[Senate Hearing 106-22]
[From the U.S. Government Publishing Office]
S. Hrg. 106-22
YEAR 2000 COMPUTER PROBLEM
=======================================================================
HEARINGS
before the
COMMITTEE ON APPROPRIATIONS
UNITED STATES SENATE
ONE HUNDRED SIXTH CONGRESS
FIRST SESSION
__________
SPECIAL HEARING
__________
Printed for the use of the Committee on Appropriations
Available via the World Wide Web: http://www.access.gpo.gov/congress/senate
______
U.S. GOVERNMENT PRINTING OFFICE
54-532 cc WASHINGTON : 1999
_______________________________________________________________________
For sale by the U.S. Government Printing Office
Superintendent of Documents, Congressional Sales Office, Washington, DC 20402
ISBN 0-16-058384-5
COMMITTEE ON APPROPRIATIONS
TED STEVENS, Alaska, Chairman
THAD COCHRAN, Mississippi ROBERT C. BYRD, West Virginia
ARLEN SPECTER, Pennsylvania DANIEL K. INOUYE, Hawaii
PETE V. DOMENICI, New Mexico ERNEST F. HOLLINGS, South Carolina
CHRISTOPHER S. BOND, Missouri PATRICK J. LEAHY, Vermont
SLADE GORTON, Washington FRANK R. LAUTENBERG, New Jersey
MITCH McCONNELL, Kentucky TOM HARKIN, Iowa
CONRAD BURNS, Montana BARBARA A. MIKULSKI, Maryland
RICHARD C. SHELBY, Alabama HARRY REID, Nevada
JUDD GREGG, New Hampshire HERB KOHL, Wisconsin
ROBERT F. BENNETT, Utah PATTY MURRAY, Washington
BEN NIGHTHORSE CAMPBELL, Colorado BYRON L. DORGAN, North Dakota
LARRY CRAIG, Idaho DIANNE FEINSTEIN, California
KAY BAILEY HUTCHISON, Texas RICHARD J. DURBIN, Illinois
JON KYL, Arizona
Steven J. Cortese, Staff Director
Lisa Sutherland, Deputy Staff Director
James H. English, Minority Staff Director
C O N T E N T S
----------
Friday, January 15, 1999
Page
Statement of John Koskinen, Chairman, President's Commission on
Year 2000 Conversion........................................... 1
Opening statement of Hon. Ted Stevens............................ 1
Statement of Hon. Christopher S. Bond............................ 2
Prepared statement of Senator Christopher S. Bond................ 3
Prepared statement of Senator Patrick J. Leahy................... 4
Prepared statement of John A. Koskinen........................... 9
7th Quarterly Report--Progress on Year 2000 Conversion........... 21
The President's Council on Year 2000 Conversion--First Quarterly
Summary of Assessment Information--January 7, 1999............. 48
Wednesday, January 20, 1999
Statement of David M. Walker, Comptroller General of the United
States, General Accounting Office.............................. 95
Opening statement of Hon. Ted Stevens............................ 95
Prepared statement of David M. Walker............................ 103
The Federal Government has enhanced its approach................. 104
GAO's efforts to help meet the challenge......................... 106
Serious risks remain............................................. 106
The Nation as a whole faces significant year 2000 challenges..... 108
GAO reports and testimony addressing the year 2000 problem....... 110
(iii)
YEAR 2000 COMPUTER PROBLEM
----------
FRIDAY, JANUARY 15, 1999
U.S. Senate,
Committee on Appropriations,
Washington, DC.
The committee met at 9:32 a.m., in room SD-192, Dirksen
Senate Office Building, Hon. Ted Stevens (chairman) presiding.
Present: Senators Stevens, Bond, Gorton, Burns, Bennett,
Campbell, Craig, Kyl, Reid, and Durbin.
PRESIDENT'S COMMISSION ON YEAR 2000 CONVERSION
STATEMENT OF JOHN KOSKINEN, CHAIRMAN
opening statement of hon. ted stevens
Chairman Stevens. Good morning. This is the first hearing
of the Senate Appropriations Committee for this One Hundred
Sixth Congress. The topic is the year 2000 computer conversion.
Let me first tell you what this is not. I have been reading
the periodicals concerning Y2K. This is Jane Bryant Quinn's
``Help, Y2K is on the Way'' article in Newsweek. This is the
Time Magazine, ``The End of the World: Y2K Insanity,'' et
cetera. And they talk about the end of the world as we know it,
the millennium bug.
Now, that is a very serious proposition and I think we are
all interested in those articles. But that is not what we are
talking about. We believe that this is one of the top priority
items for the Federal Government, and we are going to start a
series of oversight hearings. That is why I have decided to try
and start off with this one.
I am very grateful to the Chairman of the President's
Council on the Year 2000 Conversion, John Koskinen. He has
agreed to come today so we can make some inquiries about this
subject.
To give you a little bit of background, in 1997 our
committee directed the Office of Management and Budget to make
quarterly reports to Congress on the progress of efforts to fix
the Y2K community computer problems for the Federal systems.
The seventh quarterly report was issued in early December. As
of that time, six agencies were listed as not making adequate
progress, seven agencies were making progress but some concerns
still remained, and eleven agencies were making satisfactory
progress.
We are interested in knowing what Mr. Koskinen's--am I
saying that right? ``KOS-ki-nen''; I'm sorry, apologies--group
is doing to assist those Federal agencies. Within his
responsibility is the effort to coordinate the overall
compliance effort, including not only the Federal Government,
but the State and Federal Governments too, as I understand it,
John.
We hope to get some information from him on what progress
that he believes is being made before we call some of these
Federal agencies to come and tell us how they're doing.
At the request of this committee last year, we started off
without a request from the President a $3.35 billion emergency
funding, which finally became part of the omnibus
appropriations bill. We earmarked $1.1 billion for defense-
related activities, $2.25 billion for non-defense activities,
which included $29.9 million to be transferred to the
Legislative Branch, General Accounting Office (GAO), and the
Judicial Branch.
There were two rounds of allocations from these funds, I'm
informed, these emergency appropriations funds. We hope to
learn about those allocations and the plans of the
administration, if Mr. Koskinen can tell us, for the remaining
funds.
In addition, we want to learn more about the outreach to
State and local governments, and to the private sector. I do
not know if you know it, but I asked Senator Bennett to loan me
his staff and we had a sort of a seminar in Anchorage last year
to discuss with Alaskans and Alaskan business, State
government, local government, what was being done to become
compliant with the Y2K.
We believe we are probably more affected than most people
because we rely so much upon the transportation, communication
and distribution efforts of the systems and we are sort of the
end of the line, totally dependent upon air transportation and
the communications capability that is regulated by the Federal
Government.
I know that this is short notice. I personally feel that
the dire predictions we are reading can be averted and it is
necessary that we take steps to assure that the Federal
Government leads the system in terms of compliance.
I expect that several of our members will want to have an
opportunity to discuss these concerns with you this morning,
and I would say I would hope that under the circumstances--we
all know we have about 2 hours--that we would all keep our
comments short, and that is what I have tried to do.
So let me yield here at this time to see if any of my
colleagues has any opening statement. Senator Campbell?
Senator Campbell. No, I have none.
Chairman Stevens. Senator Reid?
Senator Reid. Mr. Chairman, I am wondering if, just because
you are chairman of the committee, does this room have to feel
like we are in Alaska?
Chairman Stevens. Well, I knew how it would feel, so I wore
one of these nice little sweaters, you see.
Senator Reid. I have no statement.
Chairman Stevens. I think it is just because we have not
been in here for a while. We are starting to heat it up now.
Senator Bond.
statement of hon. christopher s. bond
Senator Bond. Mr. Chairman, I have this wonderful lengthy
statement that I have a feeling I am going to submit for the
record. I thank you and Mr. Koskinen for being here.
Chairman Stevens. Well, why do you not summarize it for us.
Senator Bond. It is important for us to oversee Congress'
efforts to help the Executive Branch become Y2K compliant. We
are anxiously watching all of the agencies under our
jurisdiction to see that they are in fact compliant, and we
would like assurances that their kind words and encouraging
outlooks are in fact reliable.
As the chairman of the Small Business Committee, I am most
anxious to see small businesses become Y2K compliant, and I
think that agencies that deal with the small business community
must realize that this is one of the great areas of danger that
many smaller businesses, not necessarily the smallest ones that
operate on a yellow pad and a calculator, but some of the
smallest ones, could face.
We are trying in the Small Business Committee to address
that problem with a loan guarantee program and some other
activities. I hope that when you establish the strategic
advisory group you will have bona fide representatives of small
business--and by small business we mean not just the
manufacturing sector, but the service sector--so that you will
be able to provide assistance to them as well.
I thank the Chair.
[The statement follows:]
Prepared Statement of Senator Christopher S. Bond
I want to thank Chairman Stevens for holding this important
hearing on the Year 2000 (Y2K) computer problem and holding it
this early in the session. This hearing is a good example of
how we are continuing to do the people's business, despite all
that is occurring now. One of those issues that is a priority
for the nation is the Year 2000 computer problem.
I would like to thank Mr. Koskinen for appearing today to
update this Committee on the Administration's efforts to ensure
that the Executive Branch is Y2K compliant. It is incumbent on
Congress to closely oversee each agency's efforts to make its
systems Y2K compliant. I look forward to addressing with Mr.
Koskinen the compliance status of those agencies over which my
subcommittee has jurisdiction.
In addition to the government's Y2K compliance, Congress
and the Administration, together, should also do everything
practicable to ensure that the private sector is ready for the
Y2K problem. The economic consequences will be extreme if
numerous businesses fail or face prolonged periods for which
they cannot do business because of the Y2K problem.
As Chairman of the Senate Committee on Small Business, I
have been specifically concerned about the nation's small
businesses being aware of the Y2K problem and then becoming Y2K
compliant. That is why last Congress I introduced the Small
Business Year 2000 Readiness Act. This bill would have provided
small businesses with the resources necessary to repair Year
2000 computer problems. The Committee on Small Business adopted
the bill by a unanimous vote and the full Senate approved by
unanimous consent. Unfortunately, the House of Representatives
did not act on the legislation prior to adjournment. I intend
to reintroduce a similar bill at the earliest possible time.
The consequences of Congress not taking action in assisting
small businesses to become Y2K compliant are too severe to
ignore. Last June, the Committee on Small Business, which I
chair, held hearings on the effect the Y2K problem will have on
small businesses. The Committee learned that an estimated 4.75
million small employers are exposed to the Y2K problem. This is
82 percent of all small businesses that have at least two
employees.
Moreover, the Committee also received information
indicating that 700,000 small businesses may either shut down
due to the Y2K problem or be severely crippled. Such failures
will affect not only the employees and owners of failed small
businesses, but also their creditors, suppliers and customers.
Given these facts, it is easy to forecast that there will be
severe economic consequences if small businesses do not become
Y2K compliant.
In addition to the foregoing, concerns have recently been
raised that there may be a credit crunch this year with
businesses, especially small businesses, unable to obtain
financing if they are not Y2K compliant. This was not foreseen
by the Appropriations Committee last year when it put together
the supplemental appropriation legislation providing federal
agencies with funds to fix their Y2K problems. It may be
appropriate to review whether a portion of those funds may be
available to assist the private sector in obtaining loans to
become Y2K compliant.
Again, I would like to thank Chairman Stevens for holding
this hearing and I look forward to hearing from Mr. Koskinen.
additional submitted statement
Chairman Stevens. Senator Leahy has requested that this
statement be included in the Record. If there are any other
statements they will be included also.
[The Statement Follows:]
Prepared Statement of Senator Patrick J. Leahy
Mr. Chairman, the countdown keeps ticking on America's
computer readiness for the year 2000. This hearing continues
Congress' efforts to monitor Y2K readiness progress.
Even in these very difficult times, I was very pleased with
the Congress' bipartisan approach regarding the Hatch-Leahy Y2K
readiness law that we passed last Congress. A team of Senators
from both parties worked together to enact a law that will help
ensure that everyone--consumers, small business owners, our
military forces, corporations, local governments, and federal
agencies--will be as ready as possible for the year 2000. I was
pleased that we produced a bipartisan consensus bill supported
by the Administration, and the industries most engaged in
resolving Year 2000 problems such as the following industries:
telecommunications, electric utilities, manufacturers,
auditors, the computer hardware and software manufacturers,
banking, financial services and information technology.
In addition, in my home state of Vermont I am sponsoring--
with the Small Business Administration--a symposium on Y2K
issues and solutions that will be carried live state-wide on
February 19 on Vermont Interactive Television. I want to make
sure that all Vermonters are able to get the information they
need well ahead of midnight on December 31.
In this same vein, the Hatch-Leahy Y2K readiness law
contained an amendment which I included to mandate operation of
a massive Y2K website for consumers, small businesses and local
governments. This websites contains numerous valuable links and
serves as a starting point on were to obtain Y2K conversion
assistance. The address is: www.itpolicy.gsa.gov/mks/yr2000/
y2khome.htm and is also easy to locate on any website searchers
under simply ``Y2K''.
Also, I want to thank the President for his efforts
regarding getting the federal government ready for the year
2000. On December 28, 1998, the President announced that on New
Year's Day 2000 that the ``millennium bug will not delay the
payment of Social Security checks by a single day'' and that
the social security system is 100 percent ready for the year
2000. This is extremely important to thousands of Vermonters.
In addition, the Chair of the President's Council on Year
2000 Conversion, John Koskinen, has been working hard to
prevent Y2K conversion problems. I appreciate his efforts.
At least thousands, and possibly millions, of information
technology computer systems, software programs, and
semiconductors are not capable of recognizing certain dates in
1999 and may not interpret dates in the Year 2000 correctly.
These Year 2000 problems could cause incapacities in essential
systems which, in turn, could affect our electric power grids
and telecommunications, financial markets and health care, and
government and defense systems. Reprogramming or replacing
computer systems in a timely and thorough manner is thus a
matter of paramount necessity for U.S. economic and national
security.
The purpose of the ``Year 2000 Information and Readiness
Disclosure Act'', S. 2392, which passed last year, was to help
break the silence and encourage full disclosure and exchange of
Year 2000 computer problems, solutions, test results, and
general readiness. The bill provides limited liability
protection for a limited time for specific types of Year 2000
information that is considered essential to remediation
efforts. What the bill does not do is provide liability
protection for failures that may arise from Year 2000 problems.
The bill thus promotes company-to-company information sharing
while not limiting rights of consumers.
Mr. Chairman, I look forward to working with you on Y2K
funding issues and appreciate your willingness to provide
additional support for federal agencies and their Y2K efforts.
The Omnibus Appropriations Bill which I supported last year
provided a total of $3.35 billion for emergency expenses
related to Year 2000 conversion of Federal information
technology systems and related expenses.
Chairman Stevens. Well, Senator, I think that is an
interesting comment, because I am hopeful that the
subcommittees will now, once we get through this and maybe
another hearing that we will have, will pursue this and make
the Y2K issue a priority issue for each of the subcommittees.
For instance, I have been told that the Agency for
International Development has not received Y2K supplemental
funds. We are very interested in that in Alaska because of our
relationship to Eastern Russia and what we are trying to do to
help them become part of the free enterprise system.
We are also told that the date that we should all realize
has been established by the Federal Government--I do not know
whether it was you or the GAO--the goal is that all agencies
will be compliant by March 30th of this year, 1999. We do
intend to ask the GAO to come in and tell the full committee,
hopefully next week, what has been done in their opinion.
Then I want to urge each subcommittee to call in agencies
under the jurisdiction of that subcommittee and ask them what
they are doing and do they have the funds necessary. I still
believe the $3.35 billion was necessary and should be
sufficient, but if more funds are needed we need to know soon
if we should urge Office of Management and Budget (OMB) to give
us a request for additional money.
These dire predictions of doomsday I think are going to
increase through the year unless we really make this the
priority it should be.
Any other comment from members?
[No response.]
Chairman Stevens. Let me thank you again for coming. You
have a very important job, in my opinion. I believe this is the
first priority of Congress and the Executive Branch, is to get
this issue behind us. So thank you very much for coming.
Mr. Koskinen. Thank you, Mr. Chairman. As Chair of the
President's Council on Year 2000 Conversion, I am pleased to
appear before the full committee----
Chairman Stevens. Would you pull that mike up toward you,
please.
Mr. Koskinen. Yes.
I am pleased to appear before the committee to discuss the
Federal Government's progress on the Year 2000, or Y2K as it is
known, computer problem and the contingency emergency funds
that have been provided by Congress for this important work.
With your permission, Mr. Chairman, like Senator Bond, I
would like to submit my full statement for the record and
summarize it here, and also for the record submit the most
recent OMB quarterly report, the report of the two submissions
under the emergency funds, and a recent quarterly report from
the President's Council summarizing the assessment information
which we have from the private sector about its state of
readiness.
Chairman Stevens. Your statement is fairly short, but do
whatever you want.
Mr. Koskinen. That is fine. Thank you.
I appreciate the strong support this committee and you in
particular, Mr. Chairman, have provided the Federal agencies in
their Y2K efforts, and I especially appreciate your strong
leadership in building upon the President's fiscal year 1999
request for a general emergency fund to create a specific
designated emergency contingency fund for Y2K remediation.
The creation of this fund was an important step because, as
you know, the Y2K problem presents us with a management
challenge unlike any we have ever seen. As a result, the
experience in the private sector as well as in Federal agencies
has been that it is impossible to predict with total accuracy
the precise demands associated with completing Y2K work.
With 350 days remaining, the government does not have time
for the normal supplemental appropriations process to provide
funding for critical needs in this area, which is why the
contingency funding you have provided is so significant.
I am pleased to report that the Federal Government
continues to make strong, steady progress in solving its Y2K
problems. As you know, the Federal Government is the only large
organization in the world with a transparent process for
reporting on its progress in addressing the Y2K problem. Each
quarter, as you noted, agencies report in detail to the Office
of Management and Budget and to the Congress on the state of
progress of their Y2K work.
According to the most recent OMB report, released last
month, 61 percent of all Federal mission critical systems are
now Y2K compliant, more than double the 27 percent that were
compliant a year ago.
Senator Reid. What was that number again?
Mr. Koskinen. 61 percent.
The report also states that, of critical systems requiring
repair work, 90 percent had been fixed as of the beginning of
November and are now being tested.
Let me share with you a few examples of recent progress.
Referring again to Senator Bond's comment on and great interest
in small business, as of November 15th the Small Business
Administration had completed all of its work on all of its
critical systems, ensuring that Small Business Administration
(SBA) assistance to the Nation's 24 million small businesses
will not be interrupted in January of the Year 2000.
At the end of last month, as I am sure you noted, the
President announced that, thanks to the joint efforts of the
Social Security Administration and Treasury's Financial
Management Service, the Social Security System is now Year 2000
compliant.
The President has established an ambitious goal of having
100 percent of the government's mission critical systems Y2K
compliant by March 31, 1999, 9 months in advance of the
transition to the Year 2000, which is well ahead of many
private sector system remediation schedules. As the chairman
noted, I think it is appropriate and I think it will be
important for the Federal Government to establish that in fact,
while there has been a lot of grumbling about and criticism of
its efforts, we expect that the government will complete its
work in advance of many private sector industries.
Although much work remains, we expect that over 80 percent
of the government's mission critical systems will meet the
March goal, and monthly benchmarks with a timetable for
completing the work will be available for every mission
critical system still being tested or implemented at that time.
We expect that all of the government's mission critical
systems will be Year 2000 compliant before January 1, 2000.
This does not mean that we are without significant challenges.
For example, while the Defense Department continues to make
progress in addressing its massive Y2K challenge, OMB reported
that the Department of Defense (DOD's) rate of progress
indicates that all of its systems will not meet the March goal
of 100 percent compliance.
At a day-long meeting last Saturday at the Pentagon to
review the status of all DOD mission critical systems, Deputy
Secretary Hamre and I were advised that most systems will
either meet the March date or be in the process of
implementation at that time.
At Health and Human Services (HHS), the Health Care
Financing Administration has now finished renovating and
testing all of its internal systems. However, a tremendous
amount of systems work and contingency planning will remain
after March by its Medicare contractors, 60 large companies
that administer the system. Nonetheless, while that work
remains, those same contractors are expected to complete
renovation and testing by the government-wide goal of March 31.
At the Transportation Department, the Federal Aviation
Administration (FAA's) rate of progress has improved
dramatically, but the percentage of the Department of
Transportation's critical systems that have been tested and
implemented continues to lag behind the government-wide
schedule. Nonetheless, I am confident that the air traffic
system will be totally compliant well in advance of the Year
2000.
The availability of emergency contingency funding is
playing an important role in the ability of agencies to meet
the Y2K challenge head on, even as they encounter new and
unexpected Y2K expenditures. Last year's omnibus appropriations
bill provided, as the chairman noted, a total of $3.35 billion,
$2.25 billion for non-defense agencies and $1.1 billion for
defense, for emergency expenses related to Year 2000 conversion
of Federal information technology systems and related expenses.
Since the completion of the fiscal year 1999 appropriations
process, OMB has worked with the agencies to identify
activities that were included in the President's fiscal year
1999 budget that Congress directed to be funded from the
contingent emergency reserve, as well as critical requirements
that have been identified since the President's fiscal year
1999 budget was transmitted last February. For these new
requirements, OMB is reviewing each agency request carefully to
ensure that funds requested were unanticipated and will solve
the Year 2000 problem.
Of the $2.25 billion available for non-defense agencies,
$1.2 billion has been allocated to date. On November 6, 1998,
OMB requested the release of $891 million in non-defense
spending for 17 agencies. OMB requested an additional $338
million in non-defense spending for 21 agencies on December
8th. These transfers will support a wide range of activities to
ensure that important computer systems throughout the Federal
Government will operate smoothly through the Year 2000 and
beyond.
As noted, I have submitted for the record with my testimony
a copy of the December 8 OMB document which summarizes both
requests.
A third request for expenditures from the emergency funds
is expected to be transmitted to Congress by OMB before the end
of this month. With regard to the $1.1 billion made available
by Congress for defense activities, the Defense Department
furnished OMB with a report on January 8th, last Friday, on how
DOD plans to use its portion of the supplemental appropriation.
OMB is currently reviewing the proposal and anticipates making
recommendations shortly.
It has been clear from the start that, to operate
effectively, Federal systems often depend upon a large number
of outside, non-Federal systems. State systems that support
State-administered Federal programs such as unemployment
insurance and Medicaid must work properly for Federal systems
to effectively carry out their tasks in those areas. At United
States (U.S.) embassies around the world, Federal systems
depend on the functioning of host country systems for their
operations.
The Federal Government does not have a responsibility to
fix or pay for the fixes to non-Federal systems, whether they
be in the private sector, at the State and local level, or
internationally. However, in some areas it is appropriate for
the Federal Government to support planning activities and the
sharing of best practices related to remediating non-Federal
systems insofar as this contributes to Federal interests and
the effective operation of Federal systems.
This support could be critical in key infrastructure areas,
such as telecommunications and transportation, where States and
international entities are working together to ensure a
seamless transition to the Year 2000.
Progress is being made on the Y2K problem in the Federal
Government, at the State and local level, in the private
sector, and internationally. But much work remains to be done
and I think it is appropriate, Mr. Chairman, for this to be the
highest priority for Congress and the Executive Branch. As I
have said often, not every system is going to be fixed by
January 1, 2000. However, I am confident that difficulties for
the economy or the public will not be the result of the direct
failure of any Federal system.
Agencies are focused on this problem and are managing
toward ambitious goals for completing their work. The Federal
Government's successful resolution of the Year 2000 problem in
its systems will be a tribute to the skill, dedication, and
hard work of thousands of career employees working across the
government. It is my pleasure to assist them in whatever way I
can as part of this vital national effort.
prepared statement
I thank the committee again for its support on this
important matter and I would be happy to answer any questions
that you may have.
[The statement follows:]
Prepared Statement of John A. Koskinen
Good morning, Mr. Chairman. As Chair of the President's Council on
Year 2000 Conversion, I am pleased to appear before the Committee to
discuss the Federal Government's progress on the Year 2000 (Y2K)
computer problem and contingency funding for this important work.
I appreciate the strong support the Committee has given to Federal
agencies and their Y2K efforts. I especially appreciate your
leadership, Mr. Chairman, in building upon the President's fiscal 1999
request for a general emergency fund to create a specific, designated
emergency contingency fund for Y2K remediation.
The creation of this fund was an important step because, as you
know, the Y2K problem presents us with a management challenge unlike
any we have ever seen. As a result, the experience in the private
sector as well as in Federal agencies has been that it is impossible to
predict with total accuracy the precise demands associated with
completing Y2K work. With 350 days remaining, the Government does not
have time for the normal supplemental appropriations process to provide
funding for critical needs in this area, which is why the contingency
funding you have provided is so significant.
Federal Agency Progress
I am pleased to report that the Federal Government continues to
make strong, steady progress in solving its Y2K problems.
As you know, the Federal Government is the only large organization
in the world with a transparent process for reporting on its progress
in addressing the Y2K problem. Each quarter, agencies report in detail
to the Office of Management and Budget (OMB) and to Congress on their
Y2K efforts. The number of mission-critical systems in each agency has
been identified, and progress is reported in terms of assessment,
remediation, testing, and implementation. For the past two years, OMB
has been issuing public summary reports on the status of agency Y2K
activities.
According to the most recent OMB report released last month, 61
percent of all Federal mission-critical systems are now Year 2000
compliant--more than double the 27 percent compliant a year ago. These
systems have been tested and implemented and will be able to accurately
process data through the transition from 1999 into the Year 2000. The
report also states that, of critical systems requiring repair work, 90
percent have been fixed and are now being tested.
Let me share a few examples of recent progress. As of November 15,
the Small Business Administration (SBA) had completed work on all of
its critical systems, ensuring that SBA assistance to the Nation's 24
million small businesses will not be interrupted in January 2000. The
Interior Department posted a 50 percent increase in its number of Y2K
compliant systems compared to the last quarter that includes the U.S.
Geological Survey's National Seismic Network, which provides early
warnings of earthquakes. The Education Department's number of critical
systems, many of which are an integral part of processing student
loans, that are now Y2K compliant increased by more than one-third. And
at the end of last month, the President announced that, thanks to the
joint efforts of the Social Security Administration and Treasury's
Financial Management Service, the Social Security system is now Y2K
compliant.
The President has established an ambitious goal of having 100
percent of the Government's mission-critical systems Y2K compliant by
March 31, 1999--well ahead of many private sector system remediation
schedules. Although much work remains, we expect that over 80 percent
of the Government's mission-critical systems will meet the March goal,
and monthly benchmarks with a timetable for completing the work will be
available for every system still being tested or implemented. We expect
that all of the Government's critical systems will be Y2K compliant
before January 1, 2000.
This does not mean that we are without significant challenges.
While the Defense Department continues to make progress in addressing
its massive Y2K challenge, OMB reported that DOD's rate of progress
indicates that all of its systems will not meet the March goal of 100
percent compliance. At a day-long meeting last Saturday at the Pentagon
to review the status of all DOD mission-critical systems, Deputy
Secretary Hamre and I were advised that most systems will either meet
the March date or be in the process of implementation. In the
Department's case, implementation includes installing completed Y2K-
compliant systems across the services and the Department. According to
the last OMB quarterly report, the Energy Department had completed
testing on only 53 percent of its critical systems--below the
government-wide average. Secretary Richardson made clear at the
beginning of his tenure at the Department that this issue will receive
his personal attention.
At HHS's Health Care Financing Administration (HCFA), HCFA has
finished renovating and testing all of its internal systems. Although a
tremendous amount of systems work and contingency planning will remain
after March, most Medicare contractors are expected to complete
renovation and testing by the government-wide goal. The State
Department faces a significant challenge in simultaneously managing its
complex Y2K project and completely replacing information systems
installed around the world. At the Transportation Department, the FAA's
rate of progress has improved dramatically, but the percentage of DOT's
critical systems that have been tested and implemented continues to lag
behind the government-wide schedule. Nonetheless, I am confident that
the air traffic system will be totally compliant well in advance of the
Year 2000.
Let me be clear: Fixing the Year 2000 problem in Federal agencies
is not a question of commitment. As you know, since last summer I have
been participating in the monthly Y2K meetings of the senior managers
in agencies whose systems are most at risk. I can attest that they and
their staffs are focused on getting the job done. It is more a question
of doing whatever it takes to overcome obstacles and accelerate
progress in remediating systems. I am confident that these agencies
will be able to do that and ensure that their critical systems will be
ready for the Year 2000.
Contingency Funding
The availability of emergency contingency funding is playing an
important role in the ability of agencies to meet the Y2K challenge
head-on, even as they encounter new and unexpected Y2K expenditures. It
has been especially helpful to have an expedited process for OMB and
congressional review of agency needs.
Last year's Omnibus Appropriations bill provided a total of $3.35
billion--$2.25 billion for non-defense agencies and $1.1 billion for
defense--for emergency expenses related to Year 2000 conversion of
Federal information technology systems and related expenses. Since the
completion of the fiscal 1999 appropriations process, OMB has worked
with the agencies to identify activities that were included in the
President's fiscal 1999 budget that Congress directed to be funded from
the contingent emergency reserve as well as critical requirements that
have been identified since the President's budget was transmitted last
February. For these new requirements, OMB is reviewing each agency
request carefully to ensure that funds requested were unanticipated and
will solve a Year 2000 problem.
Of the $2.25 billion available for non-defense agencies, $1.2
billion has been allocated to date. On November 6, 1998, OMB requested
the release of $891 million in non-defense funding for 17 agencies. OMB
requested an additional $338 million in non-defense funding for 21
agencies on December 8. These transfers will support a range of
activities to ensure that important computer systems will operate
smoothly through the Year 2000 and beyond. Federal agencies would use
this funding for additional remediation of information technology
systems, testing to ensure that systems are Y2K compliant, replacement
of embedded computer chips, creation and verification of continuity of
operations and contingency plans, and outreach to non-Federal entities
by agencies in support of the Council.
I have submitted for the record with my testimony a copy of the
December 8 OMB document, which summarizes both requests. OMB has also
notified agencies that, should they continue to identify unforeseen
Year 2000-related funding requirements, they should forward these
requirements to OMB for consideration as items that may be funded from
the contingent emergency reserve. A third request is expected to be
transmitted to Congress before the end of the month.
With regard to the $1.1 billion made available by Congress for
defense activities, the Defense Department furnished OMB with a report
on January 8 on how DOD plans to use its portion of the supplemental
appropriation. OMB is currently reviewing the proposal and anticipates
making recommendations shortly.
It has been clear from the start that to operate effectively,
Federal systems often depend upon a large number of outside, non-
Federal systems. State systems that support State-administered Federal
programs such as unemployment insurance and Medicaid must work properly
for Federal systems to effectively carry out their tasks in these
areas. At U.S. embassies around the world, Federal systems depend on
the functioning of host country systems for their operations.
The Federal Government does not have a responsibility to fix, or
pay for fixes to, non-Federal systems--whether they be in the private
sector, at the State and local level, or internationally. However, in
some areas, it is appropriate for the Federal Government to support
planning activities and the sharing of best practices related to
remediating non-Federal systems, insofar as this contributes to Federal
interests and the effective operation of Federal systems. This support
could be critical in key infrastructure areas such as
telecommunications and transportation, where States and international
entities are working together to ensure a seamless transition to the
Year 2000.
We have provided the Committee copies of the most recent OMB report
on Federal agency Y2K progress and the Council's quarterly summary of
assessments regarding private sector and State and local Y2K efforts.
Looking Forward
Progress is being made on the Y2K problem--in the Federal
Government, at the State and local level, in the private sector, and
internationally. But much work remains to be done. As I've said often,
not every system is going to be fixed by January 1, 2000. However, I am
confident that difficulties for the economy or the public will not be
the result of a direct failure of Federal systems. Agencies are focused
on this problem and are managing toward ambitious goals for completing
their work. The Federal Government's successful resolution of the Y2K
problem in its systems will be a tribute to the skill, dedication, and
hard work of thousands of career employees working across the
Government. It is my pleasure to assist them in whatever way I can as
part of this vital national effort.
I thank the Committee for its support on this important matter, and
I would be happy to answer any questions that you may have.
______
The White House,
Washington, December 8, 1998.
The Speaker of the House of Representatives.
Sir: In accordance with provisions of Public Law 105-277, the
Omnibus Consolidated and Emergency Supplemental Appropriations Act,
1999, I hereby request the following transfers from the Information
Technology Systems and Related Expenses account:
department of agriculture
Executive Operations, Office of the Chief Information Officer:
$28,731,000
department of commerce
General Administration, Salaries and Expenses: $5,350,000
Economic Development Administration, Salaries and Expenses:
$694,000
Bureau of the Census, Salaries and Expenses: $10,000,000
Bureau of the Census, Periodic Censuses and Programs: $10,900,000
Export Administration, Operations and Administration: $330,000
National Technical Information Service, NTIS Revolving Fund:
$1,000,000
National Institute of Standards and Technology, Industrial
Technology Services: $21,000,000
department of education
Office of Postsecondary Education, Federal Direct Student Loan
Program, Program Account: $531,000
Office of Postsecondary Education, Federal Family Education Loan
Program Account: $794,000
Departmental Management, Program Administration: $960,000
department of housing and urban development
Management and Administration, Salaries and Expenses: $12,200,000
department of the interior
Departmental Management, Working Capital Fund: $17,701,200
department of labor
Employment and Training Administration, Training and Employment
Services: $804,000
Mine Safety and Health Administration, Salaries and Expenses:
$2,259,000
Departmental Management, Salaries and Expenses: $1,170,000
Departmental Management, Office of the Inspector General:
$1,000,000
department of state
Administration of Foreign Affairs, Capital Investment Fund:
$10,000,000
department of transportation
Office of the Secretary, Salaries and Expenses: $7,054,000
Coast Guard, Operating Expenses: $20,505,000
Federal Aviation Administration, Operations: $9,699,000
Federal Aviation Administration, Facilities and Equipment:
$86,612,000
Federal Aviation Administration, Research, Engineering, and
Development: $147,000
Research and Special Programs Administration, Research and Special
Programs: $182,000
Research and Special Programs Administration, Pipeline Safety:
$150,000
Maritime Administration, Operations and Training: $530,000
department of the treasury
Departmental Offices, Automation Enhancement: $37,403,000
Bureau of Alcohol, Tobacco and Firearms, Salaries and Expenses:
$2,665,000
federal emergency management agency
Salaries and Expenses: $3,641,000
Emergency Management Planning and Assistance: $3,711,000
general services administration
General Activities, Policy and Operations: $12,701,023
international assistance programs
Agency for International Development, Operating Expenses of the
Agency for International Development: $10,200,000
Overseas Private Investment Corporation, Overseas Private
Investment Corporation Noncredit Account: $840,000
Overseas Private Investment Corporation Program Account: $1,260,000
African Development Foundation, African Development Foundation:
$137,485
small business administration
Salaries and Expenses: $890,000
district of columbia
District of Columbia Courts, Federal Payment to the District of
Columbia Courts: $2,248,660
national archives and records administration
Operating Expenses: $6,662,000
office of special counsel
Salaries and Expenses: $100,000
railroad retirement board
Federal Payment to the Railroad Retirement Accounts: $340,000
smithsonian institution
Salaries and Expenses: $4,700,000
This funding will support efforts to make Federal information
technology systems Year 2000 compliant and outreach to non-Federal
entities in support of the Year 2000 Conversion Council.
I hereby designate all of the above requests as emergency
requirements pursuant to section 251(b)(2)(A) of the Balanced Budget
and Emergency Deficit Control Act of 1985, as amended.
The details of these actions are set forth in the enclosed letter
from the Director of the Office of Management and Budget. I concur with
his comments and observations.
Sincerely,
William J. Clinton.
Enclosure.
______
Executive Office of the President,
Office of Management and Budget,
Washington, December 8, 1998.
The Honorable Bob Livingston,
Chairman, Committee on Appropriations, U.S. House of Representatives,
Washington, D.C.
Dear Mr. Chairman: In accordance with provisions of Public Law 105-
277, the Omnibus Consolidated and Emergency Supplemental Appropriations
Act, 1999, I am transmitting a proposed allocation and plan for the
following agencies to achieve Year 2000 (Y2K) compliance for technology
information systems:
Department of Agriculture
Department of Commerce
Department of Education [revision]
Department of Housing and Urban Development
Department of the Interior [revision]
Department of Labor [revision]
Department of State [revision]
Department of Transportation
Department of the Treasury [revision]
Federal Emergency Management Agency
General Services Administration [revision]
Agency for International Development
Overseas Private Investment Corporation
African Development Foundation
Small Business Administration
District of Columbia Courts
National Archives and Records Administration
Office of Special Counsel
Railroad Retirement Board
Smithsonian Institution
As noted, for six of the agencies listed above, the materials
transmitted revise the allocations and plans for these agencies that
were submitted on November 6, 1998.
In monitoring Federal agency progress towards Y2K compliance, OMB
has directed agencies to estimate the total fiscal year 1999 resources
necessary for Y2K compliance and related expenses. Further, OMB and the
agencies have worked together to determine whether resource
requirements associated with Y2K can be accommodated within
appropriated levels, or whether contingent emergency funds should be
allocated.
For the agencies listed above, the allocation of contingent
emergency funds required at this time is displayed on the enclosed
table. The table indicates which agencies will be receiving a second
allocation of emergency funding--those allocations and plans that are
being revised--to demonstrate how their resource requirements have been
addressed over time.
In addition, all of the agencies listed above have been directed to
provide detailed justification materials for these requirements to the
committees specified in Public Law 105-277, as well as to the relevant
appropriations subcommittees, concurrent with the transmittal of this
allocation and plan. These materials detail agency funding requirements
associated with systems remediation, and discuss how that funding--both
base funding and emergency supplemental funding--will assist an agency
in achieving Y2K compliance. In addition, funding for activities in
support of the President's Council on Year 2000 Conversion is
discussed. OMB will continue to monitor agency requirements and will
address additional funding needs as they emerge.
OMB's strategy to ensure agency Y2K compliance is predicated on
agency accountability. We have systematically monitored agency progress
through agency goals for: compliance of mission critical systems,
progress on the status of mission critical systems, status of mission
critical systems being repaired, and agency Y2K cost estimates.
These performance measures have proved useful in ensuring agency
accountability without diverting vital resources from Y2K compliance
activities to reporting requirements. Provided with this package is
OMB's November 1998 Y2K Quarterly Report to the House and Senate
Appropriations Committees, which includes an assessment of these
performance measures and the Government's overall progress. In
assessing agency progress towards compliance, OMB has focused on the
four measures described above. The report also details other
initiatives--such as our work with the States on data exchanges--that
are part of the Administration's overall plan for achieving Y2K
compliance.
For most of the agencies listed in this transmittal, the following
constitutes the agency plan as required by Public Law 105-277: OMB
Quarterly Report; and, the justification materials provided by the
agencies concurrent with the transmittal of this letter.
For several small, independent agencies included in this
transmittal--Overseas Private Investment Corporation, African
Development Foundation, District of Columbia Courts, Office of Special
Counsel, Railroad Retirement Board, and Smithsonian Institution--the
justification materials provided serve as the agency plan. OMB has been
monitoring the progress of these small agencies, and will ask them to
report back on their status early next year.
Thank you again for your cooperation on this important issue.
Sincerely,
Jacob J. Lew,
Director.
______
[Estimate No. 25, 105th Congress, 2d Session]
Executive Office of the President,
Office of Management and Budget,
Washington, DC, December 8, 1998.
The President,
The White House.
Submitted for your consideration are requests to transfer $338
million from the Information Technology Systems and Related Expenses
Account for year 2000 (Y2K) compliance to 20 Federal agencies. This is
the second release of contingent emergency funding for Y2K from funds
appropriated in Public Law 105-277, the Omnibus Consolidated and
Emergency Supplemental Appropriations Act, 1999. On November 6, 1998,
you allocated $891 million to 17 Federal Agencies.
These transfers will support a range of activities to ensure that
important computer systems will operate smoothly through the year 2000
and beyond. Contingent emergency funding would be allocated both for
activities that were included in your fiscal year 1999 Budget but were
not funded in the fiscal year 1999 appropriations process, and for
critical Y2K requirements that have been identified since the fiscal
year 1999 Budget was transmitted. Federal agencies would use this
funding for additional remediation for information technology systems,
testing to ensure that systems are Y2K compliant, replacement of
embedded computer chips, creation and verification of continuity of
operations and contingency plans, and outreach to non-Federal entities
by agencies in support of the Year 2000 Conversion Council.
Your fiscal year 1999 Budget anticipated that Y2K requirements
would emerge over the course of the year and included an allowance to
provide flexible funding to address emerging needs. As you requested,
Public Law 105-277, the Fiscal Year 1999 Omnibus Consolidated and
Emergency Supplemental Appropriations Act, provided contingent
emergency funding for Y2K computer conversion activities--$1.1 billion
for defense-related activities and $2.25 billion for non-defense
activities. The enclosed requests for transfers are for non-defense
agencies; therefore, the funds would be transferred from the
Information Technology Systems and Related Expenses account established
by Public Law 105-277.
OMB continues its oversight of Federal agency progress toward
fixing the Y2K problem. We are working to ensure that Federal agencies
have sufficient fiscal year 1999 resources to address Y2K and that
flexible contingent emergency funding remains available to address
emerging needs. Pursuant to the requirements of Public Law 105-277, OMB
will prepare and submit reports to Congress on the proposed allocation
and plan for each affected agency to achieve year 2000 compliance for
technology information systems before funds can be released to the
agency. The report for agencies represented in this second release of
Y2K contingent emergency funds will be transmitted to the congressional
committees specified in Public Law 105-277 concurrent with this request
for release of the funds. In addition, OMB has directed each affected
agency to provide detailed justification materials in support of its
plan and allocation to the relevant appropriations subcommittees. OMB
will continue to monitor agency requirements and will address
additional funding needs as they emerge.
I recommend that you designate the amounts listed on the enclosure
as emergency requirements in accordance with section 251(b)(2)(A) of
the Balanced Budget and Emergency Deficit Control Act of 1985, as
amended. No further congressional action will be required. Pursuant to
Public Law 105-277, funds will be made available to agencies 15 days
after this designation is forwarded to Congress.
I have carefully reviewed these proposals and am satisfied that
they are necessary at this time. Therefore, I join the heads of the
affected Departments and agencies in recommending that you make the
requested funds available by signing the enclosed letter to the Speaker
of the House of Representatives.
Sincerely,
Jacob J. Lew,
Director.
Enclosure.
Emergency Appropriations: Amounts Previously Appropriated Made Available
by the President
Year 2000 (Y2K) Conversion:
Department of Agriculture: Executive Operations,
Office of the Chief Information Officer........... $28,731,000
Department of Commerce:
General Administration, Salaries and Expenses... 5,350,000
Economic Development Administration, Salaries
and Expenses.................................. 694,000
Bureau of the Census: Salaries and Expenses. 10,000,000
Periodic Censuses and Programs.............. 10,900,000
Export Administration, Operations and
Administration................................ 330,000
National Technical Information Service, NTIS
Revolving Fund................................ 1,000,000
National Institute of Standards and Technology,
Industrial Technology Services................ 21,000,000
Department of Education:
Office of Postsecondary Education:
Federal Direct Student Loan Program, Program
Account................................... 531,000
Federal Family Education Loan Program
Account................................... 794,000
Departmental Management, Program Administration. 960,000
Department of Housing and Urban Development:
Management and Administration, Salaries and
Expenses.......................................... 12,200,000
Department of the Interior: Departmental Management,
Working Capital Fund.............................. 17,701,200
Department of Labor:
Employment and Training Administration:
Training and Employment Services............ 804,000
Mine Safety and Health Administration, Salaries
and Expenses.................................. 2,259,000
Departmental Management:
Departmental Management......................... 1,170,000
Office of the Inspector General................. 1,000,000
Department of State: Administration of Foreign
Affairs, Capital Investment Fund.................. 10,000,000
Department of Transportation:
Office of the Secretary, Salaries and Expenses.. 7,054,000
Coast Guard, Operating Expenses................. 20,505,000
Federal Aviation Administration:
Operations.................................. 9,699,000
Facilities and Equipment.................... 86,612,000
Research, Engineering, and Development...... 147,000
Research and Special Programs Administration:
Research and Special Programs............... 182,000
Pipeline Safety............................. 150,000
Maritime Administration, Operations and Training 530,000
Department of the Treasury:
Departmental Offices, Automation Enhancement.... 37,403,000
Bureau of Alcohol, Tobacco and Firearms,
Salaries and Expenses......................... 2,665,000
Federal Emergency Management Agency:
Salaries and Expenses........................... 3,641,000
Emergency Management Planning and Assistance.... 3,711,000
General Services Administration: General Activities,
Policy and Operations............................. 12,701,023
International Assistance Programs:
Agency for International Development, Operating
Expenses of the Agency for International
Development................................... 10,200,000
Overseas Private Investment Corporation:
Overseas Private Investment Corporation
Noncredit Account......................... 840,000
Overseas Private Investment Corporation
Program Account........................... 1,260,000
African Development Foundation, African
Development Foundation........................ 137,000
Small Business Administration: Salaries and Expenses 890,485
District of Columbia:
District of Columbia Courts, Federal Payment to
the District of Columbia Courts............... 2,248,660
National Archives and Records Administration:
Operating Expenses................................ 6,662,000
Office of Special Counsel: Salaries and Expenses.... 100,000
Railroad Retirement Board: Federal Payment to the
Railroad Retirement Accounts...................... 340,000
Smithsonian Institution: Salaries and Expenses...... 4,700,000
The funds made available will enable these agencies to address the
Y2K problem by supporting additional remediation for information
technology systems, testing to ensure that systems are indeed Y2K
compliant, replacement of embedded computer chips, creation and
verification of continuity of operations and contingency plans, and
outreach to non-Federal entities by agencies in support of the Year
2000 Conversion Council.
ALLOCATION OF FISCAL YEAR 1999 Y2K FUNDING
[Budget authority, in thousands of dollars]
----------------------------------------------------------------------------------------------------------------
Financed From
Estimated ------------------------------------------
Agency/Bureau/Account Agency Fiscal Year 11/06/98 12/07/98
Requirement 1999 Emergency Emergency
Appropriation Release Release
----------------------------------------------------------------------------------------------------------------
DEPARTMENT OF AGRICULTURE: \1\
Agency-wide funding................................ [71,883] [43,152] ............ [28,731]
Farm and Foreign Agricultural Services............. 7,304 5,719 ............ 1,585
Food, Nutrition, and Consumer Services............. 2,550 1,800 ............ 750
Food Safety........................................ 6,488 4,110 ............ 2,378
Marketing and Regulatory Programs.................. 11,004 10,804 ............ 200
Natural Resources and Environment.................. 13,624 9,717 ............ 3,907
Research, Education, and Economics................. 4,301 2,413 ............ 1,888
Rural Development.................................. 9,890 1,390 ............ 8,500
Administration..................................... 16,722 7,199 ............ 9,523
--------------------------------------------------------
Total, Agriculture............................... 71,883 43,152 ............ 28,731
========================================================
DEPARTMENT OF COMMERCE:
General Administration/Salaries and Expenses....... 5,350 ............. ............ 5,350
Economic Development Administration/Salaries and 694 ............. ............ 694
Expenses..........................................
