarter. contingency plans of organizations. USPS should take steps to work cooperatively on continuity of business plans with those agencies which are highly dependent on USPS. U.S. Trade Representative, EOP 6 ......... 1.2 Received emergency funding. USTR is Testing identified potential conflict replacing entire LAN/desktop between one database being repaired and infrastructure. Critical systems are USTR's new operating system; this may standard COTS office support packages or require replacement of the former. simple databases that are being Additional work required on data renovated. Geneva offices will be exchanges. Continuity of business compliant in November. Will award task planning just beginning. order in December for IV&V services. -------------------------------------------------------------------------------------------------------------------------------------------------------- \11\ Represents fiscal year 1998, 1999, and 2000 costs. Appendix A TABLE 1.--AGENCY GOALS FOR COMPLIANCE OF MISSION CRITICAL SYSTEMS ---------------------------------------------------------------------------------------------------------------- Assessment Renovation Validation Implementation Date Date Date Date ---------------------------------------------------------------------------------------------------------------- Gov't-wide.................................................. Jun 97 Sep 98 Jan 99 Mar 99 Agriculture................................................. Oct 97 Sep 98 Jan 99 Mar 99 Commerce.................................................... Mar 97 Sep 98 Jan 99 Mar 99 Defense..................................................... Jun 97 Jun 98 Sep 98 Dec 98 Education................................................... Nov 97 Sep 98 Jan 99 Mar 99 Energy...................................................... Jan 97 Sep 98 Feb 99 Mar 99 HHS......................................................... Sep 98 Dec 98 Feb 99 Mar 99 HUD......................................................... Jun 97 Sep 98 Jan 99 Mar 99 Interior.................................................... Mar 97 Sep 98 Jan 99 Mar 99 Justice..................................................... Jun 97 Jul 98 Oct 98 Jan 99 Labor....................................................... Jun 97 Sep 98 Jan 99 Mar 99 State....................................................... Jun 97 Sep 98 Jan 99 Mar 99 Transportation.............................................. Aug 97 Sep 98 Jan 99 Mar 99 Treasury.................................................... Jul 97 Oct 98 Dec 98 Dec 98 VA Jan 98 Sep 98 Jan 99 Mar 99 AID......................................................... Nov 97 Mar 99 Jun 99 Sep 99 EPA......................................................... Jun 97 Sep 98 Jan 99 Mar 99 FEMA........................................................ Jun 97 Sep 98 Jan 99 Mar 99 GSA......................................................... Jun 97 Nov 98 Dec 98 Jan 99 NASA........................................................ Aug 97 Sep 98 Jan 99 Mar 99 NRC......................................................... Sep 97 Sep 98 Jan 99 Mar 99 NSF......................................................... Jun 97 Sep 98 Jan 99 Mar 99 OPM......................................................... Jun 97 Oct 98 Jan 99 Jan 99 SBA......................................................... May 97 Sep 98 Sep 98 Sep 98 SSA......................................................... May 96 Sep 98 Dec 98 Jan 99 ---------------------------------------------------------------------------------------------------------------- Note: Italicized dates are later than the dates indicated in the previous report. Bolded dates are earlier than the dates indicated in the previous report. TABLE 2.--PROGRESS ON STATUS OF MISSION CRITICAL SYSTEMS ---------------------------------------------------------------------------------------------------------------- Mission Critical Systems ----------------------------------------------------------------- Number Total Number Percent Number Still Number Number Compliant of Total Being Being Being Replaced Repaired Retired ---------------------------------------------------------------------------------------------------------------- Agriculture................................... 362 234 65 41 79 8 Commerce...................................... 458 367 80 33 57 1 Defense....................................... 2,581 1,352 53 102 1,014 113 Education..................................... 14 9 64 ......... 5 ......... Energy........................................ 420 210 50 86 87 37 HHS........................................... 300 147 49 25 117 11 HUD........................................... 62 45 73 6 10 1 Interior...................................... 92 75 82 2 15 ......... Justice....................................... 223 121 54 18 83 1 Labor......................................... 61 41 67 11 9 ......... State......................................... 59 27 46 20 12 ......... Transportation................................ 613 311 51 61 236 5 Treasury...................................... 323 204 63 26 88 5 VA............................................ 319 231 72 2 86 ......... AID........................................... 7 1 14 2 4 ......... EPA........................................... 58 52 90 ......... 5 1 FEMA.......................................... 46 39 85 4 3 ......... GSA........................................... 58 51 88 1 6 ......... NASA.......................................... 157 119 76 6 29 3 NRC........................................... 7 4 57 1 2 ......... NSF........................................... 17 15 88 ......... 2 ......... OPM........................................... 109 66 61 7 36 ......... SBA........................................... 42 42 100 ......... ......... ......... SSA........................................... 308 306 99 1 ......... 1 ----------------------------------------------------------------- TOTAL................................... 6,696 4,069 61 460 1,986 187 ---------------------------------------------------------------------------------------------------------------- TABLE 3.--STATUS OF MISSION CRITICAL SYSTEMS BEING REPAIRED ---------------------------------------------------------------------------------------------------------------- Assessment Renovation Validation Implementation Number of Percent Percent Percent Percent Systems Complete Complete Complete Complete ---------------------------------------------------------------------------------------------------------------- Agriculture...................................... 270 100 95 78 71 Commerce......................................... 155 100 86 67 66 Defense.......................................... 1,592 100 86 47 36 Education........................................ 14 100 93 64 64 Energy........................................... 168 100 88 54 48 HHS.............................................. 158 100 77 17 21 HUD.............................................. 41 100 100 76 69 Interior......................................... 85 100 96 93 82 Justice.......................................... 157 100 89 67 47 Labor............................................ 28 100 96 68 68 State............................................ 13 100 69 46 8 Transportation................................... 295 100 95 31 21 Treasury......................................... 233 100 87 71 63 VA............................................... 317 100 99 88 73 AID.............................................. 5 100 60 20 20 EPA.............................................. 29 100 100 86 83 FEMA............................................. 15 100 100 87 80 GSA.............................................. 23 100 74 74 74 NASA............................................. 101 100 99 79 71 NRC.............................................. 4 100 100 50 50 NSF.............................................. 10 100 100 90 80 OPM.............................................. 78 100 100 54 54 SBA.............................................. 42 100 100 100 100 SSA.............................................. 289 100 100 99 97 -------------------------------------------------------------- TOTAL...................................... 4,122 100 90 60 52 ---------------------------------------------------------------------------------------------------------------- TABLE 4.-- AGENCY YEAR 2000 COST ESTIMATES \12\ [In millions] ---------------------------------------------------------------------------------------------------------------- 1996 1997 1998 1999 2000 \13\ TOTAL ---------------------------------------------------------------------------------------------------------------- Agriculture........................................ 2.7 16.9 62.1 71.9 7.8 161.4 Commerce........................................... 2.6 12.4 35.6 55.8 6.5 112.9 Defense............................................ 22.8 377.7 1,236.8 817.3 92.2 2,546.8 Education.......................................... .1 1.4 19.5 20.7 3.8 45.5 Energy............................................. 1.0 20.0 85.7 68.1 19.9 194.7 HHS................................................ 7.2 32.1 149.9 \14\ 285 \15\ 200. 674.5 .3 0 HUD................................................ .7 6.2 20.8 23.2 6.2 57.1 Interior........................................... .2 2.8 10.6 57.8 .7 72.1 Justice 1.5 7.1 34.8 33.2 1.3 77.9 Labor.............................................. 1.7 5.4 14.5 25.4 10.0 57.0 State.............................................. .5 49.3 63.1 57.9 6.8 177.6 Transportation \16\................................ .4 11.2 121.9 100.7 6.0 240.2 Treasury \17\...................................... 8.4 200.2 592.7 460.6 261.2 1,523.1 VA................................................. 4.0 22.0 73.0 93.0 11.0 203.0 AID................................................ 1.1 3.0 18.3 23.9 3.2 49.5 EPA................................................ .8 5.3 11.5 18.6 1.0 37.2 FEMA............................................... 3.8 4.4 3.0 8.3 .5 20.0 GSA................................................ .2 .8 8.7 24.0 ......... 33.7 NASA............................................... .1 6.4 28.2 11.1 .9 46.7 NRC................................................ ........ 2.4 4.0 3.9 .6 10.9 NSF................................................ ........ .5 .8 .1 .0 1.4 OPM................................................ 1.7 2.1 9.2 2.2 .7 15.9 SBA................................................ 1.7 3.3 2.7 2.8 .5 11.0 SSA................................................ 2.2 13.3 12.2 5.0 .5 33.2 ------------------------------------------------------------ TOTAL........................................ 65.4 806.2 2,619.6 2,270.8 641.3 6,403.3 ---------------------------------------------------------------------------------------------------------------- \12\ These estimates do not include the Federal share of costs for State information systems that support Federal programs. For example, the Agriculture total does not include the potential 50 percent in Federal matching funds provided to States for Food and Consumer Services to correct their Y2K problems. \13\ Fiscal year 2000 estimates are based on an ongoing review of agency requirements and do not reflect final budget decisions. \14\ Fiscal year 1999 approved Y2K plan calls for $285.3 million to be spent. Other HHS proposals for spending additional funds in fiscal year 1999 are being reviewed by OMB. \15\ HHS' fiscal year 2000 costs will likely be between $200 and $500 million. The $200 million shown above represents a ``current best'' estimate. HHS' total estimate to OMB (reported November 15, 1998) for likely fiscal year 2000 costs was $575 million. OMB will continue to work with HHS on assessing Y2K funding requirements. \16\ Does not include $81.3 million in non-Y2K costs funded with emergency supplemental funds from the Information Technology and Related Expenses Account. \17\ Does not include $91.7 million in non-Y2K costs funded with emergency supplemental funds from the Information Technology and Related Expenses Account. ______ Appendix B KEY FEDERAL WEB SITES ON THE YEAR 2000 ------------------------------------------------------------------------ Site URL ------------------------------------------------------------------------ President's Council on Year 2000 http://www.y2k.gov Conversion. Federal CIO Council....................... http://cio.gov Year 2000 Information Directory........... http://www.itpolicy.gsa.gov/ mks/yr2000/y2khome.htm FDA--Biomedical Devices and Laboratory http://www.fda.gov/cdrh/ Equip- ment............................. yr2000/html Small Businesses Administration........... http://www.sba.gov/y2k Year 2000 Compliant COTS Products......... http://y2k.policyworks.gov/ GSA Telecommunications Information........ http://y2k.fts.gsa.gov/ Year 2000 Status Vendor Product Database.. http://globe.lmi.org/lmi-- pbs/y2k products/ ------------------------------------------------------------------------ ______ Appendix C Agency Exception Reports of Mission Critical Systems Behind Schedule U.S. Department of Agriculture Two systems from the Animal and Plant Health Inspection Service are reported behind the government-wide goals for the first time. The Licensing the Registration Information System tracks the validity of licenses, registrants, and inspection records about the Animal Welfare Act. The renovation phase is to be completed by the end of December and implementation is expected by the end of March 1999. The Integrated Systems Upgrade Project supports administrative, financial, and personnel functions and the required transmittals to financial entities. The Renovation phase is to be completed by the end of January 1999. Implementation is expected by March 1999. Several systems continue to be scheduled for implementation after March 1999. The Census of Agriculture is carried out every five years. The new system which supports the Census will be ready for the next census which begins in 2001. The Accounts Receivable System keeps subsidiary transaction level accounts for producers who were once insured directly by the agency. This includes all of the billing, payment, and indemnity information, and subsequent adjustments. This system is scheduled for retirement on September 30, 1999. The Debt Management System handles all phases of debt processing including due process, interest attachment, establishment of a debt account, debt reporting interfaces with the Internal Revenue Service, credit reporting agencies, and credit bureaus and 10 year write-off processes. It is scheduled for shut down on September 30, 1999. The Federal Tax Refund Offset program (FTROP) is a program to collect delinquent accounts owned to the Government by individuals due to fraud or household error in the Food Stamp Program. While this system is not deemed mission-critical by the Department and is not date-driven, it does have a sunset date of December 31, 1999. USDA cannot proceed independently from the Department of Treasury. This system is scheduled to be implemented December 1999. The Financial Accounting and Reporting System (FARS) manages internal funds control and reporting. The vendor has revised its estimated completion date to be due on October 1, 1999. The Cotton On-line Processing System monitors cotton inventories and price support loans. It also maintains electronic receipts and keeps track of benefits. The Department has approved a replacement strategy, and its completion is scheduled for July 1999. The Department provided no information on its contingency planning for these systems. Department of Commerce The Patent and Trademark Office reports that the Classified Search and Image Retrieval (CSIR) system will not be Y2K compliant by March 31, 1999. The CSIR provides patent examiners with the capability to electronically search and retrieve U.S. patent images from their desktop workstations. PTO indicates that the CSIR system will be compliant by June 30, 1999. This system is delayed due to the contractor's inability to place qualified staff on the task. A contingency plan was submitted on August 14, 1998 for this system. Department of Defense The Department of Defense reports 65 mission critical systems are behind schedule for fixing the Y2K problem. This is an increase of 14 from the previous quarter. In addition, Defense reports that 60 mission critical systems will miss the March 1999 goal for being fixed, a decrease of 9 systems from the 69 reported in August. No systems that support the Intelligence community are included in the counts, since the report is unclassified. As a result, the actual number of exceptions for the portion of the Department reporting is slightly greater in this report than was previously reported. This is due to unforeseen problems being identified during testing of some large, complex systems with many interfaces. Although the Department reported that contingency plans were in place for a large number of systems, the Department provided no information on the status of contingency planning for many systems behind schedule. Department of Education In the May quarterly report, Education reported two systems which had fallen two or more months behind schedule: (1) the Title IV Wide Area Network (TIVWAN), and (2) the National Student Loan Data System (NSLDS). TIVWAN had slipped from a renovation date of 2/98 to 8/98 and NSLDS had slipped from a renovation date of 6/98 to 8/98. In the August quarterly report, both of these systems had completed their renovation phases as scheduled and are no longer listed as exceptions. Also in the August quarterly report Education listed three systems which have fallen two or more months behind schedule: the Impact Aid Payment System, the Education Local Area Network, and the Pell Recipients' Financial Management System. For the Impact Aid Payment System, which is a replacement system, the renovation phase has been completed, but the validation and implementation phases have slipped by three and two months respectively from June 1998 to September 1998, and from July 1998 to September 1998--both phases of which have been completed as this quarter's report. For the Education Local Area Network, the renovation phase completion date had slipped by two months from September 1998 to November 1998 in the August report, but has been completed as of this quarter's report. The Pell System renovation phase remains due for completion in December 1998. Education has currently completed 98 percent of the work necessary to finish the renovation phase for the Pell System. The Department has drafted contingency plans for all systems and will finalize these plans by March 1999. In addition, the testing of these plans is scheduled to be completed by the end of June 1999. Department of Energy In the August quarterly report, the Department had identified six systems with implementation dates beyond the March 1999 milestone. These six systems remain with implementation dates beyond the March 1999 milestone in this quarter's report and are joined by a seventh. The seven systems are at three DOE facilities--Sandia National Lab, Idaho National Engineering Laboratory, and Savannah River. At the Sandia National Laboratories, the Oracle Financial System was previously reported with an implementation date of October 31, 1999. That date has been moved up to be in compliance with the government- wide goal of March 31, 1999. However, a new system has been identified with an implementation date of August 31, 1999--the Enhanced BadgeWorks system which is the identification and access control system for the Lab. At the Idaho National Engineering Laboratory, the one new system identified for implementation after March 31, 1999 is the New Waste Calcining Facility Distributed Control System (NWCF-DCS). This system's renovation will require a shut down of the facility for a short period, and therefore implementation is scheduled for June of 1999. At the Savannah River site there are five systems. The Nuclear Materials Stabilization Program Operations System (implementation date of September 30, 1999), the Tank Farm Process Control System (implementation date of October 31, 1999), the Tank Farm Manufacturing Support System (implementation date of August 19, 1999), the Defense Waste Processing Facility Process Control System (implementation date of October 31, 1999) and the Defense Waste Processing Facility Manufacturing Support System (implementation date of October 31, 1999). These are the seven systems reported by the Department in its November quarterly report. In addition, however, the Department tracks progress against its own milestones and has identified 25 systems (out of 420) that are behind their internal baseline schedule milestones by more than 60 days. These systems required a change control process to rebaseline their schedule. Of these 25 systems, none are anticipated to miss the implementation date of March 1999; however, 11 of the systems are anticipated to complete validation in February rather than the government-wide goal of January 1999. The Department indicated that contingency plans for all of these systems are to be completed by December 15, 1998. Environmental Protection Agency EPA reports in their November quarterly report that the Air Quality (AQ) Subsystem of the Aerometric Information Retrieval Systems (AIRS) is experiencing delays. Accordingly, renovation which had been scheduled for November 1998 would not be achieved, and therefore implementation of a reengineering AQ Subsystem was in danger of not meeting the March 1999 goal. The other three Subsystems of AIRS have either completed implementation or are on schedule. To forestall the potential that the AQ Subsystem does not meet the March 1999 goal, a decision was made to renovate the existing AQ Subsystem to AIRS and use that until work is completed on the reengineered AQ Subsystem. Renovation and validation of the existing AQ Subsystem to AIRS is now scheduled to be completed by January 1999. The Department considers the renovation of the existing AQ Subsystem to be the implementation of a contingency plan in the event that the reengineered AQ Subsystem continues to experience delays. General Services Administration The General Services Administration had previously identified one system, the Acquisition Management Program (AMP), as being delayed by more than two months, slipping from May 1998 to October 1998. AMP is used to manage the funds used to acquire vehicles at Fleet Management Centers throughout the nation. AMP became Y2K compliant in August and was implemented on October 1, 1998. Department of Health and Human Services In the August quarterly report, four Health Care Finance Administration (HCFA) external systems (that is, systems run by Medicare contractors) were reported with scheduled implementation dates two or more months behind the HHS internal goal of December 31, 1998. HCFA has worked with Medicare contractors to develop revised schedules, which meet the Department's internal goal, for three of these four systems. The three Medicare contractors which have revised their schedules are Blue Cross/Blue Shield of Arkansas (Part B); Blue Cross/ Blue Shield of Arkansas, New Mexico, and Oklahoma (Part B); and Blue Cross/Blue Shield of New Hampshire and Vermont (Part A). The fourth previously reported system, Trigon Blue Cross/Blue Shield of Virginia (Part A), is still scheduled for completion after the Department's internal goal, but with a revised implementation date of February 18, 1999 (one month earlier than the previously reported March 31, 1999 date). The three Program Support Center systems reported behind the internal HHS goal in the August quarterly report--the Current Payroll/ Personnel System, the Automated payment Adjustment System, and the Debt Collection System--remain behind the HHS internal goal with the previously reported scheduled implementation dates of February 28, 1999. All three systems have been renovated as of September 30, 1998. The February implementation dates were established to allow for extensive interface testing. In the August quarterly report, three HCFA external systems were reported with scheduled implementation dates behind the government-wide goal of March 1999. HCFA has worked with the Medicare contractors to develop revised schedules, which meet the government-wide goals as well as the Department's internal schedule. These systems are the Associated Hospital Services of Maine (Part A), the HW Medicare Services (Part A) and Blue Cross of California--all of which have moved their implementation dates back into December of 1998. The Department also had previously reported one Health Resources Services Administration (HRSA) system, the Organ Procurement Transplantation Network (OPTN) with a scheduled implementation date of April 1999, as behind the government-wide goal. HRSA has worked with the contractor to revise the OPTN scheduled implementation date to January 1, 1999. Although the Department provided no information on its contingency planning for these systems, the Department has begun to develop contingency plans for key business areas. Department of the Interior In the previous report, the Department reported four systems behind; all are now back on schedule. Specifically: The Supervisory Control and Data Acquisition (SCADA) System for the Colorado River Storage Project within the Bureau of Reclamation, which is used to manage the Glen Canyon Dam's Power plant and water flow, is now back on schedule. In the August report, this system was discussed primarily because the preliminary estimates to renovate the system were significantly higher than anticipated. A statement of work was developed requiring a three-phase effort to reassess costs, make repairs, and test the system for Y2K compliance. Additionally, a waiver to the Dual-Compensation Act has been granted for 10 Power plant Operators as part of a contingency plan that will allow all of the bureau's dams to be operated in a manual mode. Currently all of the bureau's continuity of operations manuals are being reviewed with regard to Y2K impact. Validation is expected to be completed in December 1998, while implementation is to be completed by March 1999. The Global Seismic Network (GSN) of the U.S. Geological Survey collects and provides data from the global digital seismic network to incorporated research institutions. This system is integrated with the global positioning system and includes information on earthquake assessments, oil drilling distribution and maintenance and water resource management. Earlier schedule and budget estimates for GSN were based on data that was incomplete relative to the severity of several problems in the field system operating software; current data indicates that the system is back on schedule. Validation of this system was completed in October. The system is currently 25 percent implemented. The Seismic Event Data Analysis System (SEDAS) of the U.S. Geological Survey contains information pertaining to earthquakes throughout the world. It is used by USGS researchers for information dissemination. Earlier schedule and budget estimates for SEDAS were based on inaccurate information. This system has now been successfully renovated. Validation is at 90 percent and with a new implementation schedule of December 1998, this system will no longer be reported as an exception. The U.S. National Seismograph Network (USNSN) of the U.S. Geological Survey (USGS) provides the hardware and the software for the Water Resources Division of USGS for scientific, accounting, and personnel information. Earlier schedule and budget estimates for USNSN were revised after determining that there is a much more comprehensive method for testing and validating total system Y2K compliance than was originally envisioned. The slip in the validation schedule is due to expanded testing of the system and revisions to the testing schedule itself. This system has now been successfully renovated and validated. Currently, implementation is at 90 percent, and with a new implementation schedule of November 1998, it will no longer be reported as an exception. Department of Justice The most recent quarterly report shows a total of 28 systems that will miss internal Justice milestones for assessment, renovation or validation. The Department states that all these systems will meet the government-wide March 1999 goal. Justice has identified eleven mission critical systems that will miss the March 1999 implementation goal--an increase from the three systems reported in August. The Executive Office of the United States Attorneys (EOUSA) identified three systems that will not be fully implemented until June 1999. Two of these are case tracking systems that will be renovated in January 1999. The third system is EOUSA's office automation suite that already has been renovated and is being deployed on new Y2K compliant personal computers. The Executive Office of United States Trustee's (EOUST) case management system, known as USTARS, experienced contractual delays related to procurement of hardware systems. EOUST expects implementation of USTARS to begin in March 1999 and be completed in October 1999. These three systems have contingency plans which have been reviewed by the IV&V contractor. The Justice Management Division (JMD)'s Debt Management System accounts for, disburses and reports on funds collected through various Justice financial litigation and collection efforts. The Debt Management System is being replaced at the end of its life cycle with a new module on the Department's core financial system. However, development of the module was delayed by difficulties in obtaining programmers. JMD expects the module to be implemented by September 1999. This system has no contingency plan, but Justice plans to have one in place by December 31, 1998. The National Drug Intelligence Center is working with the Navy to replace its External Communications System with the Y2K compliant Defense Message System by June 1999. This system is expected to have a contingency plan in place by January 1999. Two Office of the Inspector General systems will also not meet the March 1999 goal. Renovation of the first system, the Investigations Data Management System, was delayed because its host platform and supporting software must be replaced. A contingency plan has been developed. For the second system, Inspector General Network for Information and Telecommunications Exchange (IGNITE), Justice lacks funding to replace the network operating system and other network components required to make systems Y2K compliant. No date or funding has been identified to upgrade IGNITE. A contingency plan has been reviewed by an IV&V contractor and is in place. As reported last quarter, the Federal Bureau of Investigation's (FBI's) Digital Monitoring Workstations support investigative collections for authorized foreign counterintelligence surveillance and were found to be non-Y2K compliant. The FBI is replacing the twelve systems at the rate of approximately one per month and should be fully implemented by August 1999. A contingency plan has been prepared and has been reviewed by an IV&V contractor. The Immigration and Naturalization Service (INS) has decided to perform replacement of its mission critical Local Area Network and its non-mission critical workstation/office automation upgrades simultaneously. Because a large number of sites are involved, INS will be unable to complete replacement of this infrastructure until July 1999. There is no contingency plan for this system. Finally, Justice is replacing the Card Key System for its Washington, DC headquarters as part of the building's overall renovation that will extend beyond the March 1999 goal. Contingency plans have been developed but have not yet been reviewed by the IV&V contractor. Social Security Administration The Integrated Image-Based Capture System is a stand-alone system located in Wilkes-Barre, Pennsylvania that scans paper W-2 forms and converts them into electronic format for entry into the Annual Wage Reporting System. This system supports the annual tax year operation that begins in February of each year and continues until all of the paper W-2 forms are processed in September. The application software has been renovated to be Y2K compliant and is being implemented for tax year 1998 processing, which begins in February 1999. Y2K compliant workstations are also being installed. In order for the entire system to be Y2K compliant, commercial-off-the-shelf (COTS) software must be upgraded to Y2K compliant versions, which are now available. The COTS products have been procured and will be implemented for tax year 1999 processing, because once processing begins changes cannot be made to the system until the following tax year operation. Accordingly, the COTS infrastructure will be implemented for testing in March 1999. Testing of the entire system will continue through August 1999 for implementation for tax year 1999 processing, which begins in February 2000. SSA does not expect difficulties in implementing the COTS products for tax year 1999, but if difficulties arise, SSA has a contingency plan to use a backup system for data entry of the paper W-2 forms; this system is Y2K compliant. State Department The State Department has identified one system as not meeting the March 1999 goal for implementation. The Travel Document Issuance System is expected to be initially installed at its first site in November 1998. After initial evaluation, the application will be installed at other domestic passport agencies. State expects the system to be fully deployed by August 1999. A contingency plan has been developed. In an improvement from the previous report, the Department has taken steps to accelerate deployment of ALMA (A Logical Modernization Approach) upgrades to over 230 State Department posts worldwide and anticipates that installation will be completed by March 1999. A number of Consular Affairs mission critical systems, including the Automated Citizen Services function, Modernized Immigrant Visa system, and Non- Immigrant Visa and Computer Assisted Processing systems are being deployed concurrently with installation of the ALMA package. As of October 23, 1998, ALMA has been deployed to 136 posts worldwide. State is preparing continuity of business plans should any posts or embassies not have ALMA installed in time to meet the millennium. In the August 1998 Quarterly Report, State Bureau of Administration identified the Supply Automated Receiving System (SARS), Enhanced Automated Procurement System (EAPCS), Mail Sorting Equipment Network (MSE), and the Electronic Receipts System (ERS) as slipping more than two months beyond their September renovation milestones. ERS has now completed renovation. The remaining systems are now expected to be renovated in early 1999 and implemented in March 1999. Also in the August report, the Office of Personnel's Medical Archiving Retrieval System (MARS), which was behind the September 1998 renovation milestone, has now been reclassified as a non-mission critical system. In November, the State Department identified a number of other systems that have experienced schedule slippage, but are all expected to meet the March 1999 implementation goals. The Consular Affairs Bureau's IVAMS and DCARS were delayed because contracts to renovate these applications took longer to award than envisioned. The Finance and Management and Policy Bureau Budget System will be implemented in December rather than September, but the most critical modules began validation in October. The Paris Accounting and Disbursing System will miss the renovation and validation dates because of project management and technical difficulties, but is expected to be completed in March 1999. The Department decided to repair rather than replace the System Integrity/Crypto Inventory System (SI/CRYPTO) system which is now scheduled for completion in March 1999. State decided to implement the contingency plan for SI/CRYPTO now to ensure the function is adequately supported. A reassessment of the Telegram Distribution System (TeDS) was performed after questions were raised with the original assessment. Renovation will begin in late November and implementation should be completed in March 1999. Although Terminal Equipment Replacement Program (TERP V) completed its validation in October, deployment and implementation of the application will probably extend into March 1999, two months past its scheduled date. All of these systems have contingency plans. Department of Transportation The Federal Aviation Administration (FAA) is faced with a significant challenge in validating and implementing hundreds of systems, particularly air traffic control systems which require extensive end-to-end testing. At the present time, the FAA estimates that 61 systems will not be implemented by March 1999, a number of which are critical to FAA's telecommunications and data exchange infrastructure. The FAA presently expects to complete validation activities by March 1999 and implementation activities by June 1999. As stated in the main report above, the FAA needs to continue to reevaluate its master schedule and make a concerted effort to accelerate its implementation schedule. The U.S. Coast Guard reports that two systems remain behind schedule, but significant progress has been made on its safety related systems. The Department has contingency plans in place. Department of Treasury The Department currently has three systems within the Bureau of Alcohol, Tobacco, and Firearms (ATF) that will be implemented after the March goal. Contingency plans for these systems have been completed and approved for implementation should it become necessary to do so. The Federal Excise Tax System (FET) manages the collection of Federal excise taxes on alcohol, tobacco, and firearms. This system was previously assessed as compliant. However, when certification testing began, it was determined that the system was not compliant and that replacement was necessary. This system is currently scheduled for implementation on July 16, 1999. The Firearms Licensing System (FLS) processes Federal firearms licenses, Federal explosive licenses, letters, and electronic data for out of business dealers pertaining to the aforementioned items. This system was previously assessed as compliant. However, when certification testing began, it was determined that the system was not compliant and that replacement was necessary. FLS is currently scheduled for implementation on July 31, 1999. The Alcohol and Tobacco Database (A&T) is used to track smuggling and smuggler of alcohol and tobacco products. The database tracks surveillance and related events. The system provides criminal enforcement and regulatory enforcement users with detailed information related to illegal activities of wholesalers, distillers, and distributors. A&T is currently scheduled for implementation on May 26, 1998. Agency for International Development AID and a contractor reviewed the agency's plans and requirements for addressing their mission critical systems and adjusted project schedules based on a number of factors. As a result of this review and adjustment, four AID mission critical systems will be implemented after the March 1999 goal. While renovation of the Mission Accounting and Control System (MACS) was just completed, validation and implementation will not be completed until April and May of 1999. AID is taking steps to accelerate this process by establishing more aggressive timetables for deployment of operating systems, completion of hardware upgrades and pre-deployment testing. This is a particularly important system for AID as it is the only automated accounting system available to missions worldwide. The Agency's complex financial management, procurement, budget and program management system, called the New Management Systems (NMS) is scheduled for implementation in September 1999, one month later than reported last quarter. AID will have contingency plans in place for both of these systems by June 1999. AID is also replacing two systems, the Financial Accounting and Control