The U.S. Air Force has not coordinated its y2k fixes, which now threatens the survival of the post-1999 Air Force, according to a study by Congress's General Accounting Office and summarized by the Center for Security Policy.
The summary begins with a reference to the GAO's February, 1998,
report on the Federal Aviation Administration. This was an extremely important report.
* * * * * * * * *
In a House Subcommittee on Government Management, Information and Technology hearing chaired by Rep. Stephen Horn (R-CA), the General Accounting Office testified on the status of the FAA's efforts to meet the immovable 1 January 2000 deadline, declaring: "At its current pace, it will not make it in time."
As things stand now, the validity of this frightening conclusion seems beyond dispute. Another witness at the Horn hearing, consultant Stanley Graham, reported on his own analysis of the FAA's problem, affirming GAO's assessment:
"The number of application systems [used by the FAA] is large; more than 875 systems, 18,000 subsystems, and 65 million lines of code. Furthermore, through November 15, 1997 the Department of Transportation reported that the FAA's large complex systems were only three percent through program remediation. Although this number should rise with later data, we will not have a reliable number until all 65 million lines of code and their data have been analyzed or accounted for."
Is the Pentagon in Any Better Shape?
Unfortunately, there is reason to believe that the armed forces are no more prepared than the FAA to deal with the implications of the Millennium Bug. In a report issued last month entitled Defense Computers: Air Force Needs to Strengthen Year 2000 Oversight,(1) the General Accounting Office warned that the Air Force is at serious risk from the Y2K problem.
The following are among the most important insights from this GAO study (emphasis added throughout):
"As with the other military services, the Air Force is taking a decentralized approach to Year 2000 correction -- that is, it is relying heavily on its components to identify and correct Year 2000 problems affecting their own systems.
"The Air Force estimates there are 2,944 automated information systems and weapons embedded systems in its inventory and that the majority of these systems will have to be either renovated, replaced, or retired before 1 January 2000. Of the 2,944 systems, 550 (about 19 percent) are considered to be mission-critical systems, that is, they directly support wartime operations.
"As of 4 September 1997, the Air Force reported that all of its 2,944 systems completed the awareness phase, 33 percent were in the assessment phase, 32 percent in renovation, 17 percent in validation, 12 percent were in implementation, and 6 percent will be decommissioned by December 1999. As of September 1997, the Air Force estimated that it will cost about $405 million to successfully complete its Year 2000 program.
"Before its Year 2000 effort, the Air Force did not have a comprehensive service-wide system inventory. As such, it could not readily determine the magnitude (much less the cost to fix) of the Year 2000 problem service-wide when it began the assessment phase. While its inventory now contains 2,944 systems, the Air Force is still expanding it to include information on infrastructure-related devices, such as elevators, traffic control and security devices, telephone switching systems, and medical equipment. These devices rely on either microprocessors or microcontroller chips that may be vulnerable to Year 2000 problems.
"In August 1997, [one aircraft weapon system] program office reported that it fixed [a Y2K] problem [with ground software equipment] for about $300,000, using a temporary work around. However, according to a program office official, because the existing equipment consists of old IBM mainframes and outdated Jovial code it will have to be replaced eventually -- and likely at a higher cost -- in order to support future planned aircraft enhancements such as Joint Direct Attack Munition and Joint Standoff Weapon.
"...None of the five weapon system program offices we surveyed had fully determined the actual impact or program status of their system interfaces. One program office told us that it did not plan to do so until the Air Force prescribed a uniform approach to interfaces. In addition, we found other weapon system program approaches to identifying their interfaces to be considerably different.
"Without centralized oversight over the identification and correction of interfaces, there is a chance that some systems and interfaces, for which ownership is unclear, may not be identified and corrected. In addition, there is also a higher risk that conflicting interface solutions will be implemented without the data bridges that are necessary to ensure that information can still be transferred.
"For example, one system manager may choose to fix a system by expanding its date and year, while another may choose to keep the two-digit format and use procedural code or sliding windows as a strategy for becoming Year 2000 compliant. According to current Defense guidance, either fix is acceptable, but both parties need to know of the potential conflict so that they can install the data bridge.
