[GOVERNMENT] 'Government's Role in Reducing "Year 2000" Risks
Very well written article!
John
______
year2000.unt.edu
[snip]
Government's Role in Reducing "Year 2000" Risks
Leon A. Kappelman, Jerry L. Johnson, and Kathy Rosmond
Most people are at least aware that there is something called the "year
2000" century date problem with computers. Less understood are the extent
and probability of the risks posed by this problem and the degree to which
it might adversely affect the public's safety and general economic welfare.
Most 1governmental year-2000-related activities have focused on dealing
with the problem in their own operational systems. Yet as far as the
responsibility that government has to protect the public's safety and
economic well-being, besides comparatively timely and reasonably diligent
efforts by federal regulators of financial institutions and more recently
the federal regulators of publically-traded companies, government agencies
at all levels have been almost totally negligent in their duty to serve and
protect the public.
At a time when public sentiment favors less government control, getting
some legislatures and agencies to step up to that kind of intervention may
be difficult. But the year 2000 problem is not a "business as usual"
situation. We need informed and decisive leadership. Government actions
such as these would greatly serve the country:
1. antitrust exemption so enterprises can freely share their solutions with
each other;
2. the choice to amortize costs so enterprises move more quickly instead of
delaying year-2000 expenses and their impact on current earnings;
3. the creation of mechanisms to facilitate information sharing without
fear of legal repercussions;
4. the extension of statutes of limitations so that scarce resources could
be focused on remediation instead of litigation;
5. the limitation of certain legal liabilities for enterprises that can
demonstrate a specified degree of diligence in resolving their year 2000
problems, particularly in the area of matters beyond the control of
enterprise management (e.g., a year-2000-related supplier failure); and,
6. some leadership on issues like certification of nuclear power plants and
waste dumps, water and sewer systems, oil and chemical pipelines and
plants, other potential life-threatening and environmentally hazardous
facilities, as well as critical infrastructures like power generation and
distribution facilities, medical devices and facilities, telecommunication
networks, and the like.
We are not sure how far government can or should go in monitoring the
compliance of private or not-for-profit organizations that provide
essential services to citizens. Nevertheless, government should assume
significant responsibility for educating the public and raising awareness
regarding the issues. Moreover, public figures can provide solely needed
leadership to help foster the high degree of cooperation and communication
required to effectively deal with this problem in the time available.
Though people resist government intervention, the fact is that most people
depend on government-monitored services like emergency response systems,
banking and securities dealers, oil and gas line distribution, food and
drug industries, and the air line industry, to name but a few. Using the
example of a hypothetical "State" state government and its agencies, we
examine the role of government in protecting the public safety and the
economy. Enterprises in certain industries provide essential public
services and they must be held accountable to be "year-2000 ready" and the
government agencies listed in the following paragraphs are charged with
requiring that this happen.
It is worthy of note that there is no standard definition of what it means
to be "year-2000 ready" or "year-2000 compliant." And regrettably, at least
with respect to dealing with immediate year-2000-related concerns, it is
far too late for government or other entities to try to impose retrofitted
standards on to an already fragile technology infrastructure. Nevertheless,
in the long term such initiative may be advisable just as standards for
things like telecommunications equipment and electrical plugs, outlets, and
transmission frequencies have served the national interest, fostered
competition, and protected the public well being. For our purposes we
assume that "century compliant" simply means that things will work as well
in the next century as they do in the current one and that no date-related
failures will occur. If this is not the case then they are non-compliant.
Court Systems
While the pardon and parole systems have to deal with dates into the year
2000, other less obvious systems dealing with scheduling court action or
documenting evidence could also be at risk. Recommendations: The State
Administrator for the Courts should take responsibility to see that the
appropriate jurisdictions are aware of and are correcting any problems in
the state, appellate, district, municipal, and juvenile court systems.
Criminal Justice Systems
Sentencing and environmental (i.e., buildings and facilities) control
systems could be affected by the year-2000 problem. Recommendations: The
Department of Corrections needs to ensure that the sentencing and
environment control systems (especially security) are year-2000 ready in
the correctional institutions.
Electric Power Generation and Distribution Systems
Power plants, both nuclear and conventional, use computer systems and smart
valves that could result in system failures. The grid that distributes
electrical power also is at risk. Recommendation: The State Public Utility
Commission (PUC) should initiate a proceeding to assess the year 2000
readiness of all power plants and the potential impact on the power grid
itself. The proceeding should determine if each utility has conducted a
year 2000 risk assessment, developed a corrective action plan, and
established a date to become year-2000 ready.