Bureau of the Census:
Salaries and Expenses.......................... 10,000 ............. ............ 10,000
Periodic Censuses and Programs................. 10,900 ............. ............ 10,900
Economic and Statistical Analysis/Salaries and 105 105 ............ ............
Expenses..........................................
Export Administration/Operations and Administration 360 30 ............ 330
National Oceanic and Atmospheric Administration/ 1,994 1,994 ............ ............
Operations, Research, and Facilities..............
Patent and Trademark Office/Salaries and Expenses.. 2,877 2,877 ............ ............
National Technical Information Service/NTIS 1,250 250 ............ 1,000
Revolving Fund....................................
National Institute of Standards and Technology:
Scientific and Technical Research and Serv- 1,200 1,200 ............ ............
ices..........................................
Industrial Technology Services................. 21,000 ............. ............ 21,000
National Telecommunications and Information 20 20 ............ ............
Administration/Salaries and Expenses..............
--------------------------------------------------------
Total, Commerce................................ 55,750 6,476 ............ 49,274
========================================================
DEPARTMENT OF EDUCATION:
Office of Postsecondary Education:
Federal Direct Student Loan Program, Program 531 ............. ............ 531
Account.......................................
Federal Family Education Loan Program Ac- 1,950 1,156 ............ 794
count.........................................
Departmental Management/Program Administration..... 4,399 1,878 1,561 960
--------------------------------------------------------
Total, Education................................. 6,880 3,034 1,561 2,285
========================================================
DEPARTMENT OF ENERGY: \2\
Atomic Energy Defense Activities:
Weapons Activities............................. 15,066 15,066 ............ ............
Defense Environmental Restoration and Waste 26,631 16,291 10,340 ............
Management....................................
Defense Facilities Closure Projects............ 9,514 6,014 3,500 ............
Defense Nuclear Waste Disposal................. 1,306 1,306 ............ ............
Other Defense Activities....................... 853 853 ............ ............
Energy Programs:
Science........................................ 566 566 ............ ............
Energy Supply.................................. 1,201 1,201 ............ ............
Fossil Energy Research and Development......... 94 94 ............ ............
Energy Information Administration.............. 596 596 ............ ............
Nuclear Waste Disposal Fund.................... 67 67 ............ ............
Power Marketing Administrations:
Construction, Rehabilitation, Operation and 73 73 ............ ............
Maintenance, Western Area Power Administration
Bonneville Power Administration Fund............... 550 550 ............ ............
Departmental Administration/Departmental 11,623 1,623 10,000 ............
Administration....................................
--------------------------------------------------------
Total, Energy.................................. 68,140 44,300 23,840 ............
========================================================
DEPARTMENT OF HEALTH AND HUMAN SERVICES: \3\
Departmental Management/Public Health and Social [285,300] [96,247] [189,053] ............
Services Emergency Fund (75-1040).................
FDA................................................ 13,328 2,215 11,113 ............
HRSA............................................... 10,000 ............. 10,000 ............
IHS................................................ 25,700 2,300 23,400 ............
CDC................................................ 6,800 1,900 4,900 ............
NIH................................................ 10,825 4,832 5,993 ............
SAMSHA............................................. 100 ............. 100 ............
AHCPR.............................................. 420 ............. 420 ............
HCFA............................................... 194,200 82,500 111,700 ............
ACF................................................ 6,225 1,500 4,725 ............
AoA................................................ 600 ............. 600 ............
OS................................................. 2,719 ............. 2,719 ............
OIG................................................ 5,400 ............. 5,400 ............
PSC................................................ 8,983 1,000 7,983 ............
--------------------------------------------------------
Total, Health and Human Services................. 285,300 96,247 189,053 ............
========================================================
DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT:
Federal Housing Administration/FHA--Mutual Mortgage 5,000 5,000 ............ ............
Insurance Program Account.........................
Management and Administration/Salaries and Expenses 18,200 6,000 ............ 12,200
--------------------------------------------------------
Total, Housing and Urban and Development....... 23,200 11,000 ............ 12,200
========================================================
DEPARTMENT OF THE INTERIOR: \4\
Departmental Management/Working Capital Fund....... [57,776] [7,175] [32,900] [17,701]
BLM................................................ 5,146 250 4,896 ............
MMS................................................ ............ ............. ............ ............
OSM................................................ 413 413 ............ ............
Bur Rec............................................ 3,907 2,975 444 488
USGS............................................... 14,447 110 8,439 5,898
FWS................................................ 1,192 700 ............ 492
NPS................................................ 13,612 ............. 8,720 4,892
BIA................................................ 12,526 2,500 8,526 1,500
Department-wide systems/Office of the Secretary.... 3,622 227 1,875 1,520
OIA................................................ 2,350 ............. ............ 2,350
Office of the Solicitor............................ 561 ............. ............ 561
--------------------------------------------------------
Total, Interior.................................. 57,776 7,175 32,900 17,701
========================================================
DEPARTMENT OF JUSTICE:
General Administration:
Salaries and Expenses.......................... 120 ............. 120 ............
Office of Inspector General.................... 2,835 ............. 2,835 ............
United States Parole Commission/Salaries and 20 ............. 20 ............
Expenses..........................................
Legal Activities and U.S. Marshals:
Salaries and Expenses General Legal Activities. 6,389 ............. 6,389 ............
Salaries and Expenses, Antitrust Division...... 8 ............. 8 ............
Salaries and Expenses, United States Attor- 427 ............. 427 ............
neys..........................................
Salaries and Expenses, United States Marshals 700 ............. 700 ............
Service.......................................
United States Trustee System Fund.............. 1,003 ............. 1,003 ............
Federal Bureau of Investigation/Salaries and Ex- 10,293 ............. 10,293 ............
penses............................................
Drug Enforcement Administration/Salaries and 1,967 ............. 1,967 ............
Expenses..........................................
Immigration and Naturalization Service/Salaries and 9,268 ............. 9,268 ............
Expenses..........................................
Federal Prison System/Salaries and Expenses........ 200 ............. 200 ............
--------------------------------------------------------
Total, Justice................................... 33,230 ............. 33,230 ............
========================================================
DEPARTMENT OF LABOR:
Employment and Training Administration:
Training and Employment Services............... 2,095 500 791 804
Program Administration......................... 3,293 1,721 1,572 ............
Employment Standards Administration/Salaries and 4,405 4,405 ............ ............
Expenses..........................................
Occupational Safety and Health Administration/ 1,130 1,130 ............ ............
Salaries and Expenses.............................
Mine Safety and Health Administration/Salaries and 4,634 575 1,800 2,259
Expenses..........................................
Bureau of Labor Statistics/Salaries and Expenses... 137 137 ............ ............
Departmental Management:
Salaries and Expenses.......................... 4,657 400 3,087 1,170
Office of the Inspector General................ 1,469 469 ............ 1,000
Assistant Secretary for Veterans Employment and 173 173 ............ ............
Training..........................................
--------------------------------------------------------
Total, Labor................................... 21,993 9,510 7,250 5,233
========================================================
DEPARTMENT OF STATE: Administration of Foreign Affairs/ 57,890 ............. 47,890 10,000
Capital Investment Fund...............................
========================================================
DEPARTMENT OF TRANSPORTATION:
Office of the Secretary/Salaries and Expenses...... 8,475 1,421 ............ 7,054
Coast Guard/Operating Expenses..................... 23,505 3,000 ............ 20,505
Federal Aviation Administration:
Operations..................................... 9,699 ............. ............ 9,699
Facilities and Equipment....................... 131,612 45,000 ............ 86,612
[Host replacement]............................. [72,000] [20,000] ............ [52,000]
[Other F&E request]............................ [59,612] [25,000] ............ [34,612]
Research, Engineering, and Development......... 147 ............. ............ 147
Federal Transit Administration/Administrative Ex- 1,900 1,900 ............ ............
penses............................................
Research and Special Programs Administration:
Research and Special Programs.................. 182 ............. ............ 182
Pipeline Safety................................ 150 ............. ............ 150
Maritime Administration/Operations and Training.... 700 170 ............ 530
Other Administrations.............................. 1,264 1,264 ............ ............
--------------------------------------------------------
Total, Transportation............................ 177,634 52,755 ............ 124,879
========================================================
DEPARTMENT OF THE TREASURY:
Departmental Offices:
Salaries and Expenses.......................... 1,238 ............. 1,238 ............
Automation Enhancement......................... 40,165 ............. 2,762 37,403
Financial Management Service/Salaries and Ex- 6,000 ............. 6,000 ............
penses............................................
Bureau of Alcohol, Tobacco, and Firearms/Salaries 7,665 ............. 5,000 2,665
and Expenses......................................
United States Customs Service/Salaries and Ex- 10,200 ............. 10,200 ............
penses............................................
Bureau of the Public Debt/Administering the Public 1,000 ............. 1,000 ............
Debt..............................................
Internal Revenue Service/Information Systems....... 483,000 ............. 483,000 ............
United States Secret Service/Salaries and Expenses. 3,000 ............. 3,000 ............
--------------------------------------------------------
Total, Treasury.................................. 552,268 ............. 512,200 40,068
========================================================
OTHER DEFENSE--CIVIL PROGRAMS: Selective Service System 564 314 250 ............
========================================================
EXECUTIVE OFFICE OF THE PRESIDENT:
Office of Administration........................... 12,200 ............. 12,200 ............
Office of Management and Budget.................... 1,600 1,600 ............ ............
Office of the United States Trade Representative... 498 ............. 498 ............
--------------------------------------------------------
Total, Executive Office of the President......... 14,298 1,600 12,698 ............
========================================================
FEDERAL EMERGENCY MANAGEMENT AGENCY:
Salaries and Expenses.............................. 4,541 900 ............ 3,641
Emergency Management Planning and Assistance....... 3,711 ............. ............ 3,711
--------------------------------------------------------
Total, FEMA...................................... 8,252 900 ............ 7,352
========================================================
GENERAL SERVICES ADMINISTRATION: \5\ General Activities/ 24,012 6,511 4,800 12,701
Policy and Operations.................................
========================================================
INTERNATIONAL ASSISTANCE PROGRAMS:
Agency for International Development/Operating 23,900 13,700 ............ 10,200
Expenses of the Agency for International Develop-
ment..............................................
Overseas Private Investment Corporation:
Overseas Private Investment Corporation 840 ............. ............ 840
Noncredit Account.............................
Overseas Private Investment Corporation Program 1,260 ............. ............ 1,260
Account.......................................
African Development Foundation/African Development 189 51 ............ 137
Foundation........................................
--------------------------------------------------------
Total, International Assistance Programs....... 26,189 13,751 ............ 12,437
========================================================
SMALL BUSINESS ADMINISTRATION: Salaries and Expenses... 2,816 1,926 ............ 890
========================================================
CORPORATION FOR NATIONAL AND COMMUNITY SERVICE: 800 ............. 800 ............
Domestic Volunteer Service Programs, Operating
Expenses..............................................
DISTRICT OF COLUMBIA: District of Columbia Courts/ 2,249 ............. ............ 2,249
Federal Payment to the District of Columbia Courts....
FEDERAL COMMUNICATIONS COMMISSION: Salaries and 8,516 ............. 8,516 ............
Expenses..............................................
FEDERAL TRADE COMMISSION: Salaries and Expenses........ 550 ............. 550 ............
NATIONAL ARCHIVES AND RECORDS ADMINISTRATION: Operating 6,662 ............. ............ 6,662
Expenses..............................................
OFFICE OF SPECIAL COUNSEL: Salaries and Expenses....... 100 ............. ............ 100
RAILROAD RETIREMENT BOARD: Federal Payment to the 6,041 5,701 ............ 340
Railroad Retirement Accounts..........................
SECURITIES AND EXCHANGE COMMISSION: Salaries and 7,400 ............. 7,400 ............
Expenses..............................................
SMITHSONIAN INSTITUTION: Salaries and Expenses......... 4,700 ............. ............ 4,700
UNITED STATES HOLOCAUST MEMORIAL COUNCIL: Holocaust 680 ............. 680 ............
Memorial Council......................................
UNITED STATES INFORMATION AGENCY: Technology Fund...... 7,062 ............. 7,062 ............
========================================================
TOTAL, EMERGENCY RELEASES........................ ............ ............. 890,680 337,802
----------------------------------------------------------------------------------------------------------------
\1\ Emergency funds will be transferred to the Office of the Chief Information Officer. Detail illustrates
allocation by mission area (additional detail is included in agency plan).
\2\ Certain Bureau-level requirements will be addressed with centrally-administered funding ($10 million in
Departmental Management).
\3\ All emergency funding will be transferred to the Public Health and Social Services Emergency Fund. OPDIV
detail illustrates HHS distribution.
\4\ All emergency funding will be transferred to the Working Capital Fund Bureau detail illustrates Interior's
reported distribution.
\5\ Amount financed from fiscal year 1999 appropriations is for internal systems conversion and represents
agency total.
______
7th Quarterly Report--Progress on Year 2000 Conversion
u.s. office of management and budget
data as of november 15, 1998
issued december 8, 1998
Executive Summary
The Administration is committed to ensuring that Federal agencies
meet the challenges posed by the year 2000 (``Y2K'') computer problem
so that critical government services will not be disrupted. The Office
of Management and Budget (OMB), in close cooperation with John
Koskinen, Assistant to the President and Chair of the President's
Council on Year 2000 Conversion, continues to work closely with
individual agencies to ensure that they will be ready for the year
2000. Since August, most agencies have made significant progress in
their Y2K efforts. Some agencies remain behind the government-wide
goals. As of November 15, 1998:
--Of 6,696 mission critical systems identified by agencies, 61
percent are now Y2K compliant, compared to 50 percent in
August. These compliant systems include systems that have been
repaired or replaced, and those that were already compliant.
OMB has established a governmentwide goal of March 1999 for
reaching 100 percent compliance.
--Of the remaining 39 percent, 30 percent are still being repaired,
seven percent are still being replaced, and three percent will
be retired (totals differ due to rounding).
--Of those systems that have been or will be repaired, 90 percent
have completed renovation, an increase from 71 percent in
August. Sixty percent have now completed validation, while
implementation is now 52 percent complete.
--There are now six Tier 1 agencies (not making adequate progress),
down from seven in August; seven Tier 2 agencies (making
progress, but with concerns), down from eight; and 11 Tier 3
agencies (making satisfactory progress), up from nine. The
Department of Education moved from Tier 1 to Tier 2; the
Departments of Housing and Urban Development and of Interior
moved from Tier 2 to Tier 3.
--Agencies estimate they will spend $6.4 billion fixing the problem
from fiscal year 1996 through fiscal year 2000, an increase
from the August 1998 estimate of $5.4 billion. This increase is
not unexpected, and the President's fiscal year 1999 budget
included an allowance to address emerging requirements.
--Agencies are developing contingency plans for systems that are not
expected to be ready by March 1999, and continuity of business
plans to ensure that vital public services will continue.
Agencies have made progress on assuring that data exchanges
with other systems, particularly systems operated by the
States, will occur without problems.
Although most agencies are progressing well, and some have improved
sufficiently to be moved to a higher Tier ranking, several agencies are
still behind the government-wide goals. These agencies must intensify
their efforts, particularly in the areas of validation, contingency
planning, and continuity of business planning.
In October, legislation was enacted to provide for emergency
funding for agency year 2000 fixes. The Omnibus Consolidated and
Emergency Supplemental Appropriations Act included a provision for
emergency funding for unexpected Y2K conversion activities, consisting
of $1.1 billion for defense-related activities and $2.25 billion for
non-defense activities. This action will help ensure that agencies have
sufficient resources to make a smooth transition to and beyond 2000. In
addition to the emergency fund, OMB continues to ensure adequate
funding and resources through the regular budget process. Throughout
the budget process for fiscal year 2000, OMB has been working closely
with agencies to ensure that adequate funding and management resources
will be available.
Progress on Year 2000 Conversion Report of the U.S. Office of
Management and Budget as of November 15, 1998
i. introduction
This report is the seventh is a series of quarterly reports to
Congress on the Administration's progress in fixing the year 2000
(``Y2K'') computer problem in Federal systems. This report builds on
previous reports by including more information on the Federal
government's work with State governments to ensure that Federal/State
data exchanges are ready and that Federally supported, State run
programs will provide uninterrupted public health and safety services.
This report also provides more information on the efforts that Federal
agencies are undertaking on contingency planning, continuity of
business planning, and independent verification and validation of their
systems. In summary, the report constitutes the Federal government's
plan to achieve year 2000 compliance of Federal systems.
This report summarizes data received on November 15, 1998, from the
24 agencies that make up the Federal Chief Information Officers' (CIO)
Council and from nine small and independent agencies.\1\ The 24
agencies are ranked into Tier 1 (insufficient evidence of adequate
progress), Tier 2 (progress, but concerns), or Tier 3 (satisfactory
progress). It also describes the status of a number of government-wide
activities underway, including the areas of telecommunications,
buildings, and biomedical devices and equipment.
---------------------------------------------------------------------------
\1\ Except where noted, the summary data provided in this report
refer solely to the 24 agencies.
---------------------------------------------------------------------------
This report and all previous reports are available on OMB's web
site [http://www.whitehouse.gov/WH/EOP/omb/], on the web site for the
President's Council on Year 2000 Conversion [http://www.y2k.gov], or
the CIO Council's web site [http://cio.gov].\2\
---------------------------------------------------------------------------
\2\ A list of key Federal year 2000 web sites may be found in
Appendix B.
---------------------------------------------------------------------------
OMB's initial report on the Y2K problem, entitled ``Getting Federal
Computers Ready for the Year 2000,'' was transmitted to Congress on
February 6, 1997. The report outlined the Federal Government's strategy
to address the Y2K problem in Federal systems; that strategy remains
predicated on agency accountability. In cooperation with the
President's Council on Year 2000 Conversion, the agencies are now being
held accountable at the highest of levels. The Federal government's
approach to fixing the problem follows the five phases of awareness,
assessment, renovation, validation, and implementation. Working with
the CIO Council, OMB set government-wide milestones for the completion
of each phase. Agencies then established plans for each phase. The five
phases overlap; for example, validation of some systems continues,
while some systems are being implemented, and yet others may still be
undergoing renovation.
The Administration continues to direct high level attention to this
issue within and beyond the Federal government to ensure readiness for
the year 2000. Within the Federal government, the additional focus on
the year 2000 problem through the budget process has allowed agencies
to take a close look at their resources and needs and has focused
management attention on the issue. The year 2000 emergency fund has
also raised the profile of this issue, while helping to ensure that
agencies will be ready on time. John Koskinen, Assistant to the
President and Chair of the President's Council on Year 2000 Conversion,
along with OMB, continues to participate in monthly meetings with
senior management of Tier 1 agencies, while agencies in Tiers 1 and 2
continue to submit monthly reports to OMB on their progress toward
their milestones.
ii. summary of government-wide progress
Summary of Systems Progress
Most agencies are on target to meet the government-wide milestones
of completion of renovation by September 1998, validation by January
1999, and implementation by March 1999. Notably, SBA has completed its
work, while SSA is ahead of schedule and will be finished shortly. (See
Appendix A, Table 1.)
There are now six Tier 1 agencies, down from seven in August; seven
Tier 2 agencies, down from eight; and 11 Tier 3 agencies, up from nine.
Senior Federal managers continue to reevaluate which systems are
critical to their organizations' missions and to set their priorities
accordingly. Agencies now identify 6,696 mission critical systems, a
reduction from the 7,343 mission critical systems identified in the
August report. Changes at this time are usually the result of
recategorizing and reprioritizing of systems. (See Appendix A, Table
2.)
Of the 6,696 mission critical systems, 61 percent are now Y2K
compliant, compared to 50 percent from August. These compliant systems
include systems that have been repaired or replaced, and those that
were already compliant. (See Table 1, below, and Appendix A, Table 2.)
Of the remaining 39 percent, 30 percent are still being repaired,
seven percent are still being replaced, and three percent will be
retired (totals differ due to rounding). The increase in systems being
retired reflects new decisions by managers to retire some systems that
were to have been repaired. (See Appendix A, Table 2.)
Of those systems that have been or will be repaired, 90 percent
have completed renovation, an increase from 71 percent from August.
Sixty percent have now completed validation, while implementation is
now 52 percent complete. (See Appendix A, Table 3.)
Senior management at all large agencies are relying on independent
verification of the validation process and other internal performance
measures to ensure that their systems will be ready on time.
All agencies have begun work on continuity of business plans. Most
agencies have focused their plans on core business functions to ensure
that vital public services continue. Developing solid continuity of
business plans, and contingency plans for systems that will miss the
March 1999 goal, will be a top priority in the coming months.
Cost Summary
Agencies now estimate they will spend $6.4 billion fixing the
problem from fiscal year 1996 through fiscal year 2000, an increase
from $5.4 billion from August 1998.\3\ (See Appendix A, Table 4.) This
increase is not unexpected, and the President's fiscal year 1999 budget
included an allowance to address emerging requirements.
---------------------------------------------------------------------------
\3\ These estimates include the costs of identifying necessary
changes, evaluating the cost effectiveness of making those changes (fix
or scrap decisions), making changes, testing systems, and preparing
contingencies for failure recovery. They include the costs for fixing
both mission critical and non-mission critical systems, as well non-
information technology products and systems such as air conditioning
and heating. They include outreach activities to non-federal entities.
They do not include the costs of upgrades or replacements that would
otherwise occur as part of the normal systems life cycle. They also do
not include the Federal share of the costs for state information
systems that support Federal programs.
---------------------------------------------------------------------------
Most of these cost increases are attributable to refinement of
estimates as agencies move through the validation phase and find that
some systems need to be reworked, obtain more information about the
costs of fixing the embedded chip problem, and develop continuity of
business plans. Other increases reflect decisions to repair legacy
systems in case those systems are not replaced on time. To the extent
that agencies encounter additional requirements, these estimates will
continue to rise.
The three largest cost increases are: Defense, up $591 million to
cover increased independent verification and end-to-end testing; HHS,
up $165 million to cover potential contingencies in fiscal year 2000;
and Treasury, up $53 million to cover increased testing and validation.
Summary of Other Progress
The Federal government is continuing to work closely with State
governments to ensure that data exchanges between the two are
compliant, and that Federally supported programs that are run by the
States will be able to provide vital public services.
For most agencies, embedded chips are used primarily within their
buildings' systems; at this time, good progress has been made, and GSA
is confident that this area is under control. A small number of
agencies use embedded chips in specialized areas, such as scientific
equipment; these agencies are working hard to fix these systems as
well, but much work remains.
Most agencies report that they have completed their assessments of
non-mission critical systems and are making progress on remediation. By
definition, such systems are less critical to the functioning of the
agencies, but many are still important. All of the agencies report
active programs to fix these systems, albeit as a lower priority.
TABLE 1.--GOVERNMENT-WIDE SUMMARY--YEAR 2000 STATUS--MISSION-CRITICAL SYSTEMS
[In percent]
----------------------------------------------------------------------------------------------------------------
Systems Being Repaired
All Systems -------------------------------------------------------
Agency Status Y2K Compliant Assessment Renovation Validation Implementation
\4\ Complete Complete \5\ Complete \6\ Complete \7\
----------------------------------------------------------------------------------------------------------------
Tier Three (DOI, VA, EPA, FEMA, GSA, HUD, 84 100 99 90 82
NASA, NRC, NSF, SBA, SSA)...............
Tier Two (USDA, DOC, Education, DOL, DOJ, 67 100 91 70 63
Treasury, OPM)..........................
Tier One (DOD, DOE, HHS, State, DOT, AID) 51 100 87 43 34
All Agencies............................. 61 100 9 60 52
----------------------------------------------------------------------------------------------------------------
\4\ Percentage of all mission-critical systems that will accurately process data through the century change;
these systems have been tested and are operational and includes those systems that have been repaired and
replaced, as well as those that were found to be already compliant.
\5\ Percentage of mission-critical systems that have been or are being repaired; ``Renovation complete'' means
that necessary changes to a system's databases and/or software have been made.
\6\ Percentage of mission-critical systems that have been or are being repaired; ``Validation complete'' means
that testing of performance, functionality, and integration of converted or replaced platforms, applications,
databases, utilities, and interfaces within an operational environment has occurred.
\7\ Percentage of mission-critical systems that are being or have been repaired; ``Implementation Complete''
means that the system has been tested for compliance and has been integrated into the system environment where
the agency performs its routine information processing activities. For more information on definitions, see
GAO/AIMD-10.1.14, ``Year 2000 Computing Crisis: An Assessment Guide,'' September 1997, available at http://
cio.gov under Year 2000 Documents.
iii. government-wide issues
Validation and Verification Efforts
Government-wide, 60 percent of mission critical systems have been
validated. Validation involves multiple phases of testing, including a
combination of testing of individual components (unit testing), testing
of entire systems (integration or systems testing), and in some cases,
testing of a string of systems of interdependent systems (end-to-end
testing). This incremental approach allows agencies to efficiently
locate any problems and fix them. It also ensures that the
implementation phase will be as smooth as possible.
All agencies are required to independently verify the validation
process. Senior management at all large agencies are now relying on
independent verification to provide a double-check that their mission-
critical systems will, in fact, be ready. All large agencies are
relying on a combination of their Inspectors General and contractors to
verify the results of agency testing and other measures of progress.
Now that the government-wide level of validation of mission-critical
systems has reached 60 percent, verification efforts are particularly
important. Some agencies have discovered that some systems, which were
considered compliant, were not. As a result, these non-compliant
systems will be or have been fixed, and management is afforded a higher
degree of confidence that the agency will achieve compliance on time.
Continuity of Business Planning and Contingency Planning \8\
---------------------------------------------------------------------------
\8\ See GAO report, a shared effort with the Year 2000 Committee of
the CIO Council, ``Year 2000 Computing Crisis: Business Continuity and
Contingency Planning.'' July, 1998; GAO/AIMD-10.1.19. In addition,
model Business Continuity and Contingency Plans, including that of the
Social Security Administration, were shared with other agencies as
models.
---------------------------------------------------------------------------
All agencies, regardless of progress, are required to develop
continuity of business plans. Such plans should describe risk
mitigation strategies and work-around alternatives to ensure the
continuity of the agency's core business functions. Such functions rely
not only on the agency's internal systems, but also on services outside
of the agency's control, such as the ability of suppliers to provide
products, services, or data, or the loss of critical infrastructure.
For this report, all agencies described their progress on
developing continuity of business plans. Most agencies are basing their
plans on certain core business functions that the agency believes are
essential to ensuring that the agency is able to perform its mission.
Agencies are using a variety of approaches, including ensuring that
back-up resources are available, determining if paper processes will
work, and making sure that regional offices can operate independent of
headquarters, if necessary. Contingency plans, described below, are a
subset of continuity of business plans.
Contingency plans are required for those systems that have been
behind the agency's internal schedule for two months or more over two
reporting periods or that won't meet the March 1999 goal. (See Appendix
C.) During this quarter, few agencies reported slippage from their
internal schedules.
On the other hand, more agencies reported increasing numbers of
systems that would not meet the March 1999 goal. (See Appendix C.)
Although some agencies have contingency plans, many did not mention
this subject in their report. Notably, Defense listed a large number of
systems, and while many had contingency plans, Defense did not indicate
that contingency plans were in place for all of them. While Justice has
forwarded more than 140 contingency plans to an independent validation
and verification contractor for review, it indicated that, to date, the
contractor had reviewed only five plans of the 11 systems behind
schedule.
Despite uneven progress, agencies are now focusing their efforts on
developing solid contingency plans and continuity of business plans. As
the President's Council on Year 2000 Conversion develops a national
risk assessment, agencies will have better information on internal and
external risks and how best to prepare for them. For the next report,
OMB plans to require more information on continuity of business plans
and contingency plans, including a description of plans so far,
completion dates for plans, and a description of how the continuity
plan will be tested.
Costs and Funding
Agencies now estimate they will spend $6.4 billion fixing the
problem from fiscal year 1996 through fiscal year 2000, an increase
from $5.4 billion from August. (See Appendix A, Table 4.)
Most of these cost increases are attributable to refinement of
estimates as agencies move through the validation phase and decide to
increase testing and independent verification activities, find that
some systems need to be reworked, obtain more information about the
costs of fixing the embedded chip problem, and develop continuity of
business plans. Other increases reflect decisions to repair legacy
systems in case those systems are not replaced on time. To the extent
that agencies encounter additional requirements, these estimates will
continue to rise.
These increases were not unexpected. The President's fiscal year
1999 budget requested approximately $1.1 billion in appropriations for
Y2K. It also included an allowance of $3.25 billion to cover emerging
and potential costs for Bosnia, natural disasters, and Y2K.
This spring and summer, the Administration worked with the Congress
on a contingent emergency funding proposal specifically for unforeseen
Y2K requirements. In August OMB asked agencies for their current
estimates of Y2K expenses, distinguishing between requirements included
in the President's budget and unforeseen requirements.
In September, the Administration requested a supplemental
appropriation of $3.25 billion in contingent emergency funding for Y2K
conversion, consistent with Senate action to that point. The Omnibus
Consolidated and Emergency Supplemental Appropriations Act for Fiscal
Year 1999 includes contingent emergency funding for Y2K computer
conversion activities: $1.1 billion for defense-related activities and
$2.25 billion for non-defense activities.
In order to determine how to best to allocate available base and
emergency funding, OMB evaluated agency requirements. OMB also worked
with the agencies to identify activities that had already been included
in the President's fiscal year 1999 Budget, but that Congress directed
be funded from the contingent emergency reserve. These redirected
requirements total approximately $590 million, of which: $30 million
was allocated on October 23, 1998, (for the Legislative and Judiciary
branches); $464 million was allocated on November 6, 1998; and, $94
million is being allocated concurrent with the transmittal of this
report. Additionally, OMB has approved approximately $676 million of
new funding for Y2K requirements that was not included within agencies'
fiscal year 1998 appropriated levels. Of this, $427 million was
allocated on November 6, 1998, and $244 million is being allocated
concurrent with the transmittal of this report. In total, $891 million
was allocated on November 6, 1998, and $338 million is being allocated
concurrent with the transmittal of this report. All amounts allocated
to date are for non-defense activities.
Additional transfers from the contingent emergency reserve will be
made in the future to ensure that all agencies have sufficient
resources to achieve Y2K compliance. OMB has also notified agencies
that, as they identify unforeseen funding requirements, they should
forward these requirements to OMB for evaluation. The Department of
Defense is reviewing its requirements for the defense contingent
emergency fund.
Government-wide Initiatives
Telecommunications Systems
GSA owns, manages, or resells consolidated telecommunications
services to Federal agencies throughout the United States. Like the
private sector, the Federal agencies are reliant upon commercial
vendors and the information they supply to address the compliance of
their telecommunications systems. In most cases, agencies must work
with telecommunications vendors to receive system upgrades; a number of
agencies, including GSA, continue to express frustration that some
vendors are not more forthcoming with information about the compliance
status of their products and services, have been slow to repair their
systems, or are slow in the delivery of necessary product upgrades,
often as a result of a shortage of technicians. In fact, many companies
have indicated that their systems won't be fully compliant until June
1999, leaving many agencies concerned that they will not have adequate
time to conduct thorough validation and end-to-end testing.
The Telecommunications Subcommittee, chaired by GSA's Federal
Technology Service (FTS), is working with industry to ensure that the
telecommunications services and systems provided to the Federal
Government are Y2K compliant. FTS has completed its inventory and
assessment for all GSA Consolidated Systems, which provide local
telecommunications services (including hardware, licensed proprietary
software, and features such as voice mail) to Federal agencies
nationwide. All Consolidated Systems will be compliant by March 1999.
GSA also provides voice mail to agencies that purchase services from
Consolidated Systems using 184 different systems. Although GSA
considers voice mail a non-mission critical system, it does plan to
upgrade 63 and replace one system so that all are compliant by the year
2000.
With respect to service obtained from Local Exchange Carriers
(LEC's), GSA has contacted LEC service providers for information on
their Y2K status which it then provides to other Federal agency users.
LEC's are dependent upon major network switch manufacturers for
software upgrades to address the Y2K problem. Switch suppliers have
committed to shipping these packages by the end of 1998 with LEC
deployment to follow in the spring of 1999. Responses GSA has received
to date indicate that most LEC's will complete equipment modifications
and testing for Y2K compliance by mid-1999. GSA continues to request
written responses from those LEC's that have not responded and believes
the passage of the Year 2000 Information Disclosure Act will facilitate
this process. The Act may also assist Federal agencies that buy
services from LEC's directly to obtain Y2K compliance status for their
affected office locations.
Besides GSA, Federal agencies own and operate or are otherwise
dependent upon a wide variety of telecommunications systems and
components. Interagency special interest groups (SIG's) have been
formed to assist agencies to collectively resolve the Y2K status of
these items through collaborative testing of telecommunications
equipment with industry. SIG's are formed by agencies that may rely on
systems or equipment from one vendor. SIG's either conduct the tests
themselves or work with the manufacturer to obtain test results which
are then shared across the government. The SIG's are also taking a lead
in addressing commonly acquired communications services such as
wireless and internet access. Equipment testing by the SIG's began in
December of 1997 and will continue throughout 1999. A web site, http://
y2k.fts.gsa.gov, lists the compliance status of commonly used
telecommunications equipment and has links to some sixty Y2K industry
sites. Agencies are responsible for accessing this information,
determining what equipment they must upgrade, and making the
appropriate repairs. The SIG's continue to provide a valuable forum to
share information regarding repairing or replacing telecommunications
components.
The telecommunications industry, through associations such as the
Alliance for Telecommunications Industry Solutions (ATIS) and the U.S.
Telco Year 2000 Forum, has begun programs for interoperability testing
between long distance providers and local service carriers. The Federal
government is an active participant in these efforts. The testing is to
be performed in early 1999 with the final reports expected to be
publicly released in January and July 1999.
In the Washington Metropolitan Area, Washington Interagency
Telecommunications Systems (WITS) provides approximately 170,000 analog
and digital lines supporting both data and voice applications to
Federal agencies. The system was fixed in July 1998. Voice mail
obtained from WITS is already Y2K compliant.
FTS2000.--GSA, through its FTS2000 contracts, provides most of the
Federal Government's long distance telecommunications services. GSA is
thus responsible for ensuring that the two FTS2000 vendors (Sprint and
AT&T) are Y2K compliant. GSA is conducting an ``FTS2001'' acquisition
to replace the expiring FTS2000 contracts. The FTS2001 contracts
require the winners to provide Y2K compliant services. Where possible,
GSA and many agencies intend to transition to the FTS2001 contracts
before the onset of the year 2000 to ensure compliance and a smooth
transition. GSA expects to extend the current FTS2000 contracts to
support those agencies that have not completed the transition to
FTS2001 by January 1, 2000.
Both FTS2000 vendors have made formal commitments that their
systems will be Y2K compliant prior to the year 2000. GSA sent letters
to both Sprint and AT&T to clarify these commitments. In their
response, AT&T stated that they were on target to complete network
element certification by year-end 1998 and to complete full testing of
the network no later than June 30, 1999. Sprint expects to meet similar
dates for its network but anticipates completion of repairs to several
supporting and billing systems in June 1999. Sprint also identified
some customer premise equipment that it provided to agencies under
terms of the FTS2000 contract which may not be compliant. GSA is
working with both vendors and agency customers to resolve this and
other issues related to FTS2000 network compliance.
International Telecommunications.--Within the United States, the
International Direct Distance Dialing contract with AT&T that is
managed by FTS has been certified compliant. Overseas, however, Federal
agencies that have extensive foreign operations are increasingly
concerned about the effect that the Y2K may have on their ability to
communicate with offices located in foreign nations. Some locations may
be totally dependent upon the telecommunications infrastructures of the
host nations. The State Department has determined that more than 95
percent of the telephone equipment it operates overseas is compliant or
can be operated in a manual mode. In addition, the State Department's
Diplomatic Telecommunications Services Program Office (DTS-PO)
continues to assess and upgrade its network and expects to complete its
efforts in December of 1998.
On the other hand, roughly five percent of the Department's
telephone services are met by equipment that is operated by host
nations. In many cases, links between State Department locations and
other U.S. government offices overseas rely on host nation services.
This reliance on foreign networks has led several agencies, including
the Peace Corps and the Agency for International Development, to
anticipate that operations in some countries, particularly in more
remote locations, may be adversely affected by telecommunications
problems. In these instances, international agencies are working
together to develop contingency plans or to identify backup systems,
such as satellites, to ensure communications are maintained. Their
efforts have been somewhat complicated by the lack of information
regarding the Y2K compliance status of alternative communications
services, including new satellite-based mobile communications systems.
Other Government-wide Telecommunications Services.--The equipment
supplied by GSA under the Federal Wireless Telecommunications Service
(FWTS) has been certified compliant by GTE. GSA-maintained, government-
wide contracts for Wire and Cable Service; Electronic Commerce,
Internet, and E-Mail Access; and Technical and Management Support all
contain Y2K compliance clauses. All task orders for the
Telecommunications Support Contract 2, which provides consulting and
telecommunications services, include Y2K compliance clauses.
Telecommunications Contingency Planning.--In September, GSA
prepared and distributed a Telecommunications Contingency Plan for the
Year 2000. The document describes plans and responsibilities for local
service and long distance network providers--both GSA and commercial
firms--leading up to January 1, 2000. It also outlines plans to restore
service if failures occur. The contingency plan is a dynamic document
that will be revised if contracts change, vendors modify their
services, or testing identifies additional requirements. The
Contingency Plan offers guidance on forming Business Resumption Teams
that would take the lead in resolving service disruptions.
Buildings Systems
Many products or systems in buildings, such as those that control
or interact with security systems, elevators, or heating and air
conditioning systems, contain embedded chips. These chips can include a
date function that helps run the system--for example, to time
maintenance procedures or to regulate temperature. If this date
function is not Y2K compliant, then the chip may not work. This problem
is particularly complex, because chip manufacturers do not closely
track how these chips are programmed and used. In addition, a
manufacturer of equipment (such as a security system) is unlikely to
know the compliance status of the particular chips used. It may also be
difficult to accurately test the compliance of these chips in a working
environment. Once non-compliant chips are identified, they must be
replaced.
In response, GSA has established a public web site (http://
globe.lmi.org/lmi--pbs/y2kproducts/) that provides Y2K information for
building systems. There are now over 10,000 products listed on this
site (up from 9,000 in the previous report), and fewer than four
percent of all products are identified as non-compliant. Another web
site has been established which allows personnel from Federal agencies
to determine the Y2K compliance status of Federally owned and leased
facilities. This site is for Federal government use only.
The Year 2000 Buildings Subcommittee of the CIO Council, chaired by
GSA's Public Buildings Service (PBS), continues to meet about every
four to six weeks and exchange relevant information.
Additionally, GSA continues to partner with the private sector on
year 2000 building systems matters. Both the Building Owners and
Managers Association and the International Facility Managers
Association are polling their membership to gather information
regarding the Y2K readiness of this sector. They will share this
information with the Federal government to assist the President's
Council on Year 2000 Conversion with its overall assessment of Y2K
readiness in the public and private sectors.
To ensure that buildings used by the Federal government are ready
for the year 2000, the Building Systems Subcommittee is focusing on the
charge to ensure that any equipment that contains embedded chips is Y2K
compliant. The Committee is working with all Federal agencies, whether
they work in GSA owned or managed space, whether it is space that is
leased by GSA, or whether it is space that is owned or managed directly
by the agencies.
In space where GSA is the owner, PBS continues to thoroughly review
inventory and coordinate with vendors and manufacturers of equipment
that contains embedded chips. PBS is now finalizing its test plans, in
coordination with vendors and regional personnel, and will soon begin
testing. Additionally, a government-wide contingency plan for buildings
is under development to prepare for unexpected system failures and
utility outages.
The Subcommittee is also working closely with the owners of
buildings that are leased by GSA. For leased space, GSA sent letters
requesting that lessors certify their spaces as Y2K compliant. About 40
have responded, and GSA has sent follow-up letters and surveys to
``high-risk'' leased locations. Finally, a year 2000 clause was
developed for inclusion in all Solicitations For Offers.
Biomedical and Laboratory Equipment
As of November 17, 1998, the Biomedical Equipment Subcommittee had
received responses from 70 percent of the 1,932 medical device and
laboratory equipment manufacturers who make products containing
electronic components. This highly improved response rate is the result
of both Congressional attention to this issue, and the efforts of HHS
(especially the FDA), the Department of Veterans Affairs, the
Department of Defense, and the President's Council on Year 2000
Conversion. In addition, the enactment of the Administration's ``Year
2000 Information Disclosure Act'' \9\ has helped. The key agencies are
following up with the non-respondents.
---------------------------------------------------------------------------
\9\ The ``Year 2000 Information Disclosure Act,'' S. 2392, enacted
into law on October 19, 1998, encourages companies to share information
about possible solutions to year 2000 problems. The Act provides
limited liability protections for companies that share information
about their year 2000 risks and possible solutions. However, the law
does not affect liability that may arise from year 2000 failures of
systems or devices.
---------------------------------------------------------------------------
In addition, the Working Group continues to expand the National
Biomedical Clearinghouse, a database containing information on
compliant equipment. The information has been provided by HHS and the
Department of Veterans Affairs, based on their knowledge and experience
in using the equipment. The Department of Defense will begin formal
participation soon. This database is publicly available at http://
www.fda.gov/cdrh/yr2000/year2000.html.
State Issues
The Federal government sends and receives data from hundreds of
different partners in support of thousands of different programs.
Probably the single most important partnership is with the States. The
data exchanges that enable Federal and State governments to communicate
with each other must be fixed on both sides in order to work. Without
functional data exchanges, important Federal and/or State programs
won't work.
In response, the Federal CIO Council, in cooperation with the
National Association of State Information Resource Executives (NASIRE)
first agreed at a summit in October of 1997 to make the issue of fixing
data exchanges a top priority. The CIO Council and NASIRE also agreed
to continue to meet and to resolve issues between Federal CIO's and
State CIO's.
Data Exchanges with States.--To assist in the coordination of data
exchange activities between Federal agencies and the States, the CIO
Council has developed the Federal/State Data Exchange Database, managed
by GSA, which contains the status of exchanges from both the Federal
and State perspectives. The Federal government has provided information
to the database on all of its data exchanges with the States, including
a point of contact and phone number and the status of the Federal
government's work on the exchange.
While many States are actively working on their side of the data
exchanges and are making excellent progress, a number of States and
territories are still not participating in the database, and
accordingly, their progress is completely unknown. In particular, as of
November 16, Alaska, Arkansas, West Virginia, the District of Columbia,
Guam, and Puerto Rico have not provided any information about their
data exchange activities. A number of others, including Alabama,
Oklahoma, Rhode Island, Wisconsin, and Wyoming, have only recently
begun providing information and are substantially behind. This is of
concern not only because these data exchanges may not be ready in time,
but also because this may be symptomatic of overall Y2K efforts within
these States.
According to the database, notwithstanding those States that are
not participating in the database, overall progress on data exchanges
is proceeding well. (All Federal agencies are participating, except for
the FBI and the IRS, who are working directly with State partners to
avoid security risks associated with the database.) To date, 62 percent
of Federal/State data exchanges are fixed, successfully bridged, tested
by both parties and/or are fully compliant. All data exchanges are to
be fully implemented by March 1999.
Critical Public Health and Safety Programs.--The CIO Council and
NASIRE are also focusing on other issues of mutual importance. For
example, the Federal government is working closely with State
governments to ensure that not only will individual systems run, but
that Federally supported programs that are run by the States will
continue to provide vital public services. Such programs include
Unemployment Insurance, Medicaid, and income maintenance programs such
as child support and food stamps. Federal agencies will be specifically
evaluating the impact of the year 2000 on their programs, and OMB will
report on that in future reports to the Congress.
