forumpurpsm.GIF (8368 bytes)

Technology Bites Back

The millennium bug promises to take its toll on
technology systems around the globe.

BY ARNAUD DE BORCHGRAVE AND STEPHANIE LANZ

The Year 2000 problem, or Y2K in popular speak,has been called everything from the millennium bug to much ado about nothing. The scores of studies and hundreds of media reports to scope the problem, its associated costs, and possible implications have produced a wide variety of conclusions, ranging from "the end of the world as we know it" to a bump in the information superhighway.

That there will be a global disruption is a given; the extent and magnitude of the crisis, on the other hand, still remain to be determined. Over the past six months, estimates of the global cost for correcting the Y2K problem have risen from $719 billion to $858 billion, an increase of 20 percent.1 This makes Y2K the second most expensive endeavor the world has faced since World War II, whose total cost was approximately $4.2 trillion. Even the Vietnam War—estimated at $500 billion—cost less.

Who will be hurt, how badly, and for how long are all questions that are impossible to answer. While there is no way to predict which nations will be most at risk, the United States is clearly ahead of the pack in its compliance efforts, followed by Canada, Australia, South Africa, and Israel. The United Kingdom has slipped from second to sixth place but is still well ahead of Germany, France, Italy, and Japan.

Unlike earthquakes or floods, which occur with little to no warning, we know when the Y2K crisis will hit, which makes this disaster unique. We now have just a few months to fix the problem, test the repairs, and develop adequate contingency plans to mitigate possible failures.

Few people still believe we have time to fix all our critical systems. Testifying before the Senate Special Committee on the Year 2000 Technology Problem, James Woodward of Cap Gemini, Europe’s biggest software and services company, claimed that "only 83 percent of American companies expressed confidence in their mission-critical systems."2 One of the reasons for their lack of confidence is the interconnectedness of the problem; it is not a question of one thing going wrong, but the possibility of tens of thousands of little failures occurring all over the world. As Bruce Webster, chairman of WDCY2K—a group of more than 2,000 Y2K experts from the greater Washington area—points out, "We live in a network of multiple, complex, interacting systems and it’s hard to tell where one system ends and another begins. When things fail, we will be facing multiple overlapping failures, not isolated events."

General Motors, for instance, has over 100,000 suppliers and vendors. If even one of these data exchange partners is not fully compliant, the whole system may become infected by corrupted data, which could result in significant errors or system crashes.
 
SIMPLE MISTAKE
The Y2K crisis originated in a simple programming habit. Decades ago, memory space was very expensive—computer memory that might cost $5 today cost $5 million 30 years ago. As a result, most programmers allocated only two spaces to denote the date field. At the turn of the century when the last two digits roll back to 00, computers may mistakenly assume that the date is 1900, not 2000. Even though most programmers knew, even 30 years ago, that this would cause problems come January 1, 2000, most did not believe that the systems they were programming would still be in use.

Dates are very important in computers since they are used extensively to make all kinds of calculations. For example, dates are used to determine who should receive Social Security checks, pensions, Medicare, retirement benefits, driver’s licenses renewal, and tax refunds. In industry, dates control everything from manufacturing processes and just-in-time delivery systems, to maintenance schedules and assembly lines. The financial industry is most vulnerable, since it uses dates to control everything from trading to mortgage payments and credit card bills.

NO QUICK FIX
Even though the solution to Y2K seems technically simple—expanding the date field from two to four digits—the magnitude and the complexity of the problem is daunting. For years now, programmers have been programming without supervision. That is, they had no set standards or programming guidelines to adhere to. As a result, there is no way to know where they located date fields in most systems. Therefore, in order to identify all date fields, all lines of code in the program must be searched and corrected manually.

Across the world, some 180 billion lines of code must be remediated. Chase Manhattan Bank, for example, has 200 million lines of code; Citicorp another 400 million; AT&T 500 million; Social Security 67 million; and the IRS 100 million. The task is huge, as a programmer can handle only a thousand lines of code in an eight-hour day.

The number of computer languages in use today—over 500—further aggravates the complexity of the Y2K crisis. In order for networks to function properly, they must be able to communicate with each other intelligibly. Any errors in the software could potentially cause cascading failures throughout the entire system.