Emergency Response Systems
While not a specific year-2000 problem, ground receivers that use the
Global Positioning System (GPS) satellite system may fail in August 1999
due to a date-related processing problem. Many of the emergency response
systems are using GPS to track emergency vehicles for 911 systems.
Recommendation: The Emergency Communications Commission should alert all
911 system operators in the state of the potential problem and assist in
identifying vendors offering equipment and systems that have corrected this
problem. Moreover, emergency response and emergency management agencies
should work with other agencies and the Federal Emergency Management Agency
(FEMA) to help identify high risk areas and make contingency plans.
Environmental Risks
The year 2000 problem poses serious environmental risks from many of the
year-2000-related areas described in the sections concerning electric power
generation and distribution, petrochemical refineries and oil/gas line
distribution, and water and waste treatment. Recommendation: The State
Natural Resource Conservation Commission (NRCC) should work closely with
other agencies and the federal Environmental Protection Agency (EPA) to
help identify high risk areas and take regulatory action to protect the
public's safety and the environment, as well as make contingency plans.
Financial Institutions
Banks and credit unions also are at risk. On June 17, 1996, the Comptroller
of the Currency, Administrator of National Banks, issued an advisory letter
(AL 96-4) to the chief executive officers of all national banks, department
and division heads, and all examining personnel. The advisory letter
contained a statement by the Federal Financial Institutions Examination
Council (FFIEC) that alerted financial institutions to risks that may be
present in existing computer systems as the industry enters the new
century. The FFIEC consists of the Federal Reserve Board of Governors, the
Federal Deposit Insurance Corporation, the National Credit Union
Administration, the Office of the Comptroller of the Currency, and the
Office of Thrift Supervision. On May 5, 1997 the FFIEC issued a more
extensive statement including "Year 2000 Examination Procedures" and
additional advisories have subsequently been issued. Recommendation: The
Finance Commission and the Credit Union Department should issue letters
advising all state-chartered banks, savings and loans, consumer credit
enterprises, and credit unions that they have a responsibility for
analyzing the year-2000-related risk of their internal computer systems,
and should consult with affected vendors (e.g., automated teller machines)
and customers to ensure they are addressing the year 2000 issue. Based on
the risk analysis, management should develop and implement an action plan
to deal with any identified systems changes required to achieve year-2000
compliance.
Hospitals and Medical Facilities
Year-2000-related problems have been found in medical lab equipment and
other medical devices. Patient record systems could also have problems.
Recommendation: The State Department of Health should initiate proceedings
to determine if hospitals and medical facilities have conducted year-2000
risk assessments, developed a corrective action plan, and established a
date to become year-2000 ready.
Insurance Industry
The insurance industry has many of the same year-2000 problems as financial
institutions. Recommendation: The State Department of Insurance should
initiate proceedings to determine if insurance companies have conducted a
year-2000 risk assessment, developed a corrective action plan, and
established a date to become year-2000 ready.
Petrochemical Refineries and Oil/Gas Line Distribution Systems
Refineries and oil/gas line distribution systems are controlled by computer
systems and use smart valves that could be at risk. Recommendation: The
State Railroad Commission and NRCC should initiate proceedings to determine
if refineries and managers for oil/gas line distribution systems have
conducted a year-2000 risk assessment, developed a corrective action plan,
and established a date to become year-2000 ready.
Telecommunication Systems
The voice telephone system has known problems that could result in service
failures, incorrect billings, and other problems. The Federal
Communications Commission (FCC) is aware of the problem but as yet has not
initiated any action to ensure that local exchanges or the long distance
networks are ready for the year 2000. Recommendation: The State Public
Utility Commission (PUC) should initiate a proceeding to assess the year
2000 readiness of all local carriers and long distance providers. The
proceeding should determine if each utility has conducted a year 2000 risk
assessment, developed a corrective action plan, and established a date to
become year-2000 ready.
State and Regulated-Industry Investments
Several state agencies (e.g., treasurer, employee and teacher retirement
systems) and universities invest funds in stocks and bonds. Moreover,
several regulated industries including banking and insurance invest in such
financial instruments. Furthermore, banks make loans to other enterprises.
