DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

Of all the disasters President Clinton has had to declare during his tenure, he has yet to address the one which could be the largest disaster of all. There should be no doubt that he and other leaders in government and industry should consider the Year 2000 crisis a disaster of epidemic proportions and take appropriate measures to avert it.

No, it’s not a major flood claiming hundreds of lives or a hacker attacking another U.S. government computer network, but it’s a disaster nonetheless – a disaster that is virtually certain to affect each and every American citizen in decidedly unpleasant ways.

Imagine being told that you can no longer receive your veterans benefits because the checks can no longer be issued properly. Imagine the IRS coming to a halt, unable to collect or process the tax revenue needed to run this country. Imagine the truly destitute unable to receive food stamps, or banks calling in student loans immediately because of computer glitches that erroneously inform bank staff that loan payments are overdue. In many cases, systems simply will not recognize "00" as a valid year date, and shutdowns will result. For those systems that continue to function after 1999, the validity of the data they produce will be in question – because if the system assumes the date refers to the year 1900 instead of the year 2000, the resulting corrupted data could create a host of additional problems.

"There’s a tremendous amount at risk," says Nancy Petersen, vice president responsible for developing Year 2000 business with the federal government at CACI, a consulting and integration firm. Benefit and entitlement systems – such as those at the Social Security Administration, as well as school lunch and food stamp systems – are very date-intensive and are doomed to failure, she says. Part of the problem is that many government systems were written in obsolete program languages by people who have long left government service. There is often no documentation or source code, and the sheer volume of these systems truly limits the ability of the people left to fix them.

Agencies should – and increasingly are – relying on outside vendors to help them comply to the greatest extent possible with Year 2000 issues. These vendors are, for the most part, ready, willing and able to help agencies do so, but even companies dedicated to federal government pursuits are getting tired of bailing the government out again and again. Intimidated by cost and time factors, and overrun by work from other government and commercial clients, these consulting firms often simply refuse the work.

"It’s a real problem," Petersen says. "There are companies that have just decided not to do federal work at all, for that very reason. I know some companies that are doing federal work but are so busy they can’t take on any new customers. It’s a dilemma here and in many consulting firms. As much as I want to support the federal customer, my company is going to remind me that we are not a missionary organization."

Saving the Patient

The government is certainly not blind to these problems. Agencies have, to varying degrees, had some success in retrofitting their systems to handle the complicated date shifts that will occur when January 1, 2000 rolls around. But agencies have not done nearly enough – and have not allowed enough time – to fix the majority of their systems. The sad reality is that when midnight strikes on December 31, 1999, many government systems will come to a grinding halt.

Most congressional leaders and federal oversight agencies agree that the only way to save mission-critical systems is to use the triage method, saving the most mission-critical systems while allowing others to die an untimely death..

"Triage is the only way to go," says Petersen, who is also chairperson of the Year 2000 task group at the Information Technology Association of America (ITAA). "We have less than 700 days left, and there is not time by a long shot to fix everything."

The hardest part, says Don Arnold, head of the Industry Advisory Council’s Year 2000 committee, is to classify all government systems into three categories: systems you must fix, systems you can’t fix and systems you might be able to fix. It is those programs in the first category that are prime candidates for triage.

Perhaps most difficult is determining which systems are truly mission-critical. The problem has forced agencies to examine their systems carefully, picking and choosing which will live and which will die.

What makes a system critical? If millions of people depend on it, it’s critical. If you can’t run the agency without it, it’s critical. If it impacts enough people in a profound way, it’s critical.

"Months ago, when you asked agencies how many critical systems they had, they might have said 2,000," Petersen says. "Today, they say 20 or 50. Agencies are going through some very painful decision making. People are going to have to live or work around a lot of systems they once considered critical."

In the end, agencies are simply going to have to learn to do without. As hard as that may be, it is not impossible, Arnold says.

"You may have a critical system, central to your mission, but nothing you do will make it work. You can’t not fix it, yet you can’t fix it. If you can’t live without it and it doesn’t work, it seems to me that you will live without it," he says.

Dealing with Reality

Given that reality includes some very hard choices, what can agencies – and companies in the private sector – do to efficiently manage resources, responsibilities, and expectations?

Most importantly, you must begin the planning process now. Develop your business impact analysis after defining what you are trying to protect and listing the things that can diminish or destroy it – such as the impending Year 2000 crisis. Quantify the cost of the disaster to help prioritize your resource allocation, and now you are ready to develop specific plans for how you will complete your mission and continue to function if critical systems are compromised or lost altogether.

In addition to choosing which systems will live and die, your contingency plan should include a timeline, giving real dates for when each phase of Year 2000 testing should be initiated and completed. As a general rule, contingency planning must begin immediately for all systems not corrected and properly tested by June of this year.

Overlooking the testing phase may be a tempting way to shorten the process, but avoiding such temptation is a wise move, says Jim Brown, director of business development at Tracor Information Systems, a government contractor. Testing is most often left to outside contractors, generally because agency IT personnel prefer to spend their time dealing with system fixes, which require a higher degree of subject matter expertise.

To really get the ball rolling, however, the executive branch must truly realize the seriousness of the issue. The government has taken recent steps in the right direction by hiring a Year 2000 czar. John Koskinen, former deputy director for management at the Office of Management and Budget (OMB), recently has agreed to head the President’s Council on Year 2000 Conversion, an interagency task force. While Koskinen has stated his belief that "the government will be able to meet this challenge," he has also been warned by at least one member of Congress that he and his task force may be taking on "the thirteenth labor of Hercules."

Paying the Bills

The Council on Year 2000 Conversion is an excellent first step, albeit one that should have been taken years ago. But more must be done. Money is what it will take to truly make a dent in the problem – and the more of it the better. And aside from finding enough money to effectively deal with the problem, let’s not forget that legislated funding for the Year 2000 crisis may be the fastest way to get the full attention of some levels of government – if it’s funded, then it must be important.

"For a long time, the politically correct stance was to solve these issues with the money agencies already had," Petersen says. "Today, that means agencies are taking the money out of their standard maintenance budgets and new program budgets – anywhere they can find it." It makes more sense for Congress to appropriate new emergency funds, she says. The problem is certainly big enough to warrant it.

It will take as much money, effort and resources as the government can throw at the problem. What the government can’t provide, however, is more time. The clock is ticking.

"What’s it going to cost to solve Year 2000? All you’ve got. How long will it take? As long as you have," Arnold says. "It will cost everything you can pay. Every man-hour that doesn’t have a higher priority should go toward it. It will cost as much as you can throw at it because the problem is bigger and the cost is greater than you can complete in the time allowed."

If the public and private sectors are not adequately prepared, Year 2000 could very well be the largest disaster in history. And we know exactly when and where it is going to happen.

Mike Braham is Director of CommGuard, Enterprise - Wide Continuity Services at Bell Atlantic Federal Systems. Braham serves on the National Board of Directors of the Association of Contingency Planners and is Sub-Committee Chair for the Leadership Coalition for Global Business Protection. Braham lives in Virginia and was a U.S. Marine pilot.