ITAA's Year 2000 Outlook October 30, 1998 Volume 3, No. 40 Published by the Information Technology Association of America, Arlington, VA Bob Cohen, Editor bcohen@itaa.org Read in over 80 countries around the world ITAA's Year 2000 Outlook is published every Friday to help all organizations deal more effectively with the Year 2000 software conversion. To create a subscription to this free publication, please visit ITAA on the web at https://www.itaa.org/transact/2ko utlooksub.htm. To cancel an existing subscription, visit https://www.itaa.org/transact/2kremove.htm. ITAA's Year 2000 Outlook is sponsored in part by CACI International Inc., DMR Consulting Group Inc., and Y2Kplus With Moratorium Looming, DoD Battles Bug The Department of Defense is battling a byte-sized enemy and the outcome of the struggle is anything but clear. The foe in this case is the millennium bug, which could impact military systems from missiles to electronic messages. DoD owns 40 percent of the federal government's mission critical systems and over half of all government systems now undergoing repairs. The military will spend an estimated $2 billion making the fixes, far more than any other government agency. Despite the stakes involved, DoD does not appear to be winning many battles-much less the war. The Defense Department reports 51 mission critical systems behind schedule and 69 such systems in danger of missing Uncle Sam's March 1999 completion deadline . The Office of Management and Budget has categorized Defense along with the low-tech Departments of Education and State and the tech-challenged Department of Transportation as "tier one" agencies-those "where there is insufficient evidence of adequate p rogress." To rally the troops, Secretary of Defense William Cohen warned in August that he will impose a moratorium on non-Y2K related software modifications if repairs do not indicate adequate progress by November and December. November is almost here, and now th e question is whether Cohen will need to make good on his threat. Clearly, some hungry and frustrated Y2K contractors seem to think so. But they also kick the moratorium threat into the same chasm they see formed between what the top brass says about the Year 2000 and what the servicemen and women on the ground are exp ected to do. "Nobody I've talked to gives [the moratorium] credence," says one industry observer from a major aerospace firm. "If it happens, great, until then it's not worth the paper it's written on." This beltway warrior sees the problem starting at the top and he would take no prisoners. "I'd fire the lot of them," he said, referring to the generals in charge of the military's Y2K programs. His first hand conversations with these officials convince him that they just don't care enough about the computer crisis. "The military is famous for its paper drills," he says, "but not a lot of fixing code." The brass have taken their collective eye off this digital curve ball because, "Year 2000 does not h ave the cache required in order to move their careers forward." He described one general officer in particular who did not see Y2K as a top priority. As a result, he set up a "paper drill." When the paper began to report a lack of progress, he fired the subordinate making the reports. "You don't get three stars b y being some dumb guy from the sticks," this contractor says. Or by sticking around too long. The military's "two-years up and out" mentality has contractors claiming that lower ranking personnel will be left holding the Y2K bag. "There is a chasm between the direction from above and what the agencies and organiza tions are doing," says another contractor. "Some Air Force organizations, for instance, have wonderful websites with lots of information. But the people on site say they are way behind. It's a face saving kind of thing." An industry source says that Y2K programs are stuck at the program level with no money to make the necessary fixes. A junior officer is often put in charge of these efforts, in part because, according to one critical observer, "the feeling is that you ca n afford to take the hit earlier in your career." A Pentagon source agrees that Y2K program responsibility has been delegated too far down in the ranks, but he says apathy and unawareness are more at fault than career preservation. "Action officers for Y2K up and down the line have been 03s, 04s and 05s [captains, majors, and Lt. Colonels in civilianspeak] rather than flag officers…Now the situation is radically changed with infinitely more flag officers working this problem than there were in June." He continued, "All over the world [generals and admirals] sat down this summer and went through a mental transition. When they get an understanding of Year 2000, their common reaction is 'Wow, this is worse than we thought.'" If the military is mobilizing now, this Pentagon source says it's because command of the operation has shifted from headquarters to the field. "OSD and the military departments have shot their wad and now [Y2K] is in the hands of the combatant commands a nd system users. For better or worse, the focus of