System (FACS) and the Loan Accounting Information System (LAIS). While FACS will be integrated into version 4 of NMS, AID is still developing a strategy for handling the historical data resident on the system. AID has outsourced many of the loan servicing functions that LAIS supported and is working with the contractor to identify what LAIS functionality and historical data needs to be supported. AID expects to resolve the LAIS and FACS issues by September 1999. AID is working to accelerate deployment of its new desktop infrastructure and upgrades to routers and other local and wide area networks in order to support deployment of mission critical applications. ______ The President's Council on Year 2000 Conversion--First Quarterly Summary of Assessment Information--January 7, 1999 chairman's statement With slightly less than a year until January 1, 2000, the President's Council on Year 2000 Conversion is committed to providing the public on a regular basis information it has obtained about the status of government and industry efforts to combat the Year 2000 (Y2K) computer problem. This report summarizes information the President's Council and its more than 25 working groups have gathered either from Federal agencies or through cooperative working relationships with industry trade associations and other groups who are assessing their members' preparedness for the century date change. It is the first in a series of quarterly reports the Council will release in 1999. It is important to note that, in several industry areas, trade associations are still working to gather initial survey data on the status of their members' Year 2000 efforts. Where possible, the report indicates target dates for completing that work and making information publicly available. The content and format for information collected over the past few months also varies and, in some cases, is very preliminary. The Council is encouraging trade associations to collect information in a more standard format in future surveys. Subject to these limitations, the available data provide the following information about the level of preparedness among key industries: --Virtually all of the industry areas report high awareness of the problem and its potential consequences. --Participants in several areas are mounting aggressive efforts to combat the problem and to ensure that critical systems will be able to process the date change to the Year 2000. Financial institutions, including banks and securities firms, are most notable for their coordination and progress. --We are increasingly confident that there will not be large-scale disruptions among banks and in the power and telecommunications industries. Disruptions that do occur will most likely be of a more localized nature. --Large organizations often have a better handle on the problem than some of their smaller counterparts. While many small and medium-sized businesses and governments are focused on solving the Year 2000 problem and have made significant progress, some continue to believe the problem will not affect them or are delaying action until failures occur. Lack of preparedness among these organizations increases the risk for localized Y2K disruptions. --International failures are likely. Despite recent increased efforts, a number of countries have thus far done little to remediate critical systems. These failures could have a significant impact upon the United States, especially in areas that rely heavily upon cross-border operations. At the Federal level, agencies are working to prepare critical systems for the Year 2000, and have mounted aggressive efforts to ensure that critical services will not be disrupted by the transition to the new millennium. According to the most recent OMB report on agency progress, as of November 15, 1998, 61 percent of Federal critical systems were Y2K compliant, up from 27 percent a year earlier. The November data also indicated that 90 percent of critical systems requiring repair have already been fixed and are now being tested. A small percentage of critical systems are not expected to meet the March 1999 goal of having all critical systems Y2K compliant, and agencies will produce specific benchmarks for completing work on these systems before January 1, 2000. All agencies are working to develop contingency plans in the event of internal or external failures. There is still time remaining for organizations, especially smaller firms, to prepare their critical systems for the Year 2000. But at the same time, all organizations should be developing back-up, or contingency, plans to address internal and external Y2K-related failures. Effective contingency plans will help to minimize Year 2000 disruptions. i. introduction Over the past 50 years, computers have made what was once thought impossible--possible--in finance, transportation, communications, health care and other areas. From electronic commerce to high-speed international telecommunications service to medical breakthroughs, they have been engines for social and economic progress. Information technology has become more pervasive in the every day activities of organizations and individuals around the world. But human beings, the inventors of this remarkable technology, are not infallible. Now, what once was a rational decision--to use two digits to represent the year in many computer systems--is now the Year 2000 (Y2K) problem, an enormous challenge to governments and businesses around the world whose operations depend upon these systems. This report of the President's Council on Year 2000 Conversion is the first in a series of quarterly documents that will summarize industry and other assessments of efforts to ensure that information technology systems are ready for the century date change. Information on the level of preparedness is sparse within some industry areas where trade associations and groups are just beginning efforts to survey their members. In these areas, the report outlines how information is being gathered and when further detail is expected. The Y2K Problem The Y2K computer problem is caused by a shortcut used in many information technology systems. Years ago, to conserve memory space, computer programmers used two digits to record the year--for example, 98 would mean 1998. Over time, this became standard programming practice. Many information technology systems that require knowing the year, and use two-digit coding to record it, will, on January 1, 2000, recognize 00 not as the Year 2000 but as the Year 1900. This glitch could cause them to either shut down or malfunction, a significant problem in our electronic information-dependent society. The Y2K problem is not new. People have known for years that two- digit coding would create difficulties when the Year 2000 arrived. But many organizations in the United States and around the world have been slow to act. Some assumed that a ``quick-fix'' would materialize that would enable systems dependent on two-digit coding to process the Year 2000 or that older systems would be replaced by newer, Y2K-compliant models. Unfortunately, there is no permanent, universal quick-fix and, in many cases, older, non-compliant systems remain in operation. The Y2K problem is solvable. Businesses and governments know how to fix non-compliant systems and are devoting significant financial and personnel resources toward doing so. Several major financial institutions are spending hundreds of millions to ensure that their systems will operate in the Year 2000. As of November 15, 1998, the Federal Government estimates it will spend $6.4 billion to fix its mission-critical systems. Solving the Y2K problem is primarily a management challenge. Repair and replacement of systems and their interconnections takes time, and January 1, 2000, is an immovable deadline. Ensuring that critical systems are ready for the Year 2000 is a matter of prioritizing what needs to be fixed, devoting adequate personnel and financial resources to the project, and developing back-up, or contingency, plans to be used in the event that systems, both internal and external, fail. The Council The President's Council on Year 2000 Conversion, established on February 4, 1998 by Executive Order 13073, coordinates the Federal Government's efforts to address the Year 2000 problem. The Federal Government, like any business or organization, is responsible for fixing its critical systems. But it also is working to encourage the private sector and other governments to do the same for the systems for which they have responsibility. Thus, the Council's mission is two-fold: (1) to work with the agencies to prepare critical Federal systems for the Year 2000, and (2) to promote action on the problem outside the Federal Government--among businesses, State, local, and Tribal governments, and foreign entities. The Council is made up of representatives from more than 30 major Federal executive and regulatory agencies that are active in diverse areas such as transportation, banking, and telecommunications. Council members work together to exchange information on agency Y2K progress and shared challenges. They also coordinate interagency testing efforts for programs that rely upon multiple agency systems and assist each other with contingency planning efforts for potential Y2K-related failures. To reach out beyond the Federal Government, Council members have formed working groups to focus on the Y2K challenges in over 25 sector areas such as finance, communications, transportation, electric power, health care, water supply and building operations. The working groups have reached out to form cooperative working relationships with the major trade associations and other umbrella organizations representing the individual entities operating in each sector. Working group outreach efforts are designed to increase the level of awareness and action on the problem and to promote the sharing of information between entities. Information Gathering The Council has also been working with these outside organizations to gather industry assessments of Y2K preparedness and to encourage companies and governments to share publicly information about the status of their own Year 2000 efforts. Trade associations have special abilities to reach large numbers of participants within a particular industry and are especially aware of their most critical Y2K challenges. Industry participants generally are also more comfortable providing candid information confidentially to their umbrella organizations rather than directly to government agencies. These industry assessments, which the Council makes publicly available through its web site (www.y2k.gov) as soon as they are available, are important because they provide businesses, governments, and the general public with information about the status of Y2K efforts in key areas of the economy. For example, an organization that has finished work on its systems could still be vulnerable to the Y2K problem if its business partners are not prepared. A local grocery store may have ensured that its cash registers and inventory software are Year 2000 compliant, but Y2K failures among suppliers could affect the store's bottom line. Information on progress among suppliers could help the store prepare an effective back-up plan. Governments also rely upon information gathering efforts to prepare contingency plans so that key governmental services will not be disrupted and to respond to emergencies that may result from Y2K- related failures. And consumers need information on the Y2K progress of their local businesses and governments so that they can make their own informed decisions. To help associations and other groups collect and share information on the status of Y2K efforts, the Administration worked with Congress to enact the ``Year 2000 Information and Readiness Disclosure Act.'' This bipartisan legislation provides protection against the use in civil litigation of technical Year 2000 information about an organization's experiences with product compliance, system fixes, testing protocols and testing results when that information is disclosed in good faith. It also includes important protections for information gathering that is designated as a ``special data gathering request'' under the Act. These collections of information cannot be reached by private litigants, or used by Federal agencies for regulatory or oversight purposes, except ``with the express consent or permission'' of the provider of the information. Industry Assessments Shortly after President Clinton signed the ``Year 2000 Information and Readiness Disclosure Act'' on October 19, 1998, the Council provided industry associations with a guide for Y2K information gathering based on earlier surveys designed by some of the Council's working groups. The Council suggested that industry trade associations gather from their members the following information: --Do you have a plan for addressing the Y2K problem? --Does it include defined milestones? --Has your chief executive approved the plan? --Does the plan define a Y2K organizational structure? --How have you organized your Y2K work? --How much to you expect to spend on fixing the problem? How much have you spent to date? --What percentage of the work of repairing or replacing mission- critical systems have you completed for: assessment (inventory and analyze systems supporting the core business areas and prioritize their conversion or replacement), renovation (convert, replace, or eliminate systems), validation (test, verify, and validate converted or replaced systems), and implementation (integrate converted or replaced systems into the system environment where routine information processing activities are performed)? --Have you designed, tested, and put in place plans for internal and external contingencies? --If you operate internationally, are you encountering any special difficulties related to the Y2K problem? ii. critical services For the purposes of this initial report, the Council has identified and summarized assessment information for nine sector areas covering the provision of critical services. They are: benefits payments, communications, electric power, emergency services, financial services, oil and gas, solid waste, transportation, water supply. In every area except for benefits payments, the Council is relying partially or entirely on industry trade associations to provide assessment information on Y2K progress within their sectors. As noted earlier, many trade associations are still working to gather initial or more comprehensive survey data on the status of their members' Year 2000 efforts. Target dates for completing that work and making information publicly available are provided in those instances. ``Y2K compliant'' systems are those that have been tested, are operational, and can accurately process data through the century date change. Benefits Payments (Working Group Chair--Social Security Administration) There is still work to be done to ensure the complete Year 2000 readiness of all systems responsible for making Federal benefit payments, but agencies expect that they will be able to deliver payments without disruption in January 2000. These benefit payments include Social Security, Supplemental Security Income, Government civilian and military pensions, veterans benefits, and unemployment insurance. Social Security Administration The Social Security Administration (SSA) has made all its systems that produce Social Security and Supplemental Security Income (SSI) payments Year 2000 compliant, and has tested and certified those systems. In addition, testing from SSA through the Treasury Department and the Federal Reserve for direct deposit payments was also successfully completed. Beginning with payments made in October 1998, the Social Security and SSI benefit payments were generated using Year 2000 compliant software at both SSA and Treasury. Treasury Department systems for making monthly Social Security and SSI payments received independent verification of their Y2K compliance in December 1998. With regard to disability benefits, SSA is working very closely with the State Disability Determination Services (DDS's) to ensure there is no disruption to State systems which support medical determinations in the Social Security and Supplemental Security Income Disability claims process. There are 50 States and territories with automated systems. As of November 30, 1998, 45 DDS systems have been renovated, tested and implemented. All 50 systems are expected to be Year 2000 compliant by January 1999. SSA and each State DDS have developed Business Continuity and Contingency Plans in the event that unforeseen problems occur. These plans address measures to be taken to ensure payments are made and claims are processed. Department of Defense The Defense Department is confident that payments to military retirees and annuitants will continue uninterrupted in January 2000. All programming changes and testing of programs for the pay system and its interfaces have been completed. The Year 2000 compliant programs were implemented in October 1998. The pay system software will be migrated to a Year 2000 compliant processing environment, tested and implemented by March 31, 1999. Additional end-to-end testing with interfacing partners is scheduled for mid-1999. Successful completion of these tests and continued close contact with interfacing partners will ensure a smooth transition to January 2000. Department of Veterans Affairs The Department of Veterans Affairs (VA) is making Year 2000 compliant all systems that deliver compensation, pension, education, vocational rehabilitation and loan guaranty benefits to veterans. As of October 31, 1998, 99 percent of all benefit payment programs were renovated, and 72 percent were implemented. All programs are scheduled for implementation by March 31, 1999. VA is currently developing business continuity and contingency plans for its benefits delivery business areas. These plans are expected to be completed by January 1999. The Treasury Department systems that make payments on behalf of VA are scheduled to be implemented at the end of 1998. Office of Personnel Management The Office of Personnel Management (OPM) continues to make significant progress in achieving compliance for the mission-critical systems of its Retirement and Insurance Service that support the provision of benefit services to Federal employees and annuitants. As of October 1998, OPM has completed renovation of these mission-critical systems, and has validated and implemented almost half of them. OPM anticipates completing the validation and implementation phases by January 1999. OPM is also validating Y2K compliance with the more than 200 partners with whom it exchanges data and plans to test retirement benefit payment files with the Treasury Department. In addition, in December 1998, OPM developed final draft business continuity and contingency plans to ensure that it can provide essential retirement and insurance services in January 2000, and will schedule and conduct testing of these plans within the next several months. Department of Labor The Unemployment Insurance (UI) program is administered by 53 State Employment Security Agencies (SESA's). The Department of Labor (DOL) is responsible for oversight of the UI program. The Year 2000 problem for UI arises in January 1999, because the State systems must calculate an end date for new claims. Since the end date is one year from the date a claim is filed, the computer must calculate and assign an end date in January 2000 for any new benefits claim opened in January 1999. In December 1998, DOL stated that 16 SESA's were ``at risk'' of not being able to complete permanent fixes to their systems before the January 4, 1999 cutoff date, and may need to implement back-up, or contingency, plans so that benefits can be processed while they continue to prepare systems for the Year 2000. Those SESA's were: Arizona, Connecticut, Delaware, the District of Columbia, Hawaii, Illinois, Kansas, Louisiana, Massachusetts, Missouri, Montana, New Hampshire, New Mexico, Puerto Rico, Vermont, and the Virgin Islands. DOL is continuing to provide direct technical assistance to these SESA's in addressing the automated system problems and preparing contingency plans. Reliance on Banks and the U.S. Postal Service All of the benefit payment systems are dependent on the financial community for direct deposits and the U.S. Postal Service (USPS) for check delivery, and in the case of international payments, a variety of check delivery systems. Each Federal agency providing benefits is working closely with the Treasury Department and the Federal Reserve, which is in turn testing with the banking community to ensure a smooth transition to 2000 and to plan for any unforeseen disruptions to direct deposits. With regard to check delivery through the U.S. mail, the USPS has renovated 78 percent of its mission-critical systems. The remaining renovation and independent verification and validation of all mission- critical systems will be completed in the first half of 1999. To evaluate the readiness of core mail processing equipment, the Postal Service advanced the dates and tested the automated mail processing equipment at a major mail processing plant in Tampa and a bulk mail center in Atlanta. Both tests verified that the equipment, which is in use throughout the postal system, will process letters, flats and parcels correctly to and through the Year 2000. Although additional testing is planned throughout 1999, USPS is confident in its ability to sustain mail service through the century date change. Communications (Working Group Chairs--Federal Communications Commission, General Services Administration) Information obtained from the communications industry indicates that the major companies have active Year 2000 programs and have made substantial progress toward updating their systems. However, less information is available regarding smaller organizations, and detailed information about some sectors will not be available until late January 1999. The Federal Communications Commission (FCC) regulates the communications industry in five sectors: wireline, wireless, cable, broadcast, and international. Communications equipment is grouped by network elements (transmission and reception), support systems (billing, maintenance, inventory), and auxiliary systems (security, alarms, environmental control). Continuity of communications requires each network element to operate properly and for those elements to interoperate effectively. The FCC is working closely with a number of organizations to assess industry readiness, including: the Network Reliability and Interoperability Council (NRIC), the Telco Year 2000 Forum, the Alliance for Industry Telecommunications Solutions (ATIS), Cable Television Laboratories, Inc. (CableLabs), the International Telecommunication Union (ITU), and several other trade associations representing various industry segments. Wireline Data indicate that this segment of the telecommunications industry, which includes major companies such as Bell Atlantic, AT&T and MCI, is seriously addressing Year 2000 conversion issues and will meet remediation goals. Based on the information collected to date, the most likely Y2K difficulties would be small, localized problems in the network. Companies are developing contingency plans to pool efforts to address these types of problems. Preliminary information from the NRIC, based on a polling of companies representing 94 percent of the access lines in the United States, indicates that between September 30, 1998 and December 30, 1998, the wireline industry was expected to progress from 54 percent to 69 percent completion of its Y2K project overall, while assessment of Y2K problems would go from 94 percent to 98 percent complete, renovation or remediation would progress from 66 percent to 81 percent complete, and validation or testing would move from 58 percent to 69 percent complete. Implementing proven solutions across the network was expected to progress from 59 percent to 74 percent complete between the end of September and the end of December 1998. The average target date for complete implementation is June 30, 1999. Cable While current data are not yet available, the industry expects that Y2K problems will not cripple cable system operations, and at this time it appears that set-top boxes found in the common household are for the most part not at risk. However, switching devices, commercial insertion equipment, satellite video playback equipment, and addressable controllers could be affected. Cable operator equipment that relies on embedded chip technology is also at risk. In April 1998, the Cable Services Bureau sent 25 letters to the 10 largest multiple systems operators (MSO's), 6 major manufacturers, 5 cable network programmers, and 4 trade associations. The 10 MSO's serve approximately 78 percent of the market share of subscribers. The manufacturers selected provide the most popular equipment used by cable operators and the trade organizations represent a cross-section of cable systems across the country. As of May 1998, all respondents had initiated an inventory phase of their Year 2000 programs, with the majority of the MSO's far along toward completing the review of their inventories. The responses indicated that cable systems had made minimal progress on remediation, unit testing, and integration. Nevertheless, several respondents stated that they will achieve Year 2000 compliance well ahead of the century date change. Further, CableLabs was expected to have begun interoperability testing before the end of 1998, and information regarding this testing will be available to cable operators at the CableLabs web site. On November 25, 1998, the Cable Services Bureau sent a second round of Y2K assessments consisting of a questionnaire and associated attachments to a cross-section of 50 cable operators. Combined, these operators serve approximately 90 percent of all cable subscribers. Responses are expected by early January 1999. Wireless According to the industry, the majority of cellular and PCS phones are not date-sensitive. However, there could be problems in trunked systems or in other systems that integrate the cellular system into a larger network, such as public service answering points operated by local emergency response providers. The Wireless Telecommunications Bureau sent a letter to licensees, associations, and other entities involved with wireless communications which provided Y2K information and made a voluntary request for information. The response to this voluntary inquiry has been insufficient to do an analysis. The current assessment questionnaire sent to the wireless industry is mandatory, covering 300 wireless carriers, and is meant to complement the information requested from the 1,200 wireline carriers about wireless services they may provide. Information from this assessment will provide a more comprehensive view of the industry and will be available in the first quarter of 1999. The wireless industry is planning to participate in the interoperability testing planned by ATIS starting in January 1999. Mass Media It appears that the majority of broadcasters are aware of the Y2K issue and are addressing it. According to the industry, Y2K problems should not cause a loss of essential services because of the multiplicity of broadcast services as well as the fact that most equipment that could cause serious service outages is capable of being manually overridden. The major broadcasting networks and group owners have been working on the Y2K problem for some time, some as early as 1996. Many broadcast groups and networks are working in teams and have formed reporting structures to ensure adequate project monitoring and risk assessment. The Mass Media Bureau recently sent a survey to a representative cross- section of 250 broadcasters that will yield additional information about the status of Y2K remediation efforts and contingency planning by mid-January 1999. International Telecommunications companies engaged in trans-border services indicate that neither dial tone nor data transmission are likely to experience significant difficulties resulting from the Y2K problem. Some companies report concerns about billing (operations/support systems) and maintenance systems. U.S. carriers indicate that terminating calls overseas, which depend on the networks of foreign Public Telephone Operators (PTO's), may be impeded by Y2K problems. The ITU has a Y2K task force that has sent a questionnaire to more than 5,000 members--governments, telecommunications carriers, and operators--but there has been a low number of responses. Preliminary results showed that most of the respondents cited the British Standards Institute (BSI) as the standard to which their company is adhering. The countries that ranked themselves the least prepared were predominantly developing countries from the African continent, South Asia, and Southeast Asia. Eastern Europe, the Middle East, and Central and South American countries ranked themselves somewhat prepared for Y2K, while Western Europe, the United States, the Caribbean, and Pacific Rim countries ranked themselves the most prepared for Y2K. The ITU plans to redouble its efforts by circulating subsequent questionnaires on an ongoing basis to encourage governments to pressure operators to respond. In addition, the ITU's Y2K inter-carrier task force is conducting testing and has developed plans for regional testing worldwide, which is expected to start in the first quarter of 1999. One test in early September 1998 among Germany, Sweden, and Hong Kong, showed few Y2K- related problems. However, each of the tested systems had undergone extensive remediation and testing. Regarding satellite systems, the general consensus within the industry appears to be that the satellites themselves contain little, if any, date-sensitive information. However, satellite carriers are actively evaluating and remediating ground equipment because antenna controls are date and time dependent and ground stations contain complex electronics and larger computers. Companies are confident that they will complete conversion by January 1, 2000, but cite interoperability testing as difficult. For more information, consult: www.fcc.gov/year2000. Electric Power (Working Group Chair--Department of Energy) According to the most recent assessment information on Y2K preparations within the electric power industry, industry representatives believe that, with properly coordinated contingency planning and accelerated preparations, electric power supply and delivery systems will be able to operate reliably into the Year 2000. In May 1998, the Secretary of Energy requested that the North American Electric Reliability Council (NERC) coordinate efforts within the electric power industry to assure a smooth Year 2000 transition. NERC is a voluntary, not-for-profit organization made up of 10 regional councils, whose membership includes nearly every major provider of electricity generation and transmission within the Eastern, Western, and Texas interconnections that form the backbone of the electricity supply system for the United States, Canada, and a small part of Mexico. NERC has established recommended industry-wide milestones for ensuring that electric systems are ready for the Year 2000. The recommended completion dates for the remediation/testing phase of Y2K preparations is May 1999. Mission-critical systems and components (e.g., power production, energy management systems, telecommunications, substation controls and system protection, and distribution systems) are to be made Y2K ready by June 30, 1999. NERC has worked in partnership with trade associations representing investor-owned utilities (Edison Electric Institute), municipal utilities (American Public Power Association), rural electric cooperatives (National Rural Electric Cooperatives Association), nuclear plant operators (Nuclear Energy Institute), and the Canadian electric power industry (Canadian Electricity Association) to assure the most complete coverage of the industry in the surveys and assessments. In September 1998, NERC issued an initial status report and workplan for Year 2000 readiness within the electric power industry. NERC also committed that it would provide further reports on a quarterly basis with updated status information developed through monthly NERC surveys of the major generation and transmission providers (approximately 200 entities) and quarterly surveys of distribution-only entities (approximately 3,000 organizations) by cooperating trade associations. Thus far, more than 75 percent of the electricity supply and delivery organizations have participated in the Y2K readiness surveys. Responses have been received from 188 of the entities surveyed directly by NERC and 2,200 entities surveyed by the cooperating trade associations. As of October 1998, the overall progress of the 188 bulk electric system entities (i.e., large generation and transmission providers) that have reported to NERC was as follows: ------------------------------------------------------------------------ Average Y2K Program Phase Percent Average Projected Complete Completion Date ------------------------------------------------------------------------ Inventory..................... 93 August 1998. Assessment.................... 75 November 1998. Remediation/Testing........... 36 June 1999. ------------------------------------------------------------------------ The 188 reporting organizations, on average, plan for their systems to be Y2K ready by July 1999. Most of the 188 survey respondents are still in the early stages of formulating contingency plans and preparations. The overall progress of the approximately 2,200 distribution entities that have responded to surveys through August 1998, was as follows: Average Percent Y2K Program Phase Complete Inventory......................................................... 86 Assessment........................................................ 52 Remediation/Testing............................................... 