[Senate Hearing 105-895]
[From the U.S. Government Publishing Office]
S. Hrg. 105-895
EMERGENCY PLANNING FOR THE YEAR 2000:
PREPARATION OR PANIC?
=======================================================================
HEARING
before the
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
UNITED STATES SENATE
ONE HUNDRED FIFTH CONGRESS
SECOND SESSION
on
THE PREPAREDNESS OF EMERGENCY SERVICE AGENCIES AT THE STATE, COUNTY,
AND LOCAL GOVERNMENT LEVELS
__________
OCTOBER 2, 1998
__________
Printed for the use of the Committee
Available via the World Wide Web: http://www.access.gpo.gov/congress/
senate
_______________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office
Washington, DC 20402
U.S. GOVERNMENT PRINTING OFFICE
51-565 cc WASHINGTON : 1999
SPECIAL COMMITTEE ON THE
YEAR 2000 TECHNOLOGY PROBLEM
[Created by S. Res. 208, 105th Cong., 2d Sess. (1998)]
ROBERT F. BENNETT, Utah, Chairman
JON KYL, Arizona CHRISTOPHER J. DODD, Connecticut,
GORDON SMITH, Oregon Vice Chairman
SUSAN M. COLLINS, Maine JEFF BINGAMAN, New Mexico
TED STEVENS, Alaska, Ex Officio DANIEL PATRICK MOYNIHAN, New York
ROBERT C. BYRD, West Virginia, Ex
Officio
Robert Cresanti, Staff Director
T.M. (Wilke) Green, Minority Staff Director
(ii)
C O N T E N T S
------
OPENING STATEMENT BY COMMITTEE MEMBER
Robert F. Bennett, a U.S. Senator from Utah, Chairman, Special
Committee on the Year 2000 Technology Problem.................. 18
Christopher J. Dodd, a U.S. Senator from Connecticut, Vice
Chairman, Special Committee on the Year 2000 Technology Problem 20
CHRONOLOGICAL ORDER OF WITNESSES
John A. Koskinen, Chairman, President's Council on Year 2000
Conversion..................................................... 2
Lacy Suiter, Executive Associate Director for Response and
Recovery Directorate, Federal Emergency Management Agency...... 5
Hon. Michael O. Leavitt, Governor of the State of Utah........... 25
Ellen Gordon, president, National Emergency Management
Association.................................................... 27
Maj. Gen. Edward J. Philbin, USAF [Ret], Executive Director,
National Guard Association of the United States................ 30
John Thomas Flynn, President, National Association of State
Information Resource Executives................................ 33
Bruce Romer, Chief Administrative Officer, Montgomery County, MD,
on behalf of the National Association of Counties.............. 40
Bob Cass, City Manager, Lubbock, TX.............................. 42
John S. Powell, University of California Police Department, on
behalf of the Association of Public Safety Communications
Officers....................................................... 44
APPENDIX
Alphabetical Listing and Material Submitted
Bennett, Hon. Robert F.:
Opening statement............................................ 18
Prepared statement........................................... 53
Cass, Bob:
Statement.................................................... 42
Prepared statement........................................... 58
Responses to questions submitted by Chairman Bennett......... 60
Collins, Hon. Susan M.: Prepared statement....................... 61
Dodd, Christopher J.:
Statement.................................................... 20
Prepared statement........................................... 62
Flynn, John Thomas:
Statement.................................................... 33
Prepared statement........................................... 63
Responses to questions submitted by Chairman Bennett......... 86
Gordon, Ellen:
Statement.................................................... 27
Prepared statement........................................... 87
Responses to questions submitted by Chairman Bennett......... 89
Koskinen, John A.:
Statement.................................................... 2
Prepared statement........................................... 90
Responses to questions submitted by Chairman Bennett......... 92
Kyl, Hon. Jon: Prepared statement................................ 94
Leavitt, Hon. Michael O.:
Statement.................................................... 25
Prepared statement........................................... 95
Responses to questions submitted by Chairman Bennett......... 97
Moynihan, Hon. Daniel Patrick: Prepared statement................ 98
Philbin, Maj. Gen. Edward J.:
Statement.................................................... 30
Prepared statement........................................... 99
Responses to questions submitted by Chairman Bennett......... 100
Powell, John S.:
Statement.................................................... 44
Prepared statement........................................... 102
Romer, Bruce:
Statement.................................................... 40
Prepared statement........................................... 122
Smith, Hon. Gordon: Prepared statement........................... 132
Suiter, Lacy:
Statement.................................................... 5
Prepared statement........................................... 133
Responses to questions submitted by Chairman Bennett......... 136
Additional Material Submitted for the Record
Statement of R. Michael Amyx, Executive Director, Virginia
Municipal League, on behalf of the National League of Cities... 140
Note: Responses to questions submitted by Chairman Bennett to Mr.
John S. Powell and Mr. Bruce Romer were not received at the
time the hearing was published.
EMERGENCY PLANNING FOR THE YEAR 2000: PREPARATION OR PANIC?
----------
FRIDAY, OCTOBER 2, 1998
U.S. Senate,
Special Committee on the Year 2000
Technology Problem,
Washington, DC.
The committee met, pursuant to notice, at 9:30 a.m., in
room 192, Dirksen Senate Office Building, Hon. Robert F.
Bennett (chairman of the committee), presiding.
Present: Senators Bennett, Collins, Smith of Oregon, and
Dodd.
Chairman Bennett. The committee will come to order.
We are very pleased this morning to have John Koskinen and
Lacy Suiter with us as our first panel. I have an opening
statement, copies of which are available to members of the
press, which I will not read, out of deference to the fact that
Mr. Koskinen has an airplane to catch a little later in the
morning and I think the committee would be better off hearing
from him than from me. That's usually the case with every
committee chairman, but usually not observed on Capitol Hill.
So I will delay making comment about some of the issues in my
opening statement until after we have heard from Mr. Koskinen.
I will make this general introduction. Those who have
followed the committee know that we set out in the beginning a
series of priorities, listing them in the order in which we
thought failure because of Y2K problems would cause the
greatest impact. The first priority was the power grid,
utilities, and then we talked about telecommunications. We have
talked about transportation--we had a full hearing on that--the
financial system, and now we come to general government.
We have divided the responsibilities in the committee among
the seven members, because we ended up with seven priorities.
Senator Collins has the lead on the committee for today's
priority, which is general government activities. We're
delighted with the line up of witnesses that we have.
We will start with the Federal Government, with Mr.
Koskinen and Mr. Suiter, and then we'll have State
governments--the lead witness will be Governor Leavitt, the
Governor of Utah, and the potential, incoming, prospective,
whatever the appropriate adjective is, chairman of the National
Governors Conference, and then we will go to local government,
county, and city. So that's the outline for today's hearing.
While Mr. Koskinen has appeared before the committee
before, we wanted to give him this opportunity to describe to
us where we are at the Federal Government level, and then
interact on the panel with Mr. Suiter, who will have much of
the responsibility of dealing with Federal Government
coordination with State and local governments in those areas
where any kind of emergency may arise. So that's the format for
today's hearing.
Senator Collins, we appreciate your leadership on this
portion of the committee's work, and you're willingness to
accept this assignment. I will recognize you for any opening
comments you may have. Senator Collins. Thank you very much,
Mr. Chairman. I do have a fairly lengthy opening statement.
It's my understanding that one of our witnesses is under a time
constraint. If you would like to hear from the witness first, I
could then do my opening statement afterwards.
Chairman Bennett. Yes. I said just before you came in that
I'm going to postpone my opening statement for the same reason,
so I'm grateful to you for your willingness to do that.
Mr. Koskinen, we will go directly to you, then. We welcome
you.
I must make this comment. John Koskinen's responsibility is
in the executive branch, but he has been called as far away as
Japan to talk to the people about their Y2K problems. He's just
getting over jet lag.
Mr. Suiter is just recovering from coming back from dealing
with immediate emergency problems relating to the current
hurricane and got in very late last night. So we're grateful to
both of you for your willingness to appear before the
committee.
Mr. Koskinen.
STATEMENT OF JOHN A. KOSKINEN, CHAIRMAN, PRESIDENT'S COUNCIL ON
YEAR 2000 CONVERSION
Mr. Koskinen. Good morning, Mr. Chairman, and thank you for
the kind comments. I am pleased to appear again before the
committee to discuss the role of the President's Council on
Year 2000 Conversion in dealing with this problem. With your
permission, I will submit for the record my full statement and
summarize it here.
In the past, as you have noted, I have described our
general approach to this issue, including the formation of the
Council, with representatives from 35 agencies across the
Government, including the regulatory agencies.
As you know, we have divided the world into 34 sectors that
we are concerned about. We are dealing with a review of the
Federal Government's operations as it attempts to remediate its
systems. We're focused on the interfaces between the Federal
Government and State governments which administer many of our
most important programs. Most importantly, in each of the 34
sectors, we're involved in reaching out to public and private
entities in the United States, as well as countries around the
world, both to increase the level of awareness, and promote
activity on the Year 2000 problem.
This morning I would like to discuss the Council's role in
the development of contingency plans and appropriate emergency
responses to any difficulties that may arise as we make the
transition to the Year 2000.
Before I discuss this issue though, let me express the
administration's appreciation for the strong support this
committee has provided in the development and passage of the
Year 2000 Information and Readiness Disclosure Act. In
particular, the assistance you, Mr. Chairman, Senator Dodd, and
Senator Kyl have provided has been an indispensable part of the
success we have achieved. As the President has said, this
bipartisan legislation provides us with an important
opportunity to help our Nation prepare its computer systems for
the new century.
I would also note that this committee has made a major
contribution in promoting awareness of, and action on, the Y2K
problem with hearings that have examined, as the chairman
noted, public and private sector progress in important economic
sectors that range from electric power to transportation to
telecommunications.
But even with the best efforts of all of us, we need to
understand and expect that not every system and embedded chip
will be found and fixed. To minimize disruptions caused by
these failures, businesses and government agencies must focus
on contingency planning in addition to their remediation
efforts.
Federal agencies are developing continuity of business
plans for their core business functions. OMB, in its quarterly
reports, has asked the agencies to report on their progress in
this area, and is looking closely at their planning activities
as it develops the President's fiscal Year 2000 budget.
Through the outreach efforts of our more than 30 sector
working groups, the Council is encouraging agencies and
organizations outside the Federal Government to prepare two
types of contingency plans. First, we are stressing the need
for organizations to develop a plan that addresses internal
system failures. The second type of plan needs to address the
potential for failures in external systems upon which
organizations depend for their day-to-day activities. These
systems can run the gamut from those that help to provide basic
services, such as water or power, to those that support the
activities of key vendors or suppliers.
Federal agencies have had to confront the second type of
contingency planning in their relationships with the States. As
I said, States help to carry out several important Federal
programs, such as Medicaid and unemployment insurance. These
programs depend upon Federal-State data exchange points, and
agencies have been working with their State counterparts to
ensure that these exchange points are compliant. But even if
the exchange points are ready for the Year 2000, service
delivery could still be jeopardized if the State systems behind
the data exchanges fail. Federal agencies like the Labor
Department, for the unemployment insurance program, are now
working with States to ensure that backup plans are ready to
support continued service delivery should State systems or
other non-Federal systems fail.
One of the Council's most important roles in the coming
months will be to develop assessments of what is likely to be
the impact of the Year 2000 problem in key sectors of the
economy. This information will be important to organizations as
they develop and refine their contingency plans. For example,
everyone is concerned about having electric power, but that
doesn't mean that they should all immediately buy their own
generators without having a better sense of where outages are
possible and what their likely duration will be.
The Council has established cooperative working
relationships with umbrella groups in electric power and other
important sectors. The focus initially has been on increasing
awareness and the level of activity by those operating in each
sector. We are also, however, developing assessment processes
whereby the umbrella groups will be surveying their members on
a regular basis to determine their state of readiness. Summary
reports will then be provided to the Council and the public.
Over time, such information will allow everyone to adjust their
contingency plans appropriately.
I might note that the Year 2000 Information and Readiness
Disclosure Act will increase our ability to obtain such
assessments, since it provides protection to the information
provided by individual companies to their umbrella groups,
thereby increasing the likelihood of candid responses.
As you know, the Federal Government, in coordination with
State and local governments, plays a key role in responding to
disasters and other emergencies, and is looked to for
leadership at those times. I will let Mr. Suiter of FEMA
describe in more detail the Federal Government's role, but I
would point out that the Year 2000 problem provides a unique
emergency response challenge.
With most major emergencies, such as hurricanes or
blizzards, authorities are dealing with one localized problem
in a town, county, State or region. With the Y2K problem,
however, it is possible that emergency response systems could
face multiple system failures occurring at roughly the same
time and in different places.
For example, in a worst case scenario for a city or a town,
authorities could face the failure of the power plant, water
treatment plant, and transportation systems. While no one of
them alone may be a major problem, simultaneous failures will
test the capacity of our emergency response systems, and I am
pleased that FEMA has agreed to chair the Council's Emergency
Services Working Group.
The Federal Government has separate response systems
related to specific types of emergencies. Internationally, we
have an apparatus for responding to emergencies such as famine
and refugee assistance, as well as military threats.
Domestically, we have the systems and relationships that FEMA
will discuss with you. We are presently reviewing our inventory
of emergency response mechanisms and authorities to ensure
there is no confusion across organizational lines on January 1,
2000, and that we can handle the possibility of multiple
requests for the same resources.
In addition to FEMA, the Council is working with the
National Security Council, the Departments of State, Defense,
and Justice, and others who are responsible for meeting the
challenges we may face, internationally as well as
domestically, as we try to coordinate Federal emergency
response efforts.
In particular, we are beginning to look at scenarios that
may involve disruptions in key foreign countries, as well as
difficulties at home, so that we can map out plans for
appropriate Federal action. In foreign countries, we are
concerned about how Y2K-related disruptions may affect the
operation of our embassies, American citizens living abroad,
and American businesses. At home, we anticipate that multiple
burdens placed upon State and local disaster authorities may
result in an increased demand for Federal assistance.
The American people have confidence in our ability to
respond in the wake of natural disasters. Our objective is to
ensure that the American people have the same level of
confidence in the Federal Government's ability, and that of our
State and local officials as well, to respond to any Year 2000-
related disruptions.
We all want to ensure a smooth transition to the Year 2000.
For most organizations, including Federal agencies, the primary
Year 2000 focus up to this point has been on fixing or
replacing noncompliant systems and embedded chips. But as we
enter 1999, that will change.
The Council is committed to encouraging businesses and
helping Government agencies to prepare for likely problems and
develop viable contingency plans. We have to expect some
problems on January 1, 2000. If we share information and plans,
however, we can generate public confidence in our preparedness
and minimize the impact of those problems on everyone.
Thank you, Mr. Chairman. I am delighted to respond to
inquires, either now or after Mr. Suiter presents his
testimony.
[The prepared statement of Mr. Koskinen can be found in the
appendix.]
Chairman Bennett. Thank you. Let's hear from Mr. Suiter and
then we can get the two of you going back and forth.
STATEMENT OF LACY SUITER, EXECUTIVE ASSOCIATE DIRECTOR FOR
RESPONSE AND RECOVERY DIRECTORATE, FEDERAL EMERGENCY MANAGEMENT
AGENCY
Mr. Suiter. Thank you, sir. I appreciate the opportunity to
be here, and it's good to see you again, Senators, under more
pleasant circumstances than the last time we met on the
battlefields of Maine.
I am Lacy Suiter. I represent FEMA's Emergency Response and
Recovery Directorate. My directorate coordinates the Federal
family's emergency response, as well as its disaster recovery,
and to specific and identifiable emergencies and disasters when
requested to do so by a State's governor, or in those very rare
instances--this has only occurred once--when directed to do so
by the President until a governor can concur.
In any event, with or without a Presidential determination,
a Governor must both request and concur with any Federal
disaster assistance to be provided within their State. If one
views governmental relationships as vertical, then, indeed,
FEMA's programs represent a bottoms up approach as opposed to a
top down activities.
Y2K assessments, preparedness and emergency response begins
at home, in the community and with local governments, and with
the governor. Federal consequence management response and
recovery essentially is by invitation only, and that invitation
must be issued through the governor. It is requested by and
coordinated through the governor and never independently by the
Federal family.
FEMA's Y2K efforts for fire and emergency services include
the following. We are one of 34 sectors, coordinated by John
Koskinen. We chair the emergency services sector. We're in the
process now of assessing that sector's awareness, its
preparedness and readiness to respond, were there to be
catastrophic failures of systems at the State or local
government level. We're developing an outreach plan for the
States and for the States to use with the locals, if they so
choose, and a monitoring process. We are preparing for
disruptions as they are identified to us. In other words,
FEMA's outreach includes awareness, assessment and
preparedness.
We will provide reports in the coming weeks that, when
combined with the reports of the other Federal agencies, should
give us our best indication of the extent of total governmental
emergency preparedness.
Y2K presents a couple of sets of response needs. First,
obviously, is the technical support to operators of disrupted
systems and business continuity planning. FEMA's systems
critical to interagency response are ready. We have 49 mission-
critical systems, 34 are compliant. There are 15 left to do. We
are replacing seven of those systems and we're coming up with
work around options on the other eight. All of our classified
programs are all operational at this time as far as the
continuity of government is concerned.
The second set of response needs is emergency assistance to
State and local governments. FEMA manages the Federal response
through the President's Federal Response Plan with supplements
which are tailored specifically for certain types of disasters.
Y2K will be one of those plans.
The regional interagency steering committees meet
periodically, and they are about to get instructions to begin
meeting more frequently, with the State agencies, at the
regional level. These committees support the bottoms up
approach of intelligence, of warning, of assessment, of
preparedness, all leading to whatever the appropriate response
and recovery effort might be for a particular event. We intend
to exercise and do some evaluations of those activities later
this winter or in early spring.
While it is difficult to define the truth on the nature and
extent of the Y2K threat, planning must be based on credible
assessments of specific vulnerabilities that describe the areas
at highest risk and consequences. The Council's report will
help us prioritize those risks and describe a plausible, worst
case scenario. I meet monthly with the Federal response
community to prepare our response to the Y2K problem and other
disasters that occur in the country. However, the efforts of
the emergency management community and fire services cannot be
viewed as a substitute for personal responsibility and
community preparedness. We will continue to keep you informed,
sir, as we meet with your committee, on our progress as we
march towards the millennium.
Thank you.
[The prepared statement of Mr. Suiter can be found in the
appendix.]
Chairman Bennett. Thank you both very much.
Mr. Koskinen, you made reference to the passage of the bill
in the House, and naturally we take credit for all of the
passage here in the Senate. But we will be happy to
congratulate you for your leadership in getting it done in the
House.
Seriously, this is a significant piece of legislation.
Everyone involved in working on it I think deserves
congratulations. As Mr. Koskinen and I were talking about this
the day before yesterday, when we started on this, everybody
told us it couldn't possibly happen. We didn't have time, it
was too complicated, there are too many competing interests,
everybody would stand up and say, ``Well, I can't accept this,
I can't accept that.''
Now it has happened. It has been an incredibly interesting
exercise in the present atmosphere of Washington, which might
be described as somewhat polarized, where both parties, both
branches of Government, the Legislative and Executive branches,
both Houses, got together and said, ``We are facing a genuine
emergency. We must put our parochial interests completely aside
to do the right thing.'' And while there's much that I might
want that's not in the bill, that is not there, the fact that
we have as much as we have and that we have accomplished what
we have is, I think, a demonstration that our system still will
rally to a challenge of an emergency.
I would be derelict, Mr. Koskinen, if I did not acknowledge
your leadership in this, and your dogged determination to see
to it that it did not die. You can take great satisfaction in
the fact that this bill has now passed both houses and is on
its way to the President, and I think it will make a
significant difference.
Mr. Koskinen. Thank you, Mr. Chairman.
Chairman Bennett. One of the things we hear so often in
this committee--we've had 70 witnesses now--a common refrain
from the witnesses is that it's very difficult to plan while so
much is unknown. We need better information. The passage of the
bill, I think, will help us get better information from people
who have been hiding behind the threat of their lawyers, that
they might get sued if they're forthcoming with information.
But I would hope today, and if not today, at some time soon, we
can begin to get some specific information out of your Council,
Mr. Koskinen.
Can you give us some idea of when we will see sector
assessments from the President's Council, and if anything can
be done to accelerate the release of these assessments?
Mr. Koskinen. As I noted in my written testimony, we
already have two significant assessments that have been
provided to us and are available to the public. One is from our
electric power working group, is working with the North
American Electric Reliability Council, and the other is from
our oil and gas working group, which is working with a broad
number of industry umbrella and trade associations.
Approximately 2 weeks ago, they provided their first
assessment of the status of both of those industries. We expect
these industry umbrella and trade associations will continue to
provide us that information, which we will continue to make
available to the public. We have been most aggressive with
these areas at the outset, because, as I noted in my testimony,
everybody is very concerned about the availability of power and
fuel.
We hope to have a similar process, especially now that the
bill passed, for the telecommunications industry and other
areas. In health care, for example, the American Hospital
Association has been surveying its members about the status of
hospitals so we know that other industry organizations have
begun these assessments. Now with the bill's special provisions
protecting information provided for special data requests, I
think that we should be able to accelerate the process.
Our plan all along has been to have at least initial
assessments from the sectors by the end of this year. We chose
that time because most industries have plans where by they are
now completing their remediation and are beginning the testing
phase. The information that all of us are most concerned about
is where they are once they have completed their testing.
During the summer, the major issue was: Were people paying
attention to the problem? Were they working on it? But
ultimately, for emergency and contingency planning purposes, we
must have the clearest possible idea as to how many people are
actually going to complete the process in a timely manner. So
our goal is to have, by the end of this year, as many working
groups as possible produce their first preliminary assessments.
But we expect to continue to receive their initial assessments
as we move into early 1999.
Chairman Bennett. For those who are watching television or
who are listening and don't want to wade through your prepared
testimony, will you summarize where you think we are with
respect to the power grid and the availability of fuel?
Mr. Koskinen. Anybody who has access to the web can find
them on our web site, which is www.y2k.gov. The assessments are
provided in our groupings for industry sectors. And we will
continue to make assessments available to the public as we
receive them.
As a general matter, the NERC report for electric power was
a balanced document. NERC was pleased to note that there
appeared to be less of a challenge than originally thought with
regard to embedded chips in electric power, both in generation
and distribution processes.
On the other hand, NERC said that significant portions of
the industry needed to accelerate their rate of progress to
meet their goals of finishing work by the spring of next year,
and they issued guidelines to help facilitate greater progress.
The oil and gas assessment report shows that half the
industry is well into remediation and compliance, and the other
half is still working through planning and assessment. the
industry groups that produced that report also noted that there
is an urgent need for the members of those industries to
increase their rate of progress.
What we have asked these working groups to do, and we will
ask this of all the working groups, is to prepare an analysis
that divides those responses by the size of companies
reporting, because both reports indicate that the concern we've
all had about smaller organizations still holds true. In these
industries and others, the large organizations, almost by
definition, have built-in capacity to deal with this problem.
So whether you're looking at financial services or
telecommunications or power, you find that large companies tend
to be working on the problem aggressively, and are deploying
substantial financial and personnel resources toward solving
it.
The concern we all have--and these reports mirror that
concern--is with the status of small and medium-sized
enterprises. In telecommunications, we have 1,400 small
telephone companies that deliver services to small towns and
rural areas. In fact, as a general matter, the Rural Utility
Service advises me that 20 percent of all utility services are
actually provided in rural areas of this country, generally by
small and medium-sized organizations. So we are focused, and
have been for some time, on trying to increase the level
awareness and activity in smaller organizations. I think the
advantage of these assessments is that we will be able to
quantify the magnitude of the challenge and hopefully increase
the level of activity in smaller organizations.
I should put a plug in here for National Year 2000 Action
Week. The SBA had started a program that designated the week of
October 19 as Year 2000 Action Week, with SBA field offices
holding educational events across the country. We have expanded
upon that, focusing on both small and medium-sized businesses,
by inviting local offices from other agencies to hold Y2K
events during the week as well.
The Department of Commerce will be participating. The
Department of Transportation's regional offices will be
participating. The Social Security Administration's offices
will be participating. The goal is to make a full court press
in local communities across the country, to get small and
medium-sized organizations to understand that it's critical for
them to solve this problem.
Chairman Bennett. That assessment will be very valuable.
The Small Business Committee on which I sit, in the next
Congress, is going to have to address the question of whether
or not a new category of SBA loan needs to be created for the
purpose of helping smaller enterprises deal with the financial
challenge here.
One of the reasons that the bigger enterprises, as you
indicate, are in better shape is that they have the financial
muscle to tackle this. I say to people, you know you're dealing
with the CEO who understands the problem, when he or she tells
you that it's costing far more than was originally anticipated.
Many small businesses that are on the edge of profitability all
the time simply don't think they have the resources to deal
with this. They're going to have to borrow somewhere, and many,
many banks will say we won't accept Y2K as collateral for an
SBA loan. It may be an emergency, but how are you going to pay
it back.
So the quicker we can get this kind of information from
you, the better off we, the Congress, will be in fashioning
some kind of emergency loan program through SBA or elsewhere,
to help small businesses that simply cannot solve their problem
for financial reasons with some financial emergency money.
I know FEMA doesn't normally deal in that kind of issue.
You come along, or the Federal Government comes along, with
loans after the fact, when there's an earthquake and something
has to be rebuilt. But here's one where we know the earthquake
is coming, we know exactly when it will hit, and maybe we had
better deal with the financial services before the fact, to try
to shore up the structure so they don't collapse with the
earthquake.
I had better get away from that analogy in a hurry.
Senator Collins, I would appreciate your questions.
Senator Collins. Thank you, Mr. Chairman. Again, I want to
commend you, Mr. Chairman, for your leadership on this very
important issue. Good morning, gentlemen. I want to take this
opportunity to thank Mr. Suiter for all of the assistance that
FEMA gave to the State of Maine during our ice storm in
January, which was the biggest natural disaster in Maine's
history.
In many ways, State, Federal and local disaster authorities
worked very well together to cope with the ice storm's
aftermath in Maine. But the ice storm also pointed out
vulnerabilities in our emergency response system.
One of those vulnerabilities, to me, is very similar to the
kinds of problems that a Y2K failure could create. For example,
because the electric grid in Maine was essentially knocked out
for many days for much of the State, the State's emergency
broadcasting system was also inoperative for at least a week.
That system is maintained by Maine Public Radio, which lost its
transmission facilities completely for several days. Some
Republicans thought that was a good thing, that Maine Public
Radio was off the air. [Laughter.]
I am not one of those who did. But on a serious note, it
really was a problem, that the State lost completely its
capacity to have an emergency broadcasting system during that
time.
Has FEMA taken the experience in Maine and other areas of
the Northeast, where there was a widespread failure of the
electrical system, and drawn any lessons from that experience
as far as emergency response systems and the need for a
coordinated response at all levels of government?
Mr. Suiter. Of course. Most of the missions that we deal
with following earthquakes, major floods, or hurricanes, which
I've just been down on the Gulf Coast reviewing, deals with
what happens when major systems fail. They usually fail because
of some natural cause. Y2K happens to be something else. So,
yes, we always evaluate what we did, how we it, and what do we
have to do to improve in the next disaster, and then try to
apply those lessons to our long-term planning.
In this particular instance on the Gulf Coast, we
discovered that we didn't have the right size generators, and
the prime power assets that we needed to get them hooked up as
quickly as we possibly could.
Obviously, we're leaning forward in the foxhole for Y2K so
to speak, in terms of our readiness to inform the public about
what's going on, which systems have failed, and certainly using
the media to get the word to the people, is one of our most
important efforts. Senator Collins. I'm going to talk later in
my opening statement about the 911 system, and the potential
vulnerabilities that have been identified in the 911 system.
Has FEMA done any work in this area yet, to assess the 911
systems that are so important in our States and local
communities?
Mr. Suiter. We haven't finished it yet, but we're in the
process. There are three or four different agencies who are
working on that. The United States Fire Administration, a part
of FEMA, is working directly with the fire service
organizations, the fire chiefs and so forth, as well as the
suppliers of these particular groups. Second is the Department
of Justice, which is working with the law enforcement side of
the 911 system, and third is the Department of Transportation,
which has responsibility for the emergency medical services.
FEMA is reviewing all of this and coming out with a report,
which is not complete, and we will be advising back to those
districts in the country about the 911 system and what we need
to do to fix it, or be ready if it fails.
Senator Collins. When do you expect your assessment to be
completed?
Mr. Suiter. We're working with the Federal agencies right
now, on a monthly basis. We were supposed to have met this past
Wednesday, but unfortunately I was on the Gulf Coast dealing
with the hurricane so we had to postpone that a couple of
weeks.
We expect to finish our initial assessment, of the Federal
Government's capability to respond, in the next few weeks.
We plan to have our evaluations ready for John's Council by
December: Federal response planning should be based on what we
know at that point in time.
The Director of our agency, James Lee Witt, plans to make a
report specifically to the governors at the NGA meeting here in
Washington in February of 1999. FEMA will be conducting, in
cooperation with John Koskinen, some exercises and evaluations
in April 1999, followed then with specific corrective actions--
such as pre-deployment, if that's what it takes, a warning
system to monitor Y2K as it works around the world so that we
see what's happening and could get as much advance warning to
our local governments, through our State governments, as we
can.
So yes, I think we're doing quite a bit. We're going as
rapidly as we can. Given all the rest of the disasters going
on--there are 31 open disasters as we speak right now in the
United States that we're dealing with--we're stretched kind of
thin. But we think we're making good progress and I don't think
Mr. Koskinen is too unhappy with me yet.
Senator Collins. Thank you, Mr. Suiter.
Mr. Koskinen, in the Federal response plan, Executive
branch agencies play an important role in the emergency support
systems, such as transportation, health and medical services,
public works, et cetera. Yet it's my understanding that the
agencies that are responsible for some of these emergency
support systems--the Department of Transportation, for example,
Health and Human Services, Defense--are listed as Tier 1
agencies. It is my further understanding that Tier 1 agencies
are those that face the greatest challenges in becoming Y2K
compliant.
That troubles me because, if we're relying on those
departments in an emergency situation to provide emergency
support services, and if they are having the greatest
difficulty, what does that suggest for our ability to respond
to an emergency?
Mr. Koskinen. It's an important question and I am happy to
answer it.
While the OMB Tier 1 agencies face challenges, it's because
of particular aspects of their operations. In no case is the
ranking reflective of their emergency response capabilities. In
fact, as Mr. Suiter noted, one of the first things our
emergency services working group did was pull the Federal
response agencies and others together to review the status of
their own systems as they relate to the Government's ability to
provide emergency response.
Lacy knows the details better than I--but as a general
matter, agencies, particularly Transportation and HHS, are in
good shape with their emergency response capabilities. They're
either up to speed or will be by the end of this year, so there
will be no problem with emergency response capacity.
But you're right. Agencies like HHS, with the Health Care
Financing Administration, and the Department of Transportation,
with the FAA, face significant challenges and are focused on
overcoming them.
Senator Collins. Thank you, Mr. Chairman.
[The prepared statement of Senator Collins can be found in
the appendix.]
Chairman Bennett. Thank you very much.
Vice Chairman Dodd.
Vice Chairman Dodd. Thank you very much, Mr. Chairman. I
thank our witnesses.
It may have already been said, Mr. Suiter, but I'm sure all
of us express our tremendous appreciation on how well FEMA has
been responding over the years.
Lower New England has not been faced with the problems of
my colleague from Maine, but I know an awful lot of people in
my State went up to Maine during the ice storms and I think
there's a general sense that your agency is doing a tremendous
job across our country in responding to these natural disasters
that have occurred.
I'm really very grateful. I hear it all the time. We don't
hear a lot about Federal agencies, but we do hear it about FEMA
today. I want to commend you and the people who work for you
for the tremendous job you're doing.
Mr. Suiter. Thank you, sir. We have a great Director in
James Lee Witt in providing that leadership.
Vice Chairman Dodd. I know you do. He's very vocal and
outspoken, and I have referred to that on numerous occasions.
I guess I find myself again in that sense of--maybe I'm the
frustrated member up here, I guess. We have 15 months, five
quarters, 455 days to December 31st. I'm very uneasy about the
fact we don't have assessments. Generally, we've had 70
witnesses before this committee. The chairman has done a
terrific job in trying to expedite a lot of hearings. Generally
what we hear from witness on this, their response is that it's
very difficult to plan while so much is unknown. We need better
information.
We hear from Federal agencies and are frequently told that
they're waiting for guidance from the President's Council. We
hear this all the time from people that come up, that we're
going to wait for the President's Council to get back and so
forth on these assessments. I'm just very uneasy that time is
moving along here and we're not getting these assessments laid
out so that we have a much clearer plan as to how to respond to
potential problems.
You said you were hoping by the end of the year to have
these, but could we get a better feeling? You know, that's
going to shorten up that calendar even more, about whether or
not we can get these assessments, so that these agencies can
start making very specific plans to minimize the potential
impact of this. It might seem like I'm hounding on this, but
you understand my frustration here. It seems vague, and I watch
this calendar go by day after day. I'm just uneasy about it, to
put it mildly.
Mr. Koskinen. On behalf of those of us who have clocks on
their desks that count down the days, I'm uneasy as well.
Vice Chairman Dodd. I know that.
Mr. Koskinen. And it's a critical issue.
As I mentioned earlier, we already have two significant
assessments that are provided to the Council and are now in the
public domain, one for electric power and the other for oil and
gas. These are two critical parts of our infrastructure and
we're pleased to have assessments on progress in these areas.
We continue to encourage umbrella groups to provide us
assessments for other areas as well. As you know, we have no
authority to require those assessments by industry, but the
legislation is a critical lynch pin in making them possible,
because it provides specific protection to companies and
umbrella groups who collect this information for us. We think
it will improve the ability of those groups to gather candid
information from individual companies, and to ultimately
provide us accurate assessment information.
Part of the difficulty--and we're all frustrated by this--
is that everyone, both in the Federal Government and in the
private sector, is now moving through the remediation phase and
into the testing phase. Virtually no industry will have
compiled significant testing results until the end of this
calendar year.
Right now, our assessments give us a picture of the level
of activity. But what we really are looking for, and we hope to
begin receiving this in hard terms, are assessments of actual
readiness. Who has completed their tests? What is the level of
compliance? Our ultimate goal across all of the working groups,
through voluntary working relationships with umbrella groups
and industry associations, is to get detailed assessments that
will tell us the state of preparedness.
Even without detailed assessments we do now know of several
areas of concern, and we are focused on them accordingly. One
is international, in terms of the lack of preparedness in many
countries. Domestically, as I said, we are very concerned about
small and medium-sized organizations, both in the public sector
as well as in the private sector. So we are mounting a full
court press, to increase the level of activity in those areas,
to the extent we can. At the same time, we are also continually
trying to refine our assessment of the severity of the problem
in these areas.
I think, when we get to the end of next year, our
difficulties are going to come not from the major companies but
from small and medium-sized organizations, which have the
capacity to create substantial disruptions on the local level.
While they may not bring down the entire country, if you're
living in an area that suddenly finds that its local power
company or telecommunications company or water treatment plant
doesn't work, you have the equivalent of a major disaster on
your hands. That's what we're trying to isolate as best we can.
Vice Chairman Dodd. I appreciate that, and I understand you
don't have legislative authority. Maybe it's something we
should have thought about. But aside from that----
Chairman Bennett. If we get past S. 2000, we would have. We
tried, but we ended up with what we could get.
Vice Chairman Dodd. Yes.
You know, there is the power and authority that we sort of
extended, if not de jure, de facto, to you, as sort of our
``Tsar'' of this. I don't know if other members of the
committee feel this way, but you certainly would not hear any
complaints from me if you were to set dates. There's nothing
like having a mark out there, saying to people, ``Look, I
expect by December 15, or January 10--'' and I realize there
might be different dates for different agencies, depending upon
the complexity. It's not a one size fits all.
You know, I'm expecting that back. When it's a little vague
out there as to when it comes--I suspect it's not a whole lot
different when you're dealing in these agencies than it is with
sort of the reaction we get from colleagues and others when we
bring up this matter. We get a bemused look on faces of people.
I don't know if that's something you feel comfortable in
doing, and if anyone complained about it, I would be more
prepared to go to your defense and suggested that we do need
time tables here, and to let agencies know we're expecting them
to get back so that those assessments can be made by certain
dates.
For instance, I don't know--Mr. Suiter, can you plan
effectively without an assessment?
Mr. Suiter. Well, we have to respond to the unknown at all
times. We need the assessment. It would focus what we're doing,
but in the things we do, we deal with the unknown, the
unexpected.
I'm sitting here right now, but very well, by this
afternoon at 6:00 o'clock, I could be in San Francisco dealing
with a catastrophic earthquake. We know the parameters of what
a major earthquake would do in San Francisco, so we plan
backwards from there. Yes, we need the assessment.
Vice Chairman Dodd. I understand that. My point is that
here you need to assessments in order to----
Mr. Suiter. Yes, we do.
Vice Chairman Dodd. That's what we're talking about here.
That's what we have got to get if we're going to move
effectively on this.
It may have been asked by the Chairman or someone else
already, but do you have any plans to preposition core reserves
of personnel, equipment, in anticipation, for instance, on
December 31, where you may have power outages and shortages,
not because of an act of God but because of this very
predictable problem? You don't have to worry tomorrow on
whether or not January 1, 2000 is coming. I promise you, it's
going to come. We know there's a potential here for some
serious problems. We all hope it doesn't happen, but we know--
we're sitting here today, with 455 days to go, and we know that
there's a real potential for serious disruption in this country
and elsewhere. You don't have your assessments so you really
can't plan that effectively, but there are some things that can
be done.
Are such things such as the prepositioning of personnel and
equipment to deal with this potential problem in place?
Mr. Suiter. Yes, sir.
Vice Chairman Dodd. Thank you, sir.
We have a vote coming up, so I would yield to my
colleagues. I do have more questions.
Chairman Bennett. Senator Smith.
[The prepared statement of Senator Smith can be found in
the appendix.]
Senator Smith. Thank you, Mr. Chairman. Gentlemen, thank
you for being here.
Last evening on ABC national news there was a story that
caught my attention about Lubbock, TX, who prepared to simulate
as many Y2K tests as possible. When the city moved the calendar
ahead to December 31, 1999, the story indicated that the fire
departments, radio communications, and gas to homes just shut
down. The story also indicated that 80 percent of American
communities are not even doing anything about Y2K at this
point, or at least working on solving the problem.
Is Lubbock unique in that they actually tried to simulate a
test and demonstrate what would happen?
Mr. Koskinen. They are unique in the sense that they're the
most visible community that has done it, and we applaud them
for it. As I noted earlier, the Federal Government doesn't even
have direct lines of communication with many local communities,
but we are working with national organizations representing
city executives, county executives, the National Governors
Association, to urge them to, in effect, replicate what Lubbock
is doing. We need to have people at the local level, at the
grassroots level, ask the questions that Lubbock is asking
itself.
What does happen if these failures occur? What are we doing
to avoid them and, if we can't, how are we going to respond?
One of my great concerns is--and whether it's 80 percent or
not, I don't know--that a lot of small and medium-sized cities
and counties at this stage have not yet understood that this
problem could have an immediate and important impact on their
citizens as we move into the Year 2000.
Senator Smith. If Lubbock is any indication, then we'll
have a serious problem. You know, I've been saying in Oregon
that we should be prepared, we shouldn't panic, but if
Lubbock's experience is any indication of what can happen,
maybe it's time to panic.
Are there any States, any regions of the country, where you
are particularly alarmed, that would suggest this 80 percent
may be accurate?
Mr. Koskinen. I think the 80 percent is probably on the
high side, based on the anecdotal information and surveys I've
seen. If you look at surveys done on small businesses, they
generally show that about 40 percent of those surveyed aren't
planning on doing much, which I have said is rolling the dice
on whether or not they're going to stay in business. My
expectation is we're at a similar level with small and medium-
sized cities and counties.
But clearly, our dealings with States, counties, and cities
have demonstrated that they too are concerned about the
difference in preparations among larger entities compared to
their smaller counterparts.
Large, industrialized cities and States understand the
problem and are dealing with it. They haven't solved it
necessarily, but they're dealing with it. But when you start to
get to smaller organizations, the initial problem has been the
perception of applicability. People think, if they're not
running a major mainframe operation, processing millions of
transactions, that somehow it's not their problem. But they
haven't understood the impact of integrated circuits,
microprocessors that affect virtually everything that runs in
this country. So we are trying to encourage more communities
and community action groups to focus on the issue at that
level.
As I have said--and the chairman and I have talked about
this--the Federal government faces substantial challenges, and
we need to focus on them. But this story is more than just a
Washington story. We have to expand it. It has to be a question
of what's going on in cities and counties across the country,
and those issues have to be raised by public citizens as well
as political officials in those areas.
Senator Smith. Thank you.
Can Y2K be declared a special event, those words of art,
and if so, what will that allow us to do? Is there a category
under FEMA called a special event.
Mr. Suiter. We don't have a category called special event,
per se. The President could make that determination. That would
allow us to respond, if requested to do so by the Governor.
If I might comment on Lubbock, TX, if I could for a moment,
Lubbock, TX for years has been a leader in any number of
emergency management and fire service responses and have set
the mark for other cities and communities across the country to
follow. They had a catastrophic tornado there many years ago,
and they learned those lessons at that time and they haven't
repeated those lessons. It's a model for the rest of the
country to follow.
I don't know how many other cities are doing that to that
extent now, but that will be a part of our report for you.
Senator Smith. Thank you, Mr. Chairman.
Vice Chairman Dodd. Coming up on the next panel, by the
way, we have the city manager of Lubbock, so you may want to--
--
Mr. Koskinen. It's called a well-organized hearing.
Vice Chairman Dodd. I'm sure his ears were perking up over
there.
Chairman Bennett. Mr. Suiter, when did FEMA begin the Y2K
annex to the Federal response plan, and how are you ensuring
agencies such as DOD, which will play critical roles in the
plan, will be ready?
Mr. Suiter. We've been planning our part of this, as far as
the supplement to the Federal response plan, about 4 months.
The last report would have been September 30. But as I said, I
had to postpone that for a couple of weeks here.
What we have asked all the Federal agencies to do,
including the Department of Defense, is to report back to us in
convincing terms that they will have the ability to communicate
up, down and sideways with their resources when asked to
provide some specific response to our governors' request and to
the President. That's precisely where we're working.
All of this begins at the local government level, and how
we communicate up and down and sideways with each other are the
interdependencies, the critical part of it. So that's a part of
the response that we plan to have ready by the 1st of December
here. We will have a better evaluation by that time.
The initial reports, sir, are not that bad, and they're in
the very narrow focus of interoperability and how they move
their resources to get our part of the mission done. I don't
know about the rest of their agencies.
Chairman Bennett. The more I hear about DOD, the more
sympathetic I become, and at the same time, the more worried I
become. DOD has so many internal problems of their own, and
then here you come along and say we're going to draw on DOD
resources to deal with emergencies.
We have had some testimony with respect to their readiness
impact as well as the impact of Y2K on national security with
respect to military readiness, and now we're aware that they
play a role in other places. Being sympathetic with their
problems doesn't mean that we can allow them to slide by,
however. We're going to have to keep pressure on them.
Mr. Suiter. I think you would be very proud of the response
of the Department of Defense in helping people of the
Commonwealth of Puerto Rico right now. We have planes landing
and taking off many times a day, and they're bringing in
critical supplies such as water, ice, baby food and other
products that we could not get in there without the resources
of the Department of Defense. There are C-5A's, 141's,
constantly responding around the clock. We know that part of it
is going to work OK for us. I don't know about the other parts.
Vice Chairman Dodd. As an aside to that, the northeast
utilities in my State, one of the companies has volunteered to
send personnel and equipment down. I called last night and they
were told the trucks they want to send down has to be sent by
barge, which takes about five days to get down there. Since
you're here I'll make a pitch and appeal. I wonder if there's
any way you could fly some of those vehicles in down there.
Mr. Suiter. I'll look into it for you, sir. I can't report
off the top of my head.
Chairman Bennett. Senator Collins, anything further?
Senator Collins. No, Mr. Chairman.
Chairman Bennett. All right. We promised Mr. Koskinen we
would get him out of here by 10:30, and we're 2 minutes in
advance. I think we have a vote scheduled at 10:30, do we not?
Vice Chairman Dodd. We do. We haven't scheduled----
Chairman Bennett. I'm told it is 10:45.
Vice Chairman Dodd. May we submit some additional
questions? I know John has to be moving along, but some of this
gets pretty technical in terms of follow up and so forth. Like
the 17 hour rule--is it 17 days or 17 hours?
Chairman Bennett. 17 hours. I didn't get into that; I
thought I would now as we're waiting for the vote.
Mr. Koskinen. That sounds like a good question for Mr.
Suiter to answer. [Laughter.]
Let me express my appreciation to the Chairman and the
panel for accommodating my schedule which allowed me to appear
with you this morning. I think it's another in a series of very
critical issues that you're dealing with, and we look forward
to continuing this dialog and working together as we move
through, as Senator Dodd noted, the remaining 455 days.
Than you all.
OPENING STATEMENT OF HON. ROBERT F. BENNETT, A U.S. SENATOR
FROM UTAH, CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 2000
TECHNOLOGY PROBLEM
Chairman Bennett. I had made reference to the First Alert
system in my opening statement, which I deferred until now. Let
me go through that so that everyone can understand what we're
talking about.
We have noted a potentially serious oversight and at the
same time unique opportunity with respect to the millennium
change. We tune into the National Weather Service and say
what's going to happen with the hurricane and hope that they
can give us an advance alert. But with respect to Y2K, because
of the way the world is organized, we will have an advance
alert in the form of one hour at a time moving through the
world's clocks.
With the vice-chairman, Senator Dodd, and Senator Collins,
I am announcing the committee's pledge to establish a Y2K First
Alert system that will enable citizens of the United States to
have up to 17 hours of advance warning of the nature of the
Year 2000 disruptions. Just think about the time zones around
the world. Citizens living west of the Eastern Standard Time
zone will have progressively more advanced notice. In Utah,
we'll have 19 hours of advanced notice, and citizens in Hawaii
and those in the farthest reaches of Alaska would have almost a
full day advance warning.
Vice Chairman Dodd. How much do Susan and I get?
Chairman Bennett. You're stuck with 17 hours.
The new day begins at a spot in the middle of the Pacific
Ocean, 17 time zones earlier than Eastern Standard Time. If the
Y2K bug is potent enough to cause immediate problems in
information systems and embedded chips, you will have a 17-hour
description of what those problems are and it will move
progressively around the world.
The stroke of midnight in Wellington, New Zealand won't
occur in the United States until 17 hours later, and then in
California 3 hours after that and so on.
We think it's foolish not to use this advance notice and
we're going to do what we can to make sure that the
implementation of a 17-hour advance watch system is created.
Frankly, Mr. Suiter, we'll be working closely with FEMA to have
you work with us within the context of your existing authority
to achieve this goal.
Now, we've been talking about preparedness. I have had a
chart prepared, over here to my right. I will just walk you
through it so that everybody can understand why we are focusing
on that here today.
