STATEMENT OF JACQUELYN L. WILLIAMS-BRIDGERS INSPECTOR GENERAL OF THE

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

STATEMENT OF JACQUELYN L. WILLIAMS-BRIDGERS INSPECTOR GENERAL OF THE DEPARTMENT OF STATE, ARMS CONTROL AND DISARMAMENT AGENCY, AND UNITED STATES INFORMATION AGENCY, INCLUDING THE BROADCASTING BOARD OF GOVERNORS

THE YEAR 2000 COMPUTER PROBLEM: GLOBAL READINESS AND INTERNATIONAL TRADE

BEFORE THE

SPECIAL COMMITTEE ON THE YEAR 2000 TECHNOLOGY PROBLEM

UNITED STATES SENATE

July 22, 1999

Mr. Chairman and Members of the Committee: Thank you for the opportunity to testify before your committee on Year 2000 (Y2K) global readiness and international trade. The Y2K problem is one of the most challenging project management and systems conversion efforts ever faced by the world community. As you know, the Department's challenge in addressing Y2K extends well beyond its Washington headquarters, because failure of systems in countries hosting U.S. Government organizations and U.S. businesses has the potential to disrupt this country's ability to carry out its foreign affairs agenda and protect U.S. interests abroad in the year 2000. In the context of this hearing, those interests include the conduct of international trade, which is threatened by potential Y2K-related failures in key infrastructure sectors, such as telecommunications, transportation, and energy.

SUMMARY

At your March 1999 hearing on international Y2K issues, I provided an overview of global Y2K readiness based on host country assessments developed by U.S. embassies and on our own visits to 25 sites in 20 countries. My testimony discussed Y2K readiness in terms of the varying levels of progress the different countries had made in assessing and fixing their systems-and the message was decidedly mixed: * Industrialized countries were well ahead of the developing world; however, some of those locations were at risk of having Y2K-related failures because they were late in establishing Y2K leadership at the national level, and because they were heavily reliant on computer technology in key sectors;

* Developing countries generally were lagging behind and were struggling to find the financial and technical resources needed to resolve their Y2K problems; and

* Former Eastern bloc countries were late in getting started and were generally unable to provide detailed information on their Y2K programs.

Over the past 4 months my office has continued to be actively engaged with the Department of State and our embassies and consulates overseas to assist them in meeting the millennium challenge. Of particular interest to your Committee, my office has also continued to assess Y2K readiness in the international arena. For this hearing on Y2K and international trade issues, we are providing our assessment--based on information from our embassies, from our own visits, and other sources--of the risk that Y2K might cause failures in key sectors in countries around the globe. With less than 6 months to go before the date change, the message again is mixed:

* Approximately half of the 161 countries assessed are reported to be at medium to high risk of having Y2K-related failures in their telecommunications, energy, and/or transportation sectors. The situation is noticeably better in the finance and water/wastewater sectors, where around two-thirds of the world's countries are reported to have a low probability of experiencing Y2K-related failures;

* Industrialized countries were generally found to be at low risk of having Y2K-related infrastructure failures, particularly in the finance sector. Still, nearly a third of these countries (11 out of 39) were reported to be at medium risk of failure in the transportation sector, and almost one-fourth (9 out of 39) were reported to be at a medium or high risk of failure in the telecommunications, energy or water sectors;

* Anywhere from 52 to 68 developing countries out of 98 were assessed as having a medium or high risk of Y2K-related failure in the telecommunications, transportation, and/or energy sectors. Still, the relatively low level of computerization in key sectors of the developing world may reduce the risk of prolonged infrastructure failures; and

* Finally, and similar to the developing world, key sectors in the Newly Independent States and other former Eastern bloc nations, are a concern because of the relatively high probability of Y2K-related failures.

