TIME BOMB 2000, by Ed and Jennifer Yourdon, went through two printings in its first two months. It may become a best-seller. It is receiving a lot of publicity. Yourdon is therefore receiving criticism. Here, he replies to one critic on a list serve forum. I have reprinted it, with a few omissions regarding his economic motives, which is the standard criticism from skeptics. "You're scaring people just to make money!" This is really, truly juvenile. Anyone with a reputation large enough to make money from a scare book on computers is risking his name. An author of 24 books on programming, which Yourdon is, is not going to take such a risk. Besides, he could make a lot more by advising terrified executives regarding the problem. Why waste time writing?
People who say such things obviously have no public reputations and have never written a book. They are appealing to a C-average high school student's version of Marxism: "The cash nexus explains all." Even if it did, what about the cash value of a reputation, of dozens of books with a man's name on them?
Side note: Do critics also tell cancer specialists this? "You're telling people that cancer is a threat just to make money!" I don't think so. But they say this about men like Yourdon. (A few have said it about me. This may come as a shock to some readers. Think: Why did I sell my urban home for less than I paid for it 11 years ago in order to get a fast sale? Why did I move to rural Arkansas?)
Mr. Yourdon recently put his New York City condo up for sale and moved to rural New Mexico. He takes y2k very seriously.
* * * * * * * *
There are approx 9,000 electric utility plants in the U.S., including 108 nuclear plants, and at the present time (Feb 25, 1998), NONE of them are Y2K compliant. None. Zero. Zip. Nada. Last survey that I saw indicated that one-third had not started any Y2K effort at all, one third were seriously behind schedule, and one-third were on-schedule. This is not an exaggeration; NONE of the nuclear plants are compliant, and the Nuclear Regulatory Agency (NRC) is currently drafting a letter to the plant operators to warn them of their vulnerability and liability. The Chairman of the SEC, Arthur Levitt, has drafted a letter to the non-nuclear agencies, also warning them of their Y2K exposure; this will probably go out in the next week or two. Most likely scenario: 20-30% of the utility plants will suffer at least sporadic Y2K problems on 1/1/2000, primarily with their embedded systems, including intermittent blackouts; and it's not at all beyond the realm of possibility that portions of the nation's power grid will be brought down for several hours, days, or weeks. Don't take my word for it; take a look at the web sites of two Y2K-oriented utility experts, Roleigh Martin
and Rick Cowles
Both of them think the situation will be MUCH worse than what I've suggested.
If you're a computer professional, you may be aware of the statistics for project success, whether's it's utility plants or any other kind of software project: even if you completely eliminate project failures caused by budget problems, the data that we have from the last 30 years of software projects tells us that 15% of all projects are late, and 25% are cancelled before completion. The projects that are late turn out to be late by approx 7.6 months; for large projects (1+ million lines of code), the behind-schedule projects are late by an average of 13.8 months, and for VERY large projects (10+ million lines of code), the behind-schedule projects are late by an average of 25 months. This is not an exaggeration; I can give you citations of books and references if you care to see the details. And it doesn't take a rocket scientist to conclude that this does not bode well for Y2K projects.
So much for utilities (and note that I haven't commented on water supply, oil, gas, and sewage). When it comes to banks, consider these statistics: there are approx 11,000 banks in this country. Even taking into account the holding companies that own several small banks, and the banks that outsource their IT development to service bureaus, you have to assume that there are at least 5,000 separate enterprise-level banking software systems that need to be fixed. The numbers from one large banking institution are instructive: Bank of America currently has an army of 1,000 programmers working on 250 million lines of code, and as of late Jan 1998, they reported they were 1/3 of the way done. More statistics from another large bank: Chase Manhattan was quoted in an article in the NY Times last October as saying they have interfaces with 2,950 external entities. Naturally, we can be highly confident that all 2,950 will be Y2K compliant with no problems, right? ... nevertheless, it's interesting that Edward Yardeni, chief economist of Deutsche Morgan Grenfell, predicts that between 5% and 20% of the small banks in the U.S. will fail because of Y2K problems. That's the good news; the bad news is that Europe is approx one year behind us and is dangerously distracted by their Eurocurrency projects, Latin American is sound asleep, and Asia is preoccupied with its current financial crises.
If you're a computer-literate person, here's an interesting statistic: 70% of the Japanese banking systems are inhouse, customized systems, while in the U.S., 70% of the banking systems are packages. Conclusion: maybe the international banking system will survive, but when Alan Greenspan says Y2K could be a serious problem (as he did today, in his testimony to the Senate) you'd better pay attention. From my perspective, this is not a theorectical, academic issue: this affects my retirement savings and it's not something I feel like risking.
Bottom line: the banking system, as we currently know it, is in serious danger of collapsing.
The other component of the "iron triangle" of critical infrastructure services is telecommunications. Each of the "big three" of ATT, MCI, and Sprint is dealing with a Y2K portfolio of 300-400 million lines of code; there are interesting rumblings from all three that indicate all is not rosy with their Y2K efforts. Even if they make it, there are now hundreds of small, independent, deregulated carriers that can wreak havoc on the overall telecommunications "grid". An example of this occurred two days ago with a problem caused by a random firm called Illuminet; see the attached news release below. Even assuming we get dial tone on 1/1/2000 in the U.S. and England, you can reasonably expect that several third-world countries are going to be cut off from telecommunications for several weeks or months because of Y2K problems.