Let's take a fire, as depicted in this picture, that occurs
in a high-rise building. I will walk through the various places
where we could have problems.
Vice Chairman Dodd. Just let me say that I thoroughly
endorse the Chairman's idea here on this. He has announced it
for all of us, but I think it's really the kind of far-
sightedness that I think is going to be tremendously helpful.
So before you move your charts, I just wanted the record to
reflect that I think this is a very sound and wise suggestion.
Hopefully we'll discover early on that there's not much to
worry about, but if there is, it will be of some help to us. I
commend you for it.
Chairman Bennett. Thank you.
On this burning building, the alarm on the premises would
have to operate correctly to warn that a fire had broken out.
Has the alarm system been certified as Y2K compliant? Then it
would automatically alert the fire department through a 911
call. Does the telecommunications system that handles the 911
call have Y2K problems, and has the 911 system that receives
the call been remediated to be Y2K compliant?
Now, the computer aided dispatch. The call comes in from
the building, everything is compliant, and now we dispatch the
fire truck. That system has computers in it. Is it Y2K
compliant in order to make the right kind of dispatch, or is
there a contingency plan in place in case that fails?
The emergency vehicles start on their way. They have to be
fueled. How about the city government fuel pumps, are they
compliant, so that the emergency vehicle can get there? If not,
again, is a contingency plan in place with alternative
agreements struck between the city and local gas stations?
Now, there needs to be personnel on that truck, and the
scheduling tool that sets shifts for people to come to work
probably is computer operated and it needs to be checked so
that the personnel are scheduled properly.
The traffic signals along the route to get there need to be
compliant so that you don't have gridlock that the emergency
vehicle can't get around. Has the local transportation
department examined these?
So let's assume that all of those are proper and you get to
the scene, the firefighters now need a reliable source of
water. What about the local water supply, is it dependent on
any kind of central pumping system and will there be water in
the fire hydrant?
Medical equipment on the scene. This harks back to the
hearing that Senator Dodd spearheaded for us, is all of the
medical equipment in the paramedic's truck Y2K compliant and
will it work? Of course, we have already gone through the very
basic question of whether we have power overall. Was the fire
department able to check its database to see if the hazardous
inflammable equipment stored at this location was compliant?
And so on and son on.
So here we have a single burning building, but it
illustrates the complexity of the Y2K difficulty that could hit
us everywhere.
[The prepared statement of Chairman Bennett can be found in
the appendix.]
Chairman Bennett. Now, the vote has been called.
Mr. Suiter, do you have a comment on this one example of a
disaster out of your experience?
Mr. Suiter. Only that if you add the thousands of buildings
all across the United States that might experience the same
thing at the same time, you're exactly correct in your
characterization of the problem.
The only thing to add is the additional unknown of what is
the Y2K impact on that if these systems fail. If we were to
take you from Baton Rouge, LA all the way to Fort Walton Beach,
FL right now, you would have seen that almost all of those
systems failed in terms of what we depend upon for as single
house fire or a single building fire, in terms of all the power
outages. We had no traffic control system; water pumps were
down to pump the water. So the whole system is dependent on
manual back-up systems, that someone who knows that community,
understands their responsibility, can operate even if some of
these critical systems fail.
The part that we have to really be reporting back to you
on, and soon, though, is what is the impact of Y2K if all these
systems fail simultaneously and communities don't have a back-
up plan for how they're going to respond to this.
We agree with you 100 percent. It was from your staffs that
we got the idea of the advance warning program. That's why our
people are working on it, and we plan to continue to work with
you and to get suggestions from you, but also to offer to you
what we plan to do in that area. We will be speeding it up.
That's a very important characterization and I would like to
use it.
Chairman Bennett. It's not copyrighted.
Mr. Suiter. Thank you.
Chairman Bennett. You can have the picture and the chart
and, as far as I'm concerned, drop it out of B-29's over the
local populace.
Mr. Suiter. We plan to do just about that, sir, in our
outreach program.
Chairman Bennett. OK. A vote has been called, so the
committee will stand in recess until we can----
Vice Chairman Dodd. Mr. Chairman, I have an opening set of
remarks. Maybe I could do that while you go vote, instead of
taking the time later, and then when we come back we can go
right to the questions. All right.
Vice Chairman Dodd. I would like to make some opening
comments in support of what you're suggesting.
Chairman Bennett. OK. Very good. We will turn the gavel
over to you and we'll get back in time for you to go vote.
Vice Chairman Dodd. And I promise not to pass any
legislation in your absence. [Laughter.]
Chairman Bennett. Since we don't have any legislative
authority, that's probably a safe promise.
STATEMENT OF HON. CHRISTOPHER J. DODD, A U.S. SENATOR FROM
CONNECTICUT, VICE CHAIRMAN, SPECIAL COMMITTEE ON THE YEAR 2000
TECHNOLOGY PROBLEM
Vice Chairman Dodd. Well, that has never stopped committees
around here from trying anyway.
I thank you, Mr. Chairman. Again, I want to commend FEMA,
and I know all of our colleagues have been doing just a great
job. I wanted to begin and end my remarks with that and
emphasize what I think is important in this area as well and
sort of encourage you. I'm looking forward to hearing from
Governor Leavitt and some of our local folks as well.
Getting people to think about this is really, about 80
percent of it is getting people to think this and asking each
other the questions about how do we respond to this stuff, it
really takes us a good distance down the road of addressing the
potential problems we face here.
Again, with the various sectors that we're all aware of
here--in fact, we will be holding soon a general business
hearing, with an emphasis on small business, just another
aspect of this.
Today, of course, as we have heard already, we are going to
review emergency preparedness and disaster relief at the
national, State and local level. Indeed, few functions of
government are more fundamental and important than our
government's readiness to respond to the needs of its citizens
in emergencies.
These emergencies, again as we've all noted today, can be
on a grand scale, such as floods, tornadoes and earthquakes, or
they can be personal emergencies, where one person may need the
police, the fire department, or an ambulance. In all of these
situations, there is a shared common denominator, and that is
communication systems that receive the calls and direct the
responses to those emergencies. Most importantly, these systems
may be very vulnerable to Year 2000 problems.
Sophisticated information technology systems serve as
important tools for law enforcement today. Systems such as the
National Crime Information Center, or NCIC, the National Law
Enforcement Telecommunications System, or NLETS, and individual
criminal information data system operated by each State, enable
officers to obtain the most updated information on wanted
persons, stolen vehicles, criminal histories, and Department of
Motor Vehicle records. The ability to dependably and quickly
access such information is essential both to officer safety and
to the speedy and effective administration of justice at all
levels.
A recent survey--and I found these statistics interesting--
conducted on the effectiveness of NCIC indicates that during a
1-year period, 81,750 ``wanted'' persons were found, 113,292
individuals were arrested, 39,268 missing juveniles and 8,549
missing adults were located, and 110,681 cars valued at over
$570 million were recovered as a result of NCIC's use.
The good news is that we have been assured that this system
will be fully able to meet its Year 2000 challenge, and that
its links to the systems of all 50 States will remain fully
operational. The challenge for local law enforcement agencies
is to be sure that their own links to these vital information
systems, and any similar systems which they might operate on a
regional or agency wide level, are both compliant and
compatible with the larger systems.
Also, at the local agency level, there often is a great
deal of interconnectivity between some of the emergency service
department's records systems and those of other city agencies,
such as the court system, the corrections department, and even
local utility companies, thus increasing the potential for Y2K
related problems in this area.
As we have found to be true in so many other areas, Y2K's
presence is insidious in the area of emergency services. One
major police department related to our staff that its city
government was required to remediate their gasoline pumps in
order to assure that gasoline would continue to flow to its
patrol cars on January 1, 2000. I wonder how many departments
have made a similar assessment.
This problem had the potential effect of an entire fleet of
city government-owned vehicles being shut down. In this
particular case, the computerized gasoline pumps perform a time
and date calculation based upon the last time a particular gas
credit card was used to fuel a vehicle and, therefore, was
vulnerable to the Y2K issue. In other case, the sheriff of a
large western county related that his department was currently
examining its computerized detention files which are used to
track ``time in'' and ``time out'' of the county jail facility,
as well as hearing date information for inmates.
According to the Bureau of Justice Statistics, there are
over 17,000 police and sheriff departments in the United
States. The International Association of Fire Chiefs estimates
that there are 32,000 fire departments in this country. We also
should not overlook the fact that approximately 65 percent of
our country's Emergency Medical Service agencies reside within
the organizational structure of our Nation's fire departments.
I think these statistics clearly indicate to all that the
potential scope of the emergency service sector at the State,
county and local levels of our Nation is enormous. The task of
assuring that each of these agencies meets the challenge of
providing uninterrupted and reliable service in the Year 2000
is an immense one. It is a task that must be tackled at each
and every city, township, county and State government in the
Nation.
In addition to the technical aspect of Y2K vulnerabilities,
we must also consider the possibility that January 1, 2000 may
bring with it an enormous increase in the demand for service
from our emergency response agencies. Will there be an increase
in the need for additional traffic control personnel in the
event of certain Y2K failures in the transportation sector? How
many additional elevator extrications will the fire departments
be called upon to perform? None, we hope, but these are all
things that we must consider as we plan.
While the preparedness of emergency service agencies is the
most vital aspect of Y2K preparation for State, county and
local governments, we must recognize that it surely is not the
only Y2K problem that those governments will face. It is, in
fact, only one aspect of the much larger Y2K challenge
confronting the mayors, city and county executives, as we'll be
hearing from shortly from around our Nation.
Again, I want to commend FEMA for what it has done in these
other emergencies, the natural disasters. But there are a lot
of these questions that I hope are being raised at the local
level as they think through and examine--I wouldn't have
thought that a gasoline pump or county vehicles would be an
issue, but yet this smart town made that assessment and found
out it was a problem, and had they not fixed it, would have
faced a situation of those pumps shutting down. It might mean
nothing if nothing else happened. If you had a major problem in
your city, it could really be a serious, serious issue.
Again, I'm not an alarmist about this. We have time on our
hands. But I think what Senator Bennett has been doing will
raise the level of awareness, to get people to think about
this. It doesn't take much time to think about it and take a
good hard look at what exists, what potential problems exist. I
think it's just the wise thing to do.
Again, I appreciate the patience of the audience in listing
to this, but I wanted to share those statistics, which I
thought were fascinating, in terms of the numbers of
interconnections that exist around the country.
With that, the committee will stand in recess for a few
minutes until the Chairman comes back.
[Recess.]
[The prepared statement of Vice Chairman Dodd can be found
in the appendix.]
Chairman Bennett. The committee will come to order.
We apologize for the fact that the Senate has a way of
intruding on our business. They require us to vote and that is,
of course, what we're here for. So we appreciate the indulgence
of the witnesses. The other Senators will be back, I'm sure,
after they have voted.
We now turn our attention to governmental activity outside
the Federal level. I would like to lead a discussion with those
at the State and local levels who must respond to the challenge
of the Year 2000.
I would like to refer to another chart in anticipation of
our witness for the Governors, entitled ``The Year 2000 Status
of the 50 States''. It's right next to the burning building
over there. That's not a deliberate juxtaposition; that's just
kind of the way it got placed.
It shows the state of readiness of the 50 States. The first
blue block, for those of you who can't read the label, says
``Uncertain''. That is just under 10 percent. Level I means
they're getting started, they have identified a champion or
tsar, working on awareness, and beginning an inventory of the
problem. Again, that's just under 10 percent.
At Level II, developed a detailed inventory of operational
dependencies. That's the third block over from Uncertain and
Level I.
Level III, or the fourth block over, has a project plan
completed, resources assigned, made detailed risk assessment,
they remediate and test 20 percent of the mission critical
systems, reviewing their vendors, and they are completing
contingency plans. That, of course, is up to almost half the
States.
The next two levels, while there is a small blue square
there, in fact, are at zero. Level IV would be completing
remediation and testing of the remaining 80 percent of mission
critical systems, with contingency strategies implemented for
mission critical dependencies. In Level V, remaining systems
and dependencies completed and policies in place to avoid
noncompliant issues after compliance is reached.
Now, the source for this information is the Gartner Group.
If Senator Dodd were here, he would point out that they are
located in Connecticut. We don't know that these numbers are
exactly precise, but that's the first cut that has been made by
a group who have spent a great deal of time on this issue and
that's their assessment of where we are.
[The referred chart can be found in the appendix.]
Chairman Bennett. We will hear from Governor Leavitt. We
understand the self-reported numbers from these States are
different from the numbers from the Gartner Group, and we will
explore that.
I am also happy to point out that the National League of
Cities and the National Association of Counties is putting out
this packet called ``Y2K and You''. It consists of a folder
with some useful information in it, and this little bulge in
the packet is a videotape that addresses it. Here is the
folder. It has a ``Guide to Y2K and You'', and then in the
other part of the folder an overview of frequently asked
questions, hot buttons, Y2K dos and don'ts, and cooperating
organizations. This is useful information from the National
League of Cities and the National Association of Counties.
Then here is an example of a Metropolitan Washington
Council of Governments publication, ``Year 2000 Best Practices
Manual.'' This shows the kind of effort that is being made, at
least in the greater Washington area. The one question I keep
getting asked and can't answer, which may be in this: ``Is
Metro going to work in the Year 2000?'' We will try to find
that out, and as soon as we do, we will report it.
I do not have a corresponding chart for cities and
counties. This kind of information is very encouraging, but I
do not know anyone who has attempted to assess the state of
awareness in cities and counties the way the Gartner Group has
done for the States. I share that with you to set the stage for
the conversations that we are now going to have.
We welcome to the panel Gov. Michael Leavitt. He comes from
a State that I consider enormously outstanding. He is the
Governor of my home State of Utah. He and I share the
distinction of both having finished second in the party
conventions, where we sought our party's nomination in 1992. He
was a close second; I was a very distant second. In the primary
that was subsequently created by that, he won his primary very
handily and I did it just by a hairs breadth. But close only
counts in horseshoes and hand grenades. If you win, you win, in
politics.
Governor Leavitt has been an outstanding chief executive of
the State, and sometimes we get together and reminisce on our
days in the political trenches. Governor, we're delighted to
have you here. He will be the Chairman of the National
Governors Conference during the year that the governors will be
discussing and grappling with Y2K problems, so he is a logical
spokesman for the governors.
Senator Smith. Mr. Chairman, as one whose paternal ancestry
is also from Utah, I would like to say that I think Utah is at
least the second-best State in the Union. [Laughter.]
Chairman Bennett. I think we had better move on before the
other members of the committee get here. But we appreciate
that.
Governor Leavitt. That wasn't a logical follow up to
Senator Bennett's suggestion that second was attractive, I
guess. [Laughter.]
Chairman Bennett. With the Governor on the panel we will
have Maj. Gen. Edward Philbin, who is the Executive Director of
the National Guard Association; John Thomas Flynn, who is the
chief information officer of the State of California and
president of the National Association of State Information
Resource Executives; and Miss Ellen Gordon, who is
administrator of the State of Iowa's Division of Emergency
Management, and she is president of the National Emergency
Management Association.
Miss Gordon, I understand you have an airplane to catch,
too, so if the other gentlemen will indulge us, we will hear
first from the Governor and then go directly to Miss Gordon so
that she can meet her schedule.
Governor Leavitt, again we're honored and delighted to have
you here. If you have the wherewithal to argue with the Gartner
Group, we'll be glad to hear that, too.
STATEMENT OF HON. MICHAEL O. LEAVITT, GOVERNOR OF THE STATE OF
UTAH
Governor Leavitt. Thank you, Senator.
I think, while there may be some variety in the numbers, I
think the conclusion of the chart and the report of the Gartner
Group is consistent with the testimony that I will present to
you today.
Among the States there is substantial progress, but
progress has varied. For some it is significant, advanced to
the point where testing is already underway, including testing
of law enforcement and emergency management systems; other
States are just getting started.
There is also a variety of degrees of collaboration between
State and local jurisdictions. Most States, I think, are
entirely conscious of this dilemma, and they understand the
need to work cooperatively with local jurisdictions. They are
working very feverishly now, and I think the pace is increasing
as we get closer to continue that function.
The National Governors Association, like many other
organizations of its type, are doing what they can to help
their members. We had a summit in July of this year, the ``Year
2000 State Summit'', attended by senior-level policy people
from nearly every State. We have also provided a lot of written
material and papers that are available.
We welcome, as an association, I might add, the passage of
the ``Good Samaritan'' legislation that was authored and
sponsored by members of this committee, as being an important
step forward in our preparation.
It may be valuable for me to take a moment or two and talk
about some of the things that are happening in Utah, simply
because those are the ones that I know the best. And while in
my judgment there is no State that stands head and shoulders
above as a sterling example of its preparation, I think we are
doing things that other States may share in and we're looking
very anxiously to learn from them.
Utah is moving forward. In essence, we have concluded that
we can cover the problems that we know about. As in every other
case, it's the problems we don't know about that worry us.
In the realm of the known, while we are not yet compliant,
it is measurable for us. We are measuring it on a month-to-
month basis. Among those areas that we have identified as known
problems, or known systems of potential problems, we deem
ourselves at this point to be 51 percent compliant among those
systems. We are currently testing 600 different information
technology systems within our State.
One of the most important things that we have done--and it
happened really in a way that was not intended simply to deal
with the Year 2000 programs--we have developed an alternative
site where we have literally duplicated all of our systems for
the purpose of emergency management. We have developed that
``alternative site'' in a little town called Richfield, which
is 130 miles south of Salt Lake City, as a testing center.
All of our major systems now are being taken to that
testing center and we are rolling it forward to the Year 2000,
to two/zero/zero/zero, and testing the system to see what
occurs. We are finding that there are problems, some that would
be anticipated and many that would not be. This has been a very
helpful facility, one that as we finish our testing we're
anxious and willing to make available to local government
jurisdictions as well.
Half of the State's database and mainframe resources, as I
mentioned, we have found to be compliant, and we're working on
the others. We are going through a prioritization system,
obviously to make certain that the systems we work on first are
the most important. Those pertaining to public health and
safety and so forth are being prioritized.
Obviously, the unknown component of Y2K is what we're the
most worried about. We are developing contingency plans, what
the State will do if information technology systems are not
remedied in time, and then how we will deal with the systems
during a breakdown in the infrastructure, if that were to
occur.
Now, we have directed all of the State agencies to provide
contingency plans. We have set a deadline of December 31, 1998.
Again, I think this is consistent with what many other States
are doing. My colleagues on the panel will be able to validate
or tell about their suggestions.
One rule we have found is that, the more we look, the more
we find, and the more we find, the more it costs. We have
identified costs on Y2K in our relatively small State in excess
of $50 million already.
Gratefully, we began some years ago working on the re-
development of some of our major systems. As we have done that,
we have made them Y2K compliant. We have not included the
entire cost of that resystemization in that $50 million, so we
and other States are developing a substantial amount of
resources to go into this.
We are working very closely with every State agency dealing
with Comprehensive Emergency Management. We are working closely
with FEMA and others to make certain that we are there. I might
just say--and my time is rapidly coming to a close--that
perhaps one of the most important things we're doing is
coordinating in our State the work of local governments, not
just in terms of their own Y2K compliance, but their
interaction with us and Federal agencies.
We have also called together all of the financial
institutions in our State, all of the utilities in our State,
all of the major public systems, and asked them to demonstrate
to us their compliance--all on a voluntary basis. I must say
that, for the most part, they have been very willing to do
that. This is a problem that is so broad in its scope that no
government agency is able to solve it. We all have to do our
share. I think it's safe to say, Mr. Chairman, that the States
are doing that, to varying degrees, and hopefully they will be
compliant by the Year 2000.
Thank you.
[The prepared statement of Governor Leavitt can be found in
the appendix.]
Chairman Bennett. Thank you very much, Governor. We
appreciate that. We will be back to you with questions.
Miss Gordon.
STATEMENT OF ELLEN GORDON, PRESIDENT, NATIONAL EMERGENCY
MANAGEMENT ASSOCIATION
Ms. Gordon. Thank you. Good morning, Mr. Chairman, and
members of the committee.
My name is Ellen Gordon and I represent and appear before
you today on behalf of the National Emergency Management
Association, and Governor Branstad, as his emergency management
director.
On behalf of the association, I thank you for this
opportunity to provide input and to appear before you today to
discuss this very serious issue as it relates to emergency
preparedness, response and recovery. We commend you on the
seriousness with which you're taking on this issue, because we
understand and realize that there will be consequences that we
potentially could be faced with in responding.
I will summarize my remarks in the interest of time.
NEMA represents the State directors, as you mentioned
earlier, of all emergency management in the States and
territories and we are responsible to our Governors for
ensuring that the public's life and safety is taken very
seriously and to protect it from disasters and emergencies.
State emergency managers are well aware of the Year 2000 issue,
particularly the possibility that we may be called upon to
respond to those consequences of Y2K technology failure or
disruption.
NEMA recently conducted a very quick survey, just asking
some very basic questions of our State emergency management
agencies on the overall awareness of Y2K issues. It yielded the
following information. Again, I stress that it was very basic
questions that we asked, in a very quick survey. This is just
to get a feel for what's going on out there as it relates to
emergency management.
All of our State emergency management directors reported
that the Y2K programs for State agencies and the State Y2K
programs differ in organization and implementation strategies,
as Governor Leavitt just pointed out. Many of these agencies,
however, are working with the emergency management agencies
within each of the States and are coordinating, marrying each
other up with information technology departments and emergency
management, so that is occurring, which is good news.
All State emergency managers indicate their emergency
operation centers will or are currently compliant for the Y2K
technology issue. We find that to be a very serious issue for a
State to be able to respond to any disruption, because if our
State centers are not operational, we will not be able to
coordinate effectively the State resources.
All States believe that their emergency management systems
that are owned and operated by the State will be Y2K compliant.
At this time most States cannot assure that the emergency
management systems being utilized by local governments will be
Y2K compliant. For example, what you were discussing earlier
this morning, the 911 centers, and all the critical
infrastructure it takes to protect public health and safety.
NEMA believes that the Y2K issues in emergency management
systems, especially at local government levels, needs some
focused leadership from State government. We are going to be
working closely with our local governments throughout our
States, as Governor Leavitt stated, to provide some leadership
and some coordination, and make sure the information flow is
going to local governments.
Since all disasters typically involve local emergency
management agencies first, NEMA believes it is important to
determine the impact of Y2K on local emergency management
systems which could produce deficiencies in providing for the
public health and safety. As President of NEMA, I am urging all
State emergency management directors to provide information and
assistance, as appropriate, to their local emergency management
agencies. It is imperative that capabilities be in place and
ready to respond to the consequences of a potential Y2K
technology disruption.
As we find significant problems in emergency management
systems, I intend to immediately advise the Director of FEMA of
any major shortfall in local government emergency management
systems and seek assistance and solutions to preclude adverse
impact on the public. Hopefully, the partnership of NEMA and
FEMA can help local governments avoid significant adverse
consequences of the Y2K dilemma--not that all the answers lie
there, but that's at least one major step that we are working
on and working very closely with FEMA.
As I stated, local government has the front line of
authority and responsibility for events or emergencies.
However, if the emergency overwhelms local resources or
capabilities, the State then provides assistance and resources
as determined in our State Emergency Operations Plan. The role
of State emergency management is to coordinate and provide the
State assistance as required during a disaster or emergency,
regardless of whether the disaster is a tornado, hurricane,
blizzard, civil riot, or a Y2K-related disaster.
These responsibilities are common to every State's
emergency operations plan. Most State agencies, not only the
emergency management agency, but most State agencies have
disaster preparedness plans that include all hazards
preparedness, response and recovery procedures. Almost all
State and local government emergency management agencies have
infrastructures in place to coordinate their agency's role in
disaster response and recovery.
As I alluded to earlier, there are emergency operations
centers throughout the country. However, the degree of that
capability varies. Some States, some local governments, will
have a better capability than others.
As such, NEMA anticipates the Y2K problem will be dealt
with much the same as any other disaster, through an integrated
and coordinated emergency response system. The resources and
types of people needed may differ for a Y2K event, but the
emergency response system itself will remain the same from the
information that we know today.
Regarding interstate cooperation, NEMA administers the
national Emergency Management Assistance Compact, EMAC, an
interstate mutual aid agreement, a system for us to provide
resources rapidly to supplement Federal assistance, when
merited, or to replace Federal assistance when it is not. The
EMAC agreement establishes our legal mechanism and operational
procedures to facilitate the rapid disaster response, using
personnel, equipment and materials from 23 States and 1
territory.
The compact has been tested extensively this year during
the Florida wildfires and Hurricane Bonnie and has proven to be
an efficient and effective system for States to help each other
during disasters. As we speak, a number of our EMAC member
States are providing assistance to the Gulf States impacted by
Hurricane Georges.
Interstate mutual aid may prove extremely beneficial should
the infrastructure fail in a Y2K scenario, particularly if only
a few areas within a State or region are impacted. However,
should all States be impacted in a significant manner, mutual
aid between States may not be possible. Individual States would
not be able to spare limited personnel or resources outside
State boundaries. So these are some things that we're taking
into consideration as we're working with FEMA on what we can
expect the Federal emergency response plan will be able to
deploy if a State needs Federal assistance.
In conclusion, NEMA, with the support of its member States
and territories, and in partnership with FEMA, is working to
determine that Statewide emergency management systems are Y2K
compliant and, if not, what needs to be done to be responsive
to disruption or failure. Many State emergency management
agencies already have plans to activate their emergency
operations centers on December 31st, and watching the reference
to the 17-hour issue that you talked about earlier. Many of us
will activate our EOC's on whatever the appropriate time is
back from an event when we start being able to get information
based on the alert information.
These Y2K preparedness activities are a part of our mission
to coordinate and facilitate resources to minimize the impact
of disasters and emergencies on people, property, the economy
and the environment.
The most immediate need is for States to work with their
local governments to identify potential system failures and
make sure the contingency plans are there to manage the
consequences of those failures. In addition, the States need
more information and guidance from the Federal Government as to
what assistance will be made available to State and local
governments in a Y2K emergency, particularly if it becomes
multi-state.
Thank you again for inviting NEMA to provide this
testimony. I will be happy to answer questions. I don't have to
leave for about a half an hour.
[The prepared statement of Ms. Gordon can be found in the
appendix.]
Chairman Bennett. Thank you very much.
General Philbin.
STATEMENT OF MAJ. GEN. EDWARD J. PHILBIN, USAF [RET], EXECUTIVE
DIRECTOR, NATIONAL GUARD ASSOCIATION OF THE UNITED STATES
General Philbin. Thank you, Mr. Chairman, Senators. I am Ed
Philbin, the executive director of the National Guard
Association of the United States, based here in Washington. I
am here today to offer opinions on the problems that may arise
as a result of noncompliant computers and computer-dependent
systems that are unable to transition through midnight, 31
December, 1999, and also to address the role the National Guard
could and probably will play in managing emergencies arising
from those problems.
My testimony generally reflects the opinions of the
association and its members, who are the commissioned and
warrant officers of the Army and Air National Guard. It should
not be construed as representing the official positions of the
Department of Defense or of the National Guard Bureau within
the Department of Defense.
It is increasingly evident that an appreciable part of the
Nation's infrastructure could be adversely affected in some way
by what is commonly referred to as the Y2K problem. In general,
the National Guard has the capacity to provide military support
to civilian authorities, and can contribute a myriad of human
and equipment resources to restore essential operations
disrupted by Y2K generated incidents.
Considering the possibilities of a large-scale disruption
of governmental, commercial and other routine daily activities,
it is certain that the National Guard will be among the first
organizations activated to assist in the revitalization of the
Nation's computer dependent infrastructure. As with hurricanes,
floods and other incidents requiring quick reaction by a well-
trained and well-equipped on-site team, no other organization
will be able to respond in support of police, fire fighting,
and other civilian emergency responders to major crisis
situations that may be caused by Y2K disruptions as well as the
National Guard. The National Guard's practiced interaction with
State and local organizations, and its connections to the
National Command Authority, provide a unique emergency response
capability not found in any other Federal or State
organization.
The immediate need, as Senator Dodd pointed out, is to
determine what responsibilities the Guard will be expected to
assume in the management of the Y2K related problems, that many
analysts have forecast, will have the potential to trigger the
destabilization of societal functions. The National Guard needs
to be prepared to assist in maintaining or reestablishing
essential stability in the civil sector.
I suggest that the Department of Defense must develop a
clear concept of how the National Guard will be required to
respond to the spectrum of problems that could be created by a
Y2K disruption. The DOD, through the Chief of the National
Guard Bureau--who by law is the channel of communication
between the Federal Government and the States--must now
coordinate with the Adjutants General and the Governors to
determine the likely, locality specific scenarios that may
arise in a Y2K situation.
The DOD should also assist the Governors and State
emergency response coordinators to ensure that the National
Guard itself will not be impaired by the effects of a Y2K
incident at a time when it will be most needed.
I suspect that, to date, this has not been a priority
effort on the part of the DOD, even though to properly prepare
for possible Y2K disruptions, the Office of the Secretary of
Defense must be cognizant of the necessity of ensuring that the
National Guard is fully capable of responding to any such
technical breakdown.
We must be certain that the National Guard will not itself
be a victim of any Y2K disruption. All National Guard units in
3,200 locations throughout the Nation must possess computer
dependent equipment that is Y2K compliant. Responding to the
consequences of these disruptions will be futile if the
National Guard's operations are plagued by the very
consequences the Guard is attempting to manage.
It is critical that the Y2K response requirements of the
National Guard be fully funded to ensure that it is able to
respond quickly and effectively to the needs of the community.
I respectfully request, Mr. Chairman, that this committee urge
the Senate to provide full funding for Y2K compliance upgrading
of National Guard equipment as one of the highest priorities
for such funding, since the Guard will be among the first
responders to a Y2K incident, together with police, fire
fighting and other civilian emergency response personnel.
The critical first step in ensuring that the National Guard
will be fully prepared for a possible Y2K calamity is the
collection and sharing of information. When I was Commander of
the New Jersey Air National Guard, the State Adjutant General
for the first time requested all of his commanders to conduct a
survey to identify all of the Army and Air Guard resources that
could be made available in response to a State emergency.
My survey of the New Jersey Air National Guard identified
what was to me a surprisingly long list of both mundane and
sophisticated equipment which could be useful in responding to
a State emergency. I strongly recommend that such a survey of
the available resources of both the Army and Air National Guard
of each State and territory be conducted prior to midnight on
31 December, 1999.
Equally important, we must determine how the National Guard
will interact with the Federal Emergency Management Agency and
the DOD in response to Y2K induced emergencies. Command and
control of multiple agencies must result in mutual support
rather than multiple collisions in addressing emergency
situations. Therefore, a comprehensive study should be
conducted on the potential roles of and the interaction between
the FEMA, the DOD, and the National Guard of the various States
and territories in response to Y2K induced problems.
I applaud the recent inclusion of the National Guard for
the first time in the President's Y2K subcommittee on emergency
response, chaired by FEMA, and I believe that the subcommittee,
with the DOD, National Guard Bureau and the Adjutants General,
must develop a cohesive strategy that prepares this country for
any event of mass effect leading up to and after midnight, 31
December, 1999.
Mr. Chairman, let me stress the need for the Adjutants
General to play an important role in the development of this
strategy. In most cases, it will be the Adjutants General who
will integrate the planning efforts for their respective States
with those to be developed by the National Command Authority.
As you are aware, the Quadrennial Defense Review
highlighted the role of the National Guard in homeland defense
of the United States. While the Guard stands ready to meet the
needs of the citizenry during any Y2K incident, it is important
that, in preparing for that eventuality, the National Guard's
ability to respond to its Total Force mission of rapidly
expanding our Army and Air Force in response to a national
threat not be denigrated.
Funding for current combat readiness resources should not
be the source of enhancing the Guard's ability to respond to a
Y2K event. As an example, it is becoming increasingly evident
that the current structure of the active duty Army cannot
execute the current two Major Theater Wars strategy without the
assistance of the Army National Guard combat divisions and
brigades. This increased dependency on the National Guard
requires increased, not decreased, combat readiness resourcing
to enable the Guard to accomplish its historic combat mission.
Mere reallocation of current funding to Y2K missions will have
a negative effect upon the National Guard's ability to recruit,
train and keep our soldiers and airmen combat ready to respond
at a moments notice to a national threat.
The Year 2000 challenges present an emergency scenario
unlike any other in our Nation's history. Our technological
society has grown extremely dependent upon the continuity of
computer driven systems and networks and, as a consequence, the
Nation's vulnerability has increased appreciably. Any
significant disruption of our computer dependent infrastructure
could result in a significant societal disruption. However,
with the cooperative interaction of Federal and State
governments, the military, the private sector, and with serious
advance preparation, the impact of such an event on the
American people can be significantly reduced, if not totally
eliminated.
Mr. Chairman, thank you very much for the opportunity to
offer the opinion of the National Guard Association on the
readiness of the Guard to deal with these potential
emergencies. As we have for over 3\1/2\ centuries, the National
Guard of the United States, both Army and Air, stands ready to
protect the Nation against military threats and local
disasters.
I would be happy to answer any questions you might have,
sir.
[The prepared statement of General Philbin can be found in
the appendix.]
Chairman Bennett. Thank you very much.
Mr. Flynn, you represent the largest State in the country,
and perhaps the one we're focusing on the most.
STATEMENT OF JOHN THOMAS FLYNN, PRESIDENT, NATIONAL ASSOCIATION
OF STATE INFORMATION RESOURCE EXECUTIVES
Mr. Flynn. Thank you. My name is John Thomas Flynn, and I
speak before you today as President of the National Association
of State Information Resource Executives, which represents the
chief information officers of the States, and also as Governor
Pete Wilson's chief information officer in California.
First of all, I want to express my appreciation for the
opportunity to update this committee on Year 2000 readiness,
and particularly as it affects emergency preparedness.
I'll get right to the point. As to the States overall
remediation efforts, compliance among the 50 States with all
aspects of mission critical systems ranged individually from
below 10 percent to over 90 percent. I would point out that
these figures are based upon NASIRE's self-reporting online
survey, a hard copy of which I have provided to this committee.
This report, the latest results of the survey, which in
many cases were done just in the last several weeks, just under
half, 24 of the States, have completed remediation of at least
50 percent--that's 50 percent of their mission-critical
systems. There is no State that I know of that has announced
itself to be 100 percent complete, and in addition, due to the
various interpretations surrounding this term ``completeness'',
as well as the legal ramifications involved, we may not see
total compliance claimed until after January 1 of the Year
2000.
I have also submitted a column that I wrote on this topic
of completeness for Government Computer News for the committee.
Chairman Bennett. That will be included in the record. Mr.
Flynn. That's right.
As the remediation process has evolved from addressing
software applications and interfaces, desktop systems and
embedded technologies, a key focus of activity in the States
has involved contingency planning, operational recovery and of
particular importance to this hearing today, emergency
preparedness.
As to the general condition of the States' emergency
preparedness and the readiness of State emergency response
agencies, I would offer the following. Disaster relief services
are facets of a civilized society that citizens should be able
to depend on. Obviously, we could imagine the residents of New
Orleans or the Florida Keys managing without State emergency
and disaster assistance as a result of the hurricane. Also, you
may recall that earlier this year there was a total blackout, a
power blackout, that occurred for weeks in the central business
district of Auckland, New Zealand. Or you might recall the
Galaxy 4 satellite that put 50 million pagers out of
commission, with one satellite and 50 million customers
affected. When you think about how many lives are touched by
one action or, in this case, inaction, you understand the
magnitude of the Year 2000 situation.
Regarding specific emergency preparedness issues, 11 States
responded to a NASIRE survey, which I have also listed in my
written report to this committee.
The NASIRE Chief Information Officers reported that close
working relationships have been established with their
emergency management organizations, and their mission critical
system remediation for those particular emergency agencies has
been given the highest priority in the States.
I could give a few specifics. Governor Leavitt already
mentioned some of the fine work that's going on in the State of
Utah under his Chief Information Officer, David Moon. The State
of Arizona, with John Kelly the CIO there, has biweekly
meetings with their Y2K coordinators from the Public Utility
Commission, the Attorney General's office, the Office of the
Courts, and the Department of Emergency and Military Affairs.
Staff representatives from both Senators McCain and Kyl were
recently invited to these meetings.
The Colorado 2000 Council has asked the Colorado Office of
Emergency Management and the Federal Emergency Management
Association to participate in Colorado's Council. This council
is a coalition of public and private industries representing
critical service sectors such as telecommunications, public
safety, and water, just to name a few.
I would also point out that New York's Governor Pataki, his
Office of Technology and State Emergency Response Offices are
working closely on a statewide Y2K emergency response plan,
which they expect to have in place during the first quarter of
1999.
In California, the Governor's Office of Emergency Services,
OES, is a stand-alone cabinet level agency, like the Department
of Information Technology, which reports directly to the
Governor.
Having this kind of authority naturally leads to quicker
and more comprehensive responses. As you know, California,
during this decade, has suffered through flood, fire, drought,
riots, and other natural disasters with responses coordinated
by this department.
As CIO for California, my office is partnering with
California OES Director, Dr. Richard Andrews, along with our
California Year 2000 Intergovernmental Task Force, which is
comprised of State, county, and city CIO's, for a Western
States Y2K Summit on Emergency Preparedness and contingency
planning scheduled for this fall. Dr. Andrews and I have been
in contact with the emergency directors, State CIO's and Y2K
managers of these States who have all voiced unanimous
enthusiasm for this endeavor. We believe that the model and
subsequent action plan we develop for this summit will be of
value to States, not only in our region but beyond.
In summary, the emergency management services, while they
do not fall directly under the responsibility of our IT
organizations, those who work in the IT environment are working
very closely with their sister agencies who are directly tied
to providing support and order during a disaster.
I thank you for the opportunity and look forward to your
questions.
[The prepared statement of Mr. Flynn can be found in the
appendix.]
Chairman Bennett. Thank you very much. I appreciate the
testimony of all of you.
Governor Leavitt, we are very interested in the Year 2000
State summit that you referred to in your testimony. Could you
tell us a little bit more about that, and then prospectively,
during your term as the head of the National Governors
Association, is there anything specific that you can see that
the Federal Government ought to be doing to help the States,
that we either are not doing or not doing well enough?
Governor Leavitt. You can get your own systems compliant. I
think the States recognize the need for us to do ours, that
local governments ought to do theirs. But the national
government systems we're all dependent upon in various ways. I
would say the national government's highest priority ought to
be getting its own house in order.
I don't say that in an accusatory way----
Chairman Bennett. Oh, no.
Governor Leavitt. I say it simply as a matter of fact.
With respect to the summit that was held, it was really a
method of being able to share among senior policy staff the
perspectives of other States. What's being done by the chief
information officers I think is a corollary to that.
It has been my experience that there is no dearth of
information about this. There is just simply a dearth of
action. Everyone has to do their part in order to this not to
have broad, social consequences.
Chairman Bennett. Do you agree that the National Guard
might well play a key role in terms of challenges with respect
to civil disorder? I can imagine a metropolitan area where the
welfare checks don't go out, turning into a really ugly
situation rather quickly if the local computers that handle the
welfare checks don't get remediated.
Governor Leavitt. As I mentioned in my testimony, Senator,
there are two levels of planning that we're going through. One
is to find those systems where we know there's a problem and to
deal with it. I think most States are going through that
process. The piece that we don't now understand is what the
implication could be for a system where we can't contemplate
the impact.
Every State, I believe, is using whatever their emergency
management method is. In our State, the National Guard has a
different role than it would in another State. In some States,
the National Guard actually handles the comprehensive emergency
management function. In other States, it is basically an
adjunct and participates. So clearly the National Guard will
play some role in every State. The issue is the degree to which
they will play a role will depend entirely on what role they
play in their individual State.
Chairman Bennett. Do you expect to have another summit?
Governor Leavitt. We expect to have an ongoing discussion
with--we are creating a network now with people who have
responsibility and are in charge, as Mr. Flynn has suggested.
One of the things that I believe has been most helpful in our
State is the creation of a very sophisticated web site that is
available not just to local governments and State agencies, but
also the private sector. The creation of user groups within the
State, our Economic Development Office, has begun to develop
user groups among small business to give them access to
information.
But the very technology that at this point imperils us also
provides us the tools of disseminating the information for
compliance. We are working mostly to create information
availability.
We have had a summit with our--we have the benefit of
having one of the great sponsors of this dilemma in our State.
Senator Bennett, you have been a voice, a voice that started
off as a voice in the wilderness, and you have come to the
point where you are well known for your early warning. But we
have had the benefit of that for some time.
So we're having meetings with our utilities, meetings with
our banks, meetings with our police and public safety people,
and we're in the process of completely redoing our system for
communication.
Another challenge right now, which has also turned out to
be an opportunity in our State, is the 2002 Winter Olympic
Games. It is causing us all to work together. So I think every
State has their own approach to it, and we will continue at the
national level at the National Governors Association to provide
information between States.
Chairman Bennett. We passed the legislation that we were
congratulating ourselves about all morning today, which will
allow businesses to share information in ways that their legal
departments may have counseled them not to do prior to the
legislation.
Do you see any impediments to the sharing of information
between States, or between the State and local government, that
we might address on the Federal level, or are you in an
atmosphere where the antitrust laws or the trial lawyers suing
you for liability is not as big a problem as it is for some
businesses?
Governor Leavitt. They are a significant worry to us,
because of the broad public responsibility we carry. For that
reason, we joined in your applause for the ``Good Samaritan''
legislation that was passed.
There may be additional legislation that I am not able to
articulate at this moment, but we will not hesitate, given the
scope of that problem, to come back to you to ask, if that's
the case. Perhaps the State CIO's would be able to respond to
that better than I.
Chairman Bennett.
Vice Chairman Dodd.
Vice Chairman Dodd. Thank you, Mr. Chairman. Welcome to all
of you. Governor, it's nice to have you with us.
Governor Leavitt. Thank you, Senator.
Vice Chairman Dodd. I appreciate the fine job you're doing.
I was just thinking, I suspect you've got to do a fine job
with Bob Bennett watching over your shoulder here, watching
what's going on.
Governor Leavitt. We have no excuse.
Vice Chairman Dodd. You're doing well.
I would point out that the national excitement over the
2000 Winter Olympics coming to Utah is obviously of great
interest in your home State, but also the Nation. So I suppose
that's an added incentive to get this all working.
You've maybe heard that Senator Bennett and I have been
constantly pushing, with 70 witnesses--and I don't know how
many hearings we've had with our Federal agencies, including
this morning. I don't know if you were in the room at the time,
but even with Mr. Koskinen and others--to try to get these
assessments in earlier and push them on the date to complete
it, so we can start dealing with agencies like FEMA, which is
of critical importance, and the National Guard. You have to
have an assessment to determine what can be done in order for
you to start making the determinations of what you are going to
need and, of course, it trickles down here to local government.
So that chart prepared by the Gartner Group--and I
appreciate the Chairman making note of the fact that it's a
fine Connecticut company, the Gartner Group, and has been a
great asset to all of us in this as they have done surveys
here. But that is a pretty low performance rate by our States.
I don't know where my own State fits into this scheme. We have
had some hearings up there, and I know John Rowland has been
interested in it. We ought to raise the profile of this a bit.
I don't know if they have a State-by-State assessment done,
but maybe we will be reaching a point where we want to do a
State-by-State assessment and let that be known. It would be an
added incentive for people to kind of get ``back on the
horse''.
Governor Leavitt. Senator, I might defer some to Mr. Flynn,
who indicated that the CIO's in the country are doing ongoing
assessments. I have required my own CIO to report to me
monthly. In all of the areas where we have identified potential
problems, we have quantified our progress. In our State we are
51 percent, as of this month, but that started in the low teens
and each month continues to increase. We believe we will be
compliant in all major systems by the Year 2000.
But we are only one State. As the Gartner report indicates,
there is a wide variety of progress. But it's important, I
believe, to acknowledge that virtually every State now is
moving forward and the trajectory is a good one.
Vice Chairman Dodd. I'm glad to hear that. As you point
out, others have as well.
There is an interconnectability here on this, with the
transportation system beginning the long list of items, where
the towns, counties and States and the national government are
so interwoven here that the collapse of a system even in a
county could have national reverberations. So I think it's
important to cite that.
This is not an easy question to ask you, and I don't know
if there is one. But if I asked you as a governor, and based on
your conversations with your colleagues, what is the single
largest concern? If there is a single large concern you have as
a governor, in your own State, or what you hear from other
governors, is there one particular item that sort of gathers
more attention than any other item, or maybe two?
Governor Leavitt. We have had some discussion about this. I
think there is a sense of confidence among governors that,
among the problems we know about, we will get them solved. I
think it is the unknown problem that haunts us all.
Obviously, there's the cost that goes into this. One of the
characteristics of the job of governor is that it takes a very
broad spectrum of responsibility. It could be education, it
could be law enforcement, all of those things. So I can't say
there is one. But if there is one area that haunts us, I think
it's maybe the problem we haven't thought of.
I would say a second might be the systems we don't control,
which potentially could be a Federal system. It could be the
IRS not being prepared. Many of our tax systems are very
interrelated with the Federal tax system. It could be anything.
So I think the interrelationships is probably what worries me,
and I think that would be consistent with my colleagues.
Vice Chairman Dodd. I appreciate that.
Let me ask this of Miss Gordon. The prepositioning issue I
raised very quickly with FEMA, about the prepositioning of
personnel and equipment in areas around the country in
anticipation of some more widespread problem we would like to
think about. Is that a reasonable request, in your view, Miss
Gordon?
Ms. Gordon. I cannot speak for all 50 States at this point
because we do not have any solid information as to who is going
to be doing what, but I can pretty much expect that the States
will preposition equipment, perhaps personnel and equipment, in
strategic locations throughout the State for response time, to
cut down on response time. Of course, in January, in the
winter, your travel time is prohibitive in some States. Iowa,
for example, will be looking at that very thing.
Vice Chairman Dodd. Mike, do you want to comment?
Governor Leavitt. We intend to use the 19-hour advantage
that was spoken of earlier with great care.
Vice Chairman Dodd. You notice how he already started that
clock, so I lose two on this.
Governor Leavitt. We will be, in fact, as a part of our
contingency planning, be prepositioning equipment. But 19 hours
is a lot of time to see a problem starting to develop and be
able to dispatch equipment, so we will be using that to the
fullest extent possible.
Vice Chairman Dodd. You may have heard me mention with the
FEMA people that the northeast utilities in my State have
really stepped up to the plate on the Puerto Rican problem, the
disaster with Hurricane Georges. They have gone down there to
help out.
One of the problems they had, they were told the only way
to get it down there was by barge, by boat, which takes five
days. One of the problems was, it's not that they wouldn't fly
it; it's just they had a higher priority level of materials
they wanted to get in by aircraft--I gather that was the case--
because they said they didn't have the aircraft to get it down
there. That is obviously the unanticipated disaster.
But if all of a sudden we find our ability to move
equipment--and that is one place. Imagine you have multiple, as
I presume you would here, there is a failure here that's going
to be in multiple places. You're starting to marshal resources,
and the capacity to deliver those resources is something we
ought to be thinking about. So prepositioning to some extent,
where you can, would be wise.
General, we thank you immensely. General Gay is a great
friend of mine, the Adjutant General in Connecticut. He does a
great job and comes down here with some frequency. Usually he's
not bringing me money. He's usually asking for a little money--
--
General Philbin. Usually.