These assessments suggest that the global community is likely to experience varying degrees of Y2K-related failures in every sector, in every region, and at every economic level. As such, the risk of disruption will likely extend to the international trade arena, where a breakdown in any part of the global supply chain would have a serious impact on the U.S. and world economies. In light of all this, the challenge now facing the United States is to encourage and facilitate contingency planning by individual countries, their regional partners, and by international organizations such as the United Nations. Department of State International Y2K Efforts

The Department of State has long recognized that the potential for Y2K vulnerability is not restricted to its domestic operations and has implemented measures to assess the Y2K readiness of all countries where the United States has a diplomatic presence. These measures include the following:

* In November and December 1998, the Department's embassies and consulates used a standard survey to collect information on the effectiveness of host countries' Y2K programs, vulnerability to short-term economic and social turmoil, reliance on technology in key infrastructure sectors, and the status of Y2K correctional activities. The information from this survey, as well as from other sources, such as the World Bank, United States Information Agency, and this office as well, was analyzed by staff under the direction of the National Intelligence Council.

* On January 29, 1999, the Department issued a worldwide public announcement on the Y2K problem to inform U.S. citizens of the potential for problems throughout the world because of the millennium "bug." The notice cited specific areas of concern, including transportation systems, financial institutions, and medical care, as activities that may be disrupted by Y2K-related failures. Further, this announcement goes on to warn that all U.S. citizens planning to be abroad in late 1999 or early 2000 should be aware of the potential for problems and stay informed about Y2K preparedness in the locations where they will be traveling.

* In February 1999, the Department provided all of its embassies and consulates with a Contingency Planning Toolkit. The posts were instructed to use the toolkit to assess the probability that Y2K-related failures might occur in key infrastructure sectors, including finance, telecommunications, transportation, energy, and water/wastewater treatment. Based on this assessment, posts were to develop contingency plans and identify the resources (generators, radios, etc.) needed to handle Y2K-related emergencies. As of the end of June 1999, nearly all of the Department's posts had completed their host country infrastructure assessments and developed draft contingency plans.

* In June 1999, the Department provided additional instructions to its embassies and consulates on how they should approach host governments concerning Y2K issues. Posts were asked to discuss with the host government its assessment of Y2K readiness in the country; gain a deeper understanding from the local authorities about what remedial actions and/or contingency plans are contemplated; and inform the host government that the Department has a responsibility to notify American citizens if it is aware of credible and specific threats to their safety and security, including Y2K problems in critical sectors. The Department hopes that approaching all countries now with this information will spur them to either correct the problems or to take remedial actions, such as contingency planning.

In mid-August of this year, the Department plans to notify select host country governments of its concerns about Y2K-related problems that could affect American citizens living or traveling in those countries. The Bureau of Consular Affairs will bring these concerns to the attention of the traveling public in September, when it issues Consular Information Sheets concerning Y2K.

OIG Year 2000 Oversight Efforts

International Y2K Efforts: Host Country Preparedness My office has continued its activities in international Y2K issues through our efforts to engage host country representatives and promote information sharing and cooperation. We analyzed Y2K Host Country Infrastructure assessments submitted over the past 2 months by U.S. embassies in 161 countries: 98 in the developing world, 24 from former Eastern bloc countries and the Newly Independent States, and 39 from industrialized countries.

OIG has continued to meet with host country Y2K program managers; representatives from key infrastructure sectors, such as utilities, telecommunications, and transportation; and with private sector officials to discuss their respective Y2K programs and to share information. A summary of OIG international Y2K site visits is provided in Table 1.

The information we collected about host country readiness provides general insight into a host country's efforts to reduce the impact that Y2K-related failures might have. This information represents the situation at a particular point in time. OIG visits began in September 1998, and the situation in some of those locations may have changed since then.

OIG has provided information summaries on each of these countries to appropriate Department staff, the President's Year 2000 Conversion Council, the United States Information Agency, congressional committees, and to other foreign affairs organizations.

Results of OIG International Y2K Risk Assessments Based on our work in the countries cited above and on our assessment of other information provided by the Department, a number of themes have emerged relating to the potential impact the Y2K problem may have in the global arena. Our work has resulted in the following findings:

Significant Risk of Y2K-Related Infrastructure Failures Worldwide

With less than 6 months to go before the Y2K date change, approximately half of the world's countries are reported to be at medium to high risk of having Y2K-related failures in their telecommunications, energy, and/or transportation sectors. As shown in Table 2 below, the situation is noticeably better in the finance and water/wastewater sectors, where about two-thirds of the world's countries are reported to have a low probability of experiencing Y2K-related failures. The financial arena is considered to be at low risk from Y2K in most countries; however, worldwide, the finance sector is vulnerable because of its reliance on other, more risky sectors, including energy and telecommunications.

