b"<html>\n<title> - YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE LEARN?</title>\n<body><pre>[House Hearing, 106 Congress]\n[From the U.S. Government Printing Office]\n\n\n\n\n YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE \n                                 LEARN?\n\n=======================================================================\n\n                             JOINT HEARING\n\n                               before the\n\n                 SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,\n                      INFORMATION, AND TECHNOLOGY\n\n                                 of the\n\n                     COMMITTEE ON GOVERNMENT REFORM\n\n                                and the\n\n                       SUBCOMMITTEE ON TECHNOLOGY\n\n                                 of the\n\n                          COMMITTEE ON SCIENCE\n                        HOUSE OF REPRESENTATIVES\n\n                       ONE HUNDRED SIXTH CONGRESS\n\n                             SECOND SESSION\n\n                               __________\n\n                            JANUARY 27, 2000\n\n                               __________\n\n                     Committee on Government Reform\n\n                           Serial No. 106-149\n\n                          Committee on Science\n\n                           Serial No. 106-84\n\n                               __________\n\n   Printed for the use of the Committee on Government Reform and the \n                          Committee on Science\n\n\n  Available via the World Wide Web: http://www.gpo.gov/congress/house\n                      http://www.house.gov/reform\n\n\n                               __________\n\n                    U.S. GOVERNMENT PRINTING OFFICE\n66-711                     WASHINGTON : 2000\n\n\n                                 ______\n\n                     COMMITTEE ON GOVERNMENT REFORM\n\n                     DAN BURTON, Indiana, Chairman\nBENJAMIN A. GILMAN, New York         HENRY A. WAXMAN, California\nCONSTANCE A. MORELLA, Maryland       TOM LANTOS, California\nCHRISTOPHER SHAYS, Connecticut       ROBERT E. WISE, Jr., West Virginia\nILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York\nJOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York\nSTEPHEN HORN, California             PAUL E. KANJORSKI, Pennsylvania\nJOHN L. MICA, Florida                PATSY T. MINK, Hawaii\nTHOMAS M. DAVIS, Virginia            CAROLYN B. MALONEY, New York\nDAVID M. McINTOSH, Indiana           ELEANOR HOLMES NORTON, Washington, \nMARK E. SOUDER, Indiana                  DC\nJOE SCARBOROUGH, Florida             CHAKA FATTAH, Pennsylvania\nSTEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland\nMARSHALL ``MARK'' SANFORD, South     DENNIS J. KUCINICH, Ohio\n    Carolina                         ROD R. BLAGOJEVICH, Illinois\nBOB BARR, Georgia                    DANNY K. DAVIS, Illinois\nDAN MILLER, Florida                  JOHN F. TIERNEY, Massachusetts\nASA HUTCHINSON, Arkansas             JIM TURNER, Texas\nLEE TERRY, Nebraska                  THOMAS H. ALLEN, Maine\nJUDY BIGGERT, Illinois               HAROLD E. FORD, Jr., Tennessee\nGREG WALDEN, Oregon                  JANICE D. SCHAKOWSKY, Illinois\nDOUG OSE, California                             ------\nPAUL RYAN, Wisconsin                 BERNARD SANDERS, Vermont \nHELEN CHENOWETH-HAGE, Idaho              (Independent)\nDAVID VITTER, Louisiana\n\n\n                      Kevin Binger, Staff Director\n                 Daniel R. Moll, Deputy Staff Director\n           David A. Kass, Deputy Counsel and Parliamentarian\n                    Lisa Smith Arafune, Chief Clerk\n                 Phil Schiliro, Minority Staff Director\n                                 ------                                \n\n   Subcommittee on Government Management, Information, and Technology\n\n                   STEPHEN HORN, California, Chairman\nJUDY BIGGERT, Illinois               JIM TURNER, Texas\nTHOMAS M. DAVIS, Virginia            PAUL E. KANJORSKI, Pennsylvania\nGREG WALDEN, Oregon                  MAJOR R. OWENS, New York\nDOUG OSE, California                 PATSY T. MINK, Hawaii\nPAUL RYAN, Wisconsin                 CAROLYN B. MALONEY, New York\n\n                               Ex Officio\n\nDAN BURTON, Indiana                  HENRY A. WAXMAN, California\n          J. Russell George, Staff Director and Chief Counsel\n   Bonnie Heald, Director of Communications/Professional Staff Member\n                          Chip Ahlswede, Clerk\n                     Michelle Ash, Minority Counsel\n                    Trey Henderson, Minority Counsel\n                          COMMITTEE ON SCIENCE\n\n          F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman\nSHERWOOD L. BOEHLERT, New York       RALPH M. HALL, Texas, RMM **\nLAMAR SMITH, Texas                   BART GORDON, Tennessee\nCONSTANCE A. MORELLA, Maryland       JERRY F. COSTELLO, Illinois\nCURT WELDON, Pennsylvania            JAMES A. BARCIA, Michigan\nDANA ROHRABACHER, California         EDDIE BERNICE JOHNSON, Texas\nJOE BARTON, Texas                    LYNN C. WOOLSEY, California\nKEN CALVERT, California              LYNN N. RIVERS, Michigan\nNICK SMITH, Michigan                 ZOE LOFGREN, California\nROSCOE G. BARTLETT, Maryland         MICHAEL F. DOYLE, Pennsylvania\nVERNON J. EHLERS, Michigan *         SHEILA JACKSON LEE, Texas\nDAVE WELDON, Florida                 DEBBIE STABENOW, Michigan\nGIL GUTKNECHT, Minnesota             BOB ETHERIDGE, North Carolina\nTHOMAS W. EWING, Illinois            NICK LAMPSON, Texas\nCHRIS CANNON, Utah                   JOHN B. LARSON, Connecticut\nKEVIN BRADY, Texas                   MARK UDALL, Colorado\nMERRILL COOK, Utah                   DAVID WU, Oregon\nGEORGE R. NETHERCUTT, Jr.,           ANTHONY D. WEINER, New York\n    Washington                       MICHAEL E. CAPUANO, Massachusetts\nFRANK D. LUCAS, Oklahoma             BRIAN BAIRD, Washington\nMARK GREEN, Wisconsin                JOSEPH M. HOEFFEL, Pennsylvania\nSTEVEN T. KUYKENDALL, California     DENNIS MOORE, Kansas\nGARY G. MILLER, California           JOE BACA, California\nJUDY BIGGERT, Illinois\nMARSHALL ``MARK'' SANFORD, South \n    Carolina\nJACK METCALF, Washington\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\nHearing held on January 27, 2000.................................     1\nStatement of:\n    Koskinen, John, Assistant to the President, chairman, \n      President's Council on Year 2000 Conversion; Joel C. \n      Willemssen, Director, Civil Agencies Information Systems, \n      U.S. General Accounting Office; Charles Rossotti, \n      Commissioner, Internal Revenue Service; and Fernando \n      Burbano, Chief Information Officer, Department of State....    