Other Joint Initiatives.--Meanwhile, the CIO Council and NASIRE
continue to meet regularly to discuss other issues. Progress on joint
issues with those States that are participating continues. Recently,
for example, at a meeting on October 18 in San Diego, participants
agreed to work on the following issues:
--Jointly ensure that the names of data exchanges are the same on
both the Federal and State sides to improve tracking.
--Jointly focus on the needs of State Unemployment Insurance programs
and Medicaid. State Unemployment Insurance (UI) systems have a
unique Y2K failure horizon date of January 4, 1999 \10\, while
Medicaid is expected to encounter unique difficulties in
completing its work.
---------------------------------------------------------------------------
\10\ UI systems look forward one year to calculate a beneficiary's
UI entitlement. Any State that has not implemented a new year 2000
compatible system will have a Benefit Year End (BYE) problem and will
have to go to its contingency plan. The five ``high alert'' or ``at
risk'' jurisdictions (the District of Columbia, Louisiana, New Mexico,
Puerto Rico, and the Virgin Islands) are expected to have to implement
their contingency plans, in most cases using a ``hard coding'' solution
to override the system's calculation; that is, December 31, 1999, will
be manually entered as the end date for beneficiary benefits
calculations through 1999. While this is only a temporary solution, it
gives those States additional months to remediate their systems. Four
``yellow caution'' States (Montana, Arkansas, Illinois, and Maine)
expect to bring their new systems on line in December; if their
schedules slip, they, too, will have to go to their BYE contingency
plans.
---------------------------------------------------------------------------
--Identify the critical public health and safety programs (such as
unemployment insurance, Medicaid, food stamps, child support,
job training, and housing), supported by data exchanges, that
are administered through States, counties, and cities.
--Jointly undertake the development of Business Continuity and
Contingency Plans to ensure that these critical programs will
continue to provide services to the public.
Other Information Sharing Initiatives
Year 2000 Information Directory.--The Government-wide Year 2000
Information Directory web site, managed and maintained by GSA on behalf
of the CIO Council, has some new additions, including topics of
interest for the average consumers. In addition, the site has been
redesigned to enhance appearance and navigation. Also available at this
site is a ``Year 2000 and You'' brochure developed for citizens. The
web site address is: http://www.itpolicy.gsa.gov/mks/yr2000/
y2khome.htm. The brochure is also available from GSA's Consumer
Information Center at 1-888-878-3256 in Pueblo, Colorado. The brochure
will soon be available in Spanish.
Database of Compliant COTS Products.--GSA also manages and
maintains a database of compliant, COTS Products that are used by
Federal agencies. This information is available to the public at http:/
/y2k.policyworks.gov. The database includes information from 756
vendors and 90 Federal agencies on 2364 products. Agencies are now
beginning to provide information on the results of product testing they
have undertaken.
iv. agency specific progress
Process of Agency Evaluation
Nearly all agencies have made good progress in the last quarter.
Even many of the agencies that are still behind have made good progress
in the last quarter, appear to have engaged the proper level of
management attention, and are working hard. Nevertheless, a number of
agencies are still remain behind the government-wide goals, and, as a
result, some of their systems may not be ready on time. For this
reason, all agencies have been asked to heighten efforts on contingency
planning and continuity of business planning. In evaluating agency
progress, OMB used the following criteria:
--Measurable improvement.--Has the agency completed the renovation
phase? Is there measurable and adequate progress on validation,
and implementation of computer systems, including data
exchanges? Is there progress on addressing other systems,
including buildings, telecommunications, and systems and
products containing embedded chips?
--Schedule for completion of best practices phases and overall
prognosis.--Has the agency adopted a realistic schedule that is
consistent with the government-wide goals? Has there been a
change in the number of mission critical systems that are
expected to miss the March 1999 implementation date? Does the
agency have a strong management team and a credible strategy in
place?
--Risk management.--Is the agency preparing a workable continuity of
business plan for its core business functions? Does the agency
have a deadline for when plans must be complete? Does the
agency have an effective validation and independent
verification program in place? Is there adequate oversight of
efforts to replace non-compliant systems? Are systems
previously reported behind being brought back on schedule? Are
agencies which have systems which are expected to miss the
March 1999 goal working on contingency plans?
--Dramatic changes in previously reported information or other
indications of concern.--Have there been dramatic changes in
cost, schedule, changes to the number of systems, or changes to
the number of systems behind schedule? Are there any concerns
with the availability of key personnel?
Tier One Agencies
Tier One comprises agencies where there is insufficient evidence of
adequate progress. There are now six agencies in Tier One, as the
Department of Education has moved into Tier Two.
Department of Defense
The Department of Defense continues to make progress in addressing
its massive Y2K problem, albeit at a rate too slow to meet the March
1999 goal. The percentage of mission critical systems compliant has
risen to 53 percent from 42 percent reported in August. The Department
also reports that 86 percent of its mission-critical systems to be
repaired have now completed renovation, an increase from 70 percent
reported in August. Defense also reports that 36 percent of those
systems have been tested and implemented, an increase from 27 percent
reported last quarter.
As a result, the Secretary and Deputy Secretary have taken a number
of actions to accelerate the Department's progress toward Y2K
compliance, including exercising direct personal leadership, requiring
commanders and service chiefs to personally certify the Y2K status of
each major information system, and withholding funding for non Y2K work
on information systems unless and until Military Departments
demonstrate Y2K progress. In addition, the Department is planning to
conduct large-scale Y2K operational evaluations and functional tests in
1999. Finally, the Department is preparing operational plans to ensure
that all critical functions will continue and that the effect of any
Y2K related problems will be minimized.
Department of Energy
Compliance has increased from 40 percent to 50 percent in the last
quarter, and progress has been made in the other phases. The
Department, however, has not completed its renovation work, finishing
renovation on 88 percent of its mission critical systems. Likewise, the
Department has completed validation on only 53 percent of its mission
critical systems. In addition, 11 mission critical systems are
anticipated to miss the government-wide target of January 1999 for
finishing the validation phase. The Department notes in this quarter's
report that the ``steep slope of the planned completion schedule [for
implementation of compliant systems] is a cause for concern within the
Department.''
Work to identify new mission critical systems at its Government and
contractor sites, and assessment of the Department's embedded chips and
lab equipment continues. Although DOE has identified 420 systems as
mission critical, up from 411 in last quarter's report, it has only
begun to prioritize and allocate resources among those systems. The
Department's independent Office of Oversight has recommended that DOE
``focus management attention on complex, critical systems that face
moderate to significant risk.''
Data exchanges have improved. Intra-departmental data exchanges
have improved in compliance from 63 percent to 68 percent, while the
percentage of compliant data exchanges with other Federal agencies has
also increased from 56 percent to 68 percent.
Embedded systems remain a concern. An additional 29,000 embedded
chip systems, including workstations, lab equipment, and other
unspecified embedded chip devices, were identified since the last
quarter's report. On the positive side, between 60 and 75 percent of
the embedded chip systems are already Y2K compliant.
The Department's CIO is conducting site compliance reviews in
cooperation with the Office of the Inspector General and Office of
Oversight. The compliance reviews have increased awareness of the
severity of the problem and the need for high-level management
attention. The Office of Oversight reviewed 52 mission critical systems
in the past quarter and found that, in general, the Department is well
positioned to complete the majority of its mission critical systems by
the government-wide goal of March 1999. In addition, the Office of
Oversight identified some problems that will require follow-up. These
include: (1) testing continues to be a weakness; (2) DOE and contractor
management have not consistently implemented effective quality
assurance into Y2K efforts; and (3) DOE management at both headquarters
and regional offices, as well as contractor line management, have not
been actively involved in Y2K efforts and do not have a detailed
understanding of the efforts at their respective sites.
Department of Health and Human Services
The Department's Health Care Financing Administration (HCFA) has
made significant progress on renovating its internal and external
systems. However, HCFA remains a serious concern due to the external
system remediation schedule and high contingency cost estimates.
Medicare contractors will have to make an intensive, sustained effort
to complete validation and implementation of their mission critical
systems by the government-wide goal of March 31, 1999.
As of November 13, 1998, all 25 internal mission critical systems
have been renovated, 36 percent have completed all three levels of
testing, and 20 percent have been implemented. Medicare contractors,
while making progress, are still behind the government-wide goals. Over
74 percent of external systems have been renovated, but none have
completed testing or implementation. HCFA's independent verification
and validation (IV&V) contractor estimates that 95 percent of external
lines of code has been renovated, and the number of renovated systems
should increase sharply in the next month.
Virtually all critical systems at HHS will be subject to
independent verification. In addition to using IV&V on HHS systems,
HCFA is using an independent verification and validation contractor to
assist in evaluating Y2K remediation efforts with the States. Data on
State compliance remains inconsistent, and a recent GAO report (``Year
2000 Computing Crisis: Readiness of State Automated Systems to Support
Federal Welfare Program'') clearly suggests that more work needs to be
done. However, HCFA's ability to require state compliance is limited by
law.
All operating divisions are developing contingency plans in case
some mission critical systems fail in 2000. Of particular importance
are HCFA's plans. One major contingency HCFA must plan for is external
system contractors who are permitted under contract to notify HCFA as
late as June 1999 that they will leave the Medicare program before
January 1, 2000. This would leave HCFA with only six months to transfer
workload to another contractor with little margin for error to deal
with unanticipated problems. Given HCFA's lack of competitive
contracting flexibility, the Administration strongly urges Congress to
pass contracting reform legislation, which was transmitted on May 19,
1998, as soon as possible to ensure that HCFA is able to contract with
any qualified entity in the case of a claims processing system failure.
Other HHS operating divisions have had mixed progress. Renovation
has been completed for all operating divisions' mission critical
systems except for the Centers for Disease Control (CDC), which had
completed renovation on 9 of 15 systems; the Indian Health Service
(IHS), which had not completed its sole system renovation; the National
Institutes of Health (NIH), which had completed renovation on 6 of 10
systems; and SAMHSA, which had not completed its sole system
renovation. The majority of biomedical equipment with embedded chips
are in IHS, which is still continuing its assessment. The bulk of
facilities requiring assessment are at NIH and IHS, and assessment on
telecommunications and information technology infrastructure continues.
Data exchanges remain a concern because of the large numbers. HHS
has a total of 218,407 data exchange interfaces, with HCFA accounting
for 99 percent of them, mostly with Medicare contractors. Currently, 78
percent of all HHS interfaces are compliant. With State entities, HHS
reports a total of 1,121 data exchanges interfaces, an increase from
850 reported in the August Quarterly Report; 75 percent are compliant.
Department of State
The Department of State faces a significant challenge in managing
its complex Y2K project while, at the same time, completely replacing
information systems installed around the world.
The Department continues to make progress in renovating and
replacing its 59 mission critical systems. State has now completed
renovation on two-thirds of its mission critical systems. Validation
and implementation continue. The Department has obtained additional
contractor support to address two key concerns: overall Y2K program
management and technical ``strike force'' expertise to assist in
problem areas. While momentum is increasing and results are improving,
the Department remains behind government-wide goals for overall
compliance as well as renovation. Concern is growing over delays in
repairing or replacing systems and the implications this may have on
the progress that the Department must make in order to meet the March
31, 1999 implementation goal. For example, slippage in renovating some
of the Department's financial management systems continues to occur,
although core financial management systems are now fully implemented.
The Department must accelerate renovation and replacement if it is to
meet the Department's own management goals. At the Department's current
rate of progress, its ability to achieve Y2K compliance within the
government-wide goals is in jeopardy.
State has conducted a good assessment of a complex Y2K situation,
particularly of its embedded systems, and is asserting a leadership
role in providing Y2K support to U.S. operations overseas. State has
made good progress in replacing and modernizing its worldwide, internal
information and telecommunications infrastructure. This is particularly
important, because State is the major provider of telecommunications
services to U.S. government agencies operating overseas. Deployment of
the ALMA (A Logical Modernization Approach) program is proceeding
nearly on schedule and is critically important for posts to handle the
Y2K transition.
Department of Transportation
The Department of Transportation's improved management oversight,
combined with an accelerating rate at which the Federal Aviation
Administration (FAA) is remediating air traffic control system
components, is significantly mitigating risk. As of mid-November 1998,
the Department-wide percentage of mission critical systems renovated
stood at 95 percent, a significant improvement over the 64 percent
reported in the previous quarter. However, with only 31 percent of its
mission critical systems validated and 21 percent implemented, the
Department continues to lag well behind the government-wide schedule.
The FAA mirrors this improved trend with 99 percent of mission
critical systems renovated, up from 59 percent in the last quarter.
However, with 20 percent of its systems validated and 7 percent
implemented, it remains significantly behind most agencies. To its
credit, the FAA has paid serious attention to the Host computer system,
which is the central operating system in each of the air traffic
control centers, and to other critical air traffic control systems. It
is proceeding with installation of new Host computers and has verified
to a reasonable degree of certainty that the existing Host microcode is
free of Y2K vulnerabilities which would affect the operational
processing of flight and radar data. In addition, a date roll-back test
was successfully demonstrated and serves as a contingency in the event
that replacement efforts are delayed or that the Host system
experiences unexpected Y2K problems. Notwithstanding this improvement,
and given the number of systems which are not expected to be
implemented until after March 1999, the FAA needs to continue to
reevaluate its master schedule and make a concerted effort to
accelerate its implementation schedule.
The U.S. Coast Guard's continued careful management and operational
attention to Y2K issues has also minimized risk, but its cost estimates
have increased and two systems remain behind schedule. While still
facing challenges, the Coast Guard continues to be well positioned to
ensure continuity of its safety-related systems, although an increasing
number of systems are falling behind schedule. The Department's other
operating administrations seem to be on track to a smooth transition
through and beyond the year 2000.
U.S. Agency for International Development
AID continues to make management improvements and has retained
several contractors to assist project management including performing
independent validation and verification of contractor deliverables. AID
completed renovation of two additional systems and has begun the
certification process. An expert systems and software management
contractor provides project management assistance to AID and is
performing assessments, renovations, validations, and implementation of
other mission critical systems. Senior AID management has taken the
lead in increasing agency-wide awareness of the Y2K problem. Renovation
of AID's most important system is underway, including development of
standard date/time processing functions and line-by-line assessment of
the system. AID began its continuity of business planning process in
August, identifying critical functions that must be supported and
assessing the need for related contingency plans. The Agency has
assumed a leadership role in performing year 2000 outreach and
awareness training in the over 80 nations in which it operates,
providing management assistance to host nations and other international
aid organizations operating in these countries. The next months will be
critical as AID faces many challenges in repairing the remaining four
complex mission critical systems.
Tier Two Agencies
For agencies in Tier 2, OMB sees evidence of progress, but also has
concerns. The seven agencies in Tier 2 are: the U.S. Department of
Agriculture, the Department of Commerce, the Department of Education,
the Department of Justice, the Department of Labor, the Department of
the Treasury, and the Office of Personnel Management. Two agencies,
Housing and Urban Development and Department of the Interior, were
moved from Tier 2 to Tier 3. One agency, the Department of Education,
moved to Tier 2 from Tier 1. A summary of progress and concerns for
Tier 2 agencies appears below.
TIER 2 AGENCIES--PROGRESS, BUT CONCERNS
------------------------------------------------------------------------
Agency Progress Concerns
------------------------------------------------------------------------
U.S. Department of Agriculture.. Management team Pace of work must
active. Good increase if
progress on government-wide
business goals are to be
continuity and met, particularly
contingency with the Forest
planning and Service. Many
independent data exchanges
validation and issues remain to
verification. be worked out.
Department of Commerce.......... Overall, making Lags behind
progress. The new government-wide
CIO is providing goals. Failed to
leadership on the complete 100
year 2000 issue; percent of
undertaking IV&V renovations by
and contingency government-wide
planning; PTO has goal (completed
prepared a only 86 percent
contingency plan of renovations).
for the All 9 of NTIS
Classified Search mission critical
and Image systems remain to
Retrieval System be renovated as
which is not on of November's
schedule for quarterly report.
implementation PTO still has 3
prior to the systems to repair
government-wide as of this
goal of March quarter's report.
1999. NOAA has
implemented an
IV&V for mission-
critical systems.
Department of Education......... 95 percent of the The PELL system,
Department's 175 which had slipped
mission critical on its renovation
and noncritical schedule by 5
systems are Y2K months in the
compliant and August quarterly
implemented. The report, is not
Department has anticipated to
completed complete
renovation work renovation until
on all but one December of 1998.
mission critical The Department
system by this has numerous data
quarter's report. exchanges with
The remaining state, local, and
mission critical private sector
system--PELL, entities which
which operates may be at risk
the Federal and will require
grants program additional
for higher oversight and end-
education to-end testing.
students--is 98 The Department
percent completed recognizes this
with renovation. potential risk
The Department and has
has been a leader instituted
in outreach additional
efforts to the oversight and
nation's testing.
elementary/
secondary schools
and post
secondary
institutions on
Y2K projects and
readiness
assessments.
Department of Justice........... Justice made The Department
significant and remains behind
accelerated schedule and is
progress on at risk of
renovation and failing to meet
implementation compliance goals.
during this Only 54 percent
quarter. of mission
critical systems
are now compliant
and only 47
percent of the
systems have been
implemented. 11
systems are now
identified as not
meeting the March
1999 goal, up
significantly
from the three
reported last
quarter. Justice
has addressed
contingency
planning for only
5 of those
systems.
Additionally,
another 31
systems are 2
months behind the
Department's
internal
milestones.
Justice should
take aggressive
action to
identify,
remediate, and
test remaining
data exchanges.
Department of Labor............. Good progress on A large and
renovations for complex system,
mission critical the Consumer
systems. Price Index, will
Renovation is not be completed
completed for 27 with renovation
of 28 systems until January
with the last 1999. Five state
system, the employment and
Consumer Price security agencies
Index, scheduled (SESA's) which
for completing pay Unemployment
renovation in Insurance
January 1999. benefits are
Renovation of the either on ``high
CPI is currently alert'' or ``at
98 percent risk'' of not
complete. completing the
required Y2K
conversions by
January 1999.
Four additional
SESA's are
receiving an
increased level
of oversight. The
Department is
ensuring through
technical
assistance and on-
site monitoring
that sound
contingency plans
will be
operational for
the seven SESA's
at risk.
Treasury........................ Strong project Rate of
team in place. renovation,
Good progress on validation, and
embedded chip, implementation
telecommunication must improve if
s, contingency the Department
planning, and and government-
data exchange wide goals are to
issues. be met for ATF.
IRS should
continue to focus
on its
implementation
strategy that
must take into
account the tax
processing
season.
Office of Personnel Management.. OPM continues to As of the end of
have senior October, they
management were only at 54
involvement and percent for
is on target validation and
according to implementation,
their schedule which does meet
and contingency their internal
planning is schedule;
underway. however, this is
well behind
government-wide
goals.
------------------------------------------------------------------------
Tier Three Agencies
There are now 11 agencies in Tier 3 (those making satisfactory
progress), up from nine in the previous report. The Departments of
Interior and of Housing and Urban Development were moved to Tier 3 from
Tier 2. The other agencies in Tier 3 are the Social Security
Administration, the Small Business Administration, the National Science
Foundation, the Nuclear Regulatory Commission, the National Aeronautics
and Space Administration, the General Services Administration, the
Federal Emergency Management Agency, the Environmental Protection
Agency, and the Department of Veterans Affairs.
Status of Small and Independent Agencies
For the May 15, 1998 report, OMB asked 41 small and independent
agencies to report on their Y2K progress. While OMB is continuing to
work with all small and independent agencies as appropriate, OMB has
asked only 9 such agencies to report quarterly on their progress. Those
agencies are: the Federal Communications Commission, the Federal
Housing Finance Board, the National Archives and Records
Administration, the National Labor Relations Board, the Office of
Administration in the Executive Office of the President, the Peace
Corps, the Tennessee Valley Authority, the U.S. Postal Service, and the
Office of the U.S. Trade Representative.
In the last quarter, John Koskinen met with selected small and
independent agencies, including NARA and the Office of Administration.
OMB will ask all small and independent agencies to report again on
February 15, 1999. Previously, OMB had asked for these reports on May
15, 1999, but OMB has moved up the date in order to ensure a more
complete picture of Federal progress before the March 1999 government-
wide goal.
TABLE 3.--SUMMARY OF SMALL AND INDEPENDENT AGENCY REPORTS
--------------------------------------------------------------------------------------------------------------------------------------------------------
No. MC Total Cost
Agency No. MC Systems (in Progress Concerns
Systems Compliant millions)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Federal Communications 30 17 $14.8 Received additional funds from emergency Move to new building addresses problems
Commission. fund, while also using excess regulatory with embedded systems, but complicates
fees to fund efforts. Will obtain IV&V other year 2000 work. Agency renovation
contractor in January 1999. IG involved. milestones call for two important
Major licensing systems compliant. systems used to monitor the Cable
Contingency plans based on manual Television industry to be completed in
license processing or regulatory October 1999. Rate of progress must be
changes. FCC is the lead on President's sustained, particularly in replacement
Commission telecommunications efforts. systems. FCC should consider becoming a
member of the CIO Council's Working
Group on Telecommunications.
Federal Housing Finance Board. 6 1 .34 New year 2000 Coordinator has been hired. Deadlines for two mission critical
systems have slipped. Progress on
renovation, validation, and
implementation must increase in order to
meet government-wide goals. Weak
contingency plan.
National Archives and Records 22 ......... 5.7 Has moved up the schedule for one mission NAIA began work late and is catching up,
Administration. critical system that would otherwise but probably not fast enough to meet the
have missed the March 1999 government-wide goals. Six mission
implementation goal. Has begun critical systems are still estimated not
contingency planning for some systems; to be renovated by March 1999.
working on the security and Contingency planning has not begun for
environmental control systems at the these.
various Presidential Libraries; has
joined the building Systems Working
Group.
National Labor Relations Board 29 14 \11\ 14.2 With move to contingency plan, NLRB is 3 systems have fallen behind schedule. In
projecting that all systems will meet response NLRB plans to move to its
the March 1999 goal. contingency plan for those systems, by
having them repaired instead of
replaced. NLRB has completed only 93
percent of assessment and 20 percent of
renovation. No plan for IV&V. Should
participate in the Year 2000 Building
and Telecommunications Groups.
Office of Administration, EOP. 86 1 17.1 A new project management team in place Behind government-wide goals; virtually
has established a management strategy; all work is scheduled to be accomplished
received funding from the emergency in fiscal year 1999.
fund; work is underway. Senior White
House management team is briefed weekly
on progress. The EOP-wide Information
Technology Management Team (an oversight
entity) reviews progress monthly.
Peace Corps................... 17 13 17.1 Payroll and personnel processing will Needs to accelerate validation and
shift to USDA by June 1999. Renovation implementation. FMS projected to be
of 15 critical systems has essentially implemented in June 1999. Has incurred
been finished, and final user acceptance additional costs related to
testing is scheduled for December. unanticipated delay in replacing FMS.
Repair of two remaining systems has been Dependent on foreign banks for
outsourced. A contract to renovate the disbursement--has received information
Financial Management System (FMS) was from banks in 82 percent of host
awarded in August. All non-critical nations. Heavy reliance on State
systems will be renovated by November Department for disbursements and
and tested by January 1999. Working with telecommunications services. Peace Corps
State, Treasury, and Labor Departments is concerned that communications status
to correct data exchanges. Cooperating in many posts remains unresolved and
with international agencies and requires contingency plans.
organizations to assess overseas issues.
Completed embedded systems inventory.
Good contingency and continuity planning
process. Will begin a user verification
process in December.
Tennessee Valley Authority.... 488 169 37 The number of compliant, mission critical The majority of work remains to be done.
systems has risen to 169 from the 104
reported last quarter. Business
continuity plan under development.
U.S. Postal Service........... 155 90 607 The USPS is making good progress in USPS has a substantial challenge given
addressing the problem, having increased its size, the criticality of its mission
its number of compliant, mission to other organizations, and the
critical systems from 56 to 90 in the potential role it will play in
last quarter. contingency plans of organizations. USPS
should take steps to work cooperatively
on continuity of business plans with
those agencies which are highly
dependent on USPS.
U.S. Trade Representative, EOP 6 ......... 1.2 Received emergency funding. USTR is Testing identified potential conflict
replacing entire LAN/desktop between one database being repaired and
infrastructure. Critical systems are USTR's new operating system; this may
standard COTS office support packages or require replacement of the former.
simple databases that are being Additional work required on data
renovated. Geneva offices will be exchanges. Continuity of business
compliant in November. Will award task planning just beginning.
order in December for IV&V services.
--------------------------------------------------------------------------------------------------------------------------------------------------------
\11\ Represents fiscal year 1998, 1999, and 2000 costs.
Appendix A
TABLE 1.--AGENCY GOALS FOR COMPLIANCE OF MISSION CRITICAL SYSTEMS
----------------------------------------------------------------------------------------------------------------
Assessment Renovation Validation Implementation
Date Date Date Date
----------------------------------------------------------------------------------------------------------------
Gov't-wide.................................................. Jun 97 Sep 98 Jan 99 Mar 99
Agriculture................................................. Oct 97 Sep 98 Jan 99 Mar 99
Commerce.................................................... Mar 97 Sep 98 Jan 99 Mar 99
Defense..................................................... Jun 97 Jun 98 Sep 98 Dec 98
Education................................................... Nov 97 Sep 98 Jan 99 Mar 99
Energy...................................................... Jan 97 Sep 98 Feb 99 Mar 99
HHS......................................................... Sep 98 Dec 98 Feb 99 Mar 99
HUD......................................................... Jun 97 Sep 98 Jan 99 Mar 99
Interior.................................................... Mar 97 Sep 98 Jan 99 Mar 99
Justice..................................................... Jun 97 Jul 98 Oct 98 Jan 99
Labor....................................................... Jun 97 Sep 98 Jan 99 Mar 99
State....................................................... Jun 97 Sep 98 Jan 99 Mar 99
Transportation.............................................. Aug 97 Sep 98 Jan 99 Mar 99
Treasury.................................................... Jul 97 Oct 98 Dec 98 Dec 98
VA Jan 98 Sep 98 Jan 99 Mar 99
AID......................................................... Nov 97 Mar 99 Jun 99 Sep 99
EPA......................................................... Jun 97 Sep 98 Jan 99 Mar 99
FEMA........................................................ Jun 97 Sep 98 Jan 99 Mar 99
GSA......................................................... Jun 97 Nov 98 Dec 98 Jan 99
NASA........................................................ Aug 97 Sep 98 Jan 99 Mar 99
NRC......................................................... Sep 97 Sep 98 Jan 99 Mar 99
NSF......................................................... Jun 97 Sep 98 Jan 99 Mar 99
OPM......................................................... Jun 97 Oct 98 Jan 99 Jan 99
SBA......................................................... May 97 Sep 98 Sep 98 Sep 98
SSA......................................................... May 96 Sep 98 Dec 98 Jan 99
----------------------------------------------------------------------------------------------------------------
Note: Italicized dates are later than the dates indicated in the previous report. Bolded dates are earlier than
the dates indicated in the previous report.
TABLE 2.--PROGRESS ON STATUS OF MISSION CRITICAL SYSTEMS
----------------------------------------------------------------------------------------------------------------
Mission Critical Systems
-----------------------------------------------------------------
Number
Total Number Percent Number Still Number
Number Compliant of Total Being Being Being
Replaced Repaired Retired
----------------------------------------------------------------------------------------------------------------
Agriculture................................... 362 234 65 41 79 8
Commerce...................................... 458 367 80 33 57 1
Defense....................................... 2,581 1,352 53 102 1,014 113
Education..................................... 14 9 64 ......... 5 .........
Energy........................................ 420 210 50 86 87 37
HHS........................................... 300 147 49 25 117 11
HUD........................................... 62 45 73 6 10 1
Interior...................................... 92 75 82 2 15 .........
Justice....................................... 223 121 54 18 83 1
Labor......................................... 61 41 67 11 9 .........
State......................................... 59 27 46 20 12 .........
Transportation................................ 613 311 51 61 236 5
Treasury...................................... 323 204 63 26 88 5
VA............................................ 319 231 72 2 86 .........
AID........................................... 7 1 14 2 4 .........
EPA........................................... 58 52 90 ......... 5 1
FEMA.......................................... 46 39 85 4 3 .........
GSA........................................... 58 51 88 1 6 .........
NASA.......................................... 157 119 76 6 29 3
NRC........................................... 7 4 57 1 2 .........
NSF........................................... 17 15 88 ......... 2 .........
OPM........................................... 109 66 61 7 36 .........
SBA........................................... 42 42 100 ......... ......... .........
SSA........................................... 308 306 99 1 ......... 1
-----------------------------------------------------------------
TOTAL................................... 6,696 4,069 61 460 1,986 187
----------------------------------------------------------------------------------------------------------------
TABLE 3.--STATUS OF MISSION CRITICAL SYSTEMS BEING REPAIRED
----------------------------------------------------------------------------------------------------------------
Assessment Renovation Validation Implementation
Number of Percent Percent Percent Percent
Systems Complete Complete Complete Complete
----------------------------------------------------------------------------------------------------------------
Agriculture...................................... 270 100 95 78 71
Commerce......................................... 155 100 86 67 66
Defense.......................................... 1,592 100 86 47 36
Education........................................ 14 100 93 64 64
Energy........................................... 168 100 88 54 48
HHS.............................................. 158 100 77 17 21
HUD.............................................. 41 100 100 76 69
Interior......................................... 85 100 96 93 82
Justice.......................................... 157 100 89 67 47
Labor............................................ 28 100 96 68 68
State............................................ 13 100 69 46 8
Transportation................................... 295 100 95 31 21
Treasury......................................... 233 100 87 71 63
VA............................................... 317 100 99 88 73
AID.............................................. 5 100 60 20 20
EPA.............................................. 29 100 100 86 83
FEMA............................................. 15 100 100 87 80
GSA.............................................. 23 100 74 74 74
NASA............................................. 101 100 99 79 71
NRC.............................................. 4 100 100 50 50
NSF.............................................. 10 100 100 90 80
OPM.............................................. 78 100 100 54 54
SBA.............................................. 42 100 100 100 100
SSA.............................................. 289 100 100 99 97
--------------------------------------------------------------
TOTAL...................................... 4,122 100 90 60 52
----------------------------------------------------------------------------------------------------------------
TABLE 4.-- AGENCY YEAR 2000 COST ESTIMATES \12\
[In millions]
----------------------------------------------------------------------------------------------------------------
1996 1997 1998 1999 2000 \13\ TOTAL
----------------------------------------------------------------------------------------------------------------
Agriculture........................................ 2.7 16.9 62.1 71.9 7.8 161.4
Commerce........................................... 2.6 12.4 35.6 55.8 6.5 112.9
Defense............................................ 22.8 377.7 1,236.8 817.3 92.2 2,546.8
Education.......................................... .1 1.4 19.5 20.7 3.8 45.5
Energy............................................. 1.0 20.0 85.7 68.1 19.9 194.7
HHS................................................ 7.2 32.1 149.9 \14\ 285 \15\ 200. 674.5
.3 0
HUD................................................ .7 6.2 20.8 23.2 6.2 57.1
Interior........................................... .2 2.8 10.6 57.8 .7 72.1
Justice 1.5 7.1 34.8 33.2 1.3 77.9
Labor.............................................. 1.7 5.4 14.5 25.4 10.0 57.0
State.............................................. .5 49.3 63.1 57.9 6.8 177.6
Transportation \16\................................ .4 11.2 121.9 100.7 6.0 240.2
Treasury \17\...................................... 8.4 200.2 592.7 460.6 261.2 1,523.1
VA................................................. 4.0 22.0 73.0 93.0 11.0 203.0
AID................................................ 1.1 3.0 18.3 23.9 3.2 49.5
EPA................................................ .8 5.3 11.5 18.6 1.0 37.2
FEMA............................................... 3.8 4.4 3.0 8.3 .5 20.0
GSA................................................ .2 .8 8.7 24.0 ......... 33.7
NASA............................................... .1 6.4 28.2 11.1 .9 46.7
NRC................................................ ........ 2.4 4.0 3.9 .6 10.9
NSF................................................ ........ .5 .8 .1 .0 1.4
OPM................................................ 1.7 2.1 9.2 2.2 .7 15.9
SBA................................................ 1.7 3.3 2.7 2.8 .5 11.0
SSA................................................ 2.2 13.3 12.2 5.0 .5 33.2
------------------------------------------------------------
TOTAL........................................ 65.4 806.2 2,619.6 2,270.8 641.3 6,403.3
----------------------------------------------------------------------------------------------------------------
\12\ These estimates do not include the Federal share of costs for State information systems that support
Federal programs. For example, the Agriculture total does not include the potential 50 percent in Federal
matching funds provided to States for Food and Consumer Services to correct their Y2K problems.
\13\ Fiscal year 2000 estimates are based on an ongoing review of agency requirements and do not reflect final
budget decisions.
\14\ Fiscal year 1999 approved Y2K plan calls for $285.3 million to be spent. Other HHS proposals for spending
additional funds in fiscal year 1999 are being reviewed by OMB.
\15\ HHS' fiscal year 2000 costs will likely be between $200 and $500 million. The $200 million shown above
represents a ``current best'' estimate. HHS' total estimate to OMB (reported November 15, 1998) for likely
fiscal year 2000 costs was $575 million. OMB will continue to work with HHS on assessing Y2K funding
requirements.
\16\ Does not include $81.3 million in non-Y2K costs funded with emergency supplemental funds from the
Information Technology and Related Expenses Account.
\17\ Does not include $91.7 million in non-Y2K costs funded with emergency supplemental funds from the
Information Technology and Related Expenses Account.
______
Appendix B
KEY FEDERAL WEB SITES ON THE YEAR 2000
------------------------------------------------------------------------
Site URL
------------------------------------------------------------------------
President's Council on Year 2000 http://www.y2k.gov
Conversion.
Federal CIO Council....................... http://cio.gov
Year 2000 Information Directory........... http://www.itpolicy.gsa.gov/
mks/yr2000/y2khome.htm
FDA--Biomedical Devices and Laboratory http://www.fda.gov/cdrh/
Equip- ment............................. yr2000/html
Small Businesses Administration........... http://www.sba.gov/y2k
Year 2000 Compliant COTS Products......... http://y2k.policyworks.gov/
GSA Telecommunications Information........ http://y2k.fts.gsa.gov/
Year 2000 Status Vendor Product Database.. http://globe.lmi.org/lmi--
pbs/y2k products/
------------------------------------------------------------------------
______
Appendix C
Agency Exception Reports of Mission Critical Systems Behind Schedule
U.S. Department of Agriculture
Two systems from the Animal and Plant Health Inspection Service are
reported behind the government-wide goals for the first time. The
Licensing the Registration Information System tracks the validity of
licenses, registrants, and inspection records about the Animal Welfare
Act. The renovation phase is to be completed by the end of December and
implementation is expected by the end of March 1999. The Integrated
Systems Upgrade Project supports administrative, financial, and
personnel functions and the required transmittals to financial
entities. The Renovation phase is to be completed by the end of January
1999. Implementation is expected by March 1999.
Several systems continue to be scheduled for implementation after
March 1999. The Census of Agriculture is carried out every five years.
The new system which supports the Census will be ready for the next
census which begins in 2001. The Accounts Receivable System keeps
subsidiary transaction level accounts for producers who were once
insured directly by the agency. This includes all of the billing,
payment, and indemnity information, and subsequent adjustments. This
system is scheduled for retirement on September 30, 1999.
The Debt Management System handles all phases of debt processing
including due process, interest attachment, establishment of a debt
account, debt reporting interfaces with the Internal Revenue Service,
credit reporting agencies, and credit bureaus and 10 year write-off
processes. It is scheduled for shut down on September 30, 1999.
The Federal Tax Refund Offset program (FTROP) is a program to
collect delinquent accounts owned to the Government by individuals due
to fraud or household error in the Food Stamp Program. While this
system is not deemed mission-critical by the Department and is not
date-driven, it does have a sunset date of December 31, 1999. USDA
cannot proceed independently from the Department of Treasury. This
system is scheduled to be implemented December 1999.
The Financial Accounting and Reporting System (FARS) manages
internal funds control and reporting. The vendor has revised its
estimated completion date to be due on October 1, 1999.
The Cotton On-line Processing System monitors cotton inventories
and price support loans. It also maintains electronic receipts and
keeps track of benefits. The Department has approved a replacement
strategy, and its completion is scheduled for July 1999.
The Department provided no information on its contingency planning
for these systems.
Department of Commerce
The Patent and Trademark Office reports that the Classified Search
and Image Retrieval (CSIR) system will not be Y2K compliant by March
31, 1999. The CSIR provides patent examiners with the capability to
electronically search and retrieve U.S. patent images from their
desktop workstations. PTO indicates that the CSIR system will be
compliant by June 30, 1999. This system is delayed due to the
contractor's inability to place qualified staff on the task. A
contingency plan was submitted on August 14, 1998 for this system.
Department of Defense
The Department of Defense reports 65 mission critical systems are
behind schedule for fixing the Y2K problem. This is an increase of 14
from the previous quarter. In addition, Defense reports that 60 mission
critical systems will miss the March 1999 goal for being fixed, a
decrease of 9 systems from the 69 reported in August. No systems that
support the Intelligence community are included in the counts, since
the report is unclassified. As a result, the actual number of
exceptions for the portion of the Department reporting is slightly
greater in this report than was previously reported. This is due to
unforeseen problems being identified during testing of some large,
complex systems with many interfaces. Although the Department reported
that contingency plans were in place for a large number of systems, the
Department provided no information on the status of contingency
planning for many systems behind schedule.
Department of Education
In the May quarterly report, Education reported two systems which
had fallen two or more months behind schedule: (1) the Title IV Wide
Area Network (TIVWAN), and (2) the National Student Loan Data System
(NSLDS). TIVWAN had slipped from a renovation date of 2/98 to 8/98 and
NSLDS had slipped from a renovation date of 6/98 to 8/98. In the August
quarterly report, both of these systems had completed their renovation
phases as scheduled and are no longer listed as exceptions. Also in the
August quarterly report Education listed three systems which have
fallen two or more months behind schedule: the Impact Aid Payment
System, the Education Local Area Network, and the Pell Recipients'
Financial Management System. For the Impact Aid Payment System, which
is a replacement system, the renovation phase has been completed, but
the validation and implementation phases have slipped by three and two
months respectively from June 1998 to September 1998, and from July
1998 to September 1998--both phases of which have been completed as
this quarter's report.
For the Education Local Area Network, the renovation phase
completion date had slipped by two months from September 1998 to
November 1998 in the August report, but has been completed as of this
quarter's report. The Pell System renovation phase remains due for
completion in December 1998. Education has currently completed 98
percent of the work necessary to finish the renovation phase for the
Pell System. The Department has drafted contingency plans for all
systems and will finalize these plans by March 1999. In addition, the
testing of these plans is scheduled to be completed by the end of June
1999.
Department of Energy
In the August quarterly report, the Department had identified six
systems with implementation dates beyond the March 1999 milestone.
These six systems remain with implementation dates beyond the March
1999 milestone in this quarter's report and are joined by a seventh.
The seven systems are at three DOE facilities--Sandia National Lab,
Idaho National Engineering Laboratory, and Savannah River. At the
Sandia National Laboratories, the Oracle Financial System was
previously reported with an implementation date of October 31, 1999.
That date has been moved up to be in compliance with the government-
wide goal of March 31, 1999. However, a new system has been identified
with an implementation date of August 31, 1999--the Enhanced BadgeWorks
system which is the identification and access control system for the
Lab.
At the Idaho National Engineering Laboratory, the one new system
identified for implementation after March 31, 1999 is the New Waste
Calcining Facility Distributed Control System (NWCF-DCS). This system's
renovation will require a shut down of the facility for a short period,
and therefore implementation is scheduled for June of 1999.
At the Savannah River site there are five systems. The Nuclear
Materials Stabilization Program Operations System (implementation date
of September 30, 1999), the Tank Farm Process Control System
(implementation date of October 31, 1999), the Tank Farm Manufacturing
Support System (implementation date of August 19, 1999), the Defense
Waste Processing Facility Process Control System (implementation date
of October 31, 1999) and the Defense Waste Processing Facility
Manufacturing Support System (implementation date of October 31, 1999).
These are the seven systems reported by the Department in its
November quarterly report. In addition, however, the Department tracks
progress against its own milestones and has identified 25 systems (out
of 420) that are behind their internal baseline schedule milestones by
more than 60 days. These systems required a change control process to
rebaseline their schedule. Of these 25 systems, none are anticipated to
miss the implementation date of March 1999; however, 11 of the systems
are anticipated to complete validation in February rather than the
government-wide goal of January 1999.
The Department indicated that contingency plans for all of these
systems are to be completed by December 15, 1998.
Environmental Protection Agency
EPA reports in their November quarterly report that the Air Quality
(AQ) Subsystem of the Aerometric Information Retrieval Systems (AIRS)
is experiencing delays. Accordingly, renovation which had been
scheduled for November 1998 would not be achieved, and therefore
implementation of a reengineering AQ Subsystem was in danger of not
meeting the March 1999 goal. The other three Subsystems of AIRS have
either completed implementation or are on schedule. To forestall the
potential that the AQ Subsystem does not meet the March 1999 goal, a
decision was made to renovate the existing AQ Subsystem to AIRS and use
that until work is completed on the reengineered AQ Subsystem.
Renovation and validation of the existing AQ Subsystem to AIRS is now
scheduled to be completed by January 1999. The Department considers the
renovation of the existing AQ Subsystem to be the implementation of a
contingency plan in the event that the reengineered AQ Subsystem
continues to experience delays.
General Services Administration
The General Services Administration had previously identified one
system, the Acquisition Management Program (AMP), as being delayed by
more than two months, slipping from May 1998 to October 1998. AMP is
used to manage the funds used to acquire vehicles at Fleet Management
Centers throughout the nation. AMP became Y2K compliant in August and
was implemented on October 1, 1998.
Department of Health and Human Services
In the August quarterly report, four Health Care Finance
Administration (HCFA) external systems (that is, systems run by
Medicare contractors) were reported with scheduled implementation dates
two or more months behind the HHS internal goal of December 31, 1998.
HCFA has worked with Medicare contractors to develop revised schedules,
which meet the Department's internal goal, for three of these four
systems. The three Medicare contractors which have revised their
schedules are Blue Cross/Blue Shield of Arkansas (Part B); Blue Cross/
Blue Shield of Arkansas, New Mexico, and Oklahoma (Part B); and Blue
Cross/Blue Shield of New Hampshire and Vermont (Part A). The fourth
previously reported system, Trigon Blue Cross/Blue Shield of Virginia
(Part A), is still scheduled for completion after the Department's
internal goal, but with a revised implementation date of February 18,
1999 (one month earlier than the previously reported March 31, 1999
date).
The three Program Support Center systems reported behind the
internal HHS goal in the August quarterly report--the Current Payroll/
Personnel System, the Automated payment Adjustment System, and the Debt
Collection System--remain behind the HHS internal goal with the
previously reported scheduled implementation dates of February 28,
1999. All three systems have been renovated as of September 30, 1998.
The February implementation dates were established to allow for
extensive interface testing.
In the August quarterly report, three HCFA external systems were
reported with scheduled implementation dates behind the government-wide
goal of March 1999. HCFA has worked with the Medicare contractors to
develop revised schedules, which meet the government-wide goals as well
as the Department's internal schedule. These systems are the Associated
Hospital Services of Maine (Part A), the HW Medicare Services (Part A)
and Blue Cross of California--all of which have moved their
implementation dates back into December of 1998.
The Department also had previously reported one Health Resources
Services Administration (HRSA) system, the Organ Procurement
Transplantation Network (OPTN) with a scheduled implementation date of
April 1999, as behind the government-wide goal. HRSA has worked with
the contractor to revise the OPTN scheduled implementation date to
January 1, 1999.
Although the Department provided no information on its contingency
planning for these systems, the Department has begun to develop
contingency plans for key business areas.
Department of the Interior
In the previous report, the Department reported four systems
behind; all are now back on schedule. Specifically:
The Supervisory Control and Data Acquisition (SCADA) System for the
Colorado River Storage Project within the Bureau of Reclamation, which
is used to manage the Glen Canyon Dam's Power plant and water flow, is
now back on schedule. In the August report, this system was discussed
primarily because the preliminary estimates to renovate the system were
significantly higher than anticipated. A statement of work was
developed requiring a three-phase effort to reassess costs, make
repairs, and test the system for Y2K compliance. Additionally, a waiver
to the Dual-Compensation Act has been granted for 10 Power plant
Operators as part of a contingency plan that will allow all of the
bureau's dams to be operated in a manual mode. Currently all of the
bureau's continuity of operations manuals are being reviewed with
regard to Y2K impact. Validation is expected to be completed in
December 1998, while implementation is to be completed by March 1999.
The Global Seismic Network (GSN) of the U.S. Geological Survey
collects and provides data from the global digital seismic network to
incorporated research institutions. This system is integrated with the
global positioning system and includes information on earthquake
assessments, oil drilling distribution and maintenance and water
resource management. Earlier schedule and budget estimates for GSN were
based on data that was incomplete relative to the severity of several
problems in the field system operating software; current data indicates
that the system is back on schedule. Validation of this system was
completed in October. The system is currently 25 percent implemented.
The Seismic Event Data Analysis System (SEDAS) of the U.S.