30 The electric power industry is placing considerable emphasis on contingency planning for the Year 2000 transition. NERC is providing direct oversight with respect to operational Year 2000 contingency plans for the Eastern, Western, and Texas interconnections of the power grid. Contingency planning is also being implemented within each of the regional reliability councils, and at the level of individual suppliers. NERC is targeting June 1999 as the date for completion of contingency plans. Particular concerns within the industry include the reliability of voice and data communications, needed for monitoring and control of power systems, and embedded chips. Embedded chips are used in communications and numerous power system device controllers. While it is estimated that only 1 to 2 percent of these devices uses a time/date function in a manner that could result in a Y2K malfunction, the interconnected nature of electric systems make them sensitive to the failure of any equipment. The next NERC status report and workplan for Year 2000 readiness is scheduled for release in mid-January 1999. NERC is also planning to conduct industry-wide Y2K preparedness drills in April and September 1999. All NERC reports, contingency planning guidance, and monthly survey results are available on the NERC web site. For more information, consult: www.nerc.com. Emergency Services (Working Group Chair--Federal Emergency Management Agency) Initial assessment information on the emergency services sector indicates that a significant number of mission-critical systems are expected to be Y2K compliant by spring 1999. However, organizations are still working to obtain preliminary assessment information for areas such as the fire service and 911 centers. This preliminary information, along with more complete assessments, will be available as Federal agencies continue to receive feedback from their stakeholders in the emergency services community. In addition to the fire service and 911 centers, these entities include State and local emergency management organizations, emergency medical services, and other professional and private emergency management organizations. Federal agencies working with the emergency services community include: the Federal Emergency Management Agency (for fire services and State and local emergency management); the Department of Transportation/National Highway Traffic Safety Administration (for emergency medical services); the Department of Health and Human Services (for the National Disaster Medical System and disaster medical assistance teams); the Department of Commerce/National Oceanic and Atmospheric Administration/National Weather Service; the Department of Interior; the United States Department of Agriculture and the Department of Defense. The American Red Cross is an honorary member. Emergency Management Directors As of December 1, 1998, emergency management directors from 46 States, the District of Columbia, and four territories had responded to a FEMA request for assessment information on Y2K readiness. FEMA had asked the directors to provide information on the status of State and local Y2K efforts, funding for Y2K fixes, overall readiness at the State and local level, contingency planning, and likely impacts of the Y2K problem. Early responses indicate all State level agencies have resolved, or are planning to resolve, the vast number of Y2K-related issues involving critical emergency preparedness facilities, systems, and services. To date, nineteen States responded that they expect to be to be Y2K compliant by January 1, 2000. Of those, eight States said they expect to be compliant by mid-1999. Surveys are ongoing, and more information will be gathered throughout 1999. Respondents did express several areas of concern. The issue cited most often was the limited nature of financial resources to assess, fix, test, and validate systems at the State level. Many respondents complained about the excessive number and redundancy of status reports requested on Y2K plans and preparedness. Respondents also expressed concerns about the possibility of power and grid failures, especially in areas serviced by smaller utilities. The limited amount of contingency planning that has been completed at the State and local level was also noted. The International Association of Emergency Managers, which has a membership of over 1,700 individuals representing local emergency management organizations, conducted an on-line survey of Y2K preparedness. Of the 172 respondents, 164 are aware of the Y2K problem, 159 are actively working to ensure their systems will be ready for the Year 2000, and 59, or 34 percent, reported their systems are fully prepared. Furthermore, 58 percent of the respondents reported that internal systems for their community emergency management programs are Y2K compliant, and 54 percent reported that their organizations are capable of meeting community needs (information, guidance, assistance) for Y2K preparedness. Fire Service An initial assessment of fire service Y2K efforts is expected by early 1999. FEMA's United States Fire Administration (USFA), which acts as a clearinghouse for Y2K information, is working with the National Association of State Fire Marshals (NASFM) to survey 500 representative fire departments across all 50 States. The USFA has already distributed a brochure of frequently asked questions regarding the Y2K problem to 33,000 individual fire departments, 50 State fire marshals, 50 State fire training directors, 11 major national fire service organizations, and eight national associations of manufacturers/distributors of fire and emergency services equipment. ``911'' Centers An initial assessment of Y2K progress among 911 centers is expected by early 1999. In partnership with the USFA, the National Emergency Number Association (NENA) planned to contact all 4,300 known 911 centers by the end of 1998 to assess Y2K readiness. The FCC is also working with NENA, since local 911 centers are dependent upon the commercial communications companies to address and resolve Y2K issues. Emergency Medical Services While the assessment of State and local Emergency Medical Service (EMS) agencies is ongoing, 75 percent of State EMS directors reported that their systems would be 100 percent compliant by January 1, 2000, in response to a National Highway and Transportation Safety Administration survey. The National Association of State EMS Directors has agreed to coordinate a State-by-State assessment of preparation and compliance among local EMS agencies. According to the Department of Health and Human Services (HHS), the pre-hospital segment (e.g., ambulance services) of the health services sector should have minimal Y2K concerns about internal systems. There are no internal Y2K issues affecting systems for deploying ambulances, helicopters, and communications and transportation equipment, given an operational support infrastructure. The 62 Disaster Medical Assistance and Specialty Teams, comprising 7,000 enrolled personnel and their equipment cache, will be unaffected. HHS is conducting Y2K outreach programs with health care organizations, including the American Hospital Association, American Medical Association, and Joint Commission on Accreditation of Health Care Organizations. HHS also is working with other Federal agencies and manufacturers of biomedical equipment to ensure compliance of medical devices. As of October 1998, approximately two-thirds of the 1,932 manufacturers of medical devices containing electronic components have responded to queries about the compliance of their products. This information is available on a Food and Drug Administration-maintained web site (www.fda.gov/cdrh/yr200/year2000.html). Federal Response Planning Virtually all of the Federal Response Plan (FRP) Primary Agencies-- the Departments of Transportation, Defense, Agriculture, and Energy, HHS, FEMA, NCS, GSA, and the Environmental Protection Agency--stated that they expect their mission-critical systems used for emergency response under the FRP to meet the March 31, 1999 government-wide goal for Year 2000 compliance. The American Red Cross expects its critical FRP systems to be compliant by July 31, 1999. Each of the Primary FRP Agencies is a member of the Catastrophic Disaster Response Group (CDRG), which is chaired by FEMA and is responsible for providing national policy-level direction on interagency disaster planning, coordination, and operations. In July 1998, FEMA established a Primary Agency Committee of the CDRG to ensure that all 26 FRP agencies are Y2K-ready and able to perform effective disaster response operations, and to prepare for possible consequences of Y2K failures that may require a Federal response. For more information, consult: www.fema.gov/y2k/. Financial Services (Working Group Chair--Federal Reserve Board) According to the latest data from Federal supervisory agencies, financial institutions are well ahead of most organizations in preparing systems for the Year 2000. Banks, credit unions, and the futures and securities industries are far into the Y2K remediation process and expect that systems will be ready in advance of the new millennium. Moreover, the Federal Reserve is making good progress on its internal systems and reports that external tests with banks and other financial institutions are going well. A large proportion of institutions that make up the financial sector are supervised by one or more Federal regulatory agencies-- primarily the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve, the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), the Office of Thrift Supervision (OTS), the Commodities Futures Trading Commission (CFTC), and the Securities Exchange Commission (SEC). Assessment information is derived largely from supervisory data collected by these agencies. Depository Institutions and Credit Unions The vast majority of the Nation's depository institutions and credit unions (approximately 9,000 banks, 1,200 thrift institutions, and 13,000 credit unions) are on schedule to meet the Federal Financial Institutions Examinations Council (FFIEC) milestone dates for completing Year 2000 remediation efforts. The FFIEC's remaining milestones for completing the validation and implementation of mission- critical systems include: (1) by December 31, 1998, testing of internal mission-critical systems should be substantially complete; (2) by March 31, 1999, testing by institutions relying on service providers for mission-critical systems should be substantially complete and external testing with material other third parties should have begun; and, (3) by June 30, 1999, testing of mission-critical systems should be complete and implementation should be substantially complete. With respect to Year 2000 contingency planning, the FFIEC has established June 30, 1999, as the date by which all institutions should have substantially completed their Year 2000 business resumption contingency plans. Depository institutions and credit unions largely have completed the awareness and assessment phases, renovations continue, and most are now testing mission-critical systems as part of validation phase efforts. As of October 31, 1998, approximately 96 percent of depository institutions and credit unions examined by the FFIEC agencies were rated satisfactory (i.e., have met or are expected to meet all FFIEC expectations and timeframes). Securities Industry The securities markets and industry are making good progress with their Year 2000 efforts, and reporting procedures are in place to identify any material weaknesses in remediation efforts. The SEC is responsible for oversight of U.S. securities markets and clearing agencies. In September 1998, the SEC surveyed eight national securities exchanges, the National Association of Securities Dealers (NASD), the Securities Industry Association (SIAC) (as systems manager for the National Market System) and nine registered or exempt clearing agencies regarding their Year 2000 efforts. According to the latest survey data, the exchanges and NASD have completed remediation and testing work on 95 percent of mission-critical systems and have finished implementation work on 73 percent. The clearing agencies have completed renovation and testing on 87 percent of critical systems and implementation on 86 percent. Broker-dealers are subject to oversight, including examinations, by the SEC and securities self-regulatory organizations (SRO's) such as the NASD and the New York Stock Exchange. The SEC required registered broker-dealers to file reports regarding their Year 2000 efforts on August 31, 1998 and a second report is due on April 30, 1999. According to the data, 83 percent of broker dealer firms have a written Y2K plan. Thirty percent have completed testing on critical systems, and 51 percent have developed contingency plans for potential Y2K failures. In July 1998, the Securities Industries Association conducted beta testing of interconnections between a select number of systems within the industry. The test, which identified only a few easily-correctable Year 2000 errors, was a prelude to a more extensive street-wide test to be conducted in spring 1999. The SEC also conducts examinations of registered investment companies and investment advisers. As of September 30, 1998, the SEC had conducted Year 2000 reviews of 3,895 investment advisers and 445 investment companies. Of the investment companies, 76 percent reported having a written Y2K plan, and 50 percent of investment advisors reported having such plans. The SEC's reports that 24 percent of the investment companies and investment advisers examined have completed implementation. An additional 56 percent expected to complete implementation by December 31, 1998. Commodities Futures Industry The futures industry is preparing its systems for the Year 2000, subject to CFTC oversight. Testing by the futures exchanges and their clearinghouses is progressing on schedule and internal remediation work is complete, or nearing completion, at many firms and SRO's. Many futures commission merchants (FCM's) use computer service providers, who report that their systems are compliant. A Futures Industry Association (FIA) report on the September 1998 Y2K beta testing at futures exchanges indicates that of over 4,000 transactions processed, 98 percent were considered successful, and the errors identified were promptly resolved. FCM's who clear on exchanges are required conduct Y2K tests of their systems. Non-clearing FCM's are less likely to pose systemic risks. However, the responses to the Y2K questionnaires sent out by the SRO's indicate an overall awareness of the potential Y2K problems among non-clearing FCM's. Most have begun work on assessing their Y2K compliance through testing their own systems and confirming compliance of systems and data supplied by outside parties. More than 500 of the 1,500 commodity pool operators (CPO) and commodity trading advisors (CTA) use ``back-office'' service (i.e., accounting and processing services) providers. Approximately 15 firms provide back office services to CPO's and CTA's. The National Futures Association (NFA), an SRO, has contacted most of these firms, all of whom have Y2K projects underway with completion dates ranging from October 1998 to mid-1999. Federal Reserve Year 2000 Readiness Disclosure Statement The Federal Reserve provides financial services to depository institutions as well as to the federal government. The Federal Reserve has met its goals to date for addressing the risks posed by the century date change. The Federal Reserve System's internal application testing efforts are progressing in a timely manner. As of the end of November 1998, 67 percent of the Federal Reserve's mission-critical applications were Year 2000 ready. Of the remaining 33 percent, 31 percent are remediated and being tested, and the Federal Reserve expects that implementation will be completed by January 1999. The remaining two percent represent new system development initiatives that are on schedule for implementation in first quarter 1999. External testing with financial institutions and other customers is going well. As of December 1, 1998, over 5,000 depository institutions had tested with the Federal Reserve, and the Treasury Department's Financial Management Service has conducted interface testing with the Federal Reserve for Social Security payments. Insurance Sector Based on information collected by the National Association of Insurance Commissioners (NAIC), all States have initiated a survey/ examination effort for domestic insurers. As of December 1998, 64 percent of regulated insurance entities responded to the survey and State regulators are following up with insurers that did not respond. The focus for 1999 reviews will be completion of the testing, remediation and implementation phases, and contingency planning. The States have established June 30, 1999 as the date by which remediation of all mission-critical systems should be complete. Oil and Gas (Working Group Chair--Federal Energy Regulatory Commission) Industry representatives are cautiously optimistic that the U.S. oil and gas sector will be ready for the transition to the new millennium. Survey results indicate that the industry is making good progress in implementing Y2K plans, but that the rate of progress needs to increase. Industry trade associations and individual companies have been addressing the Y2K issue for some time. Many companies began as early as 1995. Preparations for Year 2000 are a natural extension of the industry's thorough contingency planning that covers every area of operations from producing fields to refinery and pipeline operations to environmental monitoring and control. For example, storage built into oil and natural gas delivery systems provides additional flexibility for delivering the product to end users should Y2K-related disruptions occur. Date handling codes show up within various computer applications and are embedded in computer chips and throughout the petroleum industry, from computer applications to process control devices. Potential Y2K problems range from incorrect financial transactions, oil field production outages, refinery and pipeline stoppages, product flow disruptions, as well as potential environmental and safety hazards. Areas of concern include Supervisory Control Area Data Acquisition Systems (SCADA) used to acquire information from remote sections of pipeline and to control the flow of fuel at remote locations by using computers linked to satellite and telephone communications systems. Embedded chips, which occur throughout the sector, are also a concern. Following an initial focus on software, the industry is now concentrating on embedded chips, which are more prevalent in operations. The Oil and Gas Working Group of the President's Council, in cooperation with the American Petroleum Institute, the Interstate Natural Gas Association of America, the American Gas Association, the American Public Gas Association, and other industry groups, conducted its first survey on the Y2K readiness of the U.S. oil and gas industry in August 1998. Survey results were presented at a public conference in September 1998, and are displayed on the Internet at www.y2k.gov. The survey respondents represented 45 percent of U.S. oil and natural gas production, 78 percent of U.S. refining capacity, 70 percent of U.S. crude oil and refined product pipeline deliveries, 81 percent of natural gas interstate pipeline deliveries, 43 percent of U.S. branded retail outlets (e.g., service stations), and 50 percent of the total natural gas volume of investor-owned local distribution companies. According to the August 1998 data, about 86 percent of survey respondents were in the process of implementing plans for addressing the Y2K problem, with 14 percent still in the planning stage. The status of work was broken down as follows: ------------------------------------------------------------------------ Business Systems and Embedded Associated Systems Software Aggregate Aggregate Results Results ------------------------------------------------------------------------ Plan.................................... 14 14 Inventory............................... 12 18 Assessment.............................. 19 28 Remediation............................. 36 26 Validation.............................. 19 14 ------------------------------------------------------------------------ Twenty-two percent of survey respondents expected to complete their Y2K work by December 1998; 76 percent expected to be done by June 1999; and all expected to be done by December 1999. Survey respondents reported that they would complete in the remediation and validation phases their contingency planning efforts for internal and external failures. All respondents said that their contingency plans would be ready by December 1999, with 31 percent stating these plans would be complete by December 1998, 73 percent expecting completion by June 1999, and all expected to be completed by December 1999. The next survey was distributed in mid-December 1998, with a due date of mid-January 1999. The Oil and Gas Working Group will release the survey results at a public conference to be held on February 18, 1999. Quarterly follow-up surveys will be conducted during 1999. The U.S. oil and gas industry is concerned about international oil production and shipping, especially in light of the lack of information available. Members of the American Petroleum Institute's International Oil Y2K Task Force have joined with the Federal Energy Regulatory Commission (FERC) and other Federal agencies, along with the International Energy Agency, to create an International Oil Coordination Council (IOCC). IOCC met in early November 1998 to exchange information on industry and government efforts and plan how to assess the industry's Y2K readiness on an international scale. IOCC will focus on collecting information globally in 1999 and on creating a public scorecard of international readiness. Solid Waste (Working Group Chair--Environmental Protection Agency) Waste industry organizations, which include waste haulers, handlers, and disposers, use a relatively low level of automation in their operations. As a result, the industry reports that waste organizations' exposure to Y2K-related difficulties will be minimal. Nonetheless, the Environmental Protection Agency's Office of Solid Waste has been communicating with the waste management sector about the potential risks of Year 2000 failures. EPA has encouraged its contacts to identify, assess, manage, and mitigate Y2K risks within the industry. Organizations and associations with whom EPA has been communicating include: the Association of Waste and Hazardous Materials Transporters, Browning-Ferris Industries, Inc. (BFI), the Cement Kiln Recycling Coalition, Environmental Industry Associations, the Environmental Technology Council, the Integrated Waste Services Association, Inc., the National Association of Chemical Recyclers, the Solid Waste Association of North America, and USA Waste Services Inc./Waste Management Inc. Thus far, only the Cement Kiln Recycling Coalition has a conducted a formal Y2K survey of its members and expects to release the results in late January 1999. In the first quarter of 1999, EPA plans to work with waste trade associations including the Solid Waste Association of North America, which includes major trash haulers like BFI, Inc. and Waste USA, on their Y2K efforts. EPA's contacts with the industry have yielded some important information on the Y2K problem and waste operations. BFI, Inc., which owns nearly 40 percent of U.S. collection and operating waste facilities, reports that there is little vulnerability related to the Y2K problem in the provision of waste collection services, and ranks internal operating (e.g., scales) and billing systems as the areas of most concern. At incineration plants, early precautions may automatically be activated to avoid problems with emission monitors or other internal systems. Given the relatively low level of automation inherent in trash collection, hauling, and disposal, contingency planning within the industry is not expected to be highly sophisticated. Industry representatives have indicated that should Y2K disruptions occur within the industry, waste will be held longer and not disposed of or incinerated until system fixes are made. For more information, consult: www.epa.gov/year2000. Transportation (Working Group Chair--Department of Transportation) Preliminary survey data and contacts with transportation industries indicate that there is a high level of awareness of the Y2K problem across the major air carrier and transit service providers, as well as in the motor vehicle regulatory and enforcement arena. Air carriers and larger airports and transit providers are making significant progress in efforts to address the Y2K problem. However, the potential readiness of airports and transit services in small communities and rural areas is a concern. Additional data is necessary to provide a more comprehensive understanding of the level of Y2K readiness among all components of the transportation industry. Neither the railroad nor maritime industry associations had complete, consolidated survey data to share in time for this report, but this information is expected early in 1999. Based on external reports and outreach efforts, it appears that the rail industry is taking appropriate steps to prepare for the Y2K conversion. Concerns about the readiness of the international maritime transportation industry, however, has prompted the U.S. Coast Guard to begin an effort with the International Maritime Organization to improve information sharing and accelerate global Y2K remediation efforts and contingency planning of the maritime transportation industry. Information sharing is taking place through the Ship Operations Cooperative Program (SOCP), a joint venture with industry, and the SOCP Y2K website. In November 1998, the Council's Transportation Working Group sent a letter and sample Y2K assessment form to the heads of 83 key trade associations representing all modes of transportation--air, highway, transit, rail, and marine. Thus far, the National Air Carrier Association, Inc. (NACA), American Association of Motor Vehicle Administrators (AAMVA), and the American Public Transit Association (APTA) have provided assessment information on their members' Y2K efforts. Air The Transportation Working Group is eagerly awaiting the results of the Air Transport Association survey that will cover the larger commercial carriers, including the major passenger airlines. Results from this survey, and from airport-related surveys, are expected within the first quarter of 1999. NACA represents a relatively small segment of the air carrier market, specializing in low-cost scheduled and charter transportation of passengers and cargo. NACA surveyed its member airlines in November 1998; five of seven members responded. The level of Y2K readiness varies across NACA's membership. Some of the smaller carriers are very far behind in the work phases, with only 55 percent of assessment completed. Larger carriers have made more progress. Estimated costs for Y2K remediation among the carriers ranged from around $200,000 to $8 million. The survey results also indicate that not all contingency plans address external failures. Respondents reported that they do not currently have plans to suspend flights to countries lagging behind the United States in dealing with the Y2K problem, although they are closely monitoring the international situation. NACA indicated a willingness to conduct additional surveys of their members' Y2K readiness in 1999. Highway AAMVA, an international association representing motor vehicle and traffic law enforcement administrators from jurisdictions within the United States and Canada, surveyed its members in August 1998, receiving 44 responses representing 31 States. Forty-seven percent of respondents said the Y2K issue was a ``top priority'' for their organization, while 36 percent ranked it as ``very high'' or ``high,'' and 9 percent as ``medium'' or ``low.'' On system compliance, 34 percent reported that they were Y2K compliant; 59 percent said they were assessing the issue or had at least one Y2K project planned or underway. Respondents cited five functional areas of motor carrier operations--safety administration, registration, fuel tax, operating authority, and oversize/overweight permits--as being vulnerable to the Y2K problem. Target dates given for expected compliance of these areas range from November 1998 to October 1999. More than 60 percent of respondents were fully confident that their jurisdiction would be compliant prior to January 1, 2000, another 36 percent fell between 80 and 99.9 percent confident. On contingency planning, 48 percent of respondents do not have contingency plans, while 32 percent do. Slightly more than half of those without contingency plans do not intend to prepare them. Contingency actions included manual procedures; back-up, parallel systems operation; and upgrading current system software. Transit According to a May 1998 APTA survey of over 320 major transit providers and suppliers (e.g., rail, bus) 92 percent of the 162 respondents have begun Y2K reprogramming efforts. One-fifth of respondents reported that their systems were fully compliant. Overall, 79 percent of all respondents indicated systems would be Y2K compliant by end of 1999; 21 percent were not fully confident about meeting that deadline. Survey data indicate that 47 percent of respondents expect no problems managing Federal Transit Administration (FTA) grants; 8 percent expect problems; and 45 percent were unsure. In its analysis of the survey results, APTA suggested that technical assistance from FTA would be necessary to help transit systems become Y2K compliant. FTA has since worked with APTA to conduct Y2K informational seminars at APTA's annual meeting in October 1998, and is planning a January 1999 Y2K conference to be co-sponsored by the Federal Railroad Administration. For more information, consult: www.y2ktransport.dot.gov or www.dot.gov. Water Supply (Working Group Chair--Environmental Protection Agency) The most recent survey data indicates that a majority of public water system representatives do not expect the Y2K problem to interrupt water services. Most public water systems can be operated using manual controls, and sufficient environmental protections can be maintained while the system is run in such a manner. However, data indicate that system operators have concerns about their exposure to external system failures. Drinking Water In September 1998, the American Water Works Association (AWWA), the Association of Metropolitan Water Agencies (AMWA) and the National Rural Water Association (NAWC) issued a preliminary report on the Year 2000 readiness of community public water systems. Together, AWWA, AMWA and NAWC represent approximately 4,000 public water systems which provide services to 80 percent of the U.S. population. According to the preliminary data, gathered in the summer of 1998 from more than 600 respondents to a survey on Y2K readiness, large water systems (serving more than 1 million people) expect minimal internal problems related to the century date change. Among operators of medium to large-size systems (serving more than 100,000 people), 86 percent expect their internal systems will be Y2K compliant by January 1, 2000. However, the data also suggest that few system operators have assessed possible exposure to Y2K problems from failures in systems of outside service providers (e.g., telecommunications, power, chemical suppliers). Sixty-one percent of respondents have a formal Y2K plan; 36 percent have no plan; and 3 percent responded ``do not know.'' One half of the respondents said that they had completed their assessment of internal systems, 42 percent said they have not and 8 percent responded that they do not know. Only 25 percent of respondents said they had completed an assessment of external systems. More than three-fourths (81 percent) of water system operators expect that their Y2K work on their internal systems will be completed by January 1, 2000. A smaller number (63 percent) expect that work on external systems will be completed by that date. On contingency planning, most public water systems have back-up plans for natural disasters (e.g., hurricanes, earthquakes), but it is unclear whether system operators have expanded these plans to account for potential Y2K-related failures. At the time of the original survey, 22 percent of respondents said that they had completed contingency plans for the Y2K failures in internal systems, and a smaller number (12 percent) said that they had completed such plans for external system failures. A more extensive report is scheduled for release in March 1999. Wastewater In June 1998, the Association of Metropolitan Sewerage Agencies (AMSA), a coalition of over 2,000 of the Nation's publicly owned wastewater treatment agencies, conducted a survey of Y2K preparedness in the area of wastewater treatment. The survey focused on Year 2000 problem evaluation, estimated repair costs, repair status, impacts of potential system failures and contingency planning efforts. Only 54 percent of the responding facilities are automated. According to AMSA, 90 percent of respondents said they have implemented plans for addressing the Y2K problem and completed the assessment of all computer-related systems. Ninety-five percent have begun to implement solutions for systems that demonstrated some kind of Y2K failure during the assessment phase. More than one quarter of respondents (26 percent) stated that they were almost done with their remediation efforts. On contingency planning, 55 percent report having a back-up plan for possible Year 2000 failures--most involving manual operations. Water trade association representatives have indicated that, should computer failures or any type of dislocation arise on January 1, 2000, industry-wide contingency planning calls for conversion to manual operations. However, 15 percent of respondents reported concerns about manual operations and possible environmental compliance issues. A follow-up survey was scheduled for December 1998 that will gather further information about contingency plans and the effects of Year 2000 failures among external service providers (e.g., power, telecommunications, chemical vendors). Results are expected early in 1999. For more information, consult: www.epa.gov/year2000. iii. other areas Federal Government The Federal Government operates some of the largest, most complex computer systems in the world that provide services to millions of Americans. The Health Care Financing Administration (HCFA), for example, processes roughly 1 billion Medicare transactions each year, worth more than $210 billion in fiscal 1997. The Government also exchanges data electronically with the States, which administer key Federal programs such as Food Stamps, Medicaid, and unemployment insurance. Preparing Federal systems for the Year 2000 is an enormous challenge, and agencies have mounted aggressive efforts to ensure that critical services will not be disrupted by the transition to the new millennium. The first interagency task force dealing with the Y2K problem was created three years ago. Since late 1996, Federal agencies have been required to report quarterly to the Office of Management and Budget (OMB) and Congress on their progress to assess, remediate, test, and implement mission-critical systems against a government-wide goal of having all critical systems Y2K compliant by March 31, 1999. According to the most recent OMB report, as of November 15, 1998, 61 percent of Federal critical systems were compliant, up from 27 percent a year earlier. The November data also indicated that 90 percent of critical systems requiring repair have already been fixed and are now being tested. A small percentage of critical systems are not expected to meet the March goal, and agencies will produce specific benchmarks for completing work on these systems before January 1, 2000. All agencies are working to develop contingency plans in the event of internal or external failures. Agencies receiving high marks from OMB for their progress include the Small Business Administration, the first agency to report that 100 percent of its critical systems are now compliant, the Social Security Administration, the Department of Veterans Affairs, and the Environmental Protection Agency. According to OMB, agencies that continue to face significant challenges include the Departments of Defense, which operates more than one-third of the Government's critical systems, Energy, Health and Human Services, State, Transportation, and the Agency for International Development. The following descriptions of Y2K challenges at these agencies are excerpted from the most recent OMB report. Defense.--The Defense Department continues to make progress in addressing its massive Y2K problem (percentage of Y2K compliant critical systems rose to 53 percent from 42 percent in August 1998), albeit at a rate too slow to meet the March 1999 goal. As a result, the Secretary and Deputy Secretary have taken a number of actions to accelerate the Department's progress toward Y2K compliance, including requiring commanders and service chiefs to personally certify the Y2K status of each major information system, and withholding funding for non-Y2K work on information systems unless and until military departments demonstrate Y2K progress. Energy.--Compliance increased from 40 percent to 50 percent in the last quarter, and progress has been made in the other phases. The Department, however, has not completed its renovation work, finishing renovation on 88 percent of its critical systems. Likewise, the Department has completed validation on only 53 percent of its critical systems. The Department's CIO is conducting site compliance reviews in cooperation with the Office of the Inspector General and Office of Oversight. The compliance reviews have increased awareness of the severity of the problem and the need for high-level management attention. Health and Human Services.--HCFA has made significant progress on renovating its internal and external systems. However, HCFA remains a serious concern due to potential hurdles in external system remediation and high contingency cost estimates. Medicare contractors will have to make an intensive, sustained effort to complete validation and implementation of their mission critical systems by the government-wide goal of March 31, 1999. State.--The State Department faces a significant challenge in simultaneously managing its complex Y2K project and completely replacing information systems installed around the world. The Department has obtained additional contractor support to address two key concerns: overall Y2K program management and technical ``strike force'' expertise to assist in problem areas. While the Department remains behind government-wide goals for renovation of systems and overall compliance, results are improving. Transportation.--The Transportation Department improved management oversight, combined with an accelerating rate at which the Federal Aviation Administration (FAA) is remediating air traffic control system components, is significantly mitigating risk. As of mid-November 1998, the Department-wide percentage of critical systems renovated stood at 95 percent, a significant improvement over the 64 percent reported in the previous quarter. However, with only 31 percent of its critical systems validated and 21 percent implemented, the Department continues to lag behind the government-wide schedule. Agency for International Development (AID).--The next months will be critical as AID faces many challenges in repairing its remaining four complex critical systems. AID has, however, completed renovation of two systems and has begun the certification process. AID continues to make management improvements and has retained several contractors to assist project management including performing independent validation and verification of contractor deliverables. Renovation of AID's most important system is underway, including development of standard date/ time processing functions and line-by-line assessment of the system. For more information on the Government's progress in preparing critical Federal systems for the Year 2000, consult the Council's web site (www.y2k.gov). State and Local Government Americans rely upon State and local governments for many important services, from unemployment insurance to water treatment and emergency services. The vast majority of these services rely upon automated processes that are at risk of experiencing Year 2000-related failures. Progress among State governments in addressing the Year 2000 problem varies. According to a National Association of State Information Resource Executives (NASIRE) survey of State Y2K remediation efforts, several States report that they have completed Y2K work on more than 70 percent of their systems. But a handful of States still have much work left to do, reporting that they haven't yet completed work on any of their critical systems. Virtually every State, however, has an organized Y2K program in place, often led by a designated State Y2K Coordinator. Local governments are a more serious concern. At the local level, many towns, cities, and counties are aggressively attacking the problem and are making good progress, but a significant number are not sufficiently organized to prepare critical systems for the new millennium. According to a December 1998 National Association of Counties survey of 500 counties representing 46 States, roughly half of counties do not have a county wide plan for addressing Year 2000 conversion issues. Almost two-thirds of respondents have not yet completed the assessment phase of their Year 2000 work. The survey also found that, in general, Year 2000 efforts among larger counties are more advanced than their smaller counterparts. The Council has been working with the White House Office of Intergovernmental Affairs and key groups like the National Governors Association, NASIRE, the National Association of Counties, and the National League of Cities to promote action on the problem among State and local governments. In July 1998, Council members participated in a two-day National Governors' Association Y2K conference with Year 2000 coordinators from 45 States. The Council Chair participates in monthly conference calls with State Year 2000 executives to discuss cooperative efforts between the Federal Government and the States and how States can help each other to address Y2K challenges. Federal agencies are also actively working with the States to ensure that Federal-State data exchanges used to carry out important programs such as Food Stamps and Medicaid will be ready for the Year 2000. Most Federal agencies and States have now inventoried all of their data exchange points and are exchanging information with one another to ensure the exchanges will function in the Year 2000. However, as of the last OMB quarterly report, three States had not yet provided any information on the status of their data exchange activities. For the February 1999 quarterly report, OMB has asked Federal agencies to provide assessment information, for each State, of Y2K progress on State-administered Federal programs. One State-administered Federal program, Unemployment Insurance (UI), has a unique Y2K failure horizon date of January 4, 1999. UI systems look forward one year to calculate a beneficiary's UI entitlement which means that, in the first week of January 1999, these systems must be able to process dates in January 2000. States that do not yet have Year 2000 compliant systems have had to implement temporary back-up, or contingency, plans until permanent fixes are completed. The Labor Department is working with the States and territories that have implemented such plans and is confident that benefit payments will continue. This work demonstrates the importance to every organization of having an adequate contingency plan. The UI experience also illustrates the fact that a Year 2000 failure does not have to mean that a program will stop functioning. Small and Medium-Sized Businesses The status of Year 2000 efforts among the Nation's 24 million small and medium-sized businesses is an ongoing concern. Most of these businesses do not have a vast number of information technology systems, but, like large companies, they too need to assess how the Year 2000 problem could impact their operations. Many small and medium-sized businesses are taking steps to address the problem and to ensure not only that their own systems are compliant but that those they depend upon are ready for the Year 2000 as well. But a significant number of these businesses are not preparing their systems for the new millennium. A recent National Federation of Independent Business survey, released in January 1999, indicates that as many as a third of small businesses using computers or other at-risk devices have no plans to assess their exposure to the Y2K problem. The survey also indicates that more than half of small firms have not yet taken any defensive steps. The reasons for this inactivity vary. Many of these business owners believe that, unless they operate large, mainframe computers, the Y2K problem poses no threat to their operations. Others have stated that they will fix systems when and if they fail, and that taking preemptive action to assess and fix potential Y2K problems is a waste of time and money. The Small Business Administration (SBA) has mounted an aggressive outreach program to increase awareness and promote action on the problem among small and medium-sized businesses. SBA is distributing, through its web site (www.sba.gov/y2k) and other outlets, information about how businesses can assess their exposure to the Year 2000 problem and prepare their systems for the new millennium. SBA has enlisted the support of private sector organizations in its efforts to reach small and medium-sized businesses