13\n    Miller, Harris, president, Information Technology Association \n      of America; Cathy Hotka, vice president for information \n      technology, National Retail Federation; and Gary Beach, \n      publisher, CIO Communications, Inc.........................    99\nLetters, statements, et cetera, submitted for the record by:\n    Barcia, Hon. James A., a Representative in Congress from the \n      State of Michigan, prepared statement of...................   129\n    Beach, Gary, publisher, CIO Communications, Inc., prepared \n      statement of...............................................   113\n    Biggert, Hon. Judy, a Representative in Congress from the \n      State of Illinois, prepared statement of...................    11\n    Burbano, Fernando, Chief Information Officer, Department of \n      State, prepared statement of...............................    75\n    Horn, Hon. Stephen, a Representative in Congress from the \n      State of California, prepared statement of.................     4\n    Koskinen, John, Assistant to the President, chairman, \n      President's Council on Year 2000 Conversion, prepared \n      statement of...............................................    17\n    Miller, Harris, president, Information Technology Association \n      of America, prepared statement of..........................   102\n    Rossotti, Charles, Commissioner, Internal Revenue Service, \n      prepared statement of......................................    63\n    Willemssen, Joel C., Director, Civil Agencies Information \n      Systems, U.S. General Accounting Office, prepared statement \n      of.........................................................    26\n\n \n YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE \n                                 LEARN?\n\n                              ----------                              \n\n\n                       THURSDAY, JANUARY 27, 2000\n\n        House of Representatives, Subcommittee on \n            Government Management, Information, and \n            Technology, Committee on Government Reform, \n            joint with the Subcommittee on Technology, \n            Committee on Science,\n                                                    Washington, DC.\n    The subcommittees met, pursuant to notice, at 10 a.m., in \nroom 2154, Rayburn House Office Building, Hon. Stephen Horn \n(chairman of the Subcommittee on Government Management, \nInformation, and Technology) presiding.\n    Present for the Subcommittee on Government Management, \nInformation, and Technology: Representatives Horn, Biggert, \nWalden, and Turner.\n    Staff present for the Subcommittee on Government \nManagement, Information, and Technology: J. Russell George, \nstaff director and chief counsel; Mathew Ryan, senior policy \ndirector; Bonnie Heald, director of communications and \nprofessional staff member; Chip Ahlswede, clerk; Deborah \nOppenheim, intern; Michelle Ash and Trey Henderson, minority \ncounsels; and Jean Gosa, minority clerk.\n    Present for the Subcommittee on Technology: Representatives \nMorella, Green, Barcia, Wu, and Baird.\n    Staff present for the Subcommittee on Technology: Jeff \nGrove, staff director; Ben Wu, counsel; Michael Quear, minority \nprofessional staff member; and Marty Ralston, minority staff \nassistant.\n    Mr. Horn. This joint hearing of the House Subcommittee on \nGovernment Management, Information, and Technology, and the \nHouse Subcommittee on Technology will come to order.\n    It is now 27 days into the new millennium. The lights are \nstill on, telephones keep ringing, and the airplanes are still \nflying. So far, the biggest challenge, at least here on the \neast coast, is shoveling through the mountainous snowdrifts \ndumped by the first major storm of the year 2000. Thanks to the \nhard work of thousands of dedicated people at a cost in the \nbillions of dollars, we have the luxury of meeting today to \ndiscuss the benefits that have been derived from the year 2000 \ncomputer challenge.\n    Over the past 4 years, these subcommittees have spent \ncountless hours examining the Federal Government's computer \npreparations for the year 2000, or Y2K. When we began this \nprocess in April 1996, two Cabinet Secretaries had never heard \nof Y2K, much less begun preparing for it. That ultimately \nchanged, but not without congressional prodding through 43 \nhearings and 10 report cards, grading agencies on their \nprogress. In addition to fixing all of the government's 6,400 \nmission-critical computer systems, the subcommittees expected \nagencies to develop viable contingency plans in case those \ncomputer fixes did not work. We prodded, we questioned, and we \nhoped for the best, and the best happened. The Federal \nGovernment experienced a successful transition into the new \nmillennium.\n    Some glitches did occur, however, giving cause to wonder \nwhat might have happened if the work had not been completed. I \nam inserting in the hearing record a statement stressing that \nwithout the work of many in the executive and legislative \nbranches, it would not have been as successful.\n    Without objection, that will be in the record at this \npoint.\n    The Defense Department had problems with its surveillance \nsatellites. Some retailers were unable to process customer \ncredit card purchases. A Chicago area bank was unable to \nprocess Medicare payments. As far as we know, those isolated \nproblems were quickly repaired. Some still question whether \nother incidents might have occurred, but were unexpected due to \na fix first, report later mentality.\n    Successfully meeting the year 2000 challenge has provided \nmany lessons that must not be ignored or forgotten. The \nunextendable deadline forced government leaders to focus on \ninformation technology issues. Program and technology personnel \nworked intensely and closely to get the job done. In addition, \ngovernment agencies and private sector organizations were \nforced to develop detailed inventories of their technology \nresources and computer systems, in many cases for the first \ntime. Unnecessary and obsolete systems have hopefully been \ndiscarded.\n    Finally, government agencies and their partners have tested \nand retested data flows at unprecedented levels. Strong \nteamwork and rugged determination solved the year 2000 problem.\n    Some critics now question whether the high cost of this \nmassive effort was necessary. The best estimates currently \nindicate that the executive branch will spend more than $8 \nbillion on year 2000 fixes. The Secretary of Commerce has \nreported that the United States will have spent about $100 \nbillion on the effort as a whole.\n    Was that money well spent? Of course it was.\n    The executive branch of the Federal Government has not \nalways been known as a careful steward of the citizens' money, \nregardless of what party is in power. Large corporations have \nwaste also, and those that are publicly traded could not afford \nto squander hundreds of millions of dollars on unnecessary \ncomputer problems and contingency plans. Boards of directors \nand stockholders would not permit it. Whether large or small, \nsuccessful businesses rarely fritter away money. This was a \nmassive problem that required a massive solution.