Geological Survey contains information pertaining to earthquakes
throughout the world. It is used by USGS researchers for information
dissemination. Earlier schedule and budget estimates for SEDAS were
based on inaccurate information. This system has now been successfully
renovated. Validation is at 90 percent and with a new implementation
schedule of December 1998, this system will no longer be reported as an
exception.
The U.S. National Seismograph Network (USNSN) of the U.S.
Geological Survey (USGS) provides the hardware and the software for the
Water Resources Division of USGS for scientific, accounting, and
personnel information. Earlier schedule and budget estimates for USNSN
were revised after determining that there is a much more comprehensive
method for testing and validating total system Y2K compliance than was
originally envisioned. The slip in the validation schedule is due to
expanded testing of the system and revisions to the testing schedule
itself. This system has now been successfully renovated and validated.
Currently, implementation is at 90 percent, and with a new
implementation schedule of November 1998, it will no longer be reported
as an exception.
Department of Justice
The most recent quarterly report shows a total of 28 systems that
will miss internal Justice milestones for assessment, renovation or
validation. The Department states that all these systems will meet the
government-wide March 1999 goal.
Justice has identified eleven mission critical systems that will
miss the March 1999 implementation goal--an increase from the three
systems reported in August. The Executive Office of the United States
Attorneys (EOUSA) identified three systems that will not be fully
implemented until June 1999. Two of these are case tracking systems
that will be renovated in January 1999. The third system is EOUSA's
office automation suite that already has been renovated and is being
deployed on new Y2K compliant personal computers. The Executive Office
of United States Trustee's (EOUST) case management system, known as
USTARS, experienced contractual delays related to procurement of
hardware systems. EOUST expects implementation of USTARS to begin in
March 1999 and be completed in October 1999. These three systems have
contingency plans which have been reviewed by the IV&V contractor.
The Justice Management Division (JMD)'s Debt Management System
accounts for, disburses and reports on funds collected through various
Justice financial litigation and collection efforts. The Debt
Management System is being replaced at the end of its life cycle with a
new module on the Department's core financial system. However,
development of the module was delayed by difficulties in obtaining
programmers. JMD expects the module to be implemented by September
1999. This system has no contingency plan, but Justice plans to have
one in place by December 31, 1998.
The National Drug Intelligence Center is working with the Navy to
replace its External Communications System with the Y2K compliant
Defense Message System by June 1999. This system is expected to have a
contingency plan in place by January 1999.
Two Office of the Inspector General systems will also not meet the
March 1999 goal. Renovation of the first system, the Investigations
Data Management System, was delayed because its host platform and
supporting software must be replaced. A contingency plan has been
developed. For the second system, Inspector General Network for
Information and Telecommunications Exchange (IGNITE), Justice lacks
funding to replace the network operating system and other network
components required to make systems Y2K compliant. No date or funding
has been identified to upgrade IGNITE. A contingency plan has been
reviewed by an IV&V contractor and is in place.
As reported last quarter, the Federal Bureau of Investigation's
(FBI's) Digital Monitoring Workstations support investigative
collections for authorized foreign counterintelligence surveillance and
were found to be non-Y2K compliant. The FBI is replacing the twelve
systems at the rate of approximately one per month and should be fully
implemented by August 1999. A contingency plan has been prepared and
has been reviewed by an IV&V contractor.
The Immigration and Naturalization Service (INS) has decided to
perform replacement of its mission critical Local Area Network and its
non-mission critical workstation/office automation upgrades
simultaneously. Because a large number of sites are involved, INS will
be unable to complete replacement of this infrastructure until July
1999. There is no contingency plan for this system.
Finally, Justice is replacing the Card Key System for its
Washington, DC headquarters as part of the building's overall
renovation that will extend beyond the March 1999 goal. Contingency
plans have been developed but have not yet been reviewed by the IV&V
contractor.
Social Security Administration
The Integrated Image-Based Capture System is a stand-alone system
located in Wilkes-Barre, Pennsylvania that scans paper W-2 forms and
converts them into electronic format for entry into the Annual Wage
Reporting System. This system supports the annual tax year operation
that begins in February of each year and continues until all of the
paper W-2 forms are processed in September. The application software
has been renovated to be Y2K compliant and is being implemented for tax
year 1998 processing, which begins in February 1999. Y2K compliant
workstations are also being installed. In order for the entire system
to be Y2K compliant, commercial-off-the-shelf (COTS) software must be
upgraded to Y2K compliant versions, which are now available. The COTS
products have been procured and will be implemented for tax year 1999
processing, because once processing begins changes cannot be made to
the system until the following tax year operation. Accordingly, the
COTS infrastructure will be implemented for testing in March 1999.
Testing of the entire system will continue through August 1999 for
implementation for tax year 1999 processing, which begins in February
2000. SSA does not expect difficulties in implementing the COTS
products for tax year 1999, but if difficulties arise, SSA has a
contingency plan to use a backup system for data entry of the paper W-2
forms; this system is Y2K compliant.
State Department
The State Department has identified one system as not meeting the
March 1999 goal for implementation. The Travel Document Issuance System
is expected to be initially installed at its first site in November
1998. After initial evaluation, the application will be installed at
other domestic passport agencies. State expects the system to be fully
deployed by August 1999. A contingency plan has been developed.
In an improvement from the previous report, the Department has
taken steps to accelerate deployment of ALMA (A Logical Modernization
Approach) upgrades to over 230 State Department posts worldwide and
anticipates that installation will be completed by March 1999. A number
of Consular Affairs mission critical systems, including the Automated
Citizen Services function, Modernized Immigrant Visa system, and Non-
Immigrant Visa and Computer Assisted Processing systems are being
deployed concurrently with installation of the ALMA package. As of
October 23, 1998, ALMA has been deployed to 136 posts worldwide. State
is preparing continuity of business plans should any posts or embassies
not have ALMA installed in time to meet the millennium.
In the August 1998 Quarterly Report, State Bureau of Administration
identified the Supply Automated Receiving System (SARS), Enhanced
Automated Procurement System (EAPCS), Mail Sorting Equipment Network
(MSE), and the Electronic Receipts System (ERS) as slipping more than
two months beyond their September renovation milestones. ERS has now
completed renovation. The remaining systems are now expected to be
renovated in early 1999 and implemented in March 1999. Also in the
August report, the Office of Personnel's Medical Archiving Retrieval
System (MARS), which was behind the September 1998 renovation
milestone, has now been reclassified as a non-mission critical system.
In November, the State Department identified a number of other
systems that have experienced schedule slippage, but are all expected
to meet the March 1999 implementation goals. The Consular Affairs
Bureau's IVAMS and DCARS were delayed because contracts to renovate
these applications took longer to award than envisioned. The Finance
and Management and Policy Bureau Budget System will be implemented in
December rather than September, but the most critical modules began
validation in October. The Paris Accounting and Disbursing System will
miss the renovation and validation dates because of project management
and technical difficulties, but is expected to be completed in March
1999.
The Department decided to repair rather than replace the System
Integrity/Crypto Inventory System (SI/CRYPTO) system which is now
scheduled for completion in March 1999. State decided to implement the
contingency plan for SI/CRYPTO now to ensure the function is adequately
supported. A reassessment of the Telegram Distribution System (TeDS)
was performed after questions were raised with the original assessment.
Renovation will begin in late November and implementation should be
completed in March 1999. Although Terminal Equipment Replacement
Program (TERP V) completed its validation in October, deployment and
implementation of the application will probably extend into March 1999,
two months past its scheduled date. All of these systems have
contingency plans.
Department of Transportation
The Federal Aviation Administration (FAA) is faced with a
significant challenge in validating and implementing hundreds of
systems, particularly air traffic control systems which require
extensive end-to-end testing. At the present time, the FAA estimates
that 61 systems will not be implemented by March 1999, a number of
which are critical to FAA's telecommunications and data exchange
infrastructure. The FAA presently expects to complete validation
activities by March 1999 and implementation activities by June 1999. As
stated in the main report above, the FAA needs to continue to
reevaluate its master schedule and make a concerted effort to
accelerate its implementation schedule. The U.S. Coast Guard reports
that two systems remain behind schedule, but significant progress has
been made on its safety related systems. The Department has contingency
plans in place.
Department of Treasury
The Department currently has three systems within the Bureau of
Alcohol, Tobacco, and Firearms (ATF) that will be implemented after the
March goal. Contingency plans for these systems have been completed and
approved for implementation should it become necessary to do so.
The Federal Excise Tax System (FET) manages the collection of
Federal excise taxes on alcohol, tobacco, and firearms. This system was
previously assessed as compliant. However, when certification testing
began, it was determined that the system was not compliant and that
replacement was necessary. This system is currently scheduled for
implementation on July 16, 1999.
The Firearms Licensing System (FLS) processes Federal firearms
licenses, Federal explosive licenses, letters, and electronic data for
out of business dealers pertaining to the aforementioned items. This
system was previously assessed as compliant. However, when
certification testing began, it was determined that the system was not
compliant and that replacement was necessary. FLS is currently
scheduled for implementation on July 31, 1999.
The Alcohol and Tobacco Database (A&T) is used to track smuggling
and smuggler of alcohol and tobacco products. The database tracks
surveillance and related events. The system provides criminal
enforcement and regulatory enforcement users with detailed information
related to illegal activities of wholesalers, distillers, and
distributors. A&T is currently scheduled for implementation on May 26,
1998.
Agency for International Development
AID and a contractor reviewed the agency's plans and requirements
for addressing their mission critical systems and adjusted project
schedules based on a number of factors. As a result of this review and
adjustment, four AID mission critical systems will be implemented after
the March 1999 goal. While renovation of the Mission Accounting and
Control System (MACS) was just completed, validation and implementation
will not be completed until April and May of 1999. AID is taking steps
to accelerate this process by establishing more aggressive timetables
for deployment of operating systems, completion of hardware upgrades
and pre-deployment testing. This is a particularly important system for
AID as it is the only automated accounting system available to missions
worldwide. The Agency's complex financial management, procurement,
budget and program management system, called the New Management Systems
(NMS) is scheduled for implementation in September 1999, one month
later than reported last quarter. AID will have contingency plans in
place for both of these systems by June 1999.
AID is also replacing two systems, the Financial Accounting and
Control System (FACS) and the Loan Accounting Information System
(LAIS). While FACS will be integrated into version 4 of NMS, AID is
still developing a strategy for handling the historical data resident
on the system. AID has outsourced many of the loan servicing functions
that LAIS supported and is working with the contractor to identify what
LAIS functionality and historical data needs to be supported. AID
expects to resolve the LAIS and FACS issues by September 1999. AID is
working to accelerate deployment of its new desktop infrastructure and
upgrades to routers and other local and wide area networks in order to
support deployment of mission critical applications.
______
The President's Council on Year 2000 Conversion--First Quarterly
Summary of Assessment Information--January 7, 1999
chairman's statement
With slightly less than a year until January 1, 2000, the
President's Council on Year 2000 Conversion is committed to providing
the public on a regular basis information it has obtained about the
status of government and industry efforts to combat the Year 2000 (Y2K)
computer problem.
This report summarizes information the President's Council and its
more than 25 working groups have gathered either from Federal agencies
or through cooperative working relationships with industry trade
associations and other groups who are assessing their members'
preparedness for the century date change. It is the first in a series
of quarterly reports the Council will release in 1999.
It is important to note that, in several industry areas, trade
associations are still working to gather initial survey data on the
status of their members' Year 2000 efforts. Where possible, the report
indicates target dates for completing that work and making information
publicly available. The content and format for information collected
over the past few months also varies and, in some cases, is very
preliminary. The Council is encouraging trade associations to collect
information in a more standard format in future surveys.
Subject to these limitations, the available data provide the
following information about the level of preparedness among key
industries:
--Virtually all of the industry areas report high awareness of the
problem and its potential consequences.
--Participants in several areas are mounting aggressive efforts to
combat the problem and to ensure that critical systems will be
able to process the date change to the Year 2000. Financial
institutions, including banks and securities firms, are most
notable for their coordination and progress.
--We are increasingly confident that there will not be large-scale
disruptions among banks and in the power and telecommunications
industries. Disruptions that do occur will most likely be of a
more localized nature.
--Large organizations often have a better handle on the problem than
some of their smaller counterparts. While many small and
medium-sized businesses and governments are focused on solving
the Year 2000 problem and have made significant progress, some
continue to believe the problem will not affect them or are
delaying action until failures occur. Lack of preparedness
among these organizations increases the risk for localized Y2K
disruptions.
--International failures are likely. Despite recent increased
efforts, a number of countries have thus far done little to
remediate critical systems. These failures could have a
significant impact upon the United States, especially in areas
that rely heavily upon cross-border operations.
At the Federal level, agencies are working to prepare critical
systems for the Year 2000, and have mounted aggressive efforts to
ensure that critical services will not be disrupted by the transition
to the new millennium. According to the most recent OMB report on
agency progress, as of November 15, 1998, 61 percent of Federal
critical systems were Y2K compliant, up from 27 percent a year earlier.
The November data also indicated that 90 percent of critical systems
requiring repair have already been fixed and are now being tested. A
small percentage of critical systems are not expected to meet the March
1999 goal of having all critical systems Y2K compliant, and agencies
will produce specific benchmarks for completing work on these systems
before January 1, 2000. All agencies are working to develop contingency
plans in the event of internal or external failures.
There is still time remaining for organizations, especially smaller
firms, to prepare their critical systems for the Year 2000. But at the
same time, all organizations should be developing back-up, or
contingency, plans to address internal and external Y2K-related
failures. Effective contingency plans will help to minimize Year 2000
disruptions.
i. introduction
Over the past 50 years, computers have made what was once thought
impossible--possible--in finance, transportation, communications,
health care and other areas. From electronic commerce to high-speed
international telecommunications service to medical breakthroughs, they
have been engines for social and economic progress. Information
technology has become more pervasive in the every day activities of
organizations and individuals around the world.
But human beings, the inventors of this remarkable technology, are
not infallible. Now, what once was a rational decision--to use two
digits to represent the year in many computer systems--is now the Year
2000 (Y2K) problem, an enormous challenge to governments and businesses
around the world whose operations depend upon these systems.
This report of the President's Council on Year 2000 Conversion is
the first in a series of quarterly documents that will summarize
industry and other assessments of efforts to ensure that information
technology systems are ready for the century date change. Information
on the level of preparedness is sparse within some industry areas where
trade associations and groups are just beginning efforts to survey
their members. In these areas, the report outlines how information is
being gathered and when further detail is expected.
The Y2K Problem
The Y2K computer problem is caused by a shortcut used in many
information technology systems. Years ago, to conserve memory space,
computer programmers used two digits to record the year--for example,
98 would mean 1998. Over time, this became standard programming
practice.
Many information technology systems that require knowing the year,
and use two-digit coding to record it, will, on January 1, 2000,
recognize 00 not as the Year 2000 but as the Year 1900. This glitch
could cause them to either shut down or malfunction, a significant
problem in our electronic information-dependent society.
The Y2K problem is not new. People have known for years that two-
digit coding would create difficulties when the Year 2000 arrived. But
many organizations in the United States and around the world have been
slow to act. Some assumed that a ``quick-fix'' would materialize that
would enable systems dependent on two-digit coding to process the Year
2000 or that older systems would be replaced by newer, Y2K-compliant
models. Unfortunately, there is no permanent, universal quick-fix and,
in many cases, older, non-compliant systems remain in operation.
The Y2K problem is solvable. Businesses and governments know how to
fix non-compliant systems and are devoting significant financial and
personnel resources toward doing so. Several major financial
institutions are spending hundreds of millions to ensure that their
systems will operate in the Year 2000. As of November 15, 1998, the
Federal Government estimates it will spend $6.4 billion to fix its
mission-critical systems.
Solving the Y2K problem is primarily a management challenge. Repair
and replacement of systems and their interconnections takes time, and
January 1, 2000, is an immovable deadline. Ensuring that critical
systems are ready for the Year 2000 is a matter of prioritizing what
needs to be fixed, devoting adequate personnel and financial resources
to the project, and developing back-up, or contingency, plans to be
used in the event that systems, both internal and external, fail.
The Council
The President's Council on Year 2000 Conversion, established on
February 4, 1998 by Executive Order 13073, coordinates the Federal
Government's efforts to address the Year 2000 problem.
The Federal Government, like any business or organization, is
responsible for fixing its critical systems. But it also is working to
encourage the private sector and other governments to do the same for
the systems for which they have responsibility. Thus, the Council's
mission is two-fold: (1) to work with the agencies to prepare critical
Federal systems for the Year 2000, and (2) to promote action on the
problem outside the Federal Government--among businesses, State, local,
and Tribal governments, and foreign entities.
The Council is made up of representatives from more than 30 major
Federal executive and regulatory agencies that are active in diverse
areas such as transportation, banking, and telecommunications. Council
members work together to exchange information on agency Y2K progress
and shared challenges. They also coordinate interagency testing efforts
for programs that rely upon multiple agency systems and assist each
other with contingency planning efforts for potential Y2K-related
failures.
To reach out beyond the Federal Government, Council members have
formed working groups to focus on the Y2K challenges in over 25 sector
areas such as finance, communications, transportation, electric power,
health care, water supply and building operations. The working groups
have reached out to form cooperative working relationships with the
major trade associations and other umbrella organizations representing
the individual entities operating in each sector. Working group
outreach efforts are designed to increase the level of awareness and
action on the problem and to promote the sharing of information between
entities.
Information Gathering
The Council has also been working with these outside organizations
to gather industry assessments of Y2K preparedness and to encourage
companies and governments to share publicly information about the
status of their own Year 2000 efforts.
Trade associations have special abilities to reach large numbers of
participants within a particular industry and are especially aware of
their most critical Y2K challenges. Industry participants generally are
also more comfortable providing candid information confidentially to
their umbrella organizations rather than directly to government
agencies. These industry assessments, which the Council makes publicly
available through its web site (www.y2k.gov) as soon as they are
available, are important because they provide businesses, governments,
and the general public with information about the status of Y2K efforts
in key areas of the economy.
For example, an organization that has finished work on its systems
could still be vulnerable to the Y2K problem if its business partners
are not prepared. A local grocery store may have ensured that its cash
registers and inventory software are Year 2000 compliant, but Y2K
failures among suppliers could affect the store's bottom line.
Information on progress among suppliers could help the store prepare an
effective back-up plan.
Governments also rely upon information gathering efforts to prepare
contingency plans so that key governmental services will not be
disrupted and to respond to emergencies that may result from Y2K-
related failures. And consumers need information on the Y2K progress of
their local businesses and governments so that they can make their own
informed decisions.
To help associations and other groups collect and share information
on the status of Y2K efforts, the Administration worked with Congress
to enact the ``Year 2000 Information and Readiness Disclosure Act.''
This bipartisan legislation provides protection against the use in
civil litigation of technical Year 2000 information about an
organization's experiences with product compliance, system fixes,
testing protocols and testing results when that information is
disclosed in good faith. It also includes important protections for
information gathering that is designated as a ``special data gathering
request'' under the Act. These collections of information cannot be
reached by private litigants, or used by Federal agencies for
regulatory or oversight purposes, except ``with the express consent or
permission'' of the provider of the information.
Industry Assessments
Shortly after President Clinton signed the ``Year 2000 Information
and Readiness Disclosure Act'' on October 19, 1998, the Council
provided industry associations with a guide for Y2K information
gathering based on earlier surveys designed by some of the Council's
working groups.
The Council suggested that industry trade associations gather from
their members the following information:
--Do you have a plan for addressing the Y2K problem?
--Does it include defined milestones?
--Has your chief executive approved the plan?
--Does the plan define a Y2K organizational structure?
--How have you organized your Y2K work?
--How much to you expect to spend on fixing the problem? How much
have you spent to date?
--What percentage of the work of repairing or replacing mission-
critical systems have you completed for: assessment (inventory
and analyze systems supporting the core business areas and
prioritize their conversion or replacement), renovation
(convert, replace, or eliminate systems), validation (test,
verify, and validate converted or replaced systems), and
implementation (integrate converted or replaced systems into
the system environment where routine information processing
activities are performed)?
--Have you designed, tested, and put in place plans for internal and
external contingencies?
--If you operate internationally, are you encountering any special
difficulties related to the Y2K problem?
ii. critical services
For the purposes of this initial report, the Council has identified
and summarized assessment information for nine sector areas covering
the provision of critical services. They are: benefits payments,
communications, electric power, emergency services, financial services,
oil and gas, solid waste, transportation, water supply.
In every area except for benefits payments, the Council is relying
partially or entirely on industry trade associations to provide
assessment information on Y2K progress within their sectors. As noted
earlier, many trade associations are still working to gather initial or
more comprehensive survey data on the status of their members' Year
2000 efforts. Target dates for completing that work and making
information publicly available are provided in those instances. ``Y2K
compliant'' systems are those that have been tested, are operational,
and can accurately process data through the century date change.
Benefits Payments (Working Group Chair--Social Security Administration)
There is still work to be done to ensure the complete Year 2000
readiness of all systems responsible for making Federal benefit
payments, but agencies expect that they will be able to deliver
payments without disruption in January 2000. These benefit payments
include Social Security, Supplemental Security Income, Government
civilian and military pensions, veterans benefits, and unemployment
insurance.
Social Security Administration
The Social Security Administration (SSA) has made all its systems
that produce Social Security and Supplemental Security Income (SSI)
payments Year 2000 compliant, and has tested and certified those
systems. In addition, testing from SSA through the Treasury Department
and the Federal Reserve for direct deposit payments was also
successfully completed. Beginning with payments made in October 1998,
the Social Security and SSI benefit payments were generated using Year
2000 compliant software at both SSA and Treasury. Treasury Department
systems for making monthly Social Security and SSI payments received
independent verification of their Y2K compliance in December 1998.
With regard to disability benefits, SSA is working very closely
with the State Disability Determination Services (DDS's) to ensure
there is no disruption to State systems which support medical
determinations in the Social Security and Supplemental Security Income
Disability claims process. There are 50 States and territories with
automated systems. As of November 30, 1998, 45 DDS systems have been
renovated, tested and implemented. All 50 systems are expected to be
Year 2000 compliant by January 1999. SSA and each State DDS have
developed Business Continuity and Contingency Plans in the event that
unforeseen problems occur. These plans address measures to be taken to
ensure payments are made and claims are processed.
Department of Defense
The Defense Department is confident that payments to military
retirees and annuitants will continue uninterrupted in January 2000.
All programming changes and testing of programs for the pay system and
its interfaces have been completed. The Year 2000 compliant programs
were implemented in October 1998. The pay system software will be
migrated to a Year 2000 compliant processing environment, tested and
implemented by March 31, 1999. Additional end-to-end testing with
interfacing partners is scheduled for mid-1999. Successful completion
of these tests and continued close contact with interfacing partners
will ensure a smooth transition to January 2000.
Department of Veterans Affairs
The Department of Veterans Affairs (VA) is making Year 2000
compliant all systems that deliver compensation, pension, education,
vocational rehabilitation and loan guaranty benefits to veterans. As of
October 31, 1998, 99 percent of all benefit payment programs were
renovated, and 72 percent were implemented. All programs are scheduled
for implementation by March 31, 1999. VA is currently developing
business continuity and contingency plans for its benefits delivery
business areas. These plans are expected to be completed by January
1999. The Treasury Department systems that make payments on behalf of
VA are scheduled to be implemented at the end of 1998.
Office of Personnel Management
The Office of Personnel Management (OPM) continues to make
significant progress in achieving compliance for the mission-critical
systems of its Retirement and Insurance Service that support the
provision of benefit services to Federal employees and annuitants. As
of October 1998, OPM has completed renovation of these mission-critical
systems, and has validated and implemented almost half of them. OPM
anticipates completing the validation and implementation phases by
January 1999. OPM is also validating Y2K compliance with the more than
200 partners with whom it exchanges data and plans to test retirement
benefit payment files with the Treasury Department. In addition, in
December 1998, OPM developed final draft business continuity and
contingency plans to ensure that it can provide essential retirement
and insurance services in January 2000, and will schedule and conduct
testing of these plans within the next several months.
Department of Labor
The Unemployment Insurance (UI) program is administered by 53 State
Employment Security Agencies (SESA's). The Department of Labor (DOL) is
responsible for oversight of the UI program. The Year 2000 problem for
UI arises in January 1999, because the State systems must calculate an
end date for new claims. Since the end date is one year from the date a
claim is filed, the computer must calculate and assign an end date in
January 2000 for any new benefits claim opened in January 1999.
In December 1998, DOL stated that 16 SESA's were ``at risk'' of not
being able to complete permanent fixes to their systems before the
January 4, 1999 cutoff date, and may need to implement back-up, or
contingency, plans so that benefits can be processed while they
continue to prepare systems for the Year 2000. Those SESA's were:
Arizona, Connecticut, Delaware, the District of Columbia, Hawaii,
Illinois, Kansas, Louisiana, Massachusetts, Missouri, Montana, New
Hampshire, New Mexico, Puerto Rico, Vermont, and the Virgin Islands.
DOL is continuing to provide direct technical assistance to these
SESA's in addressing the automated system problems and preparing
contingency plans.
Reliance on Banks and the U.S. Postal Service
All of the benefit payment systems are dependent on the financial
community for direct deposits and the U.S. Postal Service (USPS) for
check delivery, and in the case of international payments, a variety of
check delivery systems. Each Federal agency providing benefits is
working closely with the Treasury Department and the Federal Reserve,
which is in turn testing with the banking community to ensure a smooth
transition to 2000 and to plan for any unforeseen disruptions to direct
deposits.
With regard to check delivery through the U.S. mail, the USPS has
renovated 78 percent of its mission-critical systems. The remaining
renovation and independent verification and validation of all mission-
critical systems will be completed in the first half of 1999. To
evaluate the readiness of core mail processing equipment, the Postal
Service advanced the dates and tested the automated mail processing
equipment at a major mail processing plant in Tampa and a bulk mail
center in Atlanta. Both tests verified that the equipment, which is in
use throughout the postal system, will process letters, flats and
parcels correctly to and through the Year 2000. Although additional
testing is planned throughout 1999, USPS is confident in its ability to
sustain mail service through the century date change.
Communications (Working Group Chairs--Federal Communications
Commission, General Services Administration)
Information obtained from the communications industry indicates
that the major companies have active Year 2000 programs and have made
substantial progress toward updating their systems. However, less
information is available regarding smaller organizations, and detailed
information about some sectors will not be available until late January
1999.
The Federal Communications Commission (FCC) regulates the
communications industry in five sectors: wireline, wireless, cable,
broadcast, and international. Communications equipment is grouped by
network elements (transmission and reception), support systems
(billing, maintenance, inventory), and auxiliary systems (security,
alarms, environmental control). Continuity of communications requires
each network element to operate properly and for those elements to
interoperate effectively.
The FCC is working closely with a number of organizations to assess
industry readiness, including: the Network Reliability and
Interoperability Council (NRIC), the Telco Year 2000 Forum, the
Alliance for Industry Telecommunications Solutions (ATIS), Cable
Television Laboratories, Inc. (CableLabs), the International
Telecommunication Union (ITU), and several other trade associations
representing various industry segments.
Wireline
Data indicate that this segment of the telecommunications industry,
which includes major companies such as Bell Atlantic, AT&T and MCI, is
seriously addressing Year 2000 conversion issues and will meet
remediation goals. Based on the information collected to date, the most
likely Y2K difficulties would be small, localized problems in the
network. Companies are developing contingency plans to pool efforts to
address these types of problems.
Preliminary information from the NRIC, based on a polling of
companies representing 94 percent of the access lines in the United
States, indicates that between September 30, 1998 and December 30,
1998, the wireline industry was expected to progress from 54 percent to
69 percent completion of its Y2K project overall, while assessment of
Y2K problems would go from 94 percent to 98 percent complete,
renovation or remediation would progress from 66 percent to 81 percent
complete, and validation or testing would move from 58 percent to 69
percent complete. Implementing proven solutions across the network was
expected to progress from 59 percent to 74 percent complete between the
end of September and the end of December 1998. The average target date
for complete implementation is June 30, 1999.
Cable
While current data are not yet available, the industry expects that
Y2K problems will not cripple cable system operations, and at this time
it appears that set-top boxes found in the common household are for the
most part not at risk. However, switching devices, commercial insertion
equipment, satellite video playback equipment, and addressable
controllers could be affected. Cable operator equipment that relies on
embedded chip technology is also at risk.
In April 1998, the Cable Services Bureau sent 25 letters to the 10
largest multiple systems operators (MSO's), 6 major manufacturers, 5
cable network programmers, and 4 trade associations. The 10 MSO's serve
approximately 78 percent of the market share of subscribers. The
manufacturers selected provide the most popular equipment used by cable
operators and the trade organizations represent a cross-section of
cable systems across the country. As of May 1998, all respondents had
initiated an inventory phase of their Year 2000 programs, with the
majority of the MSO's far along toward completing the review of their
inventories. The responses indicated that cable systems had made
minimal progress on remediation, unit testing, and integration.
Nevertheless, several respondents stated that they will achieve Year
2000 compliance well ahead of the century date change. Further,
CableLabs was expected to have begun interoperability testing before
the end of 1998, and information regarding this testing will be
available to cable operators at the CableLabs web site.
On November 25, 1998, the Cable Services Bureau sent a second round
of Y2K assessments consisting of a questionnaire and associated
attachments to a cross-section of 50 cable operators. Combined, these
operators serve approximately 90 percent of all cable subscribers.
Responses are expected by early January 1999.
Wireless
According to the industry, the majority of cellular and PCS phones
are not date-sensitive. However, there could be problems in trunked
systems or in other systems that integrate the cellular system into a
larger network, such as public service answering points operated by
local emergency response providers.
The Wireless Telecommunications Bureau sent a letter to licensees,
associations, and other entities involved with wireless communications
which provided Y2K information and made a voluntary request for
information. The response to this voluntary inquiry has been
insufficient to do an analysis. The current assessment questionnaire
sent to the wireless industry is mandatory, covering 300 wireless
carriers, and is meant to complement the information requested from the
1,200 wireline carriers about wireless services they may provide.
Information from this assessment will provide a more comprehensive view
of the industry and will be available in the first quarter of 1999.
The wireless industry is planning to participate in the
interoperability testing planned by ATIS starting in January 1999.
Mass Media
It appears that the majority of broadcasters are aware of the Y2K
issue and are addressing it. According to the industry, Y2K problems
should not cause a loss of essential services because of the
multiplicity of broadcast services as well as the fact that most
equipment that could cause serious service outages is capable of being
manually overridden.
The major broadcasting networks and group owners have been working
on the Y2K problem for some time, some as early as 1996. Many broadcast
groups and networks are working in teams and have formed reporting
structures to ensure adequate project monitoring and risk assessment.
The Mass Media Bureau recently sent a survey to a representative cross-
section of 250 broadcasters that will yield additional information
about the status of Y2K remediation efforts and contingency planning by
mid-January 1999.
International
Telecommunications companies engaged in trans-border services
indicate that neither dial tone nor data transmission are likely to
experience significant difficulties resulting from the Y2K problem.
Some companies report concerns about billing (operations/support
systems) and maintenance systems. U.S. carriers indicate that
terminating calls overseas, which depend on the networks of foreign
Public Telephone Operators (PTO's), may be impeded by Y2K problems.
The ITU has a Y2K task force that has sent a questionnaire to more
than 5,000 members--governments, telecommunications carriers, and
operators--but there has been a low number of responses. Preliminary
results showed that most of the respondents cited the British Standards
Institute (BSI) as the standard to which their company is adhering. The
countries that ranked themselves the least prepared were predominantly
developing countries from the African continent, South Asia, and
Southeast Asia. Eastern Europe, the Middle East, and Central and South
American countries ranked themselves somewhat prepared for Y2K, while
Western Europe, the United States, the Caribbean, and Pacific Rim
countries ranked themselves the most prepared for Y2K. The ITU plans to
redouble its efforts by circulating subsequent questionnaires on an
ongoing basis to encourage governments to pressure operators to
respond.
In addition, the ITU's Y2K inter-carrier task force is conducting
testing and has developed plans for regional testing worldwide, which
is expected to start in the first quarter of 1999. One test in early
September 1998 among Germany, Sweden, and Hong Kong, showed few Y2K-
related problems. However, each of the tested systems had undergone
extensive remediation and testing.
Regarding satellite systems, the general consensus within the
industry appears to be that the satellites themselves contain little,
if any, date-sensitive information. However, satellite carriers are
actively evaluating and remediating ground equipment because antenna
controls are date and time dependent and ground stations contain
complex electronics and larger computers. Companies are confident that
they will complete conversion by January 1, 2000, but cite
interoperability testing as difficult.
For more information, consult: www.fcc.gov/year2000.
Electric Power (Working Group Chair--Department of Energy)
According to the most recent assessment information on Y2K
preparations within the electric power industry, industry
representatives believe that, with properly coordinated contingency
planning and accelerated preparations, electric power supply and
delivery systems will be able to operate reliably into the Year 2000.
In May 1998, the Secretary of Energy requested that the North
American Electric Reliability Council (NERC) coordinate efforts within
the electric power industry to assure a smooth Year 2000 transition.
NERC is a voluntary, not-for-profit organization made up of 10 regional
councils, whose membership includes nearly every major provider of
electricity generation and transmission within the Eastern, Western,
and Texas interconnections that form the backbone of the electricity
supply system for the United States, Canada, and a small part of
Mexico.
NERC has established recommended industry-wide milestones for
ensuring that electric systems are ready for the Year 2000. The
recommended completion dates for the remediation/testing phase of Y2K
preparations is May 1999. Mission-critical systems and components
(e.g., power production, energy management systems, telecommunications,
substation controls and system protection, and distribution systems)
are to be made Y2K ready by June 30, 1999.
NERC has worked in partnership with trade associations representing
investor-owned utilities (Edison Electric Institute), municipal
utilities (American Public Power Association), rural electric
cooperatives (National Rural Electric Cooperatives Association),
nuclear plant operators (Nuclear Energy Institute), and the Canadian
electric power industry (Canadian Electricity Association) to assure
the most complete coverage of the industry in the surveys and
assessments.
In September 1998, NERC issued an initial status report and
workplan for Year 2000 readiness within the electric power industry.
NERC also committed that it would provide further reports on a
quarterly basis with updated status information developed through
monthly NERC surveys of the major generation and transmission providers
(approximately 200 entities) and quarterly surveys of distribution-only
entities (approximately 3,000 organizations) by cooperating trade
associations.
Thus far, more than 75 percent of the electricity supply and
delivery organizations have participated in the Y2K readiness surveys.
Responses have been received from 188 of the entities surveyed directly
by NERC and 2,200 entities surveyed by the cooperating trade
associations.
As of October 1998, the overall progress of the 188 bulk electric
system entities (i.e., large generation and transmission providers)
that have reported to NERC was as follows:
------------------------------------------------------------------------
Average
Y2K Program Phase Percent Average Projected
Complete Completion Date
------------------------------------------------------------------------
Inventory..................... 93 August 1998.
Assessment.................... 75 November 1998.
Remediation/Testing........... 36 June 1999.
------------------------------------------------------------------------
The 188 reporting organizations, on average, plan for their systems
to be Y2K ready by July 1999. Most of the 188 survey respondents are
still in the early stages of formulating contingency plans and
preparations.
The overall progress of the approximately 2,200 distribution
entities that have responded to surveys through August 1998, was as
follows:
Average Percent
Y2K Program Phase Complete
Inventory......................................................... 86
Assessment........................................................ 52
Remediation/Testing............................................... 30
The electric power industry is placing considerable emphasis on
contingency planning for the Year 2000 transition. NERC is providing
direct oversight with respect to operational Year 2000 contingency
plans for the Eastern, Western, and Texas interconnections of the power
grid. Contingency planning is also being implemented within each of the
regional reliability councils, and at the level of individual
suppliers. NERC is targeting June 1999 as the date for completion of
contingency plans.
Particular concerns within the industry include the reliability of
voice and data communications, needed for monitoring and control of
power systems, and embedded chips. Embedded chips are used in
communications and numerous power system device controllers. While it
is estimated that only 1 to 2 percent of these devices uses a time/date
function in a manner that could result in a Y2K malfunction, the
interconnected nature of electric systems make them sensitive to the
failure of any equipment.
The next NERC status report and workplan for Year 2000 readiness is
scheduled for release in mid-January 1999. NERC is also planning to
conduct industry-wide Y2K preparedness drills in April and September
1999. All NERC reports, contingency planning guidance, and monthly
survey results are available on the NERC web site.
For more information, consult: www.nerc.com.
Emergency Services (Working Group Chair--Federal Emergency Management
Agency)
Initial assessment information on the emergency services sector
indicates that a significant number of mission-critical systems are
expected to be Y2K compliant by spring 1999. However, organizations are
still working to obtain preliminary assessment information for areas
such as the fire service and 911 centers. This preliminary information,
along with more complete assessments, will be available as Federal
agencies continue to receive feedback from their stakeholders in the
emergency services community. In addition to the fire service and 911
centers, these entities include State and local emergency management
organizations, emergency medical services, and other professional and
private emergency management organizations.
Federal agencies working with the emergency services community
include: the Federal Emergency Management Agency (for fire services and
State and local emergency management); the Department of
Transportation/National Highway Traffic Safety Administration (for
emergency medical services); the Department of Health and Human
Services (for the National Disaster Medical System and disaster medical
assistance teams); the Department of Commerce/National Oceanic and
Atmospheric Administration/National Weather Service; the Department of
Interior; the United States Department of Agriculture and the
Department of Defense. The American Red Cross is an honorary member.
Emergency Management Directors
As of December 1, 1998, emergency management directors from 46
States, the District of Columbia, and four territories had responded to
a FEMA request for assessment information on Y2K readiness. FEMA had
asked the directors to provide information on the status of State and
local Y2K efforts, funding for Y2K fixes, overall readiness at the
State and local level, contingency planning, and likely impacts of the
Y2K problem.
Early responses indicate all State level agencies have resolved, or
are planning to resolve, the vast number of Y2K-related issues
involving critical emergency preparedness facilities, systems, and
services. To date, nineteen States responded that they expect to be to
be Y2K compliant by January 1, 2000. Of those, eight States said they
expect to be compliant by mid-1999. Surveys are ongoing, and more
information will be gathered throughout 1999.
Respondents did express several areas of concern. The issue cited
most often was the limited nature of financial resources to assess,
fix, test, and validate systems at the State level. Many respondents
complained about the excessive number and redundancy of status reports
requested on Y2K plans and preparedness. Respondents also expressed
concerns about the possibility of power and grid failures, especially
in areas serviced by smaller utilities. The limited amount of
contingency planning that has been completed at the State and local
level was also noted.
The International Association of Emergency Managers, which has a
membership of over 1,700 individuals representing local emergency
management organizations, conducted an on-line survey of Y2K
preparedness. Of the 172 respondents, 164 are aware of the Y2K problem,
159 are actively working to ensure their systems will be ready for the
Year 2000, and 59, or 34 percent, reported their systems are fully
prepared. Furthermore, 58 percent of the respondents reported that
internal systems for their community emergency management programs are
Y2K compliant, and 54 percent reported that their organizations are
capable of meeting community needs (information, guidance, assistance)
for Y2K preparedness.
Fire Service
An initial assessment of fire service Y2K efforts is expected by
early 1999. FEMA's United States Fire Administration (USFA), which acts
as a clearinghouse for Y2K information, is working with the National
Association of State Fire Marshals (NASFM) to survey 500 representative
fire departments across all 50 States. The USFA has already distributed
a brochure of frequently asked questions regarding the Y2K problem to
33,000 individual fire departments, 50 State fire marshals, 50 State
fire training directors, 11 major national fire service organizations,
and eight national associations of manufacturers/distributors of fire
and emergency services equipment.
``911'' Centers
An initial assessment of Y2K progress among 911 centers is expected
by early 1999. In partnership with the USFA, the National Emergency
Number Association (NENA) planned to contact all 4,300 known 911
centers by the end of 1998 to assess Y2K readiness. The FCC is also
working with NENA, since local 911 centers are dependent upon the
commercial communications companies to address and resolve Y2K issues.
Emergency Medical Services
While the assessment of State and local Emergency Medical Service
(EMS) agencies is ongoing, 75 percent of State EMS directors reported
that their systems would be 100 percent compliant by January 1, 2000,
in response to a National Highway and Transportation Safety
Administration survey. The National Association of State EMS Directors
has agreed to coordinate a State-by-State assessment of preparation and
compliance among local EMS agencies.
According to the Department of Health and Human Services (HHS), the
pre-hospital segment (e.g., ambulance services) of the health services
sector should have minimal Y2K concerns about internal systems. There
are no internal Y2K issues affecting systems for deploying ambulances,
helicopters, and communications and transportation equipment, given an
operational support infrastructure. The 62 Disaster Medical Assistance
and Specialty Teams, comprising 7,000 enrolled personnel and their
equipment cache, will be unaffected.
HHS is conducting Y2K outreach programs with health care
organizations, including the American Hospital Association, American
Medical Association, and Joint Commission on Accreditation of Health
Care Organizations. HHS also is working with other Federal agencies and
manufacturers of biomedical equipment to ensure compliance of medical
devices. As of October 1998, approximately two-thirds of the 1,932
manufacturers of medical devices containing electronic components have
responded to queries about the compliance of their products. This
information is available on a Food and Drug Administration-maintained
web site (www.fda.gov/cdrh/yr200/year2000.html).
Federal Response Planning
Virtually all of the Federal Response Plan (FRP) Primary Agencies--
the Departments of Transportation, Defense, Agriculture, and Energy,
HHS, FEMA, NCS, GSA, and the Environmental Protection Agency--stated
that they expect their mission-critical systems used for emergency
response under the FRP to meet the March 31, 1999 government-wide goal
for Year 2000 compliance. The American Red Cross expects its critical
FRP systems to be compliant by July 31, 1999.
Each of the Primary FRP Agencies is a member of the Catastrophic
Disaster Response Group (CDRG), which is chaired by FEMA and is
responsible for providing national policy-level direction on
interagency disaster planning, coordination, and operations. In July
1998, FEMA established a Primary Agency Committee of the CDRG to ensure
that all 26 FRP agencies are Y2K-ready and able to perform effective
disaster response operations, and to prepare for possible consequences
of Y2K failures that may require a Federal response.
For more information, consult: www.fema.gov/y2k/.
Financial Services (Working Group Chair--Federal Reserve Board)
According to the latest data from Federal supervisory agencies,
financial institutions are well ahead of most organizations in
preparing systems for the Year 2000. Banks, credit unions, and the
futures and securities industries are far into the Y2K remediation
process and expect that systems will be ready in advance of the new
millennium. Moreover, the Federal Reserve is making good progress on
its internal systems and reports that external tests with banks and
other financial institutions are going well.
A large proportion of institutions that make up the financial
sector are supervised by one or more Federal regulatory agencies--
primarily the Federal Deposit Insurance Corporation (FDIC), the Federal
Reserve, the National Credit Union Administration (NCUA), the Office of
the Comptroller of the Currency (OCC), the Office of Thrift Supervision
(OTS), the Commodities Futures Trading Commission (CFTC), and the
Securities Exchange Commission (SEC). Assessment information is derived
largely from supervisory data collected by these agencies.
Depository Institutions and Credit Unions
The vast majority of the Nation's depository institutions and
credit unions (approximately 9,000 banks, 1,200 thrift institutions,
and 13,000 credit unions) are on schedule to meet the Federal Financial
Institutions Examinations Council (FFIEC) milestone dates for
completing Year 2000 remediation efforts. The FFIEC's remaining
milestones for completing the validation and implementation of mission-
critical systems include: (1) by December 31, 1998, testing of internal
mission-critical systems should be substantially complete; (2) by March
31, 1999, testing by institutions relying on service providers for
mission-critical systems should be substantially complete and external
testing with material other third parties should have begun; and, (3)
by June 30, 1999, testing of mission-critical systems should be
complete and implementation should be substantially complete. With
respect to Year 2000 contingency planning, the FFIEC has established
June 30, 1999, as the date by which all institutions should have
substantially completed their Year 2000 business resumption contingency
plans.
Depository institutions and credit unions largely have completed
the awareness and assessment phases, renovations continue, and most are
now testing mission-critical systems as part of validation phase
efforts. As of October 31, 1998, approximately 96 percent of depository
institutions and credit unions examined by the FFIEC agencies were
rated satisfactory (i.e., have met or are expected to meet all FFIEC
expectations and timeframes).
Securities Industry
The securities markets and industry are making good progress with
their Year 2000 efforts, and reporting procedures are in place to
identify any material weaknesses in remediation efforts.
The SEC is responsible for oversight of U.S. securities markets and
clearing agencies. In September 1998, the SEC surveyed eight national
securities exchanges, the National Association of Securities Dealers
(NASD), the Securities Industry Association (SIAC) (as systems manager
for the National Market System) and nine registered or exempt clearing
agencies regarding their Year 2000 efforts. According to the latest
survey data, the exchanges and NASD have completed remediation and
testing work on 95 percent of mission-critical systems and have
finished implementation work on 73 percent. The clearing agencies have
completed renovation and testing on 87 percent of critical systems and
implementation on 86 percent.
Broker-dealers are subject to oversight, including examinations, by
the SEC and securities self-regulatory organizations (SRO's) such as
the NASD and the New York Stock Exchange. The SEC required registered
broker-dealers to file reports regarding their Year 2000 efforts on
August 31, 1998 and a second report is due on April 30, 1999. According
to the data, 83 percent of broker dealer firms have a written Y2K plan.