Low Risk of Y2K-Related Failures in Most Industrialized Countries

Industrialized countries were generally found to be at low risk of having Y2K-related infrastructure failures, particularly in the finance sector. As Table 3 shows, however, nearly a third of these countries were reported to be at medium risk of failure in the transportation sector, and almost one-fourth were reported to be at a medium risk of failure in the telecommunications, energy, or water sectors. Because industrialized countries are highly dependent on computer technology in every sector, the potential impact of Y2K-related problems is much higher than in the developing world. Some examples of problems or issues found in our evaluation of industrialized countries' Y2K readiness are as follows: * During our visit to Malaysia, we learned that the banking, electricity, and transportation sectors were generally in the advanced stages of remediation (fixing or replacing a system) and testing. Further, the government and business sectors are developing organizational, sector, and national contingency plans as part of their Y2K preparations. There is some concern about the Malaysian telecommunications sector, which was about 79 percent through the remediation stage as of May 1999, because of a lack of detailed information. * During our visit to Seoul, we learned that except for banking and telecommunications, the public and private sectors of Korea got off to a late start in addressing Y2K issues. Now, both the government and private sector organizations are reporting remarkable progress in remediating and testing their systems. However, we are concerned that the late start and the economic recession (which has also affected other Asian countries) means they may not be able to complete all necessary work and do a thorough job of remediation and testing. * Taiwanese authorities and large business enterprises have made a great deal of progress in addressing Y2K issues. During our visit to Taipei, we were told that key parts of the infrastructure appear to be in compliance or close to it, and the government is preparing its contingency plans for water, transportation, and power. For example, the Central Bank and the Bank of Taiwan were tested and certified by the Ministry of Finance in April 1999. However, the Y2K readiness of small and medium enterprises as well as small medical facilities remains a big question. * A June 1999 embassy assessment of one European country, which will be hosting many large-scale millennium events that will be attended by thousands of Americans, expressed skepticism about the country's telecommunications sector because of a lack of information. The assessment further noted that water and wastewater efforts were inconsistent, health care preparations were inadequate, but finance was in good shape. * The Y2K readiness of ports and the ships entering those ports continues to be a worldwide concern. For its part, the French Ministry of Transportation has indicated it does not support closure of French ports on December 31, 1999. It suggests that ships moored in French harbors do not attempt to maneuver on December 31, 1999. Ports and the French Navy will have emergency tugboats on red alert on December 31, 1999 should a ship come ashore. * At a roundtable discussion in one Middle Eastern country, businessmen expressed concern about the country's preparedness for Y2K and the potential effect on business. In addition to potential problems with utilities (water and power supply) and telecommunications, the business leaders were concerned about medical services, food distribution, and the aviation system. One report suggests that water may be the weakest link in Y2K preparedness in the region. A Y2K expert in a major city in this country advised that the city only has a 1-day supply of water and noted that staff responsible for the desalinization plants decided to turn the computers back to the year 1995, "until they can figure out how to fix the problem." * Contrary to the bad press concerning Japan's Y2K readiness, during our visit to Japan in May of this year, we concluded that Japanese ministries and companies had been working quietly towards compliance, but until recently little information on their progress was available in English. The Japanese acknowledge they got off to a late start in addressing Y2K, and this may hamper their ability to thoroughly address the problem before the end of the year.