In addition, most large mainframes were programmed in a language known as COBOL, which has been obsolete for almost 20 years. Because very few programmers are still versed in COBOL, tens of thousands of former COBOL programmers have been brought out of retirement, and some companies are even running "COBOL boot-camps" for their programmers.

Another problem is the sheer number of languages embedded in mainframe computers. Some mainframes were programmed with up to 20 different, and now obsolete, languages.

The presence of embedded microprocessor chips in everything from cruise missiles and satellites, to VCRs and traffic lights, is another daunting problem. Embedded chips are a product of the miniaturization revolution. INTEL engineers have already succeeded in placing 120 million transistors on a single thumb-nail-size silicon chip. Just in the last two years, the number of transistors per chip has increased exponentially from 1.1 million to 5.5 million.

Typically, embedded chips control and augment the automated function of control systems for processes such as water and electricity distribution. If these chips are not Y2K compliant, they may create havoc in the new millennium.

There are now about 70 billion embedded chips across the world, over half of them in the United States. Experts predict that between 1 and 5 percent of embedded chips have Y2K problems. So even if only 1 percent need to be fixed—the best case scenario—that still leaves approximately 700 million chips that must be found and replaced.

To further complicate matters, embedded chips are often custom made and encased in steel structures. Thus, there is no possibility of accessing them through a keyboard and mouse, and there is no generictoolkit to fix the problem as there is for software remediation.

An oil rig, for instance, has thousands of embedded chips that control a variety of functions, some located at the bottom of the ocean controlling the flow of oil from the well. The latest cruise ships contain as many as 15,000 embedded systems.

SHIFTING DEADLINES
It is erroneous to assume that all Y2K failures will occur on January 1, 2000. A November 1998 survey by Cap Gemini indicated that 55 percent of the companies it surveyed had already experienced Year 2000-related failures. Future failures will not occur only on January 1, 2000. In fact, there are a number of dates to watch for:

n January 1, 1999 to December 31, 2002. In what many technologists view as a colossal failure to plan, 11 members of the European Union (EU) have taken on mission impossible: the simultaneous conversion to the single euro currency and Y2K compliance. European political leaders who failed to grasp the scope of Y2K decreed that top priority should be given to the euro conversion. As a result, most EU countries are at least six months behind the United States in their remediation efforts. Despite this gap, only 60 percent of the European firms are adopting "business continuity measures."

n July 1, 1999. Forty-four states will face Year 2000 problems on this first day of their fiscal year. Their planning strategies and budgets will be at risk if they have not been remediated to handle dates for the year 2000 and beyond.

n August 21, 1999. The world’s 24 global positioning satellites will roll over on this date. Satellites record time by counting the weeks that have passed since their launch in 1980. The weeks fill up a counter much like the odometer on a car. Like the odometer, the counter rolls over to 0000 when it is full. At midnight on August 21, 1999, the counter will be full, causing failure in those Global Positioning Satellite (GPS) receivers that have not been corrected. There are 10 million GPS receivers in use in the world today and in some cases a failure could be life threatening. Equipment that uses the GPS signals includes civilian and military aircrafts and ships, "smart weapons," police cruisers, ambulances, and some late model cars.

n September 9, 1999. Many computers have been programmed to recognize 9999 as an "end-of-file" command. Thus, a computer encountering the date 9/9/99 could skip over critical data, misperform calculations, and spit out contaminated reports or delete critical historical data.

n October 1, 1999. On this date, the federal government will enter its fiscal year 2000. If systems are not remediated, federal programs from defense to Medicare to payments on the national debt will be affected.

n January 4, 2000. On the first working day of the year, corporate and government America will turn on most of its desktop computers after a long millennium party weekend.

n February 29, 2000. Computers may be challenged by the leap year problem. Most programmers know the two most common rules for calculating leap years: any year evenly divisible by four is a leap year, except years that are also divisible by 100. So 2000 would not be a leap year except that a third, lesser-known rule cancels out the first two: any year divisible by 400 is a leap year, including the year 2000. Computers that have not been programmed to recognize 2000 as a leap year may fail on February 29.

n December 31, 2000. This date signals another leap year problem. Some computers work by counting the number of days in the year. If they are not programmed to know that 2000 is a leap year, the machines will go haywire when they reach Dec. 31, 2000, the seemingly impossible 366th day of the year.