Thirty percent have completed testing on critical systems, and 51
percent have developed contingency plans for potential Y2K failures. In
July 1998, the Securities Industries Association conducted beta testing
of interconnections between a select number of systems within the
industry. The test, which identified only a few easily-correctable Year
2000 errors, was a prelude to a more extensive street-wide test to be
conducted in spring 1999.
The SEC also conducts examinations of registered investment
companies and investment advisers. As of September 30, 1998, the SEC
had conducted Year 2000 reviews of 3,895 investment advisers and 445
investment companies. Of the investment companies, 76 percent reported
having a written Y2K plan, and 50 percent of investment advisors
reported having such plans. The SEC's reports that 24 percent of the
investment companies and investment advisers examined have completed
implementation. An additional 56 percent expected to complete
implementation by December 31, 1998.
Commodities Futures Industry
The futures industry is preparing its systems for the Year 2000,
subject to CFTC oversight. Testing by the futures exchanges and their
clearinghouses is progressing on schedule and internal remediation work
is complete, or nearing completion, at many firms and SRO's. Many
futures commission merchants (FCM's) use computer service providers,
who report that their systems are compliant.
A Futures Industry Association (FIA) report on the September 1998
Y2K beta testing at futures exchanges indicates that of over 4,000
transactions processed, 98 percent were considered successful, and the
errors identified were promptly resolved.
FCM's who clear on exchanges are required conduct Y2K tests of
their systems. Non-clearing FCM's are less likely to pose systemic
risks. However, the responses to the Y2K questionnaires sent out by the
SRO's indicate an overall awareness of the potential Y2K problems among
non-clearing FCM's. Most have begun work on assessing their Y2K
compliance through testing their own systems and confirming compliance
of systems and data supplied by outside parties.
More than 500 of the 1,500 commodity pool operators (CPO) and
commodity trading advisors (CTA) use ``back-office'' service (i.e.,
accounting and processing services) providers. Approximately 15 firms
provide back office services to CPO's and CTA's. The National Futures
Association (NFA), an SRO, has contacted most of these firms, all of
whom have Y2K projects underway with completion dates ranging from
October 1998 to mid-1999.
Federal Reserve Year 2000 Readiness Disclosure Statement
The Federal Reserve provides financial services to depository
institutions as well as to the federal government. The Federal Reserve
has met its goals to date for addressing the risks posed by the century
date change. The Federal Reserve System's internal application testing
efforts are progressing in a timely manner. As of the end of November
1998, 67 percent of the Federal Reserve's mission-critical applications
were Year 2000 ready. Of the remaining 33 percent, 31 percent are
remediated and being tested, and the Federal Reserve expects that
implementation will be completed by January 1999. The remaining two
percent represent new system development initiatives that are on
schedule for implementation in first quarter 1999.
External testing with financial institutions and other customers is
going well. As of December 1, 1998, over 5,000 depository institutions
had tested with the Federal Reserve, and the Treasury Department's
Financial Management Service has conducted interface testing with the
Federal Reserve for Social Security payments.
Insurance Sector
Based on information collected by the National Association of
Insurance Commissioners (NAIC), all States have initiated a survey/
examination effort for domestic insurers. As of December 1998, 64
percent of regulated insurance entities responded to the survey and
State regulators are following up with insurers that did not respond.
The focus for 1999 reviews will be completion of the testing,
remediation and implementation phases, and contingency planning. The
States have established June 30, 1999 as the date by which remediation
of all mission-critical systems should be complete.
Oil and Gas (Working Group Chair--Federal Energy Regulatory Commission)
Industry representatives are cautiously optimistic that the U.S.
oil and gas sector will be ready for the transition to the new
millennium. Survey results indicate that the industry is making good
progress in implementing Y2K plans, but that the rate of progress needs
to increase.
Industry trade associations and individual companies have been
addressing the Y2K issue for some time. Many companies began as early
as 1995. Preparations for Year 2000 are a natural extension of the
industry's thorough contingency planning that covers every area of
operations from producing fields to refinery and pipeline operations to
environmental monitoring and control. For example, storage built into
oil and natural gas delivery systems provides additional flexibility
for delivering the product to end users should Y2K-related disruptions
occur.
Date handling codes show up within various computer applications
and are embedded in computer chips and throughout the petroleum
industry, from computer applications to process control devices.
Potential Y2K problems range from incorrect financial transactions, oil
field production outages, refinery and pipeline stoppages, product flow
disruptions, as well as potential environmental and safety hazards.
Areas of concern include Supervisory Control Area Data Acquisition
Systems (SCADA) used to acquire information from remote sections of
pipeline and to control the flow of fuel at remote locations by using
computers linked to satellite and telephone communications systems.
Embedded chips, which occur throughout the sector, are also a concern.
Following an initial focus on software, the industry is now
concentrating on embedded chips, which are more prevalent in
operations.
The Oil and Gas Working Group of the President's Council, in
cooperation with the American Petroleum Institute, the Interstate
Natural Gas Association of America, the American Gas Association, the
American Public Gas Association, and other industry groups, conducted
its first survey on the Y2K readiness of the U.S. oil and gas industry
in August 1998. Survey results were presented at a public conference in
September 1998, and are displayed on the Internet at www.y2k.gov. The
survey respondents represented 45 percent of U.S. oil and natural gas
production, 78 percent of U.S. refining capacity, 70 percent of U.S.
crude oil and refined product pipeline deliveries, 81 percent of
natural gas interstate pipeline deliveries, 43 percent of U.S. branded
retail outlets (e.g., service stations), and 50 percent of the total
natural gas volume of investor-owned local distribution companies.
According to the August 1998 data, about 86 percent of survey
respondents were in the process of implementing plans for addressing
the Y2K problem, with 14 percent still in the planning stage.
The status of work was broken down as follows:
------------------------------------------------------------------------
Business
Systems and Embedded
Associated Systems
Software Aggregate
Aggregate Results
Results
------------------------------------------------------------------------
Plan.................................... 14 14
Inventory............................... 12 18
Assessment.............................. 19 28
Remediation............................. 36 26
Validation.............................. 19 14
------------------------------------------------------------------------
Twenty-two percent of survey respondents expected to complete their
Y2K work by December 1998; 76 percent expected to be done by June 1999;
and all expected to be done by December 1999.
Survey respondents reported that they would complete in the
remediation and validation phases their contingency planning efforts
for internal and external failures. All respondents said that their
contingency plans would be ready by December 1999, with 31 percent
stating these plans would be complete by December 1998, 73 percent
expecting completion by June 1999, and all expected to be completed by
December 1999.
The next survey was distributed in mid-December 1998, with a due
date of mid-January 1999. The Oil and Gas Working Group will release
the survey results at a public conference to be held on February 18,
1999. Quarterly follow-up surveys will be conducted during 1999.
The U.S. oil and gas industry is concerned about international oil
production and shipping, especially in light of the lack of information
available. Members of the American Petroleum Institute's International
Oil Y2K Task Force have joined with the Federal Energy Regulatory
Commission (FERC) and other Federal agencies, along with the
International Energy Agency, to create an International Oil
Coordination Council (IOCC). IOCC met in early November 1998 to
exchange information on industry and government efforts and plan how to
assess the industry's Y2K readiness on an international scale. IOCC
will focus on collecting information globally in 1999 and on creating a
public scorecard of international readiness.
Solid Waste (Working Group Chair--Environmental Protection Agency)
Waste industry organizations, which include waste haulers,
handlers, and disposers, use a relatively low level of automation in
their operations. As a result, the industry reports that waste
organizations' exposure to Y2K-related difficulties will be minimal.
Nonetheless, the Environmental Protection Agency's Office of Solid
Waste has been communicating with the waste management sector about the
potential risks of Year 2000 failures. EPA has encouraged its contacts
to identify, assess, manage, and mitigate Y2K risks within the
industry.
Organizations and associations with whom EPA has been communicating
include: the Association of Waste and Hazardous Materials Transporters,
Browning-Ferris Industries, Inc. (BFI), the Cement Kiln Recycling
Coalition, Environmental Industry Associations, the Environmental
Technology Council, the Integrated Waste Services Association, Inc.,
the National Association of Chemical Recyclers, the Solid Waste
Association of North America, and USA Waste Services Inc./Waste
Management Inc.
Thus far, only the Cement Kiln Recycling Coalition has a conducted
a formal Y2K survey of its members and expects to release the results
in late January 1999. In the first quarter of 1999, EPA plans to work
with waste trade associations including the Solid Waste Association of
North America, which includes major trash haulers like BFI, Inc. and
Waste USA, on their Y2K efforts.
EPA's contacts with the industry have yielded some important
information on the Y2K problem and waste operations. BFI, Inc., which
owns nearly 40 percent of U.S. collection and operating waste
facilities, reports that there is little vulnerability related to the
Y2K problem in the provision of waste collection services, and ranks
internal operating (e.g., scales) and billing systems as the areas of
most concern. At incineration plants, early precautions may
automatically be activated to avoid problems with emission monitors or
other internal systems.
Given the relatively low level of automation inherent in trash
collection, hauling, and disposal, contingency planning within the
industry is not expected to be highly sophisticated. Industry
representatives have indicated that should Y2K disruptions occur within
the industry, waste will be held longer and not disposed of or
incinerated until system fixes are made.
For more information, consult: www.epa.gov/year2000.
Transportation (Working Group Chair--Department of Transportation)
Preliminary survey data and contacts with transportation industries
indicate that there is a high level of awareness of the Y2K problem
across the major air carrier and transit service providers, as well as
in the motor vehicle regulatory and enforcement arena. Air carriers and
larger airports and transit providers are making significant progress
in efforts to address the Y2K problem. However, the potential readiness
of airports and transit services in small communities and rural areas
is a concern. Additional data is necessary to provide a more
comprehensive understanding of the level of Y2K readiness among all
components of the transportation industry.
Neither the railroad nor maritime industry associations had
complete, consolidated survey data to share in time for this report,
but this information is expected early in 1999. Based on external
reports and outreach efforts, it appears that the rail industry is
taking appropriate steps to prepare for the Y2K conversion. Concerns
about the readiness of the international maritime transportation
industry, however, has prompted the U.S. Coast Guard to begin an effort
with the International Maritime Organization to improve information
sharing and accelerate global Y2K remediation efforts and contingency
planning of the maritime transportation industry. Information sharing
is taking place through the Ship Operations Cooperative Program (SOCP),
a joint venture with industry, and the SOCP Y2K website.
In November 1998, the Council's Transportation Working Group sent a
letter and sample Y2K assessment form to the heads of 83 key trade
associations representing all modes of transportation--air, highway,
transit, rail, and marine. Thus far, the National Air Carrier
Association, Inc. (NACA), American Association of Motor Vehicle
Administrators (AAMVA), and the American Public Transit Association
(APTA) have provided assessment information on their members' Y2K
efforts.
Air
The Transportation Working Group is eagerly awaiting the results of
the Air Transport Association survey that will cover the larger
commercial carriers, including the major passenger airlines. Results
from this survey, and from airport-related surveys, are expected within
the first quarter of 1999.
NACA represents a relatively small segment of the air carrier
market, specializing in low-cost scheduled and charter transportation
of passengers and cargo. NACA surveyed its member airlines in November
1998; five of seven members responded. The level of Y2K readiness
varies across NACA's membership. Some of the smaller carriers are very
far behind in the work phases, with only 55 percent of assessment
completed. Larger carriers have made more progress. Estimated costs for
Y2K remediation among the carriers ranged from around $200,000 to $8
million. The survey results also indicate that not all contingency
plans address external failures.
Respondents reported that they do not currently have plans to
suspend flights to countries lagging behind the United States in
dealing with the Y2K problem, although they are closely monitoring the
international situation. NACA indicated a willingness to conduct
additional surveys of their members' Y2K readiness in 1999.
Highway
AAMVA, an international association representing motor vehicle and
traffic law enforcement administrators from jurisdictions within the
United States and Canada, surveyed its members in August 1998,
receiving 44 responses representing 31 States. Forty-seven percent of
respondents said the Y2K issue was a ``top priority'' for their
organization, while 36 percent ranked it as ``very high'' or ``high,''
and 9 percent as ``medium'' or ``low.'' On system compliance, 34
percent reported that they were Y2K compliant; 59 percent said they
were assessing the issue or had at least one Y2K project planned or
underway.
Respondents cited five functional areas of motor carrier
operations--safety administration, registration, fuel tax, operating
authority, and oversize/overweight permits--as being vulnerable to the
Y2K problem. Target dates given for expected compliance of these areas
range from November 1998 to October 1999. More than 60 percent of
respondents were fully confident that their jurisdiction would be
compliant prior to January 1, 2000, another 36 percent fell between 80
and 99.9 percent confident.
On contingency planning, 48 percent of respondents do not have
contingency plans, while 32 percent do. Slightly more than half of
those without contingency plans do not intend to prepare them.
Contingency actions included manual procedures; back-up, parallel
systems operation; and upgrading current system software.
Transit
According to a May 1998 APTA survey of over 320 major transit
providers and suppliers (e.g., rail, bus) 92 percent of the 162
respondents have begun Y2K reprogramming efforts. One-fifth of
respondents reported that their systems were fully compliant. Overall,
79 percent of all respondents indicated systems would be Y2K compliant
by end of 1999; 21 percent were not fully confident about meeting that
deadline.
Survey data indicate that 47 percent of respondents expect no
problems managing Federal Transit Administration (FTA) grants; 8
percent expect problems; and 45 percent were unsure. In its analysis of
the survey results, APTA suggested that technical assistance from FTA
would be necessary to help transit systems become Y2K compliant. FTA
has since worked with APTA to conduct Y2K informational seminars at
APTA's annual meeting in October 1998, and is planning a January 1999
Y2K conference to be co-sponsored by the Federal Railroad
Administration.
For more information, consult: www.y2ktransport.dot.gov or
www.dot.gov.
Water Supply (Working Group Chair--Environmental Protection Agency)
The most recent survey data indicates that a majority of public
water system representatives do not expect the Y2K problem to interrupt
water services. Most public water systems can be operated using manual
controls, and sufficient environmental protections can be maintained
while the system is run in such a manner. However, data indicate that
system operators have concerns about their exposure to external system
failures.
Drinking Water
In September 1998, the American Water Works Association (AWWA), the
Association of Metropolitan Water Agencies (AMWA) and the National
Rural Water Association (NAWC) issued a preliminary report on the Year
2000 readiness of community public water systems. Together, AWWA, AMWA
and NAWC represent approximately 4,000 public water systems which
provide services to 80 percent of the U.S. population.
According to the preliminary data, gathered in the summer of 1998
from more than 600 respondents to a survey on Y2K readiness, large
water systems (serving more than 1 million people) expect minimal
internal problems related to the century date change. Among operators
of medium to large-size systems (serving more than 100,000 people), 86
percent expect their internal systems will be Y2K compliant by January
1, 2000. However, the data also suggest that few system operators have
assessed possible exposure to Y2K problems from failures in systems of
outside service providers (e.g., telecommunications, power, chemical
suppliers).
Sixty-one percent of respondents have a formal Y2K plan; 36 percent
have no plan; and 3 percent responded ``do not know.'' One half of the
respondents said that they had completed their assessment of internal
systems, 42 percent said they have not and 8 percent responded that
they do not know. Only 25 percent of respondents said they had
completed an assessment of external systems.
More than three-fourths (81 percent) of water system operators
expect that their Y2K work on their internal systems will be completed
by January 1, 2000. A smaller number (63 percent) expect that work on
external systems will be completed by that date.
On contingency planning, most public water systems have back-up
plans for natural disasters (e.g., hurricanes, earthquakes), but it is
unclear whether system operators have expanded these plans to account
for potential Y2K-related failures. At the time of the original survey,
22 percent of respondents said that they had completed contingency
plans for the Y2K failures in internal systems, and a smaller number
(12 percent) said that they had completed such plans for external
system failures. A more extensive report is scheduled for release in
March 1999.
Wastewater
In June 1998, the Association of Metropolitan Sewerage Agencies
(AMSA), a coalition of over 2,000 of the Nation's publicly owned
wastewater treatment agencies, conducted a survey of Y2K preparedness
in the area of wastewater treatment. The survey focused on Year 2000
problem evaluation, estimated repair costs, repair status, impacts of
potential system failures and contingency planning efforts.
Only 54 percent of the responding facilities are automated.
According to AMSA, 90 percent of respondents said they have implemented
plans for addressing the Y2K problem and completed the assessment of
all computer-related systems. Ninety-five percent have begun to
implement solutions for systems that demonstrated some kind of Y2K
failure during the assessment phase. More than one quarter of
respondents (26 percent) stated that they were almost done with their
remediation efforts.
On contingency planning, 55 percent report having a back-up plan
for possible Year 2000 failures--most involving manual operations.
Water trade association representatives have indicated that, should
computer failures or any type of dislocation arise on January 1, 2000,
industry-wide contingency planning calls for conversion to manual
operations. However, 15 percent of respondents reported concerns about
manual operations and possible environmental compliance issues.
A follow-up survey was scheduled for December 1998 that will gather
further information about contingency plans and the effects of Year
2000 failures among external service providers (e.g., power,
telecommunications, chemical vendors). Results are expected early in
1999.
For more information, consult: www.epa.gov/year2000.
iii. other areas
Federal Government
The Federal Government operates some of the largest, most complex
computer systems in the world that provide services to millions of
Americans. The Health Care Financing Administration (HCFA), for
example, processes roughly 1 billion Medicare transactions each year,
worth more than $210 billion in fiscal 1997. The Government also
exchanges data electronically with the States, which administer key
Federal programs such as Food Stamps, Medicaid, and unemployment
insurance.
Preparing Federal systems for the Year 2000 is an enormous
challenge, and agencies have mounted aggressive efforts to ensure that
critical services will not be disrupted by the transition to the new
millennium. The first interagency task force dealing with the Y2K
problem was created three years ago. Since late 1996, Federal agencies
have been required to report quarterly to the Office of Management and
Budget (OMB) and Congress on their progress to assess, remediate, test,
and implement mission-critical systems against a government-wide goal
of having all critical systems Y2K compliant by March 31, 1999.
According to the most recent OMB report, as of November 15, 1998,
61 percent of Federal critical systems were compliant, up from 27
percent a year earlier. The November data also indicated that 90
percent of critical systems requiring repair have already been fixed
and are now being tested. A small percentage of critical systems are
not expected to meet the March goal, and agencies will produce specific
benchmarks for completing work on these systems before January 1, 2000.
All agencies are working to develop contingency plans in the event of
internal or external failures.
Agencies receiving high marks from OMB for their progress include
the Small Business Administration, the first agency to report that 100
percent of its critical systems are now compliant, the Social Security
Administration, the Department of Veterans Affairs, and the
Environmental Protection Agency.
According to OMB, agencies that continue to face significant
challenges include the Departments of Defense, which operates more than
one-third of the Government's critical systems, Energy, Health and
Human Services, State, Transportation, and the Agency for International
Development. The following descriptions of Y2K challenges at these
agencies are excerpted from the most recent OMB report.
Defense.--The Defense Department continues to make progress in
addressing its massive Y2K problem (percentage of Y2K compliant
critical systems rose to 53 percent from 42 percent in August 1998),
albeit at a rate too slow to meet the March 1999 goal. As a result, the
Secretary and Deputy Secretary have taken a number of actions to
accelerate the Department's progress toward Y2K compliance, including
requiring commanders and service chiefs to personally certify the Y2K
status of each major information system, and withholding funding for
non-Y2K work on information systems unless and until military
departments demonstrate Y2K progress.
Energy.--Compliance increased from 40 percent to 50 percent in the
last quarter, and progress has been made in the other phases. The
Department, however, has not completed its renovation work, finishing
renovation on 88 percent of its critical systems. Likewise, the
Department has completed validation on only 53 percent of its critical
systems. The Department's CIO is conducting site compliance reviews in
cooperation with the Office of the Inspector General and Office of
Oversight. The compliance reviews have increased awareness of the
severity of the problem and the need for high-level management
attention.
Health and Human Services.--HCFA has made significant progress on
renovating its internal and external systems. However, HCFA remains a
serious concern due to potential hurdles in external system remediation
and high contingency cost estimates. Medicare contractors will have to
make an intensive, sustained effort to complete validation and
implementation of their mission critical systems by the government-wide
goal of March 31, 1999.
State.--The State Department faces a significant challenge in
simultaneously managing its complex Y2K project and completely
replacing information systems installed around the world. The
Department has obtained additional contractor support to address two
key concerns: overall Y2K program management and technical ``strike
force'' expertise to assist in problem areas. While the Department
remains behind government-wide goals for renovation of systems and
overall compliance, results are improving.
Transportation.--The Transportation Department improved management
oversight, combined with an accelerating rate at which the Federal
Aviation Administration (FAA) is remediating air traffic control system
components, is significantly mitigating risk. As of mid-November 1998,
the Department-wide percentage of critical systems renovated stood at
95 percent, a significant improvement over the 64 percent reported in
the previous quarter. However, with only 31 percent of its critical
systems validated and 21 percent implemented, the Department continues
to lag behind the government-wide schedule.
Agency for International Development (AID).--The next months will
be critical as AID faces many challenges in repairing its remaining
four complex critical systems. AID has, however, completed renovation
of two systems and has begun the certification process. AID continues
to make management improvements and has retained several contractors to
assist project management including performing independent validation
and verification of contractor deliverables. Renovation of AID's most
important system is underway, including development of standard date/
time processing functions and line-by-line assessment of the system.
For more information on the Government's progress in preparing
critical Federal systems for the Year 2000, consult the Council's web
site (www.y2k.gov).
State and Local Government
Americans rely upon State and local governments for many important
services, from unemployment insurance to water treatment and emergency
services. The vast majority of these services rely upon automated
processes that are at risk of experiencing Year 2000-related failures.
Progress among State governments in addressing the Year 2000
problem varies. According to a National Association of State
Information Resource Executives (NASIRE) survey of State Y2K
remediation efforts, several States report that they have completed Y2K
work on more than 70 percent of their systems. But a handful of States
still have much work left to do, reporting that they haven't yet
completed work on any of their critical systems. Virtually every State,
however, has an organized Y2K program in place, often led by a
designated State Y2K Coordinator.
Local governments are a more serious concern. At the local level,
many towns, cities, and counties are aggressively attacking the problem
and are making good progress, but a significant number are not
sufficiently organized to prepare critical systems for the new
millennium. According to a December 1998 National Association of
Counties survey of 500 counties representing 46 States, roughly half of
counties do not have a county wide plan for addressing Year 2000
conversion issues. Almost two-thirds of respondents have not yet
completed the assessment phase of their Year 2000 work. The survey also
found that, in general, Year 2000 efforts among larger counties are
more advanced than their smaller counterparts.
The Council has been working with the White House Office of
Intergovernmental Affairs and key groups like the National Governors
Association, NASIRE, the National Association of Counties, and the
National League of Cities to promote action on the problem among State
and local governments. In July 1998, Council members participated in a
two-day National Governors' Association Y2K conference with Year 2000
coordinators from 45 States. The Council Chair participates in monthly
conference calls with State Year 2000 executives to discuss cooperative
efforts between the Federal Government and the States and how States
can help each other to address Y2K challenges.
Federal agencies are also actively working with the States to
ensure that Federal-State data exchanges used to carry out important
programs such as Food Stamps and Medicaid will be ready for the Year
2000. Most Federal agencies and States have now inventoried all of
their data exchange points and are exchanging information with one
another to ensure the exchanges will function in the Year 2000.
However, as of the last OMB quarterly report, three States had not yet
provided any information on the status of their data exchange
activities. For the February 1999 quarterly report, OMB has asked
Federal agencies to provide assessment information, for each State, of
Y2K progress on State-administered Federal programs.
One State-administered Federal program, Unemployment Insurance
(UI), has a unique Y2K failure horizon date of January 4, 1999. UI
systems look forward one year to calculate a beneficiary's UI
entitlement which means that, in the first week of January 1999, these
systems must be able to process dates in January 2000. States that do
not yet have Year 2000 compliant systems have had to implement
temporary back-up, or contingency, plans until permanent fixes are
completed. The Labor Department is working with the States and
territories that have implemented such plans and is confident that
benefit payments will continue. This work demonstrates the importance
to every organization of having an adequate contingency plan. The UI
experience also illustrates the fact that a Year 2000 failure does not
have to mean that a program will stop functioning.
Small and Medium-Sized Businesses
The status of Year 2000 efforts among the Nation's 24 million small
and medium-sized businesses is an ongoing concern. Most of these
businesses do not have a vast number of information technology systems,
but, like large companies, they too need to assess how the Year 2000
problem could impact their operations. Many small and medium-sized
businesses are taking steps to address the problem and to ensure not
only that their own systems are compliant but that those they depend
upon are ready for the Year 2000 as well. But a significant number of
these businesses are not preparing their systems for the new
millennium.
A recent National Federation of Independent Business survey,
released in January 1999, indicates that as many as a third of small
businesses using computers or other at-risk devices have no plans to
assess their exposure to the Y2K problem. The survey also indicates
that more than half of small firms have not yet taken any defensive
steps. The reasons for this inactivity vary. Many of these business
owners believe that, unless they operate large, mainframe computers,
the Y2K problem poses no threat to their operations. Others have stated
that they will fix systems when and if they fail, and that taking
preemptive action to assess and fix potential Y2K problems is a waste
of time and money.
The Small Business Administration (SBA) has mounted an aggressive
outreach program to increase awareness and promote action on the
problem among small and medium-sized businesses. SBA is distributing,
through its web site (www.sba.gov/y2k) and other outlets, information
about how businesses can assess their exposure to the Year 2000 problem
and prepare their systems for the new millennium.
SBA has enlisted the support of private sector organizations in its
efforts to reach small and medium-sized businesses with information on
the Y2K problem. National industry trade associations, such as the
American Bankers Association and the American Insurance Association,
have distributed SBA Y2K information to their members and encouraged
them to share it with their clients. The Bank of America, Wells Fargo,
and other major banks have distributed an SBA Y2K ``bill stuffer''
flyer to their business customers. And power companies, like Maine
Electric and the Potomac Electric Power Company, have also distributed
SBA information to their customers.
In October 1998, the Council joined the SBA, the Commerce
Department, and other Federal agencies in launching ``National Y2K
Action Week,'' to encourage small and medium-sized businesses to take
action on the Y2K problem. The week was built around more than 300 Y2K
educational events for small and medium-sized business managers held at
Federal agency field offices across the country. Materials promoting
the Week appeared in the Nation's post offices and the Council ran
advertisements in 250 newspapers listing the names of more than 160
national trade associations committed to encouraging their members to
meet the Year 2000 challenge.
International Activities
International activities is the area for which there is the least
amount of information. The State Department and other agencies on the
Council's International Relations Working Group has been working with
U.S. embassies and other organizations around the world in an effort to
gather Y2K information on a country-by-country basis.
Based on the available information, it is clear that although more
countries have recently begun to focus on the Year 2000 problem, most
are significantly behind the United States in efforts to prepare
critical systems for the new millennium. Awareness remains especially
low among developing countries. Lack of progress on the international
front may lead to failures that could affect the United States,
especially in areas that rely upon cross-border networks such as
finance, telecommunications, and transportation.
The United States is working to encourage other nations to take
action on the problem and to facilitate coordination of country Y2K
efforts on a regional and international basis. The U.S. worked closely
with the United Nations to organize the first-ever meeting of national
Year 2000 coordinators from over 120 countries on December 11, 1998.
Delegates to the meeting discussed Y2K challenges in key infrastructure
areas and agreed to work together regionally to share information on
their Y2K remediation and contingency planning. The U.S., along with
several other nations that helped to organize the meeting, will also
work to create an international coordinating center to help support
these efforts in the coming months.
The U.S. has also forged bilateral cooperative agreements on the
Y2K challenge with several nations, including Japan, South Korea,
Canada, and Mexico. Under these agreements, U.S. authorities are
working with their counterparts in other countries to exchange
information on Y2K efforts in key areas such as power, transportation,
customs, telecommunications, finance, and health care.
The Council Chair has met with numerous international organizations
like the Organization of American States, the OECD, the World Bank, and
the International Monetary Fund to enlist their support in encouraging
their members to take action on the problem. To assist developing
countries, the U.S. is working with the World Bank to support its
program of increasing awareness of the problem among developing
countries through a series of international conferences on the issue.
National security is a serious concern. It is important to note
that the Y2K problem will not cause nuclear weapons to fire
automatically; they require some form of human intervention for launch.
The Department of Defense (DOD) has been reaching out to other
countries to ensure that they too are taking appropriate action to
secure the readiness of their defense systems. DOD representatives have
met with NATO to discuss Y2K progress on NATO support systems and
infrastructure. DOD has also worked, along with defense representatives
from the United Kingdom and Canada, to form an Allied Y2K Coordination
Committee which has enabled DOD to meet with defense representatives
from Germany, New Zealand, the Netherlands, France, and Australia. DOD
has also met separately with representatives from Russia, Poland, the
Czech Republic and Hungary to discuss Y2K efforts for their defense
systems.
Over the coming year, the Council will continue to focus its
energies on key areas of concern in our increasingly interconnected and
interdependent world.
______
Appendix: Other Working Group Activities
Building Operations (Working Group Chairs--Department of Housing and
Urban Development, General Services Administration)
The Buildings and Housing Working Group is working with the
International Facilities Management Association (IFMA) and the
International Buildings Operations and Management Association (BOMA) to
ascertain the Y2K status of common building systems (e.g., elevators,
climate control systems, security systems). IFMA and BOMA are
conducting a survey of their membership that is expected to produce a
detailed assessment in late March 1999.
The General Services Administration (GSA), chair of the working
group, has found that 98 percent of systems in its buildings are Y2K
compliant. GSA also reports that its systems can be manually operated
if necessary.
Specific information on building product compliance and contingency
planning is available on the World Wide Web through www.y2k.gov or
through www.gsa.gov.
Consumer Affairs (Working Group Chair--Federal Trade Commission)
The Consumer Affairs Working Group, chaired by the Federal Trade
Commission (FTC), is assessing the Y2K compliance of consumer products
and financial services. The group is also conducting a broad-based
education initiative to make Y2K information available to consumers
through the Internet and a toll-free information line.
The Y2K consumer education initiative covers 85 separate topic
areas ranging from product safety to health care to money. Information
is made available to consumers through a collection of links to
government agencies, trade associations, and private companies posted
to the www.consumer.gov website, and through the toll-free 1-888-USA-4-
Y2K information line.
The fifty largest companies in the consumer financial services
industry engaged in direct credit lending to consumers and/or retail
credit make up 90 percent of the consumer finance industry and report,
through their trade association, the American Financial Services
Association, that 90 percent of their systems are Y2K compliant. These
companies expect to be 99 percent compliant by the end of the first
quarter of 1999. Similarly, the credit card industry and the mortgage
banking industry also appear to be making good progress with their Y2K
efforts. The consumer electronics industry reports that consumers
should not experience Y2K problems with electronic products other than
some older model VCR's, camcorder, and fax machines. Home appliance and
residential heating and cooling equipment manufacturers report through
their trade associations that no Y2K-related failures are expected for
these products.
Education (Working Group Chair--Department of Education)
The Education Working Group, chaired by the Department of Education
(DOEd), has been working with key education associations to assess Y2K
preparedness within the elementary/secondary community, the higher
education community, and among third party service providers (e.g.,
loan guarantee agencies, debt collection agencies, financial
institutions).
In the summer of 1998, DOEd and the American Association of
Community Colleges (AACC) surveyed AACC's 1,300 member schools on their
Y2K preparedness. In the same timeframe, DOEd also surveyed more than
1,400 direct loan schools. The combined results indicated that 62
percent of postsecondary respondents reported the existence of a Y2K
project plan at their institution. Seventy-six percent reported being
either completely confident or very confident that their institution
will be Y2K compliant by March 1999.
DOEd and the Council of Great City Schools conducted a survey of
elementary and secondary schools' Y2K preparedness in spring 1998 in
the nation's 50 largest school districts. Nearly one-third of
respondents reported their district did not have a written Y2K plan.
Over 90 percent, however, were confident that their systems would be
compliant by January 1, 2000. A follow-up survey was launched in fall
1998, with results expected in January 1999. To better ascertain the
level of Y2K preparedness among the elementary and secondary community
in small and medium size school districts, DOEd and the American
Association of School Administrators are designing a survey of Y2K
readiness. Results are expected in early 1999.
Employment Related Protections (Working Group Chair--Department of
Labor)
The Employment Related Protections Working Group, chaired by the
Department of Labor (DOL), is aggressively working with the employment
sectors of U.S. businesses and State and local governments in order to
determine the status of Y2K efforts for employee health and safety and/
or employment-related benefits related systems. The working group has
asked 21 organizations representing DOL constituents to participate in
a Year 2000 assessment of their membership. The umbrella organizations
asked to participate represent manufacturing, general industry,
construction, mining, labor unions, and State and local governments.
DOL is also working with the 53 State Employment Security Agencies,
which administer the unemployment insurance (UI) program, to ensure
that States and other jurisdictions are able to process and distribute
UI benefits into the Year 2000.
Food Supply (Working Group Chair--Department of Agriculture)
The Food Supply Working Group (FSWG), led by the U.S. Department of
Agriculture (USDA), is focused on the Y2K readiness of the U.S. food
industry and on how the Y2K problem might affect foreign countries as
markets for U.S. agricultural products and as suppliers of food
products to the United States. The FSWG works to identify potential
disruptions to supply and markets.
The FSWG reports its initial analysis indicates that the state of
readiness within the food industry is encouraging. Major domestic
companies that provide most of the foods the American public consumes
are confident they will continue to operate in spite of the Y2K
problem. The FSWG reports that an interruption in the food supply so
severe as to threaten the well-being and basic comfort of the American
public is unlikely. The group's initial assessment also indicates that
key foreign markets for U.S. food products will likely have a low risk
of Y2K disruptions to their import, processing, distribution and retail
chains. However, some countries and their domestic food supply
industries have not yet made significant progress on the problem.
Should there be a disruption of imports, domestically grown fresh
fruits and vegetables are likely to continue to be available.
Health Care (Working Group Chair--Department of Health and Human
Services)
The Health Care Working Group, chaired by the Department of Health
and Human Services (HHS), is reaching out to health care professional
and provider groups to assess the Y2K readiness of the health care
community. These groups include: the American Ambulance Association,
American Hospital Association, the American Medical Association, the
Health Industry Manufacturers Association, the Joint Commission on
Accreditation of Health Care Organizations, the National Association of
Community Health Centers, Inc., and the National Association of Rural
Health Clinics.
The survey data gathered to date is mostly centered on hospitals
and larger health care facilities. Responses to an American Hospital
Association survey and an informal survey conducted by Medical Records
Briefing newsletter for the health information management industry,
indicate that more than 70 percent of larger organizations have Y2K
remediation plans in place. Their anticipated completion dates for Y2K
work fall throughout 1999.
Throughout 1999, working group members plan to gather assessment
information on Y2K readiness, especially among smaller health care
organizations. With support from the Association of State and
Territorial Health Officials, the Centers for Disease Control and
Prevention (CDC) have sent a Y2K readiness assessment survey to 57
State and Territorial Health Officials. Results are expected by the end
of January 1999. The HHS Inspector General's Office has plans to survey
the Y2K readiness of a sample of Medicare providers.
Housing (Working Group Chairs--Department of Housing and Urban
Development, General Services Administration)
The Buildings and Housing Working Group recently gathered initial
assessment information from more than 150 housing authorities, public
housing authorities, Tribally designated housing entities, grantees,
and city/county neighborhood housing and community economic development
offices.
Survey results indicate that, as a whole, there is a high level of
awareness of the problem within the Housing Sector. But much work
remains. Overall, 25 percent of respondents have completed work on
mission-critical application systems, and 8 percent have completed work
on embedded chips.
Results from this initial survey will factor into the design of on-
going efforts to monitor and motivate preparations by these sector
participants during 1999.
Human Services (Working Group Chair--Department of Health and Human
Services)
The Human Services Working Group, chaired by the Department of
Health and Human Services (HHS), monitors the level of Year 2000
preparedness for many human services programs. They include: Temporary
Assistance for Needy Families (TANF), Head Start, Medicaid, the Food
Stamp Program (FSP) and Special Supplemental Nutrition Program for
Women, Infants, and Children (WIC).
HHS will obtain updated information on the Y2K compliance status of
its State administered programs and conduct periodic reassessments of
State Y2K efforts throughout 1999. On Medicaid, the Health Care
Financing Administration (HCFA) is working with a contractor to assess
the status of State Medicaid-related Y2K efforts. HCFA staff will visit
all States at least twice in 1999. The Department of Agriculture's Food
and Nutrition Service will continue to prepare quarterly reports on the
Y2K status of State systems supporting the FSP and WIC, focusing on
software, hardware, and telecommunications compliance.
Information Technology (Working Group Chair--Department of Commerce)
The Information Technology Working Group promotes action on the Y2K
problem among the broad spectrum of companies that make up the
information technology (IT) industry. The group conducts its outreach
through organizations such as the Information Technology Association of
America, the Institute of Electrical and Electronics Engineers, the
Business Software Alliance, and the Internet Society.
The working group is forming a task force to assess the Y2K
readiness of the IT sector as a whole, taking into account both
business operations and products and services. Results are expected in
late January 1999. More information about the working group can be
found at y2k.ita.doc.gov.
International Trade (Working Group Chair--Department of Commerce)
The International Trade Working Group, which includes
representatives from the Commerce Department's U.S. and Foreign
Commercial Service, the U.S. Customs Service, the Department of
Transportation, and the U.S. Information Agency, is working with a
number of key trade associations to help assess the progress of Y2K
efforts in three critical areas of international trade: infrastructure
(transportation and logistics), manufacturing (suppliers and buyers),
and services (financial and legal services).
Participating organizations include the American Association of
Port Authorities, the American Chambers of Commerce (overseas), the
American Warehouse Association, the Chamber of Shipping of America, the
Export Legal Assistance Network, the International Trade Council, the
National Customs Brokers and Freight Forwarders Association, the Small
Business Exporters Association, the Small Business Industry Sector
Advisory Council, and the U.S. Council for International Business.
In February 1999, each of our association representatives will
complete a report on its members' Y2K preparedness. In January 1999,
the U.S. and Foreign Commercial Service is scheduled to release in the
first quarter of 1999 a report on the Y2K activities of foreign
governments via the Internet at www.y2k.ita.doc.gov.
Non-Profit Organizations and Civic Preparedness (Working Group Chair--
Office of Personnel Management)
This working group, which has representatives from the Office of
Personnel Management (OPM), the Department of Health and Human Services
and the Federal Emergency Management Agency, is tracking the Y2K
progress of non-profit organizations and coordinating inter-sector
communications related to civic preparedness.
OPM conducted in August 1998 an informal Y2K readiness poll of
several non-profit and charitable organizations within the Federal
Government's Combined Federal Campaign. The responses indicated that
most large national organizations and their local chapters/affiliates
are aware of Y2K, and are taking measures to ensure that their internal
systems will be ready for the century date change. Few organizations,
however, were assessing internal embedded chip-based systems or outside
partners' Y2K progress. Results of a more detailed survey, which
attempts to reach most non-profits 501(c)(3) organizations, will be
available in February 1999.
Police/Public Safety/Law Enforcement/Criminal Justice (Working Group
Chair--Department of Justice)
This working group, chaired by the Department of Justice (DOJ), has
been working with a number of non-Federal organizations to promote
action on the Y2K problem. These organizations include: the
International Association of Chiefs of Police, the National Association
of Attorneys General, the National Association of Police Organizations,
the National District Attorneys Association, the National Sheriffs
Association, and the National Troopers Coalition.
Based on informal assessment information, there is a high level of
awareness of the problem among non-Federal police/law enforcement
entities. State police/law enforcement entities and departments in
larger metropolitan areas are making good progress. However, most
departments at the county and municipality level lack the
sophistication to assess the Y2K readiness of their service providers.
These departments do not have their own, dedicated IT resources--money
and professional staffing--and are instead dependent on the IT
departments of the county, city, or municipality of which they are a
part. Dedicated radio communications and dispatch systems are a concern
for all police/law enforcement organizations and the working group is
encouraging departments to focus on contingency planning in this area.
Tribal Governments (Working Group Chairs--Department of the Interior,
General Services Administration)
As part of an effort to promote action on the Y2K problem in the
Native American community, the General Services Administration and the
Interior Department's Bureau of Indian Affairs in December 1998 worked
with the National Congress for American Indians to distribute a Y2K
information package to the leaders of the 554 recognized tribes. Other
outreach activities included recent meetings with Alaska tribes and the
Navajo Nation. Another meeting is scheduled at the end of January 1999
with 39 tribes in Oklahoma.
Other Federal agencies in the Tribal Governments Working Group,
such as the Environmental Protection Agency and the Indian Health
Service, are now meeting with the Bureau of Indian Affairs to design
and plan a survey that will better define specific Y2K concerns within
Tribal communities.
Y2K Workforce Issues (Working Group Chair--Department of Labor)
The Y2K Workforce Issues Working Group, chaired by the Labor
Department, conducts outreach to connect organizations seeking Y2K
assistance to those who have skills for tackling the problem. One of
the group's key initiatives is the IT Job Bank (it.jobsearch.org). This
subset of the Labor Department's ``America's Job Bank''
(www.ajb.dni.us) is a free Internet resource designed to help employers
connect with individuals that have Y2K expertise.
The working group also reports to the Council Chair on the status
of the Y2K labor force within the Federal Government and in other
areas. For the most part, the Federal Government has thus far not
experienced labor shortages among personnel qualified for fixing the
problem. Personnel costs in the private sector are increasing. There
has been some anecdotal information on shortages in some industries,
but thus far there is no evidence of a systemic labor shortage in the
private sector. Concerns are mounting, however, about how increasing
international Y2K activity may affect the supply of qualified
personnel.
Chairman Stevens. Thank you very much.
First let me congratulate you for this report, the first
quarterly summary, that you put out on January 7th. I hope the
members will each get a copy. There is a copy here for
everyone.
Mr. Koskinen. There is a copy for each member.
Chairman Stevens. I think that is a very good summary that
we should study before we start the subcommittee hearings.
I have a few questions. First, it is my judgment that there
are some systems out there that are under primary
responsibility of the State and local governments that do
affect the health and safety of our people, including Federal
employees who are carrying out other programs. Are we looking
into the interface of this?
Some States may not be able to secure funding for that
because of their legislative process. I should think we ought
to have some way to identify those and perhaps include those in
a Federal emergency appropriation. The concepts of--I am
thinking particularly of the highways.
Just as a footnote, I got a note the other day about a
young patrolman who got an award in our State because he fixed
a problem that everyone thought was going to cost hundreds of
thousands of dollars for less than $100. It was an interesting
way he did it. But there is innovation out there in the system
and I think we should be sharing that. But I am not sure that
the States and the local governments have the money to identify
those areas that are Federal priorities and to move on those
Federal priorities, is what I am saying.
Should we identify some and tell the States, we want you to
move on these and the local governments to move on these, and
we will assist you to make them a high priority, those that
affect the interstate transportation system, those that affect
the communications system, those that affect the interstate
airways system?
It seems to me there are some out there that are direct
Federal, so much involved with carrying out our
responsibilities, that we should get the States to make them
high priorities. Have you done anything along that line?
Mr. Koskinen. Yes. We actually view this as a three-tiered
problem. The first tier is the Federal systems we are
responsible for and have direct authority over.
The second tier is all the systems we interface with, which
to a large extent are at the State and local level for the
administration of a wide range of programs, including highways,
Medicaid, unemployment insurance, and food stamps.
The third tier, as you mentioned earlier, is our outreach
to everyone else in the world, in effect, but certainly
everyone else in the domestic economy over whom we do not
necessarily have direct authority or responsibility, but, as
you note, whose failure would create a problem either for the
economy or for the public.
We are working in each of those three tiers.
Chairman Stevens. Are we financing it, though? The
interstate airways system, the international airways system,
for instance. My State is the air crossroads to the world, I
think, but as a fact of the matter we will not function unless
those foreign aircraft can solve their problems in their Y2K
countries of origin.
Mr. Koskinen. Exactly.
Chairman Stevens. Are we doing anything along that line?
Mr. Koskinen. Yes. Let me try to take you through an answer
to all of that. At the State level, we had a State summit. We
invited all the States to join us last July here in Washington
under the aegis of the National Governors Association. With 45
States, we went through all the critical areas of interest to
them and their immediate constituents and to the Federal
Government.
I now have a monthly conference call for a couple hours
every month with the State Year 2000 coordinators from across
the country looking at issues that they are dealing with,
sharing information as we go, trying to make sure that we and
they jointly are paying attention to the most important
problems. We have a specific program going on with the States
to test every data exchange point of the 160 Federal programs
that the States actually run to ensure that those data
exchanges work.
OMB has asked the Federal agencies, in the next quarterly
submission, to report on the State administration of the most
significant Federal programs we are concerned about as we move
forward. We have continued to monitor State progress in other
areas. In many of the Federal programs, like the highway
program, we have had specific meetings with the States. Most of
the Federal agencies have noted that, in many of these
programs, existing funding from the Federal Government for the
program can under the current authorities be used for Year 2000
remediation efforts. The Transportation Department, the
Education Department, and other Departments have made that
clear to the States.
So with regard to the State level at this point, while
everyone is always short of revenues and would appreciate more,
we do not think funding has been a major problem. Rather, in
some States our major problem has been attention. We have
increasingly tried to get the States to understand that if the
governor does not have this as his or her priority, then that
State is going to have difficulties, and the same is true at
the county and city level.