Vice Chairman Dodd. I wonder if you have done any
assessment--Senator Bennett and I thought we heard, we
commented to each other, that we thought we heard a request.
This would make you unique, General, coming to Washington with
a request. [Laughter.]
Is there any assessment that the Guard has done in terms of
potential additional cost factors? I know you have suggested
resource allocation, which I think deserves to be repeated. The
primary goal of our National Guard, having served in it, is to
obviously be prepared to respond to military situations. Every
State I know of is very grateful, by the way and, in addition
to that, the resources that the Guard has provided, I'm certain
in every single State, at one point or another, in recent
years, during times of natural disaster or other crises.
Obviously, this cost factor is a major one. We're looking
at it from the standpoint of how do you provide resources to
Federal agencies, State governments and so forth, to try and
become compliant. But I have a feeling here that you've already
done some work on this, in terms of what may be requested from
our National Guard in potentially dealing with this issue. I
wonder if you have, and if so, what are the numbers?
General Philbin. To make the National Guard Y2K compliant,
I don't think that anybody really knows what the actual number
is. I have heard wags of $25 million for the Army Guard and $25
million for the Air Guard. In my viewpoint, that's probably a
bare minimum.
I would point out that all of the equipment we would use,
and have been using for local emergencies, comes out of the
equipment we were given by the Federal Government from the
combat structure, both the Army and Air Guard. That's what we
use for local operations. There are some cost-sharing formulas
that are used for that, but basically, it's combat-related
equipment that will be used.
Vice Chairman Dodd. Thank you all very much. Governor, it's
a pleasure to have you here with us.
Mr. Flynn, if I have any additional questions, I will be
certain to send them along.
Mr. Flynn. Senator, if I could just point out to you, I did
submit with my written testimony a survey of the 50 States.
Vice Chairman Dodd. Great. We do have it, then, State-by-
State.
Mr. Flynn. And I think it will show a little bit better
light than the Gartner Group did.
Vice Chairman Dodd. Connecticut is 50 percent. I would
announce here that Connecticut is just like Utah. We're getting
right along on that. John Rowland will be happy to know I made
reference to that.
Thanks very much. I appreciate that. Let's put that in the
record.
Chairman Bennett. It is in the record.
I should comment that, for the Gartner Group, they could
not provide State-by-State data because they have State-level
clients and have contractual agreements, which makes that
difficult.
Thank you all.
We will now have the third panel. We have Bruce Romer, who
is the chief administrative officer of Montgomery County--maybe
he knows whether the Metro is going to work or not; Bob Cass,
the city manager of Lubbock, TX, and we've heard a great deal
about Lubbock so far; and John Powell, with the Association of
Public Safety Communications Officers.
Gentlemen, we appreciate your patience. We hope it has been
enlightening for you to sit through this morning's activities.
We look forward to having you enlighten us in your areas of
responsibility.
We will go in the order in which I introduced them. Mr.
Romer, you can go first.
STATEMENT OF BRUCE ROMER, CHIEF ADMINISTRATIVE OFFICER,
MONTGOMERY COUNTY, MD, ON BEHALF OF THE NATIONAL ASSOCIATION OF
COUNTIES
Mr. Romer. Thank you, and good morning, Chairman Bennett,
and members of the committee.
I am Bruce Romer, chief administrative officer for
Montgomery County, MD, and also representing the National
Association of Counties.
I guess if there's one message that I would deliver today,
at least from my fellow local government officials, it is that
the Y2K issue is not a technology problem. In fact, it is a
business management problem. It really should be addressed at
the highest levels of any organization. It's a problem of large
proportions competing for very precious resources. In our case,
it may impact the delivery of local government service and
public safety, health, human services and traffic management,
just to name a few.
Now, while the Federal challenge for the Year 2000 is
sizable, the local governments' Y2K challenge is even greater.
Local governments, some 87,000 nationally, have more
interdependent information technology systems than the Federal
Government. We employ more individuals and we spend more for IT
than the Federal Government by far.
Local governments are the direct providers of services that
enable the rest of our government and business economy to
function. IT systems at Federal installations in Washington,
Denver or Chicago may be functioning perfectly--at least we
hope they will--but if the Federal employees who run those
systems can't get to work safely, or have no basic services
when they get there, all of us will have failed in our
responsibilities. We think that a Federal and local government
partnership is required.
Montgomery County, MD has a population of approximately
840,000. We have an annual operating budget of over $2 billion.
We maintain a AAA bond rating from all three credit rating
agencies, who have indicated that our Y2K program is, in their
opinion, a model for other jurisdictions.
In 1996, Montgomery County formulated a plan to resolve its
Y2K problem by December 31, 1998, thereby reserving the entire
1999 calendar year for testing and contingency planning. Our
program is very broad in its scope because it involves the
coordination of all seven independent county agencies,
including our public schools, the community college, and the
water utility, all of which are managed through our Year 2000
project office.
Our compliance program has four phases: system compliance,
business continuity, contingency planning, and community
awareness. We think that our progress has been substantial, but
obviously more work remains. We have identified 204 systems
that are in need of attention, of which 36 are today certified
as complete. That would put us at about Level III, gaining
pretty well on Level IV.
The county has appropriated to date $35 million. We have
allocated significant staff resources. We have also passed
special legislation to employ fast-track procurement and
budgeting processes to help us. Some of our original estimates
were in excess of $40 million, and we were roundly criticized
as overstating the problem, and today we have appropriated and
are spending $35 million.
The Y2K projects, I monitor them biweekly through the use
of a high-level management team. A management tracking
scorecard was developed to ensure accountability and to
properly address impediments.
Our community outreach program was initiated when we hosted
all of the county's municipal governments for an information
session, and a meeting with our chambers of commerce is
scheduled next.
We have also begun to apply our very strong regional role
in emergency preparedness to the Y2K problem. We plan to
conduct an emergency management training exercise in December
of this year to test the entire community's readiness,
Montgomery County's community readiness, for the next year. We
plan to identify the resources, including personnel and
equipment, that may be necessary as the calendar turns.
And then, under the auspices of our Metropolitan Washington
Council of Governments, we are now committed to test our
region's readiness, probably in the first quarter of 1999. We
hope that the scenario planning that we do in the Washington
Metropolitan Area will be useful to local governments around
the country.
Finally, we have recommended some seven initiatives to
Congress in our more complete testimony that we hope you will
consider. Some highlights include: establishment of a FEMA-like
national emergency fund that might assist local governments to
provide perhaps seed funding for cities and counties to apply
the best practices that have been developed here as a part of
our emergency management exercise. NACo, through Public
Technologies, Incorporated, could serve as the vehicle for
rolling this information out.
Also, of course, as has been talked about, is the passage
of the immunizing legislation that we have all celebrated here
rightfully this morning, and perhaps the establishment of a
national program office to complement the President's Advisory
Council and, of course, continued congressional leadership to
highlight the issues before us.
In summary, the nationwide extent of Y2K failure is still
unknown, but certain things we know for sure. The deadline is
immovable and that there is no apparent ``silver bullet''
solution. Many of our Nation's local governments have not
started in their testing and remediation. For many local
governments, local resources, both human and financial, are
what's keeping us from getting further along. Hopefully,
Federal assistance for this unique challenge can be applied.
Thank you very much for having us.
[The prepared statement of Mr. Romer can be found in the
appendix.]
Chairman Bennett. Thank you, sir. I appreciate the
testimony and the suggestions of specific Federal steps that we
can take.
Another vote has been called, so I am required to put the
committee in recess. I will do my best to sprint over and
sprint back. I apologize to our other two witnesses.
The committee will stand in recess.
[Recess.]
Chairman Bennett. The committee will come to order.
I think that's the last interruption we will have, but one
never knows around here. Again, my apologies to our witnesses.
Mr. Cass, we will now hear from you. You have been very
patient and we are grateful.
STATEMENT OF BOB CASS, CITY MANAGER, LUBBOCK, TX
Mr. Cass. Thank you, Mr. Chairman. I am very glad to be
here.
We have gone through a number of the processes that have
already been described to you, so I will not reiterate those
types of analyses we've already undergone. I believe the
primary reason the Senate staff asked us to be present was the
fact that we ran a simulation Wednesday night that anticipated
various Y2K failures on December 31st, 1999, so if it pleases
the committee, I will simply give you some of the results of
that, some of the lessons that we learned.
I would also point out we're going through detailed
debriefings today back in Lubbock and we'll certainly be able
to provide you with more detailed debriefing documents later,
if you so desire.
One of the first lessons that became readily apparent was
that it's going to be extremely critical for us to pay close
attention not only to our own processes and systems, but also
to those business partners on whom we're hugely dependent.
We had small consolation in our simulation exercise when we
found out that although our electric utility system, Lubbock
Power & Light, which we control, was ready, the simulation
assumed that the natural gas suppliers which fuel our boilers
would fail. We had anticipated that problem and, in fact, have
already begun meetings at not only the policymaking level but
at the operating level with the key partners that will impact
us, the area power suppliers on whom we are somewhat dependent,
the natural gas suppliers on whom we are somewhat dependent.
I would certainly urge any other community to begin those
discussions now. Again, it's important that it take place not
only at the policymaking level, the senior management level,
but probably more important, at the operational level. It is
one thing for the city manager to know you're compliant; it is
more important, I believe, on the night of December 31st, for
the guy that's flipping the switches to know what his
counterpart is thinking and what he's doing.
I would say we are also very concerned and very interested
not only in what is going on at the FEMA level--and we
certainly want to salute that agency; they've been tremendously
helpful to us--but also other Federal agencies, such as the
National Weather Service, the air traffic control system, those
types of things which are going to heavily impact our
operations.
Another lesson that we learned was that it is important
that we not overlook and immediately discard the low-tech
solution. We believe that most of our systems are already
compliant and will be compliant. We are not going to assume
that they will. I would offer as an example our traffic control
system. I had been assured by our traffic control engineers
that it will be compliant. I had been equally assured that, if
it is not, there is not a single embedded chip in any stop sign
in Lubbock, Texas, and that they will have the ability to
spread additional signs to control our major signalized
intersections.
We learned that in our Lubbock Power & Light, a highly
sophisticated system which controls our boilers, which are
natural gas fired, we do have on hand very inefficient, very
low tech diesel generators which we do not use except in
peaking capacity times. We also have a million gallons of
storage capacity left in our diesel tanks. We intend to have
those filled to the brim and will be, in the case of an
emergency, able to utilize our old diesel generators to keep
the basics of government going and the basics of our citizens'
lives going, in the event we have problems either in the
natural gas suppliers or our more high-tech equipment that is
fueled by natural gas.
Our simulation pointed out what many of you already know,
that the key systems which will impact us are going to be our
emergency communications systems, not only those which enable
us to communicate with the firefighter and the police officer
in the street--and let me tell you, they are very concerned
about our ability to do so--but also our ability to communicate
with our water control system. It is small consolation to
communicate with the firefighter if we can't get water to him.
We think that it's important--The fourth lesson we learned
is that it's extremely important to take advantage of the one
advantage this particular incident will offer us, and that is
the ability to know when it will occur. I have been in this
business for 22 years and I have handled numerous emergencies.
Rarely have they had the courtesy to announce they're coming.
In this situation, we were able to preplan and to deploy men
and material in appropriate situations, as Senator Dodd so
aptly pointed out, and that was extremely beneficial to us.
Finally, I would say a lesson we learned is that there is
no substitute for an educated citizenry. As we were putting the
simulation together, unfortunately some invalid information got
out in the local media, and the local radio station broadcast
some information indicating that major systems were being shut
down, which prompted a series of very concerned calls on the
part of a few citizens to city hall. It felt very much like
``War of the Worlds,'' the sequel. We were able to scotch that,
to scotch those rumors fairly quickly, but again it did point
out to us the probable lack of knowledge in the general
citizenry about this particular issue.
We have already made plans to begin a public education
campaign that will take place over the course of the next year.
I salute the committee for the work it's doing in that regard,
too, and I would be happy to answer any questions.
[The prepared statement of Mr. Cass can be found in the
appendix.]
Chairman Bennett. Thank you very much. We appreciate the
first-hand information. I think your observations are right on.
Mr. Powell, you get to be the clean up hitter.
STATEMENT OF JOHN S. POWELL, UNIVERSITY OF CALIFORNIA POLICE
DEPARTMENT, ON BEHALF OF THE ASSOCIATION OF PUBLIC SAFETY
COMMUNICATIONS OFFICERS
Mr. Powell. Thank you and good morning. I guess it's not
still morning yet. Good afternoon.
Chairman Bennett. It's morning in Chicago. [Laughter.]
Mr. Powell. And they have 1 further hour of warning.
My name is John Powell. I'm with the University of
California Police Department at Berkeley. I'm a past president
of the Association of Public Safety Communications Officials
International. Your staff also directed some questions to me
with regard to the International Association of Chiefs of
Police, as I sit on their Communications and Technology
Subcommittee.
I would like to thank you for this opportunity to provide
information on the state of our Nation's local public safety
agencies with respect to the Year 2000 technology problem.
The United States has nearly 19,000 State and local law
enforcement agencies. Ninety percent of these have fewer than
24 sworn officers, and about 50 percent have less than 12 sworn
officers. There are over 32,000 fire departments. Eighty
percent of these are staffed entirely by volunteers. Yet nearly
every agency has at least one system that needs to be checked.
Senator Dodd earlier mentioned the NCIC system. Virtually
every law enforcement agency in this country has a terminal to
access their State and Federal criminal justice information
system. Senator, these police and fire departments are where
Americans turn first for help.
We have heard horrific predictions being made by millennium
fundamentalists. At the opposite end of the spectrum, it
appears that the majority of Americans, if they are aware of
the Y2K issue at all, consider it to be only a computer
problem.
The state of local public safety agencies appears to spread
across this entire range, with thousands of smaller agencies
not yet aware of the potentially major problems they could face
in less than 15 months.
Two wake-up calls this year highlight our dependence on
telecommunications services. In April, AT&T's frame relay
network failed. Twenty-four hour outage caused by a software
glitch in a single card dropped service to major ATM and credit
card systems across the country. Then, as mentioned earlier, on
May 19 the Galaxy IV satellite failed, disrupting service to 50
million pagers, including critical alerting systems used by
Federal, State, and local governments.
Let me highlight the major points in my written response to
the questions you posed.
First you asked about the APCO and IACP role in assessing
the vulnerability of emergency service agencies to your 2000
problems and our efforts to increase awareness. Such
associations generally do not have specific roles in assessing
vulnerability. Yet we often serve as a statistical resource to
those responsible for such assessments. Associations do play a
major role in promoting awareness and providing education, and
they are the keys, I believe, to dealing with Y2K.
APCO and the IACP annually host the world's largest public
safety conferences in their respective fields. In August, APCO
conducted a number of Y2K seminars in Albuquerque. IACP holds
its annual conference in Salt Lake City later this month, and
Y2K will be a topic in several venues. John Clark, Deputy Chief
for Public Safety at the Federal Communications Commission,
specifically will address the forum on issues regarding Y2K.
Second, you asked me to address ways that Y2K might impact
local law enforcement. Agencies will be impacted in four ways,
two internal and two external. First, internal systems must be
made compliant. State and local radio communication systems,
these [indicating] appear to be in excellent shape.
Unfortunately, our computer-aided dispatch and records
management systems don't fare so well. Many of these are Legacy
systems that will be cheaper to replace than to make compliant.
Critical considerations for governments include long
procurement lead times, coupled with potential overload on
vendors, during the next 15 months.
The other internal problem--and this is one that's going to
be hard to deal with--is preparing to meet the special needs of
agency employees during the period of impact. All of us that
have been involved in disasters know that people simply don't
perform at 100 percent if they're worried about their families.
Externally, agencies must deal with the potential disruption of
services, primarily utilities providing electrical power and
telephone services, especially 911. The critical 72 hours of
self-reliance that disaster planners promote as the average
time before help arrives does not apply if the problem is,
indeed, nationwide.
Last, and clearly the most difficult to judge and plan for,
is additional workload caused by impact of the Year 2000
problem on the public. If even minimal disruptions occur, the
additional workload on law enforcement in particular could be
significant.
With respect to a university campus environment, let me
simply say that our issues are identical, except that, like
military bases, campuses are cities unto themselves--in my
case, a city of 50,000. We are responsible for all buildings,
all housing, all operations, all services.
Finally, you asked for recommendations. As a Boy Scout, and
later serving as the emergency preparedness officer at UC
Berkeley during the Loma Prieta earthquake, the drought, the
floods, and the Oakland Hills fire, I learned the critical
meaning of two words: Be Prepared.
The most important issue facing us is clearly education for
the American public in general, and those of us in government
specifically. APCO and the National Institute of Justice are
discussing a series of Y2K seminars targeted at public safety
chief officers and upper level management to specifically
address the four impact areas I just mentioned. To promote
maximum attendance by small agencies, a number of these must be
held quickly and at little or no cost to the attendee. To
sponsor such critically needed seminars, the National Institute
of Justice will need a budget augmentation.
Last, from these halls to the Oval Office, elected
officials must make the Year 2000 problem a top public
priority. The American people need to be aware and be involved.
We must have ongoing and realistic assessments of the potential
for problems across the plethora of impacted services. A public
caught off guard by major failure on January 1, 2000 would
result in devastating, long-term impact on this great Nation.
Thank you.
[The prepared statement of Mr. Powell can be found in the
appendix.]
Chairman Bennett. Thank you very much.
I should note that Sergeant Powell participated in the
arrest of several armed robbers just a few nights ago. That's a
low tech solution, but I'm sure you had high tech help. I
congratulate you on your courage and hope that we can keep the
high tech equipment that you used to track that particular
incident working properly.
Now, I understand you have two radios here, one that works
and one that doesn't. Can you give us an example of----
Mr. Powell. This is a cell phone and I'm not going to count
on it working. Our telephone industry across the country has
embedded processors everywhere, be it land wire, and particular
our cellular telephones.
You can talk to any public safety dispatch center around
the country. We are getting tremendous numbers of our calls for
service now coming via cellular or other wireless devices.
This one--indicating--this is our mainstay of
communications between our dispatchers and our field officers,
be they fire, law enforcement or medical. I am very confident
that these are going to continue to work. Some of the new
systems that have very fancy management software may not
properly report statistics across the Year 2000 boundary, but
it's not going to stop us from being able to dispatch our
officers in the field, at least any place that I'm aware of.
Chairman Bennett. As is often the case in these hearings,
the final panel usually ends up with the most practical
information. We've had a lot of theory at high levels, but I
think the information we have gotten from the three of you has
been extremely valuable.
Mr. Cass, do you know of any other city that's planning the
kind of test that you have done? Has anybody been in touch with
you to say ``We would like to do it''?
Mr. Cass. We've had several indications of individuals that
want to do one. After doing ours, several communities found out
about it and asked to attend ours, and we allowed them to do
so. But much to our surprise, we were apparently the first to
do a simulation.
Chairman Bennett. Do any of you know of any other cities
that will----
Mr. Romer. We're planning to do that in December, and we're
going to share information with Bob. That would be very useful.
We have our planning underway so we could probably benefit from
each other.
Chairman Bennett. We have talked about the legislation that
allows businesses to share information. Governor Leavitt said
it was useful in his situation as well.
Are any of you aware of any impediments to getting
information that might be removed by Federal legislation or
Federal action?
Mr. Romer. We've experienced that very directly, and that's
why we applaud what's been done with the legislation. We did
our business continuity planning and challenged all of our
departments to identify all the relationships up and down the
supply chain.
We sent out 3,500 letters to those folks up and down the
chain, and to date we have received about 500 responses. But
they really run the gamut. Of course, they are pre-legislation.
Some of them are simply not filled out at all, and some of them
simply say ``our attorneys told us not to answer this.'' And
others have very useful information.
So I think, at least from Montgomery County's standpoint,
one of the biggest impediments you have taken care of, or are
one the way to taking care of, with the legislation that allows
that information to be shared without fear of penalty. I think
that's very important.
Chairman Bennett. One of the other things I have discovered
as we've held these hearings is that the people who come
forward and are the witnesses are almost always the people who
have done the best job and are in the best position, so we get
a little bit of a distorted, overly optimistic attitude. I
think it's inevitable that there will be cities that are not
ready. I don't know where they are, and we're doing everything
we can to deal with it.
Mr. Powell.
Mr. Powell. One of the things I found, and my biggest
concern with regard to failures, is the loss of our power grid
for any length of time. For a period of time, we'll be OK. What
I found is----
Chairman Bennett. Mr. Cass has got a whole bunch of diesel
fuel. [Laughter.]
Mr. Powell. We do, too, but if you can't get power, you're
not going to get more delivered.
One of the things I found from our utility in Northern
California is that we're getting conflicting information. Their
web site will tell us one thing. They'll be interviewed by a
newspaper or they'll be quoted someplace else with different
information. So I'm hoping that this legislation will allow
them to standardize some of the answers that they're giving, so
we'll get what the real answer is.
Chairman Bennett. Let's assume that Y2K was this weekend,
not 455 days away but this weekend. Where would you think the
main failures would come, in your own system or----
Mr. Romer. I guess the way I would look at that is there's
a threshold question, at least for us in our contingency
planning, and that is, is it a ``no power, no dial tone''
environment, versus the opposite----
Chairman Bennett. Let's assume that it's not a ``no power,
no dial tone'', that the national infrastructure works. What
would be your problem if you didn't have the additional time
that you do have, what would happen in your county, in your
city?
Mr. Romer. One of the things that we're concerned about is
some systems that we are integrated with or depend upon over
which right now we feel we have no control. A good example is
the health care system in our county. We have multiple
hospitals of various specialties, and we, of course, are part
of that emergency care system when we have to transport injured
people or sick people. We want to deposit them at a competent
place and then go on about our business.
We have a concern that we don't have enough information
that gives us the comfort that we're going to be able to do our
mission and pass it off to the other element of that chain. So
that's one area that we're concerned about.
In a have power/have dial tone environment, we're
reasonably confident that our emergency management systems are
part of that compliance already, or will be. So we're really
not that concerned about traffic management and E 911 dispatch
and things like that.
What we are concerned about is some of the systems that we
are responsible for. Let's take permitting, the whole
construction permitting process, or business permitting
process. While it may seem like a governmental function, it can
have ripple effects throughout a local economy if we aren't
prepared to discharge our duties, from the homeowner who wants
to just do something on the weekend to the restaurant that was
planning to open the day after New Years. So we had that
concern about an internal permitting system.
That would be two examples I would give you there.
Mr. Cass. Senator, I would say that, accepting your
premise, the two other concerns we would have would again be
those areas in which our agency abuts up against other
agencies. We simply need to be certain that the linkages will
work out.
Second, we're very concerned about--for example, that fire
truck you have on your graphic here. If my other systems work,
I still lack certain assurances about the embedded chips to
make sure that the ladder goes up, to make sure that the wand
that my firefighters use that detects poisonous gases when they
enter a dangerous scene, that the embedded chip in that is
going to work.
We think we've hit the major systems. We think we've
checked out the major systems. There are many other minor
pieces of equipment that fill the air packs that my
firefighters use, on which we are not able to receive the types
of assurances we would like to have. We're going to be putting
people into life-threatening situations and that's of great
concern to us. Mr. Powell. The one system that I'm concerned
about, which I think impacts all of us, is our fire alarm
reporting systems. In recent years, we've had really complex
systems going in, and the very minimum that all of them have is
a clock on them. We had one system where the clock was almost
for show, except that it was an integral function of the
microprocessor that went around and scanned all the points.
What happened when it hit 00 on the year, the accumulator
overflowed and the micro stopped and it didn't go running
around and around every so often to check all the points again.
Those interface not necessarily with our system, but they may
interface to a third party that then calls in the alarm.
In California, as I'm sure is true in many States,
specifically in high-rise buildings, if you don't have a
working fire alarm, it's against the law for there to be anyone
working in that building.
Chairman Bennett. Mr. Romer, will the Metro work?
[Laughter.]
Mr. Romer. Senator, I chair the COG/CAO committee for
Washington COG. We were at the White House on Tuesday of this
week, kind of giving a ``state of the region'' report to some
members of the President's Advisory Council. We did include a
Metro report.
The answer is they have done their triage. They have
established a hierarchy of concerns, not surprisingly customer/
passenger safety being at the highest level, and they reported
that they were confident that they could guarantee that. The
other two levels they were still working through, that being
customer convenience and the internal support mechanism of the
system.
Of some concern to us locally is they reported about a $5
million gap in terms of their ability to meet their
requirements. Now, that is of concern because, in Washington,
like so many other regions, we as a regional agency support
them. Montgomery County is a major contributor, as is the State
of Maryland. So we were somewhat concerned to learn of that
gap. I don't know what their plan is to meet it.
But to answer your question, they felt that they had the
safety and operational end of a triage to the point where they
felt they could get there on time.
Chairman Bennett. So it wouldn't work if Y2K was this
weekend, but they think it will work----
Mr. Romer. At least in that meeting, everybody was counting
on the 440 days yet to come.
Chairman Bennett. What about mailing out welfare checks?
Mr. Romer. We're concerned about that, from a variation of
that. That is partially a State and county function in
Maryland.
But similar to that, we're concerned about the fact that we
have changed over our assistance recipients to using debit
cards as a good, solid management move that made a tremendous
amount of sense when we did it. But now we are concerned--and
here again is a system that we don't control, but I know, if
the debit cards don't work, where the complaints are initially
going to be lodged. They'll be lodged at the county building
and city halls across the country.
So yes, that is a concern, because we have not received the
level of assurance from the people who take those debit cards
from the local Giant supermarket through the bank system that
supports that, that they're going to be able to deliver that
yet.
Chairman Bennett. You heard Governor Leavitt and the other
officials talk about the level of readiness in the State arena.
Do you feel you're getting the kind of appropriate support from
State governments that you need?
Mr. Romer. We've had a couple of good meetings with the
Maryland Emergency Management Agency. We intend to draw them
into our simulation that we're going to do in December. I want
to learn from Bob about how they did that in Lubbock, because I
think that's going to be our opportunity to so draw them into
our process that we will then get the comfort level that we
don't have yet. It may be simply a lack of information.
So I don't want to characterize it as being inadequate at
this time, but we have developed that strategy to draw them
into our process, to place certain demands on the State system
and see how it performs for us.
Chairman Bennett. Mr. Cass, how about Texas?
Mr. Cass. I would agree with that, Senator Bennett. As Mr.
Romer has pointed out, I wouldn't want to characterize them as
being unprepared. I would say we involved the National Weather
Service in our simulation and they performed wonderfully, and I
anticipate that other State and Federal agencies will be well-
equipped. We simply need to establish the linkages now to be
certain that that takes place at the operating level.
Chairman Bennett. Sergeant Powell, the FBI database and
other kinds of electronic connections between local law
enforcement and the Feds, do you think that's going to work, or
is that an area where we should put attention?
Mr. Powell. I am confident--In fact, I'm going over to the
FBI Headquarters later this afternoon. I'm confident that their
systems are going to work. I'm confident that the linkages to
the States will work, and that, for the most part, the States
will continue to work.
My worry is at the local terminal level, where that small
agency with three or four officers may not have the resources
to get the corrections made, if they need to be made.
Unfortunately, in recent years, we have all upgraded those
terminals, and now almost every one of them is at least a
personal computer, if not more. A lot of them are in the 5-to
7-year-old area and they're not going to be compliant, unless
somebody touches them and fixes them.
Chairman Bennett. I see a parallel here, and correct me if
I'm wrong. The big businesses seem to have the financial muscle
and the technological resources to, with brute force, work
their way through this problem, so that we're getting
information back that says General Motors will function, City
Bank will function, and all the rest of it.
And then they say, now, the small community bank may have
some trouble. NCUA told us flatly there will be credit unions--
and they're talking primarily about smaller ones--that will
fail.
The statistics you gave us about how many law enforcement
areas have less than 12 officers--I think Montgomery County
will probably be all right, and Lubbock, Texas will probably be
all right. But a law enforcement activity with half-a-dozen
officers is very much like a small business, where they're not
paying any attention to it, don't plan to pay any attention to
it, and just hope when it comes that everything will be OK.
Is that a fair characterization of what you see out there?
Mr. Powell. Although I have to note that I drove through my
local community bank window earlier this week, and they had a
big sign on the front window that said ``We're Y2K Compliant''.
Chairman Bennett. Without disclosing any names, I got a
note from a bank saying ``We are Y2K compliant'', and at the
same time one of the people working on the problem cornered me
and said, ``There's no way this bank is going to make it.'' So
we'll just have to wait and see, I suppose.
Mr. Powell. I found it refreshing just to see that they
were aware of the issue.
Chairman Bennett. Yes.
Mr. Romer. Senator, one of the strategies that we had
proposed in the seven suggestions was to fill that very gap, to
provide some funding. We had provided two packages, a local
package that would fund the regional readiness test, and a one
or one point five billion dollar fund nationally that could be
used to address some of the smaller municipalities needs. I
would just refer you to that proposal in our material.
Chairman Bennett. Well, we thank you for that, and for the
specificity of your proposals.
I will say now, in general terms, we have one more hearing
scheduled for this committee prior to the adjournment of the
Congress. Given today's model, we may be interrupted a great
deal by votes because it is scheduled to take place as we get
closer to the end of the session, that we're supposed to
adjourn sine die on the 9th of October and we're scheduled on
the 7th of October. So that does not auger well for our ability
to go on uninterrupted.
Assuming my reelection and Vice Chairman Dodd's reelection,
we will be back at this same stand in the next Congress. We
will be addressing many of these same issues all over again, to
try to get an update on how much progress there has been, and
we will be talking about some of the specific challenges that
you have raised in your testimony, Mr. Romer.
[The prepared statement of Mr. Amyx can be found in the
appendix.]
Chairman Bennett. We thank you and the other members of the
panel. This has not disappointed or broken the tradition that
says the last panel very often comes up with some of the most
interesting material.
The committee will stand adjourned.
[Whereupon, at 12:43 p.m., the committee adjourned.]
A P P E N D I X
------
ALPHABETICAL LISTING AND MATERIAL SUBMITTED
______
Prepared Statement of Chairman Robert F. Bennett
Before we proceed with our hearing today, I would like to make an
important announcement. The committee has marked a potentially serious
oversight in the national response to the millennium change. Just as we
expect the National Weather Service to warn us about hurricanes, the
Department of Defense to alert us of sneak attacks, and the Food and
Drug Administration to guard against foreign pests and parasites, so
should we expect the Federal Government to provide us with the earliest
possible warning of Y2K events that may threaten our public safety or
national infrastructure.
Therefore, today, with the vice-chairman, Senator Dodd, and Senator
Collins, I am announcing the committee's pledge to establish a Y2K
First Alert system that will enable citizens of the United States to
have up to 17 hours of advance warning of possible Year 2000
disruptions. Citizens living west of the Eastern Standard Time zone
will have progressively more advanced notice. Citizens in my home state
of Utah will have up to 19 hours of advanced notice, while citizens of
Hawaii and some citizens of Alaska could benefit from almost a full
day's notice.
The new day begins at a spot in the middle of the Pacific Ocean 17
time zones earlier than Eastern Standard Time in the United States. If
the Y2K bug is potent enough to cause immediate problems in information
systems and embedded chips, the effect will not occur all at once.
Rather, the problems will happen repeatedly in one time zone after
another for one full day. For example, Y2K problems that occur at the
stroke of midnight, December 31, 1999, in Wellington, New Zealand,
won't occur in the U.S. until 17 hours later, when our own clock
strikes 12:00 a.m. here on the east coast. Similarly, Y2K disruptions
occurring in Tokyo, Japan at ``zero hundred hours'' on January 1, 2000,
occur at that location while it is still only seven o'clock in the
morning on December 31, in New York City. This provides us with a full
17 hours of advance notice regarding what we might expect to happen
when our own clocks strike midnight later that night.
My colleagues and I feel it is absolutely foolish not to use this
advance notice for the good of the nation. Wouldn't it be useful to
know that utility and transportation problems are likely to occur,
based on information we received as a result of our Y2K First Alert
System, before everyone is already out and about celebrating on New
Year's Eve? The committee is prepared, if necessary, to introduce
legislation in the event that the existing authorities and mechanisms
are not sufficient to accomplish the implementation of the Y2K early
warning system. We look forward to working in partnership with FEMA
within the context of its existing authority to achieve this goal.
One of the themes of our hearing today is preparedness of emergency
service agencies at the state, county and local government levels. To
illustrate some of concerns in this area, I refer you to this
photograph and chart. I will go through a step by step analysis of all
the Y2K bugs which would have to be overcome before the fire and police
department personnel pictured here would be able to make it to the
scene to render emergency assistance.
[GRAPHIC] [TIFF OMITTED] T2OC98G.001
1. The alarm on the premises would have to operate correctly to
warn that a fire had broken out. Have these systems been certified as
Y2K compliant?
2. The alarm would either automatically alert the fire department,
or someone nearby or in the building would call 9-1-1.
3. The telecommunications system would have to be viable for an
emergency call to be placed, and the 9-1-1 system and Public Safety
Answering Point or PSAP receiving the call would need to be compliant.
4. The Computer Aided Dispatch or ``CAD'' System would have to be
compliant in order for the call to be dispatched in the most rapid and
efficient or as a contingency, a manual dispatch system would need to
be in place.
5. The emergency vehicles called to respond need to be fueled. Are
the city government fuel pumps compliant? If not, has an alternative
agreement been struck between the city and local gas stations?
6. The scheduling tool utilized by the police and fire departments
would need to be compliant so that personnel would be present at work
to answer the call.
7. The traffic signals along the route would need to be compliant
so that the responding units would not be delayed. Has the local
transportation department examined these?
8. Once on scene, firefighters would need to have access to a
reliable source of water to be used to fight the fire. What is the Y2K
status of the local water company?
9. Any medical equipment on scene would need to be compliant in the
event it needs to be used to treat potential victims. Has all this
equipment been checked for Y2K compliance?
10. Another very basic issue not to be overlooked every step of the
way here is, do we have power?
11. In the information technology/data systems area, has the fire
department been able to check its data base to see if any hazardous
materials are stored at this location?
While this example may appear to overstate the case in its detail,
it highlights the broad array of Y2K preparation issues facing city,
county and local governments.
I have often said I need to be as Paul Revere in spreading the word
about the Year 2000 Problem. Today, I'd like to lead a discussion about
those who must assume the role of the Minute Men--those in government
at the federal, state, and local levels who must be ready to respond to
emergencies on a moment's notice. I am talking about our nation's
emergency preparedness and disaster relief agencies, which include FEMA
and the Red Cross; our state emergency management offices and the
National Guard; and local emergency response departments--the police,
fire, and Emergency Medical Services upon which our citizens rely every
day of the year.
I must admit that as the senator who has earned the moniker Paul
Revere, not Chicken Little, this is a very sensitive topic. The call
today is for preparation, not panic. We must recognize however, that
with 15 months left to go before January 1, 2000, to fail to plan will
be to plan to fail!
Due to continuing concerns about the complete readiness of our core
sectors such as electrical power and telecommunications, we are at this
point unable to accurately describe how the world will look after we
greet the New Year on January 1, 2000. Therefore, we must begin a
dialogue on our preparation for potential Y2K disruptions, as well as
our efforts to assess the preparation level of the emergency services
and emergency planning organizations upon which we depend at every
level of government.
We are not yet sure of what the scope or the nature of Y2K
disruptions will be due to the lack of firm assessments about the
status of certain industry sectors. I suspect that we will have a
better idea as time goes on, but it is endemic to the hidden and
invasive nature of the Y2K problem that we may not know for certain
what the difficulties will be until they are actually upon us. We are
challenged to plan in some new ways, and to exercise flexibility as we
engage in emergency preparedness.
I want to express my confidence that we will continue to progress
in every major sector in terms of Y2K remediation, and that the
prospects for wide scale disruptions will be greatly lessened over the
next 15 months. However, responsible leaders at every level of
government owe it to their citizens to engage in planning for a wide
range of possible events. There is a greater likelihood of the
occurrence of numerous small and diffused disruptions and minor
annoyances which could combine to form a sort of loud din of Y2K
``noise'' across the country, than there is for large scale disruption.
We must begin to develop strategies for dealing with that type of
situation as well. We hope that the presence of officials from across
the broad spectrum of federal, state, county, and city government will
promote discussions about such strategies at our hearing today.
Regarding the overall Y2K preparation level of state governments on
the whole, some of the news I have to deliver is not terribly
optimistic. Data recently provided to this committee by Gartner Group
of Stamford, Connecticut indicates that only 50 percent of the states
are evaluated as Level 111 Status under Gartner Group's scale. A Level
III rating indicates the state has completed its project plan, has
assigned resources, has completed a detailed risk assessment,
remediated, and tested 20 percent of mission critical systems,
conducted vender reviews, and completed contingency plans. Thirty
percent of the states are listed at Level 11, indicating that they at
least have developed an inventory of operational dependencies. Ten
percent of the states are evaluated as Level 1, indicating that they
had begun their projects, had identified a champion, were aware of the
problem, and began conducting their inventories. The remaining 10
percent are evaluated as ``uncertain'' indicating they were unaware of
their Y2K preparedness status. I find that to be very disturbing. We
sincerely hope that progress in this area will be accelerated.
However, there is also some good news to be told in this area.
Several of the largest intergovernmental councils and professional
organizations are actively engaged in Y2K awareness programs. The
National League of Cities, the National Association of Counties, and
the International City/County Management Association, in conjunction
with Public Technology Inc. are sponsoring a Y2K awareness program
entitled ``Y2K and You.'' The Metropolitan Washington Council of
Governments has published a Year 2000 Best Practices Manual. These
programs are good examples of what an effective dialogue among state,
county, and local governments can achieve.
Let me express my personal gratitude to Senator Susan Collins,
whose strong interest and dedication to this issue have made this
hearing possible. I also want to extend the committee's thanks to all
of our witnesses, especially to those who traveled long distances on
relatively short notice to be here today. And finally, I want to
express the committee's enthusiasm to those of you who will be bringing
forth some ideas today that truly place you and your organizations on
the cutting edge of Y2K emergency preparedness and planning.
______
Bennett's Y2K Disclosure Bill Clears Last Legislative Hurdle, on its
way to White House Where Clinton Expected to Sign
landmark legislation will encourage industry disclosure on y2k
solutions, promote sharing of critical information for y2k readiness
Washington, DC.--Clearing the way for presidential signature, the
House of Representatives today passed landmark legislation sponsored by
Senator Bob Bennett (R-Utah), chairman of the Senate Year 2000
Committee, which will allow U.S. businesses to share essential
information for Y2K preparation and solutions.
``Because of the late date in this session, and the complexity of
the issue, we were all told there was no chance of passage of this
legislation during this Congress,'' said Bennett.
``The fast track of this legislation's passage shows what can be
done when the administration and the Congress work together in good
faith.
``The type of disclosure which will result from this bill will move
us significantly toward a Y2K solution. Today's action is an important
first step, but that's all it is. We will aggressively address other
vital Y2K demands when the Congress reconvenes next year. In the
meantime, I'm extremely pleased with today's important progress.''
The purpose of the ``Year 2000 Information and Readiness Disclosure
Act,'' S. 2392, is to help break the silence and encourage full
disclosure and exchange of Year 2000 computer problems, solutions, test
results, and general readiness. Bennett maintains that the reason for
this stony silence, according to the 70 witnesses who have appeared
before the Special Committee on the Year 2000, is fear of litigation
that can arise from the good faith sharing of information believed to
be correct and true at the time shared, but which later turns out to be
incorrect. ``All of their testimony can be reduced to this: We need
quality Y2K information,'' Bennett said.
S. 2392 provides limited liability protection for a limited time
for specific types of Year 2000 information that is considered
essential to remediation efforts. What it does not do is provide
liability protection for failures that may arise from Year 2000
problems. The bill thus promotes company to company information sharing
while not limiting rights of consumers.
S. 2392 highlights
Limited liability protection for statements.--First, note that the
bill does not avoid liability for selling products that do not work.
What the bill does do is encourage information sharing by protecting
allegedly incorrect Year 2000 statements from liability, as well as the
persons who make such statements, unless the plaintiff can prove by
clear and convincing evidence that the information was false or
provided recklessly, or with the intent to deceive.
For persons who merely republish a third party's allegedly
incorrect Year 2000 statement, the bill provides for liability in
situations where republishers fail to provide adequate notice to
persons with whom they share information about either the source of the
information or its verifiability. Liability also exists for
republishers if the information was provided either falsely or with the
intent to deceive.
To further encourage the free flow of information, the bill also
provides liability protection for allegedly inaccurate defamatory or
disparaging statements unless it can be shown by clear and convincing
evidence that the information provided was done so either falsely or
recklessly.
In all the types of claims above, ``Year 2000 Readiness Disclosure
Statements'' are further protected if a claim reaches trial by not
permitting these statements to be admitted into evidence as actual
proof that the statement was untrue or incorrect. These disclosure
statements are not restricted from other uses during litigation,
however. For example, these statements would be available for discovery
or admissible into evidence as a business record.
Defines specific types of Y2K information
--One broad category of protected statements is called ``Year 2000
Statements.'' Year 2000 Statements may appear in any format
including oral or written statements. Year 2000 statements,
however, do not include filings with the Securities Exchange
Commission or banking regulators, or statements made pursuant
to the sale of securities.
--A subset of Year 2000 Statements are called ``Year 2000 Readiness
Disclosure Statements.'' Readiness disclosure statements must
be clearly labeled as such in written or electronic form and
concern one's own products or services.
--Defines ``Year 2000 Processing'' broadly in order to clarify that
the ``Year 2000 Problem'' or ``Millennium Bug'' is not simply a
software problem related strictly to January 1, 2000, but also
involves other dates and hardware problems.
Protection for information provided to the government.--In some
cases, the federal government may feel it needs confidential
information from the private sector to help the government repair its
own year 2000 problems or for contingency planning in the case of
failures. To help facilitate the flow of information from the private
sector to the government, the bill ensures the confidentiality of
voluntary industry or economic sector information provided to the
federal government from being released to any third party without the
approval of the entity giving the information.
Antitrust.--The Justice Department does not feel that the sharing
of information under this bill will result in antitrust concerns.
However, we have incorporated language they supplied into the bill to
confirm that understanding. The bill thus provides that the antitrust
laws shall not apply to such information sharing except where a boycott
or price fixing results. The antitrust laws will remain in full effect
with respect to issues not related to information.
Encourages the use of Internet Websites.--The bill promotes the use
of Internet Websites by stating that where the adequacy of notice about
year 2000 testing or solutions is at issue, the posting of such
information on an Internet website is considered adequate notice,
except under certain circumstances.
Establishes a National Information Clearinghouse and Website.--This
provision establishes a single government website at the General
Services Administration as the hub for basic Y2K information for
consumers, small businesses, and local governments. The website is to
also serve as a central links to other government websites and
information clearinghouses on such efforts.
______
[GRAPHIC] [TIFF OMITTED] T2OC98G.002
__________
Prepared Statement of Bob Cass
the city of lubbock's y2k drill--simulation of december 31, 1999
I. Major systems/areas relative to emergency operations
A. Electric Utilities
1. System Control and Data Acquisition system (SCADA)
2. Inertia Switches/Breakers
3. Generators
4. Fuel Systems
a. Natural Gas
b. Diesel
B. Water Utilities
System Control and Data Acquisition system (SCADA)
C. Computer aided Dispatch Systems
1. Police System (average 24 calls/hour--25 percent
increase in calls w/power outage)
2. Fire System
3. Texas Crime Information Center (TCIC)/National
Crime Information Center (NCIC) [criminal history and
outstanding warrants]
4. Mobile Data Terminals
5. Records Systems
D. Communications
1. Telephone System
2. 911 System
3. 800 MHz Radio System
a. Police
b. Fire
c. Emergency Services
d. Public Works
4. Pager System
5. Cellular Telephones
E. Traffic Control Systems
1. Traffic Signal control cabinet Testing
2. Prioritizing high volume intersections for Police
control if electricity is lost
3. Stop sign installations at all remaining
signalized intersections (i.e. portable stands, traffic
signal poles, sign poles, etc. * * *)
II. The Y2K exercise
A functional exercise was developed to test the organization's
response to possible Year 2000 failures of internal and external
systems. The exercise was designed to test the organization's ability
to provide services to the citizenry under several ``worst case''
scenarios. Managers were evaluated on their thoroughness, realistic
approach to the exercise, and the level of coordination demonstrated in
their responses.
Objectives
A. Identify the internal elements that affect the services provided
by the organization.
B. Identify the external elements that have an impact on internal
services provided.
C. Ensure that contingency plans provide realistic solutions for
potential systems failures.
D. Instill public confidence in the organization's ability respond
to Y2K problems.
Lessons learned
A. The organization must continue to plan and prepare for Y2K
through 1999.
B. The organization must establish priorities to ensure adequate
response to multiple issues. As we had anticipated one of the major
points of vulnerability for Lubbock was electric power. We had several
scenarios thrown at us that left portions of the city without electric
service for brief periods of time. Such disruptions were ambiguous--
while typical of weather problems, Y2K problems could also be the
culprit. As a result we experienced periods where we were without some
of our radio systems, all cellular phones and pagers. When power
outages occurred we also lost operation of our wastewater treatment
plant and one sewer lift station.
C. It is critical to have good working relationships with entities
that we rely upon for other services (i.e. electrical power, gas
supplies, EMS and FAA, etc.). When situations occur like during the Y2K
drill, it is imperative that you have a method of constant
communication with these entities. We were called upon to allow
landings of several aircraft that were diverted from other airports
that had lost radar service.
III. Recommendations
Lubbock is unique in that there are three power companies serving
the city, one of which is owned and is managed by the City of Lubbock.
This affords the City the ability to ``island'' itself from the
national grid system in the event of widespread power disruptions.
While Lubbock has a unique electric power situation, most of the
nation's cities do not. It is of utmost importance for the federal
government, and more importantly you as members of the Senate, to urge
the electric industry leadership to insure that their production and
transmission systems are Y2K compliant. A failure to assure reliable
electric service can be devastating.
Each city should adequately address the five following basic
questions relevant to Y2K:
1. Is the organization Y2K Compliant?
2. What are the basic consequences of Y2K failures for the
organization?
3. Can all problem areas be addressed prior to January 1,
2000?
4. Are there sufficient resources within the organization to
address all Y2K issues, if not, are there outside resources
that can provide support?
5. Have contingency plans been developed to deal with the
effects of Y2K?
______
Responses of Bob Cass to Questions Submitted by Chairman Bennett
Question 1. Do you feel it is critical that every major city or
local government carry out a similar simulation, or are there ways to
more economically share the lessons learned from exercises such as your
own?
Answer. From our perspective, it would be very difficult for a city
to know their level of readiness without conducting some type of
simulation and/or developing a readiness tracking system. It is true
however, that lessons learned from an exercise would be beneficial to
other cities.
Question 1A. Are you aware now of other cities and municipalities
that plan to do a similar exercise?
Answer. We have determined that Montgomery County in Maryland is
planning to have a similar exercise in December 1998. Other cities have
indicated that plans are being made to conduct an exercise, however, we
are not aware of specific dates being set.