Higher Risk of Y2K-Related Failure in Developing Countries

Anywhere from 52 to 68 developing countries out of 98 were assessed as having a medium or high risk of Y2K-related failure in the telecommunications, transportation, and/or energy sectors, as shown in Table 4. Although the financial sector was rated as a low risk in about 60 percent of these countries, its ability to continue functioning is questionable because of its heavy reliance on other sectors, such as telecommunications and energy, which are more likely to have Y2K-related problems. The relatively low level of computerization in key sectors of the developing world may reduce the risk of prolonged infrastructure failures. Examples of some specific problems or issues facing developing countries are as follows: * There is reported progress in India's Y2K readiness in the last 6 months, especially in the critical sectors of banking and finance, civil aviation, and telecommunications. But nowhere is the Y2K process complete, and contingency planning has barely begun. Most worrisome is the potential vulnerability of the 70 percent of the electrical power sector controlled by the State Electricity Boards, large parts of which only now are beginning basic inventories and assessments. However, the power companies we contacted during our visit reported no Y2K issues in generating, transmitting, and distributing electricity. * There is now cautious optimism concerning Y2K readiness in China, compared to the situation a few months ago. China's Y2K representative and other speakers at a Y2K conference in Beijing in May expressed confidence in China's electric grid, but also expressed concerns about the effect of Y2K on railroad freight, medical devices, and embedded chips. Following the conference, a Y2K article in the May 25, 1999, People's Daily decried widespread public ignorance and apathy about Y2K in China. The journalist estimated that 70 percent of the large- and medium-sized manufacturers in China do not take Y2K seriously. The author also noted that China may be vulnerable because of its use of many obsolete computers and pirated software. In addition, the computer systems people sometimes do not know just what is on their system. For its part, the Chinese government is conducting a Y2K triage, focusing limited resources on critical public utilities (water, electricity, public health, and transportation) as the top priority and then on key industrial sectors. The Chinese authorities expect some Y2K problems but nothing that will put people's lives in danger or cripple the economy.

* In Vietnam, because there is a low level of computer usage, there is a relatively low threat of Y2K-related failures. Vietnam's economy is largely agrarian and based on cash, rather than electronic transactions. Further, it was difficult obtaining information about Vietnam's Y2K readiness because the government tightly controls the information and Y2K issues are not widely publicized. The government keeps certain things like maps, drawings, electrical diagrams, and financial figures a state secret. We did learn that one dam that provides about 80% of the electricity to Vietnam uses Russian equipment that probably has embedded chips whose Y2K readiness is questionable.

* On June 1, 1999, the Ethiopian National Y2K Committee advised that Ethiopia has completed its Y2K assessment, and remediation is still underway. The cost of Y2K remediation is estimated at $18.7 million. The air transport, electricity, and water sectors all appear to be compliant, but the telecommunications sector is lagging. Some sectors are testing now testing their systems for Y2K compliancy, but little attention has yet been given to contingency planning.

Significant Risk of Y2K-Related Failures in Former Eastern Bloc Countries

Finally, and similar to the developing world, key sectors in the countries that were part of the Eastern bloc including countries that were part of the former Soviet Union have a relatively high probability of Y2K-related failures. Specifically, as shown in Table 5, 14 of the 24 countries in this category were assessed as being at medium or high risk of Y2K-related failure in the telecommunications sector, 15 at medium or high risk in the transportation sector, and 17 as being at medium or high risk in the energy sector. Nearly all of the Eastern bloc countries evaluated are at least partially dependent on computers for such key sectors as finance, telecommunications, utilities, and transportation. Some examples of problems faced by countries in this category are: * On June 17, 1999, Russian President Boris Yeltsin signed a presidential decree that declares that the Y2K problem is one of the utmost urgency and assigns responsibilities to government administrators at all levels. The Duma and Federation Council followed suit with a new law that provides that owners and operators of computer equipment and systems are to be held accountable for assuring Y2K compliance. The nuclear sector reports that all safety systems are Y2K compliant, and provisions are being made to ensure that back-up power will be available. Plant operations computers may have undiagnosed problems that could force a shutdown, but we expect safety systems will work as needed. There is, however, excess generating capacity within the electrical grid, which would allow for continued provision of power to high-priority customers even in the event all nuclear power plants shut down. On the other hand, we still have some unanswered questions with respect to the telecommunications sector, and are endeavoring to learn more about possible impacts. The Department of Energy, the International Atomic Energy Agency, the International Science and Technology Center, and the International Energy Agency are all engaged, with U.S. support, in assisting Y2K remediation in Russia, the first three specifically in nuclear power plants.