I would feel in some ways more reassured about the problem
if we had more people saying, ``We do not have funding.'' My
concern is the people who think the Y2K problem is either not
their problem or they will wait and see whether or not their
systems break and then fix them.
So we have spent a lot of time in the last 9 months
reaching out at the State level, trying to get the States to
work with us to reach out to the counties and the cities, to
make sure that they too understand the importance of dealing
with this problem.
Internationally, it clearly is a global village. We are all
increasingly interconnected. International air traffic systems,
telecommunications systems, financial service systems, maritime
shipping systems, all form a network that we depend upon in
various ways. Certainly in States like Hawaii, Alaska, and
other importing areas of the country, if international systems
go down it will directly affect us.
I had a very good meeting about a week ago with the House
appropriators and their staff members on the use of emergency
funds to encourage activities in those areas. As you know, the
emergency funding is for Federal systems and related expenses.
We discussed and agreed that only fixing the Federal systems
that are operated by Federal agencies will not do us any good
if the systems we depend upon and relate to do not function.
While at this time there is no agreement that we should be
using the funding to fix any other nation's systems, it is
clear that it is appropriate to use those funds to encourage
increased activities in those areas internationally. For
example, the FAA is working with the International Air Traffic
and Civil Aeronautics Associations to in fact reach out to
other countries to make sure they are paying attention to the
problem and doing the necessary work on air traffic systems.
We have arranged with the U.S. Coast Guard to have an
emergency meeting the first week in March in London of
international maritime associations, both in the private and
the public sector, as well as international port associations,
to begin to try to make sure that we have an organized global
effort to mitigate interruptions in maritime shipping
activities.
But you are right, if we in a lot of these areas cannot
depend upon our foreign partners in the private sector and in
the public sector, that will have an adverse effect on at least
some sectors of our economy and the public.
Chairman Stevens. Let me do this now since we have
additional members that have joined us. So I want to make sure
people understand what this is not. Again, this is not a
hearing to go into what the Time magazine is talking about, the
end of the world, or even the Newsweek articles or others we
are getting. Senator Bennett has got a special committee that
deals with all those problems.
We are looking at the subject of the money that we
appropriated last year, how it has been used, and what
additional moneys might be needed, and whether there is
anything that we can do to assist the coordinator of all of the
Y2K activities for the Federal Government, with outreach to the
State and local governments, to assure that we are compliant by
March 31 of this year on major systems.
I have a couple other questions to ask, but I want to urge
everyone to sort of keep the questions short in the first round
because some people may have to leave to go to something else.
So let me proceed. Now, we are going by the early bird
rule, which we will follow on this committee entirely, and that
is if you want to ask questions early be here early. The first
person to come was Senator Campbell. Senator Campbell?
Senator Campbell. Thank you, Mr. Chairman. I will try to
keep it brief.
It looks as if I am going to chair the Treasury
Subcommittee again, John, so I am particularly interested in a
couple of areas. Without going through these very detailed
reports, I want to ask just a couple of things about the
Internal Revenue Service (IRS) and the GSA.
I notice that--it is pretty brief. On page 21 it just says
under ``Treasury'': ``There is a strong support team in place.
Good progress on embedded chip, telecommunications, contingency
planning, and data exchange.'' That does not tell me an awful
lot.
Frankly, you know the old taxpayers out there are calling
and beginning to worry, that is what I want to relate to you.
Could you in very short order tell me what progress is being
made in the IRS? The first time there will be filing of tax
returns, in the early season of the Year 2000, are they going
to be noticeably impacted by any Y2K problems?
Mr. Koskinen. The IRS runs some of the largest, most
complicated systems in the world, and historically it has had
difficulty dealing with large information technology upgrades
and replacement efforts. But to the great credit of the
employees and the very strong leadership of Commissioner
Rossotti, who has really done a remarkable job, he and we are
confident that the IRS will meet the March 31 deadline. So that
as we move to the end of this year and into the filing season
in the first quarter of the Year 2000, we expect that taxpayers
can be confident that their returns will be processed
appropriately, and that refunds will be issued in the
appropriate manner. And, as I have been asked by callers on C-
SPAN a few times, you can also be assured that if you have not
paid your taxes, the IRS will be able to handle that
accordingly as well.
So I think that they are in very good shape, and it is a
great tribute to their employees because they had some of the
largest challenges in the Federal Government when we started.
Senator Campbell. I thank you. The other question I have
deals with the GSA and government-owned buildings, the millions
of square feet of office space housing Federal agencies in it.
Do we have some assurance that we are going to be in good
working order so that the Federal employees can do their jobs
in this environment?
Mr. Koskinen. Yes. One of the concerns everyone had across
the country initially was,``Would elevators work?'' We all see
the inspection certificate that says not valid if you have not
been inspected in the last 6 months. It turns out all of the
elevator companies----
Senator Campbell. Security systems, things of that nature?
Mr. Koskinen. They are complicated systems. The good news
is the elevators themselves appear to have no Year 2000-related
problems, so that the specter of elevators stopping or going to
the basement or the roof or doing something else is not right.
Security systems, particularly card entry systems, are at
risk and need to be checked, and some of them need to be
upgraded and fixed. It depends building by building, system by
system, but increasingly that is the security for both parking
garages and buildings.
Senator Campbell. Do you know what is being upgraded?
Mr. Koskinen. Those systems are being upgraded. GSA in its
outreach program has a very strong working relationship with
the Building Owners and Managers Association, or BOMA, as it is
called, and they are working together to share information and
develop an inventory. GSA has a website with an inventory of
information in this area.
We expect that there will not be a problem in the directly
owned and managed Federal buildings. Part of our issue is to
deal with those buildings that we lease from others, to ensure
that the landlords or the owners of those buildings are also
paying attention, because the most significant risk in a
relatively small----
Senator Campbell. Buildings we lease from others, who is
responsible for paying for the upgrading of security systems?
Is that in their contract or do we have to provide that money?
Mr. Koskinen. It depends on the nature of the lease and
what the contractual terms are. As a general matter, landlords
have a responsibility to in fact have a building that is open
and operating. On the other hand, a lot of leases provide for
the pass-through of certain kinds of expenses, and it is a
determination of what the lease terms are as to who pays for
it.
The cost is less of a concern, going back again to the
chairman's question about State and local governments, than
making sure that people have found the problems and fixed them.
The cost is a relatively modest part of the problem. The bigger
problem is the systems that do not work.
Senator Campbell. Do we prioritize? For instance, in this
environment of potential increased terrorist activities and so
on, are law enforcement agencies given priority, ATF as an
example?
Mr. Koskinen. Yes, we are focused on the fact that New
Year's 2000 will be an interesting weekend, not only in terms
of whether or not systems work but also in whether or not
people will try to take advantage of any potential problems.
I think one of the important issues for us to be clear
about not only with the public but with everybody else as well,
is that our security systems are a high priority for us, that
monitoring of community security is a high priority for us, and
in fact there may be more people monitoring these systems that
weekend than ever before. We think that anyone who wants to
enter a system in an unauthorized way needs to understand that
in the private sector as well as the government every
organization is going to have special weapons assault team
(SWAT) teams on duty that weekend to monitor those systems.
Senator Campbell. Good. The last question. Since no one has
a crystal ball around here and we are not quite sure of the
total cost, how long after the first of the year do you
anticipate that you might have to ask for any additional
emergency funds, or do you anticipate that?
Mr. Koskinen. I think it is hard to predict with a crystal
ball. But I think that it is unlikely that we will have any
significant need for emergency funding after January 1, 2000.
As I noted, I think that the vast majority of critical
government systems will be done as of March 31, 1999.
Additional work will be going on throughout 1999 in some
agencies and some agencies will be working on non-mission
critical systems into the Year 2000, but they should be able to
absorb that without any significant emergency expenses.
Senator Campbell. Thank you.
Chairman Stevens. Senator Reid.
Senator Reid. You indicated that 61 percent of the Federal
Government's had reported and were on line, so to speak, right?
Mr. Koskinen. Right.
Senator Reid. You talked about State and local governments.
Do we have a percentage breakdown of State and local government
as to what they have done to comply with our problems?
Mr. Koskinen. We do not have a full breakout at this time.
We are working with the National Association of State
Information Resource Executives and the National Governors
Association (NGA). In fact, we are talking with the NGA about
providing them some small amount of emergency funding support
to increase the amount of activity they have with the States.
One aspect of that work would be to get a better picture,
State by State, as to how the States are doing. At this
juncture there is a website that the state Chief Information
Officers (CIO) run, where States are beginning to provide
information about their efforts. But we do not have at this
point a clear understanding in terms of percentages across the
country.
All of the States have their own Year 2000 websites and an
increasing number are publishing for constituents reports on
the status of their efforts.
Senator Reid. What is your estimate of State government and
local government?
Mr. Koskinen. I have a higher level of confidence in the
States than the locals, but it is part of the experience we all
have. The farther away from your control you get, the more
concerns you have.
I think that the vast majority of the States appear to be
making good progress. I think at this point all of them are
organized to deal with the problem, but some of them have
greater challenges than others.
Our greater concern is at the State and local level. The
National Association of Counties (NACO) did an assessment for
us as part of our outreach efforts and they noted that half the
counties in the United States had very thorough, organized Year
2000 plans. The problem was half of them did not. It does not
mean that they were not doing work----
Senator Reid. I think you misspoke. You said ``State and
local.'' Did you mean county and city?
Mr. Koskinen. Counties and cities, I'm sorry, yes, exactly.
Thank you for the correction.
NACO did that survey, and it doesn't mean that the half of
the counties without plans are not doing any work, but it means
they are not at the same level of organization as those with
plans.
One of the reasons they are doing the assessments is that
we wanted the message to go back to counties. We wanted to have
citizens asking, ``Are we in the set of counties without a
plan?'' Again, at this point our concern is to make sure that
every town mayor, every city mayor, every city manager, every
county executive, has the Y2K problem on his or her list of
priorities just as it is on the list of priorities of this
committee and the President.
Senator Reid. What about the private sector?
Mr. Koskinen. As the chairman noted, we are working through
cooperative relationships, with organizations representing key
sectors of the economy to gain assessments from them and their
members.
Senator Reid. But do we have an estimate as to how they are
compliant?
Mr. Koskinen. At this juncture, in virtually all of the
critical sectors of concern to us, it is clear that the major
companies are fully engaged. The Federal Government is, as many
of our critics have even begun to notice, ahead of most
industry sectors. Our goal is March 31. Most industry sectors
have a June 30th deadline. I think we will complete more of our
systems.
At this juncture there is no evidence, as I said in my
formal statement, that there will be any national problems or
collapses of the infrastructure. We think the national power
grids will hold. We think national telecommunications systems
will work. As I noted, I am confident that the air traffic
system will work.
Where we are concerned, and your question is a good one, is
with not all but some, small to medium sized organizations in
the public and the private sector who have decided that this is
not a problem they are going to deal with now. Any organization
making that determination is engaged in a high risk roll of the
dice in terms of whether their systems will function. If they
do not, that organization is going to be at the end of a very
long line of those who may have waited to get a new piece of
equipment.
Senator Reid. Let me ask my last question. My time is about
gone. A lot of us have more confidence, of course, in the work
that you are doing for our country. But we live in an
international economy now. What happens to countries that are
in such difficult financial shape, countries like the former
Soviet Union, Russia, which has all kinds of technical things
that they depend on, just like we do, and they do not have the
resources to be spending billions of dollars to update their
system?
We could go through the entire litany of countries that are
having difficult financial problems. What is happening in the
rest of the world to make sure that, even though we may be okay
here in 2000, if the rest of the world is doing nothing it
could be a big economic meltdown?
Mr. Koskinen. It is a concern. In fact, it is my greatest
concern. I think we have more risk internationally than we do
domestically. I think there are a significant number of
countries that are doing very little and, as you note, may have
limited resources. Again, my concern internationally has been
less with countries that say we cannot do it because we do not
have the money and more with countries that say this is all an
American problem, we do not have major mainframes, it cannot be
our problem.
As a result, somewhat out of desperation, we encouraged and
worked with the United Nations (U.N.) to invite national Year
2000 coordinators from around the world to meet with us in
December. We got a greater response than I thought we would.
More than 120 countries from around the world sent their Year
2000 coordinators to meet with us on December 10th and 11th at
the United Nations.
It was clear at that meeting that a number of eyes were
opened. Many countries volunteered that they had not realized
the extent of their exposure to the problem. We are now
following up on that. The United States and a number of other
countries were asked to create an international Y2K cooperation
center designed to increase the flow and sharing of technical
information among countries, because the most important
resource we have is time. The next important resource is not
money; it is information.
If we can increase the sharing of technical information
about how to fix power plants, how to fix telecommunications
systems, how to fix hospitals, not only domestically but
internationally, we will increase the chances that more of
those systems will work.
There is very good work going on internationally in some
sectors. The banking and finance industry internationally has
done a wonderful job and I think financial systems in most
countries will be in good shape. There is more work going on in
telecommunications than there was a year ago. There is an
increasing amount of work in air traffic. But there is very
little work being coordinated in maritime shipping, which we
are very concerned about.
So we are going to spend a reasonable amount of time in the
next 6 months doing what we can to help organize on a regional
level and internationally, not only countries but companies, to
deal with the problem. But I have much less confidence about
the ability of those organizations, all of them, to solve their
Y2K problems by the time we get to the end of the year.
Chairman Stevens. Thank you, Senator.
Senator Bond.
Senator Bond. Thank you very much, Mr. Chairman.
Mr. Koskinen, following up on the small business comments
that I raised earlier and that Senator Reid mentioned, we had
testimony last year that there were polls showing that 40
percent of small businesses did not know or did not even care
if they had a Y2K problem. We had other estimates that 700,000
small businesses may shut down.
So we are anxiously awaiting to see whether the information
is getting out and we are making any progress. What are your
plans for small business in your strategic advisory group?
Mr. Koskinen. As I noted earlier--and I think your concern
is well placed--we are concerned about small businesses. Again,
the irony of all this is we are mostly concerned about those
who do not think it is their problem. Increasingly, the recent
surveys are showing that small businesses know of the issue,
but the last small business survey done by the National
Federation of Independent Businesses showed that up to a third
of small businesses had no intention of doing anything about
it.
Now, of the 24 million small businesses, as you know, about
90 percent of them have 5 or fewer employees and so their risks
may be more moderate. They may be at risk primarily for the
operation of their PCs and, if they are in manufacturing or
production, some small number of systems. But I think a number
of them are rolling the dice, and we are concerned.
The Council, with the SBA, the Commerce Department, and the
IRS, held a National Y2K Action Week directed at small
businesses last October. The SBA is planning another major
outreach effort in March to try to again reach small
businesses. SBA has a wonderful website with technical and
organizational information to help businesses deal with the
problem.
But at some point--its the classic, you can lead them to
the water, the question is whether they will imbibe.
Senator Bond. Well, I hope that you will be involved more
with that. Our committee and I believe the House committee also
is anxious to work with small business, because we do believe
this is a real problem.
Let me switch to the area where I have responsibility on
this committee, Veterans Affairs (VA), Housing and Urban
Development (HUD), and Independent Agencies. I was somewhat
surprised to see that HUD is doing so well. I assume that
Appendix A, Table 2, really is a fair overview of who is hot
and who is not, who has been good and who has been bad.
Mr. Koskinen. Yes. Between 26 and 27, but 27 particularly,
that is the short form summary of where the agencies are in
their progress.
Senator Bond. We always like short form summaries.
Mr. Koskinen. Yes, we all do.
Senator Bond. HUD has been going through so much trauma in
trying to get its systems under control that, frankly, some of
the work that has been done there has apparently kept them
apace with the other agencies.
You mentioned international affairs and I am very much
worried about National Aeronautics and Space Administration
(NASA), which is within our jurisdiction. We have the Space
Station program with the Russians. What do you see in that
area? Can we crash the whole international Space Station
because of Russian Y2K problems?
Mr. Koskinen. Well, it is a concern. When I started last
spring, I did an agency of the day tour and I met with the
heads of all the Cabinet agencies, actually 44 agencies, each
of them separately with their staffs.
Senator Bond. Sounds like one of the hearings in our
subcommittee.
Mr. Koskinen. That is right.
I wanted to get them to understand the three-tiered process
as I saw it, with a special focus on the third tier of
outreach. When I met with Dan Golden, it was clear that NASA,
for its internal systems, as you would expect, had generated a
very strong management control process. So internally I think
they are fine.
But in the outreach tier, NASA is concerned not only about
their partnership with the Russians, but other international
organizations that are operating in space. It turns out as a
general matter that the satellites and the communications-based
systems in space are fine. They are basically just floating
antennas. It is everything that connects to them on the ground
that is at risk.
Obviously the Russians have economic challenges across the
board independent of the Year 2000 and the relationships with
the Space Station are challenging, to say the least. At this
juncture, NASA has a working relationship with the Russians on
not only the Space Station generally, but looking at the Year
2000 problem as well. Much like our other international
relationships in this area, we are getting cooperation, but it
is more difficult to get information. At this stage I can only
tell you that NASA is very focused on the issue and we would
expect that as we move through this year toward the summer we
will have a better report from them on exactly what the risks
are, if any, in those systems.
Senator Bond. Well, we will focus in our hearings with NASA
on what can be done to wall off problems that arise in other
countries. If there is a major crash in some country, in some
other country that is tied in to us, can we protect ourselves
from having a crash there interfere with our operations? Do we
have that technology?
Mr. Koskinen. Yes, I think that is the question we have
across the board. We want to make sure that we know the status
of their work, where the risks are, and if we need to wall off
interconnects that we do that in time.
Senator Bond. My time is up. We also have the Federal
Emergency Management Agency (FEMA) under my subcommittee's
jurisdiction and would welcome your guidance on what we can do
working with FEMA to assist in local efforts, such as Senator
Reid raised.
Finally, I would note for my colleagues that the chairman
reminded me, last year in the Small Business Committee we did
pass a small business Y2K loan program specifically to make
financing available to small businesses. That will be one of
the very first bills we will pass out of the Small Business
Committee, and we hope this year the House can get it done so
the resources are available.
Please advise us on either this committee or on the Small
Business Committee if we can be of assistance.
Thank you, Mr. Chairman.
Chairman Stevens. Thank you.
Mr. Koskinen. May I add just two comments? First, with
regard to HUD, the progress is again a tribute to their hard
work. Their numbers are accurate. They will in fact complete
their work on time, and they are one of the better Federal
agencies in this area.
Secondly, on SBA, we have asked--and SBA has been delighted
to do it--the SBA people to continue to work with your staff
and others who are interested in what additional legislative or
funding authority would be necessary to try to deal with this
problem of getting the attention of small businesses.
As I said, I would feel better about it if we had more
small businesses saying, we have not got the money to do the
work and that is the problem. Our real challenge is the third
of them who say, well, it is not a big issue; we will call you
if there is a problem later, which is going to be too late.
Senator Bond. I agree.
Chairman Stevens. Thank you very much.
Senator Bennett.
Senator Bennett. Thank you, Mr. Chairman. Since John
Koskinen and I speak to each other every Wednesday afternoon
either face to face or by telephone in my role as chairman of
the Senate committee on this issue, I am very familiar with
what he is doing.
I want to take this occasion to congratulate him and
congratulate the President for having appointed him. I think we
have an extraordinary public servant here who understands the
problem and is working it extremely well.
My area of responsibility in this committee is as chairman
of the Legislative Branch Subcommittee, and by definition you
do not have any authority over any of that. So let me
springboard from that to a problem that I see that I think you
might comment on.
As we have held hearings in the Legislative Branch
Subcommittee and I have asked the various agencies responsible
to that committee about their Y2K readiness--the Government
Printing Office, the Sergeant at Arms, the Senate, the Library
of Congress, and so on--I have received or our subcommittee has
received, as you have given the full committee here today,
assurances that mission critical systems will be ready.
Now, I asked the question, give me a definition of a non-
mission critical system, and the former Sergeant at Arms the
last time I asked the question said: Well, for example,
Senator, the copier in your office. Now, when I say to my
colleagues that they will be unable to make copies of press
releases after the Year 2000 if they do not get on this
problem, suddenly that is mission critical, particularly to
Senators who are in election cycle. To be unable to make copies
of press releases is a mission critical issue.
Now, all of the tables you have given us have to do with
the state of remediation and readiness for mission critical
systems. I know enough from our conversations to know that the
mission critical decision, that is the decision as to what is
and what is not mission critical, has been made in each agency,
as indeed it should be. I do not think we should burden you
with the responsibility of walking through every Cabinet level
agency and saying, this is mission critical, this is not, and
so on and so forth. It is the management responsibility of the
Cabinet Secretary to make that decision and it is his or her
neck on the line if the decision is wrong.
But in your efforts to make sure that every agency gets its
mission critical systems properly identified and remediated,
have you done any work or have any general sense of what kind
of disruption will come in the non-mission critical systems
that might not get fixed, or how serious is it going to be of
non-mission critical systems that may be neglected in their
effort to make sure that the numbers that they give you and
those numbers that then you give to the Congress and to the
President look good? Is there something that is significant
that is going to get left behind?
Mr. Koskinen. That is an important question in the private
sector as well as in the Federal Government. As a general
matter, the experience of the agencies when they began was that
everybody who was running a system decided it was mission
critical because they needed it. It is a little like the
copier. If you were using it, by definition you needed it.
So initially there was some movement back and forth as
agencies continued to refine and define what was mission
critical. As you know, I have been meeting monthly with senior
managers of the tier one or challenged, agencies since May.
Their inspectors general are reviewing the division between
mission critical and non-mission critical as well. I am
satisfied the agencies are making appropriate decisions in this
area.
In many cases the non-mission critical systems, if they are
not fixed over a long period of time, will generate issues.
They are report-writing systems, database systems, and other
kinds of secondary systems that do not go to your ability to
operate day in and day out, but over time will build a
cumulative risk if left unfixed.
I think it is important to note that agencies are not in an
all or nothing situation. Some agencies, like the Department of
Education, now have a greater percentage of their non-mission
critical systems compliant than mission critical because of the
nature of those systems and the remediation process.
We have asked the agencies to focus on non-mission critical
systems as well and to continue to refine and understand what
their risks are if these systems are not up and running. While
there will be some work continuing into the first quarter or
even the first 6 months of next year on non-mission critical
support systems, at this point the agencies do not expect any
significant disruptions as a result of that ongoing work.
The final test in this area is that we are now requiring
the agencies to have contingency plans and continuity of
business plans. This causes them to again take a look at their
lines of operation in critical activities, to ensure that if
they go down the list, they know exactly what their backups
will be. In the course of that dialogue, agencies are reviewing
again what are their mission-critical operations, what are the
things for which they need to have backups.
In all of my meetings with the agencies, I have not found
any significant problem or even any problem in that area. But
it is an important area to continue to review, because what
happens is that what appears to be a non-mission critical
system at the start may turn out as you move forward to be a
critical part of an important process.
Again, in the private sector as well as in the government,
oftentimes we have not looked at business processes or lines of
operations. We have said, I run this computer program, I do
this piece of work, but have not put it all together into the
full process. So the final stage of contingency planning I
think will uncover many of these issues and cause people to
take a hard look at just the question you raise.
But at this point we do not see a problem there.
Senator Bennett. Thank you.
Chairman Stevens. Just in case Senator Bennett might leave,
I just wanted to tell you something, if you do not mind just a
second here, Senator Burns. A friend of mine in Alaska told me
that he was worried about trying to make the changes in his
systems to meet this problem because if he failed he might
increase his liability and decrease the liability of the
manufacturer.
Have either of you looked into this problem yet? How should
we relieve people of assuming liability for original
malfunctioning if they try to fix it?
Senator Bennett. That is going to be one of the subjects of
the hearings that we will hold in our committee. The estimates
we have received in our committee as far as money is concerned
tell us that, whatever the cost of fixing this thing worldwide,
and some estimates say that it will cost more than the Vietnam
War--the Vietnam War ultimately worldwide cost about $500
billion--and that this thing is going to cost $600 billion just
to get it fixed.
Then the estimates say there could be as much as a trillion
dollars in liability. If the trial lawyers loved the tobacco
settlement, they are going to go bananas over this one unless
we can find ways to deal with it intelligently in the Congress
and lessen some of the liability class action suits that will
be brought.
So on our committee we are going to address that, and
Senator Kyl, who is the member of our committee who is also a
member of the Judiciary Committee, is going to take the lead in
trying to find some kind of safe harbor legislation that might
make it a little easier to get this problem under control.
Chairman Stevens. Any comment, John?
Mr. Koskinen. There has been a concern, and in fact again I
would compliment Congress for its great cooperation with us in
the passage of the Information Readiness and Disclosure Act
last year, which limited liability and protected people making
voluntary disclosures of information and readiness. I think
that legislation is going to help us significantly in getting
information shared.
We did have at that time and have had an ongoing set of
conversations with people about the underlying liability issues
and the concern about either consultants doing work on systems
or companies who will then be told they made the problem worse
rather than better, and whether that will increase exposure. As
a general matter, that has not been a systemic problem. Most
people interested in liability are concerned about the
underlying liability: If they make it better but not totally
compliant and it still does not work, are they going to then
have massive liability, particularly against information
technology providers or major service providers?
The intermediary fixing it, the people doing the work, seem
as a general matter across the board to have figured out how to
have done that. The more difficult problem in some ways is the
warranty or copyright problems. A lot of software systems and
hardware systems are protected by copyright and patents that
provide that, if you open the box up and try to fix it
yourself, you then void the warranty and may be undermining the
copyright or the patent.
That is a more technical, issue and I think probably a more
real concern, that we still have not figured out the answer to
in terms of people who have providers who will not cooperate
and yet control the copyright or the patent. So we are taking a
look at that issue.
But as a general matter those turn out to be relatively
peripheral issues to the major amount of work that is going on.
Chairman Stevens. Thank you.
Senator Burns.
Senator Burns. John, thanks for coming down this morning. I
only have a couple. Most of my questions have been asked. But I
will tell you what, how important this is. I filed on that
brand in Montana. It makes a nice looking brand if you have got
a big enough calf to put it on. ``Y2K'' makes a nice brand.
Now, I have not gotten my filing back yet. I may have to make a
lazy Y out of this for not getting the job done.
We have been aware of this problem for quite a while. In
fact, under the chairmanship of Jay Rockefeller on Science and
Technology, back as early as 1991 we had hearings on Y2K. We
did not get much publicity at that time and we did not get much
cooperation, to be right honest with you, from any of the
agencies that thought that this was going to be a problem.
Under the leadership of Senator Bennett and the Select
Committee, I think they have done a wonderful job in catching
up.
I am wondering, as we look at our areas of responsibility
in this government. I was concerned about those communications
satellites that we have been using a long time, the chips that
were put in those satellites and systems prior to 1990 and
maybe even prior to 1985. Of course we have seen the growth of
that industry. I am wondering, when will you make a report to
Congress to those areas of primary concern?
I chair Communications on the Commerce Committee. At the
time we were having those hearings I was the ranking on Science
and Technology NASA with Jay Rockefeller and we felt a great
deal of pressure to have these hearings at that time, because
understanding that new equipment was coming on, new software
was coming on all the time, and we may avoid some big crash
exercise at the end in 1999 to deal with a Year 2000 problem.
Are you making any plans to make any report to those areas
of Congress which we have primary interest in and some
institutional knowledge?
Mr. Koskinen. Yes. The 25 sectors for which we have major
working groups run across all the critical infrastructure
areas. We have one for electric power, one for oil and gas, one
for transportation, and one for telecommunications. The
telecommunications working group is co-chaired by the Federal
Communications Commission and GSA, and they are looking at the
Y2K challenges in all of the communications networks--wire line
carriers, satellite issues, cable issues, broadcast issues.
They are in the process with all those industries of doing
surveys of the status of Y2K readiness and preparedness. As we
receive those surveys they will be made public, and in our next
quarterly report the Council will summarize those and other
assessments.
But I have talked to a whole range of people who know about
this issue and it is clear the consensus is that the satellites
themselves, whenever they were built and whenever they were
launched, do not have a Year 2000 problem. The problems are in
the ground stations and connections. All of computer processing
is in fact on the ground. So the companies know that, and I
think domestically it will not be an issue.
But again, going back to the international side, when I met
with Intelsat, the international telecommunications carrier, in
the spring, their real focus and concern was the ground
stations in countries abroad. Intelsat runs six major stations,
but there are literally hundreds, almost thousands, of ground
stations around the world and those are at risk. Unfortunately
a lot of them are in countries that are doing relatively
little, which means we are going to have some
telecommunications problems in those countries.
But as a general matter, the good news is the satellites
are fine and the risks, if there are any, will be in the ground
station communications.
Senator Burns. Well, you know, I have found when we went
into this problem we can have--we are very much assured of what
we have done and we have checked everything else, and I think
the American public has to be aware that one little chip
somewhere that does some little function that has date and time
on it can absolutely be a big factor in the overall process of
the operation that you may have anything to do with.
So I applaud you for the work that you have done, and I
applaud Senator Bennett and the work they have done. I will be
looking forward to that report. I think it is a report that
should be looked at and maybe have a hearing on that makes
everybody aware in communications, and especially the users, of
what has been done and the challenges that are yet in front of
us.
Most of my questions have been asked. I thank the chairman
for having this hearing this morning, because I think again
this is something that wants high awareness among our people
and I think a confidence that it is being dealt with in the
manner in which it should be. So I thank you for that.
Mr. Koskinen. Thank you. You raise one important point that
I noted in my statement. What we are trying to make clear to
everyone is, even when you are done--you have fixed the system,
you have tested it, you have rolled it out and implemented it--
you cannot guarantee that it necessarily will function. One of
the reasons we are requiring every Federal agency to have a
contingency plan for potential failures and one of the reasons
we are encouraging States, counties, private sector companies
and countries, to have backup plans, is that, while the vast
majority of the systems that are fixed will likely work, we
cannot guarantee that for every system. And people need to be
prepared and alert to that possibility.
So that as we go forward I think the goal is not to have no
system not work, because I do not that is realistic. The goal
is to have whatever failures occur create relatively modest or
minor inconveniences and not major shutdowns.
But I think that we should not be surprised and the public
should not be led to believe that there will be no
inconveniences, that there will be no shutdowns anywhere of
individual systems, even with all the best work in the world.
Senator Burns. Oh, there will be a glitch here and there.
Mr. Koskinen. There will be glitches.
Senator Burns. There will be some glitches. I have not read
your opening statement, and I assume that probably this report
that was given me probably details where we are lacking and
where maybe some acceleration of notice should be made.
Mr. Koskinen. Yes.
Senator Burns. Thank you very much.
Thank you, Mr. Chairman.
Chairman Stevens. Very well.
Let me welcome to the committee Senator Durbin. I should
tell you that--maybe I should not tell you--this is the room
that Senator Jackson and Senator Allott used for the Energy
Committee when I first came here. I was sitting down over there
and Senator Allott, whom I had known for many years, called me
over and he said: It is nice to have you with us. I said: Thank
you very much, Senator.
He said: You see, the distance between your seat and mine
is not very far. I said no. He said: You have got a lot of seat
time, though, before you get to my seat. [Laughter.]
Nice to see you. I hope that you move up a lot faster than
we did.
Senator Durbin. Thank you very much, Senator Stevens. I
have gone through the chairs in the House Appropriations
Committee to a subcommittee chairmanship and it was a learning
experience which I think enhanced my ability to serve. I am
looking forward to doing the same in the Senate.
Mr. Koskinen, if I can ask you just three questions. Most
of the areas that have been identified by my staff you have
already addressed. In the first OMB report there was an
estimated cost of this project of $2.8 billion. The figure has
increased from $3.8 billion to $4.7 billion to a current
estimate of $6.4 billion. The latest OMB report states that, of
6,696 mission critical systems identified by agencies, 61
percent are now Y2K compliant, compared to 50 percent in
August. Of the remaining 39 percent, 30 percent are still being
repaired, 7 percent are being replaced, 3 percent will be
retired.
This is a very good effort. But can you give me an idea of
how much more money it is going to take to get the remaining 39
percent Y2K compliant?
Mr. Koskinen. The OMB estimate of the $6.4 billion was the
estimate at that time of the amount of money it would take to
complete the process. As you note, while it has plateaued, as
one would expect, the costs continue to increase to some
extent, which, as I noted earlier, is one of the reasons that
the emergency funding for which this committee and the chairman
strongly supported earmarking, is critical, because as we move
forward, even though it is relatively incremental and is a
relatively small percentage of other expenditures we have,
timing is our biggest enemy and we need to have the funds
readily available.
The ability to have OMB in its normal process review
additional requests for funds and the Congress to have 15 days
to discuss that with us turns out to be a critical process, I
think, as we knew it would be. So I think it is a wonderful
process.
Our present estimate--at one point we talked with the staff
about whether the emergency funding and everything being done
now will be enough--is that present funding will be sufficient
to deal with the problem. As you know, we are running out of
time, obviously, and we are getting close to our March 31 goal
and the ultimate deadline of January 1, 2000.
If you ask me what I think in this incremental process the
final number will be, I think that you are looking at a number
that is probably in the $7 to $7.5 billion range total for the
5 years. That increase needs to be monitored carefully, but I
think the committee's approach and the chairman's approach is
right, that our problem at this juncture is to make sure the
money is spent well, and spent in a timely fashion.
Senator Durbin. Which leads to my second question. I
understand that all the agencies, regardless of their progress,
have been asked to develop continuity of business plans. These
plans will be supported by contingency plans that are required
for those systems that have been behind their agency's internal
schedule for 2 or more months.
Is it true that more Federal agencies have reported
increasing numbers of systems that will not meet the March 31st
goal, and does this foreshadow the need for even more money to
solve this problem?
Mr. Koskinen. I think overall the number is going down. But
there are major areas, Defense and Health Care Financing
Administration (HCFA) for example, where there are a number of
systems and we are concerned that some of them will not meet
the March timeframe. But those systems are identified at this
juncture and the delay in meeting the deadline does not
necessarily mean it is going to cost significantly more money.
It is primarily a question of whether the systems can get
fielded and rolled out in time.
There will be some expenditures that we can anticipate now
for what it will cost to implement contingency plans, so we
expect that there will be, beyond the next presentation from
OMB at the end of this month, additional requests for
expenditures out of the emergency fund.
But at this point, recognizing that nothing is guaranteed
in this area, it appears that the existing emergency funding
will be sufficient. But I cannot guarantee you that, and I
think our goal and the OMB goal is primarily to make sure that
the agencies are paying attention. As the Senator said early
on, if we need money we need to know that earlier rather than
later, and we need to be managing against that problem.
Senator Durbin. You mentioned that the trend line was
headed in the right direction, going down. Yet this OMB report
that I have been handed by my staff, the seventh quarterly
report, says: ``On the other hand, more agencies reported
increasing numbers of systems that would not meet the March
1999 goal. See Appendix C.''
Mr. Koskinen. Yes, but that does not necessarily mean that
we are going to spend a lot more money on those systems. There
is a timing element of that as well as a cost element. So the
fact that an agency says that, we have got a system and it is
not going to be done on March 31, it is going to be done on May
30th, does not mean that there is necessarily a significant
cost increase associated with that. It may mean that they are
simply having problems with the timing of it.
At this juncture, the agencies that have reported such
things have reported costs associated with them as well. But it
is an important question. In the ten months I have been on the
job, when I have been asked the question of cost, I have
stressed that there is no way to predict accurately. No private
company has, either. You will see the private sector company
estimates continue to go up in their Securities and Exchange
Commission (SEC) filings.
I think the two issues on which we all need to focus are:
first, is the money being spent appropriately and wisely; and
second, is the work being done and is it going to be done in a
timely fashion. Again, I appreciate the support we have had
from Congress in saying that the availability of money should
not be the hangup. I think Congress has a good record of saying
if we and OMB and the Inspectors General can establish the
need, Congress will be supportive. So I think we need to
continue to monitor the spending, but at this juncture we do
not think that we are going to exceed the existing emergency
funding.
Senator Durbin. My last question relates to FEMA, and I
think that many of us believe that one of President Clinton's
best appointments was James Lee Witt. He came to the rescue of
my Congressional district in 1993 in a terrible flooding
situation. I have really become a great fan of his. I
understand that you have been working with him in an effort to
talk about the most fundamental question: What if this does not
work? What is the contingency plan, the super-contingency plan
that we are envisioning if we run into some very serious and
grave problems, not only at the Federal level but at the State
and local and even the private sector side? Can you tell me a
little bit about that?
Mr. Koskinen. Yes. The concept we have had from the start
is not to reinvent the wheel or set up new structures. Both in
the government and in our outreach to the private sector, we
have been trying to deal with existing structures. Clearly,
that is what we are going to do in our contingency planning
emergency response effort at the Federal level.
Our biggest challenge is to coordinate the existing
emergency response mechanisms, because one of the unique things
about this problem is, to the extent there are problems, they
are going to occur more or less all in the same weekend. So we
will be looking at having to monitor international issues as
well as domestic issues, that will affect the Federal
Government as well as State and local governments and the
private sector.
So we are in the process of designing a coordinating center
that will build on and coordinate the domestic efforts of FEMA,
as well as the efforts of the State Department, the Defense
Department, the intelligence agencies, and the Treasury
Department with international responsibilities. The center will
also coordinate the work of existing command centers for
agencies like the Department of Transportation and the
Department of Energy. The key issue is to make sure that these
efforts are coordinated, that we understand where the overlaps
are in terms of assumptions about the use of resources.
FEMA is starting a series of regional meetings with the
State emergency managers. FEMA has ten offices. They are going
to have ten regional meetings. In my conference calls with the
States we have invited the State Year 2000 coordinators to join
those meetings with their State emergency managers, so again we
can jointly, with the States and with the localities, design a
system that will be appropriate.
I think the biggest challenge we face in that system
domestically is the same one we face for the government, which
is a lot of different things may happen at one time. As I said,
we need to plan for what the worst case scenario might be. I do
not think we are going to have a major national power outage,
but I think we are at risk in local communities where either
the community or the municipal power plant or a small power
plant has not done enough work, that we could have a power
outage, a telecommunications outage, a 911 outage, or a water
treatment plant outage.
Those things would not be catastrophic if they happened in
one community, but it is a great challenge if you figure there
might be 20 or 30 of those communities in a State--and we have
got 50 States, so you are talking about 1,000 or 1,500
communities--all having an interesting problem at one time. You
have to be able to plan to deal with that situation because it
is a different challenge than you normally have.
There may not be as much damage as a big hurricane or a
flood cumulatively, but it may be a great challenge for the
emergency response organization. So at this juncture we have a
coordinating group with James Lee Witt and FEMA, with the
emergency managers from Defense, from State, from Treasury,
from the Justice Department and from the intelligence
community. One of my goals is, as we all are concerned about
public confidence, that we discuss this plan publicly. I think
it is important for the public to understand exactly how are we
prepared to deal with this situation.
In fact, I think the public needs to understand that, just
as they have confidence in FEMA and in our ability to respond
to normal natural disasters, they need to have that same level
of confidence in our ability to respond to whatever Year 2000-
related problems occur. So that all of the planning we are
encouraging the State and the local governments to do, as well
as nationally, should be done, I think, publicly. My trilogy
is: the public needs to know that we are giving them all the
information we have about what works and what does not, and
what still remains to be done; they need to know that we are
managing cooperatively and energetically against the problem;
and they need to know that we have a backup system and an
emergency response system capable of dealing with whatever the
risks are. That is our challenge over the next 6 months.
Senator Durbin. Thank you very much.
Mr. Chairman, I think Senator Bennett, who is the resident
expert on this subject, has identified the liability question
which still needs to be resolved. I think this raises an
interesting question, too, because with FEMA's involvement it
is my understanding that we are talking about the next fiscal
year and the potential of some liability here for this super-
emergency fund, whatever it might be, and I think we need to
consider at least the parameters of our exposure at the Federal
level.
We do not want to discourage the State and local and
private sector from doing the right thing and spending the
money to improve the situation. But we might end up with an
exposure or liability here that we should discuss at this
point.
Thank you, Mr. Chairman. Thank you, Mr. Koskinen.
Chairman Stevens. Thank you.
On your page 29, this appendix relating to the cost
estimates in millions for the agencies, that does not break out
the source of funding, whether it was routine appropriations to
the agencies or whether some of those moneys are coming from
the emergency moneys. I would hope you would tell us that, give
us a supplement to this, if you would.
Footnote 12 says:
These estimates do not include the Federal share of costs
for State information systems supported by Federal programs.
For example, the Agriculture total does not include the
potential 50 percent in Federal matching funds provided the
States for food and consumer services to correct their Y2K
problem.
That was going to be one of my first questions. Then I find
it here, and in my second round I want to talk to you about
food stamps and the State-operated systems. Now, we do not have
any estimate of those. Our subcommittees need those estimates
as we go into these allocations so we can see whether they can
meet those emergency costs--I still think they are emergency
costs--from regular appropriations in their bills or whether we
should start thinking now about supplemental emergency.
I take it from what you are saying you do not believe we
will need a supplemental emergency appropriation. Am I right or
wrong?
Mr. Koskinen. That is right. If you ask the States, they
all would be happy to have funding. But at this point we do not
have indications of States----
Chairman Stevens. But this is Federal money now, John. This
is the money, the Federal share of costs for State programs
under Federal-State programs.
Mr. Koskinen. The agencies are funding the Federal share,
but each program has a different cost-sharing relationship.
With some, like Medicare and Medicaid, we pay most of the cost;
in unemployment insurance we pay a significant portion of it.
At this juncture the agencies are monitoring that and, to the
extent that the agencies thought there was a need for more
funds, it would show up in their budget requests.
So at this point we do not have an indication that there is
an additional funding need. But I think it is an appropriate
area of concern, because some of the States are behind the
Federal Government in terms of their progress so there may be a
build-up coming along that we do not have a handle on.
OMB will its next report show what agency funding came from
normal appropriations and what came from emergency funds. And I
think that is important information for all of us to track,
because to some extent it confuses people. When they saw a $3.3
billion emergency fund, they thought we were going to spend
that on top of the existing estimates. But the existing
estimates for 1999 and 2000 assumed the money came from
somewhere. So while the number is going up, it is not another
$3.3 billion on top of existing estimates, even though we may
use a significant portion of the $3 billion as the funding
source for the 1999 and 2000 expenditures.
I will ask OMB to update the chart as we know it now in
terms of the estimated expenditures, what were being funded and
have been funded out of normal fiscal year appropriations and
what have been funded out of the emergency fund, so that you
will have that information.
Chairman Stevens. What I am going to do now is I am going
to request each of the subcommittee staff directors to prepare
a letter to each of the agencies under the respective
subcommittees' jurisdiction and set forth the question. We had
a whole series of questions I was going to ask you, but the
more I think about it I think----
Mr. Koskinen. They are the right ones.
Chairman Stevens [continuing]. We ought to get that
information from them. I am going to ask that they get those
responses back to us by the 26th of this month, and hopefully
we can have a follow-on hearing some time the week of February
1st. We will determine whether or not those will be
subcommittee hearings or whether we will have just another full
committee hearing. I really think that some of the
subcommittees will want to pursue this matter themselves and I
would rather have that done.
But I do think there are a whole series of questions that
need to be asked. One of the things--I do not know whether
other people are being asked this, but when I was hoping many
of my friends asked me, where are you going to be on New Year's
Eve 1999? Are you going to stay down in the area where
everything is assured and will be protected by the Federal
Government or are you going to home? We fully expect to be
home.
But when I read things like the Gartner Group, which is, I
am told, one of the leading Y2K consulting groups, says that
individuals should lay in a supply of candles, flashlights,
fireplace wood, water jugs, extra food, essential medications,
gasoline, and oil for whatever purpose it is needed, I have got
to ask you: Are you telling the Federal agencies to do that?
Mr. Koskinen. Not at this time. The Gartner Group report as
they updated it said that they expected it to be a 2 to 3-day
problem. It is not that everybody ought to have stuff for the
next 6 months.
Chairman Stevens. Well, the people who are out there
running the national parks or off on various functions away
from major communities in the Federal Government ought to have
the same instructions, should they not?
Mr. Koskinen. Our instructions to the Federal employees
will be the same instructions and advice we give to the public.
I think we have an obligation to let everybody know exactly
where we are. Our advice thus far to people is there is no
indication that there are going to be national failures. We
will continue to provide information to the public as we move
through the next 3 to 6 months, and we expect that as we know
more about what the real risks are that we will be able to
advise people by May and June, Federal employees, armed service
people, and others, as well as the public, as to what we think
is appropriate.
At this juncture, we do not see any need for people to be
taking actions today. Much of what Gartner suggests are things
that people obviously ought to have in their house anyway. As
one who got up this morning with no power, it was very helpful
to have flashlights, batteries.
Chairman Stevens. I understand that, but I am talking about
Federal agencies now. Are you telling Federal agencies to get
prepared as these people are telling individual homes to be
prepared?
Mr. Koskinen. At this point we have told the Federal
agencies to draw contingency plans. The President's Council
will be working across agency lines to look at what the
challenges are and we will be issuing advice to the agencies
about what advice they should be giving both to their managers
for Federal purposes and also to their employees as people, as
citizens.
As I said, at this juncture we are not giving that advice
because we do not think there is evidence on which to base it,
and we still have a substantial amount of time before people
need to be dealing with those issues. But the agencies are
looking at what are their backup plans, what are their
contingency plans, what do they need to do to make sure that
they can operate on January 1, 2000.