Question 1B. Are organizations of municipalities such as the U.S.
Conference of Mayors, the League of Cities, or the International City/
County Management Association prepared to capture lessons learned from
your Y2K dry run?
Answer. Public Technology, Inc. (PTI), the National League of
Cities (NLC), the National Association of Counties (NACo), and the
International City/County Management Association (ICMA) have launched
the Y2K and YOU Campaign (http://pti.nw.dc.us/membership/y2k/) to make
local appointed and elected officials aware of the impact of the Year
2000 problem. The Y2K and YOU website has local government links to the
City of Lubbock's Y2K webpage and those of thirteen other local
government entities.
As part of this campaign, a ``tool kit'' was delivered to over
15,000 U.S. city and county governments. The tool kit contains a
comprehensive package of resource materials on the Year 2000, including
a video explaining the issue. To order a tool kit, contact
[email protected].
Question 2. Have you learned anything from your simulation of a Y2K
emergency that would indicate more Federal Government assistance is
needed?
Answer. Passing legislation limiting the liability for those
entities who are performing ``due diligence'' in preparation for the
transition to the year 2000 is beneficial. In addition, special
legislation to allow CDBG entitlement cities to use some percent of
their allocated funds to address the Y2K problems could help.
Question 3. What impediments did you encounter in preparing for
your recent Y2K exercise?
Answer. No major impediments were encountered. The entire city
staff as well as other agencies were more that willing to provide their
support in the development of the exercise. Our Exercise Control Team
was responsible for developing and administering the exercise.
Question 4. What were the greatest problems you encountered during
the actual exercise?
Answer. The emergency response to the Y2K issues in the early
stages of the event is not significantly different than any other
natural or man made disaster. However, some of the major issues faced
during the exercise were the loss of electric power to a major portion
of the city, telephone systems went down, the 9-1-1 system went down,
police and fire communications were lost, and we lost natural gas to
approximately one fourth of the city. (See attached copy of the
Exercise Scenario).
Question 5. What would you consider to be the greatest challenge to
cities overall in regard to Y2K preparedness?
Answer. We feel the greatest challenge is to ensure the
organization has identified and tested internal systems and developed
realistic contingency plans based on a worst case scenario. In
addition, the city should maintain an awareness of the community's
readiness by conducting a community wide Y2K Community Readiness
Assessment. The assessment will provide information as to the readiness
of it's critical business partners (suppliers) for continued operations
in the Year 2000.
Question 6. What do you consider to be the most pressing Y2K issues
for your own city's emergency service agencies?
Answer. The most pressing issues facing emergency services agencies
are to ensure an accurate inventory of the systems with embedded chips
is taken and the problem areas identified are correct as early as
possible. In addition, there are specific issues that need to be
addressed within the public safety area. For example, the patrol
officer could face problems with his vehicle, police radio, mobile data
terminal, radar systems, and traffic signal systems. The fire fighter
could have similar situation with additional problems with fire
apparatus, fire radio systems, gas analyzers, cascade system for
filling air bottles, and the readiness of neighboring volunteer
agencies who have mutual aid with the city.
__________
Prepared Statement of Senator Susan M. Collins
Thank you, Mr. Chairman. Before I begin, I would like to thank the
Chairman and his staff for their hard work on this important topic. The
Chairman should be commended not just for his efforts on today's
hearing, but on the entire Y2K issue. The Chairman's tireless efforts
on the Y2K matter have helped many in this country understand the
importance of being prepared in order to prevent serious problems at
the turn of the century.
One of the issues that the Committee will focus on at today's
hearing is how the year 2000 will affect computer systems used by the
many law enforcement departments that we have throughout our country.
In particular, an obvious area of interest is how 911 service will be
affected and what municipalities should do to ensure that there will
not be coverage problems.
The 911 system had modest origins, beginning as a simple
``hotline'' system in 1968. In the thirty years since the system was
first introduced, the 911 safety net has become an integral part of
American life. Today, Americans living in 90 percent of our communities
can take for granted the fact that if they dial 911, someone will be on
the other end of the line to offer assistance.
And 911 is a number that we dial often in this country--over
300,000 911 emergency calls for assistance are placed in this country
each day, close to 110 million calls per year.
As the size of the 911 system has grown over the years, the
technology that supports our emergency services has continued to
advance at a tremendous rate. Many places in the country now enjoy the
advantage of so-called ``enhanced'' 911 systems. These enhanced systems
automatically pinpoint a caller's location and telephone number for the
911 operator.
911 calls are received at what is known as Public Safety Answering
Points, or ``PSAPs.'' [P-Saps] There are over 4,500 of these PSAPs
throughout the country. The person answering the phone at these PSAPs
is often required to fill out a computer screen which looks something
like this [Reference 30 X 40 Poster Board], particularly in the case of
``enhanced'' 911 systems.
Earlier this summer, FCC Commissioner Michael Powell began playing
an active role in promoting awareness about this potential
communications problem in the public safety community. In June, the FCC
held a public safety roundtable which attracted many nationwide experts
in the field of public safety communications.
This symposium concluded that while the Y2K problem poses a threat
to these communications, the problem is fixable. Unfortunately, the fix
can be expensive, with some departments finding that the best solution
to the problem is to completely replace the old non-compliant systems.
Moreover, the Association of Public Safety Communications Officers has
estimated that there are over 50 components in a PSAP that are Y2K-
vulnerable.
In addition to 911 systems, law enforcement agencies use other
sophisticated information technology systems in their day-to-day
efforts to fight crime. Examples include the National Crime Information
Center, the National Law Enforcement Telecommunications System, and the
individual criminal information data systems operated individually by
all 50 states.
These systems enable officers to obtain the most updated
information on wanted persons, stolen vehicles, criminal histories, and
Department of Motor Vehicle records. The ability to dependably and
quickly access such information is essential both to officer safety and
to the speedy and effective administration of justice at all levels of
government.
The good news here is that the Committee has been assured that
these systems will be fully able to meet its Year 2000 challenge, and
that their links to the systems of all 50 states will remain fully
operational. The challenge for local law enforcement agencies is to be
sure that their own links to these vital information systems, and any
similar systems which they might operate on a regional or agency-wide
level are both compliant and compatible with the larger systems.
Also, at the local agency level, there often is a great deal of
``interconnectivity'' between some of the emergency service
department's records systems and those of other city agencies, such as
the court system, the corrections department, and even local utility
companies, thus increasing the potential for Y2K related problems in
this area.
I am hopeful that we will be able to gain more information on these
important issues in today's testimony. Thank you, Mr. Chairman.
__________
Prepared Statement of Vice Chairman Christopher J. Dodd
Thank you Mr. Chairman, for your leadership. This Committee
continues to have a very active hearing schedule as we review Year 2000
issues in a variety of industry sectors. The Committee has examined the
energy sector, transportation, health care and financial services and
will soon hold a general business hearing with an emphasis on small
business. Today, we will review emergency preparedness and disaster
relief on a national, state and local level. Indeed few functions of
government are more fundamental and important than our government's
readiness to respond to the needs of its citizens in emergencies.
These emergencies can be on a grand scale such as floods, tornadoes
and earthquakes or they can be personal emergencies, where one person
may need the police or the fire department or an ambulance. In all of
these situations, there is a shared common denominator, communication
systems that receive the calls and direct the response. And most
importantly these systems may be very vulnerable to year 2000 problems.
Sophisticated information technology systems serve as important
tools for law enforcement today. Systems such as the National Crime
Information Center or NCIC, the National Law Enforcement
Telecommunications System, or NLETS, and individual criminal
information data systems operated by each state enable of fleers to
obtain the most updated information on wanted persons, stolen vehicles,
criminal histories, and Department of Motor Vehicle records. The
ability to dependably and quickly access such information is essential
both to officer safety and to the speedy and effective administration
of justice at all levels. A recent survey conducted on the
effectiveness of NCIC indicates that during a one year period, 81,750
``wanted'' persons were found, 113,293 individuals were arrested;
39,268 missing juveniles and 8,549 missing adults were located; and
110,681 cars valued at over $570 million were recovered as a result of
NCIC's use. The good news is that we have been assured that this system
will be fully able to meet its Year 2000 challenge, and that its links
to the systems of all 50 states will remain fully operational. The
challenge for local law enforcement agencies is to be sure that their
own links to these vital information systems, and any similar systems
which they might operate on a regional or agency wide level are both
compliant and compatible with the larger systems. Also, at the local
agency level, there often is a great deal of interconnectivity between
some of the emergency service department's records systems and those of
other city agencies, such as the court system, the corrections
department, and even local utility companies, thus increasing the
potential for Y2K related problems in this area.
As we have found to be true in so many other areas, Y2K's presence
is insidious in the area of emergency services. One major police
department related to our staff that its city's government was required
to remediate their gasoline pumps in order to assure that gasoline
would continue to flow to its patrol cars on January 1, 1998. This
problem had the potential to effect the entire fleet of city government
owned vehicles. In this particular case, the computerized gasoline
pumps perform a time and date calculation based upon the last time a
particular gas credit card was used to fuel a vehicle, and therefore
was vulnerable to Y2K. In another case, the sheriff of a large western
county related that his department was currently examining its
computerized detention files which are used to track ``time in'' and
``time out'' of the county jail facility, as well as hearing date
information for inmates.
According to the Bureau of Justice Statistics, there are over
17,000 police and sheriffs departments in the United States. The
International Association of Fire Chiefs estimates that there are
32,000 fire departments in this country. We also should not overlook
the fact that approximately sixty-five percent of our country's
Emergency Medical Service agencies reside within the organizational
structure of our nation's fire departments.
These statistics clearly indicate the scope of the emergency
service sector at the state, county, and local levels of government is
enormous. The task of assuring that each of these agencies meets the
challenge of providing uninterrupted and reliable service in the Year
2000, is an immense one. It is a task that must be tackled in each and
every city, township, county, and state government in the country.
In addition to the technical aspect of Y2K vulnerabilities, we must
also consider the possibility that January 1, 2000 may bring with it an
enormous increase in the demand for service from our emergency response
agencies. Will there be an increase in the need for additional traffic
control personnel in the event of certain Y2K failures in the
transportation sector? How many additional elevator extrications will
the fire departments be called upon to perform? None, we hope, but
these are all things we must consider as we plan.
While the preparedness of emergency service agencies is the most
vital aspect of Y2K preparation for state, county and local
governments, we must recognize that it surely is not the only Y2K
problem that those governments face. It is in fact, only one aspect of
the much larger Y2K challenge confronting the mayors, city and county
executives, state CIOs, and governors throughout the nation as we
continue to move closer to our ultimate deadline.
As I mentioned at the beginning of my statement, the federal
government must be able to respond to earthquakes, floods and other
natural disasters. And I share Senator Bennett's heartfelt thoughts to
those who have suffered through Hurricane George. The destructive power
of this hurricane must remind us how very essential it is that our
state and national emergency response systems operate without
impediment. The Federal Emergency Management Agency (FEMA) along with
the Red Cross and the National Guard has always provided a safety net
to our citizens whose lives and communities have been devastated by
natural disasters. It is essential that these organizations maintain
their continued readiness.
On a final note, I want to enthusiastically endorse the creation of
an early warning system that might give this country some notice, even
if it is only a matter of hours, that Year 2000 failures occurring
internationally are headed our way. January 1, 2000 dawns in the middle
of the Pacific Ocean and comes 17 hours before our dawn in the United
States. We should leverage this advantage that nature and chance has
provided us, and a ``Y2K First Alert System'' is an excellent way to do
so.
Again, thank you Mr. Chairman, I look forward to hearing today's
panels.
__________
Prepared Statement of John Thomas Flynn
congressional talking points
Good morning, Mr. Chairman. My name is John Thomas Flynn. I speak
before you today as president of NASIRE, representing the Chief
Information Officers of the States, and as Governor Pete Wilson's Chief
Information Officer for California.
I want to express my appreciation for the opportunity to update
this committee on states' Year 2000 (Y2K) readiness, particularly as it
affects emergency preparedness. To get right to the point: as to
states' overall remediation efforts, compliance among the 50 states
with all aspects of mission critical legacy systems, ranges
individually from under 10 percent complete, to reports of more than 90
percent complete. I would point out that these figures are based upon
NASIRE's self-reporting online survey, Y2KRemediation in the States,
(located at www.amrinc.nettnasire/y2k).
According to the latest survey results, just under half (24) of
those responding have completed remediation of at least 50 percent of
their mission critical systems. Our NASIRE survey defines ``mission
critical'' as:
Systems that the state has identified as priorities for prompt
remediation. Such systems CAN encompass public safety, public
health, as well as financial and personnel aspects of
government services.
No state has declared itself 100 percent complete as yet. In
addition, due to the various interpretations surrounding the term, as
well the legal ramifications involved, we might never see total
compliance claimed until long after the turn of the century.
As the remediation process has evolved from addressing software
applications and interfaces, desktop systems and embedded technologies,
a key focus of activity in the states has involved contingency
planning, operational recovery and of particular importance to this
hearing today, emergency preparedness.
As to the general condition of the states' emergency preparedness
and the readiness of state emergency response agencies I would offer
the following.
Disaster relief services are facets of a civilized society that
citizens should be able to depend on.
Imagine the residents of New Orleans or the Florida Keys managing
without state emergency and disaster services with Hurricane Georges
positioned to wreak havoc at any moment. Recall the total power
blackout that occurred for several weeks in the business district of
Auckland, New Zealand earlier this year. Would recovery and rebuilding
efforts work at full capacity or at all if their systems and networks
were nonfunctional? Would citizens have access to life-saving medical
aid?
Recall the Galaxy 4 satellite that put 50 million pagers and other
telecommunications services out of commission. One satellite. 50
million customers affected. When you think about how many lives are
touched by one action, or in this case, inaction, the magnitude of the
Year 2000 situation begins to take shape.
Regarding specific emergency preparedness issues, eleven states
responded to the NASIRE survey including:
Arizona, Colorado, Connecticut, Florida, Georgia, Illinois,
South Carolina, Texas, Washington, West Virginia, Wyoming
NASIRE CIO's reported that close working relationships have been
established with their emergency management organizations, and their
mission critical system remediation has been given the highest
priority. A few specifics:
For example, the State of Arizona holds bi-weekly meetings with Y2K
coordinators from the Public Utility Commission, Attorney General's
Office, Administrative Office of the Courts and the Department of
Emergency and Military Affairs to coordinate assessment, planning and
response activities related to Y2K failures. Staff representatives from
both senators McCain and Kyl were recently invited to these meetings.
The Colorado 2000 Council has asked the Colorado Office of
Emergency Management and the Federal Emergency Management Association
(FEMA), to participate in Colorado's Council. This council is a
coalition of public and private industry representing critical service
sectors such as telecommunications, public safety and water, to name
just a few.
In California, the Governor's Office of Emergency Services (OES) is
a stand-alone cabinet-level agency like the Department of Information
Technology, which reports directly to the Governor.
Having this kind of authority naturally leads to quicker and more
comprehensive responses. As you may know California, during the last
decade, has suffered through flood, fire, drought, riots and other
natural disasters with responses coordinated by this department.
As CIO for California, my office is partnering with California OES
Director, Dr. Richard Andrews, along with our California Year 2000
Intergovernmental Task Force, which is comprised of state, county and
city CID's, for a Western States Y2K Summit on Emergency Preparedness
and contingency planning this fall. Dr. Andrews and I have been in
contact with the emergency directors, state CIO's and Y2K managers of
these states who have voiced unanimous enthusiasm for this endeavor. We
believe the model and subsequent action plan we develop for this summit
will be of value to states not only in the western region, but beyond.
As a general rule, emergency management services do not fall
directly under the responsibility of IT organizations. However, those
who work in the IT environment are prepared to work with sister
agencies with missions more directly tied to providing support and
order during a disaster. This is and has been the case in the many
other government entities which merit equal attention such as public
utilities (water, electricity, telecommunications), court and criminal
functions (prison systems) and financial benefits (retirement
disbursements, food stamps, health care).
I thank you for the opportunity to speak, and would be pleased to
answer any questions.
SURVEY ON YEAR 2000 REMEDIATION IN THE STATES
[A survice of NASIRE: Representing chief information officers of the States]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ALABAMA (Last updated 8/10/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? The AL Dept. of Finance has an
NA AL has implemented a separate Y2K $85-$100M Considering (Some current members are integrated accounting, purchasing
mainframe test bed with Y2K compliant aware of the Y2K problem and may be and personnel system for most of the
operation system and tools for considering both funding and state agencies. The accounting
agencies to use for testing. There is liability issues.) covers departmental or agency level
also an AS/400 resource center. accounting as well as the State's
Comptroller. Many of the agencies
providing direct services and
benefits are utilizing the Finance
Department's mainframe computer. The
Finance Department provides fee
based services for agencies, but the
larger ones mentioned above have
their own programming staff.
CIO: Larkin B. Nolen, Chief Information Officer, Information Services Division, Dept. of Finance, 64 N. Union St., Ste. 200, Montgomery, AL 36130, Phone: 334-242-3800 Fax: 334-240-3228
[email protected]
Contact: Rick Boyce, Year 2000 Project Coordinator, Dept. of Finance, 64 North Union Street, Ste. 250, Montgomery, AL 36130, Phone: 334-353-3447 Fax: 334-353-5663 [email protected]
Contact: Dr. John H. Parsa, Manager Special Projects, Information Services Division, Dept. of Finance, 64 N. Union St., Ste. 250, Montgomery, AL 36130, Phone: 334-242-3104 Fax: 334-353-5663
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ALASKA (Last updated 9/9/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Governor Tony Knowles issued
86 Mission Critical Business A number of critical enterprise-level FY 2000 costs for Y2K are currently Not to date. Proposals are under Administrative Order #177 on 8/28/
Functions (43% of 199 key systems are already converted. estimated at $25 million. consideration, however. 98, declaring Y2K to be state
functions), including: all Compilation of status data is agencies' highest priority and
supporting automation systems, expected to be available by 10/1/98. elevating the State's Y2K program to
interfaces, embedded and process a cabinet-level office. Since then a
control systems, supplier/ new Y2K status reporting system has
customer dependencies, and been implemented, with updated
associated contingency plans. status information expected to be
available by 10/1/98.
CIO: Mark O. Badger, PhD, Chief Technology Officer, Information Technology Group, Dept. of Administration, P.O. 110206, Juneau, AK 99811-0206, Phone: 907-465-2220 Fax: 907-465-3450 mark2/
[email protected]
Contact: Bob Poe, Year 2000 Project Manager, Office of Management & Budget, P.O. Box 110020, Juneau, AK 99811 Phone: 907-465-4660 Fax: 907-465-3008 Bob2/[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ARIZONA (Last updated 9/25/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
245 60-70% $103.0M (This is for data systems not Yes, Special funding (HB2001); No,
embedded systems. This includes Liability hold harmless. The Arizona
appropriated and non-appropriated League of Cities is circulating a
dollars. It also includes broad based liability protection bill
replacements and remediation, some of for municipalities, but I have not
these replacements are occurring for yet reviewed a draft.
other reasons, but Y2K makes the
timing critical. It also includes
personnel costs, which I believe some
states have not included.)
CIO: John B. Kelly, Chief Information Officer, Gov't Information Technology Agency, 1102 W. Adams St., Phoenix, AZ 85007, Phone: 602-340-8538 Fax: 602-340-9044 [email protected]
Contact: Art Ranney, Information Technology Oversight Manager, Government Information Technology Agency, 1102 W. Adams Street, Phoenix, AZ 85007, Phone: 602-340-8538 Fax: 602-340-9044
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ARKANSAS (Last updated 7/27/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? We are currently conducting y2k
50 40% $35.0M Yes. (A general use appropriation has audits of all state agencies, higher
been made available for all Arkansas ed institutions, and public schools.
State agencies to accomplish Y2K This is probably the most valuable
compliance.) thing we have done.
CIO: Michael Hipp, Director, Dept. of Information Systems, #1 Capitol Mall, P.O. Box 3155, Little Rock, AR 72201-3155, Phone: 501-682-2701 Fax: 501-682-4310 [email protected]
Contact: Stephanie Mains, Year 2000 Project Office, Division of Operations, Department of Information Systems, P.O. Box 3155, #1 Capitol Mall, Little Rock, AR 72201, Phone: 501-682-4399 Fax:
501-682-4310 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CALIFORNIA (Last updated 9/25/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Information can be found at
633 50% $239 million. 3 Measures were proposed for the 1997- .
98 legislative session, none were
successful (AB1934; AB1710 and
SB2000). 2 measures are on the
Governor's desk for consideration
(AB1345 and SB1178)The 1998-99 Budget
Act includes $20 million for the Year
2000.
CIO: John Thomas Flynn, Chief Information Officer, State of California, 801 K St., Ste. 2100, Sacramento, CA 95814, Phone: 916-445-3050 Fax: 916-445-6529 [email protected]
Contact: Claudina Nevis, Deputy Director, Special Projects, Dept. of Information Technology, 801 K St., Ste. 2100, Sacramento, CA 95814, Phone: 916-445-5900 Fax: 916-445-6524
[email protected]
Contact: Robert Dell'Agostino, Acting Chief Deputy Director, Dept. of Information Technology, 801 K St., Ste. 2100, Sacramento, CA 95814, Phone: 916-445-5900 Fax: 916-445-6524
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
COLORADO (Last updated 9/24/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? 90% of Critical systems are planned
239 systems are rated critical of 6% are fully converted for Year 2000 $31.95M (Covers information systems Considering for completion by June, 1999.
a total of 840 systems. functionality. The majority of the only. Does not include higher
remaining systems are in the testing education or embedded systems.)
phase.
CIO: Steve McNally, Staff Director, Commission on Information Mgmt., Dept. of Personnel/Gen. Support Svcs., 1525 Sherman St., Ste. 100, Denver, CO 80203-1712, Phone: 303-866-3222 Fax: 303-866-
2168 [email protected]
Contact: Brian Mouty, Statewide Year 2000 Project Manager, Dept of General Support Services, 1525 Sherman St., #100, Denver, CO 80203, Phone: 303-866-3222 Fax: 303-866-2168
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
CONNECTICUT (Last updated 9/23/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
765 (Systems for which Y2K 50% $125.0M (Although only $95.0M in Yes.
remediation strategies have been funding is available.) Embedded
defined.) systems and PC exposures not fully
known--may drive total costs higher.
CIO: Rock Regan, Chief Information Officer, Dept. of Information Technology, 340 Capitol Ave., Hartford, CT 06106, Phone: 860-566-7093 Fax: 860-566-1786 [email protected]
Contact: Peter Sullivan, Director, Year 2000 Program Officer, Dept. of Information Technology, 340 Capitol Avenue, Hartford, CT 06106, Phone: 860-566-6246 Fax: 860-566-6291
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DISTRICT OF COLUMBIA (Last updated N/A.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
No answer. No answer. No answer. No answer.
CIO: VACANT, Chief Technology Officer, Government of DC, 441 Fourth St., N.W., Rm. 960, Washington, DC 20001, Phone: 202-727-2277 Fax: 202-727-6857 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DELAWARE (Last updated 7/17/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
71 (Included are public safety 62% (Complete or already compliant.) $6.0M Yes, Legislated funding.
systems, critical general ledger/
accounting, critical court
systems, public health and some
critical welfare systems,
critical revenue systems,
unemployment insurance, and
payroll-but not all benefits.)
CIO: John J. Nold, Executive Director, Office of Information Services, 801 Silver Lake Blvd., Dover, DE 19904, Phone: 302-739-9628 Fax: 302-739-6251 [email protected]
Contact: Kathy Donovan, Year 200 Coordinator, Office of Information Systems, 801 Silver Lake Blvd., Dover, DE 19901, Phone: 302-739-9602 Fax: 302-739-9686 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FLORIDA (Last updated 9/22/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Florida is conducting further
492 74% (Using August data-this is the $75.0-90.0M Yes, provides the Governor special research into the potential impact
overall percentage of work completed powers in addressing a Y2K failure in of embedded chips in products &
in the remediation of mission an agency and extends the state's services.
critical systems.) sovereign immunity to include Year
2000 failures. Passed as CS/HB 3619
in the 1998 session.
CIO: P. J. Ponder, Chief Legal Counsel, Information Resource Commission, 4050 Esplande Way, Ste. 235, Tallahassee, FL 32399-0950, Phone: 850-488-4494 Fax: 850-922-5929 [email protected]
Contact: Glenn W. Mayne, Project Manager, Executive office of the Governor, Office of Planning and Budgeting, 426 Charlton Bldg., Tallahassee, FL 32399, Phone: 850-921-2235 Fax: 850-921-2353
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
GEORGIA (Last updated 7/15/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
375 (Business criticality as Still developing metrics and $152.0M Yes, liability and financial (SB638).
defined by 71 agencies.) consolidated reporting.
CIO: Paul Mason, Director, Information Technology, Dept. of Administrative Services, 1402 W. Tower, 2 Martin Luther King Dr., Atlanta, GA 30334, Phone: 404-656-3992 Fax: 404-656-0421,
[email protected]
Contact: Erwin Fraas, Senior Technology Analyst, Information Technology Policy Council, P.O. Box 38391, Atlanta, GA 30334, Phone: 404-657-1351 Fax: 404-657-1355 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
HAWAII (Last updated 4/13/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
No answer. No answer. No answer. No answer.
CIO: Thomas I. Yamashiro, Administrator, Information & Communication Svcs. Div., Dept. of Accounting & General Services, 1151 Punchbowl St., Room B10, Honolulu, HI 96813, Phone: 808-586-1910
Fax: 808-586-1922 [email protected]
Contact: Barbara Tom, Data Processing Systems Manager, Information & Communication Svcs. Div, Dept. of Accounting & General Services, 1151 Punchbowl St., Room B10, Honolulu, HI 98613, Phone:
808-586-1920 Fax: 808-586-1922
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IDAHO (Last updated 8/14/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Most mission critical applications
21 60% $16.0M No. are in test mode. Testing and data
bridge remediation are the gating
issues at this time. No specific
legislation has been proposed or is
anticipated.
CIO: J. Miles Browne, Project Team Manager, Information Technology Division, Dept. of Administration, 650 W. State Street, P.O. Box 83720, Boise, ID 83720-0004, Phone: 208-334-2771 Fax: 208-
334-2307 [email protected]
Contact: Dean Pierose, Member, ITRMC Project Team, Dept. of Administration, 650 W. State Street, P.O. Box 83720, Boise, ID 83720-0089, Phone: 208-334-3535 Fax: [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ILLINOIS (Last updated 8/4/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
349 59% of the Critical Systems effort. $82.3M (For all electronic data Yes--SB1674, establishes Year 2000
processing efforts.) Technology Task Force.
CIO: William M. Vetter, Bureau Manager, Bureau of Communication & Computer Svcs., Dept. of Central Management Services, 120 W. Jefferson St., Springfield, IL 62702, Phone: 217-782-4221 Fax:
217-524-6161 [email protected]
Contact: Paul R. Lopes, Chief of Operations/ Computer Services, Bureau of Comm. & Computer Svcs., Dept. of Central Management Services, 120 W. Jefferson St., Springfield, IL 62702, Phone: 217-
785-4037 Fax: 217-524-6161 paul2/[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
INDIANA (Last updated 7/20/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
51 4% $34.6M Yes, funding.
CIO: Laura Larimer, Director of Information Technology, Dept. of Administration, Indiana Government Center, 100 North Senate Ave., N. Rm. 551, Indianapolis, IN 46204, Phone: 317-232-3171 Fax:
317-232-0748 [email protected]
Contact: William Pierce, Director, Director of Year 2000 Office, 125 West Market Street, Indianapolis, IN 46204, Phone: 317-233-2009 Fax: 317-233-8315 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
IOWA (Last updated 9/9/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\41% (in millions) or proposed in your state? None.
270 (Each agency in the Executive $30.0M (This figure does not include No.
Branch determined the critical the costs related to the embedded
systems for their enterprise. systems remediation.)
This figure does not include the
number of critical systems that
are related to the embedded
remediation.)
CIO: James R. Youngblood, Director, Information Technology Services, Hoover State Office Building, Level B, Des Moines, IA 50319, Phone: 515-281-3462 Fax: 515-281-6137
[email protected]
Contact: Paul Carlson, Year 2000 Project Manager, Dept. of Management, State Capitol Bldg., Rm. 13, Des Moines, IA 50319, Phone: 515-281-7117 Fax: 515-242-5897 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
KANSAS (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions)$23.0M or proposed in your state? None.
827 67% Considering liability.
CIO: Frederick Boesch, Chief Information Architect, Information Resource Council, 300 SW 10th Ave., State Capitol Bldg., Rm. 263E, Topeka, KS 66612-1572, Phone: 785-296-3011 Fax: 785-296-2702
[email protected]
Contact: John Oliver, Senior Policy Advisor, Office of the Chief Information Architect, LSOB Rm. 751-S, 900 S.W. Jackson, Topeka, KS 66612-1275, Phone: 913-296-5260 Fax: 913-296-1168
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
KENTUCKY (Last updated 9/29/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Kentucky is on target to complete
96 (Mainframe systems only. 57% $4.0M Yes, Y2K contingency fund was passed renovation by 7/1/1999.
Critical systems under in the 1998 session.
management of agencies have not
been defined. Information has
been extracted from May 31,
1998.)
CIO: Aldona K. Valicenti, Chief Information Officer, Commonwealth of Kentucky, Office of the Governor, 493 Capitol Annex, Frankfort, KY 40601, Phone: 502-564-2611 Fax: 502-564-7882
[email protected]
Contact: John Tomlinson, Year 2000 Statewide Coordinator, Information Systems, 101 Cold Harbor Dr., Frankfort, KY 40601, Phone: 502-564-8715 Fax: 502-564-6856 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
LOUISIANA (Last updated 9/22/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
399 Mission Critical Systems as 30% Not known at this time. (Although the Considering (The state is reviewing
of September 1998. majority of Year 2000 costs were all legal aspects of the Year 2000
embedded in the general operating problem and consideration is being
budget of state departments, the given for introducing legislation in
following information is available: the next legislative session schedule
FY97-98 Budgeted $16.4; FY98-99 for March 1999.)
Requested $61; $5 established for Y2K
fund pool.)
CIO: Dr. Allen Doescher, Assistant Commissioner, Technical Service & Communications, Office of Information Resources, Div. of Administration, P.O. Box 94095, Baton Rouge, LA 70804-9095, Phone:
504-342-7000 Fax: 504-342-1057 [email protected]
Contact: Chris LeBlanc, Year 2000 Project Manager, Div. of Administration, P.O. Box 44335, Baton Rouge, LA 70804-4335, Phone: 504-342-9675 Fax: 504-342-5137 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MAINE (Last updated 9/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
180 (The number of critical 40% $11.0M (This figure is for the state No, but it was considered.
systems out of 257 systems that agencies with critical systems only.)
we are currently tracking. The
critical systems were determined
by tracking data from each of
the state agencies and only
those agencies which have
supplied information to the
Department of Administration &
Finance, Bureau of Information
Services.)
CIO: Robert Mayer, Chief Information Officer, Bureau of Information Services, Dept. of Admin. & Financial Services, 145 State House Station, Augusta, ME 04333-0145, Phone: 207-624-7840 Fax:
207-287-4563 [email protected]
Contact: Valton L. Wood, Jr., Div. Mgr. Infor, Svcs/Development Svcs., Bureau of Information Services, Dept. of Administrative & Financial Svcs., 145 State House Station, Augusta, ME 04333-
0145, Phone: 207-287-3631 Fax: 207-287-4563 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MARYLAND (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
341 To Be Determined (We are in the $100.0M No.
process of updating our database so
that an accurate assessment can be
made. The state has 22 vendors as
partners in this effort.
Approximately $35M has been obligated
to date.
CIO: Leslie E. Hearn, Chief Information Officer, Dept. of Budget & Management, Office of Information Technology, 45 Calvert St., Annapolis, MD 21401, Phone: 410-974-5236 Fax: 410-974-5045
[email protected]
Contact: Alexius O. Bishop, Year 2000 Coordinator, Office of Information Technology, 45 Calvert St., Annapolis, MD 21401, Phone: 410-974-2191 Fax: 410-924-5045 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MASSACHUSETTS (Last updated 7/20/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None
262 33% $79.0M Yes, funding.
CIO: Val Asbedian, Director, Strategic Planning, Information Technology Division, One Ashburton Place, Room 801, Boston, MA 02108, Phone: 617-973-0762 Fax: 617-727-3766
[email protected]
Contact: Val Asbedian, Director, Strategic Planning, Information Technology Division, One Ashburton Place, Room 801, Boston, MA 02108, Phone: 617-973-0762 Fax: 617-727-3766
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MICHIGAN (Last updated 8/20/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
793 42% $55.6M (This is what has been Yes, funding.
appropriated as supplemental funding
for Y2K problems in executive branch
agencies.)
CIO: George Boersma, Chief Information Officer & Deputy Dir., Director's Office, Dept. of Management & Budget, 1st Flr., Lewis Cass Bldg., P.O. Box 30026, Lansing, MI 48909, Phone: 517-373-
1006 Fax: 517-373-7268 [email protected]
Contact: Gerald W. Williams, Director, Year 2000 Project Office, Dept. of Management & Budget, 1st Flr., Lewis Cass Bldg., P O Box 30026, Lansing, MI 48909, Phone: 517-373-3725 Fax: 517-335-
1575 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MINNESOTA (Last updated 9/15/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
1,300 (During the inventory phase 75% (70 percent of custom applications As of June 1998, the Minnesota Considering.
of the Minnesota Year 2000 are complete. A deadline of December legislature has appropriated $28.7M
Project, 1,100 custom 31, 1998 has been established to for conversion of mission critical
applications were identified by complete conversions of mission systems. State agencies are also
state agencies.) critical systems. Testing is an using an estimated $22 from
ongoing process that will continue operational fund budgets to address
through 1999.) embedded technologies and standard
upgrades of h/w, s/w.
CIO: Beverly Schuft, Assistant Commissioner, Technology Management, Dept. of Administration, 320 Centennial Bldg., 658 Cedar St., St. Paul, MN 55155, Phone: 612-296-5320 Fax: 612-296-5800
[email protected]
Contact: Jim Close, Year 2000 Project Manager, Technology Management Bureau, Dept. of Administration, 320 Centennial Bldg., 658 Cedar St., St. Paul, MN 55155, Phone: 612-296-5944 Fax: 612-296-
5800 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MISSISSIPPI (Last updated 7/16/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage?\1\ are converted?\2\ (in millions) or proposed in your state? None.
30 50% (Should be at least 75 percent by $8.0M No.
December 1.)
CIO: David L. Litchliter, Executive Director, Dept. of Information Technology Svcs., 301 N. Lamar St., Ste. 508, , Jackson, MS 39201, Phone: 601-359-1395 Fax: 601-354-6016
[email protected]
Contact: Teresa Karnes, Client Planning Manager, Strategic Services Division, Dept. of Information Technology Svcs., 301 N. Lamar St., Ste. 508, Jackson, MS 39201, Phone: 601-359-2615 Fax: 601-
354-6016 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MISSOURI (Last updated 9/16/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted?\2\ (in millions) or proposed in your state? None.
225 70% Converted; 50% implemented. $57.0M Yes, funding. Liability being
considered.
CIO: Mike Benzen, Chief Information Officer, Office of Information Technology, Jefferson Bldg., Rm. 1315, 205 Jefferson St., Jefferson City, MO 65101, Phone: 573-526-7741 Fax: 573-526-7747
[email protected]
Contact: Dave Schroeder, Deputy Chief Information Officer, Office of Information Technology, Jefferson Bldg., Rm. 1315, Jefferson City, MO 65101, Phone: 573-526-7744 Fax: 573-526-7747
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MONTANA (Last updated 9/3/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed
manage? \1\ are converted? \2\ (in millions) or proposed in your state?
211 34% $5-6 No.
Comments
None.
CIO: Anthony Herbert, Administrator, Division of Information Services, Dept. of Administration, 125 N. Roberts, P.O. Box 200113, Helena, MT 59620, Phone: 406-444-2700 Fax: 406-444-2701
[email protected]
Contact: G. Scott Lockwood, Year 2000 Compliance Officer, Information Services Division, Dept. of Administration, P.O. Box 200113, Helena, MT 59620, Phone: 406-444-2029 Fax: 406-444-2701
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NEBRASKA (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
82 (Not broken down by 30% $6.0M (Initial total estimate.) Yes, funding, liability and personnel
criticality.) (www.state.nv.us/doit/y2k).
CIO: Steven L. Henderson, Deputy Administrator, Central Data Processing, Dept. of Administrative Services, 501 S.14th St., P.O. Box 95045, Lincoln, NE 68509, Phone: 402-471-2065 Fax: 402-471-
4864 [email protected]
Contact: Steven L. Henderson, Deputy Administrator, Central Data Processing, Dept. of Administrative Services, 501 S.14th St., P.O. Box 95045, Lincoln, NE 68509, Phone: 402-471-2065 Fax: 402-
471-4864 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NEVADA (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
278 (Criticality was determined 86% (This number is derived from $15.2M (This figure is the current Yes, funding. (Legislation for partial
by individual agency directors project schedule information base contract with our vendor for funding support was passed in 1996
in regard to which systems they regarding both work completed and century date change work. We have utilizing parts of the existing
elected to include in our CDC work in progress.) also established Time and Material Cigarette Tax.)
project.) work orders with CTA for an
additional $5.5 to $6.0M for related
work. Thus total cost around $21.0M.
CIO: Marlene Lockard, Director, , Dept. of Information Technology, 505 E. King St., Ste. 403, Carson City, NV 89701, Phone: 702-687-4090 Fax: 702-687-3846 [email protected]
Contact: Tom Loux, Year 2000 Project Manager, Applications Design & Development Unit, Department of Information Technology, 1340 South Curry St., Carson City, NV 89701, Phone: 702-687-4091
Fax: 702-687-1155 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NEW HAMPSHIRE (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None
63 (This is number of state 10% (Several are in testing phase.) $60.0M (This includes costs to replace Yes (Requires agencies to develop work
agencies, boards and outdated systems and correct Y2K at plans and to report quarterly
commissions.) same time.) compliance status, Chapter 255, Laws
of 1998: Effective June 25, 1998:
legislative bill--www.state.nh.us/
gencourt/bills/98bills/sb0464.html)
CIO: William Armstrong, Information Technology Manager, Division of Information Technology Management, Dept. of Administrative Services, 4 Hazen Dr., Concord, NH 03301, Phone: 603-271-6533
Fax: 603-271-6531 [email protected]
Contact: Vicki Tinsley, Information Technology Manager, Div. of Information Technology Mgmt., Dept. of Administrative Services, 4 Hazen Drive, Concord, NH 03301, Phone: 603-271-1522 Fax: 603-
271-531 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NEW JERSEY (Last updated 9/22/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
195 40% (back in production) $120.0M (this is the cost to remediate Yes, funding; considering liability.
ALL systems).
CIO: Wendy Rayner, Chief Information Officer, Office of the Governor, State House, P.O. Box 001, Trenton, NJ 08625, Phone: 609-777-2245 Fax: 609-777-0357 [email protected]
Contact: John W. Longworth, Executive Branch Year 2000 Coordinator, Div. of Information & Management Svcs., Dept. of Education, 100 Riverview Executive Plaza, Trenton, NJ 08625-0500, Phone:
609-633-9773 Fax: 609-633-9865 [email protected]
Contact: Wendy Rayner, Chief Information Officer, Office of the Governor, State House, P.O. Box 001, Trenton, NJ 08625, Phone: 609-777-2245 Fax: 609-777-0357 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NEW MEXICO (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
4,436 (Only 317 were found to be 49% $12.2M No.
non-Y2K compliant.)
CIO: James Hall, Chief Information Officer, Office on Information & Comm. Management, Office of the Governor, State Capitol Bldg., Rm. 400, Santa Fe, NM 87503, Phone: 505-827-3000 Fax: 505-827-
3026 [email protected]
Contact: Jody Larson, Office on Info. & Communication Staff, Office on Information & Communication Mgmt., Governor's Office 4th Fl., Capitol Bldg., Santa Fe, NM 87503, Phone: 505-827-3019 Fax:
505-827-3026 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NEW YORK (Last updated 7/17/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
43 (Statewide priority systems-- 73% $83.0M (Plus $221.0M in other funded Considering, liability; yes, funding &
top ``40.'') replacement projects.) personnel.
CIO: Camaron Thomas, Director, Office for Technology, Executive Chamber, State Capitol, Albany, NY 12224, Phone: 518-473-5622 Fax: 518-473-3389 [email protected]
Contact: Gary Davis, Year 2000 Project Leader, NYS Office for Technology, State Capitol, New York, NY 12224, Phone: 518-473-5622 Fax: 518-402-2019 [email protected]
Contact: Julie Leeper, Year 2000 Project Coordinator, NYS Office for Technology, State Capitol, Albany, NY 12224, Phone: 518-473-5622 Fax: 518-473-3389 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NORTH CAROLINA (Last updated 9/15/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Year 2000 legislation was passed to
1,147 59% $124.8M Yes, centralized program office, set up the NC Year 2000 Project
funding; considering, other issues. Office which facilitates, supports,
monitors and leverages the state's
Year 2000 remediation efforts.
Additional legislation is being
considered regarding liability.
CIO: Richard C. Webb, Asst. Secretary for Information Technology/CIO, Information Technology Services, Dept. of Commerce, 3700 Wake Forest Rd., Raleigh, NC 27609-6860, Phone: 919-981-2680 Fax:
919-981-5043 [email protected]
Contact: Debra C. Jones, Statewide Y2K Program Director, Year 2000 Project Office, 3900 Wake Forest Road, Raleigh, NC 27609, Phone: 919-981-5528 Fax: 919-981-5374
[email protected];[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NORTH DAKOTA (Last updated 9/25/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
66 82% $1.0M No.
CIO: Jim Heck, Director, Information Services Division, 600 East Boulevard Ave., Bismarck, ND 58505-0100, Phone: 701-328-3190 Fax: 701-328-3000 [email protected]
Contact: Larry Lee, Contingency Planning Specialist, Information Services Division, 600 East Boulevard, Bismarck, ND 58505-0100, Phone: 701-328-2721 Fax: 701-328-3000
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OHIO (Last updated 10/1/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
These have been determined and 32% have been converted and are in Original estimate of total cost for No, so far only cursory discussion has
tracked by the individual production. Year 2000 remediation was about $61 been held on this subject.
agencies. We're in the process million. As of this date, we do not
of gathering data and logging it see the need for additional funding.
into a central database. As of
this date, 200 critical systems
have been identified to this
central file.
CIO: Sandra Drabik, Director, Dept. of Administrative Services, 30 E. Broad St., 40th Fl., Columbus, OH 43266-0401, Phone: 614-466-6511 Fax: 614-644-8151 [email protected]
Contact: Fred Dowdy, Year 2000 Administrator, Computer ServicesDivision, Dept. of Administrative Services, 1320 Arthur E. Adams Drive, Columbus, OH 43221-3595, Phone: 614-752-7456 Fax: 614-644-
-2858 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OKLAHOMA (Last updated 7/22/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None
No answer. No answer. No answer. No answer.
CIO: William N. Shafer, Director, Information Services Division, Office of State Finance, 2209 N. Central, Oklahoma City, OK 73105, Phone: 405-521-2804 Fax: 405-522-3042
[email protected]
Contact: Jerry G. Stillwell, Data Processing Administrator, Office of State Finance, 2209 N. Central, Oklahoma City, OK 73105, Phone: 405-521-2844 Fax: 405-522-3042
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OREGON (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
248 (By Aug 31, a statewide list 32.2% (July 1998 data identifies over $92.OM (State of Oregon agencies 1997 Yes, Agency responsibility,
of mission critical systems will 32% of these systems are completed) Statewide Year 2000 Assessment coordination of policies and
be confirmed. This list will be identified $102M. Agencies effective promotion of qualified workforce;
monitored closely to assure management lowered that amount to Executive Order for compliance;
State of Oregon Year 2000 $92.0M, presented to the Oregon Considering, Immunity/Liability.
compliance. Legislature in January 1998.)
CIO: Don Mazziotti, Chief Information Officer, Information Resources Mgmt. Division, Dept. of Administrative Services, 155 Cottage St., N.E., Salem, OR 97310-0315, Phone: 503-378-3161 Fax: 503-
378-5200 [email protected]
Contact: Barbara Jensen, State Year 2000 Project Office, Information Resource Management Div., Dept. of Administrative Services, 155 Cottage St., NE, Salem, OR 97310-0310, Phone: 503-378-5458
Fax: 503-378-5200 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PENNSYLVANIA (Last updated 9/28/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? HB2273, HB2406, SB1434 All
27,446 programs or 469 MC 99% $24M (For mission critical only. The Considering. legislative bills are pending.
applications. total estimated cost for all systems
is $40M)
CIO: Larry A. Olson, Deputy Secretary, OA/Office for Information Technology, Governor's Office for Administration, 209 Finance Building, Harrisburg, PA 17120, Phone: 717-787-5440 Fax: 717-787-
4523 [email protected]
Contact: Charles F. Gerhards, Director, Commonwealth Technology Center, OA/Office for Information Technology, 1 Technology Park, Harrisburg, PA 17110, Phone: 717-772-8000 Fax: 717-772-8113
[email protected]
Contact: Larry A. Olson, Deputy Secretary, Office for Information Technology, Governor's Office of Administration, 209 Finance Building, Harrisburg, PA 17120, Phone: 717-787-5440 Fax: 717-787-
4523 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PUERTO RICO (Last updated 7/22/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
174 (Includes all critical 9% (Includes all critical systems $12.0M (Amount only includes costs Yes, reporting mechanism (SR585
systems reported by the reported compliant and tested by reported by agencies supported with requires agencies to report progress
agencies.) agency.) documents.) on the critical systems Y2K
compliance status and the related
costs). See www.senado.gvmt.pr.us/)
CIO: Jorge E. Aponte, CPA, Information Systems Director, Office of Budget & Management, P.O. Box 9023228, San Juan, PR 00902-3228, Phone: 787-725-8646 Fax: 787-724-1374 [email protected]
Contact: Francisco J. Colon, Associate Director, Office of Budget and Management, P.O. Box 9023228, San Juan, PR 00902-3228, Phone: 787-725-9420 Fax: 787-721-8239 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
RHODE ISLAND (Last updated 7/16/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
n/a The major core systems are in the Less than $10.0M (This year's FY99 No.
process of remediation and budget contains $2.5M on top of $.5M
implementation. Many depts. are still allocated for the Y2K effort in
in the remediation process, other FY98.)
depts. need to upgrade the versions
of software and hardware for smaller
systems.
CIO: Barbara Weaver, Chief Information Officer, Office of Library & Information Services, Dept. of Administration, One Capitol Hill, 4th Fl., Providence, RI 02908, Phone: 401-222-2222 Fax: 401-
222-4260 [email protected]
Contact: Sally J. Spadaro, Year 2000 Coordinator, Office of Library & Information Services, Dept. of Administration, One Capitol Hill, Providence, RI 02908, Phone: 401-222-1229 Fax: 401-222-
2083 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SOUTH CAROLINA (Last updated 9/29/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? Currently focusing on total mission
440--this total is the number of 42%--percentage of ALL SYSTEMS WHICH $31.2 million No. critical systems. Next report will
NON-COMPLIANT mission critical ARE COMPLIANT. Mission critical are contain this information.
systems. included.