with information on the Y2K problem. National industry trade associations, such as the American Bankers Association and the American Insurance Association, have distributed SBA Y2K information to their members and encouraged them to share it with their clients. The Bank of America, Wells Fargo, and other major banks have distributed an SBA Y2K ``bill stuffer'' flyer to their business customers. And power companies, like Maine Electric and the Potomac Electric Power Company, have also distributed SBA information to their customers. In October 1998, the Council joined the SBA, the Commerce Department, and other Federal agencies in launching ``National Y2K Action Week,'' to encourage small and medium-sized businesses to take action on the Y2K problem. The week was built around more than 300 Y2K educational events for small and medium-sized business managers held at Federal agency field offices across the country. Materials promoting the Week appeared in the Nation's post offices and the Council ran advertisements in 250 newspapers listing the names of more than 160 national trade associations committed to encouraging their members to meet the Year 2000 challenge. International Activities International activities is the area for which there is the least amount of information. The State Department and other agencies on the Council's International Relations Working Group has been working with U.S. embassies and other organizations around the world in an effort to gather Y2K information on a country-by-country basis. Based on the available information, it is clear that although more countries have recently begun to focus on the Year 2000 problem, most are significantly behind the United States in efforts to prepare critical systems for the new millennium. Awareness remains especially low among developing countries. Lack of progress on the international front may lead to failures that could affect the United States, especially in areas that rely upon cross-border networks such as finance, telecommunications, and transportation. The United States is working to encourage other nations to take action on the problem and to facilitate coordination of country Y2K efforts on a regional and international basis. The U.S. worked closely with the United Nations to organize the first-ever meeting of national Year 2000 coordinators from over 120 countries on December 11, 1998. Delegates to the meeting discussed Y2K challenges in key infrastructure areas and agreed to work together regionally to share information on their Y2K remediation and contingency planning. The U.S., along with several other nations that helped to organize the meeting, will also work to create an international coordinating center to help support these efforts in the coming months. The U.S. has also forged bilateral cooperative agreements on the Y2K challenge with several nations, including Japan, South Korea, Canada, and Mexico. Under these agreements, U.S. authorities are working with their counterparts in other countries to exchange information on Y2K efforts in key areas such as power, transportation, customs, telecommunications, finance, and health care. The Council Chair has met with numerous international organizations like the Organization of American States, the OECD, the World Bank, and the International Monetary Fund to enlist their support in encouraging their members to take action on the problem. To assist developing countries, the U.S. is working with the World Bank to support its program of increasing awareness of the problem among developing countries through a series of international conferences on the issue. National security is a serious concern. It is important to note that the Y2K problem will not cause nuclear weapons to fire automatically; they require some form of human intervention for launch. The Department of Defense (DOD) has been reaching out to other countries to ensure that they too are taking appropriate action to secure the readiness of their defense systems. DOD representatives have met with NATO to discuss Y2K progress on NATO support systems and infrastructure. DOD has also worked, along with defense representatives from the United Kingdom and Canada, to form an Allied Y2K Coordination Committee which has enabled DOD to meet with defense representatives from Germany, New Zealand, the Netherlands, France, and Australia. DOD has also met separately with representatives from Russia, Poland, the Czech Republic and Hungary to discuss Y2K efforts for their defense systems. Over the coming year, the Council will continue to focus its energies on key areas of concern in our increasingly interconnected and interdependent world. ______ Appendix: Other Working Group Activities Building Operations (Working Group Chairs--Department of Housing and Urban Development, General Services Administration) The Buildings and Housing Working Group is working with the International Facilities Management Association (IFMA) and the International Buildings Operations and Management Association (BOMA) to ascertain the Y2K status of common building systems (e.g., elevators, climate control systems, security systems). IFMA and BOMA are conducting a survey of their membership that is expected to produce a detailed assessment in late March 1999. The General Services Administration (GSA), chair of the working group, has found that 98 percent of systems in its buildings are Y2K compliant. GSA also reports that its systems can be manually operated if necessary. Specific information on building product compliance and contingency planning is available on the World Wide Web through www.y2k.gov or through www.gsa.gov. Consumer Affairs (Working Group Chair--Federal Trade Commission) The Consumer Affairs Working Group, chaired by the Federal Trade Commission (FTC), is assessing the Y2K compliance of consumer products and financial services. The group is also conducting a broad-based education initiative to make Y2K information available to consumers through the Internet and a toll-free information line. The Y2K consumer education initiative covers 85 separate topic areas ranging from product safety to health care to money. Information is made available to consumers through a collection of links to government agencies, trade associations, and private companies posted to the www.consumer.gov website, and through the toll-free 1-888-USA-4- Y2K information line. The fifty largest companies in the consumer financial services industry engaged in direct credit lending to consumers and/or retail credit make up 90 percent of the consumer finance industry and report, through their trade association, the American Financial Services Association, that 90 percent of their systems are Y2K compliant. These companies expect to be 99 percent compliant by the end of the first quarter of 1999. Similarly, the credit card industry and the mortgage banking industry also appear to be making good progress with their Y2K efforts. The consumer electronics industry reports that consumers should not experience Y2K problems with electronic products other than some older model VCR's, camcorder, and fax machines. Home appliance and residential heating and cooling equipment manufacturers report through their trade associations that no Y2K-related failures are expected for these products. Education (Working Group Chair--Department of Education) The Education Working Group, chaired by the Department of Education (DOEd), has been working with key education associations to assess Y2K preparedness within the elementary/secondary community, the higher education community, and among third party service providers (e.g., loan guarantee agencies, debt collection agencies, financial institutions). In the summer of 1998, DOEd and the American Association of Community Colleges (AACC) surveyed AACC's 1,300 member schools on their Y2K preparedness. In the same timeframe, DOEd also surveyed more than 1,400 direct loan schools. The combined results indicated that 62 percent of postsecondary respondents reported the existence of a Y2K project plan at their institution. Seventy-six percent reported being either completely confident or very confident that their institution will be Y2K compliant by March 1999. DOEd and the Council of Great City Schools conducted a survey of elementary and secondary schools' Y2K preparedness in spring 1998 in the nation's 50 largest school districts. Nearly one-third of respondents reported their district did not have a written Y2K plan. Over 90 percent, however, were confident that their systems would be compliant by January 1, 2000. A follow-up survey was launched in fall 1998, with results expected in January 1999. To better ascertain the level of Y2K preparedness among the elementary and secondary community in small and medium size school districts, DOEd and the American Association of School Administrators are designing a survey of Y2K readiness. Results are expected in early 1999. Employment Related Protections (Working Group Chair--Department of Labor) The Employment Related Protections Working Group, chaired by the Department of Labor (DOL), is aggressively working with the employment sectors of U.S. businesses and State and local governments in order to determine the status of Y2K efforts for employee health and safety and/ or employment-related benefits related systems. The working group has asked 21 organizations representing DOL constituents to participate in a Year 2000 assessment of their membership. The umbrella organizations asked to participate represent manufacturing, general industry, construction, mining, labor unions, and State and local governments. DOL is also working with the 53 State Employment Security Agencies, which administer the unemployment insurance (UI) program, to ensure that States and other jurisdictions are able to process and distribute UI benefits into the Year 2000. Food Supply (Working Group Chair--Department of Agriculture) The Food Supply Working Group (FSWG), led by the U.S. Department of Agriculture (USDA), is focused on the Y2K readiness of the U.S. food industry and on how the Y2K problem might affect foreign countries as markets for U.S. agricultural products and as suppliers of food products to the United States. The FSWG works to identify potential disruptions to supply and markets. The FSWG reports its initial analysis indicates that the state of readiness within the food industry is encouraging. Major domestic companies that provide most of the foods the American public consumes are confident they will continue to operate in spite of the Y2K problem. The FSWG reports that an interruption in the food supply so severe as to threaten the well-being and basic comfort of the American public is unlikely. The group's initial assessment also indicates that key foreign markets for U.S. food products will likely have a low risk of Y2K disruptions to their import, processing, distribution and retail chains. However, some countries and their domestic food supply industries have not yet made significant progress on the problem. Should there be a disruption of imports, domestically grown fresh fruits and vegetables are likely to continue to be available. Health Care (Working Group Chair--Department of Health and Human Services) The Health Care Working Group, chaired by the Department of Health and Human Services (HHS), is reaching out to health care professional and provider groups to assess the Y2K readiness of the health care community. These groups include: the American Ambulance Association, American Hospital Association, the American Medical Association, the Health Industry Manufacturers Association, the Joint Commission on Accreditation of Health Care Organizations, the National Association of Community Health Centers, Inc., and the National Association of Rural Health Clinics. The survey data gathered to date is mostly centered on hospitals and larger health care facilities. Responses to an American Hospital Association survey and an informal survey conducted by Medical Records Briefing newsletter for the health information management industry, indicate that more than 70 percent of larger organizations have Y2K remediation plans in place. Their anticipated completion dates for Y2K work fall throughout 1999. Throughout 1999, working group members plan to gather assessment information on Y2K readiness, especially among smaller health care organizations. With support from the Association of State and Territorial Health Officials, the Centers for Disease Control and Prevention (CDC) have sent a Y2K readiness assessment survey to 57 State and Territorial Health Officials. Results are expected by the end of January 1999. The HHS Inspector General's Office has plans to survey the Y2K readiness of a sample of Medicare providers. Housing (Working Group Chairs--Department of Housing and Urban Development, General Services Administration) The Buildings and Housing Working Group recently gathered initial assessment information from more than 150 housing authorities, public housing authorities, Tribally designated housing entities, grantees, and city/county neighborhood housing and community economic development offices. Survey results indicate that, as a whole, there is a high level of awareness of the problem within the Housing Sector. But much work remains. Overall, 25 percent of respondents have completed work on mission-critical application systems, and 8 percent have completed work on embedded chips. Results from this initial survey will factor into the design of on- going efforts to monitor and motivate preparations by these sector participants during 1999. Human Services (Working Group Chair--Department of Health and Human Services) The Human Services Working Group, chaired by the Department of Health and Human Services (HHS), monitors the level of Year 2000 preparedness for many human services programs. They include: Temporary Assistance for Needy Families (TANF), Head Start, Medicaid, the Food Stamp Program (FSP) and Special Supplemental Nutrition Program for Women, Infants, and Children (WIC). HHS will obtain updated information on the Y2K compliance status of its State administered programs and conduct periodic reassessments of State Y2K efforts throughout 1999. On Medicaid, the Health Care Financing Administration (HCFA) is working with a contractor to assess the status of State Medicaid-related Y2K efforts. HCFA staff will visit all States at least twice in 1999. The Department of Agriculture's Food and Nutrition Service will continue to prepare quarterly reports on the Y2K status of State systems supporting the FSP and WIC, focusing on software, hardware, and telecommunications compliance. Information Technology (Working Group Chair--Department of Commerce) The Information Technology Working Group promotes action on the Y2K problem among the broad spectrum of companies that make up the information technology (IT) industry. The group conducts its outreach through organizations such as the Information Technology Association of America, the Institute of Electrical and Electronics Engineers, the Business Software Alliance, and the Internet Society. The working group is forming a task force to assess the Y2K readiness of the IT sector as a whole, taking into account both business operations and products and services. Results are expected in late January 1999. More information about the working group can be found at y2k.ita.doc.gov. International Trade (Working Group Chair--Department of Commerce) The International Trade Working Group, which includes representatives from the Commerce Department's U.S. and Foreign Commercial Service, the U.S. Customs Service, the Department of Transportation, and the U.S. Information Agency, is working with a number of key trade associations to help assess the progress of Y2K efforts in three critical areas of international trade: infrastructure (transportation and logistics), manufacturing (suppliers and buyers), and services (financial and legal services). Participating organizations include the American Association of Port Authorities, the American Chambers of Commerce (overseas), the American Warehouse Association, the Chamber of Shipping of America, the Export Legal Assistance Network, the International Trade Council, the National Customs Brokers and Freight Forwarders Association, the Small Business Exporters Association, the Small Business Industry Sector Advisory Council, and the U.S. Council for International Business. In February 1999, each of our association representatives will complete a report on its members' Y2K preparedness. In January 1999, the U.S. and Foreign Commercial Service is scheduled to release in the first quarter of 1999 a report on the Y2K activities of foreign governments via the Internet at www.y2k.ita.doc.gov. Non-Profit Organizations and Civic Preparedness (Working Group Chair-- Office of Personnel Management) This working group, which has representatives from the Office of Personnel Management (OPM), the Department of Health and Human Services and the Federal Emergency Management Agency, is tracking the Y2K progress of non-profit organizations and coordinating inter-sector communications related to civic preparedness. OPM conducted in August 1998 an informal Y2K readiness poll of several non-profit and charitable organizations within the Federal Government's Combined Federal Campaign. The responses indicated that most large national organizations and their local chapters/affiliates are aware of Y2K, and are taking measures to ensure that their internal systems will be ready for the century date change. Few organizations, however, were assessing internal embedded chip-based systems or outside partners' Y2K progress. Results of a more detailed survey, which attempts to reach most non-profits 501(c)(3) organizations, will be available in February 1999. Police/Public Safety/Law Enforcement/Criminal Justice (Working Group Chair--Department of Justice) This working group, chaired by the Department of Justice (DOJ), has been working with a number of non-Federal organizations to promote action on the Y2K problem. These organizations include: the International Association of Chiefs of Police, the National Association of Attorneys General, the National Association of Police Organizations, the National District Attorneys Association, the National Sheriffs Association, and the National Troopers Coalition. Based on informal assessment information, there is a high level of awareness of the problem among non-Federal police/law enforcement entities. State police/law enforcement entities and departments in larger metropolitan areas are making good progress. However, most departments at the county and municipality level lack the sophistication to assess the Y2K readiness of their service providers. These departments do not have their own, dedicated IT resources--money and professional staffing--and are instead dependent on the IT departments of the county, city, or municipality of which they are a part. Dedicated radio communications and dispatch systems are a concern for all police/law enforcement organizations and the working group is encouraging departments to focus on contingency planning in this area. Tribal Governments (Working Group Chairs--Department of the Interior, General Services Administration) As part of an effort to promote action on the Y2K problem in the Native American community, the General Services Administration and the Interior Department's Bureau of Indian Affairs in December 1998 worked with the National Congress for American Indians to distribute a Y2K information package to the leaders of the 554 recognized tribes. Other outreach activities included recent meetings with Alaska tribes and the Navajo Nation. Another meeting is scheduled at the end of January 1999 with 39 tribes in Oklahoma. Other Federal agencies in the Tribal Governments Working Group, such as the Environmental Protection Agency and the Indian Health Service, are now meeting with the Bureau of Indian Affairs to design and plan a survey that will better define specific Y2K concerns within Tribal communities. Y2K Workforce Issues (Working Group Chair--Department of Labor) The Y2K Workforce Issues Working Group, chaired by the Labor Department, conducts outreach to connect organizations seeking Y2K assistance to those who have skills for tackling the problem. One of the group's key initiatives is the IT Job Bank (it.jobsearch.org). This subset of the Labor Department's ``America's Job Bank'' (www.ajb.dni.us) is a free Internet resource designed to help employers connect with individuals that have Y2K expertise. The working group also reports to the Council Chair on the status of the Y2K labor force within the Federal Government and in other areas. For the most part, the Federal Government has thus far not experienced labor shortages among personnel qualified for fixing the problem. Personnel costs in the private sector are increasing. There has been some anecdotal information on shortages in some industries, but thus far there is no evidence of a systemic labor shortage in the private sector. Concerns are mounting, however, about how increasing international Y2K activity may affect the supply of qualified personnel. Chairman Stevens. Thank you very much. First let me congratulate you for this report, the first quarterly summary, that you put out on January 7th. I hope the members will each get a copy. There is a copy here for everyone. Mr. Koskinen. There is a copy for each member. Chairman Stevens. I think that is a very good summary that we should study before we start the subcommittee hearings. I have a few questions. First, it is my judgment that there are some systems out there that are under primary responsibility of the State and local governments that do affect the health and safety of our people, including Federal employees who are carrying out other programs. Are we looking into the interface of this? Some States may not be able to secure funding for that because of their legislative process. I should think we ought to have some way to identify those and perhaps include those in a Federal emergency appropriation. The concepts of--I am thinking particularly of the highways. Just as a footnote, I got a note the other day about a young patrolman who got an award in our State because he fixed a problem that everyone thought was going to cost hundreds of thousands of dollars for less than $100. It was an interesting way he did it. But there is innovation out there in the system and I think we should be sharing that. But I am not sure that the States and the local governments have the money to identify those areas that are Federal priorities and to move on those Federal priorities, is what I am saying. Should we identify some and tell the States, we want you to move on these and the local governments to move on these, and we will assist you to make them a high priority, those that affect the interstate transportation system, those that affect the communications system, those that affect the interstate airways system? It seems to me there are some out there that are direct Federal, so much involved with carrying out our responsibilities, that we should get the States to make them high priorities. Have you done anything along that line? Mr. Koskinen. Yes. We actually view this as a three-tiered problem. The first tier is the Federal systems we are responsible for and have direct authority over. The second tier is all the systems we interface with, which to a large extent are at the State and local level for the administration of a wide range of programs, including highways, Medicaid, unemployment insurance, and food stamps. The third tier, as you mentioned earlier, is our outreach to everyone else in the world, in effect, but certainly everyone else in the domestic economy over whom we do not necessarily have direct authority or responsibility, but, as you note, whose failure would create a problem either for the economy or for the public. We are working in each of those three tiers. Chairman Stevens. Are we financing it, though? The interstate airways system, the international airways system, for instance. My State is the air crossroads to the world, I think, but as a fact of the matter we will not function unless those foreign aircraft can solve their problems in their Y2K countries of origin. Mr. Koskinen. Exactly. Chairman Stevens. Are we doing anything along that line? Mr. Koskinen. Yes. Let me try to take you through an answer to all of that. At the State level, we had a State summit. We invited all the States to join us last July here in Washington under the aegis of the National Governors Association. With 45 States, we went through all the critical areas of interest to them and their immediate constituents and to the Federal Government. I now have a monthly conference call for a couple hours every month with the State Year 2000 coordinators from across the country looking at issues that they are dealing with, sharing information as we go, trying to make sure that we and they jointly are paying attention to the most important problems. We have a specific program going on with the States to test every data exchange point of the 160 Federal programs that the States actually run to ensure that those data exchanges work. OMB has asked the Federal agencies, in the next quarterly submission, to report on the State administration of the most significant Federal programs we are concerned about as we move forward. We have continued to monitor State progress in other areas. In many of the Federal programs, like the highway program, we have had specific meetings with the States. Most of the Federal agencies have noted that, in many of these programs, existing funding from the Federal Government for the program can under the current authorities be used for Year 2000 remediation efforts. The Transportation Department, the Education Department, and other Departments have made that clear to the States. So with regard to the State level at this point, while everyone is always short of revenues and would appreciate more, we do not think funding has been a major problem. Rather, in some States our major problem has been attention. We have increasingly tried to get the States to understand that if the governor does not have this as his or her priority, then that State is going to have difficulties, and the same is true at the county and city level. I would feel in some ways more reassured about the problem if we had more people saying, ``We do not have funding.'' My concern is the people who think the Y2K problem is either not their problem or they will wait and see whether or not their systems break and then fix them. So we have spent a lot of time in the last 9 months reaching out at the State level, trying to get the States to work with us to reach out to the counties and the cities, to make sure that they too understand the importance of dealing with this problem. Internationally, it clearly is a global village. We are all increasingly interconnected. International air traffic systems, telecommunications systems, financial service systems, maritime shipping systems, all form a network that we depend upon in various ways. Certainly in States like Hawaii, Alaska, and other importing areas of the country, if international systems go down it will directly affect us. I had a very good meeting about a week ago with the House appropriators and their staff members on the use of emergency funds to encourage activities in those areas. As you know, the emergency funding is for Federal systems and related expenses. We discussed and agreed that only fixing the Federal systems that are operated by Federal agencies will not do us any good if the systems we depend upon and relate to do not function. While at this time there is no agreement that we should be using the funding to fix any other nation's systems, it is clear that it is appropriate to use those funds to encourage increased activities in those areas internationally. For example, the FAA is working with the International Air Traffic and Civil Aeronautics Associations to in fact reach out to other countries to make sure they are paying attention to the problem and doing the necessary work on air traffic systems. We have arranged with the U.S. Coast Guard to have an emergency meeting the first week in March in London of international maritime associations, both in the private and the public sector, as well as international port associations, to begin to try to make sure that we have an organized global effort to mitigate interruptions in maritime shipping activities. But you are right, if we in a lot of these areas cannot depend upon our foreign partners in the private sector and in the public sector, that will have an adverse effect on at least some sectors of our economy and the public. Chairman Stevens. Let me do this now since we have additional members that have joined us. So I want to make sure people understand what this is not. Again, this is not a hearing to go into what the Time magazine is talking about, the end of the world, or even the Newsweek articles or others we are getting. Senator Bennett has got a special committee that deals with all those problems. We are looking at the subject of the money that we appropriated last year, how it has been used, and what additional moneys might be needed, and whether there is anything that we can do to assist the coordinator of all of the Y2K activities for the Federal Government, with outreach to the State and local governments, to assure that we are compliant by March 31 of this year on major systems. I have a couple other questions to ask, but I want to urge everyone to sort of keep the questions short in the first round because some people may have to leave to go to something else. So let me proceed. Now, we are going by the early bird rule, which we will follow on this committee entirely, and that is if you want to ask questions early be here early. The first person to come was Senator Campbell. Senator Campbell? Senator Campbell. Thank you, Mr. Chairman. I will try to keep it brief. It looks as if I am going to chair the Treasury Subcommittee again, John, so I am particularly interested in a couple of areas. Without going through these very detailed reports, I want to ask just a couple of things about the Internal Revenue Service (IRS) and the GSA. I notice that--it is pretty brief. On page 21 it just says under ``Treasury'': ``There is a strong support team in place. Good progress on embedded chip, telecommunications, contingency planning, and data exchange.'' That does not tell me an awful lot. Frankly, you know the old taxpayers out there are calling and beginning to worry, that is what I want to relate to you. Could you in very short order tell me what progress is being made in the IRS? The first time there will be filing of tax returns, in the early season of the Year 2000, are they going to be noticeably impacted by any Y2K problems? Mr. Koskinen. The IRS runs some of the largest, most complicated systems in the world, and historically it has had difficulty dealing with large information technology upgrades and replacement efforts. But to the great credit of the employees and the very strong leadership of Commissioner Rossotti, who has really done a remarkable job, he and we are confident that the IRS will meet the March 31 deadline. So that as we move to the end of this year and into the filing season in the first quarter of the Year 2000, we expect that taxpayers can be confident that their returns will be processed appropriately, and that refunds will be issued in the appropriate manner. And, as I have been asked by callers on C- SPAN a few times, you can also be assured that if you have not paid your taxes, the IRS will be able to handle that accordingly as well. So I think that they are in very good shape, and it is a great tribute to their employees because they had some of the largest challenges in the Federal Government when we started. Senator Campbell. I thank you. The other question I have deals with the GSA and government-owned buildings, the millions of square feet of office space housing Federal agencies in it. Do we have some assurance that we are going to be in good working order so that the Federal employees can do their jobs in this environment? Mr. Koskinen. Yes. One of the concerns everyone had across the country initially was,``Would elevators work?'' We all see the inspection certificate that says not valid if you have not been inspected in the last 6 months. It turns out all of the elevator companies---- Senator Campbell. Security systems, things of that nature? Mr. Koskinen. They are complicated systems. The good news is the elevators themselves appear to have no Year 2000-related problems, so that the specter of elevators stopping or going to the basement or the roof or doing something else is not right. Security systems, particularly card entry systems, are at risk and need to be checked, and some of them need to be upgraded and fixed. It depends building by building, system by system, but increasingly that is the security for both parking garages and buildings. Senator Campbell. Do you know what is being upgraded? Mr. Koskinen. Those systems are being upgraded. GSA in its outreach program has a very strong working relationship with the Building Owners and Managers Association, or BOMA, as it is called, and they are working together to share information and develop an inventory. GSA has a website with an inventory of information in this area. We expect that there will not be a problem in the directly owned and managed Federal buildings. Part of our issue is to deal with those buildings that we lease from others, to ensure that the landlords or the owners of those buildings are also paying attention, because the most significant risk in a relatively small---- Senator Campbell. Buildings we lease from others, who is responsible for paying for the upgrading of security systems? Is that in their contract or do we have to provide that money? Mr. Koskinen. It depends on the nature of the lease and what the contractual terms are. As a general matter, landlords have a responsibility to in fact have a building that is open and operating. On the other hand, a lot of leases provide for the pass-through of certain kinds of expenses, and it is a determination of what the lease terms are as to who pays for it. The cost is less of a concern, going back again to the chairman's question about State and local governments, than making sure that people have found the problems and fixed them. The cost is a relatively modest part of the problem. The bigger problem is the systems that do not work. Senator Campbell. Do we prioritize? For instance, in this environment of potential increased terrorist activities and so on, are law enforcement agencies given priority, ATF as an example? Mr. Koskinen. Yes, we are focused on the fact that New Year's 2000 will be an interesting weekend, not only in terms of whether or not systems work but also in whether or not people will try to take advantage of any potential problems. I think one of the important issues for us to be clear about not only with the public but with everybody else as well, is that our security systems are a high priority for us, that monitoring of community security is a high priority for us, and in fact there may be more people monitoring these systems that weekend than ever before. We think that anyone who wants to enter a system in an unauthorized way needs to understand that in the private sector as well as the government every organization is going to have special weapons assault team (SWAT) teams on duty that weekend to monitor those systems. Senator Campbell. Good. The last question. Since no one has a crystal ball around here and we are not quite sure of the total cost, how long after the first of the year do you anticipate that you might have to ask for any additional emergency funds, or do you anticipate that? Mr. Koskinen. I think it is hard to predict with a crystal ball. But I think that it is unlikely that we will have any significant need for emergency funding after January 1, 2000. As I noted, I think that the vast majority of critical government systems will be done as of March 31, 1999. Additional work will be going on throughout 1999 in some agencies and some agencies will be working on non-mission critical systems into the Year 2000, but they should be able to absorb that without any significant emergency expenses. Senator Campbell. Thank you. Chairman Stevens. Senator Reid. Senator Reid. You indicated that 61 percent of the Federal Government's had reported and were on line, so to speak, right? Mr. Koskinen. Right. Senator Reid. You talked about State and local governments. Do we have a percentage breakdown of State and local government as to what they have done to comply with our problems? Mr. Koskinen. We do not have a full breakout at this time. We are working with the National Association of State Information Resource Executives and the National Governors Association (NGA). In fact, we are talking with the NGA about providing them some small amount of emergency funding support to increase the amount of activity they have with the States. One aspect of that work would be to get a better picture, State by State, as to how the States are doing. At this juncture there is a website that the state Chief Information Officers (CIO) run, where States are beginning to provide information about their efforts. But we do not have at this point a clear understanding in terms of percentages across the country. All of the States have their own Year 2000 websites and an increasing number are publishing for constituents reports on the status of their efforts. Senator Reid. What is your estimate of State government and local government? Mr. Koskinen. I have a higher level of confidence in the States than the locals, but it is part of the experience we all have. The farther away from your control you get, the more concerns you have. I think that the vast majority of the States appear to be making good progress. I think at this point all of them are organized to deal with the problem, but some of them have greater challenges than others. Our greater concern is at the State and local level. The National Association of Counties (NACO) did an assessment for us as part of our outreach efforts and they noted that half the counties in the United States had very thorough, organized Year 2000 plans. The problem was half of them did not. It does not mean that they were not doing work---- Senator Reid. I think you misspoke. You said ``State and local.'' Did you mean county and city? Mr. Koskinen. Counties and cities, I'm sorry, yes, exactly. Thank you for the correction. NACO did that survey, and it doesn't mean that the half of the counties without plans are not doing any work, but it means they are not at the same level of organization as those with plans. One of the reasons they are doing the assessments is that we wanted the message to go back to counties. We wanted to have citizens asking, ``Are we in the set of counties without a plan?'' Again, at this point our concern is to make sure that every town mayor, every city mayor, every city manager, every county executive, has the Y2K problem on his or her list of priorities just as it is on the list of priorities of this committee and the President. Senator Reid. What about the private sector? Mr. Koskinen. As the chairman noted, we are working through cooperative relationships, with organizations representing key sectors of the economy to gain assessments from them and their members. Senator Reid. But do we have an estimate as to how they are compliant? Mr. Koskinen. At this juncture, in virtually all of the critical sectors of concern to us, it is clear that the major companies are fully engaged. The Federal Government is, as many of our critics have even begun to notice, ahead of most industry sectors. Our goal is March 31. Most industry sectors have a June 30th deadline. I think we will complete more of our systems. At this juncture there is no evidence, as I said in my formal statement, that there will be any