Economists and bankers like Federal Reserve Chairman Greenspan, Federal
Reserve Governor Kelley, and Dr. Edward Yardeni have all indicated that
there is a high probability that some degree of year-2000-related economic
problems will occur. Given the seeming large percentage of
stock-and-bond-issuing public and private enterprises that have done very
little to date to address their year-2000-related issues, it would appear
that there is an uncomfortably high risk of insolvency, default, and
diminished market valuations. Recommendation: State agencies and
universities as well as agencies that regulate industries that make such
investments, should require companies or entities issuing bonds or stock or
otherwise borrowing to document their efforts to address the year-2000
problem for such state agencies and/or regulated institutions.
State Police Issues
The State Police needs to ensure that all safety and protection systems
function properly. This could include the statewide law enforcement
microwave communications systems, the computer systems that contain
criminal history and offender information (including fingerprint
identification systems), the sophisticated equipment in patrol vehicles,
and the jails. Recommendations: The State Police should initiate
proceedings to determine if these safety and protection systems are
year-2000 ready.
Transportation Control Systems
Motor vehicle, highway, and railroad traffic control systems use computers
and devices with embedded microprocessors that could fail or produce
incorrect timing sequences. Recommendation: (1) The State Department of
Transportation (DOT) should be made aware of the potential problem and
should assist local communities with the identification of vendor equipment
and systems that have year-2000 problems and the possible solutions. DOT
should work with the State Railroad Commission to assess the safety of
highway/rail crossing sites. (2) The Railroad Commission should initiate
proceedings to determine if each rail system manager has conducted a
year-2000 risk assessment, developed a corrective action plan, and
established a date to become year-2000 ready.
Water and Waste Treatment Systems
Most modern systems that control the treatment and distribution of drinking
water and waste water use computers and "smart valves" with embedded
microprocessors. Problems with the control systems, hardware or software,
or the smart valves could result in total system failures, contamination of
ground water, and/or contamination of drinking water. Recommendation: The
NRCC should initiate a proceeding to assess the year 2000 readiness of all
water districts, municipal water supplies, and waste water treatment
facilities. The proceeding should determine if each utility has conducted a
year 2000 risk assessment, developed a corrective action plan, and
established a date to become year-2000 ready. NRCC also should make
information available about known problems and potential solutions for
specific vendor-supplied systems and equipment.
United We Stand, Divided We Fall
It would appear that given the late start of many governmental entities to
begin solving their own year-2000 problems, let alone deal with their
regulatory responsibilities in this regard, combined with the large number
of potential problem areas as outlined above, that in most cases it is not
possible to mitigate all of the risks faced by any particular country,
state, municipality, community, enterprise, family, or individual. This
calls for:
(1) serious risk-based triage so that the available resources and time can
be focused on the industries, agencies, enterprises, and systems that pose
the greatest potential for disruption and/or devastation; as well as
(2) adequate contingency planning and preparations to ensure the
continuation of essential governmental, infrastructure, social, civic,
medical, and business services in the event of, what appears to be, the
inevitable difficulties that will ensue when the century hand strikes 20.
It is not government's responsibility to do this alone. It is up to each
and every one of us to do our part. But government does share some of the
responsibility. Regrettably, many government agencies have done absolutely
nothing with regard to year-2000 related risks that are undoubtably their
responsibility (e.g., the EPA and the President's Council on Critical
Infrastructure Protection (PCCIP)). At the state government level more
energy has gone into year-2000 liability limiting legislation than into
actual efforts to ascertain and resolve year-2000 problems. So preposterous
are these activities that Nevada has gone so far as to declare year-2000
damages by government agencies to be merely "acts of God" - Certainly not
the kind of motivation state agencies need to give year-2000 remediation
their best efforts. Does legislative irresponsibility know no bounds?
Nevertheless, by mid-1998 there were indications that the tide was shifting
at least in some quarters. The year-2000 efforts in the states of New York,
California, Pennsylvania, and Washington have conspicuous governor
sponsorship and appear to be proceeding favorably. Some states have even
enacted spending freezes on non-year-2000-related information technologies.
Legislation is pending in California that will effect some of the policies
suggested at the beginning of this article. Heretofore totally inert
federal agencies like the Federal Communication Commission, the Food and
Drug Administration, and the Nuclear Regulatory Commission are beginning to
show signs of year-2000-related regulatory life. Even the White House has
demonstrated a growing concern and created the President's Council on the
Year 2000 Conversion. Where this all leads us by January 2000 depends on
just how many of these kinds of activities take place in the months ahead.