CIO: Ted Lightle, Director, Office of Information Resource, Dept. of Budget & Control Board, 1201 Main St., Ste. 1500, Columbia, SC 29201, Phone: 803-737-0075 Fax: 803-737-0069
[email protected]
Contact: William T. Majors, Assistant Deputy Director, Office of Information Resources, Information Systems Opereration, 300 Gervais St., Columbia, SC 29201, Phone: 803-737-8242 Fax: 803-737-
9507 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SOUTH DAKOTA (Last updated 9/8/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
205 Certified: 15% mainframe, 4% PC/LAN, $3.7M (This does not include costs for Considering.
31% network components remediated: judicial and higher education
38% mainframe, 22% PC/LAN, 57% systems.)
network components.
CIO: Otto Doll, Commissioner, Dept. of Administration, Bureau of Info. & Telecommmunications, 700 Governors Dr., Kneip Bldg., Pierre, SD 57501, Phone: 605-773-4165 Fax: 605-773-6040
[email protected]
Contact: Jan Newman, Year 2000 Project Coordinator, Office of the Commissioner, Bureau of Information and Telecommunications, 1017 18th St. NE, Watertown, SD 57201, Phone: 605-882-5118 Fax:
605-886-8872 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TENNESSEE (Last updated 9/14/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
148 (We are tracking 233 systems 56% (Mission critical systems are at $15.5M (estimate for total Y2K Yes, funding (The Appropriation Bill
of which 148 are classified as 51 percent completion. We are 82 effort). for 1997-1998 provided $6M and the
mission critical.) percent complete based on man hour Appropriation Bill for 1998/1999
effort for all applications; provided an additional $4M for a
remaining applications are scheduled total of $10M.).
for 12/31/1998 completion date.
CIO: Bradley Dugger, Chief of Information Systems, Office of Information Resources, Dept. of Finance & Administration, 318 8th Ave., N., 11th Fl. TN Tower, Nashville, TN 37243-0288, Phone: 615-
741-2569 Fax: 615-532-0471 [email protected]
Contact: Ray Selvage, Information Systems Manager, Office for Information Resources, Dept. of Finance & Administration, 312 8th Ave. N. 10th Fl., TN Tower, 312 8th Avenue North, Nashville, TN
37243-0288, Phone: 615-741-7354 Fax: 615-741-4589 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
TEXAS (Last updated 7/17/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
437 (The Texas Year 2000 Project 0% (At this time, there are no $170.0M (This is the cost to remediate Considering.
Office does not manage any of critical systems that have been ALL systems in priority agencies--
these systems-we only provide through testing. 100 percent of these those with mission-critical systems.
oversight and monitoring. We systems have been assessed, and most We do not have figures on remediation
have approximately 19 priority are in the remediation phase.) costs specifically for those 437
agencies who are responsible for systems.)
managing the remediation efforts
of these 437 systems.)
CIO: Carolyn T. Purcell, Executive Director, Dept. of Information Resources, 300 W. 15th St., Ste. 1300, Austin, TX 78701, Phone: 512-475-4720 Fax: 512-475-4759 [email protected]
Contact: Shannon Porterfield, Year 2000 Coordinator, Dept. of Information Resources, P.O. Box 13564, 300 W. 15th St., Ste.1300, Austin, TX 78711-3564, Phone: 512-475-4740 Fax: 512-475-4759
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
UTAH (Last updated 9/18/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
532 (It is very difficult to 51% $50.0M ($12.0M has been directly Considering, Government immunity.
define critical. We have a appropriated for additional Y2K
subset that we have called expense in addition to IT base
highly mission critical/must not budgets, a majority of which is being
fail systems that is only about used for Y2K.)
30 systems.)
CIO: David Moon, Chief Information Officer, Governor's Office, 210 State Capitol, Salt Lake City, UT 84114, Phone: 801-538-1524 Fax: 801-538-1557 [email protected]
Contact: David Fletcher, Deputy Director, Dept. of Administrative Services, 3120 State Office Bldg., Salt Lake City, UT 84114, Phone: 801-538-3010 Fax: 801-538-3844 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
VERMONT (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions)n/a or proposed in your state? None.
50 50-60% No.
CIO: Patricia A. Urban, Chief Information Officer, 109 State St., Montpelier, VT, 05609-0210, Phone: 802-828-3322 Fax: 802-828-3320 [email protected]
Contact: Patricia A. Urban, Chief Information Officer, State of Vermont, Administration / CIO, 109 State St., Montpelier, VT 05609-0210, Phone: 802-828-5846 Fax: 802-828-3398
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
VIRGINIA (Last updated 7/21/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? * We require agencies report on their
* 51% (Completed all four phases of $80-83M Yes, Immunity, liability and Priority Business Activities. Within
remediation) establishing Century Date Change this framework, we track progress
Initiative Project Office and its and cost based on 5 reporting
oversight categories and their potential
impact on a priority business
activity.
CIO: Donald W. Upson, Secretary of Technology, Office of Technology, 9th Street Office Bldg., Ste. 503, Richmond, VA 23219, Phone: 804-786-9579 Fax: 804-786-9584 [email protected]
Contact: Bette H. Dillehay, Director, Century Date Change Initiative, Council on Information Management, Project Office, Washington Bldg., Ste. 901, 1100 Bank St., Richmond, VA 23219, Phone:
804-786-8163 Fax: 804-371-7952 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
WASHINGTON (Last updated 9/16/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? None.
458 50% $83.5M Yes, Liability (failed in last
session, SB6718-Year 2000 liability
of state and local governments)
CIO: Steve E. Kolodney, Director, Dept. of Information Services, 1110 Jefferson St., SE, P.O. Box 42445, Olympia, WA, 98504-2445, Phone: 360-902-3500 Fax: 360-664-0733 [email protected]
Contact: Steve E. Kolodney, Director, Dept. of Information Services, 1110 Jefferson St., SE, P.O. Box 42445, Olympia, WA 98504-2445, Phone: 360-902-3500 Fax: 360-664-0733 [email protected]
Contact: John O. Saunders, Manager, Year 2000 Program Office, Dept. of Information Services, 1110 Jefferson St., SE, P.O. Box 42445, Olympia, WA 98504, Phone: 360-902-3526 Fax: 360-586-8992,
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
WEST VIRGINIA (Last updated 9/11/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? IS&C will complete its remediation by
59--critical applications 80% of all software that IS&C is Not Available. Higher education is None. June 30, 1998. All other agencies
identified, as of 9/9/98--31 are responsible for has been completed. included in the monitoring but cost will complete contracted work by
compliant. No data is available for software not available. December 31, 1998, with the
remediation contracted for by other exception of four critical systems.
state agencies. These four will be completed on or
before June 30, 1999.
CIO: Samuel M. Tully, Ph.D., Spec. Asst. to the Gov't & CTO, Governor's Office of Technology, 505 Capitol Street, Ste. 200, Charleston, WV 25305, Phone: 304-558-3784 Fax: 304-558-0136
[email protected]
Contact: N. Michael Slater, Director, IS&C, Dept. of Administration--ISC, Bldg. 6, Rm. B110, 1900 Kahawha Blvd. E., Charleston, WV, 25305, Phone: 304-558-5311 Fax: 304-558-4867
[email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
WISCONSIN (Last updated 7/22/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\n/a (in millions) or proposed in your state? None.
21 (The 43 state agencies in $35M Considering liability.
Wisconsin state government
manage 102 critical
applications, per our own
definition--see www.state.wi.us/
y2k/critapps.htm for the
definition. The identification
of critical was based on an
agency perspective.
CIO: Bruce Reines, Director, Bureau of Technology Policy & Planning, Dept. of Administration, 101 E. Wilson, 8th Floor, P.O. Box 7844, Madison, WI 53707-7844, Phone: 608-266-8878 Fax: 608-266-
2164 [email protected]
Contact: Bill Braham, Information Technology Coordinator, Technology Management, Dept. of Administration, 101 E. Wilson 8th Floor, P.O. Box 7844, Madison, WI 53707-7844, Phone: 608-266-0625
Fax: 608-266-2164 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
WYOMING (Last updated 9/25/1998.)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
How many critical systems do you What percent of these critical systems How much do you estimate it will cost? Has Year 2000 legislation been passed Comments
manage? \1\ are converted? \2\ (in millions) or proposed in your state? ITD will be meeting with the Joint
26 (17 are managed by the 30% (Not including higher education) WY Legislation is being considered, but Appropriation Committee on July 27
Division of ITD and 9 are has spent to date $10.5+ million with noting formal is available at this to discuss our situation.
managed by the respective another $4.7 million obligated. We time.
agencies are also in the middle of an
inventory and assessment validation
contract ($1.35 million) that will
give us the numbers of what we have
to do to complete our Y2K
remediation.
CIO: Larry Stolz, Chief Information Officer, Info. Planning & Coordination Division, Dept. of Administration & Information, Emerson Bldg., Rm. 214, 2001 Capitol Ave., Cheyenne, WY 82002,
Phone: 307-777-6410 Fax: 307-777-3696 [email protected]
Contact: A. Evonne Rogers, Year 2000 Project Leader, Information Technology Division, Dept. of Administration, 2001 Capitol Avenue, Rm. 237, Cheyenne, WY 82002, Phone: 307-777-5072 Fax: 307-
777-6725 [email protected]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
\1\ ``Critical systems'' would be defined as systems which effect public safety, public health, and financial and personnel aspects of government services.
\2\``Converted'' would be defined as complete assessment, remediation, and testing.
Note: Survey results reflect ``best guess'' estimates on behalf of the states and is as current as the dates listed in the column ``Date Last Updated.'' They are intended as a reference point
for NASIRE members and should not be reproduced without permission of NASIRE. Please contact individual state Y2K Coordinators or CIOs for confirmation or updates of survey results.
______
Responses of John Thomas Flynn to Questions Submitted by
Chairman Bennett
Question 1. NASIRE, as representative of 50 state CIO's, has a
perspective on Y2K problems that is unique. Would you please tell the
Committee the three to five functional areas where state governments
are having the most difficulty in Y2K remediation?
Answer.
1. The number of legacy information technology
systems is high and many of them are quite old, making
it more difficult to find resources with the required
knowledge to effect the needed remediation.
2. The proliferation of desktop systems has resulted
in an almost endless variety of software which runs on
those desktop systems, all of which must be assessed to
ensure that they are Y2K compliant and replaced where
they are not. The costs are expected to be
considerable.
3. Legislative and federal mandates continue to
require resources and effort by the same staff that is
heavily involved in the Y2K remediation effort.
4. Ensuring that all of the interrelationships
between systems, both at the state level and with other
external entities, are identified and addressed.
5. What we don't know.
Question 2. The 50 states house the 3,800 counties where all the
265 million Americans live.
a. Is there any relationship between state and county governments
in the Y2K remediation process?
Answer. Yes, there is. As an example, in the state of California,
there is an intergovernmental task force chaired by the state CIO and
includes some County CIO's and/or their representatives.
b. What are the critical Y2K interfaces and interconnections
between state and county governments that potentially could have
serious impact on the public?
Answer.
1. Emergency response
2. Law enforcement
3. Health and welfare
4. Revenue
5. Transportation
Question 3. Has NASIRE made any arrangements to share technical
resources between states after the Y2K date if emergencies occur?
Answer. No.
Question 4. The Gartner Group presentation seems to rate the State
Y2K efforts less complete than the NASIRE data. Would you comment on
the level of accuracy on the NASIRE self-reporting online survey?
Answer. There is no universally accepted national standard for
reporting on the Y2K remediation effort. I do not know the source of
the Gartner statistics. The NASIRE survey represents each individual
state's assessment of its Y2K effort based on its own standards, and
was updated immediately prior to my appearance before the Committee.
However, as you have noted in your question, self-reporting is not
validated.
Question 5. Mr. Flynn you made some very telling points in your
testimony concerning responses to emergency situations like hurricanes
and power outages that were single events. What do you think will
happen nationally where multiple information technology breakdowns
within and between states may occur?
Answer. This is why all of the states and their departments need to
address business continuity planning for all high impact scenarios as
soon as possible. The business continuity planning must also include
global scenarios addressing potential problems, not just within a state
but across the nation. In California, our departments are beginning to
address business continuity planning now. As with other states, we are
putting a lot of effort into determining with whom we interface and how
we interact with entities outside of the state departments, whether
that be local governments, the Federal government, the private sector
or other states.
Question 6. The results of the Gartner Group survey which Senator
Bennett presented today paints a much bleaker picture of overall
preparedness than does the NASIRE survey which you provided us with
today. Would you comment on why there might be discrepancies between
these two surveys? Do you feel that this is a good example of why
independent verification of an organization's Y2K status is important?
Answer. As noted above, there is no universally accepted national
standard for reporting on the Y2K remediation effort. Even within
individual states, it has been difficult to reach consensus on what
constitutes a ``system,'' what ``mission critical'' means (what is
mission critical to one department may not be mission critical to the
state as a whole), and what are the completion criteria which indicate
compliance. Independent verification of an organization's Y2K status
would be more useful if there is universal agreement on the metrics to
be used to measure the status of the Y2K remediation effort.
Question 7. Surveys such as that which NASIRE performed are very
important in assessing how sectors such as state government are
preparing for Y2K. However, we are concerned that surveys that are not
carefully controlled and result in a rosier assessment than is
justified might do more harm than good and can lead to a sense of
complacency. When we look at the actual data reported, we find wide
variations, such as New Mexico which reports over 4400 critical
systems, and New Jersey which reports only 195. Our question for you
is, in general, what steps has NASIRE taken to validate the data?
Answer. NASIRE does not have the resources available to validate
data from individual states. NASIRE has made the assumption that the
individual states have established their own standards for assessing
and reporting the progress of their agencies and departments to their
Legislatures and administration. Since there is no national standard,
we have to rely on the standards set by the individual states.
__________
Prepared Statement of Ellen Gordon
Mr. Chairman and members of the committee: On behalf of the
National Emergency Management Association, I would like to thank you
for the opportunity to appear before you today to discuss the Year 2000
technology issue as it relates to emergency preparedness, response and
recovery throughout the country. NEMA represents the state directors of
emergency management in all the states and territories who are
responsible to their governors for protecting life and property from
disasters and emergencies.
State Emergency Managers are aware of Y2K issues and the
possibility that they may be called upon to respond to the consequences
of a Y2K technology failure or disruption. NEMA recently conducted a
survey of state emergency management agencies to determine overall
awareness of the Y2K issue and this is what we learned:
--All states have Y2K program for state agencies. State Y2K programs
differ in organization and implementation strategies.
--All state emergency managers indicate their emergency operations
centers are or will be compliant by Year 2000.
--All states are confident that their emergency management systems
that are owned and operated by the state will be Y2K complaint.
--At this time, most states cannot assure that emergency management
systems being utilized by local governments will be Y2K
compliant.
NEMA has determined that the resolution of the Y2K problem in
emergency management systems, especially at local government levels,
needs focused leadership. NEMA has seen reports indicating that up to
fifty percent of local governments do not believe they have a Y2K
problem; therefore, it cannot be determined that all levels of
government emergency management systems such as 911, communication
systems, alarms, sensors, or other equipment will continue to function
properly after Year 2000. Embedded systems may lead to failures in
electrical transmission, water and sewer systems, medical devices and
telecommunications. Each of these is critical to public health and
safety.
As all disasters typically involve local emergency management
agencies first, NEMA believes that it is important to determine the
impact of Y2K on local emergency management systems which could produce
deficiencies in providing for the public health and safety. As
President of NEMA, I am in the process of urging all state emergency
management directors to provide information and assistance, as
appropriate, to their local emergency management agencies. It is
imperative that capabilities be in place and ready to respond to the
consequences of a potential Y2K technology disruption.
As we determine significant problems in emergency management
systems, I intend to immediately advise the Director of FEMA of any
major shortfall in local government emergency management systems and
seek assistance to preclude adverse impact on the public. Hopefully,
the partnership of NEMA and FEMA can help local governments avoid
significant adverse consequences of the Y2K dilemma.
Role of state emergency management in Y2K
Local government has the front line of authority and responsibility
for events or emergencies. If the emergency overwhelms local resources
or capabilities, the State provides assistance and resources as
determined in the State Emergency Operations Plan. The role of state
emergency management is to coordinate and provide assistance as
required during a disaster or emergency regardless of whether the
disaster is a hurricane, tornado, civil riot or a Y2K related major
disaster. These responsibilities are common to every state's emergency
operations plan. Most state agencies have disaster preparedness plans
that include all-hazards preparedness, response arid recovery
procedures. All State and local government emergency management
agencies have emergency management infrastructures in place to
coordinate their agency's role in disaster response and recovery.
NEMA anticipates the Y2K problem will be dealt with much the same
as any other disaster--through an integrated and coordinated emergency
response system that I just described. The resources and types of
people needed may differ for a Y2K event, but the emergency response
system remains the same.
Interstate mutual aid
NEMA administers the national Emergency Management Assistance
Compact (EMAC), a system for interstate resources to supplement federal
disaster assistance when merited or replace federal assistance when it
is not. The goal of the EMAC is to provide rapid assistance using the
closest available resources. As an interstate mutual aid agreement, the
EMAC establishes the legal mechanism and operational procedures to
facilitate rapid disaster response using the unique resources possessed
by member states in the form of personnel, equipment and materials.
Currently, twenty-two states and one territory are signatories to
the compact. Several more states are planning to introduce the compact
into their state legislatures in 1999. EMAC has been tested extensively
this year during the Florida wildfires and Hurricane Bonnie. As we
speak, a number of EMAC member states are providing assistance to the
Gulf Coast states impacted by Hurricane Georges. These recent
activations have proven that EMAC works. It is an efficient and
effective system for states to help each other during disasters.
Interstate mutual aid through compacts like EMAC, may prove
extremely beneficial should the infrastructure fail in a Y2K scenario,
particularly if only a few areas within a state or a region are
impacted. However, should all states be impacted in a significant
manner, mutual aid between states may not be possible. Individual
states will not be able to spare limited personnel or resources outside
state boundaries.
Federal assistance to state and local governments
Should state resources and capabilities be overwhelmed by Y2K
problems, states would look to the Federal government for assistance.
At this time, state emergency management agencies through NEMA are
working with FEMA and other Federal agencies with responsibilities in
the Federal Response Plan as to the procedures needed in responding to
a multi-state event due to Y2K technological failures or disruptions.
In summary, NEMA, with the support of its member states and
territories and in partnership with FEMA, is working to ensure state
emergency management systems are Y2K compliant. I am also pleased to
report that many state emergency management agencies already have plans
to activate their emergency operations centers on December 31, 1999.
Many are also planning to ``run up the clock'' on their systems prior
to December to test the systems. Y2K preparedness activities are in
addition and complementary to our mission of coordinating and
facilitating resources to minimize the impact of disasters and
emergencies on people, property, the economy and the environment.
The most immediate need is for states to work with their local
governments to identify potential system failures and develop
contingency plans to manage the consequences of those failures. In
addition, the states need more information and guidance from the
Federal government as to what assistance will be available to state and
local governments in a Y2K ``disaster,'' particularly if it becomes a
multi-state event.
Thank you again for inviting NEMA to provide testimony before you
today on this important issue. I would be happy to answer any questions
you may have at this time.
______
Responses of Ellen Gordon to Questions Submitted by Chairman Bennett
Question. What are your expectations regarding the Federal
Government's role in assisting states in responding to Y2K disruptions?
Answer. NEMA suggests that FEMA and other federal agencies support
states through the same mechanisms as in any other emergency situation,
whether man-made events or natural disasters. If state and local
emergency management capabilities are insufficient to manage the
consequences of Y2K-related disruptions, states will request assistance
through the Stafford Act.
In addition, NEMA recommends that FEMA and other relevant federal
agencies begin identifying high-risk areas and potential threats
related to the Y2K problem. These agencies should then share this
information through their outreach efforts with states. Such
information is important because states and localities may be unaware
of non-compliant facilities within their jurisdictions.
Question. As you interpret it, how do potential Y2K disruptions fit
within the scope of the Stafford Act's definitions of ``disaster'' and
``emergency?''
Answer. Disruptions resulting from the Y2K problem may qualify as
emergencies and disasters as defined by the Stafford Act. The Y2K
problem has the potential for significantly impacting public health and
safety and therefore may require state assistance. If the negative
consequences of the Y2K problem exceed both state and local resources,
the Stafford Act authorizes the governor to request federal assistance.
Whether Y2K-related disruptions are considered ``emergencies'' or
``disasters'' will depend upon the magnitude of each situation.
Question. What impediments do you see in terms of the federal
government's ability to respond to Year 2000 related disruptions or
emergencies?
Answer. Federal agencies in the Federal Response Plan that are not
compliant will be impediments to the effective response to any Y2K-
related emergencies. In addition, it is essential that all requests for
federal assistance be processed in a timely and efficient manner.
Question. What recommendations do you have for FEMA regarding steps
that the agency can take prior to the Year 2000 in preparing itself to
respond to requests for assistance from states or localities suffering
from Year 2000 problems?
Answer. FEMA should work to ensure that all federal agencies in the
Federal Response Plan are Y2K compliant and prepared for any potential
consequences which may occur. FEMA should also partner with states to
identify high-risk areas and potential threats within their
jurisdictions and to develop fail-safe plans in the event any critical
infrastructure fails.
Question. What would you consider to be the ``threshold'' beyond
which we might expect that a state would request assistance from the
Federal government in response to Year 2000 problems?
Answer. The ``threshold'' for requesting assistance for Y2K-related
emergencies should be the same as any other type of emergency as
defined by the Stafford Act. If state and local emergency management
capabilities are insufficient to respond to the consequences of the Y2K
problem, governors can then ask the President to issue a federal
disaster declaration.
Question. Describe the efforts being made by state emergency
managers to assess the state of readiness of the emergency management
systems at the county and local level?
Answer. Overall, state emergency management directors have begun
working closely with local coordinators to improve awareness of the Y2K
problem, ensure that critical emergency response systems are compliant,
and assess the threat to local public health and safety. States have
been asked to survey local coordinators as part of FEMA's and NEMA's
efforts to increase awareness in the emergency management and response
community.
Question. As a state emergency manager, what role do you envision
for the National Guard in the event of Y2K disruptions?
Answer. As with any other state emergency, NEMA strongly recommends
that the National Guard remain state assets. The National Guard should
be at the governors' disposal should any Y2K-related emergencies occur.
Question. It was very interesting to hear of the results of the
NEMA survey of state emergency managers. It is reassuring to hear that
all 50 Emergency Operations Centers will be Y2K compliant in time. Can
you tell me how confident you are with these results? Will NEMA take
any steps to independently verify these results?
Answer. The survey results represent the opinions of state
emergency management directors and their staffs on whether their own
critical systems will be compliant. It is NEMA's understanding that all
states now have programs tasked with ensuring that state agencies are
Y2K compliant. NEMA has asked the states to survey their local
counterparts as part of FEMA's assessment efforts. The results of this
assessment should be available in November 1998.
Question. You mentioned that Y2K emergencies will be like other
emergencies, but that different resources and types of people will be
needed to respond. When is it likely that you will know what those
resources and skills are so that you can take steps to assure you will
have them in an emergency situation?
Answer. State emergency management agencies across the nation are
active partners in interagency Y2K councils and task forces. This
partnering and communication throughout state government provides an
excellent forum to identify resources and types of personnel needed to
address this problem.
Question. You rightly point out that EMAC may fail for a large
scale problem like a Y2K outage since each participant in the compact
may be reluctant to share limited resources since they might be
uncertain of what their own state's needs might be. Does this mean that
everyone will then be seeking federal assistance?
Answer. Whether there will be a significant demand for federal
resources will depend upon the impact of Y2K disruptions and the
ability of state and local authorities to respond. If states experience
only minor disruptions, there will only be a few requests and EMAC
assistance may be adequate. If states experience major emergencies,
EMAC assistance will probably be inadequate or unavailable. In this
case, the federal government will be a key response organization since
state, local and private resources will probably be exhausted.
Question. You mentioned that many state emergency management
agencies already have plans to have their Emergency Operations Centers
up and running on December 31, 1999. Can you tell us how many plan to
do this, and which states they are.
Answer. Because EOC's are usually operational only during confirmed
emergencies, the decision to activate them will depend upon each
state's own risk assessment and level of preparedness. At least ten
states have reported plans to activate their EOC's prior to January 1,
2000, including Delaware, Florida, Idaho, Indiana, Iowa, Maine,
Maryland, New Hampshire, Washington, and Wisconsin. Other states are
conducting risk assessments to determine whether full EOC activation
will be necessary.
__________
Prepared Statement of John A. Koskinen
Good morning, Mr. Chairman. I am pleased to appear again before the
committee to discuss the role of the President's Council on Year 2000
Conversion in the development of contingency plans and appropriate
emergency responses to any difficulties that may arise as we make the
transition to the year 2000 (Y2K).
Before I discuss this issue, let me express the Administration's
appreciation for the strong support this Committee has provided in the
development and passage of the ``Year 2000 Information and Readiness
Disclosure Act.'' In particular, the assistance you, Mr. Chairman,
Senator Dodd and Senator Kyl have provided has been an indispensable
part of the success we have achieved. As the President has said, this
bipartisan legislation provides us with an important opportunity to
help our Nation prepare its computer systems for the new century.
I would also note that this Committee has made a major contribution
in promoting awareness of, and action on, the Y2K problem with hearings
that have examined public and private sector progress in important
economic sectors that range from electric power to transportation to
telecommunications. While all of us need to continue to support the
efforts of Federal agencies to prepare their systems--and several
Federal agencies still face significant challenges in preparing their
mission-critical systems for the year 2000--the real risk of major
disruptions comes from possible failures outside the Government,
particularly among small and medium-sized organizations in both the
public and private sectors.
Even with the best efforts of all of us, we need to understand and
expect that not every system and embedded chip will be found and fixed.
To minimize disruptions caused by these failures, businesses and
government agencies must focus on contingency planning in addition to
their remediation efforts.
federal agency activities
Federal agencies are developing continuity of business plans for
their core business functions. OMB, in its quarterly progress reports,
has asked the agencies to report on their progress in this area, and is
looking closely at their planning activities as it develops the
President's fiscal year 2000 budget. OMB is also engaged in preliminary
reviews of possible emergency expenditures should Congress provide such
funding. OMB has encouraged agencies to review the recent GAO guidance
on contingency planning along with the plan developed by the Federal
Government's leader in addressing the year 2000 problem, the Social
Security Administration. Agencies with the greatest year 2000
challenges are the ones most in need of business continuity plans.
promoting awareness of contingency planning
Through the outreach efforts of our more than 30 sector working
groups, the Council is encouraging agencies and organizations outside
the Federal Government to prepare two types of contingency plans.
First, we are stressing the need for organizations to develop a plan
that addresses internal system failures. For this plan, an organization
needs to be asking, and answering, key questions such as: If some of
our internal systems fail, how will we continue our core business
processes?
The second type of plan needs to address the potential for failures
in external systems upon which organizations depend for their day-to-
day activities. These systems can run the gamut from those that help to
provide basic services, such as water or power, to those that support
the activities of key vendors or suppliers. Organization heads need to
ask themselves: What are our critical external dependencies? Are any of
those dependencies likely to have problems? How will we function if
they do?
Federal agencies have had to confront the second type of
contingency planning in their relationships with the States. In many
cases, States help to carry out important Federal programs such as
Medicaid and unemployment insurance. These programs depend upon
Federal-State data exchange points, and Federal agencies have been
working with their State counterparts to ensure that these exchange
points are compliant. But even if the data exchange points are ready
for the year 2000, service delivery could still be jeopardized if the
State systems behind the data exchanges fail. Federal agencies like the
Labor Department, for the unemployment insurance program, are now
working with the States to ensure that backup plans are ready to
support continued service delivery should State systems, or other non-
Federal systems, fail.
helping to understand what is likely to happen
One of the Council's most important roles in the coming months will
be to develop assessments of what is likely to be the impact of the
year 2000 problem in key sectors of the economy. This information will
be important to organizations as they develop and refine their
contingency plans. For example, everyone is concerned about having
electric power. But that doesn't mean that they should all immediately
buy their own generators without having a better sense of where outages
are possible and what their likely duration will be.
The Council has established cooperative working relationships with
umbrella groups in electric power and other important sectors. The
focus has initially been on increasing awareness and the level of
activity by those operating in each sector. We are also, however,
developing assessment processes whereby the umbrella groups will be
surveying their members on a regular basis to determine their state of
readiness. Summary reports will then be provided to the Council and the
public. Good examples of this process can be seen with the reports the
Council received recently from the Electric Power and Oil and Gas
Working Groups. These assessments provide us, and the public, valuable
information about the status of these important industries. Over time,
such information will allow everyone to adjust their contingency plans
appropriately.
I might note that the ``Year 2000 Information and Readiness
Disclosure Act'' will increase our ability to obtain assessments since
it provides protection to the information provided by individual
companies to their umbrella groups, thereby increasing the likelihood
of candid responses.
federal emergency response mechanisms
As you know, the Federal Government, in coordination with State and
local governments, plays a key role in responding to disasters and
other emergencies and is looked to for leadership at those times. I
will let Mr. Suiter of FEMA describe in more detail the Federal
Government's role, but I would point out that the year 2000 problem
provides a unique emergency response challenge.
With most major emergencies, such as hurricanes or blizzards,
authorities are dealing with one localized problem in a town, county,
State, or region. With the Y2K problem, however, it is possible that
emergency response systems could face multiple system failures
occurring at roughly the same time in different places. For example, in
a worst case scenario for a city or town, authorities could face the
failure of the power plant, the water treatment plant, and transit
systems. And such problems could occur in many different towns, cities,
or regions at the same time. While no one of them alone may be a major
problem, simultaneous failures will test the capacity of our emergency
response systems, and I am pleased that FEMA has agreed to chair the
Council's Emergency Services Working Group.
The Federal Government has separate response systems related to
specific types of emergencies. Internationally, we have an apparatus
for responding to emergencies such as famine and refugee assistance as
well as military threats. Domestically, we have the systems and
relationships that FEMA will discuss with you. We are presently
reviewing our inventory of emergency response mechanisms and
authorities to ensure that there is no confusion across organizational
lines on January 1, 2000 and that we can handle the possibility of
multiple requests for the same resources.
In addition to FEMA, which has the lead on domestic emergency
issues, the Council is working with the National Security Council, the
Departments of State, Defense, and Justice, and others who are
responsible for challenges we may face internationally to coordinate
Federal emergency response efforts. In particular, we are beginning to
look at scenarios that may involve disruptions in key foreign countries
as well as difficulties at home so that we can map out plans for
appropriate Federal action. In foreign countries, we are concerned
about how Y2K-related disruptions may affect our embassies, American
citizens living abroad, and American businesses. At home, we anticipate
that the multiple burdens placed upon State and local disaster
authorities may result in an increased demand for Federal help.
The American people have confidence in our ability to respond in
the wake of natural disasters. As we have seen with the recent
hurricanes in the Carolinas and the Gulf Region, many are reluctant to
leave their homes, not only because they want to protect their
property, but because they are confident that emergency response
authorities can maintain order and provide key services no matter what
the situation. Our objective is to ensure that the American people have
the same level of confidence in the Federal Government's ability, and
that of their State and local officials as well, to respond to any year
2000-related disruptions.
monitoring the transition to the year 2000
We all want to ensure a smooth transition to the year 2000. For
most organizations, including Federal agencies, the primary year 2000
focus up to this point has been on fixing or replacing non-compliant
systems and embedded chips. But as we enter 1999, that will change.
The Council is committed to encouraging businesses and helping
Government agencies to prepare for likely problems and to develop
viable contingency plans. We have to expect some problems on January 1,
2000. If we share information and plans, however, we can generate
public confidence in our preparedness and minimize the impact of those
problems on everyone.
______
Responses of John A. Koskinen to Questions Submitted by Chairman
Bennett
Question 1. Mr. Koskinen, everything you say in your statement is
true regarding what we need to do and the urgency of getting it done.
However, I must say I am disappointed by the total lack of specifics in
your testimony. We are now less than 15 months, or 5 fiscal quarters,
from midnight, December 31, 1999. The country needs a clear action plan
with leadership from the executive branch to deal with this problem.
By the end of today, this committee will have heard from 70
witnesses. Repeatedly, when questioned about the status of contingency
plans, the response we heard was, ``It's very difficult to plan while
so much is unknown. We need better information.'' In addition, if the
witness was from a Federal agency, we frequently were told that they
were waiting for guidance from the President's Council. Can you tell us
when we will see sector assessments from the President Council? Can you
tell us what is taking so long? What is it going to take to accelerate
the release of these assessments?
Answer. The Council's working groups continue to work with their
industry partners to gather information for assessments on the status
of year 2000 efforts in key economic sectors. As noted in my testimony,
we have recently received initial industry assessments for two critical
areas--electric power and oil and gas. These assessments are available
to the public and will be updated regularly.
Our goal is to have initial assessments for the other key economic
sectors, which we will also make available to the public, before the
end of this year. Once completed, these assessments will have provided
us a process that we can replicate to update them throughout 1999.
The time frame for these initial assessments is dictated largely by
where industries are in the process of remediating their systems. Much
like the Federal Government, most private sector entities will not have
completed their testing work until the end of this year or the
beginning of 1999. That information--where industries are after they
have completed the bulk of their testing--is what will be most valuable
in determining where disruptions are most likely to occur and what
contingency plans are most appropriate.
The Council is committed to continue to work with umbrella groups
and industry associations to do whatever it can to expedite their
information gathering. We have constructed a standard assessment
template for use in information gathering and are hopeful that the
recently enacted ``Year 2000 Information and Readiness Disclosure Act''
will encourage companies to be more willing to answer queries about
their progress.
Question 2. Mr. Koskinen, have you provided any target dates for
the completion of the remaining assessments? Do you anticipate that the
assessments will become specific as time moves on and offer more
insight to where we might experience regional problems? I have told the
Council's working group chairs that the target date for the completion
of initial assessments is December 11, 1998. Those that cannot meet
that time table will advise us when the first assessments provided by
the private sector umbrella groups and industry associations will be
available.
Answer. As we move through 1999, assessments will undoubtably
become more refined, with information on where in the country
industries foresee the greatest likelihood for disruptions. The Council
is also committed to maintaining a dialogue with State and local
officials on the potential for regional disruptions in the public
sector services which continue to concern us greatly.
Question 3. FEMA contends that without assessments they cannot
begin Y2K emergency preparedness planning. When do you think FEMA can
expect to have these so they may begin their planning efforts? How
would you advise FEMA to plan in the absence of such assessments?
Answer. As was the case for the electric power and oil and gas
sectors, FEMA will have assessment information as soon as the Council
does. But as Mr. Suiter testified, while FEMA would like to have the
most detailed information on the status of year 2000 efforts in key
sectors as soon as it is available, there are things that it can do,
and is doing, to prepare for the possibility of emergencies created by
the year 2000 problem.
FEMA has met with the Federal agencies that play key roles in
emergency response and has been working to ensure that those agencies
will not have difficulties in getting resources to where they need to
be should emergency situations develop on January 1, 2000.
FEMA has also been communicating with State and local emergency
response officials to make sure that systems at those levels will be
ready for the year 2000. FEMA is beginning a series of regional
meetings with local response agencies to prepare them for the unique
aspects of possible year 2000 failures. FEMA plans to report in greater
detail about the general preparedness of the country's emergency
systems in the first quarter of next year.
Question 4. Under the Assignment of Emergency Preparedness
Functions of Executive Order 12656, the Director of FEMA is tasked to
act as an advisor to the National Security Council on issues of
national security and emergency preparedness, including civil defense,
continuity of government, and technological disasters. In most of our
hearings we have viewed Y2K as a management problem, do you think Y2K
would qualify as a technological disaster? Do you think the Director of
FEMA and the NSC should be discussing Y2K and the possible implications
it may hold for national security and emergency preparedness?
Answer. Until January 1, 2000, whether or not the Y2K problem will
qualify as a technological disaster remains to be seen. However,
recognizing the unique nature of the problem and the challenges it
poses, we have coordinated meetings between FEMA, NSC and other Federal
response agencies such as the State Department, and they have already
begun to work together to review Y2K impacts on national security and
emergency preparedness. Senior level officials from the NSC and FEMA
now meet regularly to discuss how they can best coordinate their
efforts over the next 14 months.
Question 5. Mr. Koskinen, you have expressed concern about the
international sectors. Could you please tell us which portions of the
world concern you the most?
Answer. Like businesses and other organizations, countries that are
paying attention to the problem are of less concern than those that are
not. Countries that are aware of the problem and are working on it are
basically doing all we can ask of them. But those that are not paying
attention, or think the problem doesn't apply to them, are the source
of our greatest risk.
That being said, the countries of most concern are developing
nations around the world, particularly in South and Central America,
and Africa. We are also concerned, however, about countries whose more
immediate economic challenges hamper their ability to devote
appropriate attention to the Y2K problem, as is the case for many South
Asian nations, Russia, and the Newly Independent States.
To help bring greater coordination to the work of countries around
the world, we are arranging with the United Nations to organize a
meeting of national year 2000 coordinators from around the world in New
York City on December 11, 1998. But the magnitude of the global
challenges should not be underestimated.
__________
Prepared Statement of Senator Jon Kyl
On Monday night, the Senate passed the Chairman's ``Year 2000
Information Disclosure Act'' (S. 2392) by unanimous consent, and around
5:30 p.m. yesterday evening the House passed S. 2392. I would like to
thank our colleagues in the House for their strong support and fast
passage of the bill. The rapid bi-partisan efforts to pass this
legislation demonstrates how serious Congress is about the Year 2000
computer problem. I think it has become obvious to every member of this
Committee that prospective Y2K failures present a very serious problem
for the United States, and for other nations as well. Because of the
potential adverse consequences for our nation's security, economic
health, and public safety, we need to do everything we can to keep Y2K
failures from happening. In every hearing of this Committee, the
different industry sectors have all asked for help in sharing
information.
Chairman Bennett asked me to look into this legal impediments to
information sharing and to review S. 2392. At my direction, Senate
Judiciary and Y2K Committee staff hosted a series of industry briefings
over the summer on their information-sharing concerns, followed by
negotiations among an ad hoc, bipartisan group of Congressional staff,
industry, and Administration representatives. The result was a well
crafted narrowly constructed piece of legislation which enables
industry to exchange the Y2K information needed to prevent failures.
The purpose of the legislation is to ensure that concerns over
liability do not have a chilling effect on sharing essential Y2K
information. So, for example, if in good faith you provide information
about what you have done to fix some Y2K glitch, you can't be sued just
for providing that information if it later proves to be incomplete,
confusing or misleading to someone else. Of course, if you deliberately
lie, or are reckless in what you say, this bill won't protect you. It's
also important to understand that this bill does not absolve anyone of
responsibility for damages that may arise from Y2K failures.
Clearly, the Y2K problem has the potential to impact our nation's
emergency response systems and operations which are heavily dependent
upon information technology. The ``Year 2000 Information Disclosure
Act'' will be critical in helping to prevent failure, improve readiness
and promote contingency planning. However, despite the best efforts of
industry and government to prepare for Y2K, there may be failures. The
severity and length of time for these disruptions is not known.
Indications are that Y2K will be more of an inconvenience that a
catastrophe. However, we must push beyond complacency and carefully
consider the contingency planning that may be necessary in the Year
2000.
Y2K contingency planing is unique, because of the uncertain
reliability of the infrastructures we rely on in an emergency. Relying
on old contingency plans is not enough. From a state and local
perspective it is critical that law enforcement, firefighters and other
first responders begin to think broadly about the reactions they may
encounter in their communities because of the Y2K problem. For example,
a coincidental failure of an ATM at a local bank could cause people to
panic thinking that a Y2K problem has put their money is at risk.
My Subcommittee on Technology and Terrorism has been looking at
emerging information warfare threats to our nation's critical
infrastructures, such as telecommunications, power, and transportation,
and what we need to do to protect them. Our inability to map the
critical interconnections in our national information infrastructure
(NII) demonstrates not only a weakness in our Y2K contingency planning
efforts, but the need for a more reasoned security policy.
I would like to thank the chairman for this timely hearing.
Preparation, and not panic, is the key to successfully meeting the
challenges of Y2K. And hopefully, in the course of meeting these urgent
Y2K challenges, we will gain insights into how to make America's
critical infrastructures more robust and secure against other, more
deliberate, threats.
__________
Prepared Statement of Gov. Michael O. Leavitt
Thank you Senator Bennett and members of the committee for the
opportunity to testify about the state of Utah's progress in preparing
for the Year 2000 technology problem and to provide you, on behalf of
the National Governor's Association, an overview of the preparedness
response from the vantage point of the states.
the nga standpoint
Under the leadership of the governors, states are working to
address the Y2K problem. Progress is varied. For some it is
significant--advanced to the point where testing is already under way,
including testing of law enforcement and emergency management systems.
Other states lag behind.
There also are varied degrees of collaboration between state and
local jurisdictions, which will be the front-line entities to deal with
public safety and emergency management concerns under best and worst-
case Y2K scenarios.
Most states are aware of the need to work cooperatively with local
jurisdictions to ensure that critical systems will continue to
function. At this point, the challenge is to make sure all governors
and states reach out to local governments to raise the level of
awareness about the scope and implications of the problem and provide
assistance.
As vice chairman of the NGA, I would like to describe some of the
steps the governor's association has taken to help states meet their
Y2K responsibilities.
In July the NGA hosted a ``Year 2000 State Summit'' attended by
senior-level policy aides and chief technology officers. Discussions
centered on state, local and private-sector coordination and on a
common agenda for the states to ensure public confidence in state
systems and state-regulated industries.
Additionally, the NGA has published an issue brief titled ``What
Governors Need to Know About Y2K.'' It outlines the steps governors
should take as chief executive officers, guarantors of public safety
and public leaders. NGA also is working with representatives of groups
representing other state and local elected officials to promote
cooperation and communication among all levels of government.
The NGA welcomes the Senate's passage this week of the ``Good
Samaritan'' legislation authored and sponsored by members of this
committee. A significant number of large computer systems and embedded
systems will experience Y2K-related failures. Greater information
sharing by private and public entities would only help states prepare
more effectively.
what utah is doing
The state of Utah is moving forward. Our outlook is one of cautious
optimism. We are not complacent. Nor are we panicked by the complexity
of a problem with the potential to disrupt lives and with some
ramifications beyond the state's control. In essence, we can program to
cover problems that are known, but we must also plan for a myriad of
possibilities that remain unknown.
In the realm of the known--compliance--our progress is measurable.
Utah began its inoculation drive against the Millennium Bug more than
two-and-a-half years ago. The first steps involved the testing,
replacement, and reprogramming of more than 600 information technology
systems.
At this time, more than 51 percent of those systems are fully
compliant. The target date for all systems to be compliant is July
1999.
Under a previous decision unrelated to Y2K, the state of Utah
developed an ``alternate site'' for its data center and mainframe
computing resources to have backup in the case of an earthquake or
major emergency. The alternate site is in Richfield, about 130 miles
from Salt Lake City.
Half of the state's data center and mainframe resources are located
there, and as of now, there also is a mainframe set up specifically for
Y2K testing. The Y2K mainframe allows for full-scale tests of large
systems, applications and databases as if they were running in the year
2000.
Utah's Y2K compliance efforts also include identifying the
information technology systems that are mission critical--those
pertaining to public health or safety, collection of revenues and
disbursement of benefits to those in need. Those systems are receiving
first priority in the coordination and deployment of resources.
The unknown component of Y2K falls in the area of contingency
planning.
For Utah's Y2K efforts, contingency planning deals with two broad
categories: (1) What the state will do if information technology
systems are not remedied in time or they unexpectedly fail due to
unforseen glitches; and (2) how we will maintain essential services in
the event that critical infrastructure services are disrupted or cut
off.
All state agencies have been directed to consider both aspects in
their contingency planning and to have complete plans submitted by
December 31, 1998. Every plan must delineate how services are to be
delivered, including manual processes that might have to be employed.
The state has coordinated the purchase of a software package to
help various agencies conduct detailed contingency planning. The
agencies furthest along in that planning are also the agencies
reporting the most work to be done with regard to planning. It is the
same maxim that applies to the Y2K problem in general: The more you
look, the more you find. And the more you find, the more it costs.
Total costs for all Y2K efforts in Utah are expected to top $50
million.
Like every state agency, the Division of Comprehensive Emergency
Management (CEM) has undertaken system remediation and will be in
compliance long before the date change. In its contingency role, the
division requires some coordination with the Federal Emergency
Management Agency. In the next couple of months, CEM expects to install
the upgraded version of the Federal Emergency Management Information
System (FEMIS).
Current schedules call for installation in October of a FEMIS
upgrade at Tooele County Emergency Management and at the Deseret
Chemical Depot, the Army facility in Tooele County which stores and
demilitarizes the largest stockpile of chemical weapons in the United
States. That installation must occur prior to the upgrade at the state
division, now slated for the end of December. Those systems will be
certified by FEMA as being year 2000 compliant.
The state emergency management division also is in the process of
integrating Y2K contingency planning with the state's existing
Emergency Operations Plan--which covers response to disasters ranging
from earthquakes to dam failures. The authority of the governor is laid
out in the emergency plan, and drastic Y2K scenarios would be covered
therein.
Since I assumed the office of governor in January 1993, I have
activated the Utah National Guard once--when massive snowfall disrupted
transportation in the most populous counties, overwhelming the capacity
of local governments.
Activation of the Emergency Operations Plan is triggered when the
governor declares a ``state of emergency.'' If the disaster is beyond
the capabilities of the local jurisdiction or involves two or more
counties or a wide area of the state, the state assumes responsibility
for the overall coordination of all state and local government
emergency relief operations.
Those state operations may be augmented by military support
assistance, special forms of disaster assistance available from federal
agencies acting under their own statutory authorities or in accordance
with the provisions of compacts with other states.
While taking care of its own operations, the state also has a
vested interest in encouraging Y2K preparation within the private
sector and at the local level. To facilitate those efforts, I have
appointed the Governor's Coalition For Year 2000 Compliance to track
the status of city, county, business and industry efforts and to
promote general awareness by the public. The state has established and
maintains a web site to disseminate information about the Y2K problem
to the public.
We have established year 2000 coordinators in every school district
of the state and throughout the higher education system. Those entities
have been encouraged to develop contingency plans as well.
Contingency preparation is of paramount concern. Scenarios must be
plausible, yet broad enough to cover an array of potential
ramifications. What happens at the city and county level if there is a
breakdown in the 911 system? What about the compliance of monitoring
systems at refineries or the systems that control manufacturing
processes. How do we keep essential state buildings running in the
event of power failures? Is it realistic to obtain emergency generators
and food supplies for institutional operations like prisons and the
state hospital?
The greatest difficulty in ``business recovery'' or contingency
planning is trying to decide what scenarios to plan for. In another
year, we will know much more about Y2K readiness on the part of
infrastructure providers such as utilities and transportation grids,
and we will likely need to refine contingency plans continually as we
move closer to the time when they may be needed.