action is shifting." Even so, this source says DoD's attempts to manage the Y2K program out of the Pentagon is not a one-sided defeat. Rather, he says, it's a story with both heroes and losers. "It's fair to say that a lot of effort has gone into the conversion process at t his point, but we are way behind as everyone knows." Part of it is the inherent complexity of the massive job, but he adds that this responsibility has been tended to with a "mixed bag" of management. "The C3I operation has not been particularly effective. No one would disagree. That it was run on a shoestring is just incredible. There was a drastic underestimation of the difficulty," this DoD source says. Although the small full-time staff assigne d to the Y2K program by the Office of the Secretary of Defense "worked like wild men" to make progress, "they were so over matched by the size of the problem. It's unfortunate that it has taken C3I until this fall to realize not enough players are invol ved." The hit or miss nature of the military's proposition has some vendors troubled. "Most large systems have a budget to maintain code," one industry observer says. "A ten million line of code system might have a small number of bodies assigned to it, maint aining three to five percent of code a year. Now they are being asked to run through 100 percent and fix the Y2K problem with no additional budget and existing staff. That means manual remediation." And that could mean lots of mistakes. Some more impo rtant than others. "If an MIS code fails, so what? In a C2 system, I'm probably better off going back to a grease pencil and whiteboard." Embedded systems? "They are a mess," this contractor says. Not so says one officer at NORAD. At least not from his vantage point. He says testing of systems components began 18 months ago and the results have been very successful. "We're doing fine," he says, "No major concerns whatever." He says his command is focused on both "mission critical" and "mission essential" systems, including embedded systems. This officer asserts that his command is spending the necessary resources and redirecting funds from other programs to make the repairs happen. He says op erational evaluations are starting now with clocks rolled forward to simulate January 1, 2000. One of the problems the Department faces is system complexity and the inter-reliance built up between service components. One contractor says the client/server implementation his firm is remediating for the Air Force is moving right along, but "other sys tems from other agencies in the area you can't get information about." Even when one system's successful operation depends on another. An intelligence photo, for instance, might have to pass through multiple telecom and satellite links, receivers and PC s before it reaches the war fighter. Each link in the chain could be the responsibility of a different defense component. Getting Y2K compliance information within the military is a real concern, this contractor says. Why the communications hang-up? "Sometimes they haven't started….It's very difficult to find program managers for these systems and to get information. They don't want to talk about it." And that's not all the government doesn't seem to want to talk about. One contractor complains of answering a Navy request for proposal back in February for Y2K services. He is still waiting to hear the outcome. "Contracting shops don't have a sense of urgency," he says. "They view this as a normal IT type of job." So will the moratorium ax fall on DoD software projects next year? "If OSD doesn't follow through, they will loose a lot of credibility," the Pentagon source says. "[Deputy Defense Secretary] John Hamre is not indecisive. It will be risky to get up in front of him and say, 'I'm not going to make it because I was doing other things.' It will be very useful to have a couple of people stick their heads in the noose." Of course, whether Hamre, Cohen or anyone else gets that information is another issue. "One of DoD's big problems has been getting accurate reporting on status," the Pentagon source notes. And in the end, getting that bigger picture on DoD's Y2K prepare dness may be the most difficult task of all. The Pentagon source says Hamre has been candid beyond the point anticipated by "run of the mill bureaucrats" and they should take their cue from it. Pointing to the difference between the military's public and private discourse on the Y2K issue, this person notes, "It serves no useful purpose to say everything is great and under control. We've had no operational evaluations. Until then, how does any one really know? No one really understands where we are…how serious the risks are…There are a multitude of possibilities and scenarios." So what's the bottom line? Last word goes to the Pentagon insider: "Do the best you can with identifying, fixing, testing and reacting to the problem. Then you cross your fingers." Attorney Pulls No Punches in Assessing Y2K Blame Call it the Rocky Mountain low. The IT industry received a sobering look at how the plaintiffs' bar views the Year 2000 situation at a conference