Probably the biggest challenge facing those of us trying to develop contingency plans for the Millennium roll-over — and other critical dates — is understanding the nature of what we are facing. Everyone is familiar with the cause, but most of us are desperately trying to predict the effect.

With a lack of hard evidence to define the actual threats, we fall back on what we are most comfortable with — statistics. We quote the number of hours spent in reviewing code, the number of programs covered, percentages remedied, tested etc. and dollars spent. A vast paperwork trail is being developed and carefully preserved so that we can demonstrate (in case of legal action) that we have expended much energy in being prepared. But we are still not sure what we are actually preparing for — minor outages or major failures!

As we write this third article in the series, we are reminded of a situation in March two years ago when we faced the flooding of the Red River in North Dakota and Manitoba. Here was a situation we knew was developing, we knew approximately when it would happen — what we didn’t know, was its severity or where it would strike the hardest.

With the Red River, there was experience to draw from, but that was a mixed blessing. Some people thought they understood the nature of the beast, they had faced it before and won. However, in this case experience often led to underestimating the threat, sometimes with dire consequences. With the Year 2000 threat, we have no direct experience to either support, or cloud, our judgment. We are, therefore, scrambling to understand the threat so we can develop both appropriate defenses and contingency plans.

The flood had a positive side, especially for those down river. The situation developed over a long enough time span to allow professionals and civilians to marshal their defenses. In contrast, the Year 2000 impact (whatever it may be) will be sudden and have the potential to overwhelm our response capability. As well, there may be "hidden" glitches corrupting data without the fanfare of an obvious failure. Prudent planners will be scrutinizing key data outputs well into 2001.

Preparing for any confrontation requires us to deal with three aspects:

1. The strength of the threat.

2. The place it will strike.

3. The weaknesses in our defenses.

In the case of the Year 2000, there seem to be a thousand possible scenarios. In order for us to focus our planning efforts, we need to know:

• what aspects of our infrastructure we can rely on to work;

• what we can expect to fail;

• if elements fail - how long will they be out of commission.

Unfortunately, there is a fairly large "information gap" between what we want to know and what we are receiving.

What we are hearing is:

• the time, effort, and money, utilities and service providers are putting into avoiding failure;

• what has been tested and declared "compliant"; and

• what else will be tested, and when.

There are not, and cannot be, any guarantees either of success or failure as there are too many interdependencies. Despite the assurances, we still have to ask:

• even if an element is tested, could something still go wrong?

• are there elements that have been overlooked, slipped through the cracks etc.;

• if something does fail, what impact will it have? and,

• if something fails, how long will it take to fix?

Hard experience suggests we won’t get things 100% right — so it seems prudent to expect some things to fail. Let’s face it, things fail on a daily basis, otherwise we wouldn’t have the jobs we do. Any new software product, despite extensive testing, reaches the market with some remaining bugs. The sixty-four thousand dollar question is, will so many things fail simultaneously that they will overwhelm the responder’s ability to put things right in an acceptable time-frame?

When preparing for the Red River flood, there were three options:

• build or reinforce levees to contain the threat;

• build dikes to protect individual buildings; or,

• build or reinforce ring dikes to protect communities.

To do this effectively, the defense builders needed to know:

• Will the water rise higher than the dikes/levees?

• If so, will we be able to raise them faster than the rising water? and,

• Will we be able to repair breaches before they sustain a full collapse?

Like the Red River flooding, the Year 2000 threatens not single organizations, but whole communities. Surviving in isolation may not be good enough. In the few months remaining, we still have time to band together to share what information we have, to develop even better information networks, and to pool resources to both strengthen our defenses and prepare to deal with breaches. We cannot do this spontaneously — it will take a dropping of competitive postures to adopt collaboration, using industry associations as a focal point, and sharing resources. We will not truly know the nature of the beast until we have confronted it. So don’t plan on a bucket brigade to bale you out, take prudent action together with others — now!

Ask difficult questions, but seek reasonable answers.