Part of the unknown relates to how our large computing systems
exchange data with the federal government, private entities and other
states. Even if our system is compliant, problems can be introduced if
the other data exchanges are not compliant. An inventory of all data
exchanges with the federal government has been created, and we are
proceeding to evaluate and test them.
The task moves forward--system by system; step by step, with the
foresight we have today and the flexibility to modify what we will know
tomorrow. We undertook this process early and will continue it through
the date change to 01-01-00. Utah will not be the first location on the
globe to roll over to 2000, and we will be monitoring other areas for
electrical failures, infrastructure breakdowns and business disruption
when the sun rises on the new millennium in our time zone.
It is the state of Utah's expectation that we will greet that dawn
informed, confident, and ready.
______
Responses of Gov. Michael O. Leavitt to Questions Submitted by
Chairman Bennett
Question 1. Would you agree with the assessment that the states
have a long way to go? In your estimation, can the Federal Government
be doing more to help state and/or local Governments prepare for the
millennium rollover?
Answer. While it is accurate to say there is a long way to go
still, I do not believe that state governments, on the whole, have
``too far to go''--in other words, the reporting that is occurring
through the National Association of State Information Resource
Executives (NASIRE) and other organizations indicates that most state
governments are making appropriate progress toward completion of
compliance efforts. Most States are reporting between 30 percent and 70
percent completion rates. I can really only speak for our State--in our
case we are now 60 percent complete with remediation and testing of our
mission-critical systems and feel we will have all of those systems
compliant in time. I do not know as much about local governments across
the nation. In our State, our assessment is that larger municipalities
are well on their way to becoming compliant, but that some smaller and
medium-sized cities have only recently begun compliance efforts and
have much to do still. The Federal Government could help local
governments by assisting their national organizations in efforts to
raise awareness and assist in compliance efforts. The best thing that
the Federal government can do for the states is to assure remediation
of their own mission critical systems, particularly those that heavily
support State programs and operations. Additional funding for federally
mandated systems such as unemployment and welfare systems would be
useful.
Question 2. Were all 50 states represented at the NGA's ``Year 2000
State Summit''? Can you tell us what kind of follow up to expect from
the summit?
Answer. 48 of 50 states were represented at the NGA Summit. As a
result, more states have been involved with support for local
governments, there is an increased level of understanding between key
Federal departments and their state counterparts, and both State and
Federal governments are working to complete data exchange projects.
NASIRE has completed an online status survey to track overall status of
the states. Most states expect to have their own systems fully prepared
for Year 2000. States have become involved with PTI, NaCO, and other
associations to provide outreach to counties and cities. Many States
are also working through their public service commissions to monitor
the status of the utility industry. States have also been involved in
supporting National Y2K Action Week, SBA's small business outreach, and
outreach to the education community. A funding problem still exists
with some local governments. Technical resources continue to be a
challenge. We will need to work together to address these issues into
the next century.
Question 3. From your perspective as one of 50 Governors
responsible for the safety and well-being of your citizens, what more
should be happening at the Federal level to help reduce the uncertainty
in making Y2K preparations?
Answer. One of the things that would be helpful is alluded to in
your next question. To the extent that the Federal Government is
assessing the compliance efforts and readiness of various industry
sectors (transportation, utilities, financial institutions, etc.) it
would be helpful if the states could receive regular reports about
progress in those sectors. That would help the states in their
emergency response planning efforts. Similar reports about the status
of Y2K compliance by other countries would also be helpful. As the Year
2000 date change gets closer, the need for timely and accurate
information and reporting from the federal government level will
increase. States' contingency and business continuity plans are
prepared based on a set of assumptions. As certain types of failures
are eliminated as possibilities, it becomes easier to determine where
these efforts should be focused. When the actual date change occurs, an
``early alert'' system with clearly defined communication channels
about what is working and what is not in various states and at the
federal level would be important.
States need to hear from the IRS on their data exchanges and to
know the scope of Federal contingency plans. Much could be done to
coordinate on contingency and business continuity issues. States need
to be informed of the DOD's ``consequence management'' plan to provide
resources to local government in emergency situations. There should be
a national database of all Federal applications that are critical to
States that includes status information about the progress that has
been made with renovating, testing, and implementing these systems.
States could also make available to the federal government detailed
status information on the progress of federally supported State
systems.
Question 4. Governor Leavitt, how would the availability of
national assessments help your state's emergency response community
prepare?
Answer. As indicated in the previous response, regular assessments
of various industry sectors, as well as regular, accurate information
about Federal Government information systems, would be extremely
helpful. One of the things we find in discussing this problem with
local governments, public safety officials, and emergency response
personnel, is that most ``emergency operation plans'' that exist to
respond to natural disasters rely heavily on the concept of ``getting
help from somewhere else.'' The plans for smaller communities is often
simply to turn to larger communities, community groups, the Red Cross
or other aid providers for help. The plans for larger communities is
often to turn to the State, the National Guard, or the Federal
Government. State plans often talk about turning to other states or to
the Federal Government or national associations to bring in help,
supplies, etc. The problem with Y2K is that these kinds of emergency
operations plans may not be viable--the answer can't simply be to turn
to someone else for help, because everyone else will be dealing with
the problem as well! This may create a serious problem in trying to
carry out existing emergency operations plans. Communities, states, and
organizations need to be prepared to draw upon their own people and
their own resources to deal with possible emergencies and
contingencies. One thing that would be helpful in emergency response
planning would be to have the Federal Government help prepare
information for the States on how the Red Cross, FEMA, and other
national-level organizations are going to divide up and focus their
resources in the event of emergencies. What will their priorities be?
Where will they deploy manpower? If this were to turn out to be a
nation-wide problem, instead of a regionally localized disaster, will
they be able to respond, or are they even planning to?
Question 5. Governor Leavitt, what is the single greatest Y2K
concern you have for your state and continuity of emergency services?
Answer. My greatest concerns would be that we ensure the
continuation of electrical power, water, financial, and
telecommunications services across the state, that we put in place the
necessary emergency operations plans to deal with possible problems,
and that we provide adequate and necessary information to the public
without creating undue concern or panic.
__________
Prepared Statement of Senator Daniel Patrick Moynihan
I was delighted to see that the House passed S. 2392 (``The Year
2000 Information and Readiness Disclosure Act'') last night. The Senate
passed this bill on Monday night and I am proud to be an original
cosponsor of this most important piece of legislation. This ``Good
Samaritan'' legislation is intended to promote the open sharing of
information about Year 2000 (Y2K) solutions by protecting those who
share information in good faith from liability claims based on the
dissemination of that information. I want to make it clear that this
legislation does not address liability that may arise separately from
actual Y2K failures of systems or devices. The head of the President's
Council on Y2K, John Koskinen, said that passing this bill is one of
the most important things that we could do on the Y2K front. I agree.
Our hearing today will assess how well prepared Federal, state, and
local governments are for the Y2K problem. The hearing will focus on
the ability of these governments to continue to provide emergency
services in the wake of the Y2K problem, and their responsibility in
addressing potential Y2K related emergencies or disruptions. The
results so far show that much work remains to be done.
In a survey of the fifty state governments, the GartnerGroup found
that none of the states have completed their testing and implemented
contingency plans. The survey also found that ten percent of state
governments have not even begun to address the problem yet. Closer to
home, New York State Comptroller H. Carl McCall released a survey on
the progress of New York State local governments on the Y2K problem.
The survey found that many of New York State's local governments,
particularly smaller ones, are unprepared to face the Y2K problem. I
commend Mr. McCall for the work he has done on this issue and for doing
this survey. But the survey reveals that New York, as does the rest of
the country, has a lot of work to do in a very short amount of time.
On July 31, 1996, I sent President Clinton a letter expressing my
views and concerns about Y2K. I warned him of the ``extreme negative
economic consequences of the Y2K Time Bomb,'' and suggested that ``a
presidential aide be appointed to take responsibility for assuring that
all Federal Agencies, including the military, be Y2K compliant by
January 1, 1999 [leaving a year for `testing'] and that all commercial
and industrial firms doing business with the Federal government must
also be compliant by that date.''
January 1, 1999 is quickly approaching. I believe the ``Good
Samaritan'' legislation will encourage Federal, state, and local
governments to work together in addressing the computer problem. I
remind my colleagues of John Locke's conception of government as a
fiduciary trust with the obligation to act in the interest of the
people. If we do not address the Y2K problem, then we have not
fulfilled our fiduciary responsibilities.
__________
Prepared Statement of Maj. Gen. Edward J. Philbin
Mr. Chairman, I am Major General Edward J. Philbin, USAF (Ret.),
the Executive Director of the National Guard Association of the United
States (NGAUS). I am present to offer opinions on the problems that may
arise as a result of non-compliant computers and computer dependent
systems that are unable to transition through midnight, 31 December,
1999 and the role the National Guard could and probably will play in
managing emergencies arising from those problems. My testimony
generally reflects the opinions of the Association and its members, who
are the commissioned and warrant officers of the Army and Air National
Guard. It should not be construed as representing the official
positions of the Department of Defense or of the National Guard Bureau.
It is increasingly evident that an appreciable part of the nation's
infrastructure could be adversely affected in some way, by what is
commonly referred to as the Y2K problem. In general, the National Guard
has the capacity to provide Military Support to Civilian Authorities
(MSCA) and can contribute a myriad of human and equipment resources to
restore essential operations disrupted by Y2K generated incidents.
Considering the possibilities of a large scale disruption of
governmental, commercial and other routine daily activities, it is
certain that the National Guard will be among the first organizations
activated to assist in the revitalization of the nation's computer
dependent infrastructure. As with hurricanes, floods and other
incidents requiring a quick reaction by a well-trained and equipped on-
site team, no other organization will be able to respond in support of
police, fire fighting and other civilian emergency responders, to major
crisis situations that may be caused by Y2K disruptions as well as the
National Guard. The National Guard's practiced interaction with state
and local organizations and its connections to the National Command
Authority provide a unique emergency response capability not found in
any other federal or state organization.
The immediate need is to determine what responsibilities the Guard
will be expected to assume in the management of the Y2K related
problems, that many analysts have forecast, which have the potential to
trigger the destabilization of societal functions. The National Guard
needs to be prepared to assist in maintaining or reestablishing
essential stability in the civil sector.
I suggest that the Department of Defense (DOD) must develop a clear
concept of how the National Guard will be required to respond to the
spectrum of problems that could be created by a Y2K disruption. The
DOD, through the Chief of the National Guard Bureau (NGB), must now
coordinate with the Adjutants General and the Governors to determine
the likely, locality specific scenarios that may arise in a Y2K
situation.
The DOD should also assist the Governors and State Emergency
Response Coordinators to ensure that the National Guard itself will not
be impaired by the effects of a Y2K incident at a time when it will be
most needed.
I suspect that, to date, this has not been a priority effort on the
part of the DOD, even though to properly prepare for possible Y2K
disruptions, the OSD must be cognizant of the importance of the
National Guard being made fully capable of responding to any such
technical breakdown.
We must be certain that the National Guard will not itself be a
victim of any Y2K disruption. All National Guard units in 3,200
locations throughout the nation, must possess computer dependent
equipment that is Y2K compliant. Responding to the consequences of a
Y2K disruption will be futile if the National Guard's operations are
plagued by the very consequences the Guard is attempting to manage. It
is critical that the Y2K response requirements of the National Guard be
fully funded to ensure that it is able to respond quickly and
effectively to the needs of the community. I respectfully request, Mr.
Chairman, that this Committee urge the Senate to provide full funding
for Y2K compliance upgrading of National Guard equipment as one of the
highest priorities for such funding, since the Guard will be among the
first responders to a Y2K incident together with police, fire-fighting
and other civilian emergency response personnel.
The critical first step in ensuring that the National Guard will be
fully prepared for a possible Y2K calamity is the collection and
sharing of information. When I was Commander of the New Jersey Air
National Guard, the State Adjutant General, for the first time
requested all of his commanders to conduct a survey to identify all of
the Army and Air Guard resources that could be made available in
response to a state emergency. My survey of the New Jersey Air National
Guard identified a surprisingly long list of both mundane and
sophisticated equipment which could be useful in responding to a state
emergency. I strongly recommend that such a survey of the available
resources of both the Army and Air National Guard of each state and
territory be conducted prior to midnight on 31 December 1999. Equally
important, we must determine how the National Guard will interact with
the Federal Emergency Management Agency (FEMA) and the DOD in response
to Y2K induced emergencies. Command and control of multiple agencies
must result in mutual support rather than multiple collisions in
addressing emergency situations.
Therefore, a comprehensive study should be conducted on the
potential roles of and the interaction between the FEMA, the DOD, and
the National Guard of the various states and territories in response to
Y2K induced problems. I applaud the recent inclusion of the National
Guard in the President's Y2K subcommittee on emergency response chaired
by FEMA and believe that the subcommittee, with the DOD, National Guard
Bureau (NOB) and the Adjutants General must develop a cohesive strategy
that prepares this country for any event of mass effect leading up to
and after midnight, 31 December 1999. Mr. Chairman, let me stress the
need for the Adjutants General to play an important role in the
development of this strategy. In most cases, it will be the Adjutants
General who will integrate the planning efforts for their respective
states, with those to be developed by the National Command Authority.
As you are aware, the Quadrennial Defense Review highlighted the
role of the National Guard in homeland defense of the United States.
While the Guard stands ready to meet the needs of the citizenry during
any Y2K incident, it is important that in preparing for that
eventuality, the National Guard's ability to respond to it's Total
Force mission of rapidly expanding our Army and Air Force in response
to a national threat not be denigrated. Funding for current combat
readiness resourcing should not be used to enhance the Guard's ability
to respond to a Y2K event. As an example, it is becoming increasingly
evident that the current structure of the Active Duty Army cannot
execute the two Major Theater Wars (MTW) strategy without the
assistance of the Army National Guard Combat Divisions and Brigades.
This increased dependency on the National Guard requires increased, not
decreased combat readiness resourcing to enable the Guard to accomplish
its historic combat mission. Mere reallocation of current funding to
Y2K missions will have a negative effect upon the National Guard's
ability to recruit, train and keep our soldiers and airmen combat ready
to respond at a moments notice to a national threat.
The Year 2000 challenges present an emergency scenario unlike any
other in our nation's history. Our technological society has grown
extremely dependent upon the continuity of computer driven systems and
networks and as a consequence, the nation's vulnerability has increased
appreciably. Any significant disruption of our computer dependent
infrastructure could result in a significant societal disruption.
However, with the cooperative interaction of federal and state
governments, the military, the private sector, and with serious advance
preparation, the impact of such an event on the American people can be
significantly reduced, if not totally eliminated.
Mr. Chairman, members of the Committee, I would like to thank you
for the opportunity to offer the opinion of the National Guard
Association of the United States on the readiness of the National Guard
to deal with potential Y2K emergencies. As we have for over three and
a-half centuries, the National Guard of the United States, Army and
Air, stands ready to protect the nation against military threats and
local disasters. This concludes my statement subject to your questions.
______
Responses of Maj. Gen. Edward J. Philbin to Questions
Submitted by Chairman Bennett
Question 1. In your testimony you indicated the criticality of
fully funding the Y2K response requirements of the National Guard to
ensure that it is able to respond quickly and effectively. What is the
amount necessary to fully fund the National Guard's Y2K requirements,
both Army and Air divisions? You imply that it is not fully funded--can
you address the current funding budgeted for the National Guard's Y2K
requirements? Have requests been made for any shortfalls?
Answer. Full-funding of the National Guard to enable it to
effectively respond to a Y2K incident is essential. I have received
estimates that the Army National Guard will require approximately $38
million for Automation, Logistics, Manpower and TDY support to be able
to ensure mission capability for Y2K incidents. This amount does not
include weapon systems but rather those resources that would most
likely be needed during any such incident. Estimates of Air National
Guard requirements vary greatly and consequently would be difficult to
pinpoint at this time.
Question 2. General Philbin, you make a strong case for the
importance of the National Guard in a Y2K emergency. Certainly, the
Guard is used time and time again, such as today in the southern United
States, to deal with major disasters. I am surprised however that the
call for a survey such as you're suggesting has never been done. You
mentioned the survey that was done when you were commander of the New
Jersey Air National Guard. It seems natural to me that surveys and
inventories be done to assess readiness. Doesn't anyone have the
responsibility to do this for the National Guard? Shouldn't someone be
doing it within the Department of Defense?
Answer. The National Guard has been successfully providing
assistance to the American public during natural disasters or civil
disturbances for more than 360 years. This has allowed the Guard to
adapt, and review its response to such events in order to provide
effective Military Support to Civil Authorities (MSCA). Many of the
traditional MSCA roles of the National Guard can and will be utilized
during a Y2K event. However, the unique possibilities that could unfold
during a Y2K event are unprecedented. Surveys have been conducted to
determine the capabilities of the Army and Air National Guard to be
able to support events, such as floods, fires, tornadoes, and riots,
that have a historical precedence. These surveys focus on the premise
that an interruption will occur to a portion of normal operations of
the nation's infrastructure. No event, has the capability to disrupt
governmental, commercial and other daily activities as the Y2K
millennium bug, shutting down the technological components that drive
our society. A survey specifically targeted on Y2K events needs to be
conducted in order to determine what capabilities the National Guard
can offer to support the return to normal function capability.
Question 3. Your have strongly recommended that a survey of
available resources of both the Army and Air National Guards of each
state and territory be conducted prior to midnight on 31 December 1999?
Aren't there National Guard documents that already exist which provide
the requirements for organizations and equipment as well as ones that
indicate the authorized and actual levels? What would be achieved by a
survey such as the one you propose that does not already exist? How
would the results of such a survey be useful?
Answer. Accountability of all National Guard equipment and
organizations is maintained by the National Guard Bureau and the
Department of Defense and is usually focused on the Guards constant
readiness. However, no study has been conducted to determine
specifically what the Guard and its resources can contribute on January
1, 2000. The Y2K millennium bug is significant in that it will provide
both foreseen and unforeseen challenges. A survey of equipment to
determine what resources are available for all possibilities during a
Y2K event will allow the Guard to better organize a response plan.
Insight as to what assets the Guard can contribute during the following
hours and days of the Y2K event are essential in order to allow the
National Guard Bureau and the Department of Defense time and foresight
to enhance their coordinated response plan.
Question 4. Your point is well taken that before the National Guard
can perform any of its emergency response functions it must ensure that
it will not be impaired itself. Would you discuss the current status
and milestones of the Army and Air National Guards' Y2K programs? Are
the programs adequately funded?
Answer. Being the Executive Director of the National Guard
Association and not the National Guard Bureau, it would not be feasible
for me to provide a progress report. The Chief of the National Guard
Bureau and/or the Army and Air National Guard Directors are better
positioned to discuss their progress in achieving Y2K compliance.
However, I am sure the National Guard Bureau and the Adjutants General
are working diligently to determine their compliance posture and how
they would support the states in a Y2K situation, should one occur.
With that said, it is my belief that the National Guard may very well
require additional funding to support their compliance review and
response capability, but I must defer to the National Guard Bureau to
provide specifics.
Question 5. Both the Army and Air Force active components have
comprehensive Y2K programs that include their respective National
Guard. What is the basis of your statement that efforts for fixing the
guard Y2K problems are not a priority within the DOD?
Answer. As demonstrated in the past, the Department of Defense
prioritizes funding as a function of the ``first to fight'' concept as
it applies to the military forces to execute the National Military
Strategy. The services are more inclined to insure Y2K compliance as it
relates to force projection requirements and their ability to engage an
enemy on the battlefield. I doubt that serious efforts have been made
by the Department of Defense to address the role of the National Guard
to support the restabilization of domestic activities due to a Y2K
event. I am sure that if the services had full funding available, they
would resource all of their requirements across the spectrum. However,
threat reduction to the United States over the past decade has also
entailed a defense budget reduction. The DOD has taken the approach
that the Y2K millennium bug is a metaphoric enemy set to attack. They
are focusing on their mission-critical systems, to ensure that the
services are prepared to perform their duties to defend the nation. The
National Guard, in addition to defense of the nation, remains focused
on support of local and state governments in ensuring that society's
infrastructure is returned to and remains functional during a Y2K
event. It is equally important for the National Guard to defend
America's borders from attack, or respond to aid our allies. However,
with a set time, where our nation will face significant dilemmas due to
the vulnerability of our technologically dependent society the Y2K
event requires the full attention of the National Guard and the
Department of Defense.
Question 6. In your testimony, you express concern over the issue
of command and control of multiple agencies in addressing emergency
situations. Specifically what part of the Federal Response Plan and
current command and control structure under the plan requires
refinement or modification? What aspects of possible Y2K scenarios
would cause a need to change current command and control relationships?
Answer. Response to Y2K events begins at the local level. Once
local authorities reach the limit of their capacity, state resources
will be required, as in other emergency situations. The capability to
activate the National Guard now becomes a factor for the Governor. The
command and control relationships are in place to respond to situations
requiring military support. However, the possible magnitude of a Y2K
response situation may be greater than local resources can handle.
Integration with law-enforcement, fire, medical and other state and
federal agencies will require significant inter-agency cooperation on
an unprecedented scale. It would be prudent to study the capabilities
of the National Guard to determine what levels of support they could
provide along with their ability to respond to a Y2K event.
__________
Prepared Statement of Sergeant John S. Powell
introduction
If the predictions of computer system failures in everything
from automobiles and ATMs to the IRS to traffic signal controls
and a plethora of other systems that support everyday life are
even partially realized, the overload on public safety services
will be tremendous. The ``bug'' is insidious, potentially
impacting anything with a microcomputer chip--anything that has
a keypad or timer, displays a date, stores numbers, or performs
calculations. Consider for a moment the possible loss of a few
personal items: digital clocks and wristwatch, automatic coffee
maker, camcorder, home alarm system, pager, personal computer,
radio, telephone, television, thermostats, VCR, and last (but
certainly not least) access to ATMs, financial records, and
retirement income (if you're lucky enough to have it)! Couple
these potential failures for millions of people with increased
turn-of-the-millennia activity and the impact on public safety
services could be crippling. The last thing public safety
agencies will then want to contend with is problems with their
own operational systems.
--The APCO Bulletin
How big is the overall problem? After reviewing published documents
and interviewing a number of Y2K experts, ``Silicon Valley Tech Week''
concluded in its April 13, 1998 issue: ``None of the mission critical
sectors in the U.S. are even close to being Y2K compliant, say the
experts. Not the 9,000 electric utility plants. Not the 11,000 banks.
Not the telecommunications companies. And certainly not the U.S.
Government.''
IRS Commissioner Charles Rossotti told the Wall Street Journal:
``If we don't fix the century-date problem, we will have a situation
scarier than the average disaster movie you might see on a Sunday
night.'' ``Twenty-one months from now, there could be 90 million
taxpayers who won't get their refunds, and 95 percent of the revenue
stream of the United States could be jeopardized.'' \1\
---------------------------------------------------------------------------
\1\ IRS Commissioner Charles Rossotti. ``The Wall Street Journal,
04/22/98.
---------------------------------------------------------------------------
FCC Chairman William Kennard, being questioned by the U.S. Senate,
concluded, ``[I am] * * * concerned that the year 2000 problem has the
potential of disrupting communications services worldwide * * *. Every
sector of the communications industry--broadcast, cable, radio,
satellite, and wireline and wireless telephony--could be affected.''
There are, however, other dates both before and after January 1,
2000, that must also be considered. These include:
1. January 1, 1999: Many spreadsheets and financial applications
look forward during the current year and will see the next year ends in
``00.'' Those functions that examine a date range may not be able to
handle an ending date (``00'') that is lower in value than the current
date (``99'').
2. August 22, 1999: GPS rollover (reset to zero). GPS is now the
most widely used system for public safety person/vehicle location
applications. Beyond this fundamental application are other
telecommunications uses, not the least of which is serving as the
common time base for synchronizing transmitters in wide area simulcast
systems, including most of the nations large commercial paging
operations. In addition to geopositioning and telecommunications
applications, GPS is used in major banks and thousands of financial
institutions for accurate date and time recording and synchronization.
3. September 9, 1999: ``Nines end-of-file problem'' in legacy
systems using 9999 in the date field to denote ``end-of-file'' (EOF).
Most of these programs are mainframe-based, written in high-level
computer languages such as COBOL. Pubic safety applications include
large Criminal Justice Information Systems and motor vehicle/drivers
license systems.
4. February 29, 2000: Not a normal leap year (rule: if the year is
divisible by four but not divisible by 100, or if the year is divisible
by 400, it is a leap year). Many computer programs perform the first
two tests (divisible by 4, but not divisible by 100) but do not include
the last test. Those that do not will be off by 1 day from March 1
through December 31, 2000.
local law enforcement agency status report
The following agency status reports were collected by three of the
Regional Law Enforcement and Corrections Technology Centers operated by
the National Institute of Justice during the past 10 days:
Aiken County, South Carolina Sheriff's Department
This department is in the process of purchasing new dispatch
equipment and CAD/RMS software based on a modernization assessment done
by NLECTC-SE in which Y2K compliance was recommended.
Arvada, Colorado Police Department
The Arvada Police Department is in the process of replacing their
CAD/RMS system in a previously scheduled system upgrade. Y2K issues are
a specification in the RFP and the contract for installation and
operation. They are currently negotiating with their radio system
provider (they share a trunked 800 megahertz system with an adjacent
agency) to provide necessary maintenance and upgrades to address Y2K
issues. This process is already budgeted for and is underway. The City
information management department has engaged a consultant to assess
and make recommendations regarding the ``lesser'' information systems
in the City, including the police department, to address Y2K issues.
All of the major information systems have already been brought into Y2K
compliance or are in the process of being brought into compliance.
Charleston, South Carolina Police Department
This department is in the process of replacing and/or upgrading
their CAD/RMS system based on a modernization assessment done by
NLECTC-SE in which Y2K compliance was recommended.
Charlotte-Mecklenberg, North Carolina Police Department
A county-wide Y2K board is currently reviewing every major system
that has a computer chip as a component as well as major system
software packages (including radio, information management, heating and
air conditioning, elevators, cars and security systems). Thus far, they
have not identified the magnitude of the problem. As the list is
completed they are asking manufactures for Y2K certification. They are
concerned that certain chips in key components have built-in Y2K
problems that can only be solved by replacement.
La Vista, Nebraska Police Department
The La Vista Police Department conducted an assessment of their
internal information management system and found it to be Y2K non-
compliant. They are in the process of spending $18-19,000 for an
entirely new system that will be Y2K compliant. The police department
has been provided funding for this by the City of La Vista which has
taken a very aggressive stance toward ensuring Y2K preparedness. The
police department is the last department of the City requiring
compliance upgrades. The City is also coordinating with public service
providers (electricity, gas, telephones, etc.) to ensure they are
prepared as well.
Leavenworth, Kansas Police Department
The Leavenworth Police Department is in the process of building a
consolidated building and systems with the Leavenworth County Sheriff's
Department. This consolidated and upgrade is occurring irrespective of
Y2K issues but contractual specifications will include Y2K compliance
issues. Current systems are not Y2K compliant. This places a
significant time constraint on the acquisition and installation process
to ensure operation of the new systems prior to Y2K.
Medical University of South Carolina Department of Public Safety
MUSC has a large committee representing a cross section of all
departments of the university that has been in existence for over a
year to address the Y2K problem. Systems are being modified, upgraded
and/or replaced with a completion target of mid year 1999.
Monroe County, Florida Sheriff's Department
This department has rewritten all their COBOL code to accommodate
the four digit year and adjusted all chronological date accordingly.
They have a model of an old Posse Code (Federally funded many years
ago) that appears to be running fine. All code is now adjusted, but
they are running in a test mode as a parallel system.
Mount Pleasant, South Carolina Police Department
This department's vendor has made an offer to upgrade their
software for Y2K compliance for approximately $30,000. They are
researching other options and are awaiting a modernization report by
NLECTC-SE before proceeding with an RFP.
Nashville, Tennessee Police Department
Their Unisys Clearpath 4400 has a service package to upgrade and
correct Y2K problems. They have run BIOS checks on all old computers
and upgraded programs where necessary. They are replacing their central
hub.
San Diego, California Police Department
San Diego PD has a full-time effort to head off the Y2K problem
with 2 people assigned. San Diego describes this as a HUGE problem
affecting operations across the board, especially Computer Aided
Dispatch and ARJIS, their regional justice information system. The
police department is working with the city on a coordinated approach.
Selma, Alabama Police Department
The Selma computer system was recently destroyed by a lightning
strike and they are in the process of replacing the entire system to
link communications, booking, records and eventually other municipal
government data bases. New system will be Y2K compliant. This
department is next in line for a NLECTC-SE process review addressing
their information technology modernization needs.
Saluda, North Carolina Police Department
This is a four officer department that is totally computerized.
With their small size (and reducing costs of equipment needed) they
upgraded on a timely basis and are Y2K compliant internally. Their
concern is other systems they tie into.
statement
Thank you for this opportunity to provide the Senate Special
Committee on the Year 2000 Technology Problem with information on what
I believe to be the ``state of the nation's local public safety
agencies'' with respect to Y2K issues, as well as what we should be
doing to better prepare for what was recently described on the national
news as ``the deadline that not even Congress or the President can
extend.''
Two ``wakeup calls'' this year highlight our dependence on critical
telecommunications services. During the week of April 13, AT&T lost its
entire frame relay data network for 24 hours. The failure was caused by
a software glitch in a single network circuit card that was being
loaded with updated software while still connected to the network.
6,600 customers, including major financial institutions and their ATM/
credit card networks, lost service. Then on May 19, Hughes
Corporation's Galaxy IV satellite failed, disrupting paging service to
millions of paging receivers, including critical notification systems
used by federal, state, and local public safety agencies.
We've all seen the horrific predictions being made by some of the
millennium fundamentalists. Unfortunately, it appears that the majority
of Americans, if they are aware of the Y2K issue at all, consider it to
be a ``computer problem.'' The current status of local government
agencies is somewhere in between, with larger agencies clearly being
more susceptible to the problem, but at the same time also being more
aware of the surrounding issues and having more resources available to
deal with those issues.
Senator Bennett, Committee Chair, posed a series of five questions
in his letter of September 16 [See Attachment A]. Each of these is
addressed in a separate section below.
I. What is the role of APCO and the IACP in assessing the vulnerability
of emergency service response agencies to year 2000 problems
and any efforts to increase awareness about the problem?
First, as individual membership organizations, public safety
associations generally do not have a specific role in assessing the
vulnerabilities of agencies to pending events. However, the larger
associations play a major role in promoting awareness and providing
education to their members and the general public safety community
concerning events that could impact the provision of services.
Associations also serve as a statistical resource to those government
agencies who are responsible for making such assessments.
Clearly, awareness and education are keys to dealing with the Y2K
issue. This nation has nearly 19,000 law enforcement agencies at the
state and local level; Attachment D is a breakdown of state and local
law enforcement agencies by region across the United States. Ninety
percent of the law enforcement agencies have fewer than 24 sworn
officers and fully half have fewer than 12 sworn officers. The United
States also has over 32,000 fire agencies at the state and local level.
Eighty percent of the fire agencies are staffed fully by volunteers.
Many of these agencies are not yet aware that problems may exists, much
less the potential severity that the Y2K problem could have on both
their internal and external operations.
Both associations annually host the world's largest public safety
conferences in their related fields. At this year's event held this
past August in Albuquerque NM, APCO conducted seminars to address the
myriad of Y2K issues facing public safety agencies to ensure consistent
delivery of service. The IACP will hold its conference at Salt Lake
City from October 17-22. The Year 2000 Problem will be a topic of
discussion at the Communications and Technology Committee meeting and
at other scheduled meetings. John Clark, Deputy Chief for Public Safety
in the Federal Communications Commission's (FCC) Wireless
Telecommunications Bureau will be addressing the Major City Chiefs
specifically on Y2K issues.
Fortunately for the public safety community, the FCC has been very
active on Year 2000 issues. Commissioner Michael Powell, the FCC
Defense Commissioner and agency representative to the President's
Council on Year 2000 Conversion, convened a Public Safety Year 2000
Roundtable on June 1 in Washington DC. Panel members included a number
of state/local public safety officials, as well as representatives from
federal agencies, public safety equipment manufacturers, and
consultants dealing with the Y2K problem. Both APCO and the IACP were
represented on the Roundtable.
APCO and the National Institute of Justice are discussing the
development of a series of short (one or two day) Y2K seminars targeted
at public safety chief officers and upper level management to
specifically address issues in each of the 4 impact areas discussed in
the following section. We hope that these seminars could draw from
subject matter experts within APCO and from our sister associations.
APCO and NIJ both believe it is critical that such a series of
seminars, beginning as soon as January, be conduct at little or no cost
to participants, promoting maximum attendance from the thousands of
small public safety agencies in the US. The National Institute of
Justice operates a series of Regional Technology Centers across the US
that are capable of supporting the logistics for these seminars, but
the National Institute of .Justice will need a budget augmentation if
it is to fund these at no cost to participants.
II. Address ways that Y2K problems might impact the operations of local
law enforcement agencies. The third area involving other
related issues is also discussed in this section
Local public safety agency response to the Y2K problem has several
facets. First, internal systems must be made compliant. Nearly every
agency has at least one system that will need to be checked. In the
case of law enforcement it is the terminal used to access state and
federal criminal justice information systems. For fire agencies it is
probably alarm systems that are commonly used to automatically report
fires. Additionally, many modern pieces of fire apparatus (including
both engines and trucks) have microprocessor-based controllers that
monitor the functions of water pumps, ladder extenders, etc.
There are several levels of systems that are potentially impacted
by the Y2K ``bug;'' in general they are:
1. Legacy firmware-based systems: Difficult or impossible to
upgrade, but probably not critical unless validating date ranges, these
systems are extensively used in process control application, including
traffic signal light controls, elevator controls, and standalone access
control systems. Early standalone systems (access control, for example)
had sufficient read-only memory (ROM), but limited random access memory
(RAM). Programmers went to great lengths to preserve RAM. Many such
systems are still in use! Formats were designed to store dates in a
manner that permitted rapid mathematical manipulation. The most common
(YYDDD or YYMMDD) require 2 bytes (16 bits) for a 2 digit year code.
Application and report generating programs using date ranges (for age,
access card validity, etc) can not function across a century boundary
if they use a 2-digit year code.
Firmware-based systems also include most of the home electronic
items mentioned at the start of this Statement: alarm systems, digital
clocks, wristwatches, automatic coffee makers and similar appliances,
automatic setback thermostats, pagers, radios, ``smart'' telephone
sets, televisions, camcorders and VCRs.
2. Mainframes: Getting much of the attention, but usually
programmed in higher level languages such as COBOL making updates
easier, these systems include many federal/state CJIS-type databases.
3. Mini-computers: More difficult to update because code is often
written in lower level languages such as C++ and optimized for speed,
these systems include message switches and older and/or larger CAD/RMS
systems.
4. Personal Computers: Finally, PC-based workstations are a common
man-machine interface to many 9-1-1 and alarm reporting systems,
Computer Aided Dispatch (CAD), dispatch consoles, Records Management
Systems (RMS), telecommunications and trunked radio switches and a host
of related systems. Email systems in LAN, Intranet, WAN and Internet
applications link personnel and off-site facilities. Mobile Data
Terminals (MDTs) are a thing of the past; the new game is Mobile
Computing Terminals (MCTs) based on PC architecture. Within the
Personal Computer, there are multiple levels to be addressed:
--Hardware BIOS: Over 90 percent of PCs built before 1997 have a
bios-level problem. Many of these should be easy to fix.
--Operating Systems: Nearly all OS vendors are now addressing date
handling problems with patches or the release of compliant
upgrades.
--Applications Software: Many software packages still have a two-
digit date problem. A test of 5000 general software packages
found 64 percent had some problem.
--Data Within Single Application: most databases and spreadsheet
applications have 2-digit dates.
--Data Shared Between Applications: applications may make different
``guesses'' about the 4-digit year when encountering 2-digit
year fields.
For proposed resolution to these problems, we can again turn to the
FCC's June Roundtable. All of the consultants agreed that there is a
quite straightforward process to be used for equipment evaluation. The
recommended steps include: equipment inventory, analysis for problem
potential, manufacturer/vendor inquiry and certification, testing
(independent or in-house), correction or replacement of non-compliant
systems, and re-testing. A critical recommendation was the testing of
all components of a system operating together as a final test once
corrections have been made. Use ``IVE''--Independent Verification of
Everything!
The consultants further agreed that in some cases the cost, both in
time (or lack thereof) and money, is leading agencies to replace
systems rather than attempt to upgrade an existing investment. In fact,
many agencies are using the Y2K bug as an opportunity to perform much
needed replacements of outdated systems.
Equipment manufacturers present were primarily from the land mobile
radio community. Several stated that their public safety equipment
lines are so new that the problem was addressed in the initial design.
Others, including Ericsson and Motorola, stated they have some embedded
equipment that may be impacted and offer information on determining Y2K
compliance of their equipment on their Internet web sites. In
particular, Motorola provides a search engine that allows access to
information on Y2K compliance of their equipment in 3 categories:
tested and passed, tested and did not pass (with additional information
provided), and not yet tested. Unfortunately, Motorola has more
recently stated that some older equipment, primarily in the high-level
encryption arena used by federal agencies, is not compliant and will
not be updated.
The best general news from this Roundtable is that the Y2K bug will
not impact most conventional radio dispatch equipment (radio system
infrastructure and field subscriber units). However, some radio system
management equipment and software (report generators, etc) may need
upgrades, particularly for trunked radio systems. Unfortunately, the
same is not necessarily true of other critical public safety software
such as Computer Aided Dispatch (CAD) and Records Management (RMS)
systems. These systems are widely used; the majority are legacy systems
in service for some years, and will require upgrades to the point that
many agencies are considering full replacement. The critical factor for
these latter systems is the long lead time for government procurements
coupled with a potential overload on vendors over the next 15 months.
The attached documents from the City of Oakland, California,
[Attachments B & C] highlight the problems in dealing with CAD systems,
and the costs and time elements involved in correcting such problems.
The next area of impact on state and local agencies is dealing with
potential disruption of outside services, primarily utilities such as
power and 9-1-1 services, and the delivery of consumables. The critical
``72 hours'' of self-reliance that disaster planners generally
acknowledge as the amount of time before outside help is available at a
disaster scene might not apply if the problem is indeed nationwide in
scope. As an example of some of these issues, I will briefly examine
the East Bay area of Northern California where the University of
California at Berkeley is located:
The utility supply is of critical importance:
(1) Electric power. Nearly all elements of daily campus life would
be profoundly affected by a prolonged power outage. With the
predictions that some nuclear-fueled plants will be required to cease
operations due to the thousands of imbedded systems that can not
possibly be tested in the next 15 months, utilities will be forced to
rely in fossil fuel and water-driven plants. Fortunately, both are in
abundance in Northern California. Nonetheless, Pacific Gas & Electric
Company generates a significant amount of its power at its Diablo
Canyon nuclear plant. California, as with most states, is dependent on
a regional power grid. Most people still recall the massive New England
power outage caused by the failure of a simple relay. PG&E states on
its Web site that it has inventoried--but not yet assessed for
potential Y2K problems--its embedded systems, and that it plans to
complete repair or replacement of these systems by the 4th quarter of
1999, which leaves little margin for error.
(2) Water supply. Another core consideration is water: whether it
will continue to flow to the campus, and whether it will continue to be
correctly treated. An adequate supply of water is critical to fighting
some types of fires, and for treating some types of chemical exposures.
A complex series of steps is typically used to treat water. Failures
due to Y2K-related problems at treatment facilities (even those
involving an excess of treatment chemicals, as is alleged to have
occurred in a Y2K rollover test at an Australian water utility) could
affect the health of local residents, as well as heating and cooling
systems, laboratory experiments, and much more.
Beyond that, the East Bay Municipal Utility District (EBMUD) is
dependent on multiple electric utilities to supply power to its pumping
stations and treatment facilities. Power outages at various points
throughout its system could thus adversely impact water supply and
treatment. The treatment facilities all have standby diesel generators,
as do some of the ``more critical'' pumping stations. In addition,
there are some portable generator trucks that can be deployed in an
emergency. These are all dependent on an adequate supply of diesel fuel
being available to permit operations to continue throughout a
potentially prolonged power outage.
In addition, EBMUD relies on a Supervisory Control and Data
Acquisition (SCADA) system for monitoring and controlling water pumping
which is not Y2K compliant. However, the vendor of the utility's SCADA
system appears to have successfully tested Y2K fixes at several natural
gas utilities during Summer 1998, and these fixes should be applied to
EBMUD's systems and tested by the first quarter of 1999.
(3) Telephone systems. The American public relies on a highly
advanced land and radio-based telephone national telephone network that
supports virtually all emergency reporting via the almost universally
available 9-1-1 system. A failure in this complex, computer-driven
network, as happened to the AT&T network in mid-April would be
devastating to emergency service providers.
Medical equipment compliance is another area of concern:
Equipment used in local hospitals--and especially at
teaching hospitals like UC San Francisco--might
potentially be at risk for Y2K failures. Some failures
have been reported in these devices, and there is still
a great deal of uncertainty in this area.
As reported in the Washington Post on September 24,
1998, Senator Chris Dodd (D-CT) has taken the unusual
step of publicly identifying the nearly 1,200 medical
device manufacturers who failed to respond to a June
1998 letter from the US Food and Drug Administration
asking about possible Y2K problems.
The third area of impact, and clearly the most difficult to judge
and plan for, is the additional workload that could be placed on
agencies by public response to heightened fears toward the end of 1999,
followed by actual problems after December 31. If even the minimal
worldwide disruptions that have been predicted should occur, the
additional workload placed upon public safety agencies, and law
enforcement in particular, could be significant. This is an
international problem and I understand that the Association of Chief
Police Officers in the United Kingdom has already recommended that law
enforcement agencies in Great Britain cancel all leave over the
millennium holidays.
Last, and directly related to the third area, is dealing with the
special needs of agency employees during the period of impact. It is a
fact that people do not perform at anywhere near 100 percent if they
are worried about their families or their homes. As with any disaster,
public safety personnel will only be effective if they have prepared
themselves and their families in advance. Year 2000 is inevitable;
personal preparation is essential. What can you as an individual do to
prepare? Suggestions include:
1. IVE--Independent Verification of Everything. Test all of your
important home appliances by resetting the dates and allowing them to
roll over the century and leap year dates. If you live by your PC as we
do it should be at the top of the list, especially if you use it for
on-line banking, financial management, or email communications with
your office. Consider buying a small electric generator to support
critical home electrical needs if power fails; remember to stock up on
fuel in approved storage containers during December, 1999.
2. Bank and other financial services systems are linked in huge
international networks where a single failure could cause network-wide
problems. While the large banks, brokerage companies, mutual fund
houses and stock markets state that they will be ready, smaller
institutions without the fiscal and technical resources to properly
address the problem may pose a higher risk. Correspond with your
institutions and obtain written assurance that your data and your money
will survive; then make sure you keep written copies of all account
statements!
Credit card processing has already experienced snags as cards with
expiration dates beyond 2000 encounter non-compliant processing
equipment. Again, maintain copies of your account statements. Check
them carefully and be prepared to dispute inaccurate bills.
Delays in clearing checks (including pay checks) are predicted. A
number of Y2K ``experts'' are recommending keeping significant cash (up
to 2 months worth) on hand as 2000 approaches.
3. Insurance policies and mortgage documents face similar problems.
In both cases, obtain written documentation of coverage extending
beyond 1999. For mortgages, it is important to obtain a lender-issued
statement detailing payments (interest and principal) already made, as
well as an amortization schedule showing payments during 2000 and
beyond in case the lender's computer system is unable to issue payment
coupons. Both institutions will still expect their payments to be sent!
4. Finally, but perhaps most importantly, is insuring that you will
continue to receive income from your employer or retirement system.
Take an interest in your agency payroll systems and offer advice and
assistance as appropriate; all of us are dealing with the same problem!
The Social Security Administration has been working on Y2K compliance
for a number of years and should be ready for Y2K. Unfortunately, as
stated above, some other federal government agencies (including the US
Treasury Department) that must work with Social Security are far
behind. Since many public safety agencies participate in local or state
retirement systems, it is important that each of us again maintain
detailed records of our account(s) and be prepared for disruption in
payments if you are fortunate enough to be retired.
III. The next question posed by the Committee concerns Y2K issues in
the campus policing and security environment
With one major exception, these issues are identical to the general
public safety community. That exception is this: campuses, like
military bases, are cities unto themselves, some small but others very
large. In the case of UC Berkeley, we have a daily campus population
that can approach 50,000. Within that ``city'', and unlike a general
government city, the campus is responsible for all buildings, all
operations, all services. Based on a detailed outside analysis, I can
tell you that the University of California appears to be in very good
shape overall with respect to Y2K.
Our internal systems are similar to the legacy systems in Oakland
and other agencies described in the status report above. They include
CAD, RMS, access control and fire alarm systems. The RMS system has
been upgraded and now appears to be compliant. The CAD and Access
Control Systems were first installed in 1984. As with the Oakland CAD
system, both have seen hardware and software updates, but today
function in much the same way as they did when first installed. These
systems have far outlived their initial design lives. Perhaps George
Orwell was right; however he selected the wrong means to the end!
The company that provided our CAD system last year contacted all of
its installed base, providing a list of system hardware and software
that needed to be upgraded before new Y2K-compliant CAD software could
be installed. Those changes have been completed and UCPD is in fact
today installing what should be the final upgrade to the police CAD
system software. Once installed and thoroughly tested both alone and in
conjunction with interfaced software such as RMS, the vendor will
certify the system as Y2K compliant.
Fire alarms are also being examined. Most new or recently-remodeled
buildings have microprocessor-based fire detection systems. As with
fire codes around the country, should these systems fail on January 1,
2000, these buildings can not legally be occupied.
In general, outstanding issues within the University of California
public safety environment have at least been identified and most are
being addressed. Fortunately for us, the millennia falls during a
period when classes are not in session. Thus we will have a small
window of opportunity to correct inside problems. We will, however,
suffer equally with problems from outside as previously discussed.
IV. Finally, the Committee asked for recommendations.
In my opinion, the single most important failure to be prevented is
the widespread loss of electrical services for more than about 72
hours. Public safety backup generator systems generally have fuel
supplies sized to support 72 hours of continuous operation. Beyond that
time, it may be difficult to get fuel delivered and systems begin to
fail. Every effort must be made to ensure this does not happen because
the prolonged loss of power will quickly cripple most public safety
facilities and communications systems.
The single most important issue is education, both of the American
public and for those at all levels of government responsible for
identifying, correcting and dealing with the Y2K Technology Problem.
As previously mentioned, APCO and the National Institute of Justice
have started developing a series of Y2K seminars targeted at public
safety chief officers and upper level management to specifically
address issues in each of the 4 impact areas mentioned above. To
conduct these seminars at little or no cost, thus promoting maximum
attendance from the 10's of thousands of small public safety agencies,
the National Institute of Justice will need a budget augmentation.
Congressional support for a program of this type is extremely important
if state and local agencies are to be properly educated on the wide
range of Y2K issues that they must address over the next year.