\n    We are grateful to everyone who contributed the many ideas, \nsolutions, and hard work that led to the success of this \neffort, from government personnel to grassroots organizations \nand the private sector. Thank you all for a job well done.\n    Today we welcome some of those dedicated leaders. The \nHonorable John Koskinen, Assistant to the President and Chair \nof the President's Council on Year 2000 Conversion; Mr. Joel \nWillemssen, Director of Civil Agencies Information Systems for \nthe General Accounting Office; the Honorable Charles Rossotti, \nCommissioner of Internal Revenue; Mr. Fernando Burbano, Chief \nInformation Officer of the Department of State and cochairman \nof the Security Privacy and Infrastructure Committee of the \nChief Information Officer Council; Mr. Harris Miller, president \nof Information Technology Association of America; Ms. Kathy \nHotka, vice president for Information Technology of the \nNational Retail Federation; and, last, Mr. Gary Beach, \npublisher of the CIO Communications, Inc. I might say that is a \nvery distinguished magazine, and I read it regularly. We \nwelcome each of you, and look forward to your testimony.\n    It is a pleasure to first introduce Mr. John Koskinen, \nspecial assistant to the President, Chairman, President's \nCouncil on Year 2000 Conversion.\n    [The prepared statement of Hon. Stephen Horn follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.001\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.002\n    \n    Mr. Horn. I now yield for opening statement from the \ncochairman of the task force, Mrs. Morella, the gentlewoman \nfrom Maryland.\n    Mrs. Morella. Thank you very much, Mr. Chairman. We will \nhear from Mr. Koskinen and the very prominent panel very \nshortly.\n    I appreciate having this hearing. I think it is important \nthat we look back at what has happened, and in particular, look \nahead to the future. If I had told everyone in this room a \nmonth ago that in January 2000 the Federal Government would \nshut down for 2 days and virtually the entire southeast and \nnortheast would be crippled, most likely everyone would have \nimmediately blamed Y2K millennium bug and not mother nature. \nYet it took a blizzard of snow and ice to accomplish what many \ndoomsayers had predicted long ago for the millennium bug. So \nhow is it that a winter storm caused more damage and \ninconveniences than the Y2K problem?\n    In the ensuing weeks since the passage of January 1, 2000, \nsimilar questions have been posted. Was the Y2K problem real or \nwas it overhyped? Was the $100 billion spent in the United \nStates, roughly $365 for every American citizen overall? Did \nall of our efforts stave off an impending disaster, or was Y2K \nsimply a nonevent waiting to happen?\n    In my mind, there is no doubt the problem was real. From \nthe very first hearing that my technology subcommittee \nconducted in the spring of 1996, to right up to the final month \nof December 1999, we witnessed systems failing Y2K tests and \ncrashing completely. Our concern for the Y2K issue was \ninitially so great and disturbing that we have held almost 100 \nhearings in both the House and the Senate on the issue, which I \nunderstand makes Y2K the single most thoroughly investigated \nissue ever in the history of congressional oversight.\n    Ultimately, I believe two factors tipped the balance from \nthe grave uncertainty many of us harbored in the beginning. The \nfirst was that we all knew the Y2K problem would strike on a \ncertain date, January 1, 2000, thereby allowing us to \ncollectively plan, coordinate and collaborate toward that \ndeadline.\n    The other and more significant factor was that after over a \nyear and a half of persistent cajoling by Congress, after we \nrealized this, our Nation required executive action to \neffectively combat the Y2K problem, the President finally \nexercised his authority in the spring of 1998. Y2K was suddenly \ncatapulted to become a top administration management priority, \nand John Koskinen was appointed to oversee our Federal \nGovernment's efforts and to partner with our Nation's private \nsector and with other countries internationally.\n    John certainly deserves a great deal of accolades for his \nstewardship. The well-deserved cheers I wanted to point out to \nfor our victory in vanquishing the millennium bug should also \ngo to those who ably served in the front lines of this epic \nbattle, all the dedicated Federal employees, public servants \nand professionals who were the technicians, and those who gave \ncountless hours on their holidays to provide assurance to the \nAmerican people that our Nation would be prepared for Y2K.\n    I think the fact that nothing of disastrous proportions \nhappened does not mean that nothing would have happened. For \nexample, the American Banking Association reported that, but \nfor the $10 billion in Y2K fixes, mortgage calculations would \nhave been incorrect, direct deposit of pay and government \nbenefits would have been problematic, and credit cards could \nnot be read due to problems with expiration dates.\n    Similarly, the telecommunications industry reported that \nthe $3.6 billion that they spent over the past 3 to 4 years \nprevented the potential gradual deterioration of public switch \ntelephone network performance, including slow response times \nfor dial tone access as well as interruptions of service.\n    The result of our Y2K experience is a testament to the fact \nthat we prepared well and we invested properly.\n    I believe, however, the investments were not just about \nY2K, but also about improving our Nation's information \ntechnology systems and gaining knowledge about those systems. \nThat is the focus of our hearing today. This hearing is not \ndesigned to simply pat each other on the back or to allow our \npanelists to take a figurative victory lap around the witness \ntable, but to ascertain the lessons that we learned from our \nY2K experience.\n    Will Y2K inspire a conscious effort for greater long-term \nplanning and more reliable and secure technology, or will it \njust prolong the shortsighted thinking that made Y2K so costly?\n    While many systems have relays replaced, some programs were \nfixed by applying a Y2K patch that will require another round \nof fixes within the next two decades. I look forward to \naddressing these and many other issues with our distinguished \npanel of witnesses, most of whom have appeared before us on \nmany occasions. It is only appropriate that since this is the \nabsolutely positively final last and ultimate hearing of the \nHouse Y2K Task Force, we close with those who have been \ninvolved with this issue since the very beginning.