national problems or collapses of the infrastructure. We think the national power grids will hold. We think national telecommunications systems will work. As I noted, I am confident that the air traffic system will work. Where we are concerned, and your question is a good one, is with not all but some, small to medium sized organizations in the public and the private sector who have decided that this is not a problem they are going to deal with now. Any organization making that determination is engaged in a high risk roll of the dice in terms of whether their systems will function. If they do not, that organization is going to be at the end of a very long line of those who may have waited to get a new piece of equipment. Senator Reid. Let me ask my last question. My time is about gone. A lot of us have more confidence, of course, in the work that you are doing for our country. But we live in an international economy now. What happens to countries that are in such difficult financial shape, countries like the former Soviet Union, Russia, which has all kinds of technical things that they depend on, just like we do, and they do not have the resources to be spending billions of dollars to update their system? We could go through the entire litany of countries that are having difficult financial problems. What is happening in the rest of the world to make sure that, even though we may be okay here in 2000, if the rest of the world is doing nothing it could be a big economic meltdown? Mr. Koskinen. It is a concern. In fact, it is my greatest concern. I think we have more risk internationally than we do domestically. I think there are a significant number of countries that are doing very little and, as you note, may have limited resources. Again, my concern internationally has been less with countries that say we cannot do it because we do not have the money and more with countries that say this is all an American problem, we do not have major mainframes, it cannot be our problem. As a result, somewhat out of desperation, we encouraged and worked with the United Nations (U.N.) to invite national Year 2000 coordinators from around the world to meet with us in December. We got a greater response than I thought we would. More than 120 countries from around the world sent their Year 2000 coordinators to meet with us on December 10th and 11th at the United Nations. It was clear at that meeting that a number of eyes were opened. Many countries volunteered that they had not realized the extent of their exposure to the problem. We are now following up on that. The United States and a number of other countries were asked to create an international Y2K cooperation center designed to increase the flow and sharing of technical information among countries, because the most important resource we have is time. The next important resource is not money; it is information. If we can increase the sharing of technical information about how to fix power plants, how to fix telecommunications systems, how to fix hospitals, not only domestically but internationally, we will increase the chances that more of those systems will work. There is very good work going on internationally in some sectors. The banking and finance industry internationally has done a wonderful job and I think financial systems in most countries will be in good shape. There is more work going on in telecommunications than there was a year ago. There is an increasing amount of work in air traffic. But there is very little work being coordinated in maritime shipping, which we are very concerned about. So we are going to spend a reasonable amount of time in the next 6 months doing what we can to help organize on a regional level and internationally, not only countries but companies, to deal with the problem. But I have much less confidence about the ability of those organizations, all of them, to solve their Y2K problems by the time we get to the end of the year. Chairman Stevens. Thank you, Senator. Senator Bond. Senator Bond. Thank you very much, Mr. Chairman. Mr. Koskinen, following up on the small business comments that I raised earlier and that Senator Reid mentioned, we had testimony last year that there were polls showing that 40 percent of small businesses did not know or did not even care if they had a Y2K problem. We had other estimates that 700,000 small businesses may shut down. So we are anxiously awaiting to see whether the information is getting out and we are making any progress. What are your plans for small business in your strategic advisory group? Mr. Koskinen. As I noted earlier--and I think your concern is well placed--we are concerned about small businesses. Again, the irony of all this is we are mostly concerned about those who do not think it is their problem. Increasingly, the recent surveys are showing that small businesses know of the issue, but the last small business survey done by the National Federation of Independent Businesses showed that up to a third of small businesses had no intention of doing anything about it. Now, of the 24 million small businesses, as you know, about 90 percent of them have 5 or fewer employees and so their risks may be more moderate. They may be at risk primarily for the operation of their PCs and, if they are in manufacturing or production, some small number of systems. But I think a number of them are rolling the dice, and we are concerned. The Council, with the SBA, the Commerce Department, and the IRS, held a National Y2K Action Week directed at small businesses last October. The SBA is planning another major outreach effort in March to try to again reach small businesses. SBA has a wonderful website with technical and organizational information to help businesses deal with the problem. But at some point--its the classic, you can lead them to the water, the question is whether they will imbibe. Senator Bond. Well, I hope that you will be involved more with that. Our committee and I believe the House committee also is anxious to work with small business, because we do believe this is a real problem. Let me switch to the area where I have responsibility on this committee, Veterans Affairs (VA), Housing and Urban Development (HUD), and Independent Agencies. I was somewhat surprised to see that HUD is doing so well. I assume that Appendix A, Table 2, really is a fair overview of who is hot and who is not, who has been good and who has been bad. Mr. Koskinen. Yes. Between 26 and 27, but 27 particularly, that is the short form summary of where the agencies are in their progress. Senator Bond. We always like short form summaries. Mr. Koskinen. Yes, we all do. Senator Bond. HUD has been going through so much trauma in trying to get its systems under control that, frankly, some of the work that has been done there has apparently kept them apace with the other agencies. You mentioned international affairs and I am very much worried about National Aeronautics and Space Administration (NASA), which is within our jurisdiction. We have the Space Station program with the Russians. What do you see in that area? Can we crash the whole international Space Station because of Russian Y2K problems? Mr. Koskinen. Well, it is a concern. When I started last spring, I did an agency of the day tour and I met with the heads of all the Cabinet agencies, actually 44 agencies, each of them separately with their staffs. Senator Bond. Sounds like one of the hearings in our subcommittee. Mr. Koskinen. That is right. I wanted to get them to understand the three-tiered process as I saw it, with a special focus on the third tier of outreach. When I met with Dan Golden, it was clear that NASA, for its internal systems, as you would expect, had generated a very strong management control process. So internally I think they are fine. But in the outreach tier, NASA is concerned not only about their partnership with the Russians, but other international organizations that are operating in space. It turns out as a general matter that the satellites and the communications-based systems in space are fine. They are basically just floating antennas. It is everything that connects to them on the ground that is at risk. Obviously the Russians have economic challenges across the board independent of the Year 2000 and the relationships with the Space Station are challenging, to say the least. At this juncture, NASA has a working relationship with the Russians on not only the Space Station generally, but looking at the Year 2000 problem as well. Much like our other international relationships in this area, we are getting cooperation, but it is more difficult to get information. At this stage I can only tell you that NASA is very focused on the issue and we would expect that as we move through this year toward the summer we will have a better report from them on exactly what the risks are, if any, in those systems. Senator Bond. Well, we will focus in our hearings with NASA on what can be done to wall off problems that arise in other countries. If there is a major crash in some country, in some other country that is tied in to us, can we protect ourselves from having a crash there interfere with our operations? Do we have that technology? Mr. Koskinen. Yes, I think that is the question we have across the board. We want to make sure that we know the status of their work, where the risks are, and if we need to wall off interconnects that we do that in time. Senator Bond. My time is up. We also have the Federal Emergency Management Agency (FEMA) under my subcommittee's jurisdiction and would welcome your guidance on what we can do working with FEMA to assist in local efforts, such as Senator Reid raised. Finally, I would note for my colleagues that the chairman reminded me, last year in the Small Business Committee we did pass a small business Y2K loan program specifically to make financing available to small businesses. That will be one of the very first bills we will pass out of the Small Business Committee, and we hope this year the House can get it done so the resources are available. Please advise us on either this committee or on the Small Business Committee if we can be of assistance. Thank you, Mr. Chairman. Chairman Stevens. Thank you. Mr. Koskinen. May I add just two comments? First, with regard to HUD, the progress is again a tribute to their hard work. Their numbers are accurate. They will in fact complete their work on time, and they are one of the better Federal agencies in this area. Secondly, on SBA, we have asked--and SBA has been delighted to do it--the SBA people to continue to work with your staff and others who are interested in what additional legislative or funding authority would be necessary to try to deal with this problem of getting the attention of small businesses. As I said, I would feel better about it if we had more small businesses saying, we have not got the money to do the work and that is the problem. Our real challenge is the third of them who say, well, it is not a big issue; we will call you if there is a problem later, which is going to be too late. Senator Bond. I agree. Chairman Stevens. Thank you very much. Senator Bennett. Senator Bennett. Thank you, Mr. Chairman. Since John Koskinen and I speak to each other every Wednesday afternoon either face to face or by telephone in my role as chairman of the Senate committee on this issue, I am very familiar with what he is doing. I want to take this occasion to congratulate him and congratulate the President for having appointed him. I think we have an extraordinary public servant here who understands the problem and is working it extremely well. My area of responsibility in this committee is as chairman of the Legislative Branch Subcommittee, and by definition you do not have any authority over any of that. So let me springboard from that to a problem that I see that I think you might comment on. As we have held hearings in the Legislative Branch Subcommittee and I have asked the various agencies responsible to that committee about their Y2K readiness--the Government Printing Office, the Sergeant at Arms, the Senate, the Library of Congress, and so on--I have received or our subcommittee has received, as you have given the full committee here today, assurances that mission critical systems will be ready. Now, I asked the question, give me a definition of a non- mission critical system, and the former Sergeant at Arms the last time I asked the question said: Well, for example, Senator, the copier in your office. Now, when I say to my colleagues that they will be unable to make copies of press releases after the Year 2000 if they do not get on this problem, suddenly that is mission critical, particularly to Senators who are in election cycle. To be unable to make copies of press releases is a mission critical issue. Now, all of the tables you have given us have to do with the state of remediation and readiness for mission critical systems. I know enough from our conversations to know that the mission critical decision, that is the decision as to what is and what is not mission critical, has been made in each agency, as indeed it should be. I do not think we should burden you with the responsibility of walking through every Cabinet level agency and saying, this is mission critical, this is not, and so on and so forth. It is the management responsibility of the Cabinet Secretary to make that decision and it is his or her neck on the line if the decision is wrong. But in your efforts to make sure that every agency gets its mission critical systems properly identified and remediated, have you done any work or have any general sense of what kind of disruption will come in the non-mission critical systems that might not get fixed, or how serious is it going to be of non-mission critical systems that may be neglected in their effort to make sure that the numbers that they give you and those numbers that then you give to the Congress and to the President look good? Is there something that is significant that is going to get left behind? Mr. Koskinen. That is an important question in the private sector as well as in the Federal Government. As a general matter, the experience of the agencies when they began was that everybody who was running a system decided it was mission critical because they needed it. It is a little like the copier. If you were using it, by definition you needed it. So initially there was some movement back and forth as agencies continued to refine and define what was mission critical. As you know, I have been meeting monthly with senior managers of the tier one or challenged, agencies since May. Their inspectors general are reviewing the division between mission critical and non-mission critical as well. I am satisfied the agencies are making appropriate decisions in this area. In many cases the non-mission critical systems, if they are not fixed over a long period of time, will generate issues. They are report-writing systems, database systems, and other kinds of secondary systems that do not go to your ability to operate day in and day out, but over time will build a cumulative risk if left unfixed. I think it is important to note that agencies are not in an all or nothing situation. Some agencies, like the Department of Education, now have a greater percentage of their non-mission critical systems compliant than mission critical because of the nature of those systems and the remediation process. We have asked the agencies to focus on non-mission critical systems as well and to continue to refine and understand what their risks are if these systems are not up and running. While there will be some work continuing into the first quarter or even the first 6 months of next year on non-mission critical support systems, at this point the agencies do not expect any significant disruptions as a result of that ongoing work. The final test in this area is that we are now requiring the agencies to have contingency plans and continuity of business plans. This causes them to again take a look at their lines of operation in critical activities, to ensure that if they go down the list, they know exactly what their backups will be. In the course of that dialogue, agencies are reviewing again what are their mission-critical operations, what are the things for which they need to have backups. In all of my meetings with the agencies, I have not found any significant problem or even any problem in that area. But it is an important area to continue to review, because what happens is that what appears to be a non-mission critical system at the start may turn out as you move forward to be a critical part of an important process. Again, in the private sector as well as in the government, oftentimes we have not looked at business processes or lines of operations. We have said, I run this computer program, I do this piece of work, but have not put it all together into the full process. So the final stage of contingency planning I think will uncover many of these issues and cause people to take a hard look at just the question you raise. But at this point we do not see a problem there. Senator Bennett. Thank you. Chairman Stevens. Just in case Senator Bennett might leave, I just wanted to tell you something, if you do not mind just a second here, Senator Burns. A friend of mine in Alaska told me that he was worried about trying to make the changes in his systems to meet this problem because if he failed he might increase his liability and decrease the liability of the manufacturer. Have either of you looked into this problem yet? How should we relieve people of assuming liability for original malfunctioning if they try to fix it? Senator Bennett. That is going to be one of the subjects of the hearings that we will hold in our committee. The estimates we have received in our committee as far as money is concerned tell us that, whatever the cost of fixing this thing worldwide, and some estimates say that it will cost more than the Vietnam War--the Vietnam War ultimately worldwide cost about $500 billion--and that this thing is going to cost $600 billion just to get it fixed. Then the estimates say there could be as much as a trillion dollars in liability. If the trial lawyers loved the tobacco settlement, they are going to go bananas over this one unless we can find ways to deal with it intelligently in the Congress and lessen some of the liability class action suits that will be brought. So on our committee we are going to address that, and Senator Kyl, who is the member of our committee who is also a member of the Judiciary Committee, is going to take the lead in trying to find some kind of safe harbor legislation that might make it a little easier to get this problem under control. Chairman Stevens. Any comment, John? Mr. Koskinen. There has been a concern, and in fact again I would compliment Congress for its great cooperation with us in the passage of the Information Readiness and Disclosure Act last year, which limited liability and protected people making voluntary disclosures of information and readiness. I think that legislation is going to help us significantly in getting information shared. We did have at that time and have had an ongoing set of conversations with people about the underlying liability issues and the concern about either consultants doing work on systems or companies who will then be told they made the problem worse rather than better, and whether that will increase exposure. As a general matter, that has not been a systemic problem. Most people interested in liability are concerned about the underlying liability: If they make it better but not totally compliant and it still does not work, are they going to then have massive liability, particularly against information technology providers or major service providers? The intermediary fixing it, the people doing the work, seem as a general matter across the board to have figured out how to have done that. The more difficult problem in some ways is the warranty or copyright problems. A lot of software systems and hardware systems are protected by copyright and patents that provide that, if you open the box up and try to fix it yourself, you then void the warranty and may be undermining the copyright or the patent. That is a more technical, issue and I think probably a more real concern, that we still have not figured out the answer to in terms of people who have providers who will not cooperate and yet control the copyright or the patent. So we are taking a look at that issue. But as a general matter those turn out to be relatively peripheral issues to the major amount of work that is going on. Chairman Stevens. Thank you. Senator Burns. Senator Burns. John, thanks for coming down this morning. I only have a couple. Most of my questions have been asked. But I will tell you what, how important this is. I filed on that brand in Montana. It makes a nice looking brand if you have got a big enough calf to put it on. ``Y2K'' makes a nice brand. Now, I have not gotten my filing back yet. I may have to make a lazy Y out of this for not getting the job done. We have been aware of this problem for quite a while. In fact, under the chairmanship of Jay Rockefeller on Science and Technology, back as early as 1991 we had hearings on Y2K. We did not get much publicity at that time and we did not get much cooperation, to be right honest with you, from any of the agencies that thought that this was going to be a problem. Under the leadership of Senator Bennett and the Select Committee, I think they have done a wonderful job in catching up. I am wondering, as we look at our areas of responsibility in this government. I was concerned about those communications satellites that we have been using a long time, the chips that were put in those satellites and systems prior to 1990 and maybe even prior to 1985. Of course we have seen the growth of that industry. I am wondering, when will you make a report to Congress to those areas of primary concern? I chair Communications on the Commerce Committee. At the time we were having those hearings I was the ranking on Science and Technology NASA with Jay Rockefeller and we felt a great deal of pressure to have these hearings at that time, because understanding that new equipment was coming on, new software was coming on all the time, and we may avoid some big crash exercise at the end in 1999 to deal with a Year 2000 problem. Are you making any plans to make any report to those areas of Congress which we have primary interest in and some institutional knowledge? Mr. Koskinen. Yes. The 25 sectors for which we have major working groups run across all the critical infrastructure areas. We have one for electric power, one for oil and gas, one for transportation, and one for telecommunications. The telecommunications working group is co-chaired by the Federal Communications Commission and GSA, and they are looking at the Y2K challenges in all of the communications networks--wire line carriers, satellite issues, cable issues, broadcast issues. They are in the process with all those industries of doing surveys of the status of Y2K readiness and preparedness. As we receive those surveys they will be made public, and in our next quarterly report the Council will summarize those and other assessments. But I have talked to a whole range of people who know about this issue and it is clear the consensus is that the satellites themselves, whenever they were built and whenever they were launched, do not have a Year 2000 problem. The problems are in the ground stations and connections. All of computer processing is in fact on the ground. So the companies know that, and I think domestically it will not be an issue. But again, going back to the international side, when I met with Intelsat, the international telecommunications carrier, in the spring, their real focus and concern was the ground stations in countries abroad. Intelsat runs six major stations, but there are literally hundreds, almost thousands, of ground stations around the world and those are at risk. Unfortunately a lot of them are in countries that are doing relatively little, which means we are going to have some telecommunications problems in those countries. But as a general matter, the good news is the satellites are fine and the risks, if there are any, will be in the ground station communications. Senator Burns. Well, you know, I have found when we went into this problem we can have--we are very much assured of what we have done and we have checked everything else, and I think the American public has to be aware that one little chip somewhere that does some little function that has date and time on it can absolutely be a big factor in the overall process of the operation that you may have anything to do with. So I applaud you for the work that you have done, and I applaud Senator Bennett and the work they have done. I will be looking forward to that report. I think it is a report that should be looked at and maybe have a hearing on that makes everybody aware in communications, and especially the users, of what has been done and the challenges that are yet in front of us. Most of my questions have been asked. I thank the chairman for having this hearing this morning, because I think again this is something that wants high awareness among our people and I think a confidence that it is being dealt with in the manner in which it should be. So I thank you for that. Mr. Koskinen. Thank you. You raise one important point that I noted in my statement. What we are trying to make clear to everyone is, even when you are done--you have fixed the system, you have tested it, you have rolled it out and implemented it-- you cannot guarantee that it necessarily will function. One of the reasons we are requiring every Federal agency to have a contingency plan for potential failures and one of the reasons we are encouraging States, counties, private sector companies and countries, to have backup plans, is that, while the vast majority of the systems that are fixed will likely work, we cannot guarantee that for every system. And people need to be prepared and alert to that possibility. So that as we go forward I think the goal is not to have no system not work, because I do not that is realistic. The goal is to have whatever failures occur create relatively modest or minor inconveniences and not major shutdowns. But I think that we should not be surprised and the public should not be led to believe that there will be no inconveniences, that there will be no shutdowns anywhere of individual systems, even with all the best work in the world. Senator Burns. Oh, there will be a glitch here and there. Mr. Koskinen. There will be glitches. Senator Burns. There will be some glitches. I have not read your opening statement, and I assume that probably this report that was given me probably details where we are lacking and where maybe some acceleration of notice should be made. Mr. Koskinen. Yes. Senator Burns. Thank you very much. Thank you, Mr. Chairman. Chairman Stevens. Very well. Let me welcome to the committee Senator Durbin. I should tell you that--maybe I should not tell you--this is the room that Senator Jackson and Senator Allott used for the Energy Committee when I first came here. I was sitting down over there and Senator Allott, whom I had known for many years, called me over and he said: It is nice to have you with us. I said: Thank you very much, Senator. He said: You see, the distance between your seat and mine is not very far. I said no. He said: You have got a lot of seat time, though, before you get to my seat. [Laughter.] Nice to see you. I hope that you move up a lot faster than we did. Senator Durbin. Thank you very much, Senator Stevens. I have gone through the chairs in the House Appropriations Committee to a subcommittee chairmanship and it was a learning experience which I think enhanced my ability to serve. I am looking forward to doing the same in the Senate. Mr. Koskinen, if I can ask you just three questions. Most of the areas that have been identified by my staff you have already addressed. In the first OMB report there was an estimated cost of this project of $2.8 billion. The figure has increased from $3.8 billion to $4.7 billion to a current estimate of $6.4 billion. The latest OMB report states that, of 6,696 mission critical systems identified by agencies, 61 percent are now Y2K compliant, compared to 50 percent in August. Of the remaining 39 percent, 30 percent are still being repaired, 7 percent are being replaced, 3 percent will be retired. This is a very good effort. But can you give me an idea of how much more money it is going to take to get the remaining 39 percent Y2K compliant? Mr. Koskinen. The OMB estimate of the $6.4 billion was the estimate at that time of the amount of money it would take to complete the process. As you note, while it has plateaued, as one would expect, the costs continue to increase to some extent, which, as I noted earlier, is one of the reasons that the emergency funding for which this committee and the chairman strongly supported earmarking, is critical, because as we move forward, even though it is relatively incremental and is a relatively small percentage of other expenditures we have, timing is our biggest enemy and we need to have the funds readily available. The ability to have OMB in its normal process review additional requests for funds and the Congress to have 15 days to discuss that with us turns out to be a critical process, I think, as we knew it would be. So I think it is a wonderful process. Our present estimate--at one point we talked with the staff about whether the emergency funding and everything being done now will be enough--is that present funding will be sufficient to deal with the problem. As you know, we are running out of time, obviously, and we are getting close to our March 31 goal and the ultimate deadline of January 1, 2000. If you ask me what I think in this incremental process the final number will be, I think that you are looking at a number that is probably in the $7 to $7.5 billion range total for the 5 years. That increase needs to be monitored carefully, but I think the committee's approach and the chairman's approach is right, that our problem at this juncture is to make sure the money is spent well, and spent in a timely fashion. Senator Durbin. Which leads to my second question. I understand that all the agencies, regardless of their progress, have been asked to develop continuity of business plans. These plans will be supported by contingency plans that are required for those systems that have been behind their agency's internal schedule for 2 or more months. Is it true that more Federal agencies have reported increasing numbers of systems that will not meet the March 31st goal, and does this foreshadow the need for even more money to solve this problem? Mr. Koskinen. I think overall the number is going down. But there are major areas, Defense and Health Care Financing Administration (HCFA) for example, where there are a number of systems and we are concerned that some of them will not meet the March timeframe. But those systems are identified at this juncture and the delay in meeting the deadline does not necessarily mean it is going to cost significantly more money. It is primarily a question of whether the systems can get fielded and rolled out in time. There will be some expenditures that we can anticipate now for what it will cost to implement contingency plans, so we expect that there will be, beyond the next presentation from OMB at the end of this month, additional requests for expenditures out of the emergency fund. But at this point, recognizing that nothing is guaranteed in this area, it appears that the existing emergency funding will be sufficient. But I cannot guarantee you that, and I think our goal and the OMB goal is primarily to make sure that the agencies are paying attention. As the Senator said early on, if we need money we need to know that earlier rather than later, and we need to be managing against that problem. Senator Durbin. You mentioned that the trend line was headed in the right direction, going down. Yet this OMB report that I have been handed by my staff, the seventh quarterly report, says: ``On the other hand, more agencies reported increasing numbers of systems that would not meet the March 1999 goal. See Appendix C.'' Mr. Koskinen. Yes, but that does not necessarily mean that we are going to spend a lot more money on those systems. There is a timing element of that as well as a cost element. So the fact that an agency says that, we have got a system and it is not going to be done on March 31, it is going to be done on May 30th, does not mean that there is necessarily a significant cost increase associated with that. It may mean that they are simply having problems with the timing of it. At this juncture, the agencies that have reported such things have reported costs associated with them as well. But it is an important question. In the ten months I have been on the job, when I have been asked the question of cost, I have stressed that there is no way to predict accurately. No private company has, either. You will see the private sector company estimates continue to go up in their Securities and Exchange Commission (SEC) filings. I think the two issues on which we all need to focus are: first, is the money being spent appropriately and wisely; and second, is the work being done and is it going to be done in a timely fashion. Again, I appreciate the support we have had from Congress in saying that the availability of money should not be the hangup. I think Congress has a good record of saying if we and OMB and the Inspectors General can establish the need, Congress will be supportive. So I think we need to continue to monitor the spending, but at this juncture we do not think that we are going to exceed the existing emergency funding. Senator Durbin. My last question relates to FEMA, and I think that many of us believe that one of President Clinton's best appointments was James Lee Witt. He came to the rescue of my Congressional district in 1993 in a terrible flooding situation. I have really become a great fan of his. I understand that you have been working with him in an effort to talk about the most fundamental question: What if this does not work? What is the contingency plan, the super-contingency plan that we are envisioning if we run into some very serious and grave problems, not only at the Federal level but at the State and local and even the private sector side? Can you tell me a little bit about that? Mr. Koskinen. Yes. The concept we have had from the start is not to reinvent the wheel or set up new structures. Both in the government and in our outreach to the private sector, we have been trying to deal with existing structures. Clearly, that is what we are going to do in our contingency planning emergency response effort at the Federal level. Our biggest challenge is to coordinate the existing emergency response mechanisms, because one of the unique things about this problem is, to the extent there are problems, they are going to occur more or less all in the same weekend. So we will be looking at having to monitor international issues as well as domestic issues, that will affect the Federal Government as well as State and local governments and the private sector. So we are in the process of designing a coordinating center that will build on and coordinate the domestic efforts of FEMA, as well as the efforts of the State Department, the Defense Department, the intelligence agencies, and the Treasury Department with international responsibilities. The center will also coordinate the work of existing command centers for agencies like the Department of Transportation and the Department of Energy. The key issue is to make sure that these efforts are coordinated, that we understand where the overlaps are in terms of assumptions about the use of resources. FEMA is starting a series of regional meetings with the State emergency managers. FEMA has ten offices. They are going to have ten regional meetings. In my conference calls with the States we have invited the State Year 2000 coordinators to join those meetings with their State emergency managers, so again we can jointly, with the States and with the localities, design a system that will be appropriate. I think the biggest challenge we face in that system domestically is the same one we face for the government, which is a lot of different things may happen at one time. As I said, we need to plan for what the worst case scenario might be. I do not think we are going to have a major national power outage, but I think we are at risk in local communities where either the community or the municipal power plant or a small power plant has not done enough work, that we could have a power outage, a telecommunications outage, a 911 outage, or a water treatment plant outage. Those things would not be catastrophic if they happened in one community, but it is a great challenge if you figure there might be 20 or 30 of those communities in a State--and we have got 50 States, so you are talking about 1,000 or 1,500 communities--all having an interesting problem at one time. You have to be able to plan to deal with that situation because it is a different challenge than you normally have. There may not be as much damage as a big hurricane or a flood cumulatively, but it may be a great challenge for the emergency response organization. So at this juncture we have a coordinating group with James Lee Witt and FEMA, with the emergency managers from Defense, from State, from Treasury, from the Justice Department and from the intelligence community. One of my goals is, as we all are concerned about public confidence, that we discuss this plan publicly. I think it is important for the public to understand exactly how are we prepared to deal with this situation. In fact, I think the public needs to understand that, just as they have confidence in FEMA and in our ability to respond to normal natural disasters, they need to have that same level of confidence in our ability to respond to whatever Year 2000- related problems occur. So that all of the planning we are encouraging the State and the local governments to do, as well as nationally, should be done, I think, publicly. My trilogy is: the public needs to know that we are giving them all the information we have about what works and what does not, and what still remains to be done; they need to know that we are managing cooperatively and energetically against the problem; and they need to know that we have a backup system and an emergency response system capable of dealing with whatever the risks are. That is our challenge over the next 6 months. Senator Durbin. Thank you very much. Mr. Chairman, I think Senator Bennett, who is the resident expert on this subject, has identified the liability question which still needs to be resolved. I think this raises an interesting question, too, because with FEMA's involvement it is my understanding that we are talking about the next fiscal year and the potential of some liability here for this super- emergency fund, whatever it might be, and I think we need to consider at least the parameters of our exposure at the Federal level. We do not want to discourage the State and local and private sector from doing the right thing and spending the money to improve the situation. But we might end up with an exposure or liability here that we should discuss at this point. Thank you, Mr. Chairman. Thank you, Mr. Koskinen. Chairman Stevens. Thank you. On your page 29, this appendix relating to the cost estimates in millions for the agencies, that does not break out the source of funding, whether it was routine appropriations to the agencies or whether some of those moneys are coming from the emergency moneys. I would hope you would tell us that, give us a supplement to this, if you would. Footnote 12 says: These estimates do not include the Federal share of costs for State information systems supported by Federal programs. For example, the Agriculture