With the Red River, there was experience to draw from, but that was a mixed blessing. Some people thought they understood the nature of the beast, they had faced it before and won. However, in this case experience often led to underestimating the threat, sometimes with dire consequences. With the Year 2000 threat, we have no direct experience to either support, or cloud, our judgment. We are, therefore, scrambling to understand the threat so we can develop both appropriate defenses and contingency plans.
The flood had a positive side, especially for those down river. The situation developed over a long enough time span to allow professionals and civilians to marshal their defenses. In contrast, the Year 2000 impact (whatever it may be) will be sudden and have the potential to overwhelm our response capability. As well, there may be "hidden" glitches corrupting data without the fanfare of an obvious failure. Prudent planners will be scrutinizing key data outputs well into 2001.
Preparing for any confrontation requires us to deal with three aspects:
1. The strength of the threat.
2. The place it will strike.
3. The weaknesses in our defenses.
In the case of the Year 2000, there seem to be a thousand possible scenarios. In order for us to focus our planning efforts, we need to know:
- what aspects of our infrastructure we can rely on to work;
- what we can expect to fail;
- if elements fail - how long will they be out of commission.
Unfortunately, there is a fairly large "information gap" between what we want to know and what we are receiving.
What we are hearing is:
- the time, effort, and money, utilities and service providers are putting into avoiding failure;
- what has been tested and declared "compliant"; and
- what else will be tested, and when.
There are not, and cannot be, any guarantees either of success or failure as there are too many interdependencies. Despite the assurances, we still have to ask:
- even if an element is tested, could something still go wrong?
- are there elements that have been overlooked, slipped through the cracks etc.;
- if something does fail, what impact will it have? and,
- if something fails, how long will it take to fix?
Hard experience suggests we won’t get things 100% right — so it seems prudent to expect some things to fail. Let’s face it, things fail on a daily basis, otherwise we wouldn’t have the jobs we do. Any new software product, despite extensive testing, reaches the market with some remaining bugs. The sixty-four thousand dollar question is, will so many things fail simultaneously that they will overwhelm the responder’s ability to put things right in an acceptable time-frame?
When preparing for the Red River flood, there were three options:
- build or reinforce levees to contain the threat;
- build dikes to protect individual buildings; or,
- build or reinforce ring dikes to protect communities.
To do this effectively, the defense builders needed to know:
- Will the water rise higher than the dikes/levees?
- If so, will we be able to raise them faster than the rising water? and,
- Will we be able to repair breaches before they sustain a full collapse?
Like the Red River flooding, the Year 2000 threatens not single organizations, but whole communities. Surviving in isolation may not be good enough. In the few months remaining, we still have time to band together to share what information we have, to develop even better information networks, and to pool resources to both strengthen our defenses and prepare to deal with breaches. We cannot do this spontaneously — it will take a dropping of competitive postures to adopt collaboration, using industry associations as a focal point, and sharing resources. We will not truly know the nature of the beast until we have confronted it. So don’t plan on a bucket brigade to bale you out, take prudent action together with others — now!
Ask difficult questions, but seek reasonable answers.
Next in the series— The New Y2K Challenge: Communications.
Reader comments are welcome. Please send your ideas to John Newton by fax: (416) 929-3621 or by e-mail: firstname.lastname@example.org.
Rex Pattison can be reached by fax at: (416)866-5706 or by e-mail: email@example.com.