\n    Perhaps this hearing can provide the foundation for \ninitiatives as we address the 5-digit computer date problem, \nY10K as it may come to be known. If so at that time, maybe \nSteve Horn and I can chair that task force, along with Strom \nThurmond in the Senate.\n    I would like to extend my deep appreciation to all the \nmembers of my technology subcommittee and Congressman Horn's \ngovernment management subcommittee and his leadership for the 4 \nyears of vigilant and cooperative bipartisan initiatives, and I \nespecially want to acknowledge the hard work of my ranking \nmember, Jim Barcia, and certainly Chairman Horn, the \ndistinguished cochair of the task force, and Jim Turner of the \ngovernment management subcommittee, ranking member, and the \nmembers of both subcommittees who have been very dedicated, and \nI yield back. Thank you.\n    Mr. Horn. We thank you so much for your nice words for all \nthe Members, and all of our witnesses. We agree with you, and I \nam delighted to now yield to the gentleman who has been here \nright from the beginning of his duties as the ranking member on \nthe side of the subcommittee on government management, Mr. \nTurner from Texas. We are delighted you could make it out of \nthe snow, if you have any down there, and into Washington for \nthis meeting. So thank you very much for all you have done to \nhelp us in the field hearings and everywhere else.\n    Mr. Turner. Thank you, Mr. Chairman. When I left Texas the \nother day, it was 80 degrees.\n    I want to commend you, Mr. Chairman, and Chairwoman \nMorella, for the good work you have done. This task force and \nthese two committees were about a 3\\1/2\\-year project. As I \nrecall, my staff advised me we had 24 different hearings of \nthis subcommittee alone on this subject. Many observers say \nthat the Y2K problem was the greatest management challenge the \nFederal Government has faced, and perhaps that is true. I think \nmost of us had a high degree of confidence after the many \nhearings that we had that we would make it through January 1st \nwithout great problems, but nobody really knew for sure. The \nfact we did make it I am sure is due, in large part, to the \nhard work you, Mr. Chairman, and Chairwoman Morella, have made \nin an effort to make sure the Federal Government is ready.\n    I also want to commend the ranking member of the science \nsubcommittee, Mr. Barcia, and I want to thank Mr. Williamson. \nHe worked very diligently, met with this committee time and \ntime again, and I think, in large part, usual efforts helped us \nget to where we needed to go.\n    Of course, Mr. Koskinen and the President's Y2K council, I \nthink, did an outstanding job. I really felt sorry for you when \nI was watching you on television on New Year's Day and you kept \nholding these press conferences with nothing to say. That is \nthe worst nightmare of any politician, that somehow we would \nhave a press conference and there is nothing to say. But you \nseemed to have survived it well, and you and your council did \nan outstanding job working not only with the public sector and \nFederal agencies, but reaching out to the private sector to \nensure that we got to where we needed to go.\n    That is not to say there weren't significant potential \nproblems. As I recall from many of our hearings, we tried to \nask witnesses that came before us to tell us what they fixed, \nwhat would happen if they had not been diligent about \nremediation of their Y2K problems, and some of the stories we \nheard clearly convinced me that all of the effort and all of \nthe work that took place was needed, did accomplish the desired \nresult, and the fact that we had no great crisis on January 1 \nwas to the credit of all of those many thousands of people who \nspent countless hours and millions of dollars to remediate the \nproblem.\n    We are here today not to congratulate ourselves, but to \nlook back and to review the results of our efforts, to see what \nlessons we have learned. I feel confident we are better \nprepared as a Nation to meet a future national emergency than \nwe have ever been in terms of keeping our computer systems \nworking, which, of course, every facet of our life now depends \nupon our computers working well.\n    So I think we are going to have a good hearing today, and I \nappreciate all the witnesses being here. Again, I would like to \nthank Chairman Horn and Chairwoman Morella for the good work \nthat you did.\n    Mr. Horn. Well, thank you very much. You have sure been \nwith us since the ground floor, and we have another person who \nhas been with us ever since she has been elected to Congress, \nand the gentlewoman from Illinois, Mrs. Biggert, we have held \nhearings in her area, which is a wonderful suburb outside of \nChicago, and we appreciate your regular attendance at these \nmeetings and the contributions you have made in staff meetings \nand Member meetings. So thank you very much for coming to this \nhearing. The gentlewoman from Illinois, Mrs. Biggert.\n    Mrs. Biggert. Thank you, Chairman Horn and Chairwoman \nMorella. Let me thank you for calling this hearing on the \nimpact of the Y2K date change. Contrary to what some people \nfelt might happen, the planes didn't fall from the sky when the \nclock struck midnight, telephones retained their dial tones, \nwater still ran from the faucets and America's New Year's \ncelebrations were not left in the dark. So I think we had a \ngood new year.\n    But remarkably, and a little bit surprisingly, substantial \nY2K problems were not experienced out of this country either, \ndespite the lack of preparation on the part of some of the \nnations' computers and other essential services across the \nglobe. We really saw no major disruptions.\n    But as this committee heard numerous times during its \nhearings, Y2K-related glitches could have had a substantial and \nextremely negative impact on the variety of services, the \nsmooth turnover from 1999 into 2000 is directly related, I \nthink, to the billions of dollars and hundreds of man-hours \ndirected toward preventing and correcting potential Y2K \nproblems. I think it goes without saying that from what we have \nseen, or seen thus far relating to Y2K disruptions, that these \nefforts paid off handsomely. Y2K preparations paid off in other \nways as well as a result of the Y2K concerns; there are now \nthousands more American families that own the equipment, such \nas generators needed to prepare for other types of emergencies, \nnamely snowstorms, floods and hurricanes.\n    All of my family, even my 7-month-old grandson, now have \nnew flashlights and fresh new batteries. Government leaders on \nevery level now have a better understanding of technology, \nmanagement issues and are aware of the importance of \ncooperation between local, State and Federal officials. What is \nmore, the millennium bug provided a reason to upgrade \ngovernment technology systems and to inventory resources.