LIABILITY AND LITIGATION
One of the biggest stumbling blocks in dealing with the year 2000 crisis has been trying to establish an accurate picture of the extent of the problem. Many companies have been advised by their legal departments not to share any data on remediation efforts, so they won’t provide possible plaintiffs with a road map for litigation. By the end of February 1999, 38 cases had already been filed, and the Gartner Group estimates that another 711 lawsuits are at the pre-filing stage. Lloyds of London has estimated that litigation costs resulting from Y2K failures could exceed $1 trillion.

In order to facilitate information sharing in this litigation-happy environment, the Year 2000 Information and Readiness Disclosure Act—known as the Good Samaritan bill—was passed in October, 1998. This act offers companies safeguards against liability when sharing information about year 2000 products and procedures. The act does not, however, protect companies when their products fail. If a company claims its product will fix the Y2K bug and it fails, the company is still liable for any damages incurred.

Despite the good intentions of its proponents, this act has done little to actually persuade companies to share information. Many critics charge that it is too vague to provide adequate protection from litigation.

GLOBAL DIMENSIONS
Even though there has been an increased sense of urgency on the part of management over the past six months, many top managers still tend to see Y2K as a computer problem best left to the information technology division. Unfortunately, this shows a clear lack of understanding about Y2K’s global dimensions. A recently released report from the Senate Special Committee on the Year 2000 Technology Problem warns that "a misconception pervades corporate boardrooms that Y2K is strictly a technical problem that does not warrant executive attention. Some government sectors lack clear directives and policies on Y2K"3

Politicians have found it just as difficult to take this problem seriously. Only two heads of state have publicly spoken out on this subject: British Prime Minister Tony Blair and U.S. President Bill Clinton. At the last Group Eight meeting in May 1998 in Birmingham, England, leaders of the industrial nations and European heads of state added a short paragraph to their communiqué calling for a joint meeting on the millennium problem. That was over a year ago, and the proposed meeting has yet to be scheduled.

This lack of government leadership has drawn a lot of criticism. The European governments have been accused of failing to protect their citizens against fallout from the millennium computer bomb. Prove It 2000—a U.K.-based supplier of millennium software—claims that at least 10 percent of the 384,000 U.K. companies that rely on computers to do business will be forced to go into liquidation as a result of system failures. A recent survey by Cap Gemini concluded that time is running out for remediation and that governments should concentrate their efforts on fixing only their mission critical systems and making contingency plans for possible failures.

n United States. The United States is far ahead of the rest of the world in its remediation efforts. Most companies were late getting into the game, but there has been an exponential growth in the level of awareness and effort. The federal government, for instance, has moved from 35 percent compliance of their mission-critical systems to 92 percent compliance in the last 12 months. Despite this progress, much remains to be done. Several state and local governments lag in their Y2K efforts, which may result in an interruption of services. The federal government is expected to spend in excess of $7.5 billion, nearly twice as much as originally estimated, but will still not be able to renovate, test, and implement all its mission-critical systems. Yet, a wholesale failure of federal government services is unlikely.

In the private sector, large companies, especially in the financial industry, have made substantial inroads in dealing with Y2K. On the other end of the spectrum, very small businesses may well survive using manual work-arounds. Small and medium-sized businesses are most at risk. In a recent survey, the Senate Special Committee on the Year 2000 Technology Problem found that 40 percent of 14 million small businesses do not plan to take any action at all.

On March 2, 1999, to facilitate remediation by small businesses, the Senate approved the Small Business Year 2000 Readiness Act (S. 314), which requires the Small Business Administration to establish a limited-term loan guarantee program.

n Latin America. Since 1998, Latin America has been in the throes of a recession and has made little progress on Y2K. In countries such as Brazil, the recent wave of privatizations relieved the government of direct responsibility for much of the infrastructure, leaving the new owners to deal with the problem.

