Command System At Risk For Y2K Failure
Computers/Internet News
Source: Defense Week
Published: November 1, 1999 Author: John Donnelly
Posted on 11/01/1999 05:37:57 PST by Stand Watch Listen
The computer system used by the White House and top commanders to plan and execute major military missions has not proven ready for 2000, the Pentagon?s inspector general said in a report released Friday. With two months until the new year, the audit raises important questions about the military?s preparedness to deal with the prospect that crucial computers could malfunction when their internal calendars roll over to 2000.
At issue is the Joint Operational Planning and Execution System (JOPES), used in peacetime and war to manage personnel and equipment? including theater-level nuclear-war plans, the new report said. JOPES is an "essential mission application" in the Global Command and Control System?the military?s single, worldwide battle-management network.
"JOPES is the foundation of conventional command and control," the auditors wrote. "Therefore, it is a likely target for information-warfare attacks. It is imperative that the unified commands have complete operational contingency plans to allay the problems triggered by a JOPES failure caused by either Y2K-related problems or by information- warfare attacks." However, the report said, neither the Joint Staff nor commands in Europe, the Pacific, the Middle East and elsewhere have adequate contingency plans ready in the event the Y2K bug disables the JOPES system. The Joint Staff agreed and is formulating such a plan.
"Without complete operational contingency plans, the DOD ability to respond to military crises in a timely manner was reduced and there was increased risk that DoD will not have adequate alternative ways to quickly respond to combatant command requests for equipment and personnel," the report said.
The Pentagon has made great strides in tackling the Y2K bug. William Curtis, the Pentagon?s principal director for the Year 2000 program, said 99 percent of the military?s mission-critical systems are compliant. Moreover, given the new report?s spotlight on the JOPES shortfalls, that system, too, will probably be made compliant, said Robert Lieberman, the assistant inspector general for auditing.
However, if the military?s worldwide battle-management network could pass muster while a core application is not compliant, it raises serious questions about how meaningful the positive compliance figures are, experts say. The inspector general?s report begs the question: What else has fallen through the cracks?
Officials at the Defense Information Systems Agency, the Pentagon?s information-technology organization, think the report exaggerates the problem. Air Force Lt. Col. Intae Kim, the agency?s chief engineer for the global command system, in a letter included in the report, said the problems "were well documented with work-arounds or fixes ...."
But Evelyn Klemstine, the inspector general?s director of International Programs, says having a fallback option is not the same as certifying the system itself will work.
Klemstine also said JOPES was chosen for auditing because of its importance. In June, her team discovered that the military?s system for assessing the readiness of its personnel? the Status of Resources and Training System?was also inappropriately certified as fixed. Consequently, the earlier report found, "the services? ability to report unit resources and training in a Y2K environment was not assured."
John Pike, a military expert with the Federation of American Scientists, expressed concern when told JOPES was not compliant.
"JOPES is the application they use to run wars," Pike said. "It?s the core application for figuring out who?s supposed to be where, when. It?s the application they use to plan everything worth speaking of," from joint exercises to peacekeeping operations to nuclear strikes in Korea or the Middle East.
According to the Oct. 27 inspector general report, the Defense Information Systems Agency certified the overall global command system as compliant without proper testing of JOPES, perhaps the system?s most important single application.
"Just because your computer works doesn?t mean every application does," said Klemstine.
"They haven?t fully tested the interfaces" between JOPES and several service systems that manage the deployment of forces, said Klemstine in an interview. "In addition, there is COTS [commercial-off-the-shelf] software in it that they know is not Y2K compliant ...."
What?s more, she said, "Our biggest problem with JOPES and the [global command system] is they keeping changing the configuration baseline." From one baseline to the next, 70 elements had been changed, she said. "How can you say it?s Y2K-compliant when you have so many revisions to your baseline?"
Curtis, the Y2K director, said in an interview that configuration management is a major focus of the Pentagon?s overall effort of late. The Joint Staff?s fallback plan included use of the secret military Internet, secure faxes and phones.
But the plan "did not offer guidance on how to orchestrate operations" and didn?t meet the criteria required for emergency plans, the report said.
As for the regional commands, the U.S. Central Command?s plan "lacked the specific procedures to safeguard the joint operational planning function in the event of a Y2K-related disruption." Ditto for other commands. The U.S. Pacific Command plan "included using messengers with hand-carried information if all else fails."
Last July, Secretary of Defense William Cohen told reporters: "There is no question that on Jan. 1, 2000, and every day thereafter the Department of Defense is going to be ready." But in late September, the Senate?s special Y2K committee was far more skeptical. Of the Pentagon?s tardiness in fixing mission-critical systems, the panel said: "These late scheduled completion dates leave little to no time for schedule slippage or unforeseen events, which for [information- technology]-related projects are common."
The Senate panel?s conclusion? The Pentagon is at "considerable risk" of not meeting the Jan. 1, 2000, deadline. Y2K boss Curtis had not seen the JOPES report. But he gave Defense Week the latest overall figures: Fewer than 50 mission critical systems out of 2,414 still have to undergo "higher level testing"?required exams that are more integrated and realistic than the system-by-system kind. The goal is to finish by Dec. 15, he said. Will that be enough time to solve problems? "The number of problems has been very small" in tests to date, he said, and mostly testers found a fix "pretty much on the spot."
Curtis said the Pentagon, which owns one-third of the government?s computer systems and operates 600 installations worldwide, wants to make New Year?s Day "the largest non-event in history."
Referring to JOPES, Lieberman, the assistant inspector general, said: "It?s a big system with lots of users and a lot of importance in a mobilization scenario. Due to its importance to the warfighters, I?m quite sure management will turn to and put some extra emphasis on making sure they do everything that needs to be done."
More broadly, though, Lieberman does not expect all critical systems to be adequately tested by Jan. 1. And he expects failures. The key question, he says, is: Does the military have proper contingency plans in place to deal with the problems in U.S. systems or, more likely, breakdowns in nations that host allied forces? The question is open and will remain so for some weeks, he said. But if, and only if, the military tackles the problem as robustly as it has to date, all will be well, he said.
freerepublic.com |