* Although until recently the electricity supply has been relatively stable in Poland, there is rising concern that the country will experience limited problems due to power generation failures. Primarily, such power losses will be localized failures, easily or quickly remedied. In addition, telecommunications may be a problem. If the local telephone system fails, greater emphasis will be placed on the use of cellular phones, already prevalent in Poland. This increased use could cause an overload on the bandwidth, thereby resulting in its failure also. * One Balkan country's Y2K efforts were reported as disorganized and underfunded, but with some positives. While the telecommunications, air transportation, and financial sectors are largely compliant, or likely will be by year-end, other sectors, including water purification, rail transportation, and the all important energy sector appear to be lagging far behind. * The government of one former Eastern bloc country has assured the U.S. embassy that there will not be serious interruptions in critical sectors, including energy, transportation, water, and emergency services. The country has established a new Y2K strategy with a new Y2K commissioner; however, the program provides no deadlines and no new money, raising questions about the government's assurances about Y2K readiness.

* The official in charge of another Eastern bloc country's Y2K readiness program told embassy staff that it had the know-how to correct its Y2K problem, but lacked the financial means to implement the changes.

Need for Y2K Contingency Planning on a Global Scale

Y2K-related disruptions in the international flow of goods and services are likely, but no one knows exactly where, when, and to what extent such disruptions will occur. Because disruptions could seriously impact the world's economies, including our own, the Department of State needs to take the lead on behalf of our government in facilitating global contingency planning. In 1998, world trade totaled over $5 trillion, and the United States accounted for nearly 13 percent of that total. The global trading system consists of a complex network of suppliers, distributors, service providers, and customers. An infrastructure of energy supplies, transportation systems, telecommunications networks, and financial organizations support this system. Disruptions in this infrastructure, and the relationships among suppliers and customers, will negatively affect individuals, firms, industries, governments, and national and regional economies around the world. As I discussed earlier in this statement, our Y2K assessments suggest that the global community is likely to experience some Y2K-related failures in every sector, country, and region. The international economy is vulnerable because Y2K-related failures in the supply chains of one country or region might disrupt the ability of other countries to keep their factories working, transportation systems running, food supplied, and people employed. Work is underway around the world developing contingency plans to ensure continued functioning of governments, infrastructures, businesses, and supporting organizations within individual countries, but little is being done to consider potential supply chain disruptions originating in other countries and how they should be handled. The Department can take the lead for the U.S. Government in facilitating global Y2K contingency planning. With assistance from other Federal agencies such as the departments of Commerce, Energy, and Transportation and the Federal Emergency Management Agency, the Department needs to work with international government, industry, and consumer organizations to ensure that global contingency plans are prepared for key infrastructure and industry sectors. To do this, the Department can be most effective by leveraging the efforts of international organizations such as the United Nations, the Asia-Pacific Economic Cooperation, and other entities that have active Y2K outreach programs. In addition, this effort should include applying lessons learned from recent disasters (i.e., the December 1998 ice storm in Williamsburg, Virginia and the 1996 Kobe earthquake) in such sectors as transportation, power, and telecommunications. Further, there must be special emphasis on contingency planning for small and medium enterprises of 500 or fewer employees that represent approximately 98 percent of the supply chains in most countries. By promoting a global approach to Y2K contingency planning, the Department of State, on behalf of the U.S. Government, can help strengthen the ability of all countries to deal with potential disruptions in international trade.

OIG work within the Department of State OIG is also playing a significant role in assisting the Department to meet the millennium challenge facing their respective information technology infrastructures, including computer software, hardware, and embedded devices. The Department has recognized that it is vulnerable to the Y2K problem, and over the past 2 years has taken steps to remediate its systems and infrastructure to prevent disruptions to its critical business processes.

The Department has established a Year 2000 Program Management Office (Y2K PMO), which is responsible for the overall management of the Y2K program within the Department. The Y2K PMO is responsible for tracking and reporting on the progress being made by the bureaus in remediating systems, providing technical advice and assistance, issuing contingency planning guidance, and certifying systems for Y2K compliancy. As of May 14, 1999, the Department reported that it had tested, validated, and implemented 100 percent of its mission-critical systems. My office has assisted in establishing a process through which the Department can certify the Y2K compliancy of its mission-critical systems, by writing detailed guidelines that each bureau must use in developing application certification packages for submission to the Y2K PMO. The three-tiered process which resulted is, we understand, one of the most rigorous in the Federal Government. It provides the Department's senior management with assurance that every feasible effort has been made to prevent Y2K-related failures on January 1, 2000.