Chairman Stevens. All right. Now, we have all agreed here
that there are systems that must be Y2K compliant by March
31st, there are other systems that the Federal Government,
Federal agencies maintain, that may not be. When are we going
to make statements to the public as to what systems may not be
Y2K compliant by the critical dates?
We have not even mentioned September 9, 1999. I am told
that is one of the critical dates as well as December 31. Will
we have a way to tell the public when they should be on notice
that some of these systems that are maintained or offered by
the Federal Government may not be operable on critical dates?
Mr. Koskinen. Yes, we will. At this point we are telling
the public, and we are confident about this, that as we get to
the end of this year and move into the Year 2000 there will be
no major Federal system failures.
Chairman Stevens. I understand that. But I come from part
of the world where major systems are not as important to some
as the minor systems.
Mr. Koskinen. Well, no one will be disadvantaged at this
juncture by the failure of any nonmission critical system. If a
minor system fails and you do not get your report of a meeting,
which is a non-mission critical system, that is not a
significant problem.
But we are telling people two things. One is that we are
confident the Federal Government will meet the Year 2000
deadline. We are in fact confident that the vast majority of
critical Federal systems will meet the March 31 goal, which is
9 months in advance of the year 2000. But we are also telling
people what we know about the status of non-Federal system. We
rolled out last week a 1-188 number for consumers. We have a
website that provides status reports. We are trying to assure
people that as we find problems, we will talk about them. Our
goal is to be candid with the public, not to mislead them.
But at this juncture it would be misleading to tell the
public that we think the Federal Government is not going to
make it. We think we will make it.
With regard to 9-9-99, it is a problem everybody has
focused on in remediation; and was not a standard programming
technique. Therefore, much like crossing January 1, 1999, the
expectation is that it will be a much smaller part of the Year
2000 problem. But it is a critical date and everyone is testing
for 9-9-99 problems. People are also looking at April 9, 1999,
as the ninety-ninth day of the ninety-ninth year, as a
potential date where there may be glitches in some systems, and
there may be. There were a handful around the world on January
1, but literally only a handful.
But I think your point is extremely important. It is one we
are trying to make to the private sector as well as the public
sector, and that is the most important thing for people to have
is real information. That is why the OMB reporting process is
very valuable.
We are telling the public, almost mission critical system
by system, where the agencies are in their work and where the
problems are.
Chairman Stevens. But again, and I do not want to argue
with you, but you come back to the critical, mission critical
systems. That is national, I assume.
Mr. Koskinen. Yes.
Chairman Stevens. When you get into a local area, what is a
national critical system may be immaterial. There may be
another system that the Federal Government's involved in--
support systems for pipelines, support systems for ports,
support systems for a lot of other things that are very
critical to those areas.
Mr. Koskinen. Yes.
Chairman Stevens. I think we ought to find some way to make
sure that people understand when you are saying we are assuring
them mission critical systems are all going to be all right,
but there may be some things there around you that will not be.
Now, how are we going to get to some of those, what they are?
Mr. Koskinen. But those are not Federal systems. Any
Federal system that is mission critical to a single individual
was viewed as a mission-critical system. There is not a triage
that says, well, that will only affect 1,000 people or 5,000
people. Any system that the Federal Government runs that is
critical to an individual is a mission critical system.
But the risk at the local level--and I think there are
risks, and we are trying to deal with that--are State, county,
municipal systems, local utility and private sector systems. We
are very concerned about those. But the assessments we get from
the industry largely tell us only whether there will be
national failures.
The fact that the country is going to have power generally
will not necessarily solve the problem of a community or a
residential area where the local power company has not made the
deadline. We are trying to work with all of the private sector
critical infrastructure organizations to get them, as we move
through the next 6 months, to provide the public the same kind
of candid information about their state of preparedness that
the Federal agencies are providing.
I think the Federal Government is leading the way in
providing information to the public. We have been for the last
2 years telling people the status of Federal systems, subject
to some then grumbling about the rate of progress. But nobody
has had any problem figuring out where the Federal Government
is. The public has a harder time figuring out where anybody
else is, in terms of individual companies, and that is an issue
we need to address, and we need to address it with the people
running those systems.
But by and large, those are people at the State, county,
local government level and at the private sector level. I think
you are exactly right, that if you live in a community you feel
comforted by the fact that the country is running, but what you
really want to know is how is my power company doing, how is my
telephone company doing, how is the water treatment process
running? And you want to know that in your community.
Chairman Stevens. And the emergency ambulance service and a
lot of other things, the fuel truck that brings fuel to you.
There are a lot of systems out there that could go down----
Mr. Koskinen. Yes.
Chairman Stevens [continuing]. And affect substantial
areas.
Mr. Koskinen. Exactly, and unfortunately we do not run the
vast majority of those systems at the local level. And while it
is not our responsibility and we don't have the authority to
run them, I think we do have an obligation to do whatever we
can to increase the chances that those systems work, and to
increase the information the public has about them. We are
doing that across the board.
Chairman Stevens. I want to thank you very much. We are
going to try and see if we can get GAO to come in some time
next week and make a report to us, and I am going to send those
letters out as I indicated. I am Defense Subcommittee chairman.
We will have a meeting with the Department of Defense early,
probably in that third week.
I want to make sure that everyone really gets the point
that we think that Congress ought to be fully aware of any
problems and that we ought to be fully informed about any
potential needs for additional funding to meet the Federal
responsibilities on this issue, because it is, as I said, and
again in my opinion, the number one issue to make sure we do
everything we can to prevent someone from being harmed by a
failure of one of these Federal systems.
committee recess
So I do thank you for what you are doing and I agree. I
also agree with Mr. Durbin's, Senator Durbin's comments, about
James Lee Witt. I think we will probably have him at the last
meeting to make sure that we do have a contingency plan that
will meet the needs through the FEMA operation. That is the
safety net for these systems as far as I am concerned.
So I thank you very much.
Mr. Koskinen. Thank you, Senator.
[Whereupon, at 11:02 a.m., Friday, January 15, the
committee was recessed, to reconvene subject to the call of the
Chair.]
YEAR 2000 COMPUTER PROBLEM
----------
WEDNESDAY, JANUARY 20, 1999
U.S. Senate,
Committee on Appropriations,
Washington, DC.
The committee met at 9:34 a.m., in room SD-192, Dirksen
Senate Office Building, Hon. Ted Stevens (chairman) presiding.
Present: Senators Stevens, Specter, and Bennett.
GENERAL ACCOUNTING OFFICE
STATEMENT OF DAVID M. WALKER, COMPTROLLER GENERAL OF
THE UNITED STATES
ACCOMPANIED BY:
GENE L. DODARO, ASSISTANT COMPTROLLER GENERAL FOR ACCOUNTING
AND INFORMATION MANAGEMENT DIVISION
JACK L. BROCK, DIRECTOR FOR GOVERNMENT-WIDE AND DEFENSE
INFORMATION SYSTEMS ISSUES, ACCOUNTING AND INFORMATION
MANAGEMENT DIVISION
JOEL C. WILLEMSSEN, DIRECTOR FOR CIVIL AGENCIES INFORMATION
SYSTEMS ISSUES, ACCOUNTING AND INFORMATION MANAGEMENT
DIVISION
OPENING STATEMENT OF HON. TED STEVENS
Chairman Stevens. Good morning.
Mr. Walker, I should tell you there is a classified
briefing going on regarding national missile defense. I think
some of our members will stay there and listen to the Secretary
of Defense. But, I am hopeful they will come here, too. Senator
Bennett is here, as am I.
We do welcome you to this hearing on the Year 2000 computer
conversion. I am delighted that Senator Bennett, who is
chairman of the committee on Y2K problems, is here.
We heard from administration officials on the progress
being made by the Federal Government on fixing the Y2K problem
last week. I am sure you must have heard that John Koskinen was
here as chairman of the President's Council. We are now in the
process of trying to review where the agencies are.
This is your first appearance before our committee. We do
welcome you. You are the seventh Comptroller General and I am
sure we are going to see a lot of you in the years ahead. So
thank you for joining us.
Mr. Dodaro, it is nice to see you here also as the
Assistant Comptroller General for Accounting and Information
Management, as it is to see Jack Brock, the Director for
Government-wide and Defense Information Systems Issues and Joel
Willemssen--I hope I pronounced that right--who is Director for
Civil Agencies Information Systems Issues.
This is really not a hearing to get involved in Senator
Bennett's area. We did consult with Senator Bennett about this
hearing as he is the chair of the Senate's Special Committee on
the Y2K Problem.
We initiated the $3.35 billion in emergency funding last
year--$1.1 billion for defense-related activities and $2.25
billion for the nondefense activities. We have a Federal
Government estimate now of conversion costs exceeding $7
billion. This is 3 times more than the estimate in February of
last year, almost exactly 1 year ago. We have put this as our
number 1 issue to try to get a hold on before we start
distributing monies and before we analyze the individual
budgets that are going to come from the various agencies and
departments, as I believe the committee must ascertain if
additional funds are needed to meet the deadline and, if so,
who should have them.
At Friday's hearing, the administration gave us assurances
that sufficient progress is being made to meet the March
deadline for completion of the Y2K projects, to have Y2K
compliance, and, after that, a period of testing, as I
understand it.
The committee, and I believe Senator Bennett and I in
particular, remain very concerned about that deadline. We have
asked you to join us today to give us your understanding of
GAO's assessment of the progress being made and, if possible,
to give us your comments about the adequacy of funding that
exists in the various agencies to deal with this threat.
I would yield to Senator Bennett.
Do you have any opening comments, Senator?
Senator Bennett. No, not really, Mr. Chairman, other than
to acknowledge the pivotal role that the General Accounting
Office (GAO) has played in this whole issue within our
committee. The chairman is too modest. He sits on that
committee and without his support a lot of these things that we
are looking at would not have happened. Within our committee,
we have used GAO as the principal source of investigative power
within the Federal Government.
Mr. Walker, a good part of that work came before you came
on board. But I want you to know that you are inheriting a
first class group of very professional people who have made a
significant contribution in their efforts on this issue. I
would be remiss if I let this opportunity go without commenting
on that and letting you know of my very high regard for the
people in the agency that you now head.
Chairman Stevens. Senator Specter.
Senator Specter. Thank you very much, Mr. Chairman. First,
I want to commend you, Mr. Chairman, for scheduling this
hearing and for putting the weight of the Appropriations
Committee behind this very, very important issue.
I also commend my colleague, Senator Bennett, for the
important work that he has done.
Taking a brief look at the chart in the corner, there is
obvious reason for concern where there are major agencies under
Tier 1 demonstrating, as the chart says, ``insufficient
evidence of progress'' in Defense, Energy, Health and Human
Services (HHS), State, Transportation and Agency for
International Development (AID).
This is a matter of the utmost importance as we are all
right here on January 20, only 11\1/2\ months away from the
year 2000.
I wanted to stop by briefly, Mr. Chairman, to express my
concern and the commitment to follow the proceedings. As you
know, we have impeachment hearings, or a committee meeting that
Senator Lott has scheduled in just a few minutes. So I will not
be able to stay. But I will be following this very closely.
I appreciate the attention of the full Appropriations
Committee to see to it that whatever funding is necessary that
it will be provided.
Thank you, Mr. Chairman.
Chairman Stevens. Thank you, Senator.
Mr. Walker, I think that the comments that were made,
particularly by Senator Bennett, about your agency really need
to be repeated. I have always taken the position that you are
not only an arm of the Congress but you are a shared staff for
both Houses, and if we did not have your agency with its
ongoing expertise, we would have a series of committees that
had the duty to try to replicate some of those areas of
expertise. And, because of the nature of our system, the
longevity would be very short, and it would be almost
impossible for us to have the credibility, as individual
committees with obvious jurisdictional battles between our
committees, that you can have.
I want to assure you that Senator Bennett, as chairman of
the Legislative Branch Subcommittee here on which I, too,
serve, and I look forward to the opportunity to work with you
and to hear your comments about your needs. We want to make
certain that this area of our expertise on this jointly shared
basis for Congress remains very strong, that you have the
capability to reach out and get new people, and that this
continuity of track record that you have during the period that
I have been here continues for a long time ahead.
We are pleased to have your statement, Mr. Walker.
Mr. Walker. Thank you, Mr. Chairman.
Good morning, Mr. Chairman and members of the committee. I
am pleased to appear before you today, not only at my first
testimony before the Senate Appropriations Committee but my
first testimony as Comptroller General of the United States.
With your permission, I will summarize my statement and add
a few additional comments. I would like for my full statement
to be inserted in the record, Mr. Chairman.
Chairman Stevens. We will put all the statements that you
present in the record in full.
Mr. Walker. Thank you, Mr. Chairman.
I am here this morning to discuss the government's efforts
to remediate problems associated with the century date change,
the so-called Y2K challenge. More specifically, do we have the
necessary assurance that it will truly be business as usual
next January 1?
The shorter answer is not yet.
While considerable progress has been made, in our opinion,
addressing the Y2K challenge remains a high risk area for the
Federal Government as well as several business segments and
sectors.
To amplify on this, I will briefly discuss four topics.
First is the status of Federal readiness and the costs
associated with getting ready. Second is the need for complete
information on sector readiness; that is, the ability of key
economic and infrastructure sectors to be ready to operate next
year. Third is GAO's commitment to continue working with the
Congress and agencies to identify areas of risk as well as
opportunities for improved oversight, guidance, and
cooperation. Last is our recommendations for what needs to be
done to further minimize risk.
As you mentioned, Mr. Chairman, accompanying me here today
are Gene Dodaro, Joel Willemssen, and Jack Brock. These
gentlemen are responsible for leading GAO's effort to evaluate
government and private sector programs in addressing this
problem, developing guidance to assist organizations in their
program management, and monitoring private sector and
international progress.
With regard to Federal Government operations, I know that
you heard from John Koskinen last Friday and that the
administration is expressing confidence that critical
government operations will be ready in time. We have worked
closely with the individual agencies as well as with the
President's Council on Year 2000 Conversion and we agree that
significant progress has been made in addressing the problem.
Every agency is reporting a measure of success and progress
in meeting OMB's goals for repairing, testing, and validating
mission critical systems. Some agencies, notably the Social
Security Administration, are ahead in meeting the
administration's key milestones.
However, progress in the Federal Government is uneven, and
several major agencies have not kept pace with the OMB
guidelines.
In February, 1997, we designated the Year 2000 computing
problem as a high risk area because of poor agency progress in
addressing the issue. This issue remains a high risk area today
because of our continuing concern that some agencies remain at
risk of not being ready.
For example, if we can look at the first chart that we
have, you can see the three tiers. There are six agencies that
are demonstrating insufficient evidence of progress by the
Office of Management and Budget's (OMB) own criteria which they
have established--namely, Defense, Energy, HHS, State,
Transportation, and AID. There are seven agencies that fall
into the Tier 2 category, agencies showing evidence of progress
but about which OMB continues to have concerns: Agriculture,
Commerce, Education, Justice, Labor, Treasury, and Office of
Personnel Management (OPM). Tier 3 obviously represents
agencies that in the opinion of OMB are making satisfactory
progress.
Collectively, OMB, as of their November, 1998, report,
shows that 61 percent of all mission critical systems across
the government are Y2K compliant--61 percent. However, averages
can be misleading since they do not disclose significant
differences among the tiers and within individual agencies.
For example, if you take Tier 3, 84 percent of the systems,
the mission critical systems are Y2K compliant. 65 percent in
Tier 2 and only 51 percent in Tier 1 are. So there is
significant dispersion.
Additional dispersion exists within individual agencies.
For example, if you take the State Department, about 30
percent, I believe, of their mission critical systems were
compliant as of November, 1998.
So, as we all know, averages can be misleading.
Chairman Stevens. You have more than half the budget in the
first tier.
Mr. Walker. Yes, Mr. Chairman, you are correct. And some of
those agencies are particularly critical in a variety of
national security and economic security perspectives.
In addition, the failure to have one mission critical
system ready on time can have unacceptable consequences.
Each of the Tier 1 agencies provides vital services, such
as national defense, air traffic control, and Medicare
payments, which could be negatively affected if not adequately
addressed.
We have made more detailed recommendations to most of these
agencies for improving program management. For example, last
year we reported that Defense had inadequate management over
its Y2K program and lacked basic information on program costs,
systems to be remediated, and interfaces. These problems
seriously threaten the department's chances of successfully
meeting the Y2K deadline for its mission critical systems.
We have recommended numerous improvements for critical
matters, such as data exchanges, testing, and contingency
planning. DOD concurred with these recommendations and agreed
to implement them. However, DOD still remains behind OMB
deadlines in its overall efforts to address its mission
critical systems.
In September of 1998, we reported that, although the Health
Care Financing Administration (HCFA) had made improvements in
its Y2K management in response to our May, 1997,
recommendations, HCFA and its contractors were severely behind
schedule in repairing, testing, and implementing the mission
critical systems supporting Medicare. Given the magnitude of
the tasks, the risks, and the limited time remaining, we
concluded that it was highly unlikely that all of the Medicare
systems would be compliant in time to insure the delivery of
uninterrupted benefits and services.
Again, we made additional recommendations to HCFA to put
the program in place. HCFA has concurred. However, they remain
an area of concern and on the Tier 1 list.
With regard to the Federal Aviation Administration (FAA),
the FAA has made progress in managing its Y2K problem. However,
less than 17 months ago, FAA still had to correct, test, and
implement many of its mission critical systems. Accordingly,
FAA must determine how to insure continuity of critical
operations in the event that some systems fail.
All agencies, even those making good progress, still need
to be concerned with other critical elements, including data
exchanges both within and outside the agency, embedded systems,
and infrastructure issues such as telecommunications and
electrical power.
Mr. Chairman, we also saw in the Washington area this past
weekend what effect an interruption of electrical power can
have because if you do not have electricity, in many cases
nothing works, whether you have the systems ready or not. And
so the infrastructure issues are important.
Further, the most critical elements of a good mitigation
program are now facing all agencies: the need for rigorous end
to end testing of key business processes and the development of
business continuity plans so that those processes can continue
in the event of an unexpected, or even an expected, failure.
The Senate Appropriations Committee is naturally concerned
with the cost of this program and with receiving assurances
that the money is being well spent.
I now turn, Mr. Chairman, to the second visual display
which notes that in November, 1998, individual agencies
estimated that they would collectively expend about $7.2
billion to address the Y2K program. This is about triple their
aggregate original estimate made in February, 1997.
Unfortunately, we simply do not have enough data to tell
you if more will be needed. I can tell you that we have
consistently been concerned with historically optimistic and
incomplete agency expenditure estimates. In addition, agencies
are now beginning to test systems where most experts estimate
that at least 50 percent of the total Y2K related costs will
occur. About half, I believe, of the supplemental appropriation
for the civilian agencies has already been allocated by OMB. So
we should know in the not too distant future whether or not
additional sums will be necessary.
Furthermore, the necessary allowances for funding
contingency plans have not, for the most part, been made, and
it is absolutely critical that they be done and that the
estimated economic and funding aspect be ascertained.
With regard to sector readiness, the government's response
to the Year 2000 challenge is only one dimension of the
challenge. Our Nation's reliance on a complex array of public
and private enterprises, having scores of system
interdependencies at all levels, accentuates the potential
repercussions of a single failure.
It is essential that the Year 2000 issue be adequately
addressed in arenas beyond the Federal Government--for example,
in State and local governments, the public infrastructure, and
other key economic sectors.
State and local governments are responsible for
implementing many national programs, such as Food Stamps and
Medicaid. They also provide vital local and regional services.
Accordingly, Year 2000 induced failures could result in
payment delays felt at the local level or an interruption of
key public services, such as law enforcement, traffic
management, and emergency and health services.
For example, our survey of State systems using Federal
welfare programs reveals that the majority of them were not yet
Y2K compliant. Failure to complete Y2K conversion in a timely
manner could result in billions of dollars in benefit payments
not being delivered.
In an attempt to prevent this for Medicaid systems, HCFA
has recently hired a contractor to independently verify and
validate State systems.
Importantly, Mr. Chairman, much of the data outside of the
Federal Government is self reported data and, therefore, not
verified. Fortunately, in some circumstances, where there are
critical systems that the Federal Government must rely upon for
delivery of Federal programs at the State and local level, this
is one example where the Federal Government is taking steps to
try to obtain some validity and verifiability of what is being
done at the State and local level. But other efforts are
necessary.
The public infrastructure, including critical areas such as
power, water, and telecommunications, is particularly important
because most, if not all, major enterprises rely on these
essential elements for daily functioning. Other key economic
sectors, such as health, safety, and emergency services,
banking and finance, transportation, and manufacturing and
small business, are also important. These sectors are critical.
Yet the Nation has not had a complete picture of their
readiness.
In our April, 1998, report, we recommended the President's
Council on Year 2000 Conversion develop such a comprehensive
picture to include identifying and assessing the Nation's key
economic sectors, including risks imposed by international
links. We also recommended that the council use a sector based
approach and establish effective public/private partnerships
necessary to address this issue.
The council did subsequently adopt a sector based focus and
has been initiating outreach activities since it became
operational last spring.
More recently, in October of 1998, the chair directed the
council's sector working groups to begin assessing their
sectors. Their first report, issued on January 7, summarizes
information collected to date and indicates that many
organizations are still working to gather material on sector
status.
Mr. Chairman, the effectiveness of the recent legislation
that was passed, the Safe Harbor and Public Disclosure
Information legislation that was passed, might be best assessed
with the success the council will have in being able to gather
this type of information. Since you know that this information
is being gathered at the request of the Federal Government,
therefore it should be covered by the legislation that was
passed this past fall. Hopefully, that will be enough to
provide assurances and incentives for individuals to provide
the necessary information.
If it does not, it may then need a relook as to whether
additional legislation might be necessary at that time.
International concerns are underscored by a September,
1998, report by the Organization for Economic Cooperation and
Development (OECD). That OECD report stated that: while
awareness is increasing, the amount of remediation still
required is daunting; significant negative economic impact is
likely in the short-term, although much uncertainty exists
about the extent of Y2K induced disruptions; governments face a
major public management challenge requiring acceleration of
their own preparations and stronger leadership; and stronger
international cooperation is essential, especially in
conjunction with cross border testing.
Fortunately, it is clear that the United States has taken
the lead in this area and is far ahead of much of the world in
addressing this issue.
The United States has also attempted to promote
international dialog on the Y2K problem. The chair of the
President's Council has met with the United Nations and other
international bodies and helped organize a significant
December, 1998, National Y2K Coordinators Meeting, attended by
over 120 countries, hosted by the U.N. Working Group on
Informatics.
This meeting should help encourage the establishment of
regional coordinating mechanisms and foster greater
international dialog on the Year 2000 issue.
However, time is running out and the January 1 date will
not change.
Let me talk about GAO's commitment to serve.
Mr. Chairman, to date, GAO has issued over 70 reports and
made dozens of recommendations to individual agencies and OMB.
These recommendations have led to significant improvements in
program management as well as real progress in improving the
prospects of key government operations functioning next year.
We have worked closely with this committee and other
committees, including the special Y2K committees in both the
Senate and the House, conducting and reporting on this work.
Additionally, our guides on project planning, business
continuity planning, and testing are used by most agencies as
well as private sector companies in organizing and managing
their remediation efforts. They are also now being used around
the world by many of our counterparts.
Further, we continue to serve as a resource base for other
audit agencies as well as the general public. Our Year 2000
material is now available on our web site--www.gao.gov--and has
been accessed by thousands and thousands of organizations as
well as concerned citizens. We have also worked with our sister
audit agencies at all levels, both domestically and
internationally, to increase their capability to evaluate and
discharge their areas of responsibility in their respective
countries and jurisdictions.
For example, we have worked with Federal Inspectors General
at a number of agencies to insure adequate audit coverage at
their agencies. We have established a working relationship with
State auditors to provide them with audit guidance. In
addition, I personally have discussed the Year 2000 issue with
the leadership of numerous audit institutions, my counterparts,
across the world and have provided them with access to our
material and guidance, both through electronic and other means.
Mr. Chairman, highlighting and addressing the Y2K challenge
is a vivid example of the impact that GAO can have by working
with the Congress to make a difference for the government, our
country, and the American people. I can assure you that our
commitment in this area will continue.
In conclusion, we feel confident that progress is being
made. But I can place confidence only in what we know to be
fact. This represents a particular challenge since much of the
Y2K data is based on self reported information. History has
shown that one should not place undue reliance on self reported
information.
Fortunately, efforts are being taken to provide reasonable,
but not absolute, verification of the work being done on
mission critical systems in the Federal Government, including
work by GAO and others. Based on these efforts, we feel
confident that Federal agencies have processes in place to
address this important challenge and have made considerable
progress in addressing the Year 2000 problem.
We are also confident in stating that progress does not win
you medals. To get the medal you have to finish on time with no
or minimal disruption.
Now is not the time to become complacent over the current
level of progress. In order to make sure that these risks are
minimized, we need to insure that the following is done.
First, it is critical for agencies to assure that, given
the limited time remaining to address this challenge, they
establish key priorities, they rigorously test these systems
and these changes, and they have thorough business continuity
and contingency plans that are prepared and, as appropriate,
implemented. Management controls need to be in place to assure
that these processes are completed and that they are reported
on on a timely basis and in an accurate manner.
Our recommendations concerning the Conversion Council need
to be completely implemented with regular, timely, and complete
reports being developed for each business sector. It is
imperative that more complete information on the status of each
economic and infrastructure sector be developed as quickly as
possible so that appropriate contingency efforts can be
developed and implemented as necessary.
Last but not least, continued Congressional oversight is
required, both on the fiscal aspects as well as the readiness
aspects of this challenge. This committee should require
agencies to report on a regular basis the estimated costs of
their Y2K effort, the amount of money expended to date, and the
amount, if any, of additional funding required. Congress should
also continue to provide oversight of individual agency
readiness. This oversight has been vital in focusing attention
on problem areas and assuring that this issue is a top priority
for Federal agencies.
The establishment of the Senate Special Committee on the
Year 2000 Technology Problem has added an important impetus and
critical focus to this problem. Senator Bennett, as committee
chair, has already taken the lead in providing oversight over
banking regulators and the readiness of the Nation's banking
institutions. This committee has made significant contributions
to developing a better understanding of the issues connected
with all aspects of the Y2K problem, particularly those
associated with key economic and infrastructure sectors.
As ex officio members, Mr. Chairman, you and Senator Byrd
provide a critical link to the appropriations process.
prepared statement
Mr. Chairman, that concludes my statement. I would be more
than happy to answer any questions that you or the other
Senators might have.
Thank you.
[The statement follows:]
Prepared Statement of David M. Walker
Mr. Chairman and Members of the Committee: I am pleased to appear
today to discuss progress being made in addressing the Year 2000
computing challenge and to outline actions needed to ensure a smooth
conversion to the next century. While our country is considered among
the leaders in addressing this issue, the fact remains that both public
and private organizations still face a daunting task in providing
reasonable assurance that it will truly be business as usual beginning
on January 1, 2000 and continuing throughout this pivotal transition
year.
The federal government--with its widespread dependence on large-
scale, complex computer systems to deliver vital public services and
carry out its massive operations--faces an especially enormous and
difficult task. Unless adequately confronted, Year 2000--or Y2K--
computing problems could lead to serious disruptions in key federal
operations, ranging from national defense to benefits payments to air
traffic management.
Consequently, in February 1997, GAO designated the Year 2000
computing problem as a high-risk area. Our purpose was to stimulate
greater attention to assessing the government's exposure to Year 2000
risks and to strengthen planning for achieving Year 2000 compliance for
mission-critical systems. Fortunately, the past 2 years have witnessed
marked improvement in preparedness as the government has revised and
intensified its approach to this problem.
Significant challenges, however, remain--and time is running out.
In particular, complete and thorough Year 2000 testing is essential to
providing reasonable assurance that new or modified systems be able to
process dates correctly and not jeopardize agencies' ability to perform
core business operations. Moreover, adequate business continuity and
contingency plans must be successfully completed throughout government.
The scope of the Year 2000 problem extends well beyond federal
operations; it spans the entire spectrum of our national as well as
global economy. Accordingly, in concert with our recommendations, the
President's Council on Year 2000 Conversion has been reaching out to
the private sector, state and local governments, and to other countries
to increase awareness. Working with these entities, the Council also
has begun to assess the readiness of various sectors, including power,
water, telecommunications, health care, and emergency services.
At this juncture, however, a comprehensive picture of the nation's
readiness is lacking. A great deal more needs to be done--both
domestically and internationally--to effectively determine readiness
and prepare necessary contingency plans. Such actions are imperative to
ensure that technology-dependent services continue to operate reliably
after the turn of the century, with minimal disruption.
the federal government has enhanced its approach
Since February 1997, action to address the Year 2000 threat has
intensified. In response to a growing recognition of the challenge and
urging from congressional leaders and others, the administration
strengthened the government's Year 2000 preparation, and expanded its
outlook beyond federal agencies. In February 1998 the President took a
major step in establishing the President's Council on Year 2000
Conversion. He established the goal that no system critical to the
federal government's mission experience disruption because of the Year
2000 problem, and charged agency heads with ensuring that this issue
receives the highest priority attention.
Further, the President tasked the Chair of the Council with: being
chief spokesperson on Year 2000 issues in national and international
forums; overseeing Year 2000 activities of federal agencies; providing
Year 2000 policy coordination of executive branch activities with
state, local, and tribal governments; and promoting appropriate federal
roles with respect to private-sector activities.
Among the initiatives the Chair has implemented in carrying out
these responsibilities are attending monthly meetings with senior
managers of agencies that are not making sufficient progress;
establishing numerous working groups to increase awareness of and gain
cooperation in addressing the Year 2000 problem in various economic
sectors; and emphasizing the importance of federal/state data
exchanges.
OMB, for its part, has tightened requirements on agency reporting
of Year 2000 progress. It now requires that, beyond the original 24
major departments and agencies that have been reporting, 9 additional
agencies (such as the Tennessee Valley Authority and the Postal
Service) report quarterly on their Year 2000 progress, and that
additional information be reported from all agencies. OMB has also
clarified instructions for agencies relative to preparing business
continuity and contingency plans. Further, OMB places each of the 24
major agencies into one of three tiers after receiving its quarterly
progress report, determined by OMB's judgment as to whether evidence of
the agency's reported progress is or is not sufficient.
Several agencies have reported substantial progress in repairing or
replacing systems to be Year 2000 compliant. For example, in October
1997 we had reported that SSA had made significant progress in
assessing and renovating mission-critical mainframe software, although
certain areas of risk remained.\1\ Accordingly, we made several
recommendations to address these risks, including the development of
business continuity and contingency plans. SSA agreed; in July 1998 we
reported that actions to implement these recommendations had either
been taken or were underway.\2\
---------------------------------------------------------------------------
\1\ Social Security Administration: Significant Progress Made in
Year 2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22,
1997).
\2\ Social Security Administration: Subcommittee Questions
Concerning Information Technology Challenges Facing the Commissioner
(GAO/AIMD-98-235R, July 10, 1998).
---------------------------------------------------------------------------
As federal agencies have more fully realized the complexities and
extent of necessary Year 2000 activities, their costs have
correspondingly risen. As our first chart illustrates, the government's
24 major departments and agencies' Year 2000 cost estimates more than
tripled between February 1997 and November 1998.
There are too many uncertainties to determine whether this cost
escalation trend has ended. One of the most essential ongoing tasks,
testing, could consume additional resources; experience is showing that
testing is taking between 50 and 70 percent of a project's time and
resources. In addition, agencies may find that the planning and
possible implementation of business continuity and contingency plans
could increase costs. As a result of these factors, the Congress needs
to continue to keep apprised of agencies' Year 2000 efforts and their
associated costs.
Chart 1.--Federal Government's Estimated Year 2000 Costs
In billions
February 1997..................................................... $2.5
May 1997.......................................................... 2.7
August 1997....................................................... 3.8
November 1997..................................................... 3.9
February 1998..................................................... 4.7
May 1998.......................................................... 5.0
August 1998....................................................... 6.3
November 1998..................................................... 7.2
Note.--The August 1998 figure of $6.3 billion and the November 1998
figure of $7.2 billion are the totals of all individual submissions from
the 24 major departments and agencies that were generally submitted on
August 14th and November 13th, respectively. In its summaries of the
agency reports, OMB reported the government's total estimated Year 2000
costs as $5.4 billion and $6.4 billion, respectively. For the August
1998 costs, OMB did not include all costs in its estimate because, for
example, it was still reviewing some of the estimates provided by the
agencies. For the November 1998 costs, OMB did not provide explanations
in its report for the discrepancies between the agency reports and its
estimates for 15 of the 18 agencies with differences.
Source.--February 1997 data is from OMB's report Getting Federal
Computers Ready for 2000, February 6, 1997. May 1997 to May 1998 data
are from OMB's quarterly reports. The August and November 1998 data are
from the quarterly reports of the 24 major federal departments and
agencies.
---------------------------------------------------------------------------
Many congressional committees have played a central role in
addressing the Year 2000 challenge by holding agencies accountable for
demonstrating progress and by heightening public appreciation of the
problem. As you know, the Senate formed a Special Committee on the Year
2000 Technology Problem, under the chairmanship of Senator Bennett,
which held hearings on the readiness of key economic sectors, including
power, health care, telecommunications, transportation, financial
services, emergency services, and general business. The House called on
the Subcommittee on Government Management, Information and Technology
of the Committee on Government Reform; and the Subcommittee on
Technology of the Committee on Science to co-chair the House's Year
2000 monitoring.\3\
---------------------------------------------------------------------------
\3\ We will also be testifying today before the House Government
Reform and Science Committees on actions needed to address the Year
2000 computing issue.
---------------------------------------------------------------------------
These committees and others have held many hearings to obtain
information on the Year 2000 readiness of federal agencies, states,
localities, and other important nonfederal entities, such as the
securities industry.
The Congress also passed important Year 2000 legislation. In
October 1998 it passed--and the President signed--the Year 2000
Information and Readiness Disclosure Act. Its purposes include (1)
promoting the free disclosure and exchange of information related to
Year 2000 readiness and (2) lessening the burdens on interstate
commerce by establishing certain uniform legal principles in connection
with the disclosure and exchange of information related to Year 2000
readiness. In addition, the Congress passed (and the President signed)
the Omnibus Consolidated and Emergency Supplemental Appropriations Act,
1999, which included $3.35 billion in contingent emergency funding for
Year 2000 conversion activities.
gao's efforts to help meet the challenge
As you know, GAO has been very active in working with the Congress
as well as federal agencies to both strengthen agency processes and to
evaluate their progress in addressing these challenges. To help
agencies mitigate their Year 2000 risks, we produced a series of Year
2000 guides. The first of these, on enterprise readiness, provides a
systematic, step-by-step approach for agency planning and management of
its Year 2000 program.\4\ The second, on business continuity and
contingency planning, provides a structured approach to helping
agencies ensure minimum levels of service through proper planning.\5\
Our third guide sets forth a disciplined approach to Year 2000
testing.\6\ Federal agencies and other organizations have used these
guides widely to help organize and manage their Year 2000 programs.
---------------------------------------------------------------------------
\4\ Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-
10.1.14, issued as an exposure draft in February 1997 and in final form
in September 1997).
\5\ Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, issued as an exposure draft in March 1998
and in final form in August 1998).
\6\ Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21,
issued as an exposure draft in June 1998 and in final form in November
1998).
---------------------------------------------------------------------------
In addition, we have issued over 70 reports and testimony
statements detailing specific findings and made over 100
recommendations related to the Year 2000 readiness of the government as
a whole and of a wide range of individual agencies.\7\ These
recommendations have been almost universally embraced.
---------------------------------------------------------------------------
\7\ A list of reports and testimony on the Year 2000 problem is
attached to this statement. It can also be found on the Internet at
GAO's World Wide Web site at www.gao.gov/y2kr.htm.
---------------------------------------------------------------------------
Our recommendations have centered on the following:
Project planning.--We have recommended better organizational
planning and management oversight--including systems inventorying and
analysis--in a number of programs and entities.
Priority-setting.--With over 2,600 mission-critical systems still
needing to be made Year 2000 compliant, it is important to establish
priorities. Resources need to be focused on those business processes
and supporting systems that could threaten national security, the
economy, the health and safety of Americans, or their financial well-
being.
Data exchanges.--To remediate their data exchanges, agencies must
(1) identify those that are not Year 2000 compliant, (2) reach
agreement with exchange partners (such as states) on the date format to
be used, (3) determine if data bridges and filters are needed and, if
so, reach agreement on their development, (4) develop and test such
bridges and filters, and (5) test and implement new exchange formats.
Testing.--Agencies should perform thorough testing of their
systems, including end-to-end testing of multiple systems supporting a
major business function.
Business continuity and contingency planning.--Given the
interdependencies among agencies, their business partners, and the
public infrastructure, it is imperative that contingency plans be
developed for all critical core business processes and supporting
systems, regardless of whether these systems are owned by the agency.
In addition to our work at federal agencies, we have promoted Year
2000 awareness and solutions--both in the United States and abroad--by
publishing our guides and reports and making them available on our
World Wide Web site. I also discussed the Year 2000 issue with the
leadership of audit organizations from around the world at a recent
international conference. I subsequently wrote to these leaders to draw
greater attention to this issue, and to share with them our recent
publications.
serious risks remain
While much has been accomplished and real progress has been made in
addressing the Year 2000 problem, both risks and challenges remain. Our
reviews of federal Year 2000 programs have found uneven progress; some
major agencies are significantly behind schedule and are at high risk
that they will not correct all of their mission-critical systems in
time. As the time remaining diminishes, it becomes increasingly
difficult to ensure that all mission-critical systems will be compliant
in time.
Chart 2 shows OMB's assessment of agencies' Year 2000 progress on
the basis of their November 1998 quarterly reports.
----------------------------------------------------------------
Chart 2.--OMB's Assessment of Agencies' Year 2000 Progress (November
1998)
tier 1: agencies demonstrating insufficient evidence of progress
Defense, Energy, HHS, State, Transportation, and AID.
tier 2: agencies showing evidence of progress but about which omb has
concerns
Agriculture, Commerce, Education, Justice, Labor, Treasury, and
OPM.
tier 3: agencies making satisfactory progress
HUD, Interior, VA, EPA, FEMA, GSA, NASA, NSF, NRC, SBA, and SSA.
----------------------------------------------------------------
We have made detailed recommendations to agencies responsible for
some of the government's most essential services. For example:
--DOD and the military services face the threat of significant
problems.\8\ In April 1998 we reported that the department
lacked complete and reliable information on systems,
interfaces, other equipment needing repair, and the cost of its
correction efforts.\9\ We found that these and other problems
seriously threatened the department's chances of successfully
meeting the Year 2000 deadline for its mission-critical
systems. Further, taken together, the problems in Defense's
Year 2000 program made failure of at least some mission-
critical systems and the operations they support almost certain
unless corrective actions were taken. We have recommended
numerous improvements for critical matters such as data
exchanges, testing, and contingency planning; DOD concurred
with these recommendations and agreed to implement them.
---------------------------------------------------------------------------
\8\ Defense Computers: Year 2000 Computer Problems Put Navy
Operations At Risk (GAO/AIMD-98-150, June 30, 1998); Defense Computers:
Army Needs to Greatly Strengthen Its Year 2000 Program (GAO/AIMD-98-53,
May 29, 1998); Defense Computers: Year 2000 Computer Problems Threaten
DOD Operations (GAO/AIMD-98-72, April 30, 1998); and Defense Computers:
Air Force Needs to Strengthen Year 2000 Oversight (GAO/AIMD-98-35,
January 16, 1998).
\9\ GAO/AIMD-98-72, April 30, 1998.
---------------------------------------------------------------------------
--We reported\10\ that although the Health Care Financing
Administration (HCFA) had made improvements in its Year 2000
management, the agency and its contractors were severely behind
schedule in repairing, testing, and implementing the mission-
critical systems supporting Medicare. Given the magnitude of
the task and the risks and limited time remaining, in September
1998 we concluded that it was highly unlikely that all Medicare
systems would be compliant in time to ensure uninterrupted
delivery of benefits and services. To improve the prospects for
success, we recommended that HCFA (1) rank its remaining Year
2000 work on the basis of an integrated project schedule, (2)
ensure that all critical tasks are prioritized and completed in
time to prevent unnecessary delays, (3) define the scope of an
end-to-end test of the claims process and develop plans and a
schedule for conducting such a test, (4) develop a risk
management process, and (5) accelerate the development of
business continuity and contingency plans. HCFA has agreed to
implement these recommendations.
---------------------------------------------------------------------------
\10\ Medicare Computer Systems: Year 2000 Challenges Put Benefits
and Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998).
---------------------------------------------------------------------------
--As we reported in August 1998,\11\ FAA had made progress in
managing its Year 2000 problem and had completed critical steps
in defining which systems needed to be corrected and how to
accomplish this. The agency had acted upon several of our
recommendations from earlier in the year, including making
final a Year 2000 strategy and setting priorities.\12\ However,
with less than 17 months to go, FAA still had to correct, test,
and implement many of its mission-critical systems.
Accordingly, FAA must determine how to ensure continuity of
critical operations in the event that some systems fail.
---------------------------------------------------------------------------
\11\ FAA Systems: Serious Challenges Remain in Resolving Year 2000
and Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998).
\12\ FAA Computer Systems: Limited Progress on Year 2000 Issue
Increases Risk Dramatically (GAO/AIMD-98-45, January 30, 1998) and Year
2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems Failures
(GAO/T-AIMD-98-63, February 4, 1998).
---------------------------------------------------------------------------
Such examples underscore the difficulties confronting agencies to
make up for lost time; Year 2000 testing alone is consuming between 50
and 70 percent of a project's time and resources. Thorough testing is
essential to providing reasonable assurance that new or modified
systems can process dates correctly and will not jeopardize an
organization's ability to perform core business functions after the
change of century.
Even for agencies that are making good progress, other critical
issues must be successfully resolved; these include data exchanges,
telecommunications, and embedded systems.\13\ First, should the
government's hundreds of thousands of data exchanges not be Year 2000
compliant, data either will not be successfully exchanged or invalid
data could cause the receiving computer systems to malfunction or
produce inaccurate computations. Second, the government depends heavily
on the telecommunications infrastructure; reliable services are made
possible by a complex web of highly interconnected networks supported
by national and local carriers and service providers, equipment
manufacturers and suppliers, and customers. Third, the century change
could cause problems for the many embedded computer systems used to
control, monitor, or assist in operations.
---------------------------------------------------------------------------
\13\ Embedded systems are special-purpose computers built into
other devices. Examples include systems in elevators, heating and air
conditioning units, and biomedical devices, such as cardiac
defibrillators, and cardiac monitoring systems, which can record,
process, analyze, display, and/or transmit medical data. (See Year 2000
Computing Crisis: Compliance Status of Many Biomedical Equipment Items
Still Unknown (GAO/AIMD-98-240, September 18, 1998).)
---------------------------------------------------------------------------
If issues such as these are not adequately addressed, the impact of
Year 2000 failures could disrupt vital government operations. Moreover,
federal agencies depend on data provided by their business partners, as
well as on services provided by the public infrastructure (power,
water, transportation, and voice and data telecommunications). One weak
link anywhere in the chain of critical dependencies can cause a
cascading effect of major shutdowns of business operations.
Consequently, it is imperative that contingency plans be developed for
all critical core business processes and supporting systems, regardless
of whether these systems are owned by the agency. Without such plans,
when unpredicted failures occur, agencies will lack well-defined
responses, and may not have enough time to develop and test
alternatives.
the nation as a whole faces significant year 2000 challenges
Our nation's reliance on the complex array of public and private
enterprises having scores of system interdependencies at all levels
accentuates the potential repercussions a single failure could cause.
It is essential that Year 2000 issues be adequately addressed in arenas
beyond the federal government: state and local governments, the public
infrastructure, and other key economic sectors.
State and local governments are responsible for the implementation
of many national programs--such as food stamps and Medicaid--while also
providing vital local and regional services. Accordingly, Year 2000-
induced failures could result in payment delays felt at the local
level, or in the interruption of key public services such as law
enforcement, traffic management, and emergency and health services. For
example, our survey of the state systems used in federal welfare
programs revealed that the majority of them were not yet Year 2000
compliant.\14\ Failure to complete Year 2000 conversion could result in
billions of dollars in benefits payments not being delivered. In an
attempt to prevent this for Medicaid systems, HCFA recently hired a
contractor to independently verify and validate state systems.
---------------------------------------------------------------------------
\14\ Year 2000 Computing Crisis: Readiness of State Automated
Systems to Support Federal Welfare Programs (GAO/AIMD-99-28, November
6, 1998). The survey was conducted in July and August 1998 and included
the following welfare programs: Medicaid; Temporary Assistance for
Needy Families; Women, Infants, and Children; food stamps; child
support enforcement; child care; and child welfare. Forty-nine states,
the District of Columbia, and three territories responded to our
survey.
---------------------------------------------------------------------------
The public infrastructure, including critical areas such as power,
water, and telecommunications, is particularly important because most,
if not all, major enterprises rely on these essential elements for
daily functioning. Other key economic sectors include health, safety,
and emergency services; banking and finance; transportation; and
manufacturing and small business.
These sectors are critical, yet the nation has not had a complete
picture of their readiness. Accordingly, in our April 1998 report,\15\
we recommended that the President's Council on Year 2000 Conversion
develop such a comprehensive picture, to include identifying and
assessing risks to the nation's key economic sectors--including risks
posed by international links. We also recommended that the Council use
a sector-based approach and establish the effective public-private
partnerships necessary to address this issue.