\n    So just being able to say some 3 weeks after the year 2000 \nrollover, it turned out to be a positive experience, that is a \ntestament to the hard work of the House Y2K task force and to \nthe leadership of Chairman Horn and Chairman Morella, and it is \nalso a testament to the efforts of today's witnesses, \nparticularly Mr. Koskinen and Mr. Willemssen and the others at \nthe General Accounting Office. Your work over the last--at \nleast 3 years in raising awareness and highlighting the \npotential problems related to the Y2K date change is to be \nrecognized and commended.\n    I don't want to leave you with the impression that Y2K \nglitches didn't occur. In fact, at least one bank in my home \nState of Illinois did experience some Y2K problems when it was \ntemporarily unable to make some Medicare transactions. The \nFederal Government, I don't think, was immune either. Three of \nthe Federal Housing Administration mission-critical systems \nexperienced problems shortly after January 1st.\n    So we are here today really, I think, to see if there are \nany outstanding Y2K issues and to sort out what went right and \nwhat went wrong, and to help the American people understand \nwhat transpired on January 1, 2000, and let them know about the \nsignificant long-term benefits this situation provided to our \ngovernment and to private industry.\n    So, again, I commend the men for calling the hearing today \nand for all the work you have both done on this important issue \nand look forward to hearing from the witnesses. Thank you.\n    [The prepared statement of Hon. Judy Biggert follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.003\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.004\n    \n    Mr. Horn. Well, thank you very much. I now yield to the \ngentleman from Oregon, Mr. Walden, who has been with us in \nfield hearings and a faithful worker in the very active work of \nthese subcommittees. Mr. Walden, the gentleman from Oregon.\n    Mr. Walden. Thank you very much, Mr. Chairman. I want to \nextend my appreciation to the work you have done and others on \nthis committee certainly for bird-dogging this issue throughout \nthe last year or more. I think in large measure, the report \ncards that you issued were a very positive step in not only \nnotifying our own agencies, but the world, where we stood and \nproved to be a very effective technique for spurring on the \nchanges that needed to be made to cope with the Y2K issue.\n    In my other life, I was a small business owner, and I can \ntell you Y2K was not a cheap thing to go through. Our own \nlittle company spent well over $40,000 in upgrading software. I \nknow that I am not alone in the small business community in \nthat respect. So there was an enormous amount of capital spent \nto deal with this issue, and hopefully the programmers who will \ndeal with the 10K issue, I won't have to help pay for them down \nthe road.\n    But I think it was an excellent exercise. I think it forced \nboth of us in both the government and private industry to do an \nincredible amount of improvement to our software and to our \nhardware. That should help us down the road in a competitive \nstatus as well.\n    So, Mr. Chairman, I again want to thank you for your \ntireless efforts to make that the country was ready, and I look \nforward to hearing from our panelists as well. Thank you.\n    Mr. Horn. I thank the gentleman for your kindness.\n    The next gentleman has also been very active since he has \ncome here in the last election, Mr. Green of Wisconsin, Mark \nGreen. He has been faithfully working on some of these problems \nand has a whole series of other things he wants us to consider \ntoo, and we will.\n    Mr. Green. Thank you, Mr. Chairman. I have no comments at \nthis time, but will look forward to the testimony.\n    Mr. Horn. Thank you very much.\n    Now it is a great pleasure to present the person that put \nthe executive branch together, where it was no question it \nwasn't going anywhere until the President picked Mr. Koskinen \nout of retirement, who delayed his trip to France to have time \nfor retirement after his position as Deputy Director for \nManagement of the Office of Management and Budget. You did a \ngreat job, John, and we are delighted to have you here with \nyour thoughts as to what happened and what did we learn from \nit, and what can we use from it.\n\n   STATEMENTS OF JOHN KOSKINEN, ASSISTANT TO THE PRESIDENT, \nCHAIRMAN, PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION; JOEL C. \nWILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. \n  GENERAL ACCOUNTING OFFICE; CHARLES ROSSOTTI, COMMISSIONER, \n     INTERNAL REVENUE SERVICE; AND FERNANDO BURBANO, CHIEF \n            INFORMATION OFFICER, DEPARTMENT OF STATE\n\n    Mr. Koskinen. Thank you, Mr. Chairman. Good morning. I am \npleased to appear once again before this joint session of the \nsubcommittees to discuss the activities of the President's \nCouncil on Year 2000 Conversion and the Nation's successful \ntransition to the year 2000. With your permission, I will \nsubmit my full statement to the record and summarize it here. I \nappreciate everyone's kind comments and would like to \nacknowledge as well the work of your subcommittees in helping \nto prepare the Federal Government and the country for the \ncentury date change.\n    I appreciate your work and I think it deserves recognition \nas we look back on what has been truly a remarkable effort.\n    I continued to believe that Y2K was the greatest management \nchallenge the world has faced in the last 50 years. Given the \nsize of the task, it is easy to understand why just 2 or 3 \nyears ago many serious people who had looked at the situation \nmaintained there was no way the work could be finished in time. \nWhen I returned to the government in March 1998 to work on Y2K, \nthings were fairly grim. The consensus was the government \nwouldn't make it. In the private sector, information \nbottlenecks were widespread and companies weren't saying much \nabout their own readiness for Y2K.\n    On top of all that, the World Bank released a study showing \nthat three-quarters of the world's countries had no Y2K plans \nat all. In short, Y2K looked too mammoth, too complicated and \ntoo interconnected to be solvable. Now, almost 2 years later, \nthe United States and much of the world have made the \ntransition into the year 2000 with few problems that have had a \nnoticeable impact on the general public.\n    How did it hatch? It wasn't by accident. There was a \ntremendous mobilization of people and resources to make sure \nthat systems would operate effectively into the year 2000. \nDomestically, participants in key infrastructure sectors, such \nas electric power, telecommunications finance and \ntransportation devoted great attention and resources to the \nproblem, and as we moved to the ends of the year, operators of \nsystems in those areas stated they were basically done with \ntheir Y2K work.