' Y2K Committee Announces Survey Results Measuring Y2K Preparedness of Nation's
Largest Utilities
WASHINGTON, D.C. -- At the first hearing of the new Senate Committee on the Year 2000, members
discussed the threat of the millennial bug to the nation's energy supply and announced the results of a new survey
measuring the Y2K preparedness of the nation's 10 largest utility corporations.
The survey results follow:
Executive Summary
The Special Committee on the Year 2000 Technology Problem recently completed a survey of ten of the largest
oil, gas, and electric utilities in the United States. The purpose of this survey was to determine the status of the
utility industry in terms of its year 2000 (Y2K) preparedness.
Based on the survey results, we conclude that while these utilities are proceeding in the right direction, the
pace of remedial efforts is too slow and the associated milestone dates are so distant that there is significant
cause for concern.
It is also clear from the survey responses that despite substantial completion of initial assessments, firms are
not confident that they have a complete and accurate picture of their present Y2K compliance, making
assurances of timely Y2K compliance little more than a hope.
Experts contend that the most difficult aspects of remediation are in the renovation and testing phases; most
of the firms surveyed have not begun these critical phases of remediation.
Utilities' ignorance of the Y2K compliance of critical suppliers, vendors, and servicers and their lack of
assurances from same create additional uncertainty for utility consumers.
Since the firms tested are among the largest utilities in their fields with the most available resources, we are
pessimistic about the implications for the rest of the utility sector.
Purpose and Methodology
We asked survey respondents for information on their automated systems used to manage and operate their
respective utilities; these include both their computers systems and embedded systems such as process control
units used in their production and distribution systems. While the survey is not statistically representative of the
utility industry at large, the inclusion of 10 of the largest oil, gas, and electric utilities, including generation,
transmission, and distribution facilities, ensures broad representation of the industry. Pledges of confidentiality were
made to survey respondents in order to facilitate honest and candid answers to survey questions.
Other studies have concluded that smaller utility companies are not as advanced in their Y2K preparedness as their
larger counterparts. Hence, the results presented here probably represent the best prepared portion of the industry.
Findings
The utilities surveyed generally did not become aware of their Y2K problems until 1995 or later. Each of them has
since created a formal Y2K project within their firm. Unfortunately, only two of the utilities surveyed reported that
they have completed the initial assessments of their automated systems, especially on the embedded systems side
where four firms were unable to identify how many embedded systems they have in service.
All of the survey respondents reported using outside consultants or contractors in combination with in-house
personnel in their Y2K assessment. All of the companies reported significant numbers of automated systems, with
one firm reporting over 300,000. The typical firm reported about one-third to one-half of its systems were mission
critical.
Of those who had identified their embedded systems, there was a wide variation in the number reported. Some
firms reported numbers of embedded systems by type of application while others reported on a detailed inventory
basis. In general, embedded systems assessments have lagged computer systems assessments. We were told that
this is because the problem in embedded systems was not apparent until recently.
Costs for remediation also varied significantly, due perhaps to the fact that the companies involved were not
homogeneous in terms of service provided and the types of assets in place, as well as the fact that final assessments
are not complete. Two firms were unable to report their projected remediation costs. Notwithstanding the variation
in estimated remediation costs, the total projected cost of remediation for the survey firms was over $400 million.
The typical utility surveyed expects to renovate about 75 percent of its noncompliant systems and to replace or
retire the remainder.
All of the firms surveyed were optimistic that they would have their mission critical systems renovated or replaced
by January 1, 2000; however, most implied that remediation efforts for non-mission critical systems would still be
on-going after January 1, 2000. All the firms surveyed reported checking with suppliers and servicers, but few of
them received assurances of uninterrupted service and many are having difficulty obtaining responses to their
inquiries. This creates some additional uncertainty for continuous utility service after the millennial date change
depending on the criticality of goods and services provided by vendors, suppliers, and servicers.
While most surveyed firms recognized a potential for legal problems and/or liability in conjunction with the
millennial date change, several indicated that they did not anticipate legal or liability problems even if suppliers and
servicers failed to make timely deliveries. Nonetheless, each firm surveyed indicated that it had received inquiries
regarding its Y2K preparedness from regulators, creditors, and/or stockholders/investors.
None of the utilities surveyed had completed contingency plans, for potential eventualities associated with the
millennial date change. Most of this effort will be done in conjunction with standing disaster recovery or emergency
response plans.
One of the more interesting parts of the survey asked about the need for congressional action. Fifty percent
responded that they needed the ability to share Y2K information and best management practices more freely
among other companies without fear of legal reprisal. Since the Justice Department (DOJ) addressed this issue last
week, we assume the DOJ information has not been widely distributed. Twenty percent suggested the need for a
liability limit, and 10 percent suggested a need to defer implementation of GISB regulations so that all available
resources can be focused on Y2K remediation efforts.
Survey conducted by the staff of the Senate Special Committee on the Year 2000 Technology Problem.
senate.gov |