---------------------------------------------------------------------------
\15\ Year 2000 Computing Crisis: Potential for Widespread
Disruption Calls for Strong Leadership and Partnerships (GAO/AIMD-98-
85, April 30, 1998).
---------------------------------------------------------------------------
The Council adopted a sector-based focus and has been initiating
outreach activities since it became operational last spring. More
recently, in October 1998, the Chair directed the Council's sector
working groups to begin assessing their sectors. The Chair, in turn,
plans to issue periodic public reports summarizing these assessments.
The assessments will be used to help prepare contingency plans and aid
in crisis management, in which the Council will respond to disruptions
that may arise in critical services. The first such report, issued on
January 7, 1999, summarizes information collected to date by the
working groups and various trade associations.\16\ The Council
acknowledged that readiness data in certain industries were not yet
available and, therefore, were not included in the report.
---------------------------------------------------------------------------
\16\ First Quarterly Summary of Assessment Information (The
President's Council on Year 2000 Conversion, January 7, 1999).
---------------------------------------------------------------------------
The Council's report is a good step toward obtaining a picture of
the nation's Year 2000 readiness. However, the Council must remain
vigilant and closely monitor and update the information in the sectors
where information is available and obtain information for those where
it is not. Particular attention should be paid to the public
infrastructure, including critical areas such as power, water, and
telecommunications since most, if not all, major enterprises rely on
these essential elements for daily functioning. Other key economic
sectors include health, safety, and emergency services; banking and
finance; transportation; and manufacturing and small business. In
addition, with the advent of electronic communication and international
commerce, the United States is also critically dependent on
international Year 2000 readiness. Completing these activities is
absolutely vital to adequately understanding the full range of national
and international risks.
International concerns are underscored by a September 1998 report
by the Organization for Economic Co-operation and Development.\17\ This
report stated that (1) while awareness is increasing, the amount of
remediation still required is daunting, (2) significant negative
economic impact is likely in the short term, although much uncertainty
exists about the extent of Year 2000-induced disruptions, (3)
governments face a major public management challenge requiring
acceleration of their own preparations and stronger leadership, and (4)
stronger international cooperation is essential, especially in
conjunction with cross-border testing.
---------------------------------------------------------------------------
\17\ The Organization for Economic Co-operation and Development
surveyed its member countries and reviewed existing studies and media
reports on the Year 2000 problem and issued a report on its findings,
The Year 2000 Problem: Impacts and Actions (September 1998). The
organization's 29 member countries are Australia, Austria, Belgium,
Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Japan, Korea, Luxembourg, Mexico, the
Netherlands, New Zealand, Norway, Poland, Portugal, Spain, Sweden,
Switzerland, Turkey, the United Kingdom, and the United States.
---------------------------------------------------------------------------
In addition to addressing domestic Year 2000 issues, the United
States has attempted to promote international dialog on the problem. In
June 1998 the United Nations General Assembly adopted a resolution on
the global implications of the Year 2000 issue. The resolution
recognized that effective operation of governments, companies, and
other organizations was threatened by the century change, and
coordinated efforts were required to address it. The resolution went on
to request that all member countries attach a high priority to raising
the level of awareness and to consider appointing a nationwide
coordinator to tackle the problem.
The Chair of the President's Council also has met with the United
Nations and other international bodies, and helped organize a December
1998 National Y2K Coordinators' meeting attended by over 120 countries,
hosted by the United Nations' Working Group on Informatics. This
meeting should help encourage the establishment of regional
coordinating mechanisms and foster greater international dialog on the
Year 2000 issue.
In conclusion, considerable progress has been made in addressing
the Year 2000 challenge. It is clear that federal agencies have now
made the Year 2000 a top priority. It is equally clear, however, that
much more needs to be done. It is critical that agency priorities
continue to be set, rigorous testing be completed, and thorough
business continuity and contingency plans be prepared. Further,
aggressive and sustained action must continue in assessing and
mitigating national and international risks in both the public
infrastructure and key economic sectors.
Such efforts require federal leadership, effective public-private
partnerships, and international cooperation. Congressional leadership
and oversight of the Year 2000 issue have been instrumental in raising
awareness and spurring needed action; such continued leadership on the
part of the Congress will be crucial. For our part, we will continue to
support the Congress' oversight efforts by evaluating the effectiveness
of the federal government's Year 2000 actions and advancing
constructive suggestions for mitigating the risk of serious Year 2000
disruption.
Mr. Chairman, this concludes my statement. I will be pleased to
respond to any questions that you or other members of the Committee may
have at this time.
gao reports and testimony addressing the year 2000 problem
Status Information: FAA's Year 2000 Business Continuity and
Contingency Planning Efforts Are Ongoing (GAO/AIMD-99-40R, December 4,
1998)
Year 2000 Computing Crisis: A Testing Guide (GAO/AIMD-10.1.21,
November 1998)
Year 2000 Computing Crisis: Readiness of State Automated Systems to
Support Federal Welfare Programs (GAO/AIMD-99-28, November 6, 1998)
Year 2000 Computing Crisis: Status of Efforts to Deal With
Personnel Issues (GAO/AIMD/GGD-99-14, October 22, 1998)
Year 2000 Computing Crisis: Updated Status of Department of
Education's Information Systems (GAO/T-AIMD-99-8, October 8, 1998)
Year 2000 Computing Crisis: The District of Columbia Faces
Tremendous Challenges in Ensuring That Vital Services Are Not Disrupted
(GAO/T-AIMD-99-4, October 2, 1998)
Medicare Computer Systems: Year 2000 Challenges Put Benefits and
Services in Jeopardy (GAO/AIMD-98-284, September 28, 1998)
Year 2000 Computing Crisis: Leadership Needed to Collect and
Disseminate Critical Biomedical Equipment Information (GAO/T-AIMD-98-
310, September 24, 1998)
Year 2000 Computing Crisis: Compliance Status of Many Biomedical
Equipment Items Still Unknown (GAO/AIMD-98-240, September 18, 1998)
Year 2000 Computing Crisis: Significant Risks Remain to Department
of Education's Student Financial Aid Systems (GAO/T-AIMD-98-302,
September 17, 1998)
Year 2000 Computing Crisis: Progress Made at Department of Labor,
But Key Systems at Risk (GAO/T-AIMD-98-303, September 17, 1998)
Year 2000 Computing Crisis: Federal Depository Institution
Regulators Are Making Progress, But Challenges Remain (GAO/T-AIMD-98-
305, September 17, 1998)
Year 2000 Computing Crisis: Federal Reserve Is Acting To Ensure
Financial Institutions Are Fixing Systems But Challenges Remain (GAO/
AIMD-98-248, September 17, 1998)
Responses to Questions on FAA's Computer Security and Year 2000
Program (GAO/AIMD-98-301R, September 14, 1998)
Year 2000 Computing Crisis: Severity of Problem Calls for Strong
Leadership and Effective Partnerships (GAO/T-AIMD-98-278, September 3,
1998)
Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Reduce Likelihood of Adverse Impact (GAO/T-AIMD-
98-277, September 2, 1998)
Year 2000 Computing Crisis: Strong Leadership and Effective
Partnerships Needed to Mitigate Risks (GAO/T-AIMD-98-276, September 1,
1998)
Year 2000 Computing Crisis: State Department Needs To Make
Fundamental Improvements To Its Year 2000 Program (GAO/AIMD-98-162,
August 28, 1998)
Year 2000 Computing: EFT 99 Is Not Expected to Affect Year 2000
Remediation Efforts (GAO/AIMD-98-272R, August 28, 1998)
Year 2000 Computing Crisis: Progress Made in Compliance of VA
Systems, But Concerns Remain (GAO/AIMD-98-237, August 21, 1998)
Year 2000 Computing Crisis: Avoiding Major Disruptions Will Require
Strong Leadership and Effective Partnerships (GAO/T-AIMD-98-267, August
19, 1998)
Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Address Risk of Major Disruptions (GAO/T-AIMD-98-266, August
17, 1998)
Year 2000 Computing Crisis: Strong Leadership and Partnerships
Needed to Mitigate Risk of Major Disruptions (GAO/T-AIMD-98-262, August
13, 1998)
FAA Systems: Serious Challenges Remain in Resolving Year 2000 and
Computer Security Problems (GAO/T-AIMD-98-251, August 6, 1998)
Year 2000 Computing Crisis: Business Continuity and Contingency
Planning (GAO/AIMD-10.1.19, August 1998)
Internal Revenue Service: Impact of the IRS Restructuring and
Reform Act on Year 2000 Efforts (GAO/GGD-98-158R, August 4, 1998)
Social Security Administration: Subcommittee Questions Concerning
Information Technology Challenges Facing the Commissioner (GAO/AIMD-98-
235R, July 10, 1998)
Year 2000 Computing Crisis: Actions Needed on Electronic Data
Exchanges (GAO/AIMD-98-124, July 1, 1998)
Defense Computers: Year 2000 Computer Problems Put Navy Operations
At Risk (GAO/AIMD-98-150, June 30, 1998)
Year 2000 Computing Crisis: Testing and Other Challenges
Confronting Federal Agencies (GAO/T-AIMD-98-218, June 22, 1998)
Year 2000 Computing Crisis: Telecommunications Readiness Critical,
Yet Overall Status Largely Unknown (GAO/T-AIMD-98-212, June 16, 1998)
GAO Views on Year 2000 Testing Metrics (GAO/AIMD-98-217R, June 16,
1998)
IRS' Year 2000 Efforts: Business Continuity Planning Needed for
Potential Year 2000 System Failures (GAO/GGD-98-138, June 15, 1998)
Year 2000 Computing Crisis: Actions Must Be Taken Now to Address
Slow Pace of Federal Progress (GAO/T-AIMD-98-205, June 10, 1998)
Defense Computers: Army Needs to Greatly Strengthen Its Year 2000
Program (GAO/AIMD-98-53, May 29, 1998)
Year 2000 Computing Crisis: USDA Faces Tremendous Challenges in
Ensuring That Vital Public Services Are Not Disrupted (GAO/T-AIMD-98-
167, May 14, 1998)
Securities Pricing: Actions Needed for Conversion to Decimals (GAO/
T-GGD-98-121, May 8, 1998)
Year 2000 Computing Crisis: Continuing Risks of Disruption to
Social Security, Medicare, and Treasury Programs (GAO/T-AIMD-98-161,
May 7, 1998)
IRS' Year 2000 Efforts: Status and Risks (GAO/T-GGD-98-123, May 7,
1998)
Air Traffic Control: FAA Plans to Replace Its Host Computer System
Because Future Availability Cannot Be Assured (GAO/AIMD-98-138R, May 1,
1998)
Year 2000 Computing Crisis: Potential For Widespread Disruption
Calls For Strong Leadership and Partnerships (GAO/AIMD-98-85, April 30,
1998)
Defense Computers: Year 2000 Computer Problems Threaten DOD
Operations (GAO/AIMD-98-72, April 30, 1998)
Department of the Interior: Year 2000 Computing Crisis Presents
Risk of Disruption to Key Operations (GAO/T-AIMD-98-149, April 22,
1998)
Tax Administration: IRS' fiscal year 1999 Budget Request and Fiscal
Year 1998 Filing Season (GAO/T-GGD/AIMD-98-114, March 31, 1998)
Year 2000 Computing Crisis: Strong Leadership Needed to Avoid
Disruption of Essential Services (GAO/T-AIMD-98-117, March 24, 1998)
Year 2000 Computing Crisis: Federal Regulatory Efforts to Ensure
Financial Institution Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
116, March 24, 1998)
Year 2000 Computing Crisis: Office of Thrift Supervision's Efforts
to Ensure Thrift Systems Are Year 2000 Compliant (GAO/T-AIMD-98-102,
March 18, 1998)
Year 2000 Computing Crisis: Strong Leadership and Effective Public/
Private Cooperation Needed to Avoid Major Disruptions (GAO/T-AIMD-98-
101, March 18, 1998)
Post-Hearing Questions on the Federal Deposit Insurance
Corporation's Year 2000 (Y2K) Preparedness (AIMD-98-108R, March 18,
1998)
SEC Year 2000 Report: Future Reports Could Provide More Detailed
Information (GAO/GGD/AIMD-98-51, March 6, 1998)
Year 2000 Readiness: NRC's Proposed Approach Regarding Nuclear
Powerplants (GAO/AIMD-98-90R, March 6, 1998)
Year 2000 Computing Crisis: Federal Deposit Insurance Corporation's
Efforts to Ensure Bank Systems Are Year 2000 Compliant (GAO/T-AIMD-98-
73, February 10, 1998)
Year 2000 Computing Crisis: FAA Must Act Quickly to Prevent Systems
Failures (GAO/T-AIMD-98-63, February 4, 1998)
FAA Computer Systems: Limited Progress on Year 2000 Issue Increases
Risk Dramatically (GAO/AIMD-98-45, January 30, 1998)
Defense Computers: Air Force Needs to Strengthen Year 2000
Oversight (GAO/AIMD-98-35, January 16, 1998)
Year 2000 Computing Crisis: Actions Needed to Address Credit Union
Systems' Year 2000 Problem (GAO/AIMD-98-48, January 7, 1998)
Veterans Health Administration Facility Systems: Some Progress Made
In Ensuring Year 2000 Compliance, But Challenges Remain (GAO/AIMD-98-
31R, November 7, 1997)
Year 2000 Computing Crisis: National Credit Union Administration's
Efforts to Ensure Credit Union Systems Are Year 2000 Compliant (GAO/T-
AIMD-98-20, October 22, 1997)
Social Security Administration: Significant Progress Made in Year
2000 Effort, But Key Risks Remain (GAO/AIMD-98-6, October 22, 1997)
Defense Computers: Technical Support Is Key to Naval Supply Year
2000 Success (GAO/AIMD-98-7R, October 21, 1997)
Defense Computers: LSSC Needs to Confront Significant Year 2000
Issues (GAO/AIMD-97-149, September 26, 1997)
Veterans Affairs Computer Systems: Action Underway Yet Much Work
Remains To Resolve Year 2000 Crisis (GAO/T-AIMD-97-174, September 25,
1997)
Year 2000 Computing Crisis: Success Depends Upon Strong Management
and Structured Approach, (GAO/T-AIMD-97-173, September 25, 1997)
Year 2000 Computing Crisis: An Assessment Guide (GAO/AIMD-10.1.14,
September 1997)
Defense Computers: SSG Needs to Sustain Year 2000 Progress (GAO/
AIMD-97-120R, August 19, 1997)
Defense Computers: Improvements to DOD Systems Inventory Needed for
Year 2000 Effort (GAO/AIMD-97-112, August 13, 1997)
Defense Computers: Issues Confronting DLA in Addressing Year 2000
Problems (GAO/AIMD-97-106, August 12, 1997)
Defense Computers: DFAS Faces Challenges in Solving the Year 2000
Problem (GAO/AIMD-97-117, August 11, 1997)
Year 2000 Computing Crisis: Time is Running Out for Federal
Agencies to Prepare for the New Millennium (GAO/T-AIMD-97-129, July 10,
1997)
Veterans Benefits Computer Systems: Uninterrupted Delivery of
Benefits Depends on Timely Correction of Year 2000 Problems (GAO/T-
AIMD-97-114, June 26, 1997)
Veterans Benefits Computer Systems: Risks of VBA's Year 2000
Efforts (GAO/AIMD-97-79, May 30, 1997)
Medicare Transaction System: Success Depends Upon Correcting
Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16,
1997)
Medicare Transaction System: Serious Managerial and Technical
Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997)
Year 2000 Computing Crisis: Risk of Serious Disruption to Essential
Government Functions Calls for Agency Action Now (GAO/T-AIMD-97-52,
February 27, 1997)
Year 2000 Computing Crisis: Strong Leadership Today Needed To
Prevent Future Disruption of Government Services (GAO/T-AIMD-97-51,
February 24, 1997)
High-Risk Series: Information Management and Technology (GAO/HR-97-
9, February 1997)
Chairman Stevens. Thank you very much.
Again, my greatest concern is about the funding. Have you
come across any agencies that are not doing some of the work
that you have suggested because of cost?
Mr. Walker. It is my understanding, Mr. Chairman, that we
have not seen that to date, although we have not received
adequate information to be able fully to assess that. The real
challenge that we have seen to date is really not the issue of
financial resources. It is human capital resources. It is being
able to have enough people, either internally within the
organization or externally as supplemental resources, in order
to attack this problem in the amount of time that is left.
I would ask Gene if he has any supplemental comments.
Mr. Dodaro. The main issue that we have seen related to
cost--and we have made a number of recommendations--is that
agencies were not making complete cost estimates. This is part
of a deficiency in project management early-on. They did not
have complete inventories of their systems. They had not
assessed their Y2K risks extensively. This is why you have seen
the costs go up. As they have implemented better program
management tools and assessed their vulnerabilities, they have
revised their cost estimates accordingly. We have made a number
of recommendations in that regard.
So the cost estimates we would expect will continually be
revised because, as Mr. Walker pointed out in his comments, we
are right in the midst of testing. I think the results of
testing could yield additional costs that may be needed to make
repairs that were not anticipated. Also, agencies are now
completing business continuity and contingency plans.
Now the execution of those contingency plans might require
additional resources. For example, they might need to hire
additional people to conduct manual operations and work-arounds
around their systems. Those contingency plans have not yet been
completed and that is one of the suggestions that we have, that
costs associated with those contingency plans be specifically
highlighted in the OMB quarterly reports.
The other cost dimension of this issue which is very
important is that, as problems occur potentially--and we think
they are going to occur at the State and local level and at
other aspects across the Nation--the Federal Government will be
de facto asked to provide additional assistance outside of just
the Federal agencies being remediated. This aspect of cost has
not been given full attention as well.
Chairman Stevens. Thank you.
Yes, Mr. Walker.
Mr. Walker. Mr. Chairman, an important point I think needs
to be made to supplement this.
There are a couple of dimensions to this. One is what is
the estimated total cost and, second is whether or not
additional appropriations would be necessary.
As you know, many Federal agencies have significant
appropriated dollars as part of their baseline for information
technology (IT) operations. As a result, even though the costs
go up, it does not necessarily mean they will need additional
appropriations. But we will continue to monitor that.
Importantly, something that I do not think has been focused
on enough is many agencies--in fact, probably most agencies--
have been using a large part of their discretionary baseline IT
resources to deal with this Y2K issue. This means that they
have not been using those resources for security and systems
upgrades, and what is yet to be determined is to what extent
there might be a ripple effect on future appropriations needs
because a lot of the discretionary resources have been focused
on Y2K and not on some of the other mission critical elements
that are non-Y2K related which the government has to deal with
on an ongoing basis.
I think this is something we will continue to monitor to
make you aware of as well.
Chairman Stevens. Now this is the estimate currently of the
Federal Government's Y2K costs. Is there an estimate, a global
estimate, for the United States and all State, local, and
private entities?
Mr. Dodaro. There have been some estimates, Mr. Chairman,
that have been made by the Gartner Group early on in the
several tens of billions of dollars. Also, as Senator Bennett
knows, because he was primarily the impetus behind having
private sector organizations report under Securities and
Exchange Commission (SEC) filings their costs for publicly
traded corporations, those are in the hundreds of millions of
dollars for some aspects of that.
So there have been some estimates. We can provide those to
the committee. But they are very extensive and go well beyond
this.
In fact, I know the securities industry alone has almost
spent as much as the Federal Government has spent getting ready
for the Y2K problem.
[The information follows:]
Gartner Group, a leading organization specializing in
information technology issues, estimated in 1996 that the
global cost of renovating software to be year 2000 compliant
would range between $300 billion and $600 billion. In 1998,
Gartner concluded that, based upon updated information, this
cost range was still valid.
Chairman Stevens. We tried to create a reserve for Y2K. I
think it is more than two-thirds allocated now. But my fear is
that we are going to get down into the last few months of the
year and the costs of testing and the costs of remediation
after testing are going to be so excessive that there will not
be the money there to allocate to cover the costs.
I would be pleased if you would take a look at that. Should
we have another reserve account and if so, what restraints
should there be on it?
I am particularly concerned about the private sector and
the State and local government sector. As the President
mentioned last night, we should be working with the State and
local governments and with the private sector to make sure that
this headache is not the first crisis for the next millennium.
Clearly, the way things are going now, it appears that we
are still looking at the critical and essential missions to
have priority. And yet, each one of those has a lot of
tentacles hanging off of it that, if they are not similarly
dealt with, we could have so many minor crises that they would
add up to a major one.
I do not know how to get to this funding problem. That,
really, again is my major interest--that funding problem.
You have not made an analysis of the private sector and
State and local government requirements, I take it. You have
had some reports on that, but I do not know that you have made
any estimate of their requirements financially.
Mr. Walker. No, Mr. Chairman, we have not done that. With
regard to the Federal sector, one of our recommendations to the
President's Council is that they need to have more discipline
and rigor in their process of getting updates on how much money
has been spent, how much is likely to be required, and whether
or not there is expected to be a funding gap. That is something
that we believe needs to be done. That is something we will
continue to monitor and keep you apprised of.
Chairman Stevens. Senator Bennett, go ahead.
Senator Bennett. Excuse me, Mr. Chairman. Unfortunately, I
have to leave. If I could just ask about one area, I will read
the record. I apologize for asking a question and not being
able to stay.
I am concerned about the Postal Service. It seems to be
neither fish nor fowl. That is, it is not a Federal agency. It
is not listed as to which tier it is in by OMB. But, as I go
around on this issue, a number of businesses say the Postal
Service is as essential to their survival as any other
government agency.
I understand that GAO has looked at the Postal Service. The
Federal Government, of course, has a very heavy investment in
the Postal Service. We do have appropriated funds that go to
pay for services provided to the Federal Government. When it
was made a private corporation, that was all worked out.
I would appreciate it if you would address that issue as
well. Again, I apologize that I have a standing commitment that
requires me to leave.
Chairman Stevens. Thank you. I look forward to your
hearings on this subject. We are trying to stay out of your
area, but sometimes that is not easy to do.
Have you analyzed yet what areas may face a need for
supplemental funding? I am talking about this current year now.
We are going to be dealing with a budget and a lot of people
forget that we are dealing with next year's budget when we
start our hearings. But we are talking about now, this year,
1999, the period of prevention of problems in the next
millennium.
Have you analyzed the sufficiency of the monies that are
available to the Federal agencies now, without any further
supplemental appropriations?
Mr. Walker. We are not in a position to tell you right now,
Mr. Chairman. What we need to have happen is the following.
First, the President's Council on Y2K needs to fully
implement our recommendations with regard to getting more
timely updates on the estimated cost, progress to date, and
whether there are expected to be any gaps. Second, there needs
to be more progress on the testing.
As I mentioned, at least 50 percent of the total cost of
Y2K activities relates to testing. Many of these agencies are
just now getting into testing. As a result, that should provide
us some information in the near future about whether or not
there might be additional appropriation needs.
Furthermore, I would expect that, to the extent there would
be, it is most likely to be the ones that are in the Tier 1
agencies, the ones that are obviously deemed to be at greatest
risk and having made the least progress.
As you mentioned before, Mr. Chairman, that represents over
half the budget and some of the more critical agencies in the
Federal Government.
But as soon as we are in a position to do that, Mr.
Chairman, I can assure you we will report back to this
committee.
Chairman Stevens. I keep hearing stories, particularly in
my State, about systems that have been acquired by State and
local government agencies that, upon receipt, they found were
not Y2K compliant.
Have you looked at that? Is there anything we should do to
place a greater responsibility on people who actually market
noncompliant devices and systems? Apparently they have not
heard Paul Revere. I mean, the word is out that there is a
problem, and yet they are still marketing systems that are not
compliant?
Mr. Walker. I will make one comment and then go to my
colleagues who may be more familiar with what we have done in
this area.
There are many public and private sector enterprises whose
strategy for Y2K was to buy new systems. That was their answer.
You are disclosing a situation where sometimes that is not a
panacea.
Let me turn to Gene or Jack. Is there anything that we have
done here?
Mr. Brock. We have not done any specific work in this area,
but we know that a problem that has existed at some agencies is
that, for a while, many were still purchasing systems that had
no contract or language that would limit Y2K problems.
The Department of Defense (DOD) Inspector General (IG), for
example, found that a large percentage of new DOD contracts did
not, in fact, have any sort of Y2K guarantee language in it.
I would suspect that that would be true, as you found out,
in many State and local governments as well.
So one of the things that people need to do in contracting,
of course, is to exercise an amount of due diligence to make
sure that such protective language is written into the
contract.
Mr. Dodaro. I would say in addition to that, Mr. Chairman,
this is one of the reasons we have advocated testing. For those
products you should have a testing period by the entity
purchasing the products to make sure they are Y2K compliant. If
not, Jack is right in that they need to have some recourse
through the contract language.
One of the suggestions that we could make is this. The
President's Council has monthly conference calls with State
officials around the country. We could urge them to bring this
issue up to them.
I know the Federal Government has adopted contract language
and that could be shared with States, who could then share it
with localities as well. Perhaps they could put some
information on their web site in that regard.
We will follow up to see if that could happen.
Chairman Stevens. Are we sure of the technology base that
is doing the testing? I mean, if a system is certified as being
Y2K compliant, are the tests out there certified by a
sufficient expertise base that we can rely upon those tests?
Mr. Dodaro. Basically there is a lot of reliance placed on
individual vendors to provide assurance. The problem comes when
people incorporate different software packages into their
operating systems. It becomes very complex. Really, then, the
burden shifts from the vendor to how the organizations actually
are using that particular system, whether or not they make
modifications to the commercial off-the-shelf software. That is
often done.
So in terms of how the system then is used, that really is
the responsibility of the organization. That is why they have
to have testing in place, to see how it fits in with their
entire totality of operations.
Chairman Stevens. When I talked to one small city group,
they thought the answer was to replace the system, that it
would be cheaper just to replace it than to go through all of
the analysis and upgrade of particular items within the system.
I asked them who is going to certify the system you buy as
being compliant. There is no real government agency or anyone
out there that can put a stamp on it and say this is Y2K
compliant and the world can rely on that, is there?
Mr. Walker. There isn't one particular entity that is
designated as being the entity or the type of person that is
authorized for certification.
I would, however, point out, Mr. Chairman, that we have a
testing guide. GAO has put out a testing guide and that testing
guide is being used in the Federal Government. In fact, it is
being used to a great extent in the private sector as well. We
have confidence in that.
Joel, would you have any comments?
Mr. Willemssen. If I may add a couple of comments, Mr.
Chairman, as a general rule, the more critical a particular
system is to your business, the higher the likelihood is you've
got to go out and independently test that for yourself, to make
sure that it is indeed going to work as intended.
Second, the General Services Administration and Social
Security Administration have set up a database for commercial
off-the-shelf products where they are engaging in some
independent testing of those commercial off-the-shelf products
and then placing that information on a web site for use by
others so that they don't have to go through the same routine--
that indeed these products have been independently tested and
there is some independent assurance that they are going to work
as intended.
That database to date has not been as populated as we would
like to see. But it represents a good opportunity to get the
information out to other agencies and to the public on what
products are going to work.
Mr. Brock. You are in a very interesting area as well, Mr.
Chairman. It is accepted by a lot of Y2K experts that State and
local governments, particularly local governments, are very far
behind the curve in terms of remediating the Y2K problem. Many
smaller towns and communities really do not have the
sophisticated technical expertise that is necessary to make the
assessments and to take corrective action.
Of course, for many Americans, the real problems of Y2K 1--
that is, January 1, 2000--will occur in their local
communities.
Mr. Walker. As you know, the Information Readiness and
Disclosure Act was intended to encourage the sharing of
information to the extent that individuals were having problems
with purchased software systems or otherwise were having
experiences that it would be beneficial to be able to share, to
encourage the sharing of that information while limiting
potential liability.
I think one of the things that we and the administration
will need to continue to monitor is the relative effectiveness
of that: is it having the intended impact?
I think, in the near future, as we go through more of this
testing stage, we will be in a better position to assess that.
Chairman Stevens. Let me sort of change gears here. Is
there a timeline now on what must be done in order to be sure
we have compliance within the Federal Government by the
critical dates? We have several critical dates this year. But
is there a timeline out there and do the agencies understand
that timeline?
Mr. Walker. The timeline for the Federal Government is
March 31, 1999. That is the date that has been set as the
target date for completion of all mission critical systems.
It is clear that some agencies will not hit that and that
many agencies will not hit it for all of their systems.
Now, obviously, that date is 9 months before the end of the
year and it was established at an early time in order to
recognize that there may be some slippage. But that is the date
that has been established. That is the date by which, and the
interim milestones before that, the reporting was done and the
tiering was done by OMB.
In the final analysis, it has to be ready to go by January
1, 2000. You want it ready, obviously, as far in advance as
possible. In part, Mr. Chairman, you can do about a limitless
amount of testing. It is limited by the amount of human capital
and financial resources that you have.
The biggest restraint, right now, quite frankly, is
probably more the human capital constraint. But we will advise
you if we become aware of situations where there might be a
financial constraint.
Chairman Stevens. You have made suggestions to almost every
Federal agency, I take it, in regard to this issue. Have you
catalogued their responses?
Mr. Walker. Yes, we have.
In general, they have been very responsive, and we do keep
a summary of agencies' actions in conjunction with this area.
We are monitoring it very closely.
Joel, did you have a comment you wanted to make on this?
Mr. Willemssen. I would just add to Mr. Walker's comment on
the March 31 date and why that is critical for individual
mission critical systems. The other key factor on why we would
need that additional time is it takes multiple systems working
together to support an entire business area to be Y2K
compliant. We need that additional time to test from an end-to-
end perspective, including all of those critical systems, to
make sure that, working together, they are going to work as
intended for that entire business process.
That often is the more time consuming and rigorous process
that we are going to have to go through. That, in large part,
is why we also need that additional time.
For example, you can look at air traffic control. That
relies on about 50 automated systems working together to help
separate aircraft. So it is one thing to say each of those
systems is compliant. It is yet another thing to say all of
them working together to support that business area are
compliant. That is why we need that additional time.
Chairman Stevens. Has the President's Council followed the
recommendations of GAO?
Mr. Walker. Generally, they have been very responsive to
our recommendations. We do, however, have some outstanding
recommendations that we still believe they need to implement,
including one of the ones that I mentioned, Mr. Chairman, about
having regular updates not only on progress but on
expenditures; also on any additional appropriations that might
be necessary in order to be able to meet the critical dates.
I think we also need to try to assess better what the
ripple effect of this might be--in other words, what effect
might there be in the out-years on IT budgets because so much
of the discretionary resources have been focused on Y2K--in
addition to supplemental appropriations that have been provided
by the Congress.
Chairman Stevens. We have heard of a series of businesses
that have accelerated their clocks in order to try to test
their systems.
Is that advisable?
Mr. Walker. I'm sorry, Mr. Chairman. Could you repeat that,
please?
Chairman Stevens. We have heard, we have been told of a
series of businesses that accelerated their clocks in order to
try to test their systems and what would happen on December 31,
1999. Is that advisable? Is that a valid test?
Mr. Walker. That is one means to test and it is something
that is advisable to do, I believe.
Joel?
Mr. Willemssen. Yes, that is a reasonable test. One just
has to be cautious about doing that in a live operational
environment. It is more ideal for major complex systems to have
a separate test bed environment to do those roll-ahead tests.
But those are absolutely crucial in making sure that the
systems are Y2K compliant.
Chairman Stevens. I asked the question because I do not see
any of that in the Federal testing system.
Mr. Walker. Oh, they are. I mean, there are systems that
have done that. I know, for example--the Defense Department is
an example. I know that they have tested some of the critical
national defense systems by doing roll forwards, and I'm sure
others have, too.
Mr. Brock. Right. The Department of Defense, for example,
has what they call a time machine that they are establishing in
their defense megacenters, the giant computing centers, where
they are rolling systems forward.
One of the problems with rolling systems forward, though,
is there are some key aspects of the infrastructure that you
cannot roll forward. For example, you cannot roll forward the
public switch telephone network. So to the extent that that
network may or may not have problems, that won't be tested.
There are certain other key infrastructure systems that
also cannot be tested along that way.
But rolling the clock forward in a test environment is a
fairly common mechanism that all agencies use.
Mr. Walker. Mr. Chairman, in addition to getting the
results of the testing that many of these agencies are involved
with to try to ascertain whether or not additional supplemental
appropriations will be necessary, the other issue that I think
we need to see is what success the council has on this national
assessment, on trying to assess the critical infrastructure and
other industry sectors.
Chairman Stevens. That was going to be my next question. I
gather from what they told us the other day they don't have
really yet a national assessment.
Mr. Walker. Not yet. They are working on it. Obviously, the
act that was passed this past fall that provides some
protection for sharing that type of information hopefully will
aid in their being able to gather the information and analyze
it.
That is something we are clearly monitoring.
Mr. Dodaro. Yes, that is one thing, Mr. Chairman. Overall,
the council has been very responsive to our recommendations.
They set up the sector based approach. They have begun outreach
activities. But the need to do that assessment we raised last
April, in 1998, and they have been a little bit behind in
getting that assessment process in place.
This is why you saw for their first national assessment
report a lot of holes in that assessment process.
Now, hopefully, they can get those holes filled quickly.
But if there is not a good national picture of readiness by
this spring and summer, the Federal Government and, indeed, the
Nation, are going to be handicapped in identifying specific
contingency plans and making critical decisions, both
domestically and internationally.
So that is vital. I would urge this committee, as well as
the other specific committees on Y2K, to monitor closely--I
know we will be doing so--those assessments and whether or not
they are completed.
You can only make good decisions if you have good
information, and even if it is self-reported information, as
Mr. Walker pointed out, that is better than no information. And
then you could do some selective testing.
That is a critical recommendation we have made that has not
yet been fully implemented.
Chairman Stevens. I think you made that point in Alaska
when your people were up there. I think it did sort of ring a
bell as far as our people are concerned. I think they are
looking more deeply into the problem now.
Senator Bennett's staff has indicated that there is a
problem if the Y2K testing on a system modification might void
the warranties on the software or the computer systems that
have been sold to the government. Have you looked into that?
Mr. Walker. Has any work been done on that, Joel?
Mr. Willemssen. No in depth work yet. No.
Chairman Stevens. Have we looked at the overall legal
potential liability of the Federal Government and systems it
operates, particularly where it interfaces with the private
sector and with the State and local governments to see what
type of liability we might have out there? I keep reading
stories in the legal newspapers and periodicals about the scope
of the total legal system costs for litigation that is going to
follow on the start of the new century.
I take it that most of that will not be initiated until
after this year is completed. But I don't know if we have
looked at it from a Federal Government point of view as to what
is our potential liability out there and if there is anything
we can do to mitigate that potential liability.
Mr. Walker. Mr. Chairman, our General Counsel, Bob Murphy,
is working with Senator Bennett's committee in looking at this
issue right now and trying to assess this.
Chairman Stevens. Well, some of that surplus the President
talked about last night could disappear awfully fast if we have
the kind of liability people are reporting in the legal
periodicals.
I would hope that somehow we would be given some
information on that in terms of this year's analysis of the Y2K
problem.
Have you looked at the Department of Justice in your
examinations?
Mr. Brock. Not today. We have a review scheduled right now
of some critical operations both in the Immigration and
Naturalization Service (INS) as well as the Federal Bureau of
Investigation (FBI).
Chairman Stevens. How about this in terms of the capability
of the government's attorneys being capable of handling the
kind of litigation that is being presumed to be automatically
involved come the first of next year?
Mr. Brock. We don't have that planned. But we will now.
Mr. Walker. Mr. Chairman, obviously, the best safeguard
that we can do is to make sure that we complete all the testing
and have reasonable assurance that our systems are going to
operate effectively. So, therefore, to the extent that there is
a problem, it would be because of the interface on the other
side, rather than because of problems that we are causing.
Nonetheless, you are pointing out some excellent issues
that we will follow up on and address to the extent that we
have not already.
Chairman Stevens. Well, I am ex officio in Senator
Bennett's committee, as you point out, as is Senator Byrd. We
are worried about our job here in terms of this year's money,
the supplemental funding, and whether or not we have sufficient
money there to meet the emergency and particularly whether the
money we put up for that purpose of meeting the emergency is,
in fact, being used to meet the emergency.
Tell me, what are your plans to keep us informed about the
progress of Y2K? Do you have any timeline on that?
Mr. Walker. I would expect, Mr. Chairman, that we would
need to give you at least monthly updates on what we have and,
obviously, as we get to more critical information in the
interim, to make you aware of it as we become aware of it.
But I think at this point in time we have to be doing at
least monthly updates and other information that is critical as
we become aware of it.
Mr. Brock. In addition to that, we, Senator Bennett's
special committee, we have, I think it is fair to say,
virtually daily contact with staff on that committee on various
topics that the committee is looking at.
Chairman Stevens. Yes, I know. That is a very capable
committee staff and I have real confidence in them in terms of
the substance of the matter. But I am not sure they are
addressing what we are addressing, and that is the financing of
action that is necessary to prevent the collision that many of
us think is going to happen and to prevent some of the
individual suffering that is going to take place if it does.
We have not gotten into that yet. But I keep reading books
that talk about how many boxes of matches, bottles of water,
and cans of food I should have in the basement of my home in
Alaska. While I am still not confident that I should have that,
I wonder sometimes if those people who are ringing those bells
ought to be listened to a little bit.
I asked the question of the President's Council as to
whether any Federal agencies are listening to that warning and
laying in additional supplies and taking on the subject of what
additionally will they need in the event of a crisis. I have
not seen anything like that.
Have you all addressed that? Suppose we do have a crisis.
What should Federal agencies have available to deal with that
in terms of the potential shut-down of some of these systems?
Mr. Brock. There is, for example, the work we are doing for
Senator Bennett on the banking system. We are looking at the
contingency plans of the Federal Reserve system. Their plans
are detailed to the point of already reserving hotel rooms at
hotels, having emergency food supplies available within their
offices, flashlights, batteries, generators, other personal
supplies. So some agencies that have truly vital activities to
carry out, such as the Federal Reserve, are thinking about
that.
I am not sure that this thinking extends as much as we
might like to other agencies.
Chairman Stevens. Should we ask you to put out guidelines
for the potential Y2K crisis for the weekend of December 31,
1999?
I don't want to be the one looking under beds, but I think
someone ought to be thinking about what should these agencies
have on board if this thing does not work.
Mr. Walker. I think we do, Mr. Chairman, need to look to
provide some guidelines here. We need some more information. We
need to have the President's Council respond to some of our
recommendations first.
But yes, I do think it is something we ought to do.
Second, I think in March of this year we should be in a
much better position to provide some meaningful input to the
committee on the appropriations issue and for a couple of
reasons. Number 1, hopefully there will be substantial progress
on the national assessment and the result of that national
assessment. Second, as I mentioned before, March 31 is the
target date for completing all this testing. So, therefore,
even earlier in March we ought to have a good sense as to where
things stand and to what extent is the money going to be
adequate at that point in time.
So I would say that March would probably be a good time for
us to get back to you to try to give you at least our best
estimate at that point in time of what the situation is. And if
we can do it before, we will do so.
Chairman Stevens. We may have some questions from members
that we will send you for the record, gentlemen.
I am still, in my own mind, worried about people who live
in apartments in major cities, as well as those people who live
in very rural areas, such as in my State, in terms of what the
government should be doing, should be telling them if all of
these books and everything are correct.
I noted one suggestion the other day which was not to try
to rely on credit cards over that weekend. Now ours has gotten
to be a credit card society. That is going to be a very
interesting thing, if people who are traveling suddenly find
out that credit cards do not work.
I have also heard some suggestions that it may be the
credit cards will work but the oven and thermostat in their
home or apartment will not. We heard some of that at our
hearings in Alaska.
No one has told me yet whether or not that is true. Is
anyone in the system analyzing those? The government has those
things on base, in all of the on-base housing, and what not.
Will we have problems? Are you looking into that? Are there any
problems with regard to items in the homes we are providing to
our personnel which are not going to function because of Y2K?
Mr. Walker. There are several things, Mr. Chairman. First,
that is why it is important that this sector analysis be
completed, because part of the sector analysis relates to
critical infrastructure. It deals with things like electricity,
water, and other types of things that are fundamental to
everyday life, if you will, for not only the Federal Government
but for everybody in the country.
Chairman Stevens. Whose job is it to do that? If you travel
as much as I do, there is a whole shelf in some airports
devoted to Y2K books. It's enough to scare the pants off you
and make you decide not to go back to your house but to start
chopping wood.
Mr. Walker. The answer is it is a shared responsibility. It
is a cooperative effort. It is a responsibility of the Federal
Government, the State government, the major industry groups and
associations, as well as the enterprises that we rely upon to
provide these services. It is a cooperative effort.
This is an area where, as Gene Dodaro mentioned, we had
recommended early last year that additional work be done. It is
being done. That is the good news. The bad news is it is not
done on as timely a basis as we would have liked and it is an
area that we are monitoring very closely.
The Federal Emergency Management Agency (FEMA) is working
with its counterparts at the State and local level to try to
look at some of these contingency planning issues as well.
Chairman Stevens. We plan to have them up here sometime.
I think the best thing we could do is this. You say in
March you should have these things collated. We can have some
idea whether or not we will have any financing problems by that
time, right?
Mr. Walker. We will have a better idea by March. Yes, Mr.
Chairman.
Chairman Stevens. I would like to have you notify the staff
of when you think you are ready to give us that report. We
should be starting to work, both the House and the Senate, on
supplemental appropriations by the middle of March. I am
confident that Chairman Young and I want to make sure that we
address those issues at the beginning, so that we do not get
caught short in September trying to get supplementals for
September. This must be addressed early.
We also look forward to having your information as to the
potential for funds that might be needed in the next fiscal
year. We have been talking today about this fiscal year. But I
would hope that you would address the question of are there
ongoing areas where financing would be needed for the next
fiscal year.
Mr. Walker. Not only for Y2K, Mr. Chairman, but I think
also that ripple effect that I talked to you about before. I
think that is something that we all have to get a better handle
on.
Chairman Stevens. I am confident that is going to happen.
The question is who is going to have to pay the bill. That,
again, was my understanding. But the President's Council said
they have no intention of asking for any additional funding to
assist the State and local governments. I asked a question
about those programs, such as Food Stamps, where 50 percent of
the costs are paid by the Federal Government and whether we
have looked at the cost the States are going to incur and are
we going to increase our payments.
Have you addressed those issues at all?
Mr. Walker. Joel?
Mr. Willemssen. If I might speak to that, there are two
points. We have looked at some of those State administered
systems that also have Federal funding. By and large, we are
very disappointed with the progress to date.
You mentioned Food Stamps. The data that we had when we did
our report showed that only 24 percent of those systems were
considered compliant. That was self reported information, too.
Regarding another key State administered system, Medicaid,
only 16 percent of those systems were considered compliant.
One thing to keep in mind also as we talk about costs is
those costs, the Federal share, are not included in the current
$7.2 billion estimate. They are separate and apart.
Chairman Stevens. I found that out the other day. That is
why I am saying we need to know about that. That, obviously, is
going to be a supplemental increase.
Mr. Willemssen. Now one thing that OMB based on our report
for the next quarterly report that the agencies submit on
February 12--those Federal agencies are supposed to report on
those programs, State administered, that also have a Federal
funding share. So, hopefully, in mid-February we will have
additional data on where we are with those programs and what
the funding implications are.
Chairman Stevens. I was about ready to wind up, but I
noticed that there was some exchange reported in the newspapers
about the Post Office and their compliance.
Have you been involved with the Postal Service?
Mr. Walker. Mr. Chairman, we currently have a review
underway of the Postal Service. As Senator Bennett mentioned
earlier, that is particularly important, not only for the
Postal Service in its own right and its systems, but because of
the fact that the Postal Service is basically the primary
contingency plan for many operations, many commercial
operations. So that is something we have underway as well and
on which we are working with Senator Bennett.
Chairman Stevens. If their computers are down and they are
delivering Christmas cards, I think we had better find out how
that system is going to take that strain.
Mr. Walker. I hear you, Senator.
Chairman Stevens. Do you have a separate report on them?
Mr. Walker. Yes, we will.
Mr. Dodaro. Yes.
Mr. Walker. We will have a report on that.
Chairman Stevens. Do you have a deadline, a timeline on
that?
Mr. Brock. We expect to have something ready in late
February on that.
Chairman Stevens. So we will hear about that in March,
then.
Thank you very much, gentlemen. I appreciate it. I do hope
that somehow or other we will start turning on the lights for
the people who have jobs that must be done if the public is
going to be able to avoid both the headache the President
mentioned and the crisis of next year. I hope we do not have
both of them, both the headache and the post-headache crisis
because we are not ready, particularly with regard to Federal
functions. Those are normally periods when the Federal
Government sort of goes down to a very low ebb. We all know
that. From just before Christmas to after New Year, Federal
systems are down very low.
This is a period of time, apparently, where the standard
practice cannot be followed unless we are certain that these
compliant systems have been tested and will survive that
crisis.
I hope that we do develop a real contingency plan for that
area and we look to you for guidance on that if we should be
doing anything to fund it.
conclusion of hearings
Thank you very much, gentlemen. We appreciate your
courtesy.
Mr. Walker. Thank you, Mr. Chairman.
[Whereupon, at 10:43 a.m., Wednesday, January 20, the
hearings were concluded, and the committee was recessed, to
reconvene subject to the call of the Chair.]