total does not include the potential 50 percent in Federal matching funds provided the States for food and consumer services to correct their Y2K problem. That was going to be one of my first questions. Then I find it here, and in my second round I want to talk to you about food stamps and the State-operated systems. Now, we do not have any estimate of those. Our subcommittees need those estimates as we go into these allocations so we can see whether they can meet those emergency costs--I still think they are emergency costs--from regular appropriations in their bills or whether we should start thinking now about supplemental emergency. I take it from what you are saying you do not believe we will need a supplemental emergency appropriation. Am I right or wrong? Mr. Koskinen. That is right. If you ask the States, they all would be happy to have funding. But at this point we do not have indications of States---- Chairman Stevens. But this is Federal money now, John. This is the money, the Federal share of costs for State programs under Federal-State programs. Mr. Koskinen. The agencies are funding the Federal share, but each program has a different cost-sharing relationship. With some, like Medicare and Medicaid, we pay most of the cost; in unemployment insurance we pay a significant portion of it. At this juncture the agencies are monitoring that and, to the extent that the agencies thought there was a need for more funds, it would show up in their budget requests. So at this point we do not have an indication that there is an additional funding need. But I think it is an appropriate area of concern, because some of the States are behind the Federal Government in terms of their progress so there may be a build-up coming along that we do not have a handle on. OMB will its next report show what agency funding came from normal appropriations and what came from emergency funds. And I think that is important information for all of us to track, because to some extent it confuses people. When they saw a $3.3 billion emergency fund, they thought we were going to spend that on top of the existing estimates. But the existing estimates for 1999 and 2000 assumed the money came from somewhere. So while the number is going up, it is not another $3.3 billion on top of existing estimates, even though we may use a significant portion of the $3 billion as the funding source for the 1999 and 2000 expenditures. I will ask OMB to update the chart as we know it now in terms of the estimated expenditures, what were being funded and have been funded out of normal fiscal year appropriations and what have been funded out of the emergency fund, so that you will have that information. Chairman Stevens. What I am going to do now is I am going to request each of the subcommittee staff directors to prepare a letter to each of the agencies under the respective subcommittees' jurisdiction and set forth the question. We had a whole series of questions I was going to ask you, but the more I think about it I think---- Mr. Koskinen. They are the right ones. Chairman Stevens [continuing]. We ought to get that information from them. I am going to ask that they get those responses back to us by the 26th of this month, and hopefully we can have a follow-on hearing some time the week of February 1st. We will determine whether or not those will be subcommittee hearings or whether we will have just another full committee hearing. I really think that some of the subcommittees will want to pursue this matter themselves and I would rather have that done. But I do think there are a whole series of questions that need to be asked. One of the things--I do not know whether other people are being asked this, but when I was hoping many of my friends asked me, where are you going to be on New Year's Eve 1999? Are you going to stay down in the area where everything is assured and will be protected by the Federal Government or are you going to home? We fully expect to be home. But when I read things like the Gartner Group, which is, I am told, one of the leading Y2K consulting groups, says that individuals should lay in a supply of candles, flashlights, fireplace wood, water jugs, extra food, essential medications, gasoline, and oil for whatever purpose it is needed, I have got to ask you: Are you telling the Federal agencies to do that? Mr. Koskinen. Not at this time. The Gartner Group report as they updated it said that they expected it to be a 2 to 3-day problem. It is not that everybody ought to have stuff for the next 6 months. Chairman Stevens. Well, the people who are out there running the national parks or off on various functions away from major communities in the Federal Government ought to have the same instructions, should they not? Mr. Koskinen. Our instructions to the Federal employees will be the same instructions and advice we give to the public. I think we have an obligation to let everybody know exactly where we are. Our advice thus far to people is there is no indication that there are going to be national failures. We will continue to provide information to the public as we move through the next 3 to 6 months, and we expect that as we know more about what the real risks are that we will be able to advise people by May and June, Federal employees, armed service people, and others, as well as the public, as to what we think is appropriate. At this juncture, we do not see any need for people to be taking actions today. Much of what Gartner suggests are things that people obviously ought to have in their house anyway. As one who got up this morning with no power, it was very helpful to have flashlights, batteries. Chairman Stevens. I understand that, but I am talking about Federal agencies now. Are you telling Federal agencies to get prepared as these people are telling individual homes to be prepared? Mr. Koskinen. At this point we have told the Federal agencies to draw contingency plans. The President's Council will be working across agency lines to look at what the challenges are and we will be issuing advice to the agencies about what advice they should be giving both to their managers for Federal purposes and also to their employees as people, as citizens. As I said, at this juncture we are not giving that advice because we do not think there is evidence on which to base it, and we still have a substantial amount of time before people need to be dealing with those issues. But the agencies are looking at what are their backup plans, what are their contingency plans, what do they need to do to make sure that they can operate on January 1, 2000. Chairman Stevens. All right. Now, we have all agreed here that there are systems that must be Y2K compliant by March 31st, there are other systems that the Federal Government, Federal agencies maintain, that may not be. When are we going to make statements to the public as to what systems may not be Y2K compliant by the critical dates? We have not even mentioned September 9, 1999. I am told that is one of the critical dates as well as December 31. Will we have a way to tell the public when they should be on notice that some of these systems that are maintained or offered by the Federal Government may not be operable on critical dates? Mr. Koskinen. Yes, we will. At this point we are telling the public, and we are confident about this, that as we get to the end of this year and move into the Year 2000 there will be no major Federal system failures. Chairman Stevens. I understand that. But I come from part of the world where major systems are not as important to some as the minor systems. Mr. Koskinen. Well, no one will be disadvantaged at this juncture by the failure of any nonmission critical system. If a minor system fails and you do not get your report of a meeting, which is a non-mission critical system, that is not a significant problem. But we are telling people two things. One is that we are confident the Federal Government will meet the Year 2000 deadline. We are in fact confident that the vast majority of critical Federal systems will meet the March 31 goal, which is 9 months in advance of the year 2000. But we are also telling people what we know about the status of non-Federal system. We rolled out last week a 1-188 number for consumers. We have a website that provides status reports. We are trying to assure people that as we find problems, we will talk about them. Our goal is to be candid with the public, not to mislead them. But at this juncture it would be misleading to tell the public that we think the Federal Government is not going to make it. We think we will make it. With regard to 9-9-99, it is a problem everybody has focused on in remediation; and was not a standard programming technique. Therefore, much like crossing January 1, 1999, the expectation is that it will be a much smaller part of the Year 2000 problem. But it is a critical date and everyone is testing for 9-9-99 problems. People are also looking at April 9, 1999, as the ninety-ninth day of the ninety-ninth year, as a potential date where there may be glitches in some systems, and there may be. There were a handful around the world on January 1, but literally only a handful. But I think your point is extremely important. It is one we are trying to make to the private sector as well as the public sector, and that is the most important thing for people to have is real information. That is why the OMB reporting process is very valuable. We are telling the public, almost mission critical system by system, where the agencies are in their work and where the problems are. Chairman Stevens. But again, and I do not want to argue with you, but you come back to the critical, mission critical systems. That is national, I assume. Mr. Koskinen. Yes. Chairman Stevens. When you get into a local area, what is a national critical system may be immaterial. There may be another system that the Federal Government's involved in-- support systems for pipelines, support systems for ports, support systems for a lot of other things that are very critical to those areas. Mr. Koskinen. Yes. Chairman Stevens. I think we ought to find some way to make sure that people understand when you are saying we are assuring them mission critical systems are all going to be all right, but there may be some things there around you that will not be. Now, how are we going to get to some of those, what they are? Mr. Koskinen. But those are not Federal systems. Any Federal system that is mission critical to a single individual was viewed as a mission-critical system. There is not a triage that says, well, that will only affect 1,000 people or 5,000 people. Any system that the Federal Government runs that is critical to an individual is a mission critical system. But the risk at the local level--and I think there are risks, and we are trying to deal with that--are State, county, municipal systems, local utility and private sector systems. We are very concerned about those. But the assessments we get from the industry largely tell us only whether there will be national failures. The fact that the country is going to have power generally will not necessarily solve the problem of a community or a residential area where the local power company has not made the deadline. We are trying to work with all of the private sector critical infrastructure organizations to get them, as we move through the next 6 months, to provide the public the same kind of candid information about their state of preparedness that the Federal agencies are providing. I think the Federal Government is leading the way in providing information to the public. We have been for the last 2 years telling people the status of Federal systems, subject to some then grumbling about the rate of progress. But nobody has had any problem figuring out where the Federal Government is. The public has a harder time figuring out where anybody else is, in terms of individual companies, and that is an issue we need to address, and we need to address it with the people running those systems. But by and large, those are people at the State, county, local government level and at the private sector level. I think you are exactly right, that if you live in a community you feel comforted by the fact that the country is running, but what you really want to know is how is my power company doing, how is my telephone company doing, how is the water treatment process running? And you want to know that in your community. Chairman Stevens. And the emergency ambulance service and a lot of other things, the fuel truck that brings fuel to you. There are a lot of systems out there that could go down---- Mr. Koskinen. Yes. Chairman Stevens [continuing]. And affect substantial areas. Mr. Koskinen. Exactly, and unfortunately we do not run the vast majority of those systems at the local level. And while it is not our responsibility and we don't have the authority to run them, I think we do have an obligation to do whatever we can to increase the chances that those systems work, and to increase the information the public has about them. We are doing that across the board. Chairman Stevens. I want to thank you very much. We are going to try and see if we can get GAO to come in some time next week and make a report to us, and I am going to send those letters out as I indicated. I am Defense Subcommittee chairman. We will have a meeting with the Department of Defense early, probably in that third week. I want to make sure that everyone really gets the point that we think that Congress ought to be fully aware of any problems and that we ought to be fully informed about any potential needs for additional funding to meet the Federal responsibilities on this issue, because it is, as I said, and again in my opinion, the number one issue to make sure we do everything we can to prevent someone from being harmed by a failure of one of these Federal systems. committee recess So I do thank you for what you are doing and I agree. I also agree with Mr. Durbin's, Senator Durbin's comments, about James Lee Witt. I think we will probably have him at the last meeting to make sure that we do have a contingency plan that will meet the needs through the FEMA operation. That is the safety net for these systems as far as I am concerned. So I thank you very much. Mr. Koskinen. Thank you, Senator. [Whereupon, at 11:02 a.m., Friday, January 15, the committee was recessed, to reconvene subject to the call of the Chair.] YEAR 2000 COMPUTER PROBLEM ---------- WEDNESDAY, JANUARY 20, 1999 U.S. Senate, Committee on Appropriations, Washington, DC. The committee met at 9:34 a.m., in room SD-192, Dirksen Senate Office Building, Hon. Ted Stevens (chairman) presiding. Present: Senators Stevens, Specter, and Bennett. GENERAL ACCOUNTING OFFICE STATEMENT OF DAVID M. WALKER, COMPTROLLER GENERAL OF THE UNITED STATES ACCOMPANIED BY: GENE L. DODARO, ASSISTANT COMPTROLLER GENERAL FOR ACCOUNTING AND INFORMATION MANAGEMENT DIVISION JACK L. BROCK, DIRECTOR FOR GOVERNMENT-WIDE AND DEFENSE INFORMATION SYSTEMS ISSUES, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION JOEL C. WILLEMSSEN, DIRECTOR FOR CIVIL AGENCIES INFORMATION SYSTEMS ISSUES, ACCOUNTING AND INFORMATION MANAGEMENT DIVISION OPENING STATEMENT OF HON. TED STEVENS Chairman Stevens. Good morning. Mr. Walker, I should tell you there is a classified briefing going on regarding national missile defense. I think some of our members will stay there and listen to the Secretary of Defense. But, I am hopeful they will come here, too. Senator Bennett is here, as am I. We do welcome you to this hearing on the Year 2000 computer conversion. I am delighted that Senator Bennett, who is chairman of the committee on Y2K problems, is here. We heard from administration officials on the progress being made by the Federal Government on fixing the Y2K problem last week. I am sure you must have heard that John Koskinen was here as chairman of the President's Council. We are now in the process of trying to review where the agencies are. This is your first appearance before our committee. We do welcome you. You are the seventh Comptroller General and I am sure we are going to see a lot of you in the years ahead. So thank you for joining us. Mr. Dodaro, it is nice to see you here also as the Assistant Comptroller General for Accounting and Information Management, as it is to see Jack Brock, the Director for Government-wide and Defense Information Systems Issues and Joel Willemssen--I hope I pronounced that right--who is Director for Civil Agencies Information Systems Issues. This is really not a hearing to get involved in Senator Bennett's area. We did consult with Senator Bennett about this hearing as he is the chair of the Senate's Special Committee on the Y2K Problem. We initiated the $3.35 billion in emergency funding last year--$1.1 billion for defense-related activities and $2.25 billion for the nondefense activities. We have a Federal Government estimate now of conversion costs exceeding $7 billion. This is 3 times more than the estimate in February of last year, almost exactly 1 year ago. We have put this as our number 1 issue to try to get a hold on before we start distributing monies and before we analyze the individual budgets that are going to come from the various agencies and departments, as I believe the committee must ascertain if additional funds are needed to meet the deadline and, if so, who should have them. At Friday's hearing, the administration gave us assurances that sufficient progress is being made to meet the March deadline for completion of the Y2K projects, to have Y2K compliance, and, after that, a period of testing, as I understand it. The committee, and I believe Senator Bennett and I in particular, remain very concerned about that deadline. We have asked you to join us today to give us your understanding of GAO's assessment of the progress being made and, if possible, to give us your comments about the adequacy of funding that exists in the various agencies to deal with this threat. I would yield to Senator Bennett. Do you have any opening comments, Senator? Senator Bennett. No, not really, Mr. Chairman, other than to acknowledge the pivotal role that the General Accounting Office (GAO) has played in this whole issue within our committee. The chairman is too modest. He sits on that committee and without his support a lot of these things that we are looking at would not have happened. Within our committee, we have used GAO as the principal source of investigative power within the Federal Government. Mr. Walker, a good part of that work came before you came on board. But I want you to know that you are inheriting a first class group of very professional people who have made a significant contribution in their efforts on this issue. I would be remiss if I let this opportunity go without commenting on that and letting you know of my very high regard for the people in the agency that you now head. Chairman Stevens. Senator Specter. Senator Specter. Thank you very much, Mr. Chairman. First, I want to commend you, Mr. Chairman, for scheduling this hearing and for putting the weight of the Appropriations Committee behind this very, very important issue. I also commend my colleague, Senator Bennett, for the important work that he has done. Taking a brief look at the chart in the corner, there is obvious reason for concern where there are major agencies under Tier 1 demonstrating, as the chart says, ``insufficient evidence of progress'' in Defense, Energy, Health and Human Services (HHS), State, Transportation and Agency for International Development (AID). This is a matter of the utmost importance as we are all right here on January 20, only 11\1/2\ months away from the year 2000. I wanted to stop by briefly, Mr. Chairman, to express my concern and the commitment to follow the proceedings. As you know, we have impeachment hearings, or a committee meeting that Senator Lott has scheduled in just a few minutes. So I will not be able to stay. But I will be following this very closely. I appreciate the attention of the full Appropriations Committee to see to it that whatever funding is necessary that it will be provided. Thank you, Mr. Chairman. Chairman Stevens. Thank you, Senator. Mr. Walker, I think that the comments that were made, particularly by Senator Bennett, about your agency really need to be repeated. I have always taken the position that you are not only an arm of the Congress but you are a shared staff for both Houses, and if we did not have your agency with its ongoing expertise, we would have a series of committees that had the duty to try to replicate some of those areas of expertise. And, because of the nature of our system, the longevity would be very short, and it would be almost impossible for us to have the credibility, as individual committees with obvious jurisdictional battles between our committees, that you can have. I want to assure you that Senator Bennett, as chairman of the Legislative Branch Subcommittee here on which I, too, serve, and I look forward to the opportunity to work with you and to hear your comments about your needs. We want to make certain that this area of our expertise on this jointly shared basis for Congress remains very strong, that you have the capability to reach out and get new people, and that this continuity of track record that you have during the period that I have been here continues for a long time ahead. We are pleased to have your statement, Mr. Walker. Mr. Walker. Thank you, Mr. Chairman. Good morning, Mr. Chairman and members of the committee. I am pleased to appear before you today, not only at my first testimony before the Senate Appropriations Committee but my first testimony as Comptroller General of the United States. With your permission, I will summarize my statement and add a few additional comments. I would like for my full statement to be inserted in the record, Mr. Chairman. Chairman Stevens. We will put all the statements that you present in the record in full. Mr. Walker. Thank you, Mr. Chairman. I am here this morning to discuss the government's efforts to remediate problems associated with the century date change, the so-called Y2K challenge. More specifically, do we have the necessary assurance that it will truly be business as usual next January 1? The shorter answer is not yet. While considerable progress has been made, in our opinion, addressing the Y2K challenge remains a high risk area for the Federal Government as well as several business segments and sectors. To amplify on this, I will briefly discuss four topics. First is the status of Federal readiness and the costs associated with getting ready. Second is the need for complete information on sector readiness; that is, the ability of key economic and infrastructure sectors to be ready to operate next year. Third is GAO's commitment to continue working with the Congress and agencies to identify areas of risk as well as opportunities for improved oversight, guidance, and cooperation. Last is our recommendations for what needs to be done to further minimize risk. As you mentioned, Mr. Chairman, accompanying me here today are Gene Dodaro, Joel Willemssen, and Jack Brock. These gentlemen are responsible for leading GAO's effort to evaluate government and private sector programs in addressing this problem, developing guidance to assist organizations in their program management, and monitoring private sector and international progress. With regard to Federal Government operations, I know that you heard from John Koskinen last Friday and that the administration is expressing confidence that critical government operations will be ready in time. We have worked closely with the individual agencies as well as with the President's Council on Year 2000 Conversion and we agree that significant progress has been made in addressing the problem. Every agency is reporting a measure of success and progress in meeting OMB's goals for repairing, testing, and validating mission critical systems. Some agencies, notably the Social Security Administration, are ahead in meeting the administration's key milestones. However, progress in the Federal Government is uneven, and several major agencies have not kept pace with the OMB guidelines. In February, 1997, we designated the Year 2000 computing problem as a high risk area because of poor agency progress in addressing the issue. This issue remains a high risk area today because of our continuing concern that some agencies remain at risk of not being ready. For example, if we can look at the first chart that we have, you can see the three tiers. There are six agencies that are demonstrating insufficient evidence of progress by the Office of Management and Budget's (OMB) own criteria which they have established--namely, Defense, Energy, HHS, State, Transportation, and AID. There are seven agencies that fall into the Tier 2 category, agencies showing evidence of progress but about which OMB continues to have concerns: Agriculture, Commerce, Education, Justice, Labor, Treasury, and Office of Personnel Management (OPM). Tier 3 obviously represents agencies that in the opinion of OMB are making satisfactory progress. Collectively, OMB, as of their November, 1998, report, shows that 61 percent of all mission critical systems across the government are Y2K compliant--61 percent. However, averages can be misleading since they do not disclose significant differences among the tiers and within individual agencies. For example, if you take Tier 3, 84 percent of the systems, the mission critical systems are Y2K compliant. 65 percent in Tier 2 and only 51 percent in Tier 1 are. So there is significant dispersion. Additional dispersion exists within individual agencies. For example, if you take the State Department, about 30 percent, I believe, of their mission critical systems were compliant as of November, 1998. So, as we all know, averages can be misleading. Chairman Stevens. You have more than half the budget in the first tier. Mr. Walker. Yes, Mr. Chairman, you are correct. And some of those agencies are particularly critical in a variety of national security and economic security perspectives. In addition, the failure to have one mission critical system ready on time can have unacceptable consequences. Each of the Tier 1 agencies provides vital services, such as national defense, air traffic control, and Medicare payments, which could be negatively affected if not adequately addressed. We have made more detailed recommendations to most of these agencies for improving program management. For example, last year we reported that Defense had inadequate management over its Y2K program and lacked basic information on program costs, systems to be remediated, and interfaces. These problems seriously threaten the department's chances of successfully meeting the Y2K deadline for its mission critical systems. We have recommended numerous improvements for critical matters, such as data exchanges, testing, and contingency planning. DOD concurred with these recommendations and agreed to implement them. However, DOD still remains behind OMB deadlines in its overall efforts to address its mission critical systems. In September of 1998, we reported that, although the Health Care Financing Administration (HCFA) had made improvements in its Y2K management in response to our May, 1997, recommendations, HCFA and its contractors were severely behind schedule in repairing, testing, and implementing the mission critical systems supporting Medicare. Given the magnitude of the tasks, the risks, and the limited time remaining, we concluded that it was highly unlikely that all of the Medicare systems would be compliant in time to insure the delivery of uninterrupted benefits and services. Again, we made additional recommendations to HCFA to put the program in place. HCFA has concurred. However, they remain an area of concern and on the Tier 1 list. With regard to the Federal Aviation Administration (FAA), the FAA has made progress in managing its Y2K problem. However, less than 17 months ago, FAA still had to correct, test, and implement many of its mission critical systems. Accordingly, FAA must determine how to insure continuity of critical operations in the event that some systems fail. All agencies, even those making good progress, still need to be concerned with other critical elements, including data exchanges both within and outside the agency, embedded systems, and infrastructure issues such as telecommunications and electrical power. Mr. Chairman, we also saw in the Washington area this past weekend what effect an interruption of electrical power can have because if you do not have electricity, in many cases nothing works, whether you have the systems ready or not. And so the infrastructure issues are important. Further, the most critical elements of a good mitigation program are now facing all agencies: the need for rigorous end to end testing of key business processes and the development of business continuity plans so that those processes can continue in the event of an unexpected, or even an expected, failure. The Senate Appropriations Committee is naturally concerned with the cost of this program and with receiving assurances that the money is being well spent. I now turn, Mr. Chairman, to the second visual display which notes that in November, 1998, individual agencies estimated that they would collectively expend about $7.2 billion to address the Y2K program. This is about triple their aggregate original estimate made in February, 1997. Unfortunately, we simply do not have enough data to tell you if more will be needed. I can tell you that we have consistently been concerned with historically optimistic and incomplete agency expenditure estimates. In addition, agencies are now beginning to test systems where most experts estimate that at least 50 percent of the total Y2K related costs will occur. About half, I believe, of the supplemental appropriation for the civilian agencies has already been allocated by OMB. So we should know in the not too distant future whether or not additional sums will be necessary. Furthermore, the necessary allowances for funding contingency plans have not, for the most part, been made, and it is absolutely critical that they be done and that the estimated economic and funding aspect be ascertained. With regard to sector readiness, the government's response to the Year 2000 challenge is only one dimension of the challenge. Our Nation's reliance on a complex array of public and private enterprises, having scores of system interdependencies at all levels, accentuates the potential repercussions of a single failure. It is essential that the Year 2000 issue be adequately addressed in arenas beyond the Federal Government--for example, in State and local governments, the public infrastructure, and other key economic sectors. State and local governments are responsible for implementing many national programs, such as Food Stamps and Medicaid. They also provide vital local and regional services. Accordingly, Year 2000 induced failures could result in payment delays felt at the local level or an interruption of key public services, such as law enforcement, traffic management, and emergency and health services. For example, our survey of State systems using Federal welfare programs reveals that the majority of them were not yet Y2K compliant. Failure to complete Y2K conversion in a timely manner could result in billions of dollars in benefit payments not being delivered. In an attempt to prevent this for Medicaid systems, HCFA has recently hired a contractor to independently verify and validate State systems. Importantly, Mr. Chairman, much of the data outside of the Federal Government is self reported data and, therefore, not verified. Fortunately, in some circumstances, where there are critical systems that the Federal Government must rely upon for delivery of Federal programs at the State and local level, this is one example where the Federal Government is taking steps to try to obtain some validity and verifiability of what is being done at the State and local level. But other efforts are necessary. The public infrastructure, including critical areas such as power, water, and telecommunications, is particularly important because most, if not all, major enterprises rely on these essential elements for daily functioning. Other key economic sectors, such as health, safety, and emergency services, banking and finance, transportation, and manufacturing and small business, are also important. These sectors are critical. Yet the Nation has not had a complete picture of their readiness. In our April, 1998, report, we recommended the President's Council on Year 2000 Conversion develop such a comprehensive picture to include identifying and assessing the Nation's key economic sectors, including risks imposed by international links. We also recommended that the council use a sector based approach and establish effective public/private partnerships necessary to address this issue. The council did subsequently adopt a sector based focus and has been initiating outreach activities since it became operational last spring. More recently, in October of 1998, the chair directed the council's sector working groups to begin assessing their sectors. Their first report, issued on January 7, summarizes information collected to date and indicates that many organizations are still working to gather material on sector status. Mr. Chairman, the effectiveness of the recent legislation that was passed, the Safe Harbor and Public Disclosure Information legislation that was passed, might be best assessed with the success the council will have in being able to gather this type of information. Since you know that this information is being gathered at the request of the Federal Government, therefore it should be covered by the legislation that was passed this past fall. Hopefully, that will be enough to provide assurances and incentives for individuals to provide the necessary information. If it does not, it may then need a relook as to whether additional legislation might be necessary at that time. International concerns are underscored by a September, 1998, report by the Organization for Economic Cooperation and Development (OECD). That OECD report stated that: while awareness is increasing, the amount of remediation still required is daunting; significant negative economic impact is likely in the short-term, although much uncertainty exists about the extent of Y2K induced disruptions; governments face a major public management challenge requiring acceleration of their own preparations and stronger leadership; and stronger international cooperation is essential, especially in conjunction with cross border testing. Fortunately, it is clear that the United States has taken the lead in this area and is far ahead of much of the world in addressing this issue. The United States has also attempted to promote international dialog on the Y2K problem. The chair of the President's Council has met with the United Nations and other international bodies and helped organize a significant December, 1998, National Y2K Coordinators Meeting, attended by over 120 countries, hosted by the U.N. Working Group on Informatics. This meeting should help encourage the establishment of regional coordinating mechanisms and foster greater international dialog on the Year 2000 issue. However, time is running out and the January 1 date will not change. Let me talk about GAO's commitment to serve. Mr. Chairman, to date, GAO has issued over 70 reports and made dozens of recommendations to individual agencies and OMB. These recommendations have led to significant improvements in program management as well as real progress in improving the prospects of key government operations functioning next year. We have worked closely with this committee and other committees, including the special Y2K committees in both the Senate and the House, conducting and reporting on this work. Additionally, our guides on project planning, business continuity planning, and testing are used by most agencies as well as private sector companies in organizing and managing their remediation efforts. They are also now being used around the world by many of our counterparts. Further, we continue to serve as a resource base for other audit agencies as well as the general public. Our Year 2000 material is now available on our web site--www.gao.gov--and has been accessed by thousands and thousands of organizations as well as concerned citizens. We have also worked with our sister audit agencies at all levels, both domestically and internationally, to increase their capability to evaluate and discharge their areas of responsibility in their respective countries and jurisdictions. For example, we have worked with Federal Inspectors General at a number of agencies to insure adequate audit coverage at their agencies. We have established a working relationship with State auditors to provide them with audit guidance. In addition, I personally have discussed the Year 2000 issue with the leadership of numerous audit institutions, my counterparts, across the world and have provided them with access to our material and guidance, both through electronic and other means. Mr. Chairman, highlighting and addressing the Y2K challenge is a vivid example of the impact that GAO can have by working with the Congress to make a difference for the government, our country, and the American people. I can assure you that our commitment in this area will continue. In conclusion, we feel confident that progress is being made. But I can place confidence only in what we know to be fact. This represents a particular challenge since much of the Y2K data is based on self reported information. History has shown that one should not place undue reliance on self reported information. Fortunately, efforts are being taken to provide reasonable, but not absolute, verification of the work being done on mission critical systems in the Federal Government, including work by GAO and others. Based on these efforts, we feel confident that Federal agencies have processes in place to address this important challenge and have made considerable progress in addressing the Year 2000 problem. We are also confident in stating that progress does not win you medals. To get the medal you have to finish on time with no or minimal disruption. Now is not the time to become complacent over the current level of progress. In order to make sure that these risks are minimized, we need to insure that the following is done. First, it is critical for agencies to assure that, given the limited time remaining to address this challenge, they establish key priorities, they rigorously test these systems and these changes, and they have thorough business continuity and contingency plans that are prepared and, as appropriate, implemented. Management controls need to be in place to assure that these processes are completed and that they are reported on on a timely basis and in an accurate manner. Our recommendations concerning the Conversion Council need to be completely implemented with regular, timely, and complete reports being developed for each business sector. It is imperative that more complete information on the status of each economic and infrastructure sector be developed as quickly as possible so that appropriate contingency efforts can be developed and implemented as necessary. Last but not least, continued Congressional oversight is required, both on the fiscal aspects as well as the readiness aspects of this challenge. This committee should require agencies to report on a regular basis the estimated costs of their Y2K effort, the amount of money expended to date, and the amount, if any, of additional funding required. Congress should also continue to provide oversight of individual agency readiness. This oversight has been vital in focusing attention on problem areas and assuring that this issue is a top priority for Federal agencies. The establishment of the Senate Special Committee on the Year 2000 Technology Problem has added an important impetus and