\n    We reported this information in our last quarterly \nassessment, and, as we expected, there were no major \ninfrastructure failures, nationally or regionally in the United \nStates. The Federal Government was also ready for the year \n2000. Two weeks before the new year, 99.9 percent of the \ngovernment's more than 6,000 mission-critical systems were Y2K \nready.\n    The result was that while it has been noted there have been \nsome glitches, thus far Y2K issues have not affected the major \ngovernment services and benefits provided to the American \npeople.\n    Internationally, after a slow start, countries made a \nconcerted effort to ensure that critical issues would be ready \nfor the date change and, as a general matter, major \ninfrastructure systems abroad functioned smoothly during the \nrollover.\n    There is general agreement that the Y2K transition went \nmore smoothly than any of us would have imagined. In fact, as \nnoted in the week since the rollover, some people have \nsuggested that Y2K was an insignificant problem, hyped by the \nmedia, computer consultants and those with other reasons for \nhoping the world as we know it was about to end.\n    The short answer is that I don't know of a single person \nworking on Y2K who thinks that they did not confront and avoid \na major risk of systemic failure. Indeed, some of the \nnoteworthy problems we have seen from difficulties at State \nmotor vehicle offices to credit card processing problems to its \nDefense Department satellite system failure, proved that Y2K \nwas a very real threat indeed.\n    While I do not think that the significance of the Y2K \nproblems was exaggerated, there were those who disagreed with \nour reports indicating that the problem was being successfully \naddressed. This form of hype can be traced to the skepticism \nand disbelief in some quarters that companies or governments \nreporting on their own progress could be telling the truth. In \nthe United States, I kept reminding my doomsayer friends that \nit made no sense to discount these reports, since everyone who \nwas in a position of responsibility would be easily found after \nJanuary 1. Many continued to assume the worst would \nmaterialize, some now discounting the significance of the Y2K \nthreat point to the relative lack of major disruptions abroad.\n    How did countries that appeared to have spent so little and \nwere thought to be relatively unprepared emerge unscathed? \nHere, I think, there were a number of factors at work. Chief \namong them was the difficulty of getting accurate status \nreports, especially internationally on a fast-moving issue such \nas Y2K. Information 3 months old was out-of-date. But in the \nabsence of additional details, people often relied on that \nolder information, and then were surprised when it turned out \nto have been overtaken by subsequent progress.\n    Additionally, once you get beyond the world's largest users \nof information technology, countries like the United States, \nCanada, Japan and the United Kingdom, the reliance upon \ninformation technology drops off quickly. Furthermore, the \ntechnology being used in other countries is more likely to be \noff the shelf and not customized applications that are more \ndifficult to fix.\n    Finally, countries starting later had the benefits of the \nlessons learned by those working on Y2K for several years. We \nspent a lot of time in the last 12 months encouraging the \nsharing of technical information about problems, products, \nfixes and testing techniques, and I think it is obvious that \nworked paid off.\n    So what lessons can we draw from the Y2K experience? First, \nY2K has taught us that top management needs to be more involved \nin information technology on an ongoing basis, since \ninformation technology cuts to the very heart of how \norganizations conduct their business. In many companies, it was \nonly when the board of directors or the chief executive officer \ntook ownership of the problem that we could see the first signs \nof any real progress.\n    Y2K has also shown us that we need to do a better job of \nconfiguration management, in other words, keeping track of the \ntechnology we use and the functions it performs. Y2K provided \nmany large firms a reason to conduct, for the first time ever, \na comprehensive inventory of their information technology \ninfrastructure and processes.\n    Not surprisingly, organizations found that some systems \ncould be discarded without any loss in productivity. Other \nsystems were replaced by newer, more efficient models. Third, \nY2K has demonstrated the value of forming partnerships across \ntraditional boundaries to achieve a common goal. In addition to \nshowing us the increasing interconnectedness of organizations \nthrough technology, Y2K highlighted the fact that private \nindustry and government can work together to address major \nnational issues.\n    I think that spirit of partnership obviously extended to \nthe political arena as well. Most people realized early on \nthere was not a Democratic or Republican solution to this \nproblem, and we really have worked well together, particularly \nin the partnership that led to the passage of the Year 2000 \nInformation Readiness and Disclosure Act in 1998.\n    Finally, I think that Y2K has demonstrated that we need to \ninclude the American public in the discussions about any future \nlarge-scale challenges. Given the facts, whatever they are, \npeople generally responded appropriately. Even when industry \nand government information provided to the public revealed that \nthere was still substantial work left to do, people were \nreassured rather than alarmed. They seemed comforted to know \ntheir organizations were treating the problem seriously, were \nworking together to solve it, and would keep them informed with \nthe status of the situation.\n    The President's Council will soon cease its operations. \nBefore we post the going-out-of-business sign, we will focus on \nmonitoring activities during the leap year rollover. We do not \nexpect any major national problems and we anticipate the \nCouncil will shut down for good by the end of March.\n    In closing, I would like to echo the comments made that the \nFederal Government and the country's successful resolution of \nthe Y2K problem attributes to the skill, dedication and hard \nwork of thousands of professionals that have focused on this \nissue. It has been my pleasure to assist them as part of this \nvital national effort, and I look forward to answering any \nquestions you may have at the conclusion of the other \nstatements.\n    Mr. Horn. Thank you very much.