A report released by the World Bank in January 1999 found that not a single country in Latin America was on schedule in dealing with Y2K. In fact, most are still in the planning stages of the process. According to the report, two countries—Ecuador and Guatemala—have not even begun planning for Y2K. In a number of countries, including Venezuela, Ecuador, and Columbia, falling oil prices are further compounding the problem. Declining oil revenues have decimated budgets, allowing little money to be allocated for Y2K remediation.

Mexican officials recently claimed that all of Mexico’s systems would be fixed well before the turn of the century. However, the U.S. Senate charges that Mexico’s remediation efforts have fallen months, if not years, behind schedule. Due to the close trade ties between the United States and Mexico, major disruptions in Mexico could have dire repercussions for the United States.

n Western Europe. Even though Western Europe is in relatively better shape than most of the other regions of the world, the level of Y2K understanding, awareness, and concern is very uneven. The Netherlands, the Scandinavian countries, Ireland, and Great Britain are making good progress, while other countries, such as Italy, have just begun to consider the problem.4

Earlier this year, the European commission released a report that claimed member countries had made significant progress in the last six months of 1998. Areas of concern identified in the report were the health care industry and Europe’s network of railways.

European banks, which depend heavily on computerized transactions, are at the forefront of Y2K preparation. Recently, the banks carried out extensive testing on the computer systems that clear checks, deposit salaries, and pay bills. Reportedly, the test went smoothly. Nevertheless, following the U.S. Federal Reserve’s example, the Bank of England plans to print an extra 15 million pounds in case there is a run on banks.

n Russia. While Russia has a large pool of programmers, its Y2K effort lacks coordination and funding. Last February, Alexander Krupov, chairman of the Russian Central Communications Commission, estimated that Y2K remediation would cost around $3 billion—six times the original estimate. Despite continued pressure from abroad, Russia still seems slow in taking the problem seriously. There has been a distinct lack of coverage of the Y2K issue in the Russian media, resulting in limited public awareness.

Of gravest concern are Russia’s nuclear reactors. U.S. Department of Energy analysts have found them to be among the most ill-prepared to deal with Y2K. It is difficult, if not impossible, to find the designs for the reactors, and many of the vendors who originally supplied the equipment went out of business after the fall of the Soviet Union. Problems in the electrical power grid could also cause difficulties in properly shutting down the reactors unless an adequate fuel supply is on hand to power the emergency generators. If these issues are not dealt with, a fuel meltdown is possible.

Another big concern is Russia’s Gasprom Natural Gas Pipeline Network. Highly susceptible to Y2K, this network supplies nearly 50 percent of the total energy consumed by Russia, almost 15 percent of Eastern Europe’s total energy consumption, and 5 percent of Western Europe’s. If Gazprom were unable to transport and export natural gas next winter, it would have serious humanitarian consequences.

n Asia. Asia is also struggling to bring the year 2000 problem under control. But due to the Asian financial crisis, many companies in Asia can’t find the necessary financial resources for their Y2K remediation efforts. At the second Global Y2K Summit, which took place in Manila on March 3, 1999, 18 Asia-Pacific nations sought funding for Y2K projects from the World Bank.

Some countries in Asia, particularly China, are faced with a different aspect of the Y2K problem al- together—their reliance on pirated software. Close to 90 percent of the software used in China is pirated, especially the software used in government offices and state-owned enterprises. As a result, agencies and companies do not have the source code to remediate it. In some cases, the software was designed for a specific customer, and commercial off-the-shelf fixes are, therefore, of little help. The Chinese government has threatened to hold organizations criminally responsible for any failures at the turn of the century. Despite this threat, it’s likely that China will experience failures in key sectors of its economy.

In Japan, major telecommunications and financial companies have invested heavily in fixing their Y2K problems. Japanese banks have budgeted close to $1 billion for 1999 Y2K remediation. Japan, however, faces a unique problem because in some instances it uses the Imperial calendar, not the Western calendar. Some of its citizens who use the Imperial calendar therefore believe Y2K will not affect them even though their computers may be running on Western time.

n Middle East. Most Middle East countries and firms have a basic understanding of the Y2K problem. Although nearly every country in the Middle East has established a Y2K committee or task force, most were established within the past year.   As a result, private industry is approximately 18 to 24 months behind in its compliance efforts, according to a recent Office of Economic and Cooperative Development report.5

GLOBAL MARKETS
Global markets are extremely dependent on just-in-time manufacturing and delivery. Most companies no longer have storage capabilities for critical supplies. If one component of the supply chain were to malfunction, it could slow down or even shut down a manufacturing plant. At the very least, there would be delays in getting products to customers.