Last, from the halls of Congress to the Oval Office, elected
officials must make the Year 2000 Technology Problem a top public
education priority. The American people need to be aware and be
involved. We must have ongoing and realistic assessments of the
potential for problems across the plethora of impacted services. A
public caught off-guard by major failures on January 1, 2000 could
result in devastating long-term impact on the welfare of this great
nation.
As a Boy Scout and later serving as the Emergency Preparedness
Officer at Berkeley during the Loma Prieta Earthquake, the drought, the
floods and the Oakland Hills Fire, I learned the critical meaning of 2
words: BE PREPARED. We must be prepared.
Clearly, if there is a potential for failure within major segments
of the world's public and private infrastructures, the one sector that
can not be allowed to fail is the provision of public safety services,
and in particular the delivery of appropriate law enforcement services.
about the author
John Powell has been active in public safety communications since
1971. He received a BSEE from the University of California at Berkeley
in 1973. He joined the UC Police Department that same year and was
promoted to sergeant in 1977. Mr. Powell served as an advisor to the
California Legislature's Joint Committee on Fire, Police, Emergency and
Disaster Services, and is a member of the California Law Enforcement
Mutual Aid Radio System Executive Committee. He is a past-president of
the Association of Public-Safety Communications Official's--
International (APCO) and has been an APCO representative on the Project
25 Steering Committee since its founding in 1989. He is a member of the
Communications & Technology Committee of the International Association
of Chief's of Police and is IACP's technical representative to the
National Public Safety Telecommunications Council (NPSTC). He is vice-
chair of the Communications Subcommittee of the Law Enforcement &
Corrections Technology Advisory Council to the National Institute of
Justice. In August, Mr. Powell received APCO's highest award for
``Long-Term Technical Contributions to the Art & Practice of Public
Safety Communications.'' Mr. Powell is a life member of APCO, a member
of IEEE and a fellow of the Radio Club of America.
[attachment a]
U.S. Senate,
Special Committee on the Year 2000 Technology Problem,
Washington, DC., September 16, 1998.
Sergeant John S. Powell,
University of California Police Department,
1 Sprout Hall Berkeley, CA
Dear Sergeant Powell: The Special Committee on the Year 2000
Technology Problem, which I chair, is holding a hearing at 9:30 a.m.,
on October 2, 1998, in Room 192 of the Dirksen Senate Office Building.
The hearing will encompass the Year 2000 readiness of state and local
government emergency response agencies, as well as Federal emergency
response preparedness. I am inviting you to testify on (1) the role of
APCO and the IACP in assessing the vulnerability of emergency service
response agencies to year 2000 problems and any efforts to increase
awareness about the problem, (2) ways in which Year 2000 problems might
impact the operations of local law enforcement agencies, (3) other Y2K
related emergency preparedness issues for local law enforcement, (4)
Y2K issues in the campus policing/security environment, and (5) any
recommendations for Congressional or other governmental action which
you believe might have a positive impact in this area.
Please submit 120 copies of your statement no later than 48 hours
in advance of the hearing and an electronic copy in ASCII format. This
will help Committee members and staff better prepare for the hearing.
Please limit your oral testimony to 5 minutes in length. Your
written statement may be whatever length you believe appropriate, but
should be accompanied by a brief written summary. Statements should be
delivered to the Special Committee. The electronic copy may be provided
on a disk, or e-mailed to [email protected]. Due to space
limitations in the hearing room, there will be reserved seating for you
and one other person. Other people from your office may use open
seating. Thank you in advance for your participation. If you have any
questions concerning the hearing, please contact Mr. Tom Bello,
Committee staff, at (202) 224-5224.
Sincerely,
Robert F. Bennett,
Chairman.
[attachment b]
CITY OF OAKLAND
Interoffice Letter
TO: Avon Manning, Administrative Services Agency Director
FROM: Stephen Ferguson, Director Office of Communications & Information
Services
DATE: September 16, 1996
SUBJECT: The ``Year 2000'' and Information Systems in the City of
Oakland
summary
At midnight on December 31, 1999, when the calendar changes to
January 1, 2000, many information systems around the world will either
fail or not function properly. In some cases, the failure will occur
long before 12/31/99, e.g., when a system must project or make
calculations into the future for dates or payment schedules beyond 12/
31/99.
In the City of Oakland, a number of business systems have been
implemented over the past 15 years that will be affected by the ``Year
2000'' problem and must be addressed as a high priority. The three most
critical areas needing immediate attention are: (1) Payroll/Personnel
system, (2) Police Computer Aided Dispatch (CAD) system, and (3) PC
software and hardware. In addition, there are many other systems in the
City which will require modification; however, we believe these systems
can be modified using existing staff within the course of their on-
going maintenance duties.
The overall impact of the Year 2000 problem on the City should not
be underestimated. The high priority, mandatory workload comes at a
time when the information technology needs of the City are expanding
and resources have been significantly reduced. Consequently, staff's
ability to support new technology and systems demanded by agencies and
departments will be curtailed at a critical time.
A detailed study of over 70 systems conducted by the Office of
Communications & Information Services (OCIS) staff estimates that
correcting the problems in systems affected by Year 2000 issues would
take over 24,000 staff hours at a cost of $3,000,000. While this
corrective approach specifically addresses the Year 2000 problem, there
is little general benefit to the City. In other words, staff can spend
about 18,000 hours correcting the Police CAD and Payroll/Personnel
systems, but when completed, the City will continue to have both a CAD
System that is over 17 years old, and a Payroll/Personnel System that
is 11 years old, with minimal new functionality, despite the efforts
expended.
Therefore, key recommendations include:
(1) Replace the Payroll/Personnel system at an estimated cost of
$1,000,000.
(2) Replace the Police CAD system at an estimated cost of $300,000
to $500,000.
background
The reason for concern over the Year 2000 problem is often not
easily understood by individuals outside information technology
organizations. However, a general understanding of the issue is
critical for senior management to support the commitment of resources
necessary to solve the problem.
There are two factors that exacerbate the Year 2000 problem: the
aging of many of the City's information systems, and the historical
failure of systems developers to anticipate or acknowledge the problem.
Many systems currently in use in the City are based upon design
specifications dating back to the late 1970's and early 1980's. The
systems are sometimes referred to as ``legacy systems.'' When the
systems were originally developed, the designers assumed that these
systems would last for seven to ten years and would then be replaced.
Instead, many of these systems have been incrementally modified to meet
changing business requirements and are still in use 10, 12, and even 15
or more years later.
A good example is the City's Police CAD System. The system was
originally purchased by the City as a turnkey application in 1976. In
1983, staff began an effort to replace that system. The replacement
project was built upon the premise that the new system had to function
exactly like the old. The only changes were in the underlying hardware
platform which involved newer, more reliable technology providing
increased capacity to store and retain a greater volume of data on
calls for service. Therefore, design considerations related to date
issues were carried forward into the new system without regard for the
Year 2000 (a date too distant to be considered a factor).
The second part of the problem relates to the way programmers were
taught to handle dates required in systems. As a rule, programmer
training totally ignored the Year 2000 problem. Historically,
programmers and systems analysts have been taught to handle dates in a
specific format. For example, the date ``September 10, 1996'' would be
stored as 96/09/10. By storing the date in this two-digit (year/month/
day) format, sorting information in date sequence was easier, and
calculations of the time periods between two dates could be made in a
standard way.
The Year 2000 problem results from the two-digit year used in the
date field. For example, 1951 is stored as ``51,'' 1996 is stored as
``96,'' and 2000 would be stored as ``00.'' The computer is programmed
to calculate the number of years between these dates by subtracting the
first year from the second year, i.e., 96-51 = 45. In the year 2000,
the calculation would be 00-51 = -51, an obvious error. In order to
correct the calculation error, every program must be examined first to
see if dates are used in this way, and, if so, then the logic changed
accordingly. Furthermore, every data base must be changed to expand the
year portion of the date field from two to four digits in order to
include the century number.
Another aspect of the problem that is far more difficult to analyze
and assess is the impact at the personal computer (PC) level. Staff has
tested a number of systems in the City and found two problems. First,
some PC's have logic chip problems with the internally stored date when
changing to the Year 2000. As a test, we set the internal clock date to
December 31, 1999, at 11:59:00 PM. When the system clock reached 12:00
AM, the date was erroneously set back to the default date of January 4,
1980. This condition will be a particular problem when a PC is used as
a network server, e.g., Animal Control, Automated Purchasing, etc., or
where a PC supports a departmental application using the system date.
The second PC problem is similar to the Year 2000 problem
previously cited for legacy systems. While a PC may be capable of
handling a date after 1/1/2000, an application/data base may not. This
problem exists for in-house developed as well as purchased
applications, e.g., LOTUS version 2.0 is not capable of working
properly with the Year 2000.
As a result of these two problems, with the logic chip being the
more serious, staff estimates the need to replace approximately 700
personal computers and numerous software packages prior to July 1999.
recommendations
Staff recommendations are grouped into four areas: (1) Payroll/
Personnel, (2) Police CAD, (3) PC hardware/software, and (4) Other
Systems. Following the summary of recommendations for the Payroll/
Personnel and CAD Systems (No. 1 & No. 2), a procurement methodology
section has been included summarizing acquisition recommendations.
(1) Payroll/Personnel
Staff should immediately begin the process of selecting and
implementing a new Payroll/Personnel System. The estimated cost for
this project is approximately $1 million.
Selection of a new Payroll/Personnel System must take into
consideration the following key factors:
--The system must be flexible in order to meet the City's payroll
rules.
--The system must be part of an integrated suite of software that
includes other financial systems.
--Given the short time line for successful implementation, the rapid
procurement methodology outlined in recommendation No. 3 below
should be followed.
(2) Police CAD
Staff should immediately begin the process of selecting and
implementing a new Police CAD System The estimated cost for this
project is $300,000 to $500,000.
A major consideration in the Police CAD project should be
interoperability with the Police Records Management System. The project
must also use the rapid procurement methodology outlined in
recommendation No. 3 below.
(3) Procurement methodology for the payroll/personnel and police CAD
systems
The time frames required to implement these systems are too short
to use a formal bid or Request for Proposal (RFP) process. Therefore,
staff recommends using a three-step methodology proposed by the
Purchasing Division combined with an SMS cross-functional team. The
steps in the process would be as follows:
For the Payroll/Personnel System, select a cross-
functional team with representation from the Office of
Personnel Resource Management, Office of Budget &
Finance, Risk & Retirement Administration, City
Auditor, and OCIS to run this project. For the Police
CAD System, select another cross-functional team with
representation from appropriate work units.
Each team would then be responsible for completing
the following steps:
--Define major systems requirements including
a high level check list of major functions to
be incorporated in the system. Document the
requirements. Develop a complete project plan
outlining all steps in the process,
responsibilities, and time frames.
--Conduct a survey of available systems using
an informal RFP process. Attention should be
paid to any selection processes recently
completed by other agencies such as the City of
San Jose, Oakland Unified School District, and
the Port of Oakland. Evaluate each potential
system's capability against the requirements
and using various types of interviews,
presentations and ratings, select a preferred
vendor.
--Negotiate an agreement with the preferred
vendor for purchase and implementation of the
system. Present the final recommendation to the
City Council for approval of the contract.
(4) PC hardware/software
The City should establish a policy immediately requiring that all
new personal computer systems and software purchases be Year 2000
compliant.
Each Agency should inventory all personal computer hardware and
software and assess Year 2000 compliance no later than January 1, 1997.
After completing the inventory and assessment, each Agency is
responsible for developing a system replacement schedule to meet their
needs.
(5) Other systems
OCIS staff will develop and implement a detailed work program
illustrating how each of the other systems, not specifically addressed
in this report, which require Year 2000 modifications, will be changed
to meet the processing requirements of each system.
If there are potential resource conflicts, OCIS staff will
formulate a proposal to resolve the resource conflict using outside
services.
[attachment c]
City of Oakland
Agenda Report
TO: Office of the City Manager
ATTN: Craig G. Kocian, City Manager
FROM: Avon Manning, Director, Administrative Services Agency
DATE:December 10, 1996
RE: IMPLEMENTATION OF THE YEAR 2000 CONVERSION PROJECT
summary
On January 1, 2000, many information systems around the world will
either fail or not function properly. This is not a trivial issue, but
a serious problem which, by some estimates, will cost American
businesses more than $200 billion over the next four years. This is an
informational report intended to acquaint the Council with the year
2000 problem as it applies to the City's business systems and computer
equipment.
background
The dilemma generated by the Year 2000 problem has three parts:
1. At the time many applications and systems were developed,
computer storage was limited; therefore, dropping redundant data
whenever possible saved valuable storage space. Consequently, the first
two digits of the century designation were not included and many
software programs currently in use assume that all dates begin with
``19'' and use only two digits to denote the year, such as ``96'' for
the year 1996. Accordingly, the year 2000 will be interpreted by these
programs as the year 1900.
2. Since systems developers did not anticipate that programs
written in the 1960s, 1970s, or even the 1980s would still be in use as
we enter the 21st century, some programs were purposely coded to
interpret the numbers ``99'' and ``00'' in the year field as special
control codes. In addition, some systems may not recognize the year
2000 as a leap year. As we move into a new century, use of the two-
digit year, as found in many City systems will produce skewed data,
generate unusable or unreadable screens and reports, or may cause
systems to fail completely.
3. The final aspect of the Year 2000 problem exists at the personal
computer (PC) level. Most PC's will have logic chip problems with the
internally stored date when changing to the Year 2000. When the
internal clock reaches 12:00 am on January 1, 2000, the system will
erroneously reset to January 1, 1980 or January 3, 1982. This is true
even for some PC's acquired earlier this year. A second PC problem is
associated with the inability of PC software programs to properly
handle dates after December 31, 1999. For example, LOTUS version 2.0
does not properly handle Year 2000 dates.
The overall impact of Year 2000 should not be underestimated. The
City is challenged with meeting year 2000 compliance objectives while
avoiding major system failures and the possibility of failed mission
critical applications. Specifically, the most serious Year 2000 impact
facing the City is that the Payroll/HR system can not properly generate
paychecks after DECEMBER 31, 1998, due to the programming issues
previously identified. In addition, many other application software
programs and the majority of the PC hardware currently in use will not
be operable as we move into the new century, i.e., past December 31,
1999.
The Administrative Services Agency's Office of Communications and
Information Services has completed an initial study of over 92 systems
in use throughout the City. An interdepartmental team has been
established to guide and direct the Year 2000 Conversion project to
bring computer equipment, desktop software, and department applications
into compliance with Year 2000 requirements.
A detailed report is attached for presentation to the Finance and
Legislation Committee, recommending a course of action the goals and
objectives of the Year 2000 Conversion. The plan includes cost
projections for staffing, department applications replacement and
modifications, and desktop software and hardware. This high priority,
mandatory workload comes at a time when the information technology
needs of the City are expanding and resources have been significantly
reduced and stretched. Consequently, staff's ability to support new
technology and systems required by agencies and departments will be
severely limited at a critical time. Therefore, staff must be back
filled and subsidized with contractors and consultants.
In addition, the financial and budget systems' (FMS/BDS) audit
report for the fiscal year 1994-95 by Deloitte and Touche recommended
its replacement to a fully integrated, centralized system. Consistent
with the OCIS information technology model, the payroll/human resources
application and FMS/BDS need to be implemented as an integrated package
with a payroll interface. By combining their requirements processes and
purchase an integrated package the City's can better meet its
financial, payroll, and human resources systems needs. A combined Proof
of Concept or Request for Proposal for a new comprehensive package
gives the City strong leverage to drastically reduce the overall cost
of the financial investment of required software.
recommendation
No Council action is recommended at this time; this is an
informational report.
Respectfully submitted,
Avon G. Manning,
Director Administrative Services Agency.
Prepared by:
Marilyn Varnado,
Year 2000 Conversion Project Manager.
Approved for forwarding to the Finance & Legislation Committee:
--------------------------------Office of the City Manager
[GRAPHIC] [TIFF OMITTED] T2OC98G.003
______
Statement of Association of Public-Safety Communications
Officials-International
Founded in 1934, the Association of Public Safety Communications
Officials-International, Inc. (APCO) is the world's oldest and largest
public safety communications organization. Perhaps most widely known
for standardizing, in 1936, the ``10-codes'' used by radio users for
over 60 years, APCO is today recognized as the world's leading
association on public safety communications issues. Most of its 13,000
individual members are state or local government employees involved in
the management, design, and operation of police, fire, emergency
management, emergency medical, local government, highway maintenance,
forestry conservation, and other public safety communications systems.
APCO serves as the Federal Communications Commission's (FCC) certified
frequency coordinator for over 80 percent of the land mobile radio
frequencies allocated for state/local government public safety use, and
is the sole coordinator for public safety frequencies in the 800 MHz
bands.
With the approach of the new millennium, attention from all sectors
of business, industry and government has begun to focus on the Year
2000 (Y2K) Technology Problem. There are predictions of major
catastrophes in everything from banks to electrical services. One area
that cannot afford to have any type of system failure is this nation's
public safety service providers. For this reason, APCO is committed to
doing all that we can to assure that the public safety communications
infrastructure this country depends upon will continue to function
after December 31, 1999.
APCO has been working with the FCC to share our data and
experiences regarding public safety communications and Y2K. APCO
actively participated in the FCC's Public Safety Year 2000 Roundtable
on June 1, 1998. We will be supplying the FCC with pertinent
statistical data concerning the nation's over 20,000 Public Safety
Answering Points (PSAP's) and Communications Centers in order to better
coordinate the overall response to the Y2K issue.
Over the past few months APCO has done much to ensure that our
members are aware of the potential problems that they could face due to
Y2K. Each year, APCO hosts the world's largest Conference and
Exposition devoted entirely to public safety communications. At this
year's event held this past August in Albuquerque NM, seminars were
conducted to address the myriad of Y2K issues facing public safety
agencies to ensure consistent delivery of service. Our monthly
publication The APCO Bulletin--Public Safety Communications, widely
distributed within the public safety community, continues to publish
articles describing Y2K problem identification and potential solutions.
Copies of the articles Protecting Public Safety Communications from the
Year 2000 by FCC Commissioner Michael Powell and Public Safety
Preparation for the Year 2000: Dealing with the Y2K ``Millennium Bug''
that appear in our October issue are attached. Special alerts and
articles related to the Year 2000 problem have also been published in
newsletters directed to APCO's leadership.
To further educate the public safety communications community, APCO
has established a Y2K Forum on its Web site. This Forum is dedicated to
allowing members to work together, sharing information and resources to
help resolve their Y2K problems. APCO's web site can be found at:
http://www.apcointl.org.
APCO is now designing a series of regional seminars specifically
addressing Y2K to begin in early 1999. We are hoping to be able to
conduct these seminars in conjunction with the National Institute of
Justice and our sister public safety professional associations,
targeting the chief officers and management level staff of law
enforcement and other public safety first-responder agencies at the
federal, state and local levels.
Public safety communications is the vital link between the public
and those tasked to protect their lives and property; it is essential
that this link remain functional. APCO is committed to ensuring that
the delivery of public safety services is not disrupted by the Year
2000 Technology Problem.
Christopher Bevevino, CAE,
Executive Director.
______
[From the APCO Bulletin, October 1998]
Protecting Public Safety Communications From the Year 2000
[By Michael K. Powell, FCC Commissioner]
In the last few months, much public attention has been drawn to the
effects that the millennial date change will have on unprepared
computers, intelligent systems, and microprocessor-controlled machines
and appliances. At the Federal Communications Commission (FCC), we have
been aware of the Year 2000 Problem or so-called ``Millennium Bug'' for
several years because of our concern for the country's critical
communications infrastructure.
We are particularly concerned about the integrity of the
communications systems upon which police, fire, emergency medical and
other public safety service providers rely to accomplish their all-
important missions. Although it appears that conventional radios and
radio systems are generally not at risk for Year 2000 failure, the same
cannot be said of many computer-aided dispatch systems, records
management systems, control systems, trunking systems, or electronic
security systems. In addition, public safety agencies must be prepared
for possible disruptions in transportation service and even electric
power service to their agencies and in their communities that may occur
at the turn of the century.
Many public safety service departments nationwide have already
acted to prepare for the Year 2000 Problem. Yet, we are concerned that
some public safety entities, particularly smaller or rural agencies
without the personnel, technology and financial resources available to
larger agencies, may not even now realize the seriousness of the
problem and may not have begun taking the necessary steps to prevent
system disruptions.
With fewer than 500 days to January 1, 2000, it is apparent that no
public safety agency can afford to put off attending to this issue.
Often we hear that Year 2000 remediation efforts are hindered by the
notions that ``it's someone else's problem,'' or that an eleventh-hour
magic pill will be developed to fix the problem.
Unfortunately, there are no magic or universal solutions. America's
public safety entities and the communications systems upon which they
rely must not only make sure that they themselves will be ready for the
year 2000, but must also be prepared to help others address the
emergencies and public service disruptions that this problem may cause
in their communities.
While the measures necessary to address the millennial date change
problem (and other similar computer date change issues of which we are
all becoming aware) frequently reach well beyond the communications
jurisdiction of the FCC, we do take very seriously our responsibility
to alert the entities we license and regulate to the various aspects of
this problem and those interrelationships that can also affect other
mission-critical aspects of public safety service providers.
As a consequence, we strongly encourage public safety service
providers to use all available resources to develop a comprehensive
picture of the potential impact of computer date change problems on
every aspect of their operations. Many manufacturers have already done
mass mailings to apprise customers of their Year 2000 efforts, have set
up special Internet sites that list compliant and non-compliant
products, and have created 24-hour telephone support hotlines.
Establishing an open dialogue with these, and other, equipment
suppliers and manufacturers can be very helpful.
In addition to developing a comprehensive understanding of the
effects of date-related changes on all of their operations, departments
should also develop a readiness program to troubleshoot potential
problems and examine all mission-critical systems. Such a readiness
program should include complete audits of all critical systems, careful
remediation of each problem identified, thorough testing of each
solution, and the formulation of contingency plans that includes the
acquisition of those resources that will be necessary to address the
contingencies that have been identified.
The FCC has established a Year 2000 Task Force to coordinate
internal Year 2000 compliance efforts and to assist the communications
industry on this issue. The FCC's Year 2000 website at , serves as an information resource on the Year 2000 Problem
and telecommunications, including public safety communications. The FCC
is also an active participant on the President's Council on Year 2000
Conversion. The efforts of this government-wide group are described in
detail on the World Wide Web at .
Finally, the FCC is working closely with other Federal departments
and agencies, including the Federal Emergency Management Agency (FEMA)
and the U.S. Fire Administration (USFA). In that regard, the USFA has
developed informational materials, along with a self-assessment process
for determining if a computer system is Year 2000-ready, that is posted
at and ,
respectively.
The challenge of implementing public safety Year 2000-readiness
rests with public safety managers and officers, including police, fire
and emergency medical and emergency management departments, nationwide.
Time is of the essence. We cannot extend the Year 2000 deadline. Our
national well-being literally depends on the reliability of public
safety services and the communications networks that support them.
The FCC is committed to taking whatever actions it can to assist
public safety agencies across the country in this important effort.
______
[From the APCO Bulletin, October 1998]
Dealing with the Y2K Millennium Bug
[By John Powell and David Buchanan]
If the predictions of computer system failures in everything from
automobiles and ATM's to the IRS to traffic signal controls and a
plethora of other systems that support everyday life are even partially
realized, the overload on public safety services will be tremendous.
The ``bug'' is insidious, potentially impacting anything with a
microcomputer chip--anything that has a keypad or timer, displays a
date, stores numbers, or performs calculations. Consider for a moment
the possible loss of a few personal items: digital clocks and
wristwatch, automatic coffee maker, camcorder, home alarm system,
pager, personal computer, radio, telephone, television, thermostats,
VCR, and last (but certainly not least) access to ATM's, financial
records, and retirement income (if you're lucky enough to have it)!
Couple these potential failures for millions of people with
increased turn-of-the-millennia activity and the impact on public
safety services could be crippling. The last thing public safety
agencies will then want to contend with is problems with their own
operational systems.
How big is the overall problem? After reviewing published documents
and interviewing a number of Y2K experts, Silicon Valley Tech Week
concluded in its April 13 issue: ``None of the mission critical sectors
in the U.S. are even close to being Y2K compliant, say the experts. Not
the 9,000 electric utility plants. Not the 11,000 banks. Not the
telecommunications companies. And certainly not the U.S. Government.''
Tim May, the retired Intel physicist who discovered the damaging
effects of nuclear radiation on computer chips, concluded, in the same
issue of Silicon Valley Tech Week: ``* * * financial collapse will
occur when investors wake up and realize what's coming. July 1, 1999,
is the start of the IRS fiscal year 2000. The IRS won't be able to
process W2s and 1099s at that time. It has 100 million lines of code
and isn't even awarding a Y2K conversion contract until October 1998.
Jan. 1, 2000 may be an opportunity for terrorists, millennium
fundamentalists, and others out to take advantage of a weakened
infrastructure.''
IRS Commissioner Charles Rossotti told the Wall Street Journal:
``If we don't fix the century-date problem, we will have a situation
scarier than the average disaster movie you might see on a Sunday
night.''
In the April 22 edition of the Wall Street Journal, Rossotti was
quoted as saying, ``Twenty-one months from now, there could be 90
million taxpayers who won't get their refunds, and 95 percent of the
revenue stream of the United States could be jeopardized.''
There are, however, other dates both before and after Jan. 1, 2000,
that also must be considered. These include:
Jan. 1, 1999: Many spreadsheets and financial applications look
forward during the current year and will see the next year ends in
``00''. Those functions that examine a date range may not be able to
handle an ending date (``00'') that is lower in value than the current
date (``99'').
Aug. 22, 1999: GPS rollover (reset to zero). GPS is now the most
widely used system for public safety person/vehicle location
applications. Beyond this fundamental application are other
telecommunications uses, not the least of which is serving as the
common time base for synchronizing transmitters in wide area simulcast
systems, including most of the nations large commercial paging
operations. In addition to geopositioning and telecommunications
applications, GPS is used in major banks and thousands of financial
institutions for accurate date and time recording and synchronization.
Sept. 9, 1999: ``Nines end-of-file problem'' in legacy systems
using 9999 in the date field to denote ``end-of-file'' (EOF). Most of
these programs are mainframe-based, written in high-level computer
languages such as COBOL. Pubic safety applications include large
Criminal Justice Information Systems and motor vehicle/drivers license
systems.
Feb. 29, 2000: Not a normal leap year (rule: if the year is
divisible by four but not divisible by 100, or if the year is divisible
by 400, it is a leap year). Many computer programs perform the first
two tests (divisible by four, but not divisible by 100) but do not
include the last test. Those that do not will be off by 1 day from
March 1 through Dec. 31, 2000.
Public safety decision makers need to begin planning for the
potential problems that could be caused by major failures in electrical
utilities, wireline and wireless telecommunications systems and
financial institutions, among others. At the same time, they need to
ensure that their own critical systems will survive the Y2K date crisis
and will remain operational despite failures of other major systems
such as electrical utilities and the telecommunications infrastructure.
the bottom line
If there is the potential for everything else failing, then the one
thing that absolutely cannot fail is the provision of public safety
services. Key to the survival of public safety services is receiving
emergency calls from the public and relaying those calls for service to
units in the field.
the pieces to the puzzle
There are several levels of systems that are potentially impacted
by the Y2K ``bug.'' In general they are:
Legacy firmware-based systems: Difficult or impossible to upgrade,
but probably not critical unless validating date ranges, these systems
are extensively used in process control application, including traffic
signal light controls, elevator controls, and stand-alone access
control systems. Early stand alone systems (access control, for
example) had sufficient read-only memory (ROM), but limited random
access memory (RAM). Programmers went to great lengths to preserve RAM.
Many such systems are still in use! Formats were designed to store
dates in a manner that permitted rapid mathematical manipulation. The
most common (YYDDD or YYMMDD) require 2 bytes (16 bits) for a 2-digit
year code. Application and report generating programs using date ranges
(for age, access card validity, etc) cannot function across a century
boundary if they use a 2-digit year code.
Firmware-based systems also include most of the home electronic
items mentioned at the start of this article: alarm systems, digital
clocks, wristwatches, automatic coffee makers and similar appliances,
automatic setback thermostats, pagers, radios, ``smart'' telephone
sets, televisions, camcorders and VCRs.
Mainframes: Getting much of the attention, but usually programmed
in higher level languages such as COBOL making updates easier, these
systems include many federal/state CJIS-type databases.
Mini-computers: More difficult to update because code is often
written in lower level languages such as C++ and optimized for speed,
these systems include message switches and older and/or larger CAD/RMS
systems.
Personal Computers: Finally, PC-based workstations are a common
main-machine interface to many 9-1-1 and alarm reporting systems,
computer aided dispatch (CAD), dispatch consoles, records management
systems (RMS), telecommunications and trunked radio switches and a host
of related systems. E-mail systems in LAN, Intranet, WAN and Internet
applications link personnel and off-site facilities. Mobile data
terminals (MDT's) are a thing of the past; the new game is mobile
computing terminals (MCT's) based on PC architecture.
Within the personal computer, there are multiple levels to be
addressed:
Hardware BIOS: More than 90 percent of PC's built before 1997 have
a bios-level problem. Many of these should be easy to fix.
Operating Systems: Nearly all OS vendors are now addressing date
handling problems with patches or the release of compliant upgrades.
Applications Software: Many software packages still have a two-
digit date problem. A test of 5000 general software packages found 64
percent had some problem.
Data Within Single Application: Most databases and spreadsheet
applications have 2-digit dates.
Data Shared Between Applications: Applications may make different
``guesses'' about the 4-digit year when encountering 2-digit year
fields.
At least two software packages are available to evaluate Y2K date
compatibility of personal computers. Y2000 is available for Internet
download at no cost from National Software Testing Labs (www.nstl.com/
downloads/y2000.exe). Y2000 downloads as a zip file containing the
executable program and a Read me text documentation file. The program
tests hardware and BIOS for proper Jan. 1, 2000 rollover; it also
checks for proper leap year calculations for the years 2000 through
2010.
Another program, Check2000, is available at modest cost from most
software suppliers. Check2000 performs similar hardware/bios testing to
Y2000, but continues with more in-depth testing, reportedly checking
some applications software as well.
public safety telecommunications
FCC Chairman William Kennard, being questioned by the U.S. Senate,
concluded, ``[I am] * * * concerned that the year 2000 problem has the
potential of disrupting communications services worldwide * * * . Every
sector of the communications industry--broadcast, cable, radio,
satellite, and wireline and wireless telephony--could be affected.''
Two ``wakeup calls'' this year highlight our dependence on these
critical telecommunications services. During the week of April 13, AT&T
lost its entire frame relay network for 24 hours. The failure was
caused by a software glitch in a network circuit card that was being
loaded with updated software while still connected to the network. 6600
customers, including major financial institutions and their ATM/credit
card networks, lost service. Then on May 19, Hughes Corporation's
Galaxy IV satellite failed, disrupting paging service to millions of
paging receivers, including critical notification systems used by
federal, state and local public safety agencies. Automated teller,
point-of-sale and other VSAT-based services also were disrupted.
Recognizing these potential problems, FCC Commissioner Michael
Powell convened a Public Safety Year 2000 Roundtable on June 1 in
Washington, D.C. Panel members included a number of state/local public
safety officials, as well as representatives from federal agencies,
public safety equipment manufacturers, and consultants dealing with the
Y2K problem.
Interestingly, all of the consultants agreed there is a quite
straightforward process to be used for equipment evaluation. The
recommended steps include: equipment inventory, analysis for problem
potential, manufacturer/vendor inquiry and certification, testing
(independent or in-house), correction or replacement of non-compliant
systems, and re-testing. A critical recommendation was the testing of
all components of a system operating together as a final test once
corrections have been made. Use ``IVE''--independent verification of
everything!
The consultants further agreed that in some cases the cost, both in
time (or lack thereof) and money, is leading agencies to replace
systems rather than attempt to upgrade an existing investment. In fact,
many agencies are using the Y2K bug as an opportunity to perform much
needed replacements of outdated systems.
Equipment manufacturers present were primarily from the land mobile
radio community. Several indicated their public safety equipment lines
are so new that the problem was addressed in the initial design.
Others, including Ericsson and Motorola, said they have some embedded
equipment that may be impacted and offer information on determining Y2K
compliance of their equipment on their Internet web sites. In
particular, Motorola provides a search engine that allows access to
information on Y2K compliance of their equipment in 3 categories:
tested and passed, tested and did not pass (with additional information
provided), and not yet tested. Unfortunately, Motorola has more
recently stated some older equipment, primarily in the high-level
encryption arena used by federal agencies, is not compliant and will
not be updated.
The best general news from this Roundtable is the Y2K bug will not
impact most conventional radio dispatch equipment (radio system
infrastructure and field subscriber units). However, some radio system
management equipment and software (report generators, etc) may need
upgrades, particularly for trunked radio systems. Unfortunately, the
same is not necessarily true of other critical public safety software
such as computer aided dispatch (CAD) and records management (RMS)
systems.
a case study
San Bernardino County, California
San Bernardino County, California, encompassing 20,080 sq. miles,
is the largest county in the continental United States. It has a
resident population of 1.6 million people. The county contains the
Mojave National Preserve, Joshua Tree National Park, the San Bernardino
National Forest and many recreational areas along the Colorado River.
The county also is home to the U.S. Army's National Training Center at
Ft. Irvin and the Marines--29 Palms Air/Ground Training Center.
San Bernardino County's radio system is an 800 MHz integrated
Motorola SmartNet II trunked/conventional system serving more than 130
public safety and public service agencies and departments. It provides
interoperability with several state and federal government agencies.
There are more than 10,000 mobile and portable radios on the system.
Currently, 26 sites are used to provide coverage, with new sites being
added each year.
The county's microwave system has four DS3 loops with many spur
routes. This system supports data, radio and telephone transport
throughout the San Bernardino County.
San Bernardino County also operates a 900 MHz paging system with
2900 pagers and 26 sites. This paging system is the primary fire
dispatch alerting for many of the county's fire agencies. It also
provides administrative and operations paging for most county and city
agencies.
San Bernardino County's Y2K Team developed a comprehensive test and
evaluation plan. Similar to the steps recommended in the FCC's
roundtable, the steps in their plan included:
--Completing an inventory of all models and versions of equipment
used in radio, microwave and telephone systems.
--Evaluating equipment to deter mine which was not Y2K impacted
(equipment without microprocessor chips, primarily older radio
equipment).
--Contacting all manufacturers and asking for certifications of Y2K
compliance. In some cases this was obtained from the Internet.
The methodology that each manufacturer used to determine Y2K
compliance was also solicited.
--Conducting in-house testing based on the manufacturer's methods
and/or locally developed methods.
As a parallel effort, the county's information services is
independently testing all PC's for Y2K compliance. Because all dispatch
consoles are PC based, this is critical. There is a known problem with
the Microsoft Windows NT operating system used in many of these
applications. Microsoft has promised a fix within the next few months.
San Bernardino County's findings parallel those of the consultants
and vendors who made presentations at the FCC roundtable. Generally,
these are:
--All microwave equipment is Y2K compliant as there are no date
specific functions in the firmware/programs.
--With the exception of the PC-based consoles mentioned earlier,
nothing has been found with the radio system infrastructure or
subscriber units that would disrupt system operation; however,
system management functions will be impacted.
--Some radio system trunked management computer programs require an
upgrade.
--Telephone systems are still under scrutiny and will probably
require some upgrades.
As this article went to press, a detailed analysis of the San
Bernardino County Sheriff's CAD system found major changes would be
required to bring the software into compliance. It is probable that it
will be most cost effective to replace the CAD system; this option is
receiving careful consideration.
be prepared!
As with any disaster, public safety personnel will only be
effective if they have prepared themselves and their families in
advance. Year 2000 is inevitable; personal preparation is essential.
What can you as an individual do to prepare? Suggestions include:
IVE: Test all of your important home appliances by resetting the
dates and allowing them to roll over the century and leap year dates.
If you live by your PC as we do it should be at the top of the list,
especially if you use it for on-line banking, financial management, or
e-mail communications with your office. Consider buying a small
electric generator to support critical home electrical needs if power
fails; remember to stock up on fuel in approved storage containers
during December 1999.
Banking and other financial services systems are linked in huge
international networks where a single failure could cause network-wide
problems. While the large banks, brokerage companies, mutual fund
houses and stock markets state that they will be ready, smaller
institutions without the fiscal and technical resources to properly
address the problem may pose a higher risk. Correspond with your
institutions and obtain written assurance that your data and your money
will survive; then make sure you keep written copies of all account
statements!
Credit card processing has already experienced snags as cards with
expiration dates beyond 2000 encounter non-compliant processing
equipment. Again, maintain copies of your account statements. Check
them carefully and be prepared to dispute inaccurate bills.
Delays in clearing checks (including pay checks) are predicted. A
number of Y2K ``experts'' are recommending keeping significant cash (up
to two months worth) on hand as 2000 approaches.
Insurance policies and mortgage documents face similar problems. In
both cases, obtain written documentation of coverage extending beyond
1999. For mortgages, it is important to obtain a lender-issued
statement detailing payments (interest and principal) already made, as
well as an amortization schedule showing payments during 2000 and
beyond in case the lender's computer system is unable to issue payment
coupons. Both institutions will still expect their payments to be sent!
Finally, but perhaps most importantly, is ensuring that you will
continue to receive income from your employer or retirement system.
Take an interest in your agency payroll systems and offer advice and
assistance as appropriate; all of us are dealing with the same problem!
The Social Security Administration has been working on Y2K
compliance for a number of years and should be ready for Y2K.
Unfortunately, as stated above, some other federal government agencies
(including the U.S. Treasury ) that must work with Social Security are
far behind. Since many public safety agencies participate in local or
state retirement systems, it is important each maintain detailed
records of our account(s) and be prepared for disruption in payments if
you are fortunate enough to be retired.
conclusions
Clearly the Y2K problem poses significant risk, both internal and
external, to public safety agencies and to the general public.
Furthermore, determining compliance can require significant time and
resources. Correcting problem systems could require significant
financial investment, up to the cost of replacing entire systems.
Recommendations made at the FCC roundtable included:
--Encouraging all users to develop and implement identification and
test procedures similar to those used by San Bernardino County.
--Thoroughly testing critical telecommunications systems off-line
NOW. Take advantage of new/spare computers by copying current
live data, and then resetting the date to observe the rollover.
--Encouraging manufacturers to develop web sites that list hardware
and software (by version number) that have been tested and
found to be compliant.
--Establishing an index on the FCC's web site with direct links to
the manufacturer's Y2K web sites.
Finally, don't plan on getting any time off from work to celebrate
the millennium!
__________
Prepared Statement of Bruce Romer
Good morning, Senator Bennett and members of the committee, I'm
Bruce Romer, Chief Administrative Officer for Montgomery County,
Maryland, and Chair of the Metropolitan Washington Council of
Governments' CAOs Committee. I am here today, also representing the
National Association of Counties (NACo). It is my privilege to meet
with you today and thank you for the invitation.
Montgomery County, Maryland has a population of approximately
840,000 citizens and an annual operating budget of over $2 billion
which ranks it sixth among the nation's counties in operating revenues.
Montgomery County is one of three counties with a AAA bond rating from
all three rating agencies. The County spends almost $100 million
annually on technology, is highly invested in it and depends on
technology to achieve its mission. Earlier this year the County was
honored to accept the 1998 National Association of Counties (NACo)
Annual Achievement Award for its Year 2000 program.
We in Montgomery County consider the coming of the Year 2000 as a
very serious and significant problem. This so-called Year 2000 or
``Y2K'' Glitch when computers may fail to recognize ``00'' (zero-zero)
as the Year 2000 is more than just a technology problem; we believe it
constitutes a business management problem of enormous proportions
competing for precious local government resources. If not fixed, this
problem threatens public safety, emergency response, health and human
services, finance, taxation, permitting, and even the operation of
traffic management systems. In combination, problems in these areas
could lead to challenges for public safety organizations, stoppage of
critical services, loss of revenue, and enormous potential litigation
costs.
In 1995-1996 Montgomery County formulated a plan to resolve its Y2K
problem by December 31, 1998, with the entire calendar year 1999
reserved for contingency planning and testing. This included the
establishment of a participative management and communications
structure including a Project Office for a County-wide program in an
otherwise independent and autonomous multi-agency enterprise.
Montgomery County's agencies include general government, public
schools, community college, parks and planning, water and sewer,
revenue authority, and the Housing Authority. The County's Year 2000
Compliance Program Timeline is shown on Display #1 and is included in
Attachment #1. The County's Year 2000 Decision Structure is shown on
Display #2 and is included along with the County's website address in
Attachment #2. We have been working diligently to manage the effects of
the Year 2000 problem on the County and its citizens. In the process we
have gained significant experience and knowledge which we have shared
with other local jurisdictions under the auspices of the Metropolitan
Washington Council of Governments (COG). This information is contained
in Year 2000 Best Practices Manuals (Attachment #3) produced by the
COG's CAOs Committee of which I am the chair.
After almost two years of intense efforts, the County finds itself
in a unique position. Through its comprehensive multi-agency, multi-
phase, multi-platform effort, the County has identified over 200
systems that are the focus of its Y2K program. These systems--spread
over seven agencies--were carefully assessed; prioritized through a
rigorous triage process (see Attachment #4 for the County's triage
process); are being remediated through repair, replacement, or
retirement; tested; and must be certified to be ready to operate
properly in the new millennium. For its Y2K efforts, the County has
appropriated approximately $35 million to date, allocated significant
staff resources, and passed special legislation to adopt fast-track
administrative processes in areas such as procurement and budget. See
Display #3 for the Appropriations Summary (Attachment #5).
The County's most recent list of projects identifies 204 registered
projects as shown in Attachment #6. The categorization and status
summary are regularly monitored. Examples of these projects are shown
in Display #4 (also Attachment #4) which include E-911 Emergency
Dispatch, traffic management, academic computing, building permitting
systems, fueling systems and point-of-sale systems for the County's
liquor sales. See Display #5 for a Systems Status Summary which is also
shown in Attachment #7.
Recently, the County's program has expanded to four concurrent
phases, namely: systems compliance and certification, business
continuity assurance, contingency planning, and community outreach.
(See Attachments 8, 9, 10 and 11, respectively, for documentation
developed by the County for each of these phases). The community
outreach program was most recently initiated when County government
hosted all the County's municipal governments for a Y2K session (see
Attachment #11). A meeting of the Chambers of Commerce is planned next.
The County has also extended its previously strong regional role in
emergency preparedness to Y2K. The County's Emergency Management Group
(EMG) is expected to conduct a Y2K disaster exercise sometime in early
December.
A continuous review of the program is conducted by committees of
top managers from the Executive and Legislative Branches of government.
See Display #6 for a Scorecard used by the County's Y2K Policy
Committee to de-bottleneck projects. (See also Attachment #12 for a
copy of the Scorecard and a sample internal memorandum dated October
22, 1997, from me to the County's Executive Branch department heads
establishing Y2K responsibility and priority). All this is necessary in
order to ensure that essential services will be available to our
citizens in the coming months. Having done this much--and finding more
to do everyday (such as embedded systems which are much more difficult
to identify and assess)--I admit that this is a real strain on the $2
billion enterprise that is Montgomery County, Maryland. But any one
municipality alone cannot assure the success of a region or the nation.
NACo will continue to work with the counties to find appropriate
remedies to assist them with their compliance efforts, meanwhile, this
is a matter of grave concern to NACo and poses a major problem for the
entire nation.
While the national media has done a good job of highlighting the
challenge of remediating 7,343 critical Federal systems, the local
challenge of addressing Year 2000 is less well understood. With local
governments responsible for providing so many direct services to the
nation's citizens, any failure of local government services will hit
much closer to home for each of us.
As you may know, local government, in total, is larger and more
dependent on information technology than the Federal government. Local
Governments including municipalities, townships, school districts, and
other jurisdictions, total as many as 87,259 in number. Federal
government employment totals 4.2 million, while local government
employs about 12 million people. Likewise information technology
spending for the Federal government in 1997 was $28.6 billion compared
to state and local government IT estimated spending of $41.9 billion.
Clearly, while the Federal challenge for the Year 2000 is sizeable; the
local governments' Year 2000 challenge is even greater.
How are we in the Washington region governments attempting to deal
with Y2K related issues beyond our jurisdictional boundaries? The COG
is providing regional leadership and coordination. COG's 17 member
jurisdictions have identified the following six critical interlocking
functions that must be assessed in order to codify region-wide
contingency planning assumptions for Y2K preparedness: Utilities,
Public Safety, Public Health, Transportation, Business/Commerce, and
Communications. Through a division of labor, member jurisdictions are
expected to complete an assessment of their assigned areas by January
1999. Utilizing the auspices of the COG will improve the quality of the
information provided by those surveyed, assure information
confidentiality and improve the economy of effort through coordination.
In many respects the COG and Montgomery County Y2K programs may
potentially serve as models for the nation.
Problem solutions are normally preceded by a period of awareness,
knowledge-transfer, discussion, and dialog. But that discussion and
dialog must do more than just ``admire the problem.'' We believe that
five key elements, supported by Congress, could significantly enhance
the Nation's understanding of, and attack on, Y2K. These are:
1. Establishment of a FEMA-like National Y2K Emergency Fund to help
finance local governments' Y2K remediation and contingency planning
efforts. The attached proposal (Attachment #13) recommends that
Congress immediately appropriate $7.3 million to facilitate the efforts
of the National Capital Region. If this region is not ready, the
ability of Federal Government to function will be seriously impacted.
The proposed Y2K fund will finance Y2K initiatives in each of the six
functions identified by COG as listed above. This includes $5 million
required immediately for the regional transportation infrastructure
managed by WMATA and efforts to extend Montgomery County's Y2K disaster
preparedness model to the National Capital Region.
Another $1.5 billion should be appropriated as seed funding for the
other local governments to apply the best practices developed by the
National Capital Region. The NACo through its Public Technologies, Inc.
(PTI) relationship would serve as the vehicle for providing
programmatic assistance to the nations 3,069 counties. At the same time
NACo would assist the federal government by proposing application and
eligibility rules for the Y2K fund.
2. Passage of immunizing legislation to allow known Y2K information
to be shared without fear of lawsuit and to hold responsible public and
private officials harmless against the threat of crippling litigation.
Current efforts of the House of Representatives in this regard should
be accelerated in order to encourage timely availability and sharing of
objective information without fear of litigation. The immunizing
legislation should not, however, relieve any party from negligence or
deficient Y2K work quality.
3. Establishment of a National Y2K Program Office to complement the
efforts of the President's Y2K Advisory Council. The focus of this
office will serve to aggregate and disseminate information to local
governments. It will also be key in providing national coordination to
all regions while they plan for Y2K; it will also provide status
reports on Federal efforts to mitigate Y2K risk to regional and local
systems.
4. Formation of a National Y2K Help Desk available to all local
municipalities for best practices and compliance information from
nationally maintained databases and assistance regarding Y2K
contingency planning.
5. Affirmation of continued Congressional leadership to highlight
Y2K local government issues and solutions.
Other actions which Congress could take may include:
--Organizing and executing at least one National Y2K Day, where
normal business is set aside as much as possible and Y2K
solutions are tested, documented, and reported for the common
good before January 1, 2000.