\n    [The prepared statement of Mr. Koskinen follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.005\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.006\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.007\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.008\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.009\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.010\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.011\n    \n    Mr. Horn. We will go down, as you know, with this panel and \nthen open it up to questions, because I think some of the \ninformation will jibe and some won't.\n    The gentleman from the General Accounting Office, Mr. Joel \nWillemssen, the Director of Civil Agencies Information Systems, \nAccounting and Information Management Division. Mr. Willemssen \nhas gone all over the United States with the subcommittee on \ngovernment management and has been an active participant in the \nvarious panels we have had of government officials, private \nsector and so on. So it is a pleasure to have you here.\n    I know you were working right up to midnight there, as I \nsaw you in John's command center. So we appreciate all you have \ndone and your team at the General Accounting Office.\n    Mr. Willemssen. Thank you, Mr. Chairman, Chairwoman \nMorella, Ranking Member Turner, members of the subcommittees, \nthank you for inviting us to testify today. As requested, I \nwill summarize our statement.\n    Overall, during the rollover period, our country had \nrelatively few Y2K-related errors that affected the delivery of \nkey services. While the Y2K challenge is not yet over, because \nsome key business processes have not yet been fully executed \nand some risky dates remain, the Nation's success thus far is a \nvery positive indicator that these hurdles will also be \novercome. The leadership exhibited by the legislative and the \nexecutive branches and the partnerships formed by numerous \norganizations were pivotal factors behind the success.\n    The Y2K-related errors that were experienced during the \nrollover generally did not affect the delivery of key services \nbecause they were either corrected quickly or contingency plans \nwere implemented. A key reason that Y2K errors had little \neffect on the delivery of services is that Federal agencies and \nother organizations used the rollover weekend to identify and \ncorrect errors before the problems resulted in operational \nconsequences.\n    In the Federal Government, the few Y2K disruptions that \nwere significant were mitigated by quick action. For example, \nthe Department of Defense, Health Care Financing Administration \nand Federal Aviation Administration each experienced \nsignificant Y2K events that they were able to address quickly.\n    For high impact State-administered problems such as \nMedicaid, food stamps and unemployment insurance, actions by \nStates and the Federal Departments of Agriculture, Health and \nHuman Services and Labor have paid off. Errors reported were \noften cosmetic printing or display problems with few failures \nresulting in disruptions to service.\n    The threat posed by Y2K was a much needed wake-up call for \norganizations to improve their management of information \ntechnology. Y2K has laid a foundation for longer term \nimprovements in the way that Federal Government manages \ninformation technology. I would like to quickly summarize some \nof the key lessons that we have learned out of the Y2K \nexperience.\n    First, as mentioned, one of the most important factors \nunderpinning the success of Y2K was leadership at the highest \nlevels of government. In particular, congressional oversight \nplayed a central role in pushing agencies forward on Y2K. Mr. \nKoskinen and the President's Y2K Council provided strong \neffective leadership.\n    Second, Y2K served as a notice to many on how much we rely \non information technology to deliver key services.\n    Third, there was standard guidance that was put together \nthat was universally accepted, adopted and implemented, which \nfacilitated Y2K efforts and oversight. Such guidance provided \nconsistency, imposed structure and discipline and enhanced the \nrigor of testing and assessment efforts.\n    Fourth, as Mr. Koskinen mentioned, the establishment of \npartnerships among various organizations was especially \nimportant. In particular, the partnerships formed by Mr. \nKoskinen, Federal agencies and private sector organizations \nwere instrumental to the Nation's Y2K efforts.\n    Fifth, we found that using standard techniques and metrics \nto monitor performance was especially helpful in measuring \nprogress and remaining challenges.\n    Finally, Y2K saw many agencies take charge of their \ninformation technology resources in much more active ways. In \nmany instances, it forced agencies to inventory their systems \nand to link those systems to agencies' core business processes. \nAlso the development and testing of contingency plans should \nhave benefits way beyond Y2K.\n    Further, Y2K prompted agencies to establish needed policies \nin areas such as configuration management, risk management and \nsoftware testing.\n    In summary, the Y2K rollover was clearly a success for our \nNation. A key challenge now for the Federal Government is \nensuring that the lessons learned in addressing Y2K can be \neffectively used to improve overall information technology \nmanagement.\n    That concludes the summary of my statement. Thank you very \nmuch.\n    Mr. Horn. I thank you very much. We have a lot to pursue in \nyour very fine document here as to what did go wrong.\n    [The prepared statement of Mr. Willemssen follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.012\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.013\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.014\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.015\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.016\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.017\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.018\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.019\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.020\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.021\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.022\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.023\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.024\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.025\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.026\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.027\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.028\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.029\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.030\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.031\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.032\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.033\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.034\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.035\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.036\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.037\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.038\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.039\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.040\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.041\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.042\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.043\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.044\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.045\n    \n    Mr. Horn. It is always a pleasure to have the Commissioner \nof Internal Revenue here. We will see you again on April 15th. \nWe would love to hear your statement, because you had a lot of \nburdens counting on it, people that wanted refunds and all the \nrest of it. So thank you, Commissioner, for being here.