Ports and the shipping industry could also disrupt markets. Nearly every ship is custom built and must be individually assessed and inventoried for Y2K problems. Maritime shipping operational safety is at greatest risk during entry and exit from port. As a result, a number of ports have considered not allowing ships to enter on January 1, 2000. The officers at the Panama Canal, for instance, have declared that no ships will be allowed to enter the Canal’s locks on December 31. In his Senate testimony, Lawrence Gershwin warned that "widespread failures of waterborne commerce carriers could also have significant impacts on the supply of food and commercial goods, resulting possibly in severe economic disruption."

An example of the high economic cost caused by a systemwide computer failure is the shutdown of the Hong Kong Airport shortly after it began operations in July 1998. For two weeks, the airport was not able to function properly, which resulted in a loss of $590 million.

GLOBAL SECURITY
With the increasing interconnectedness of military information systems, especially in the area of command and control, Y2K poses a serious national security threat. As Defense Secretary William Cohen has pointed out, the United States is the world’s most technologically vulnerable country and, due to Y2K, it will be most defenseless at the beginning of the new millennium. The fear is that possible adversaries will attack U.S. systems on January 1, 2000, using Y2K glitches as cover for their intrusions. Furthermore, there is no way to review all the remediated code for possible trap doors that would allow free access to defense systems or viruses, which could crash them.

Foreign strategic missile systems, especially in Russia and China, could possibly experience Y2K-related failures. Experts agree that the likelihood of accidental missile launches is slim to none. The real problem lies in the early warning systems. Russia is especially vulnerable in this area. With the breakup of the Soviet Union, Russia lost a large number of the radar systems that were an integral part of its early warning system. As a result, it now relies mainly on satellite systems, which are expensive and difficult to fix. This could lead to incorrect information being transmitted or received or to computer screens going blank altogether. To prevent Russia from believing that it is under attack when in fact it is working with erroneous data, the United States has offered to set up a joint early warning facility with Russian experts at Colorado Springs. However, due to the controversy surrounding the NATO attack in Kosovo, the future of this collaborative effort is in question.

FUTURE RISKS
Even though tremendous progress has been made during the past year in tackling the Y2K computer crisis, much remains to be done. In the United States, 13 federal agencies have reached 100 percent compliance of their mission-critical systems. Other agencies, including the departments of Defense and Health and Human Services, are expected to be ready by the end of the summer.

The greatest vulnerability lies in the small and medium-sized businesses that lack the funding and expertise to tackle the problem efficiently. Any company that is just beginning to deal with the Y2K issue has no choice but to make contingency plans if it wants to survive.

Internationally, the situation is more grim. A number of regions of the world are in the midst of an economic recession, making it difficult to focus on Y2K. Even though nearly every country has set up a Y2K office, implementation is slow. Due to the global nature of society, noncompliance in even a single country can create ripple effects throughout the world. Hence, the need for international cooperation is paramount.n

Arnaud de Borchgrave is senior adviser and Stephanie Lanz is a research associate at the Center for Strategic and International Studies in Washington, D.C.

1. James Woodward, Testimony before the Senate Special Committee on the Year 2000 Technology Problem, Washington, DC, March 5, 1999.

2. Ibid.

3. U.S. Senate Special Committee on the Year 2000 Technology Problem, "Investigating the Impact of the Year 2000 Problem," Washington, DC, February 24, 1999, p.3.

4. Italy’s Comitato 2000 held its first press conference on January 14, 1999. The reason for Italy’s seeming complacency is that it is far less reliant on computers than other Western nations. Only about 50 percent of Italy’s public sector is computerized.

5. "Y2K: The Middle East and South Asia—A Status Report," CSIS Y2K Watch, December 14, 1998.

forumsquare.GIF (154 bytes)

FORUM Homepage

Table of Contents