Meanwhile, within the typical corporate environment, consider yet another statistic: 90% of the PBX switchboards installed before 1996 are NON-compliant. Small-medium enterprises (SME's) are generally oblivious to this problem, and are not at all interested in upgrading their equipment. If you look at this on a global basis (as I'm currently doing with one of my consulting clients, who has 100+ MAJOR offices on 7 continents), the problem is horrific.
Then there's the government. The smart-ass character who critiqued my email to your list-serve member seemed amused by my oblique reference to Clinton's executive order; I suspect he had never heard of it before, which isn't surprising considering how little media attention it got. For what it's worth, the Executive Order was quietly published on Feb 4th and began with the words "Minimizing the Y2K problem will require a major technological and managerial effort, and it is critical that the United States Government do its part in addressing this challenge." But it turns out that the "Y2K Conversion Council" that Clinton has created with the Executive Order is just another bureaucratic committee, and won't have much impact on the outcome. Your homestead group may not care about such things, but it's worth noting that 16 of the 26 major federal agencies are predicting that they'll finish their Y2K testing in Nov or Dec 1999; that's enough to make any veteran software professional break out in howls of laughter. Congressman Stephen Horn (R-CA, and a former university president) predicts that 14 of the 26 agencies won't finish even their mission-critical systems on time. IRS appears to be doomed; perhaps that's why the CIO, Arthur Gross, resigned last month. FAA has gotten lots of press recently about their Y2K problems (and the top Y2K person in that agency has resigned, too) -- but that's the GOOD news about the Dept of Transportation, which is currently estimated to finish its Y2K work in 2019; the bad news is that 95% of the exports from this country go by sea, and the maritime industry only held its first Y2K conference this week (in NYC; I attended it), and doesn't have a clue about Y2K. HHS (Health & Human Services) has basically shot itself in the foot by firing its outsourcing-contractors and bringing its partially completed software projects inhouse without Y2K compliance; as a result, Medicare and Medicaid are seriously threatened. Etc, etc, etc. I can't claim that my crystal ball is perfect, but I will tell you that my own personal Y2K plans include a very simple assumption: the government of the U.S., as we currently know it, will fall on 1/1/2000. Period.
I just noticed your sig file says you're from Georgia. Well, here's what's going on in GA: about a month ago, the Governor woke up and announced that the state would have to spend approx $130 million to "combat" the Y2K bug, most of which would be spent to hire approx 400 programmers. By itself, a proposal from the governor doesn't mean diddly-squat, but it's amazing to see that the GA legislature actually approved the funding proposal within a matter of weeks; by contrast, states like Texas (where my daughter recently addressed the Appropriations committee of the state legislature on the global economic impact of Y2K) cannot easily do so, because they operate on a constitutionally-mandated balanced budget, which doesn't allow deficit spending. Anyway, GA apparently has approval to spend $130 million, which means that it has approval to hire 400 programmers. But the governor doesn't want to hire them himself -- the appropriation has to trickle down two or three levels to the various departments that will actually decide how much they need, and how many programmers they need. How long will that take? Three months? Six months? Whenever it happens, the state IT departments will go out into the marketplace to try to hire 400 people at civil-service salaries. In today's marketplace, how many do you think they'll be able to hire? How about: ZERO. The "great sucking sound" that Ross Perot warned of in his last Presidential campaign turns out to be the sound of programmers being sucked out of the public-sector government agencies, into the private sector, where competitive salaries can be paid, and salaries are rising at the rate of 2-5% per month. And even if they could hire 400 programmers 3-6 months from now, it's too late. IT'S TOO LATE! Of course, maybe God will smile on Georgia, and maybe the critical state agencies in your state will get their Y2K work done in time; meanwhile, there are 49 other states, several of whom (ND, MT, WY, AK and several others) appear not to have even begun doing any Y2K work. The chances that even a reasonable majority of them will finish is pretty small, in my humble opinion. And then there are the counties, and the cities....
I could go on at great length, because there's a lot more detail that we Y2K "warriors" know about and are dealing with, but I think you see the point: those of us who are living with the problem on a day-to-day basis are terrified. . . . I could make at least as much money, if not more money, during the next two years by focusing my efforts on OO technology, Java, and the Internet; but in my opinion, the Y2K problem will make any discussion of OO and the Internet roughly akin to rearranging deck chairs on the Titanic. Frankly, I couldn't care less whether your computer veterans agree or disagree with my views on Y2K; my daughter and I wrote our "Time Bomb 2000" book to articulate personal Y2K contingency plans for our family, our friends, and other personal acquaintances. If Y2K does turn out to be as bad as I think it will be, nobody is going to care about the opinions of software professionals on 1/1/2000 (other than possibly lynching them for having created the problem in the first place!); instead, everyone is going to be concentrating on how to get food, shelter, clothing, and the basic necessities of life. Y2K threatens all of this, except in the backwards economies that have never depended on automation or socio-economic interactions with other automated societies. Rural China will probably be okay; but in my humble opinion, New York, Chicago, Atlanta and a dozen other cities are going to resemble Beirut in January 2000. That's why I've moved out of NYC to rural New Mexico a couple months ago.
You're welcome to post these remarks on your listserv if you think it would serve some constructive purpose; I'll leave that up to you. But in general, I assume that your listserv group has come to the conclusion that Y2K is not a problem, and that you'd rather not hear any opinions of the sort that I've expressed above. That's fine with me; as Spock says on Star Trek: "live well and prosper." I wish you well, and hope that we'll all be able to compare notes about the Y2K situation in a calm rational fashion on 1/2/2000.
But in the meantime, I've got work to do. There are only 674 days left.
Sincerely, Ed Yourdon