critical focus to this problem. Senator Bennett, as committee chair, has already taken the lead in providing oversight over banking regulators and the readiness of the Nation's banking institutions. This committee has made significant contributions to developing a better understanding of the issues connected with all aspects of the Y2K problem, particularly those associated with key economic and infrastructure sectors. As ex officio members, Mr. Chairman, you and Senator Byrd provide a critical link to the appropriations process. prepared statement Mr. Chairman, that concludes my statement. I would be more than happy to answer any questions that you or the other Senators might have. Thank you. [The statement follows:] Prepared Statement of David M. Walker Mr. Chairman and Members of the Committee: I am pleased to appear today to discuss progress being made in addressing the Year 2000 computing challenge and to outline actions needed to ensure a smooth conversion to the next century. While our country is considered among the leaders in addressing this issue, the fact remains that both public and private organizations still face a daunting task in providing reasonable assurance that it will truly be business as usual beginning on January 1, 2000 and continuing throughout this pivotal transition year. The federal government--with its widespread dependence on large- scale, complex computer systems to deliver vital public services and carry out its massive operations--faces an especially enormous and difficult task. Unless adequately confronted, Year 2000--or Y2K-- computing problems could lead to serious disruptions in key federal operations, ranging from national defense to benefits payments to air traffic management. Consequently, in February 1997, GAO designated the Year 2000 computing problem as a high-risk area. Our purpose was to stimulate greater attention to assessing the government's exposure to Year 2000 risks and to strengthen planning for achieving Year 2000 compliance for mission-critical systems. Fortunately, the past 2 years have witnessed marked improvement in preparedness as the government has revised and intensified its approach to this problem. Significant challenges, however, remain--and time is running out. In particular, complete and thorough Year 2000 testing is essential to providing reasonable assurance that new or modified systems be able to process dates correctly and not jeopardize agencies' ability to perform core business operations. Moreover, adequate business continuity and contingency plans must be successfully completed throughout government. The scope of the Year 2000 problem extends well beyond federal operations; it spans the entire spectrum of our national as well as global economy. Accordingly, in concert with our recommendations, the President's Council on Year 2000 Conversion has been reaching out to the private sector, state and local governments, and to other countries to increase awareness. Working with these entities, the Council also has begun to assess the readiness of various sectors, including power, water, telecommunications, health care, and emergency services. At this juncture, however, a comprehensive picture of the nation's readiness is lacking. A great deal more needs to be done--both domestically and internationally--to effectively determine readiness and prepare necessary contingency plans. Such actions are imperative to ensure that technology-dependent services continue to operate reliably after the turn of the century, with minimal disruption. the federal government has enhanced its approach Since February 1997, action to address the Year 2000 threat has intensified. In response to a growing recognition of the challenge and urging from congressional leaders and others, the administration strengthened the government's Year 2000 preparation, and expanded its outlook beyond federal agencies. In February 1998 the President took a major step in establishing the President's Council on Year 2000 Conversion. He established the goal that no system critical to the federal government's mission experience disruption because of the Year 2000 problem, and charged agency heads with ensuring that this issue receives the highest priority attention. Further, the President tasked the Chair of the Council with: being chief spokesperson on Year 2000 issues in national and international forums; overseeing Year 2000 activities of federal agencies; providing Year 2000 policy coordination of executive branch activities with state, local, and tribal governments; and promoting appropriate federal roles with respect to private-sector activities. Among the initiatives the Chair has implemented in carrying out these responsibilities are attending monthly meetings with senior managers of agencies that are not making sufficient progress; establishing numerous working groups to increase awareness of and gain cooperation in addressing the Year 2000 problem in various economic sectors; and emphasizing the importance of federal/state data exchanges. OMB, for its part, has tightened requirements on agency reporting of Year 2000 progress. It now requires that, beyond the original 24 major departments and agencies that have been reporting, 9 additional agencies (such as the Tennessee Valley Authority and the Postal Service) report quarterly on their Year 2000 progress, and that additional information be reported from all agencies. OMB has also clarified instructions for agencies relative to preparing business continuity and contingency plans. Further, OMB places each of the 24 major agencies into one of three tiers after receiving its quarterly progress report, determined by OMB's judgment as to whether evidence of the agency's reported progress is or is not sufficient. Several agencies have reported substantial progress in repairing or replacing systems to be Year 2000 compliant. For example, in October 1997 we had reported that SSA had made significant progress in assessing and renovating mission-critical mainframe software, although certain areas of risk remained.\1\ Accordingly, we made several recommendations to address these risks, including the development of business continuity and contingency plans. SSA agreed; in July 1998 we reported that actions to implement these recommendations had either been taken or were underway.\2\ --------------------------------------------------------------------------- \1\ Social Security Administration: Significant Progress Made in Year 2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997). \2\ Social Security Administration: Subcommittee Questions Concerning Information Technology Challenges Facing the Commissioner (GAO/AIMD-98-235R, July 10, 1998). --------------------------------------------------------------------------- As federal agencies have more fully realized the complexities and extent of necessary Year 2000 activities, their costs have correspondingly risen. As our first chart illustrates, the government's 24 major departments and agencies' Year 2000 cost estimates more than tripled between February 1997 and November 1998. There are too many uncertainties to determine whether this cost escalation trend has ended. One of the most essential ongoing tasks, testing, could consume additional resources; experience is showing that testing is taking between 50 and 70 percent of a project's time and resources. In addition, agencies may find that the planning and possible implementation of business continuity and contingency plans could increase costs. As a result of these factors, the Congress needs to continue to keep apprised of agencies' Year 2000 efforts and their associated costs. Chart 1.--Federal Government's Estimated Year 2000 Costs In billions February 1997..................................................... $2.5 May 1997.......................................................... 2.7 August 1997....................................................... 3.8 November 1997..................................................... 3.9 February 1998..................................................... 4.7 May 1998.......................................................... 5.0 August 1998....................................................... 6.3 November 1998..................................................... 7.2 Note.--The August 1998 figure of $6.3 billion and the November 1998 figure of $7.2 billion are the totals of all individual submissions from the 24 major departments and agencies that were generally submitted on August 14th and November 13th, respectively. In its summaries of the agency reports, OMB reported the government's total estimated Year 2000 costs as $5.4 billion and $6.4 billion, respectively. For the August 1998 costs, OMB did not include all costs in its estimate because, for example, it was still reviewing some of the estimates provided by the agencies. For the November 1998 costs, OMB did not provide explanations in its report for the discrepancies between the agency reports and its estimates for 15 of the 18 agencies with differences. Source.--February 1997 data is from OMB's report Getting Federal Computers Ready for 2000, February 6, 1997. May 1997 to May 1998 data are from OMB's quarterly reports. The August and November 1998 data are from the quarterly reports of the 24 major federal departments and agencies. --------------------------------------------------------------------------- Many congressional committees have played a central role in addressing the Year 2000 challenge by holding agencies accountable for demonstrating progress and by heightening public appreciation of the problem. As you know, the Senate formed a Special Committee on the Year 2000 Technology Problem, under the chairmanship of Senator Bennett, which held hearings on the readiness of key economic sectors, including power, health care, telecommunications, transportation, financial services, emergency services, and general business. The House called on the Subcommittee on Government Management, Information and Technology of the Committee on Government Reform; and the Subcommittee on Technology of the Committee on Science to co-chair the House's Year 2000 monitoring.\3\ --------------------------------------------------------------------------- \3\ We will also be testifying today before the House Government Reform and Science Committees on actions needed to address the Year 2000 computing issue. --------------------------------------------------------------------------- These committees and others have held many hearings to obtain information on the Year 2000 readiness of federal agencies, states, localities, and other important nonfederal entities, such as the securities industry. The Congress also passed important Year 2000 legislation. In October 1998 it passed--and the President signed--the Year 2000 Information and Readiness Disclosure Act. Its purposes include (1) promoting the free disclosure and exchange of information related to Year 2000 readiness and (2) lessening the burdens on interstate commerce by establishing certain uniform legal principles in connection with the disclosure and exchange of information related to Year 2000 readiness. In addition, the Congress passed (and the President signed) the Omnibus Consolidated and Emergency Supplemental Appropriations Act, 1999, which included $3.35 billion in contingent emergency funding for Year 2000 conversion activities. gao's efforts to help meet the challenge As you know, GAO has been very active in working with the Congress as well as federal agencies to both strengthen agency processes and to evaluate their progress in addressing these challenges. To help agencies mitigate their Year 2000 risks, we produced a series of Year 2000 guides. The first of these, on enterprise readiness, provides a systematic, step-by-step approach for agency planning and management of its Year 2000 program.\4\ The second, on business continuity and contingency planning, provides a structured approach to helping agencies ensure minimum levels of service through proper planning.\5\ Our third guide sets forth a disciplined approach to Year 2000 testing.\6\ Federal agencies and other organizations have used these guides widely to help organize and manage their Year 2000 programs. --------------------------------------------------------------------------- \4\ Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD- 10.1.14, issued as an exposure draft in February 1997 and in final form in September 1997). \5\ Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19, issued as an exposure draft in March 1998 and in final form in August 1998). \6\ Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21, issued as an exposure draft in June 1998 and in final form in November 1998). --------------------------------------------------------------------------- In addition, we have issued over 70 reports and testimony statements detailing specific findings and made over 100 recommendations related to the Year 2000 readiness of the government as a whole and of a wide range of individual agencies.\7\ These recommendations have been almost universally embraced. --------------------------------------------------------------------------- \7\ A list of reports and testimony on the Year 2000 problem is attached to this statement. It can also be found on the Internet at GAO's World Wide Web site at www.gao.gov/y2kr.htm. --------------------------------------------------------------------------- Our recommendations have centered on the following: Project planning.--We have recommended better organizational planning and management oversight--including systems inventorying and analysis--in a number of programs and entities. Priority-setting.--With over 2,600 mission-critical systems still needing to be made Year 2000 compliant, it is important to establish priorities. Resources need to be focused on those business processes and supporting systems that could threaten national security, the economy, the health and safety of Americans, or their financial well- being. Data exchanges.--To remediate their data exchanges, agencies must (1) identify those that are not Year 2000 compliant, (2) reach agreement with exchange partners (such as states) on the date format to be used, (3) determine if data bridges and filters are needed and, if so, reach agreement on their development, (4) develop and test such bridges and filters, and (5) test and implement new exchange formats. Testing.--Agencies should perform thorough testing of their systems, including end-to-end testing of multiple systems supporting a major business function. Business continuity and contingency planning.--Given the interdependencies among agencies, their business partners, and the public infrastructure, it is imperative that contingency plans be developed for all critical core business processes and supporting systems, regardless of whether these systems are owned by the agency. In addition to our work at federal agencies, we have promoted Year 2000 awareness and solutions--both in the United States and abroad--by publishing our guides and reports and making them available on our World Wide Web site. I also discussed the Year 2000 issue with the leadership of audit organizations from around the world at a recent international conference. I subsequently wrote to these leaders to draw greater attention to this issue, and to share with them our recent publications. serious risks remain While much has been accomplished and real progress has been made in addressing the Year 2000 problem, both risks and challenges remain. Our reviews of federal Year 2000 programs have found uneven progress; some major agencies are significantly behind schedule and are at high risk that they will not correct all of their mission-critical systems in time. As the time remaining diminishes, it becomes increasingly difficult to ensure that all mission-critical systems will be compliant in time. Chart 2 shows OMB's assessment of agencies' Year 2000 progress on the basis of their November 1998 quarterly reports. ---------------------------------------------------------------- Chart 2.--OMB's Assessment of Agencies' Year 2000 Progress (November 1998) tier 1: agencies demonstrating insufficient evidence of progress Defense, Energy, HHS, State, Transportation, and AID. tier 2: agencies showing evidence of progress but about which omb has concerns Agriculture, Commerce, Education, Justice, Labor, Treasury, and OPM. tier 3: agencies making satisfactory progress HUD, Interior, VA, EPA, FEMA, GSA, NASA, NSF, NRC, SBA, and SSA. ---------------------------------------------------------------- We have made detailed recommendations to agencies responsible for some of the government's most essential services. For example: --DOD and the military services face the threat of significant problems.\8\ In April 1998 we reported that the department lacked complete and reliable information on systems, interfaces, other equipment needing repair, and the cost of its correction efforts.\9\ We found that these and other problems seriously threatened the department's chances of successfully meeting the Year 2000 deadline for its mission-critical systems. Further, taken together, the problems in Defense's Year 2000 program made failure of at least some mission- critical systems and the operations they support almost certain unless corrective actions were taken. We have recommended numerous improvements for critical matters such as data exchanges, testing, and contingency planning; DOD concurred with these recommendations and agreed to implement them. --------------------------------------------------------------------------- \8\ Defense Computers: Year 2000 Computer Problems Put Navy Operations At Risk (GAO/AIMD-98-150, June 30, 1998); Defense Computers: Army Needs to Greatly Strengthen Its Year 2000 Program (GAO/AIMD-98-53, May 29, 1998); Defense Computers: Year 2000 Computer Problems Threaten DOD Operations (GAO/AIMD-98-72, April 30, 1998); and Defense Computers: Air Force Needs to Strengthen Year 2000 Oversight (GAO/AIMD-98-35, January 16, 1998). \9\ GAO/AIMD-98-72, April 30, 1998. --------------------------------------------------------------------------- --We reported\10\ that although the Health Care Financing Administration (HCFA) had made improvements in its Year 2000 management, the agency and its contractors were severely behind schedule in repairing, testing, and implementing the mission- critical systems supporting Medicare. Given the magnitude of the task and the risks and limited time remaining, in September 1998 we concluded that it was highly unlikely that all Medicare systems would be compliant in time to ensure uninterrupted delivery of benefits and services. To improve the prospects for success, we recommended that HCFA (1) rank its remaining Year 2000 work on the basis of an integrated project schedule, (2) ensure that all critical tasks are prioritized and completed in time to prevent unnecessary delays, (3) define the scope of an end-to-end test of the claims process and develop plans and a schedule for conducting such a test, (4) develop a risk management process, and (5) accelerate the development of business continuity and contingency plans. HCFA has agreed to implement these recommendations. --------------------------------------------------------------------------- \10\ Medicare Computer Systems: Year 2000 Challenges Put Benefits and Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998). --------------------------------------------------------------------------- --As we reported in August 1998,\11\ FAA had made progress in managing its Year 2000 problem and had completed critical steps in defining which systems needed to be corrected and how to accomplish this. The agency had acted upon several of our recommendations from earlier in the year, including making final a Year 2000 strategy and setting priorities.\12\ However, with less than 17 months to go, FAA still had to correct, test, and implement many of its mission-critical systems. Accordingly, FAA must determine how to ensure continuity of critical operations in the event that some systems fail. --------------------------------------------------------------------------- \11\ FAA Systems: Serious Challenges Remain in Resolving Year 2000 and Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998). \12\ FAA Computer Systems: Limited Progress on Year 2000 Issue Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998) and Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems Failures (GAO/T-AIMD-98-63, February 4, 1998). --------------------------------------------------------------------------- Such examples underscore the difficulties confronting agencies to make up for lost time; Year 2000 testing alone is consuming between 50 and 70 percent of a project's time and resources. Thorough testing is essential to providing reasonable assurance that new or modified systems can process dates correctly and will not jeopardize an organization's ability to perform core business functions after the change of century. Even for agencies that are making good progress, other critical issues must be successfully resolved; these include data exchanges, telecommunications, and embedded systems.\13\ First, should the government's hundreds of thousands of data exchanges not be Year 2000 compliant, data either will not be successfully exchanged or invalid data could cause the receiving computer systems to malfunction or produce inaccurate computations. Second, the government depends heavily on the telecommunications infrastructure; reliable services are made possible by a complex web of highly interconnected networks supported by national and local carriers and service providers, equipment manufacturers and suppliers, and customers. Third, the century change could cause problems for the many embedded computer systems used to control, monitor, or assist in operations. --------------------------------------------------------------------------- \13\ Embedded systems are special-purpose computers built into other devices. Examples include systems in elevators, heating and air conditioning units, and biomedical devices, such as cardiac defibrillators, and cardiac monitoring systems, which can record, process, analyze, display, and/or transmit medical data. (See Year 2000 Computing Crisis: Compliance Status of Many Biomedical Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998).) --------------------------------------------------------------------------- If issues such as these are not adequately addressed, the impact of Year 2000 failures could disrupt vital government operations. Moreover, federal agencies depend on data provided by their business partners, as well as on services provided by the public infrastructure (power, water, transportation, and voice and data telecommunications). One weak link anywhere in the chain of critical dependencies can cause a cascading effect of major shutdowns of business operations. Consequently, it is imperative that contingency plans be developed for all critical core business processes and supporting systems, regardless of whether these systems are owned by the agency. Without such plans, when unpredicted failures occur, agencies will lack well-defined responses, and may not have enough time to develop and test alternatives. the nation as a whole faces significant year 2000 challenges Our nation's reliance on the complex array of public and private enterprises having scores of system interdependencies at all levels accentuates the potential repercussions a single failure could cause. It is essential that Year 2000 issues be adequately addressed in arenas beyond the federal government: state and local governments, the public infrastructure, and other key economic sectors. State and local governments are responsible for the implementation of many national programs--such as food stamps and Medicaid--while also providing vital local and regional services. Accordingly, Year 2000- induced failures could result in payment delays felt at the local level, or in the interruption of key public services such as law enforcement, traffic management, and emergency and health services. For example, our survey of the state systems used in federal welfare programs revealed that the majority of them were not yet Year 2000 compliant.\14\ Failure to complete Year 2000 conversion could result in billions of dollars in benefits payments not being delivered. In an attempt to prevent this for Medicaid systems, HCFA recently hired a contractor to independently verify and validate state systems. --------------------------------------------------------------------------- \14\ Year 2000 Computing Crisis: Readiness of State Automated Systems to Support Federal Welfare Programs (GAO/AIMD-99-28, November 6, 1998). The survey was conducted in July and August 1998 and included the following welfare programs: Medicaid; Temporary Assistance for Needy Families; Women, Infants, and Children; food stamps; child support enforcement; child care; and child welfare. Forty-nine states, the District of Columbia, and three territories responded to our survey. --------------------------------------------------------------------------- The public infrastructure, including critical areas such as power, water, and telecommunications, is particularly important because most, if not all, major enterprises rely on these essential elements for daily functioning. Other key economic sectors include health, safety, and emergency services; banking and finance; transportation; and manufacturing and small business. These sectors are critical, yet the nation has not had a complete picture of their readiness. Accordingly, in our April 1998 report,\15\ we recommended that the President's Council on Year 2000 Conversion develop such a comprehensive picture, to include identifying and assessing risks to the nation's key economic sectors--including risks posed by international links. We also recommended that the Council use a sector-based approach and establish the effective public-private partnerships necessary to address this issue. --------------------------------------------------------------------------- \15\ Year 2000 Computing Crisis: Potential for Widespread Disruption Calls for Strong Leadership and Partnerships (GAO/AIMD-98- 85, April 30, 1998). --------------------------------------------------------------------------- The Council adopted a sector-based focus and has been initiating outreach activities since it became operational last spring. More recently, in October 1998, the Chair directed the Council's sector working groups to begin assessing their sectors. The Chair, in turn, plans to issue periodic public reports summarizing these assessments. The assessments will be used to help prepare contingency plans and aid in crisis management, in which the Council will respond to disruptions that may arise in critical services. The first such report, issued on January 7, 1999, summarizes information collected to date by the working groups and various trade associations.\16\ The Council acknowledged that readiness data in certain industries were not yet available and, therefore, were not included in the report. --------------------------------------------------------------------------- \16\ First Quarterly Summary of Assessment Information (The President's Council on Year 2000 Conversion, January 7, 1999). --------------------------------------------------------------------------- The Council's report is a good step toward obtaining a picture of the nation's Year 2000 readiness. However, the Council must remain vigilant and closely monitor and update the information in the sectors where information is available and obtain information for those where it is not. Particular attention should be paid to the public infrastructure, including critical areas such as power, water, and telecommunications since most, if not all, major enterprises rely on these essential elements for daily functioning. Other key economic sectors include health, safety, and emergency services; banking and finance; transportation; and manufacturing and small business. In addition, with the advent of electronic communication and international commerce, the United States is also critically dependent on international Year 2000 readiness. Completing these activities is absolutely vital to adequately understanding the full range of national and international risks. International concerns are underscored by a September 1998 report by the Organization for Economic Co-operation and Development.\17\ This report stated that (1) while awareness is increasing, the amount of remediation still required is daunting, (2) significant negative economic impact is likely in the short term, although much uncertainty exists about the extent of Year 2000-induced disruptions, (3) governments face a major public management challenge requiring acceleration of their own preparations and stronger leadership, and (4) stronger international cooperation is essential, especially in conjunction with cross-border testing. --------------------------------------------------------------------------- \17\ The Organization for Economic Co-operation and Development surveyed its member countries and reviewed existing studies and media reports on the Year 2000 problem and issued a report on its findings, The Year 2000 Problem: Impacts and Actions (September 1998). The organization's 29 member countries are Australia, Austria, Belgium, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden, Switzerland, Turkey, the United Kingdom, and the United States. --------------------------------------------------------------------------- In addition to addressing domestic Year 2000 issues, the United States has attempted to promote international dialog on the problem. In June 1998 the United Nations General Assembly adopted a resolution on the global implications of the Year 2000 issue. The resolution recognized that effective operation of governments, companies, and other organizations was threatened by the century change, and coordinated efforts were required to address it. The resolution went on to request that all member countries attach a high priority to raising the level of awareness and to consider appointing a nationwide coordinator to tackle the problem. The Chair of the President's Council also has met with the United Nations and other international bodies, and helped organize a December 1998 National Y2K Coordinators' meeting attended by over 120 countries, hosted by the United Nations' Working Group on Informatics. This meeting should help encourage the establishment of regional coordinating mechanisms and foster greater international dialog on the Year 2000 issue. In conclusion, considerable progress has been made in addressing the Year 2000 challenge. It is clear that federal agencies have now made the Year 2000 a top priority. It is equally clear, however, that much more needs to be done. It is critical that agency priorities continue to be set, rigorous testing be completed, and thorough business continuity and contingency plans be prepared. Further, aggressive and sustained action must continue in assessing and mitigating national and international risks in both the public infrastructure and key economic sectors. Such efforts require federal leadership, effective public-private partnerships, and international cooperation. Congressional leadership and oversight of the Year 2000 issue have been instrumental in raising awareness and spurring needed action; such continued leadership on the part of the Congress will be crucial. For our part, we will continue to support the Congress' oversight efforts by evaluating the effectiveness of the federal government's Year 2000 actions and advancing constructive suggestions for mitigating the risk of serious Year 2000 disruption. Mr. Chairman, this concludes my statement. I will be pleased to respond to any questions that you or other members of the Committee may have at this time. gao reports and testimony addressing the year 2000 problem Status Information: FAA's Year 2000 Business Continuity and Contingency Planning Efforts Are Ongoing (GAO/AIMD-99-40R, December 4, 1998) Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21, November 1998) Year 2000 Computing Crisis: Readiness of State Automated Systems to Support Federal Welfare Programs (GAO/AIMD-99-28, November 6, 1998) Year 2000 Computing Crisis: Status of Efforts to Deal With Personnel Issues (GAO/AIMD/GGD-99-14, October 22, 1998) Year 2000 Computing Crisis: Updated Status of Department of Education's Information Systems (GAO/T-AIMD-99-8, October 8, 1998) Year 2000 Computing Crisis: The District of Columbia Faces Tremendous Challenges in Ensuring That Vital Services Are Not Disrupted (GAO/T-AIMD-99-4, October 2, 1998) Medicare Computer Systems: Year 2000 Challenges Put Benefits and Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998) Year 2000 Computing Crisis: Leadership Needed to Collect and Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-98- 310, September 24, 1998) Year 2000 Computing Crisis: Compliance Status of Many Biomedical Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998) Year 2000 Computing Crisis: Significant Risks Remain to Department of Education's Student Financial Aid Systems (GAO/T-AIMD-98-302, September 17, 1998) Year 2000 Computing Crisis: Progress Made at Department of Labor, But Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998) Year 2000 Computing Crisis: Federal Depository Institution Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-98- 305, September 17, 1998) Year 2000 Computing Crisis: Federal Reserve Is Acting To Ensure Financial Institutions Are Fixing Systems But Challenges Remain (GAO/ AIMD-98-248, September 17, 1998) Responses to Questions on FAA's Computer Security and Year 2000 Program (GAO/AIMD-98-301R, September 14, 1998) Year 2000 Computing Crisis: Severity of Problem Calls for Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-278, September 3, 1998) Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships Needed to Reduce Likelihood of Adverse Impact (GAO/T-AIMD- 98-277, September 2, 1998) Year 2000 Computing Crisis: Strong Leadership and Effective Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276, September 1, 1998) Year 2000 Computing Crisis: State Department Needs To Make Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-162, August 28, 1998) Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000 Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998) Year 2000 Computing Crisis: Progress Made in Compliance of VA Systems, But Concerns Remain (GAO/AIMD-98-237, August 21, 1998) Year 2000 Computing Crisis: Avoiding Major Disruptions Will Require Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-267, August 19, 1998) Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266, August 17, 1998) Year 2000 Computing Crisis: Strong Leadership and Partnerships Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262, August 13, 1998) FAA Systems: Serious Challenges Remain in Resolving Year 2000 and Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998) Year 2000 Computing Crisis: Business Continuity and Contingency Planning (GAO/AIMD-10.1.19, August 1998) Internal Revenue Service: Impact of the IRS Restructuring and Reform Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998) Social Security Administration: Subcommittee Questions Concerning Information Technology Challenges Facing the Commissioner (GAO/AIMD-98- 235R, July 10, 1998) Year 2000 Computing Crisis: Actions Needed on Electronic Data Exchanges (GAO/AIMD-98-124, July 1, 1998) Defense Computers: Year 2000 Computer Problems Put Navy Operations At Risk (GAO/AIMD-98-150, June 30, 1998) Year 2000 Computing Crisis: Testing and Other Challenges Confronting Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998) Year 2000 Computing Crisis: Telecommunications Readiness Critical, Yet Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16, 1998) GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16, 1998) IRS' Year 2000 Efforts: Business Continuity Planning Needed for Potential Year 2000 System Failures (GAO/GGD-98-138, June 15, 1998) Year 2000 Computing Crisis: Actions Must Be Taken Now to Address Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998) Defense Computers: Army Needs to Greatly Strengthen Its Year 2000 Program (GAO/AIMD-98-53, May 29, 1998) Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in Ensuring That Vital Public Services Are Not Disrupted (GAO/T-AIMD-98- 167, May 14, 1998) Securities Pricing: Actions Needed for Conversion to Decimals (GAO/ T-GGD-98-121, May 8, 1998) Year 2000 Computing Crisis: Continuing Risks of Disruption to Social Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161, May 7, 1998) IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7, 1998) Air Traffic Control: FAA Plans to Replace Its Host Computer System Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R, May 1, 1998) Year 2000 Computing Crisis: Potential For Widespread Disruption Calls For Strong Leadership and Partnerships (GAO/AIMD-98-85, April 30, 1998) Defense Computers: Year 2000 Computer Problems Threaten DOD Operations (GAO/AIMD-98-72, April 30, 1998) Department of the Interior: Year 2000 Computing Crisis Presents Risk of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22, 1998) Tax Administration: IRS' fiscal year 1999 Budget Request and Fiscal Year 1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31, 1998) Year 2000 Computing Crisis: Strong Leadership Needed to Avoid Disruption of Essential Services (GAO/T-AIMD-98-117, March 24, 1998) Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-98- 116, March 24, 1998) Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-102, March 18, 1998) Year 2000 Computing Crisis: Strong Leadership and Effective Public/ Private Cooperation Needed to Avoid Major Disruptions (GAO/T-AIMD-98- 101, March 18, 1998) Post-Hearing Questions on the Federal Deposit Insurance Corporation's Year 2000 (Y2K) Preparedness (AIMD-98-108R, March 18, 1998) SEC Year 2000 Report: Future Reports Could Provide More Detailed Information (GAO/GGD/AIMD-98-51, March 6, 1998) Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear Powerplants (GAO/AIMD-98-90R, March 6, 1998) Year 2000 Computing Crisis: Federal Deposit Insurance Corporation's Efforts to Ensure Bank Systems Are Year 2000 Compliant (GAO/T-AIMD-98- 73, February 10, 1998) Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems Failures (GAO/T-AIMD-98-63, February 4, 1998) FAA Computer Systems: Limited Progress on Year 2000 Issue Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998) Defense Computers: Air Force Needs to Strengthen Year 2000 Oversight (GAO/AIMD-98-35, January 16, 1998) Year 2000 Computing Crisis: Actions Needed to Address Credit Union Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998) Veterans Health Administration Facility Systems: Some Progress Made In Ensuring Year 2000 Compliance, But Challenges Remain (GAO/AIMD-98- 31R, November 7, 1997) Year 2000 Computing Crisis: National Credit Union Administration's Efforts to Ensure Credit Union Systems Are Year 2000 Compliant (GAO/T- AIMD-98-20, October 22, 1997) Social Security Administration: Significant Progress Made in Year 2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997) Defense Computers: Technical Support Is Key to Naval Supply Year 2000 Success (GAO/AIMD-98-7R, October 21, 1997) Defense Computers: LSSC Needs to Confront Significant Year 2000 Issues (GAO/AIMD-97-149, September 26, 1997) Veterans Affairs Computer Systems: Action Underway Yet Much Work Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174, September 25, 1997) Year 2000 Computing Crisis: Success Depends Upon Strong Management and Structured Approach, (GAO/T-AIMD-97-173, September 25, 1997) Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14, September 1997) Defense Computers: SSG Needs to Sustain Year 2000 Progress (GAO/ AIMD-97-120R, August 19, 1997) Defense Computers: Improvements to DOD Systems Inventory Needed for Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997) Defense Computers: Issues Confronting DLA