Test of year 2000 puts administrators on the line

At the Social Security Administration, they call it Day 1.

It won’t be an ordinary work day at SSA’s offices, that’s for sure. For
one thing, Day 1 will be a Saturday. It also will be New Year’s Day, Jan. 1, 2000.

Kathleen Adams, SSA assistant deputy commissioner for systems, will be there through
the holiday weekend, verifying that the agency’s systems are running
smoothly—that, when the clock struck midnight, no computers mistook ’00 to mean
1900, the simple problem whose repair will cost Social Security about $42 million.

Adams also will check that lights, doors and elevators operate normally, making certain
that no embedded microchip was left unrepaired.

“Day 1 planning really lets us take advantage of the weekend,” Adams said.
“The holiday is Saturday, so we want to use those two days to make sure we came
through it OK and everything is working. And that’s when you determine whether or not
you need your contingency plan.”

Social Security’s diligent efforts have earned the agency an A in the latest year
2000 report card from Rep. Steve Horn (R-Calif.), chairman of the House subcommittee on
government management, information and technology, whose uncompromising, schoolmasterlike
approach to the issue sends chills up the spines of year 2000 program managers.

“Social Security has been ahead of the curve from the start,” Horn said.
“It began working on the problem in 1989, eight years before most departments and
agencies began to awaken.”

Adams said she expects the agency to have all its systems tested and certified year
2000-ready by January, four months ahead of the Office of Management and Budget’s
governmentwide March 31 milestone.

Most other agencies haven’t fared nearly as well in Horn’s report cards. In
fact, the overall picture is a gloomy one, Horn said.

He estimated that at the current rate of progress nearly one-third of the federal
government’s mission-critical systems won’t be year 2000-ready by March.

“Federal systems need to be updated by this deadline to ensure sufficient testing
of multiple systems,” Horn said.

Adams, who is chairwoman of the Chief Information Officers Council year 2000 committee,
is cautiously optimistic that agencies will get the job done. “Everyone is hunkering
down and taking things very seriously,” she said.

The government’s year 2000 challenge isn’t really a question of overcoming
serious technological obstacles. While inspecting millions of lines of code for
date-sensitive material is laborious, the technical solution is elementary.

In these days of cheap and abundant memory, you can expand two-digit years to
four-digit years, a standard the CIO Council recommends for interagency data exchanges. Or
you can use windowing, a shortcut that retains the two-digit year but calculates the date
from a base year. You also can use a quick fix called encapsulation: Set the computer back
28 years, to 1972, a calendar year that precisely mirrors 2000.

Nor is it a matter of money. Although year 2000 repair, testing and certification will
cost the government as much as $6.3 billion, agencies will get whatever funding they need
to finish the job over the next year, Horn said.

“It’s not the complexity of the problem but the scope,” said Bob
Stephens, a year 2000 program area manager at the Postal Service. “We have so many
technology components that have to be analyzed for year 2000 risk and strategy
development. And we have so many instances of them because of the geography we cover and
number of facilities we have. The biggest challenge is developing the approaches that make
sure we get them all.”

The Postal Service has renovated 121 of its 153 mission-critical systems and expects to
meet OMB’s March deadline, Stephens said. The agency’s year 2000 efforts will
cost an estimated $500 million to $700 million.

For Adams, the year 2000 problem underscores the importance of good configuration and
project management. “That’s what this project has really been about,” she
said. “It’s not technically challenging. It’s making sure you have a good
plan, you cover everything and you execute everything. Configuration management and
project management are two really key things for year 2000 programs.”

A meticulous, exhaustive management approach also is critical—making sure there
are no loose ends.

At the Federal Emergency Management Agency, officials discovered earlier this year that
while FEMA’s regional managers were checking LANs for year 2000 problems, no one was
looking at the WAN.

“Someone said, ‘What about those Cisco routers out here?’ The regional
guy said, ‘You’re taking care of that.’ We said, ‘No, it’s in
your regional office, you’re doing it,’ ” FEMA CIO Clay Hollister said.
“We all felt very stupid. Despite all the charts and the graphs, we had just missed
something that was hugely obvious. That certainly sobered us up a little and we went back
and started looking at this all over again. I think we got everything.”