"At the time of our review, however, none of the five program offices we visited had prepared such agreements, and the Air Force was not tracking whether these or comparable agreements were being instituted. . . .
"To its credit, the Air Force has recognized that virtually every computer system it operates is vulnerable to the Year 2000 problem; it has raised the awareness of the Year 2000 problem among system owners; and it has begun assessing the Year 2000 impact on Air Force systems. However, the Air Force is unnecessarily putting its Year 2000 program at risk of failure because it has not yet refined cost estimates based on actual assessment data, fully examined resource trade-offs, and ensured strong and continuous oversight for interface, testing, and contingency planning issues."
The Air Force has the reputation of being the most sophisticated of all the services when it comes to identifying and adapting to new technological developments. If so, it is likely that the rest of the Pentagon is probably in no better, and probably considerably worse shape than the Air Force with respect to the Y2K problem. This point is borne out by a report in the trade publication, Phillips C4I, on 18 December 1997. . . .
The Electronic Equivalent of the Plague
Of course, the Millennium Bug's potential for devastation of an advanced, computer-dependent society like that of the late 20th Century United States is not confined to America's air traffic control system or its national security apparatuses. Scarcely any business, community or individual citizen will remain unaffected -- some in minor ways, others in potentially catastrophic ones -- if the Y2K problem is not universally corrected.
In fact, those familiar with the vulnerabilities of the U.S. infrastructure to information warfare (IW) believe that Y2K problem, unless addressed on a truly national basis, could have much the same effect as a deliberate IW assault by a determined adversary. The implications for public order and safety, to say nothing of national security can scarcely be overstated. . . .
Once these main frame computers have been fixed, they must be rigorously tested. The fixes made in one must be able to interface with those in the next. And all computers that have been made compliant must be protected from contamination by non-compliant systems with which they might share data.
Y2K-non-compliant chips and microprocessors imbedded in innumerable other products -- from cars to elevators to telecommunications, to name but a few -- have to be replaced. Finally, the many millions of personal computers (and their chips) will have to be replaced or otherwise made Y2K-compliant. . . .
The Bottom Line
The United States government must regard the Y2K problem as a public policy, health and safety issue of no less gravity than a widespread outbreak of bubonic plague or polio. It is not enough to establish councils, hold meetings and file discouraging reports while the clock inexorably ticks toward the 21st Century. A crash program to validate and bring to bear automated techniques for addressing in the most cost-effective and least time-consuming manner possible the most daunting challenge: Making the Nation's civilian (government and private sector) and military mainframe computers Year 2000-compliant. It goes without saying that as less time is available (now fewer than 700 days), the higher will be the prices programmers can command for their time.
A further argument for using automated techniques to the maximum extent possible is to reduce the unavoidable problems that will arise from human error. This is a particularly acute problem when the task is as tedious and labor-intensive as that associated with checking millions of lines of computer code under the mounting pressure of an unmovable deadline. And even one percent error makes the whole product 100% non-compliant.
An innovative proposal has been offered by Dr. Morris Davis, the inventor of a program known as Transition Software that has demonstrated impressive capabilities to accomplish such corrective action on mainframe computers in a fraction of the time -- and at far less cost than is currently associated with human review of each line of code. He has offered to provide at no cost to the government the conversion of 100,000 lines of software code on a mainframe computer to demonstrate his program's abilities.
While neither this, nor any other, software program is a panacea for a problem of the magnitude and complexity of the Millennium Bug (especially since some parts of the problem are hardware-related), it would seem prudent to conduct such a test, together with competing automated software programs, on one or more mainframes operated by the FAA, the Air Force or some other priority government agency.
In the event such tests prove effective in both fixing the problem and keeping it fixed on the tested mainframe, no effort should be spared to make the successful program available to government and private sector users as part of a comprehensive approach to make the Year 2000 the beginning of a promising new millennium, not the apocalyptic end of the last one.