this week. To provide the fullest possible view of the litigation landscape, ITAA invited Milberg Weiss Att orney Robert Wallner to participate in a panel discussion of Y2K legal issues at its Strategic Solutions '98 Conference in Colorado Springs. Wallner came out of the box swinging. "The IT community is attempting to escape liability for a problem it created," Wallner said, accusing the industry of blame shifting and lawyer bashing. The attorney said the industry talks about plaintiffs theories "as if plaintiffs are some hoard of pe ople doing unfair things. Who are plaintiffs? Innocent people. Consumers who relied on the IT community to provide defect free software." Wallner took exception with suggestions that users have responsibility for the Y2K problem or that the problem is essentially no-fault. "There is fault and it lies in the IT community," he said. Current Y2K litigation has defendants coming and going on the issue, he suggests. Some software companies claim the lawsuits have been brought too early-the Year 2000 rollover hasn't occurred yet; others say the customer's 90-day warranty has expired, th erefore, and the lawsuits are too late. "What the defendants are doing is attempting at any cost to escape liability and that is wrong," Wallner said. He also criticized companies that charge for software upgrades including the Y2K fix. "I don't believe the IT community has the right to dicta te when a consumer should upgrade." He called it an economic and business decision, not a move that should be forced by a product defect. Wallner also said firms charging for a Y2K fix are exploiting the situation. "Is it appropriate for them to exploi t the defect they created?…There is something inherently wrong about an IT company which has the expertise and advertising its expertise to knowingly market a defective product and then telling the consumer 'You have got to pay for it.'" Others speaking on the panel included Paul Alexander, an attorney with Heller, Ehrman, White & McAuliffe and ITAA's Senior Vice President and General Counsel Marc Pearl. Both attorneys focused on the need to work with customers, share information, fix sy stems, and seek alternatives to litigation. "When there is a contractual dispute, litigation will not fix a system," Pearl said. The attorney said the situation comes down to the achievement of one's objectives. "If your objective is to collect a dime on the dollar, make insurance claims, sue for mer business partners, push ourselves into litigation corners and come out fighting-if that's your objective, we'll probably use the Y2K issue to achieve that. If, however, your objective is to get the problem fixed, to move ahead, to maintain business partners and business relationships…to stay in business…the way you stay in business is not to sue but to remediate." GAO Report Finds Y2K Worker Worries Unclear A new General Accounting Office report says it's unclear whether or not a lack of Y2K workers is endangering the federal government's Y2K program. While half of big agencies and a quarter of small agencies and independent entities express such fears, GAO says comments are anecdotal and an analytical assessment remains to be done. The GAO calls on the Office of Management and Budget to solicit this type of information from agencies. One perceived problem agencies expressed is difficulty in obtaining con tractors. Closer to Home ITAA announced this week three new certifications: Best Software, Inc. of Reston, VA, SITA EQUANT, (Central Information Systems Division) of Puteaux, France and TD Service Financial Corporation, (Information Technology Department) of Santa Ana, Californ ia. ITAA*2000 is the industry's century date change certification program. The program examines processes and methods used by companies to perform their Year 2000 software conversions. Best Software, Inc., SITA EQUANT, and TD Service Financial Corporat ion participated in rigorous evaluations of their approaches to date conversion, with extensive analyses in eleven discrete process areas deemed necessary to a successful Year 2000 conversion. To learn more about the ITAA*2000 Certification program, plea se visit the website at: http://www.itaa.org/2000cert.htm Business to Business Pinnacle Decision Systems is working with State of New Jersey on the migration of applications built in the Focus language to year2000-compliant levels. Texas Health Resources is co-sponsoring a one-day Healthcare Year 2000 conference with Rx2000 and Gardere and Wynne, L.L.P., November 12 in Dallas and November 13 in Houston. ITAA Y2K Information Center Solution Providers Directory http://www.itaa.org/script/2000vend.cfm ITAA*2000 Certification Program http://www.itaa.org/2000cert.htm Outlook Archive http://www.itaa.org/script/get2klet.cfm Legislative and Litigation Table http://www.itaa.org/Y2Klaw.htm Calendar http://www.itaa.org/y2kcal.htm Vendor/User Status Questionnaires http://www.itaa.org/questmain1.htm Copyright ITAA 1998. All rights reserved. The Information Technology Association of America, 1616 N. Fort Myer Drive, Suite 1300, Arlington, VA 22209. Internet: http:\\www.itaa.org