--Instituting a National Y2K Internet Web Site devoted to the
responsible discussion of local Y2K issues and solutions
thereby encouraging inter-governmental information exchange.
--Producing and promoting a series of professional, compelling, high-
quality TV documentaries about local Y2K issues and solutions
and their impact on local government services. This will
supplement the work already done by NACo, ICMA, NLC and PTI in
their program titled ``Y2K and You.'' This would also
supplement the proposed National teleconference seminar
scheduled to air on October 7, 1998, to 47 local sites.
--Disseminating tool kits or ``How To'' manuals such as those
published by the COG (see Attachment 3) which help local
government officials identify the steps they need to take to
address Y2K issues.
Looking at just one of the recommendations, a National Year 2000
Program Office, to complement the efforts of the President's Y2K
Advisory Council, the Federal government can provide local government
with much needed Y2K data aggregation and coordination. A large amount
of data is being generated, but local governments need help in
accumulating, analyzing, and understanding this data. As an example,
using the information gathered for the 34 functional categories
currently monitored by the Y2K Advisory Council, a National Year 2000
Program Office could assist each region in ascertaining the readiness
of area hospitals. Providers of critical emergency medical equipment
are known to be lagging in the Y2K race. This information is essential
in operating our local emergency medical systems. It can assist in
projecting the necessity of the efforts of the national guard to assist
state and local law enforcement agencies; and provide input to a
national ``disaster'' exercise on Y2K much like the one Montgomery
County has planned for December of this year. The most critical
functions are the performance of the electric utilities and health care
systems and providing information on risk assessment to local
governments. An office of this nature would be instrumental in
promoting dialog among the 87,259 jurisdictions in the nation.
To ensure a community's economic stability through this difficult
period, each local community needs a Y2K business continuity program to
assure that business partners, suppliers, contractors, and vendors will
still be in business after 12/31/1999. Montgomery County has such a
program and is sharing much of its information with regional
governmental bodies and business entities but remains concerned about
potential litigation should reliance be placed upon its disclosures.
The immunizing legislation mentioned above would go a long way toward
allowing those who have accumulated regional supplier information to
share that knowledge without fear of retribution.
Montgomery County recognizes its obligation to the community, not
only as the local governmental entity having the duty to inform and
protect the citizens and businesses within its immediate boundaries,
but also as a partner in a larger regional community. Y2K failure in
any County's power, transportation, health care, or communications
infrastructure will have tremendous rippling effects on all neighboring
communities.
A county has the obligation to repair and test all critical systems
and processes to ensure that it can continue to deliver services and
that local businesses can continue to operate unimpaired. Montgomery
County is committed to undertaking special efforts to minimize the risk
of failure to its community but, at the same time, to plan for the most
likely regional failures. This means government should prepare to be
the direct provider of services in the event the business community is
disabled, such as in the distribution of food or water, should the
local supermarket be closed or overrun. Contracted service providers
must be on standby. A community contingency plan is as important as
those we are developing for our automated systems.
The potential effect of Y2K on county governments nationally
requires the redirection of resources and manpower to ensure the health
and safety of citizens, to maintain law and order, to initiate action
plans for the restoration of business-as-usual, while minimizing
negative impacts. Planning contingencies are essential in the event of
power outages, failure in water and sewer systems, traffic controls,
and telecommunications to note a few. Community health, safety, and
welfare are County governments' highest priority, and potential Y2K
impacts in this area must be identified and mitigated in short order.
NACo is doing everything it can to ease the transition to the next
century.
The nationwide extent of Y2K failure is still unknown. But whatever
it is, it will affect everyone at the same time and some earlier. The
Y2K deadline is immovable. No silver bullet solution will be found. As
I stated earlier, while many of the Nation's local governments are
engaged in Y2K assessment and repair, many are very late in starting.
For many counties, local resources are scarce and funding is critical
to the success of Y2K repair efforts. This may prove to be one of our
biggest obstacles. Awareness must be increased and every community must
plan now, because we are running out of runway.
Lessons learned by Montgomery County lead us to offer the following
advice to those who are just starting:
1. View Y2K as a business management problem, not a technical
problem.
2. Insist on the highest level of executive leadership.
3. Make someone in your organization responsible for Y2K.
4. Consider suspending or postponing new, non-Y2K initiatives.
5. Make funding available; divert funds from current programs where
possible; plan for uncertain buys.
6. Perform a full inventory, triage and prioritize.
7. Engender a sense of urgency; streamline procurement and budget
processes.
8. Where possible, don't reinvent the wheel; adopt industry best
practices such as those of the Metropolitan Washington COG.
Thank you, Senators, for your time and attention. I will be happy
to answer any questions.
list of displays
1. Montgomery County's Y2K Compliance Program Timeline
2. Montgomery County's Y2K Decision Structure
3. Montgomery County's Y2K Appropriations Summary
4. Examples of Montgomery County Projects by Categories
5. Montgomery County's Y2K Systems Status Summary
6. Montgomery County's Y2K Scorecard Report
[GRAPHIC] [TIFF OMITTED] T2OC98G.004
[GRAPHIC] [TIFF OMITTED] T2OC98G.005
[GRAPHIC] [TIFF OMITTED] T2OC98G.006
[GRAPHIC] [TIFF OMITTED] T2OC98G.007
[GRAPHIC] [TIFF OMITTED] T2OC98G.008
[GRAPHIC] [TIFF OMITTED] T2OC98G.009
List of Attachments--Montgomery County, Maryland & Metropolitan
Washington Council of Governments \1\
year 2000 program--illustrations & proposal
1. Montgomery County's Y2K Compliance Program Plan
2. Montgomery County's Y2K Decision Structure and Website Address
3. Metropolitan Washington Council of Government's Year 2000 Best
Practices Manual
4. Montgomery County's Triage Process and Risk Rating Form
5. Montgomery County's Y2K Program Funding Summary
6. List of Montgomery County's Year 2000 projects
7. Montgomery County's Year 2000 Systems Status Summary
8. Montgomery County's How to Develop a Y2K Action Plan
9. Montgomery County's Business Continuity Assurance Planning
Guidelines
10. Montgomery County's Contingency Plan Preparation Guidelines
11. Montgomery County's Session with its Municipalities
12. Montgomery County's Scorecard and (Internal) CAO's Responsibility
Memorandum
13. Metropolitan Washington Council of Government's Funding Proposal
for a National Y2K Emergency Fund.
\1\ To obtain copies of these attachments please contact the
Montgomery County, MD, Year 2000 Project Office.
__________
Prepared Statement of Senator Gordon Smith
Thank you Mr. Chairman. I appreciate your leadership in preparing
for today's hearing.
First, I would like to thank all the distinguished witnesses before
us today for taking time to testify, and for helping us address the
challenges facing the emergency services sector. You especially, along
with many other leaders in this industry, are critical to ensuring the
safety of our families as the year 2000 approaches.
I am also very pleased to see Mr. John Koskinen, the President's
Special Assistant on the Year 2000 problem, here to testify again
before the committee. Thank you Mr. Koskinen. I am particularly
interested in hearing about the President's involvement in preparing
our national emergency systems for the year 2000. As leaders of the
free world, I hope we all continue to focus on the safety of America
and make preparations to safeguard against worst case scenarios. Along
with my interest on our domestic emergency preparedness, I am also
interested in preparations being made on the international front.
After hearing from several agencies on this issue, it has become
apparent that a priority must be placed on establishing a coordinated
central Y2K emergency service center. It would make sense for every
emergency program to dispatch from, and report to, a central Y2K
emergency center when the average 300,000 9-1-1 calls a day increases
into the millions on January 1, 2000? An emphasis should be placed on
developing a response to all these worst case scenario emergencies. I
look forward to hearing how these needs are being met and in what way
our committee can help.
No one will know the impact of this problem until the beginning of
the new millennium. I have heard the Y2K problem being characterized as
anything from a simple bump in the road to the second coming of Christ.
With only 456 days left, there is no more time for anyone to be
dragging their feet or dodging this critical problem. We need to assure
the American public that our emergency systems are prepared for any
scenario that may arise.
In my state of Oregon, the Y2K issue has been made a top priority
at every level of government. Local task forces are organized in every
region, county, and city by private citizens who have volunteered their
time. Every time I am back in Oregon, I make it a priority to
participate with these task forces in as many local Y2K forums as
possible, to learn more about the local problems and efforts going on
in my state, and finding ways to help.
Information sharing has been extremely beneficial to everyone in
Oregon, because we are working together to deal with the problem as a
community. Working together prevents unnecessary panic, provides
everyone an opportunity to understand the severity of the problem, and
brings the community together as we work toward a common goal.
Information sharing is working, as the citizens of may state are
proving, and I hope we can continue the open, honest dialog today at
this hearing, and in these final months to come.
Thank you Mr. Chairman, I look forward to learning more about the
specific Y2K challenges facing our emergency services sector and the
specific steps being taken to address them.
__________
Prepared Statement of Lacy Suiter
Mr. Chairman and Members of the Committee: Good morning. I am Lacy
Suiter, Executive Associate Director for Response and Recovery, Federal
Emergency Management Agency. FEMA Director James Lee Witt has asked me
to testify at this hearing on his behalf and I am pleased to have this
opportunity to appear before you. I would like to describe FEMA's
efforts to address the potential threat posed by the Year 2000 (Y2K)
technology problem for fire services and emergency management within
the United States.
fema's role in the president's council on y2k conversion
FEMA has a role as one of thirty-four sector coordinators
supporting the President's Council on Y2K Conversion, chaired by
Presidential Advisor, John A. Koskinen. FEMA chairs and coordinates
efforts of the Emergency Services Sector (ESS) working group. Primary
member agencies include FEMA, the Departments of Agriculture, Commerce
(mainly the National Oceanographic and Atmospheric Administration),
Defense, Health and Human Services, Interior, and Transportation. The
American Red Cross participates as an honorary member. FEMA and the
other Emergency Services Sector members are responsible for increasing
awareness of emergency services providers throughout the Nation and for
encouraging them to assess the readiness of their technology-based
systems to support operations before, during, and after the clock rolls
over to the year 2000. It is important to clarify that FEMA does not
have a role in prevention or response to the causes of computer
disruption. FEMA does not have authority or the technical expertise
required to perform those types of missions.
The goal of the Emergency Services Sector is to facilitate efforts
to ensure that all members of the nation's emergency services community
will be able to operate normally through the Y2K conversion period. The
other sectors are working toward the same assurances in their areas,
with the shared goal being that Y2K disruptions will be of minimal
consequence. The objectives of the Y2K Emergency Services Sector
Working Group are to:
--Develop coordinated outreach plans and communications to State,
local, and private sector groups in fire and emergency services
(including the volunteer agency community);
--Monitor progress of the sector; and
--Prepare for inevitable disruptions.
brief assessment of government preparedness for the year 2000
The Emergency Services Sector, which met most recently on September
16th, will be providing reports to the President's Council in the
coming months on the readiness of the sector as a whole. Readiness
assessments are being conducted throughout the 34 sectors on the
Council.
At the Federal level, all of the agencies are in the process of
increasing awareness and fostering readiness self-assessments among
their stakeholders. These user communities cut broadly across the
Nation's infrastructure, involving both the private and the public
sector. And the agencies themselves must be ready to cross the year
2000 threshold with high confidence that their own systems will work
well. To this end, FEMA and the other Federal agencies report directly
to the Office of Management and Budget (OMB), on a monthly or quarterly
basis, regarding the progress being made with their own systems.
outreach to the emergency services sector on y2k
FEMA is working with other agencies in the Emergency Services
Sector to develop an outreach action plan. The action plan will include
three categories of activity:
--Meetings on Y2K convened by Federal Agencies;
--Outside meetings which Federal officials will attend in order to
spread the word about Y2K; and
--Other communications on Y2K, such as letters, public notices, web
site information, and brochures.
FEMA plans to post this information on its Y2K web pages during the
next month, and to make all of this information accessible through
www.fema.gov, as it becomes available.
The Emergency Services Sector members are actively reaching out to
their respective constituencies. For example, HHS is in contact with
hospitals, clinics, and other health-related facilities across the
country. DOD's Corps of Engineers is working with the private sector
contractors who provide services such as debris removal. These Federal
agencies are heightening awareness and will provide assessments in the
fire services community, emergency medical services community, the
National Guard, and, of course, emergency management services,
including the volunteer agencies supporting disaster response.
FEMA's outreach to the fire services community and State and local
emergency management is described in more detail below.
Fire services
FEMA's United States Fire Administration (USFA) has initiated a
multi-phased plan to raise awareness and assess readiness on the Y2K
technology problem. This approach was selected to take greatest
advantage of the decentralized and independent structure of the fire
services community.
Fire Administration staff issued a suggested article for the fire
and emergency services publications on Y2K preparedness. Staff have
also been interviewed by a variety of fire and emergency services
publications for articles on the Y2K issue.
In August, FEMA developed a list of frequently asked questions
regarding Y2K and their answers, and formatted them into a Y2K
brochure. The brochure is made available to students attending classes
at the National Fire Academy. The brochure has been mailed to the major
fire service organizations and the State Fire Marshals, along with a
cover letter asking them to help get the word out to fire and emergency
services nation-wide. The brochures are available for local
distribution. FEMA also sent materials to associations of fire and
emergency service equipment manufacturers and distributors, and asked
them to share information on actions their members are taking to ensure
that their products are Y2K compliant. FEMA is currently in the process
of direct-mailing the Y2K brochure along with a cover letter to each of
the approximately 33,000 individual fire departments across the
country.
The Y2K brochure also directs people to related web sites,
including the USFA web site. The web site includes a Y2K section which
provides general information, frequently asked questions and answers,
as well as basic testing tips that individuals and organizations can
apply to determine if their equipment and systems are Y2K compliant.
Over the next few months, the Fire Administration plans to enlist
the aid of State Fire Marshals in determining local fire service
readiness for the Year 2000. Throughout fiscal year 1999, Y2K will be
featured as an important topic in speeches and conference displays
developed for the fire and emergency services community.
State and local emergency management
FEMA's Preparedness, Training, and Exercises Directorate provides
grants, guidance, training, and exercise assistance to State and local
governments to help them to prepare for all types of emergencies. FEMA
has initiated activities to address the Y2K problem and is pursuing
outreach activities with its primary constituents, the State and local
governments, through their national organizations, the National
Emergency Management Association (NEMA) and the International
Association of Emergency Managers (IAEM). A main emphasis of this
outreach effort is to heighten awareness of State governments, and
indirectly of local governments, on the criticality of this issue and
to provide Y2K emergency preparedness guidance and information.
At the September 1998 NEMA Annual Conference in Charleston, South
Carolina, the new NEMA President led a discussion of Y2K and identified
it as a priority area for the coming year. In fact, NEMA has already
initiated dialogue with its membership on Y2K, and has assigned the
NEMA Preparedness, Training, and Exercises Committee to review and
coordinate efforts with FEMA. Committee officials participated in
discussions with FEMA's Associate Director for Preparedness, Training
and Exercises, and the Presidents of NEMA and IAEM on the importance of
developing emergency preparedness measures and guidance to deal with
potential Y2K issues. As a result, FEMA will work in partnership with
NEMA, IAEM, and other organizations over the next several months to
develop emergency preparedness guidance for the entire emergency
preparedness community. Information on model State and local Y2K
programs and practices will also be collected and shared.
FEMA's Regional Directors have been asked to contact the State
Emergency Management Directors in their region to support this effort.
The personal contacts will reinforce the importance of preparedness and
compliance at the State level, emphasize the necessity of State
outreach to local governments, and help to identify areas where
additional specialized assistance is needed.
As part of FEMA's training activities, the Emergency Management
Institute (EMI) has instituted a ``Y2K Show-of-Hands Survey'' at the
beginning of every class, which includes the following questions:
--Are you aware of the potential problem facing all computer systems
called ``Y2K'' that involves the computer's ability to
accommodate the change to the year 2000?
--Is your organization actively working to ensure that its computer
systems are able to deal with this potential problem?
--Are the computer systems in your organization currently fully
prepared to successfully accommodate the change to the year
2000?
The survey provides immediate feedback on Y2K preparedness at all
levels of government. More importantly, it raises the awareness of
students at EMI and highlights the need for action. EMI is examining
ways to insert Y2K considerations into the exercise scenarios for the
Integrated Emergency Management Courses. Y2K considerations add value
to an all-hazards curriculum by focusing attention on consequences and
operational requirements that could also emerge during other types of
technological emergencies. All students attending EMI resident classes
receive copies of the Y2K brochure developed for the fire service
community.
In November, FEMA's Associate Director for Preparedness, Training
and Exercises will address the IAEM 46th Annual Conference in Norfolk,
Virginia, to urge local emergency managers to participate in efforts to
raise Y2K preparedness.
In February 1999, Director Witt will address the National Govemor's
Association on the status of several FEMA initiatives, including Year
2000 outreach, and offer suggestions on what the Governors can do to
further the efforts to raise awareness, promote personal
responsibility, and ensure operational readiness at all levels of
government.
fema's responsibility under the federal response plan
The final element of our strategy, for which I am responsible as
Executive Associate Director of Response and Recovery, is to ensure
that if preventive measures fail, the signatory agencies to the Federal
Response Plan are primed and ready to assist State and local
governments with response to consequences of a Y2K problem affecting
lives, property, and public health and safety. It is has been our
experience that consequences of an order of magnitude to require
assistance under the Federal Response Plan fall into a consistent set
of functional areas, regardless of the type of hazard that caused the
emergency. The Plan is organized to provide assistance to State and
local governments in transportation, communications, public works and
engineering, firefighting, information and planning, mass care,
resource management, health and medical services, hazardous materials,
food, and energy.
A Y2K technology problem will create two sets of needs. The first
includes technological support to the owner/operator of the disrupted
system, such as advice on technical work-around options, and repair or
replacement of disrupted hardware, software, or networks. The Federal
Response Plan is not designed to meet this need. This is the job of
information technology professionals in each owner/operator
organization, public and private, to address through internal business
continuity plans, with the assistance of the President's Council on Y2K
Conversion. The second set of needs includes emergency assistance to
State and local governments, to enable them to continue to perform
essential community services, such as issuing emergency warnings,
disseminating public health and safety information, carrying out health
and safety measures, reducing immediate threats to public heath and
safety, providing temporary housing assistance, and distributing
medicine, food, and other goods to meet basic human needs.
It is difficult to determine the exact nature and extent of the
threat posed by the Y2K problem. Reports in print and television media
and on the Internet range from predictions of business-as-usual to some
form of cyber winter. To identify and prioritize actions to take to
ensure we are able to provide assistance to State and local
governments, we need credible assessments from authoritative sources
that describe specific vulnerabilities, areas at highest risk, and
potential consequences that could lead to activation of the Federal
Response Plan. We believe the President's Council on Y2K Conversion is
an authoritative source for information on this hazard.
The Council is scheduled to release a report later this year that
narrows down the risks and describes a plausible worst-case scenario.
John Koskinen, Chairman of the President's Council on Y2K Conversion,
attended our August meeting of the primary Federal Response Plan
agencies, and stated that, domestically, he is most concerned about
small-and medium-sized organizations (public and private); and over-
reaction by the public. He believes that the basic infrastructure will
work and that there will be no major nationwide catastrophic
disruptions, but that there may be needs for Federal response in some
service sectors and in some geographic areas.
Our primary operational objective will be, in accordance with the
Robert T. Stafford Disaster Relief and Emergency Assistance (Stafford)
Act, to respond to physical consequences on lives, property, and public
health and safety. It is difficult to imagine a Y2K scenario that would
trigger widespread physical consequences that threaten lives and
property. However, a Y2K scenario could cause scattered disruptions in
critical systems such as traffic control, communications, or power,
which would complicate local, State and Federal efforts to provide
disaster response. I am particularly concerned about rural areas in
northern and western states in December and January, which is severe
winter storm season. Our operations concept will be to activate
monitoring operations through the critical conversion period here in
Washington and in our regional operations centers, and to request
information technology liaisons with access to FEMA internal and
interagency sources of technology support. We may not be able to
respond to requests for technology support, but we can use the Federal
response system to provide a backup network to ensure that such
requests from State and local governments are referred to the
appropriate public/private coordination channels that have been
established through the efforts of the President's Council on Y2K
Conversion.
As we wait for the official assessment from the President's
Council, I am continuing my monthly meetings with officials of the
primary agencies of the Federal Response Plan to focus attention on
potential needs and options. Agencies have reported that the majority
of mission-critical facilities and support systems necessary to conduct
Federal Response Plan operations will be functional through the Y2K
conversion period. Agencies are developing work-around options for
those that will not be ready by March 1999. FEMA is doing all that it
can, as the lead agency for the Federal Response Plan, to encourage
Federal Response Plan agencies to work with their partners in the State
and local emergency management and fire service communities, to promote
awareness and business continuity planning for Y2K.
The Y2K technology problem involves several dimensions and touches
upon nearly every aspect of day-to-day business in the world. The
efforts of emergency management and fire service organizations cannot
be viewed as a substitute for personal responsibility and personal
preparedness. Every organization and every individual, in public and
private life, has an obligation to learn more about this problem and
their vulnerability, so that they may take appropriate action to
prevent a problem before it occurs. As elected leaders, you also play
an important role in increasing public awareness and promoting personal
initiative through a range of activities, such as this hearing. We in
FEMA respect your concern and your commitment to this issue. At the
same time, FEMA is working with the emergency management and fire
services communities to raise awareness, to increase preparedness, and
to stand ready to provide Federal response assistance to State and
local governments, if required. We will keep you informed on our
progress as the countdown to the new millennium continues.
______
Responses of Lacy Suiter to Questions Submitted by Chairman Bennett
Question 1. Does FEMA plan to preposition any core reserves of
personnel, supplies and equipment to aid local governments or is it
planning to coordinate Federal Government and State government
resources? Please explain.
Answer. At this point, FEMA does not plan to preposition personnel,
supplies and equipment. We are planning to activate monitoring
operations through the critical conversion period from December 29,
1999 through January 4, 2000. This includes activating the interagency
Emergency Support Team at FEMA Headquarters and our 10 interagency
Regional Operation Centers (ROCs) which will operate from each of the
10 FEMA Regional Offices. Appropriate Federal assets such as the Mobile
Emergency Response Support Detachments will be placed on alert.
Question 2. Mr. Suiter, I would like to thank you for coming
today's hearing. We realize that this is an incredibly busy time for
FEMA. FEMA cannot deploy IT professionals to Y2K system failures.
Unfortunately, our concern is that physical effects of computer
problems could result in failed water systems, loss of power etc. which
could be scattered so widely that States could become overwhelmed. What
consideration has been given to how FEMA would respond to the request
for help from multiple States (eight or more)?
Answer. The current Federal response structure as implemented
through the Federal Response Plan is designed to provide assistance in
response to emergencies and disasters in multiple locations throughout
the United States and its territories when Federal assistance is deemed
necessary. The Federal response structure relies heavily on its Federal
regional response structure to deliver assistance to State and local
communities.
Question 3. If a Governor were to seek, and the President were to
issue, a declaration of emergency for a particular state or region as a
result of major Y2K disruptions: What types of assistance might FEMA
reasonably be able to make under current authorities? Would these
requests all likely be made under the Stafford Act/Federal Response
Plan, or would additional or alternative channels of relief potentially
be available through other emergency preparedness authorities?
Answer. Upon a Presidential declaration of an emergency under the
Stafford Act, FEMA may give mission assignments to other Federal
departments and agencies that comport with their day to day missions to
utilize their authorities and the resources granted under Federal law.
Resources available include personnel, equipment, supplies, facilities,
managerial, technical and advisory services. These assets are utilized
to support State and local emergency assistance efforts to save lives,
protect property and public health and safety, and lessen the threat of
a catastrophe. Individual Federal agencies have their own statutory
authorities through which they may provide Federal assistance to State
and local governments that fall outside of the scope of the Stafford
Act/Federal Response Plan.
Question 4. Mr. Suiter, how effective do you think a Y2K warning
system would be? Would 17 hour advanced notice help FEMA response or
preposition equipment?
Answer. Although FEMA agrees that a Y2K early alert system will be
effective, it is premature to determine to what degree at this point.
Effectiveness will depend on the nature of the emergencies and the type
of Federal assistance that can be provided in a timely manner. The 17-
hour advance notice will help FEMA assess the nature and
characteristics of the Y2K-related emergencies and enhance our ability
to relay to the public what types of emergencies are mostly likely to
occur. At the same time, 17-hours advance notice may give us a better
idea of the scope and order of magnitude of the emergencies that occur
overseas. The extent to which the Federal Government's reaction will be
enhanced is uncertain.
Question 5. I understand that FEMA is currently working on an
appendix to the Federal Response Plan which will specifically deal with
Y2K. Could you please elaborate on what this Y2K appendix will contain
and when we might expect to see this document?
Answer. In January 1999, an outline of a Y2K Supplement to the
Federal Response Plan will be developed based on input from the FRP
agencies and their regional counterparts. Assessments from the
Emergency Services Sector and the President's Council on Y2K Conversion
will influence the content of the Supplement. At this point, we
envision that the Supplement will include a Basic Plan and functional
annexes for the appropriate Emergency Support Functions. We plan to
develop, publish, and distribute the Supplement by July 1, 1999.
Question 6. The Federal Response Plan depends heavily upon the
Federal Agencies such as the Department of Defense and the Department
of Agriculture. How will FEMA cope if the supporting agencies have not
considered their emergency response assets considered mission critical?
Has FEMA received any indication that agencies are addressing this
problem?
Answer. FEMA is hosting monthly meetings of the FRP Primary
Agencies to collect and track information on the progress of the Y2K
compliance status of the 12 Emergency Support Functions. This
information will be used to conduct a vulnerability assessment of the
interoperability gaps that may arise as a result of Y2K operational
issues and shortfalls. Planning is underway to conduct a national level
seminar or tabletop exercise in the May/June timeframe to run through
an operational simulation of our response to a Y2K related emergency. A
national level exercise enables us to work with the FRP agencies and to
examine the interoperability shortfalls among the FRP agencies so that
back-up systems can be put into place by December 31, 1999.
Today, I cannot determine that all of the 28 signatory agencies to
the Federal Response Plan will be Y2K compliant by March 31, 1999.
Based on responses FEMA has received from the FRP Primary Agencies in
response to an Emergency Services Sector Y2K Standard Questionnaire, a
number of agencies will not be Y2K compliant by March 31, 1999.
However, no agency has reported that it will not be Y2K compliant
before December 31, 1999.
Question 7. Has FEMA tried to ascertain the types of relief that
states might need, and consider which of the 12 Emergency Support
Functions it would most likely need to activate in response to Y2K-
related emergencies?
Answer. FEMA is in the process of planning a series of regional
tabletop exercises to ascertain the needs of the States resulting from
a Y2K-related emergency. Although the Y2K Supplement to the FRP will
detail the special operations and preparedness measures, it has been
our experience that consequences requiring assistance under the Federal
Response Plan fall into a consistent set of functional areas,
regardless of the type of hazard that caused the emergency. The FRP is
robust , flexible and organized to provide assistance to State and
local governments in transportation, communications, public works and
engineering, firefighting, information and planning, mass care,
resource management, health and medical services, hazardous materials,
food, and energy.
Question 8. What are the thresholds and guidelines that would
govern FEMA's involvement in managing consequences of primary failures
of critical infrastructure services. What criteria would be applied to
determine the conditions under which relief or aid would be afforded?
Answer. From a technical viewpoint, FEMA may not be able to respond
to requests for technology support. However, we can use the Federal
response system to provide a backup network to ensure that requests
from State and local governments are referred to the appropriate
public/private coordination channels that have been established through
the President's Council on Y2K Conversion. From a consequence
management perspective, our primary operational objective and criteria
will be to respond to physical consequences on lives, property, and
public health and safety as a result of a Presidential declaration of
an emergency or major disaster. This is in accordance with the Robert
T. Stafford Disaster Relief and Emergency Assistance (Stafford) Act.
Question 9. Existing authority appears to permit FEMA, under
appropriate circumstances, to preposition key assets in anticipation of
a major disaster or emergency. Which of these authorities might be
relevant to pre-positioning the resources most likely to be in demand
in the aftermath of widespread Y2K-related failure? What conditions
must be met in order to allow the pre-positioning of these resources
under these existing authorities?
Answer. In accordance with several federal laws and existing
executive orders, each federal department and agency has assigned roles
to fulfill emergency preparedness and planning. These statutory and
presidential mandates require each department and agency to budget for
its own preparedness and planning. Should there be an event resulting
in a presidentially declared emergency or disaster, the operations of
the agencies are funded from the President's Disaster Relief Fund
unless other funds are available. Because of the geographic uncertainty
with respect to Y2K, planning for pre-positioning is not being
conducted by FEMA at this time.
Question 10. Existing authority may allow for the Director of FEMA
to initiate non-conventional forms of pre-preparation, such as
providing grants to states for emergency plan development and training,
or requesting from States reports on State plans and operations for
emergency preparedness. Has FEMA undertaken any efforts to make grants
or other forms of funding available to the states, in advance, for
specialized Y2K preparedness programs? Has it made any requests of the
states to review Y2K-related plans? Are these authorities generally
suited to this purpose? If not, would modifications be advisable?
Answer. FEMA did not request additional funds for Y2K planning and
preparedness as part of our initial request for fiscal year
1999appropriations. Public Law 105-277, the Consolidated Omnibus and
Emergency Supplemental Appropriations Act for fiscal year 1999,
provided additional funds to the President for Y2K issues.
In general, FEMA gives maximum flexibility to the States relative
to the use of the State and local assistance funding they are provided
so that they can determine how best to meet their emergency management
needs. If a State decides to do so, some of this funding could be used
to help address Y2K issues. The existing authorities are sufficient to
undertake Y2K preparedness activities at the State level.
As part of our preparedness efforts, FEMA has discussed the Y2K
problem with the National Emergency Management Association (NEMA),
which represents State emergency managers, and with the International
Association of Emergency Managers (IAEM), which represents local
emergency managers. Both groups have pledged to work in full
partnership with FEMA to address the Y2K issue. In addition, the ten
FEMA Regional Directors have been directed to personally discuss with
the State Emergency Management Directors the Y2K situation in the
States and local jurisdictions. The Regional Directors are to report
the results of these meetings in mid-November and a summary assessment
of the State and local preparedness will be provided to the President's
Council on Year 2000 Conversion in December. Future actions and
guidance will be based on the results of the State surveys by the
Regional Directors.
Question 11. If there are widespread failures and substantial
portions of a state's population is deprived of critical services, it
is foreseeable that a large number of states may request some form of
Federal assistance. Has FEMA planned for this possibility, and if so
how will state requests be evaluated or prioritized? Are there any
means by which the states may be able to notify FEMA of their
anticipated needs in advance of the event?
Answer. The Catastrophic Disaster Response Group (CDRG) is a
National-level coordinating group comprised of senior representatives
from all the FRP signatory agencies. The CDRG has the primary
operational mission of resolving policy, resource allocation and
prioritization issues that cannot be resolved at the Federal regional
level. This also includes resource and allocation issues that arise
between Federal regions.
Under FEMA's leadership, the CDRG is addressing the potential
impact that Y2K failures could have in responding to the consequences
of Y2K failures. The Chair of the President's Council on Year 2000
Conversion has asked that FEMA co-sponsor with DOD a National Y2K Table
Top Exercise to be held next spring. One of the goals of the exercise
is to identify issues that that may impact the Federal Government's
ability to manage the consequences of Y2K failures. Exercise activities
will be held at the regional level with Federal and State level
participants to help prepare for and address Y2K issues.
Other outreach to State and local jurisdictions is being conducted
through the ten FEMA Regions to survey and assess State and local
preparedness for the Y2K conversion. FEMA is coordinating and working
with the National Emergency Management Association and the
International Association of Emergency Managers to address Y2K issues
and to identify areas in which State and local jurisdictions may need
assistance. Through these State and local contacts it may be possible
to identify anticipated needs in advance of the event. As part of these
outreach efforts, preparedness, training, and exercise assistance and
guidance will be provided as necessary to State and local jurisdictions
to assist them in preparing for the Y2K conversion and to help mitigate
anticipated problems.
Question 12. S. 2361, the Disaster Mitigation Act of 1998, will, if
passed: (1) expand FEMA's pre-disaster mitigation authorities; (2)
reduce the types of facilities and activities that can receive Federal
assistance following from a disaster; and (3) modify current cost-
sharing arrangements pertaining to disaster relief and emergency
assistance. How will this bill, if passed, impact FEMA and the Federal
Government's ability to address foreseeable Y2K-related requests for
relief and assistance? Are there some portions of this legislation that
might be more applicable than others and that might be considered for
expedited treatment?
Answer. The primary purpose of S. 2361, the Disaster Mitigation Act
of 1998, was to promote mitigation; that is, to reduce loss of life and
property from natural hazards both before and after disasters strike.
It also proposed some changes to FEMA's disaster recovery programs to
facilitate a more efficient recovery and to meet the needs of both
public and individual disaster victims better. The amendments were not
drafted with the Y2K-related requests for disaster relief in mind. Had
the Disaster Mitigation Act of 1998 passed, we do not believe that it
would have impacted FEMA's and the Federal government's ability to
address foreseeable Y2K-related requests for relief and assistance.
__________
ADDITIONAL MATERIAL SUBMITTED FOR THE RECORD
------
Statement of R. Michael Amyx, Executive Director, Virginia Municipal
League, on Behalf of the National League of Cities
My name is R. Michael Amyx and I am the Executive Director of the
Virginia Municipal League. I am pleased to be able to submit this
testimony on behalf of the National League of Cities. The Virginia
Municipal League is a statewide, non profit, non partisan association
of city, town and county governments established in 1905 to improve and
assist local governments through legislative advocacy, research,
education and other services. The membership includes all 40 cities in
the state, 155 towns and 15 urban counties. As Executive Director, I
serve as the CEO of the Virginia Municipal Liability Pool and the
Virginia Municipal Group Self Insurance Association. These
organizations provide low cost insurance to municipalities.
NLC was founded in 1924 by state municipal leagues that sought
national representation before Congress on municipal issues. NLC is the
largest and oldest national organization representing municipalities
and their elected officials. NLC represents 135,000 mayors and council
members from municipalities across the country. Over 75 percent of
NLC's members are from small cities and towns with populations of less
than 50,000. A significant number of small cities and towns are in the
Commonwealth of Virginia.
First, I am grateful to Chairman Bennett and the members of the
Senate's Special Committee on the Year 2000 Technology Problem for
their leadership role in drafting and efforts made towards the passage
of The Year 2000 Information and Readiness Disclosure Act (S. 2392).
NLC thanks the Special Committee for the opportunity to provide input
during the drafting process regarding the needs of municipalities. Our
nation's cities and towns consider the millennium bug to be a very
serious matter with potentially dire consequences. Many applications
and systems in local communities are not Year 2000 compliant today.
Critical systems including E-911 services, water and wastewater,
traffic signals, electric and communications, if disrupted, could cause
severe problems for citizens who rely on these vital services
The Year 2000 Information and Readiness Disclosure Act will allow
companies and municipalities to disclose and share information that
will help to avert major system failures brought about by the
millennium bug. It is critical that cities and towns know what measures
are being taken by the computer industry and state and federal
governments to avoid Year 2000 problems and what methods are working
well. We hope that the House of Representatives will follow suit and
pass this bill in the coming week.
There are several other crucial areas of concern to cities and
towns where assistance from Congress is desired. We are willing to work
with you to see to it that cities and towns are doing all that is
necessary to avert a major crisis.
First, we need legislation requiring insurance companies to
disclose how they plan to respond to Year 2000 claims. To date, the
industry as a whole has kept its cards close to the vest causing much
uncertainty with respect to coverage and defense costs in the event
claims are filed. Cities and towns could lose millions of dollars in
costs to fix equipment. Of equal concern is the fact that cities and
towns could be sued for failing to adequately deal with the Year 2000
problem in liability lawsuits ranging from public safety issues to the
issuing of welfare checks.
Second, we are concerned that small cities and towns do not have
the information, resources, awareness, and time left to implement
compliance programs. Many of these small cities are already struggling
financially and they do not have the infrastructure resources that
larger cities have. We need help with disseminating information to them
about the Year 2000, assisting them with their compliance efforts, and
helping them to pay for this process.
Third, despite the successful efforts of the Senate to address
information disclosure, liability remains a concern of our nations
cities and towns. Frankly, even with preparations and test runs, we
still do not have the answer on whether all municipal systems will work
within a city on January 1, 2000. This presents a challenge for cities
and towns because we are responsible for public safety. If a large
number of lawsuits are brought against cities on the grounds of failure
to provide adequate public safety due to such things as glitches on
ambulances, fire trucks, global positioning systems, or electronic
communications related to saving lives, we believe that cities will be
faced with budget deficits. Even more chilling is the possibility that
the fear of liability will manifest in a reluctance on the part of
cities and towns to respond to disasters and routine emergencies. We
would like to work with you to address this concern for both our
citizens' lives and the fiscal future of our cities and towns.
The Virginia Municipal League has conducted some research that
indicates that local governments are aware of the problem and of the
potentially severe consequences of not solving it. Many local
governments, in particular small to medium sized jurisdictions, do not
have the internal expertise necessary to move forward and are, to some
extent, relying on outside vendors to achieve compliance. Some cities
and towns are way ahead of others. Limited resources and increased
demand for services continue to make funding an issue. We are confident
that most local governments will be ready when we reach January 1,
2000. However, invariably some applications and systems will not be
compliant. Local governments are prioritizing systems for scrutiny, and
we hope that disruptions will be minimal.
At this point the Virginia Municipal League is in the process of
educating Virginia's cities and towns on the Year 2000 issues. It is no
secret that while most cities and towns are dealing with the problems,
information, and resources are beyond the reach of small cities. We
have a seminar planned for next week at our annual conference to
explore the liability issues for municipalities associated with Y2K and
also to explore the scope of the problem. Within the 49 state municipal
leagues, the National League of Cities, and the members of the Big 7
state and local government interest groups a network exists to provide
information directly to cities and towns. Unfortunately, there is no
single prescribed cure for this problem, and the costs of addressing
the problem are well beyond the reach of many small cities and towns.
From a municipal perspective, cities and towns have multiple
software and hardware vendors which have been used for numerous years.
Cities and towns rely on these businesses for solutions to software and
hardware dilemmas, but we cannot control the outcome. Further, some of
these vendors are already out of business, and the vulnerability of
those still in business is great. Additionally, electronic chips and
devices embedded into machinery may suffer from the Y2K problem--
imagine all of the public works equipment that may be effected by this.
NLC's Local Officials Guide The Year 2000 Problem * * * When the
Clock Turns Be Ready!, addresses the problem for municipalities and the
steps to take to implement a plan. This publication says that our
nation's cities and towns face the following threats if we do not fix
or are unsuccessful at fixing theY2K problem:
--Threats to human life and safety are likely to occur if systems
fail to alert authorities to crisis situations or provide
incorrect information about the nature or local of a crisis;
--Sharp increases in local taxes may be needed to defray Y2K
expenses, including the litigation expenses which may continue
for more than a decade into the new century;
--Elected and appointed city officials may be held personally liable
for violation of fiduciary responsibility, breach of expressed
or implied warranty, errors and omissions, or malpractice; and
--Extensive amounts of computer programmer time for both
implementation of a plan and data repair costs, especially for
data intensive agencies.
I think that all of the state and local government witnesses
testifying here today can agree that the longer we delay, the greater
the cost will be, more normal processes will be disrupted, and the less
likely we are to be able to solve problems as time runs out. Cities and
towns can prepare for the Year 2000, but we need help getting the right
information and the resources. NLC and the state leagues can serve as a
repository of information for cities, but we need to ensure that the
information out there is correct.
legislation
At the state level, we are pursuing legislation that would extend
sovereign immunity to local governments for liability arising out of
the Year 2000 issue. Several states have passed such legislation
(Nevada, Florida, Georgia, Iowa, and New Jersey) and others are
currently considering similar bills (California, Hawaii, Illinois,
Minnesota, New Hampshire, Pennsylvania, South Carolina, and Utah).
The Virginia General Assembly passed legislation during the 1998
session extending such immunity to the Commonwealth, but did not
include local governments. It is our view that local taxpayers deserve
to be protected from unpredictable financial impact which could be
catastrophic. This is particularly true if insurance companies do not
step forward to provide funding for defense of claims and claim
payments as required. Cities and towns need advance warnings to arrange
for other coverages or potentially increased expenses. The 32 local
government insurance pools that participate in the NLC--RISC (Risk
Information Sharing Consortium) and primarily represent small cities
that otherwise would have problems finding affordable insurance have
looked to proactively address this problem, but need the information
from insurance companies too.
threat to emergency services
Arlington County, Virginia has one of the most advanced emergency
preparedness programs in effect to date. Arlington County has set up an
emergency management team whose function is to simulate all types of
``what if'' emergency situations, including systems failures due to Y2K
problems. Emergency drills are performed regularly and are sometimes
performed in conjunction with other local jurisdictions. There are two
major areas of focus--information systems, which encompasses
traditional computer hardware and software problems, and embedded
chips, which comprises on-board systems in ambulances and police cars.
To give the Committee an idea of the cost of implementation of a top-
notch program, Arlington County has allocated $15.5 million just on the
information systems portion of Y2K preparedness. This figure does not
include monies for embedded chips issues or traffic signals, and is
expected to increase drastically due to the sheer magnitude of the Y2K
preparedness undertaking.
Currently, Arlington County has utilized Y2K coordinators who are
looking to identify where the Y2K bug may occur. With respect to the
embedded chips issue, assessments and inventories are conducted and
each department is required to come up with contingency plans, even if
the Y2K-compliant systems fail. Deadlines have been established both
for conducting the inventories and for designing and testing
contingency plans.
Despite the care taken by Arlington County to effectively complete
its Y2K emergency preparedness efforts it, along with other local
jurisdictions faces three major concerns. First, no matter what local
governments do to prepare internally for Y2K, many critical
governmental functions are tied to the private sector and are only
viable if the private sector is ready for Y2K too. For example, a
municipalities' E-911 response system may be Y2K compliant, but if the
local hospital's systems are not Y2K compliant, there will be problems.
Second, local governments must respond to emergencies caused by outside
entities when there's a systems failure. For example, local police will
be summoned if burglar alarm companies are not Y2K compliant and
homeowner alarm systems go off en masse. Third, the fiscal impact upon
local governments in the event of Y2K systems failures in the private
section cannot be underestimated. If a local business goes out of
business due to Y2K problems, that business is not paying taxes to the
local government.
One way to help with solutions to these problems raised by
Arlington County, but also applicable to local jurisdictions, is for
Congress to focus on providing more resources to help coordinate Y2K
preparedness on the local level. Whether this is better accomplished by
federal involvement in increasing manpower at the local level or by
simply providing more funding at the federal level is not known. What
is known is that the federal government must become involved in some
meaningful way. Even the most prepared local governments are worried
about the ability of the private sector to adequately prepare for Y2K
emergencies and the impact that this will have on local governments. We
believe that some compliance accountability standards are needed to
provide reassurance to local governments that all will be ready on
January 1, 2000.
nlc action
The National League of Cities has assisted in disseminating
important information to local governments with Public Technology Inc.,
the International City/County Management Association, and the National
Association of Counties. These organizations have mounted a national
campaign to raise awareness and provide resources and other tools to
local governments because of the serious impact that the Y2K problem
could have on local governments. Most recently, NLC distributed over
6,000 copies of the ``Y2K and YOU Information Kit'' developed by these
organizations. These kits will be disseminated through state leagues at
annual conventions, state league special meetings focusing on Y2K, and
sent to member local governments of these organizations. The Virginia
Municipal League plans to distribute this kit to all members of our
insurance program, which numbers about 500 cities and towns.
``Y2K and YOU'' provides the tools necessary for cities and towns
to develop remediation strategies. The kit contains best practices that
cities have implemented, information on helpful organizations, Y2K do's
and don'ts, and a checklist for coping with the Y2K problem. The intent
of this kit is to avert potential problems that have the potential of
crippling local economies, compromising public safety and health, and
stifling local government revenues. Additionally, a video is included
in this kit that highlights the steps necessary to implement a plan to
address the Y2K problem.
Though the kit provides a good deal of useful help and guidance,
local governments still have to contend with the high costs of
addressing the Y2K problem proactively, finding the right information
and solutions, and finding the actual manpower and technical expertise
needed to avert a potential problem. The first step is helping local
governments recognize that Y2Kis an issue that they must confront.
Cities and towns across the country are all over the map when it comes
to assessing what kinds of systems have been put in place to avert a
problem.
state municipal leagues
From my perspective, state municipal leagues are at a distinct
advantage in disseminating and sharing information on Y2K remediation.
At this point, many leagues have begun programs that give local
governments the tools to get started at a local level on addressing
potential Y2K problems.
My colleague, Jim Miller, the Executive Director of the League of
Minnesota Cities has convened a task force within the Minnesota League
that is addressing Y2K. The League of Minnesota Cities will be
conducting several regional meetings in the coming two weeks that will
assist cities in addressing things like what do to do if wastewater
treatment and emergency services are effected by the problem and how to
plan to prevent problems. Additionally, The Minnesota League has
developed its Minnesota specific Action Guide that outlines the
necessary steps, samples of tools and important documents for planning,
and checklists for issues to address.
While the Minnesota League has taken many steps and began this
process relatively early, one of the things that Mr. Miller noted was
that he wished that they had begun the process earlier, because the
League keeps learning about new issues and new concerns. More than half
of the counties in Minnesota have populations of less than 10,000.
Community hospitals, utility commissions, and wastewater commissions
just don't know where to turn to for help.
city examples
In my testimony today, I can tell you about some great things that
cities and towns are implementing, but I cannot tell you about who is
not complying and what is not being done. We frankly have no foolproof
way of determining which cities and towns have not developed and
implemented effective compliance programs for Y2K. Further, the
information that we do know is coming from large cities that have the
revenue and access to information and technology that compares to
Fortune 500 companies. The information is not out there with regard to
those small cities and towns who don't know about the problem and who
have not addressed it. We are concerned that these cities and towns
will be forgotten. They need help, or they are likely to have
catastrophic failures that compromise public safety and life as well as
their town's economic survival.
While the concern remains for the cities that have not yet acted, I
do want to tell you about some of the innovative things that are being
done.
--The City of Plano, Texas' (Population 128,713) purchasing division
required a ``Year 2000 Compliance'' warranty from vendors
providing the City with hardware and software products. Vendors
must sign the document guaranteeing that their products can
accurately process date between the 20th and 21st centuries.
--The City of San Diego, California (Population 1,110,550) formed a
team that began addressing Y2K issues in 1995. The focus of
their attack is the City's internal software and assessing off-
the-shelf software problems.
--Albuquerque, New Mexico (Population 384,736) developed a process to
identify and remediate those things adversely effected by Y2K
problems. The city's Information Systems Division reorganized
to three interrelated teams--City Services, Finance, and Public
Safety. These teams will address the needs of programming and
infrastructure during the process and also plans to hire five
additional contract programmers for the effort.
--Seattle, Washington (Population 516,259) plans to spend more that
$50 million to reprogram major applications affected by the
problem and plans to replace the city's accounting system.
Thank you again on behalf of the NLC for providing us the
opportunity to present our views to the Committee.