Whether we think so or not, every one of us is a computer user and every
one of us depends on information technologies for essential goods and
services. In the final analysis it is a matter of individuals at every
level of society choosing to face this problem and doing something about
it. The success of a county governed of the people, by the people, and for
the people depends on the actions of its citizenry. So when it comes to the
year 2000 problem ask yourself: Am I part of the problem or part of the
solution? The choice is yours.
Conditionally accepted in February 1998 for publication by the Journal of
the American Society for Information Science (JAIS, published by John Wiley
& Sons, Inc.). Second revision May 9, 1998.
Copyright 1997, 1998 Leon A. Kappelman. All rights reserved. Earlier
partial versions of this article appeared in the book Year 2000 Problem:
Strategies and Solutions from the Fortune 100 (Leon A. Kappelman, Editor,
1997, ISBN 1-85032-913-3, International Thomson Press: Boston; for
information call toll-free 888-906-8410 or visit www.year2000.unt.edu/book)
and the Year/2000 Journal, 1997, 1(6).
Leon A. Kappelman, Ph.D., is a researcher, writer, teacher, speaker,
facilitator, and consultant dedicated to helping organizations better
manage their information assets. Currently, he is directing his
professional energies and attention to helping enterprises accept and solve
their year 2000 computer date problems. Leon is an Associate Professor of
Business Computer Information Systems at the University of North Texas,
Associate Director of the Center for Quality and Productivity, and co-chair
of the Society for Information Management's (SIM) Year 2000 Working Group.
His professional expertise also includes the management of information
assets, information systems development and maintenance, change management
and technology transfer, project management, and information systems
assessment and benchmarking. He has published over 50 articles and his work
has appeared in the MIS Quarterly, Communications of the ACM, Journal of
Management Information Systems, Project Management Journal,
InformationWeek, Computerworld, National Productivity Review, Industrial
Management, and the Journal of Systems Management. He authored Information
Systems for Managers (McGraw-Hill, 1993) and edited Solving the Year 2000
Computer Date Problem: A Guide and Resource Directory, SIM International
(1996), Year 2000 Problem: Strategies and Solutions from the Fortune 100,
International Thomson Press (1997), and Year 2000 Update: Key Issues and
Research Reports (SIM International, 1998). He can be reached at Box
305249, Denton, Texas 76203; phone (940) 565-3110; facsimile (940)
565-4935; email kapp@unt.edu; website
unt.edu
Jerry L. Johnson has been employed at the Texas Department of Information
Resources (DIR) since January 1991 as Senior Policy Analyst. He is
responsible for research and development of statewide information resources
technology standards and related implementation programs. He participates
in selected standards-related organizations to represent the state's
interests and reports on the development of new standards to the
Information Resource Management (IRM) community through various state
publications and DIR-hosted technical/educational forums. Prior to joining
DIR, Jerry served in the United States Army from 1965 to 1990. He received
an associate degree in computer science from Central Texas College and a
bachelor of science in computer science from American Technological
University. His elected positions include past Chairperson of the OSE
Implementors Workshop (OIW) Technical Committee (OSE-TC) and past co-Vice
Chair of the User Alliance for Open Systems. His professional memberships
include Association for Computing Machinery (ACM), Association for Systems
Management (ASM), Austin Software Council (ASC), Internet Society,
Institute of Electrical and Electronics Engineers (IEEE), Software Quality
Institute Advisory Group, and the State of Texas representative to the
Electronic Messaging Association (EMA).
Kathy Rosmond is currently the year 2000 program director of the Washington
State Department of Health and Human Resources. Prior to focusing her
attention on this critical state agency she was one of two year 2000
project managers who established the statewide initiative and program
office at the Washington State Department of Information Services where her
responsibilities included planning and coordinating agency year 2000
activities from a statewide perspective. Before accepting the position as
Washington State's Year 2000 Project Manager, she was the staff director
for the state's Information Services Board where she was responsible for
developing statewide technology policies and standards, overseeing major
state IT projects, and reviewing and approving large technology
acquisitions. Kathy is the vice chair of a Pacific Northwest year 2000
users group, a founding member of the Society for Information Management's
Year 2000 Working Group, and participates in the Information Management
Forum's year 2000 work group.
--
Harlan
Subject:
- Mitigation Measures
Date:
29 May 1998 07:37:36 EDT
From:
"Harlan Smith" <hwsmith.nowhere@cris.com>
Organization:
Paperless
Newsgroups:
comp.software.year-2000 |