First, using the certification guidelines, the bureaus that remediate mission-critical and other critical applications conduct tests to verify Y2K compliance of each system. For the second step in this process, the complete Application Certification Packages, which include the test plans and test results, are independently reviewed by the Y2K PMO team specifically contracted for this purpose. In the final step, through an agreement with the Under Secretary of State for Management, OIG is reviewing the adequacy of all certification packages for mission critical systems before they are provided to the Y2K certification panel and approved by the Department's Chief Information Officer. This approach assures that all applications undergo strict independent verification and validation standards to prepare for Year 2000. Thus far, the OIG has evaluated and provided comments to the Department on 17 mission-critical application certification packages, and 13 of those have been officially certified.

Finally, in March 1999, the Department initiated planning to conduct end-to-end testing of its core business functions. The purpose of end-to-end testing is to ensure that the Department can maintain its core business functions on and beyond the rollover to the Year 2000. The Department's end-to-end test checks the critical transaction flows through the organization across the major business functions, applications, and vendor products that support these transactions. Toward that end, the Department has organized its end-to-end testing around five different clusters, each of which combines a number of related business functions. For example, the Business Management Cluster includes such processes as personnel actions, financial management, and logistics. The other four clusters are Passports and Global Consular Systems, Command and Control Communications, E-mail, and Security and retesting as needed. The Department plans to have completed all end-to-end testing of its five business clusters by September 30, 1999.

* * * *

In summary, Mr. Chairman, with less than 6 months to go before the Y2K date change, the global picture that is slowly emerging is cause for concern. Our assessments suggest that the global community is likely to experience varying degrees of Y2K-related failures in every sector, in every region, and at every economic level. In some countries, these failures could be a mere annoyance, such as a malfunctioning credit card terminal, while in others there is a clear risk that electricity, telecommunications, and other key systems will fail, perhaps creating economic havoc and social unrest. As such, the risk of disruption will likely extend to the international trade arena, where a breakdown in any part of the supply chain would have a serious impact on the U.S. and world economies.

At this stage, it would be prudent to recognize that Y2K-related failures are inevitable, both here and abroad. As such, the efforts by this Department and other international organizations will be instrumental in minimizing the impact that Y2K may have on the global community.

This concludes my statement. I would be pleased to answer any questions you may have.



-- ExCop (yinadral@juno.com), July 28, 1999

Answers

this week is turning out to a big downer.

Mike

=====================================================================

-- Michael Taylor (mtdesign3@aol.com), July 28, 1999.


Sorry, couldn't find this when I was looking to post the summary, so it's on its own thread at

http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=0019UO

Guess I need new glasses again.

-- Half-blind Old Git (anon@spamproblems.com), July 28, 1999.


Interesting that the energy infrastructure is identified as one of the higher risk sectors, giving that NERC would have us believe that no showstoppers were discovered during U.S. remediation. So glad they wasted their time!

-- Brooks (brooksbie@hotmail.com), July 28, 1999.

So does anyone have a URL to senate gov. website? The one I have won't let me in, says FORBIDDEN? I'll do another search, I used my bookmark from just last week.

-- Barb (awaltrip@telepath.com), July 28, 1999.

Found it again! Never mind!!!

-- Barb (awaltrip@telepath.com), July 28, 1999.


On what basis could she say that industrialised countries were at a 'low risk', and then turn around later and say that the effects of y2k failures will be greater in more technologically advanced countries? Having watched the Watergate hearings, Iran-Contra, CIA-cocaine, Waco,and the inpeachment hearings, on what basis could I say that anyone even tells the truth to Congress? This testimony is quite rich between the lines.

-- Forrest Covington (theforrest@mindspring.com), July 28, 1999.

Can somone please give the link or url for this testimony. I cant find it on the senate site.

-- (need@to.know), July 29, 1999.

Moderation questions? read the FAQ