The lesson for Hollister: Don’t get self-confident.

Even for agencies well ahead of the curve, the job is never finished. For example,
certified systems may have to be recertified as adjustments are made to software.

“Something that everyone has come to realize is that you can’t just certify
these systems and be done with it,” Adams said.

“We’re not living in a frozen environment. It’s dynamic. If you do
another version of software to add functionality or make changes to do a cyclical
workload, you’ve got to put it back through certification testing to make sure your
changes didn’t introduce a year 2000 problem.”

She added, “The truth of the matter is, people can say they’re done, but
nobody is really done until the clock rolls.”

“It’s the kind of thing that requires ongoing attention and a focus that
won’t be done until the days have passed,” John Clark, deputy chief of public
safety in FCC wireless telecommunications bureau, told the FCC forum.

Year 2000 managers also are wary of last-minute surprises and are trying to guard
against them. Some worry that embedded chips, encased in products or equipment and
sometimes hard to find, are potentially troublesome.

“I think anybody working on the year 2000 issue has got to be prepared for some
surprises,” said Stephens. “Embedded chips are probably the area where
collectively the least is known and we don’t have code to look at in many instances.
So we have to make judgments based on function and how we would get by without that chip
working if indeed it fails.”

More than anything, perhaps, the year 2000 challenge is giving information technology
managers a whole new management perspective on their systems. In the long run, government
IT will be much better off as a result.

“The lesson here is the importance and value of year 2000 in helping build a real
enterprise view of systems and how they interface,” Stephens said. “That’s
been a positive by-product of having to deal with the year 2000 challenge. It’s also
required us to do a business evaluation of all of our systems in order to judge the degree
of criticality we assign them.”

Over the last year, the year 2000 efforts of one agency, the Federal Aviation
Admnistration, have been under a microscope. In January, the outlook was grim. The General
Accounting Office reported that FAA was “severely behind schedule in implementing an
effective year 2000 program.” Some wondered how—or if—FAA could ever catch
up.

Ray Long, named FAA year 2000 manager in February, concedes that the agency got a late
start tackling its year 2000 situation. But under a new, centralized management structure
implemented by FAA Administrator Jane Garvey, the agency began to move.

In July, FAA installed a new year 2000 information management system which vastly
improved its ability to report and track data.

Sept. 30 was OMB’s deadline for completing renovation of all mission-critical
systems. At that time, of FAA’s 433 mission-critical systems, 205 were not year
2000-ready. Of those, 44 were being replaced, six were being retired, and the remaining
155 needed repair.

Appearing before Congress in September, Garvey asserted that FAA had renovated 99
percent of its key systems, including all air traffic control systems. But critics
questioned the percentage. The apparent discrepancy lies in the definition of the word
renovated. According to FAA spokesman Paul Takemoto, OMB says it means the code has been
repaired, tested and implemented, while FAA considers it to mean that systems have been
repaired, though not tested or implemented.

Most of FAA’s systems will be tested and certified in time to meet OMB’s
March deadline, and all systems will be ready by June 30, Garvey said.

One of FAA’s biggest hurdles has been on the public relations front. “I have
to say that getting used to substantial public criticism regardless of how hard we work
and how much progress we make has been very difficult,” said Mary Powers-King, deputy
director of the agency’s year 2000 program. “Keeping morale up for our team and
this agency has been one more challenge on this program.”

And there is still concern about FAA’s contingency plans. Both the air traffic
controllers union and DOT have criticized as too vague and undefined the agency’s
plans for responding to possible computer service disruptions. FAA expects to have an
agencywide business continuity and contingency plan finished by the end of this year.

But Garvey and Long are so confident that there will be no year 2000-related systems
failures that they plan to board a plane on New Year’s Eve next year and be airborne
when the clock rolls past midnight.

Even Rep. Horn is growing more sanguine that FAA will get the job done: He’s
thinking about joining Garvey and Long on their New Year’s Eve midnight flight.

“He’s willing to fly as long as Administrator Garvey is with him,” Horn
spokesman Matthew Ebert said.

“He said he knows he’ll be all right as long as she’s on board.”