in Addressing Year 2000 Problems (GAO/AIMD-97-106, August 12, 1997) Defense Computers: DFAS Faces Challenges in Solving the Year 2000 Problem (GAO/AIMD-97-117, August 11, 1997) Year 2000 Computing Crisis: Time is Running Out for Federal Agencies to Prepare for the New Millennium (GAO/T-AIMD-97-129, July 10, 1997) Veterans Benefits Computer Systems: Uninterrupted Delivery of Benefits Depends on Timely Correction of Year 2000 Problems (GAO/T- AIMD-97-114, June 26, 1997) Veterans Benefits Computer Systems: Risks of VBA's Year 2000 Efforts (GAO/AIMD-97-79, May 30, 1997) Medicare Transaction System: Success Depends Upon Correcting Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997) Medicare Transaction System: Serious Managerial and Technical Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997) Year 2000 Computing Crisis: Risk of Serious Disruption to Essential Government Functions Calls for Agency Action Now (GAO/T-AIMD-97-52, February 27, 1997) Year 2000 Computing Crisis: Strong Leadership Today Needed To Prevent Future Disruption of Government Services (GAO/T-AIMD-97-51, February 24, 1997) High-Risk Series: Information Management and Technology (GAO/HR-97- 9, February 1997) Chairman Stevens. Thank you very much. Again, my greatest concern is about the funding. Have you come across any agencies that are not doing some of the work that you have suggested because of cost? Mr. Walker. It is my understanding, Mr. Chairman, that we have not seen that to date, although we have not received adequate information to be able fully to assess that. The real challenge that we have seen to date is really not the issue of financial resources. It is human capital resources. It is being able to have enough people, either internally within the organization or externally as supplemental resources, in order to attack this problem in the amount of time that is left. I would ask Gene if he has any supplemental comments. Mr. Dodaro. The main issue that we have seen related to cost--and we have made a number of recommendations--is that agencies were not making complete cost estimates. This is part of a deficiency in project management early-on. They did not have complete inventories of their systems. They had not assessed their Y2K risks extensively. This is why you have seen the costs go up. As they have implemented better program management tools and assessed their vulnerabilities, they have revised their cost estimates accordingly. We have made a number of recommendations in that regard. So the cost estimates we would expect will continually be revised because, as Mr. Walker pointed out in his comments, we are right in the midst of testing. I think the results of testing could yield additional costs that may be needed to make repairs that were not anticipated. Also, agencies are now completing business continuity and contingency plans. Now the execution of those contingency plans might require additional resources. For example, they might need to hire additional people to conduct manual operations and work-arounds around their systems. Those contingency plans have not yet been completed and that is one of the suggestions that we have, that costs associated with those contingency plans be specifically highlighted in the OMB quarterly reports. The other cost dimension of this issue which is very important is that, as problems occur potentially--and we think they are going to occur at the State and local level and at other aspects across the Nation--the Federal Government will be de facto asked to provide additional assistance outside of just the Federal agencies being remediated. This aspect of cost has not been given full attention as well. Chairman Stevens. Thank you. Yes, Mr. Walker. Mr. Walker. Mr. Chairman, an important point I think needs to be made to supplement this. There are a couple of dimensions to this. One is what is the estimated total cost and, second is whether or not additional appropriations would be necessary. As you know, many Federal agencies have significant appropriated dollars as part of their baseline for information technology (IT) operations. As a result, even though the costs go up, it does not necessarily mean they will need additional appropriations. But we will continue to monitor that. Importantly, something that I do not think has been focused on enough is many agencies--in fact, probably most agencies-- have been using a large part of their discretionary baseline IT resources to deal with this Y2K issue. This means that they have not been using those resources for security and systems upgrades, and what is yet to be determined is to what extent there might be a ripple effect on future appropriations needs because a lot of the discretionary resources have been focused on Y2K and not on some of the other mission critical elements that are non-Y2K related which the government has to deal with on an ongoing basis. I think this is something we will continue to monitor to make you aware of as well. Chairman Stevens. Now this is the estimate currently of the Federal Government's Y2K costs. Is there an estimate, a global estimate, for the United States and all State, local, and private entities? Mr. Dodaro. There have been some estimates, Mr. Chairman, that have been made by the Gartner Group early on in the several tens of billions of dollars. Also, as Senator Bennett knows, because he was primarily the impetus behind having private sector organizations report under Securities and Exchange Commission (SEC) filings their costs for publicly traded corporations, those are in the hundreds of millions of dollars for some aspects of that. So there have been some estimates. We can provide those to the committee. But they are very extensive and go well beyond this. In fact, I know the securities industry alone has almost spent as much as the Federal Government has spent getting ready for the Y2K problem. [The information follows:] Gartner Group, a leading organization specializing in information technology issues, estimated in 1996 that the global cost of renovating software to be year 2000 compliant would range between $300 billion and $600 billion. In 1998, Gartner concluded that, based upon updated information, this cost range was still valid. Chairman Stevens. We tried to create a reserve for Y2K. I think it is more than two-thirds allocated now. But my fear is that we are going to get down into the last few months of the year and the costs of testing and the costs of remediation after testing are going to be so excessive that there will not be the money there to allocate to cover the costs. I would be pleased if you would take a look at that. Should we have another reserve account and if so, what restraints should there be on it? I am particularly concerned about the private sector and the State and local government sector. As the President mentioned last night, we should be working with the State and local governments and with the private sector to make sure that this headache is not the first crisis for the next millennium. Clearly, the way things are going now, it appears that we are still looking at the critical and essential missions to have priority. And yet, each one of those has a lot of tentacles hanging off of it that, if they are not similarly dealt with, we could have so many minor crises that they would add up to a major one. I do not know how to get to this funding problem. That, really, again is my major interest--that funding problem. You have not made an analysis of the private sector and State and local government requirements, I take it. You have had some reports on that, but I do not know that you have made any estimate of their requirements financially. Mr. Walker. No, Mr. Chairman, we have not done that. With regard to the Federal sector, one of our recommendations to the President's Council is that they need to have more discipline and rigor in their process of getting updates on how much money has been spent, how much is likely to be required, and whether or not there is expected to be a funding gap. That is something that we believe needs to be done. That is something we will continue to monitor and keep you apprised of. Chairman Stevens. Senator Bennett, go ahead. Senator Bennett. Excuse me, Mr. Chairman. Unfortunately, I have to leave. If I could just ask about one area, I will read the record. I apologize for asking a question and not being able to stay. I am concerned about the Postal Service. It seems to be neither fish nor fowl. That is, it is not a Federal agency. It is not listed as to which tier it is in by OMB. But, as I go around on this issue, a number of businesses say the Postal Service is as essential to their survival as any other government agency. I understand that GAO has looked at the Postal Service. The Federal Government, of course, has a very heavy investment in the Postal Service. We do have appropriated funds that go to pay for services provided to the Federal Government. When it was made a private corporation, that was all worked out. I would appreciate it if you would address that issue as well. Again, I apologize that I have a standing commitment that requires me to leave. Chairman Stevens. Thank you. I look forward to your hearings on this subject. We are trying to stay out of your area, but sometimes that is not easy to do. Have you analyzed yet what areas may face a need for supplemental funding? I am talking about this current year now. We are going to be dealing with a budget and a lot of people forget that we are dealing with next year's budget when we start our hearings. But we are talking about now, this year, 1999, the period of prevention of problems in the next millennium. Have you analyzed the sufficiency of the monies that are available to the Federal agencies now, without any further supplemental appropriations? Mr. Walker. We are not in a position to tell you right now, Mr. Chairman. What we need to have happen is the following. First, the President's Council on Y2K needs to fully implement our recommendations with regard to getting more timely updates on the estimated cost, progress to date, and whether there are expected to be any gaps. Second, there needs to be more progress on the testing. As I mentioned, at least 50 percent of the total cost of Y2K activities relates to testing. Many of these agencies are just now getting into testing. As a result, that should provide us some information in the near future about whether or not there might be additional appropriation needs. Furthermore, I would expect that, to the extent there would be, it is most likely to be the ones that are in the Tier 1 agencies, the ones that are obviously deemed to be at greatest risk and having made the least progress. As you mentioned before, Mr. Chairman, that represents over half the budget and some of the more critical agencies in the Federal Government. But as soon as we are in a position to do that, Mr. Chairman, I can assure you we will report back to this committee. Chairman Stevens. I keep hearing stories, particularly in my State, about systems that have been acquired by State and local government agencies that, upon receipt, they found were not Y2K compliant. Have you looked at that? Is there anything we should do to place a greater responsibility on people who actually market noncompliant devices and systems? Apparently they have not heard Paul Revere. I mean, the word is out that there is a problem, and yet they are still marketing systems that are not compliant? Mr. Walker. I will make one comment and then go to my colleagues who may be more familiar with what we have done in this area. There are many public and private sector enterprises whose strategy for Y2K was to buy new systems. That was their answer. You are disclosing a situation where sometimes that is not a panacea. Let me turn to Gene or Jack. Is there anything that we have done here? Mr. Brock. We have not done any specific work in this area, but we know that a problem that has existed at some agencies is that, for a while, many were still purchasing systems that had no contract or language that would limit Y2K problems. The Department of Defense (DOD) Inspector General (IG), for example, found that a large percentage of new DOD contracts did not, in fact, have any sort of Y2K guarantee language in it. I would suspect that that would be true, as you found out, in many State and local governments as well. So one of the things that people need to do in contracting, of course, is to exercise an amount of due diligence to make sure that such protective language is written into the contract. Mr. Dodaro. I would say in addition to that, Mr. Chairman, this is one of the reasons we have advocated testing. For those products you should have a testing period by the entity purchasing the products to make sure they are Y2K compliant. If not, Jack is right in that they need to have some recourse through the contract language. One of the suggestions that we could make is this. The President's Council has monthly conference calls with State officials around the country. We could urge them to bring this issue up to them. I know the Federal Government has adopted contract language and that could be shared with States, who could then share it with localities as well. Perhaps they could put some information on their web site in that regard. We will follow up to see if that could happen. Chairman Stevens. Are we sure of the technology base that is doing the testing? I mean, if a system is certified as being Y2K compliant, are the tests out there certified by a sufficient expertise base that we can rely upon those tests? Mr. Dodaro. Basically there is a lot of reliance placed on individual vendors to provide assurance. The problem comes when people incorporate different software packages into their operating systems. It becomes very complex. Really, then, the burden shifts from the vendor to how the organizations actually are using that particular system, whether or not they make modifications to the commercial off-the-shelf software. That is often done. So in terms of how the system then is used, that really is the responsibility of the organization. That is why they have to have testing in place, to see how it fits in with their entire totality of operations. Chairman Stevens. When I talked to one small city group, they thought the answer was to replace the system, that it would be cheaper just to replace it than to go through all of the analysis and upgrade of particular items within the system. I asked them who is going to certify the system you buy as being compliant. There is no real government agency or anyone out there that can put a stamp on it and say this is Y2K compliant and the world can rely on that, is there? Mr. Walker. There isn't one particular entity that is designated as being the entity or the type of person that is authorized for certification. I would, however, point out, Mr. Chairman, that we have a testing guide. GAO has put out a testing guide and that testing guide is being used in the Federal Government. In fact, it is being used to a great extent in the private sector as well. We have confidence in that. Joel, would you have any comments? Mr. Willemssen. If I may add a couple of comments, Mr. Chairman, as a general rule, the more critical a particular system is to your business, the higher the likelihood is you've got to go out and independently test that for yourself, to make sure that it is indeed going to work as intended. Second, the General Services Administration and Social Security Administration have set up a database for commercial off-the-shelf products where they are engaging in some independent testing of those commercial off-the-shelf products and then placing that information on a web site for use by others so that they don't have to go through the same routine-- that indeed these products have been independently tested and there is some independent assurance that they are going to work as intended. That database to date has not been as populated as we would like to see. But it represents a good opportunity to get the information out to other agencies and to the public on what products are going to work. Mr. Brock. You are in a very interesting area as well, Mr. Chairman. It is accepted by a lot of Y2K experts that State and local governments, particularly local governments, are very far behind the curve in terms of remediating the Y2K problem. Many smaller towns and communities really do not have the sophisticated technical expertise that is necessary to make the assessments and to take corrective action. Of course, for many Americans, the real problems of Y2K 1-- that is, January 1, 2000--will occur in their local communities. Mr. Walker. As you know, the Information Readiness and Disclosure Act was intended to encourage the sharing of information to the extent that individuals were having problems with purchased software systems or otherwise were having experiences that it would be beneficial to be able to share, to encourage the sharing of that information while limiting potential liability. I think one of the things that we and the administration will need to continue to monitor is the relative effectiveness of that: is it having the intended impact? I think, in the near future, as we go through more of this testing stage, we will be in a better position to assess that. Chairman Stevens. Let me sort of change gears here. Is there a timeline now on what must be done in order to be sure we have compliance within the Federal Government by the critical dates? We have several critical dates this year. But is there a timeline out there and do the agencies understand that timeline? Mr. Walker. The timeline for the Federal Government is March 31, 1999. That is the date that has been set as the target date for completion of all mission critical systems. It is clear that some agencies will not hit that and that many agencies will not hit it for all of their systems. Now, obviously, that date is 9 months before the end of the year and it was established at an early time in order to recognize that there may be some slippage. But that is the date that has been established. That is the date by which, and the interim milestones before that, the reporting was done and the tiering was done by OMB. In the final analysis, it has to be ready to go by January 1, 2000. You want it ready, obviously, as far in advance as possible. In part, Mr. Chairman, you can do about a limitless amount of testing. It is limited by the amount of human capital and financial resources that you have. The biggest restraint, right now, quite frankly, is probably more the human capital constraint. But we will advise you if we become aware of situations where there might be a financial constraint. Chairman Stevens. You have made suggestions to almost every Federal agency, I take it, in regard to this issue. Have you catalogued their responses? Mr. Walker. Yes, we have. In general, they have been very responsive, and we do keep a summary of agencies' actions in conjunction with this area. We are monitoring it very closely. Joel, did you have a comment you wanted to make on this? Mr. Willemssen. I would just add to Mr. Walker's comment on the March 31 date and why that is critical for individual mission critical systems. The other key factor on why we would need that additional time is it takes multiple systems working together to support an entire business area to be Y2K compliant. We need that additional time to test from an end-to- end perspective, including all of those critical systems, to make sure that, working together, they are going to work as intended for that entire business process. That often is the more time consuming and rigorous process that we are going to have to go through. That, in large part, is why we also need that additional time. For example, you can look at air traffic control. That relies on about 50 automated systems working together to help separate aircraft. So it is one thing to say each of those systems is compliant. It is yet another thing to say all of them working together to support that business area are compliant. That is why we need that additional time. Chairman Stevens. Has the President's Council followed the recommendations of GAO? Mr. Walker. Generally, they have been very responsive to our recommendations. We do, however, have some outstanding recommendations that we still believe they need to implement, including one of the ones that I mentioned, Mr. Chairman, about having regular updates not only on progress but on expenditures; also on any additional appropriations that might be necessary in order to be able to meet the critical dates. I think we also need to try to assess better what the ripple effect of this might be--in other words, what effect might there be in the out-years on IT budgets because so much of the discretionary resources have been focused on Y2K--in addition to supplemental appropriations that have been provided by the Congress. Chairman Stevens. We have heard of a series of businesses that have accelerated their clocks in order to try to test their systems. Is that advisable? Mr. Walker. I'm sorry, Mr. Chairman. Could you repeat that, please? Chairman Stevens. We have heard, we have been told of a series of businesses that accelerated their clocks in order to try to test their systems and what would happen on December 31, 1999. Is that advisable? Is that a valid test? Mr. Walker. That is one means to test and it is something that is advisable to do, I believe. Joel? Mr. Willemssen. Yes, that is a reasonable test. One just has to be cautious about doing that in a live operational environment. It is more ideal for major complex systems to have a separate test bed environment to do those roll-ahead tests. But those are absolutely crucial in making sure that the systems are Y2K compliant. Chairman Stevens. I asked the question because I do not see any of that in the Federal testing system. Mr. Walker. Oh, they are. I mean, there are systems that have done that. I know, for example--the Defense Department is an example. I know that they have tested some of the critical national defense systems by doing roll forwards, and I'm sure others have, too. Mr. Brock. Right. The Department of Defense, for example, has what they call a time machine that they are establishing in their defense megacenters, the giant computing centers, where they are rolling systems forward. One of the problems with rolling systems forward, though, is there are some key aspects of the infrastructure that you cannot roll forward. For example, you cannot roll forward the public switch telephone network. So to the extent that that network may or may not have problems, that won't be tested. There are certain other key infrastructure systems that also cannot be tested along that way. But rolling the clock forward in a test environment is a fairly common mechanism that all agencies use. Mr. Walker. Mr. Chairman, in addition to getting the results of the testing that many of these agencies are involved with to try to ascertain whether or not additional supplemental appropriations will be necessary, the other issue that I think we need to see is what success the council has on this national assessment, on trying to assess the critical infrastructure and other industry sectors. Chairman Stevens. That was going to be my next question. I gather from what they told us the other day they don't have really yet a national assessment. Mr. Walker. Not yet. They are working on it. Obviously, the act that was passed this past fall that provides some protection for sharing that type of information hopefully will aid in their being able to gather the information and analyze it. That is something we are clearly monitoring. Mr. Dodaro. Yes, that is one thing, Mr. Chairman. Overall, the council has been very responsive to our recommendations. They set up the sector based approach. They have begun outreach activities. But the need to do that assessment we raised last April, in 1998, and they have been a little bit behind in getting that assessment process in place. This is why you saw for their first national assessment report a lot of holes in that assessment process. Now, hopefully, they can get those holes filled quickly. But if there is not a good national picture of readiness by this spring and summer, the Federal Government and, indeed, the Nation, are going to be handicapped in identifying specific contingency plans and making critical decisions, both domestically and internationally. So that is vital. I would urge this committee, as well as the other specific committees on Y2K, to monitor closely--I know we will be doing so--those assessments and whether or not they are completed. You can only make good decisions if you have good information, and even if it is self-reported information, as Mr. Walker pointed out, that is better than no information. And then you could do some selective testing. That is a critical recommendation we have made that has not yet been fully implemented. Chairman Stevens. I think you made that point in Alaska when your people were up there. I think it did sort of ring a bell as far as our people are concerned. I think they are looking more deeply into the problem now. Senator Bennett's staff has indicated that there is a problem if the Y2K testing on a system modification might void the warranties on the software or the computer systems that have been sold to the government. Have you looked into that? Mr. Walker. Has any work been done on that, Joel? Mr. Willemssen. No in depth work yet. No. Chairman Stevens. Have we looked at the overall legal potential liability of the Federal Government and systems it operates, particularly where it interfaces with the private sector and with the State and local governments to see what type of liability we might have out there? I keep reading stories in the legal newspapers and periodicals about the scope of the total legal system costs for litigation that is going to follow on the start of the new century. I take it that most of that will not be initiated until after this year is completed. But I don't know if we have looked at it from a Federal Government point of view as to what is our potential liability out there and if there is anything we can do to mitigate that potential liability. Mr. Walker. Mr. Chairman, our General Counsel, Bob Murphy, is working with Senator Bennett's committee in looking at this issue right now and trying to assess this. Chairman Stevens. Well, some of that surplus the President talked about last night could disappear awfully fast if we have the kind of liability people are reporting in the legal periodicals. I would hope that somehow we would be given some information on that in terms of this year's analysis of the Y2K problem. Have you looked at the Department of Justice in your examinations? Mr. Brock. Not today. We have a review scheduled right now of some critical operations both in the Immigration and Naturalization Service (INS) as well as the Federal Bureau of Investigation (FBI). Chairman Stevens. How about this in terms of the capability of the government's attorneys being capable of handling the kind of litigation that is being presumed to be automatically involved come the first of next year? Mr. Brock. We don't have that planned. But we will now. Mr. Walker. Mr. Chairman, obviously, the best safeguard that we can do is to make sure that we complete all the testing and have reasonable assurance that our systems are going to operate effectively. So, therefore, to the extent that there is a problem, it would be because of the interface on the other side, rather than because of problems that we are causing. Nonetheless, you are pointing out some excellent issues that we will follow up on and address to the extent that we have not already. Chairman Stevens. Well, I am ex officio in Senator Bennett's committee, as you point out, as is Senator Byrd. We are worried about our job here in terms of this year's money, the supplemental funding, and whether or not we have sufficient money there to meet the emergency and particularly whether the money we put up for that purpose of meeting the emergency is, in fact, being used to meet the emergency. Tell me, what are your plans to keep us informed about the progress of Y2K? Do you have any timeline on that? Mr. Walker. I would expect, Mr. Chairman, that we would need to give you at least monthly updates on what we have and, obviously, as we get to more critical information in the interim, to make you aware of it as we become aware of it. But I think at this point in time we have to be doing at least monthly updates and other information that is critical as we become aware of it. Mr. Brock. In addition to that, we, Senator Bennett's special committee, we have, I think it is fair to say, virtually daily contact with staff on that committee on various topics that the committee is looking at. Chairman Stevens. Yes, I know. That is a very capable committee staff and I have real confidence in them in terms of the substance of the matter. But I am not sure they are addressing what we are addressing, and that is the financing of action that is necessary to prevent the collision that many of us think is going to happen and to prevent some of the individual suffering that is going to take place if it does. We have not gotten into that yet. But I keep reading books that talk about how many boxes of matches, bottles of water, and cans of food I should have in the basement of my home in Alaska. While I am still not confident that I should have that, I wonder sometimes if those people who are ringing those bells ought to be listened to a little bit. I asked the question of the President's Council as to whether any Federal agencies are listening to that warning and laying in additional supplies and taking on the subject of what additionally will they need in the event of a crisis. I have not seen anything like that. Have you all addressed that? Suppose we do have a crisis. What should Federal agencies have available to deal with that in terms of the potential shut-down of some of these systems? Mr. Brock. There is, for example, the work we are doing for Senator Bennett on the banking system. We are looking at the contingency plans of the Federal Reserve system. Their plans are detailed to the point of already reserving hotel rooms at hotels, having emergency food supplies available within their offices, flashlights, batteries, generators, other personal supplies. So some agencies that have truly vital activities to carry out, such as the Federal Reserve, are thinking about that. I am not sure that this thinking extends as much as we might like to other agencies. Chairman Stevens. Should we ask you to put out guidelines for the potential Y2K crisis for the weekend of December 31, 1999? I don't want to be the one looking under beds, but I think someone ought to be thinking about what should these agencies have on board if this thing does not work. Mr. Walker. I think we do, Mr. Chairman, need to look to provide some guidelines here. We need some more information. We need to have the President's Council respond to some of our recommendations first. But yes, I do think it is something we ought to do. Second, I think in March of this year we should be in a much better position to provide some meaningful input to the committee on the appropriations issue and for a couple of reasons. Number 1, hopefully there will be substantial progress on the national assessment and the result of that national assessment. Second, as I mentioned before, March 31 is the target date for completing all this testing. So, therefore, even earlier in March we ought to have a good sense as to where things stand and to what extent is the money going to be adequate at that point in time. So I would say that March would probably be a good time for us to get back to you to try to give you at least our best estimate at that point in time of what the situation is. And if we can do it before, we will do so. Chairman Stevens. We may have some questions from members that we will send you for the record, gentlemen. I am still, in my own mind, worried about people who live in apartments in major cities, as well as those people who live in very rural areas, such as in my State, in terms of what the government should be doing, should be telling them if all of these books and everything are correct. I noted one suggestion the other day which was not to try to rely on credit cards over that weekend. Now ours has gotten to be a credit card society. That is going to be a very interesting thing, if people who are traveling suddenly find out that credit cards do not work. I have also heard some suggestions that it may be the credit cards will work but the oven and thermostat in their home or apartment will not. We heard some of that at our hearings in Alaska. No one has told me yet whether or not that is true. Is anyone in the system analyzing those? The government has those things on base, in all of the on-base housing, and what not. Will we have problems? Are you looking into that? Are there any problems with regard to items in the homes we are providing to our personnel which are not going to function because of Y2K? Mr. Walker. There are several things, Mr. Chairman. First, that is why it is important that this sector analysis be completed, because part of the sector analysis relates to critical infrastructure. It deals with things like electricity, water, and other types of things that are fundamental to everyday life, if you will, for not only the Federal Government but for everybody in the country. Chairman Stevens. Whose job is it to do that? If you travel as much as I do, there is a whole shelf in some airports devoted to Y2K books. It's enough to scare the pants off you and make you decide not to go back to your house but to start chopping wood. Mr. Walker. The answer is it is a shared responsibility. It is a cooperative effort. It is a responsibility of the Federal Government, the State government, the major industry groups and associations, as well as the enterprises that we rely upon to provide these services. It is a cooperative effort. This is an area where, as Gene Dodaro mentioned, we had recommended early last year that additional work be done. It is being done. That is the good news. The bad news is it is not done on as timely a basis as we would have liked and it is an area that we are monitoring very closely. The Federal Emergency Management Agency (FEMA) is working with its counterparts at the State and local level to try to look at some of these contingency planning issues as well. Chairman Stevens. We plan to have them up here sometime. I think the best thing we could do is this. You say in March you should have these things collated. We can have some idea whether or not we will have any financing problems by that time, right? Mr. Walker. We will have a better idea by March. Yes, Mr. Chairman. Chairman Stevens. I would like to have you notify the staff of when you think you are ready to give us that report. We should be starting to work, both the House and the Senate, on supplemental appropriations by the middle of March. I am confident that Chairman Young and I want to make sure that we address those issues at the beginning, so that we do not get caught short in September trying to get supplementals for September. This must be addressed early. We also look forward to having your information as to the potential for funds that might be needed in the next fiscal year. We have been talking today about this fiscal year. But I would hope that you would address the question of are there ongoing areas where financing would be needed for the next fiscal year. Mr. Walker. Not only for Y2K, Mr. Chairman, but I think also that ripple effect that I talked to you about before. I think that is something that we all have to get a better handle on. Chairman Stevens. I am confident that is going to happen. The question is who is going to have to pay the bill. That, again, was my understanding. But the President's Council said they have no intention of asking for any additional funding to assist the State and local governments. I asked a question about those programs, such as Food Stamps, where 50 percent of the costs are paid by the Federal Government and whether we have looked at the cost the States are going to incur and are we going to increase our payments. Have you addressed those issues at all? Mr. Walker. Joel? Mr. Willemssen. If I might speak to that, there are two points. We have looked at some of those State administered systems that also have Federal funding. By and large, we are very disappointed with the progress to date. You mentioned Food Stamps. The data that we had when we did our report showed that only 24 percent of those systems were considered compliant. That was self reported information, too. Regarding another key State administered system, Medicaid, only 16 percent of those systems were considered compliant. One thing to keep in mind also as we talk about costs is those costs, the Federal share, are not included in the current $7.2 billion estimate. They are separate and apart. Chairman Stevens. I found that out the other day. That is why I am saying we need to know about that. That, obviously, is going to be a supplemental increase. Mr. Willemssen. Now one thing that OMB based on our report for the next quarterly report that the agencies submit on February 12--those Federal agencies are supposed to report on those programs, State administered, that also have a Federal funding share. So, hopefully, in mid-February we will have additional data on where we are with those programs and what the funding implications are. Chairman Stevens. I was about ready to wind up, but I noticed that there was some exchange reported in the newspapers about the Post Office and their compliance. Have you been involved with the Postal Service? Mr. Walker. Mr. Chairman, we currently have a review underway of the Postal Service. As Senator Bennett mentioned earlier, that is particularly important, not only for the Postal Service in its own right and its systems, but because of the fact that the Postal Service is basically the primary contingency plan for many operations, many commercial operations. So that is something we have underway as well and on which we are working with Senator Bennett. Chairman Stevens. If their computers are down and they are delivering Christmas cards, I think we had better find out how that system is going to take that strain. Mr. Walker. I hear you, Senator. Chairman Stevens. Do you have a separate report on them? Mr. Walker. Yes, we will. Mr. Dodaro. Yes. Mr. Walker. We will have a report on that. Chairman Stevens. Do you have a deadline, a timeline on that? Mr. Brock. We expect to have something ready in late February on that. Chairman Stevens. So we will hear about that in March, then. Thank you very much, gentlemen. I appreciate it. I do hope that somehow or other we will start turning on the lights for the people who have jobs that must be done if the public is going to be able to avoid both the headache the President mentioned and the crisis of next year. I hope we do not have both of them, both the headache and the post-headache crisis because we are not ready, particularly with regard to Federal functions. Those are normally periods when the Federal Government sort of goes down to a very low ebb. We all know that. From just before Christmas to after New Year, Federal systems are down very low. This is a period of time, apparently, where the standard practice cannot be followed unless we are certain that these compliant systems have been tested and will survive that crisis. I hope that we do develop a real contingency plan for that area and we look to you for guidance on that if we should be doing anything to fund it. conclusion of hearings Thank you very much, gentlemen. We appreciate your courtesy. Mr. Walker. Thank you, Mr. Chairman. [Whereupon, at 10:43 a.m., Wednesday, January 20, the hearings were concluded, and the committee was recessed, to reconvene subject to the call of the Chair.]