\n    Mr. Rossotti. Thank you, Mr. Chairman. It is good to be \nhere. Madam Chairman and distinguished Members, I am very \npleased to report that the IRS experienced a smooth Y2K \nrollover starting on December 29th and continuing up to the \npresent with fewer problems this January than we normally \nexperience in a normal January. To date, we have had good \nsuccess. It was hard work and our success can be attributed to \nthe comprehensive planning and preparations we have conducted \nover the last 3\\1/2\\ years. We also are very grateful for the \nguidance and assistance you provided, your committee, as well \nas Mr. Koskinen and GAO.\n    I do want to note we cannot yet declare total victory on \nY2K at the IRS. Some risks do remain, and in particular, we \nhave to be very vigilant about Y2K problems that could still \ncrop up during our high volume tax filing season, which really \nstarts in February and continues through April.\n    As I discussed in previous hearings, the scope of the Y2K \nproblem at the IRS was enormous and required a significant \ninvestment, about $1.3 billion, to plan and prepare.\n    But fortunately, that investment was made. Had we not \nadequately prepared for Y2K, I think it is fair to say the tax \nsystem of the United States would simply have ground to a halt. \nIn my written testimony, I described several scenarios for \ntoday, I picked out a few of the events that would have \noccurred.\n    For example, our 14-year-old system for entering data from \npaper tax returns would have stopped working if we had simply \nallowed it to roll over without modification. This particular \ncombination of hardware, software and third-party products \ncould not be renovated, and therefore, was totally redesigned \nand replaced during 1998 and 1999. Without this system, about \n90 million individual income tax returns that come in on paper \nwould have just been piling up right now.\n    Second, interest and penalty calculations would have been \nincorrect and would have generated wrong notices to taxpayers. \nFor example, if we had not replaced the system, we would have \nsent about 67 million wrong notices to taxpayers telling them \nthat they owe money to the IRS. Those numbers would have been \nwrong.\n    Third, our data transfers with important external \norganizations such as the financial management service and the \nFederal Reserve Bank would have failed because of incompatible \ndates. This would have impaired or eliminated the ability to \nissue about 80 million refunds.\n    Just a final example, I think this is particularly \ninteresting, and certainly not unexpected, but after years of \nfixing and testing these systems, we did one final end-to-end \ntest that was completed about the middle of December. This \nparticular final end-to-end test identified 175 problems. Some \nof those would have been very serious had we not fixed them at \nthe end. For example, a system that generates new balance \nnotices to taxpayers for certain tax periods was displaying the \ndate as 2099 instead of 1999 for some of those notices.\n    So if this problem had not been fixed, we would have been \nsending out hundreds of thousands of notices to taxpayers with \nincorrect tax periods and wrong payment dates that would have \ngenerated mass confusion among those taxpayers, and this was \njust only one example. There are many more scenarios in my \nwritten testimony. Of course, none of these things actually did \nhappen, and that was simply because we acted in time to solve \nthe problems.\n    Now, the question is sometimes asked in the form of was Y2K \na blessing in disguise? I would have to say that I would not \nconsider it to have been a blessing, whether it was disguised \nor not disguised, but there are some important residual \nbenefits in the IRS that we will realize from the investment. I \nwill mention the four most important.\n    The first is we did replace a lot of obsolete hardware and \nsystem software products. As a result of the Y2K program, most \nof our hardware in the IRS has been replaced, since most of it \nwas really obsolete, and software releases have been brought \nup-to-date. This bringing up-to-date of this infrastructure is \nessential for supporting what we are now embarked on, our \ntechnology modernization program, and, of course, it is \nimperative that we have adequate annual replacements of \nhardware and regular routine upgrades of software releases in \norder to keep this vast installed base up-to-date.\n    Second, we did implement some very important improvements \nin our program management practices. Our Y2K program was \nsuccessful largely because effective program management \npractices were implemented over the last 3 years. These \npractices will be extremely valuable as we now move forward \nwith our technology modernization program.\n    I do want to note as challenging as Y2K was, our \nmodernization program imposes even more and different \nchallenges because it involves major business changes as well \nas technology.\n    Third, we were able to standardize many products. The IRS-\ninstalled base of hardware and software was not only obsolete, \nit was heterogeneous in the extreme. The Y2K program has \nallowed us to set up and largely implement standard products. \nBecause of our reorganization under the leadership of our CIO, \nPaul Cosgrave, we now have the management structure and \ndelegated authority in place to make design and procurement \ndecisions to maintain standardization of technology.\n    Finally, we implemented improved inventory management. GAO \nhas justly criticized the IRS for years for the poor condition \nof our IT inventory. Because of Y2K, we were forced to examine \nour inventory and bring it up-to-date as never before. So the \ncondition of our inventory records is greatly improved, \nalthough I have to note it is still not fully where it needs to \nbe, and there is much that needs to be done in the future on \nthat problem.\n    In conclusion, Mr. Chairman, we are gratified with our \nresults. I stress there are still some risks that remain. \nClearly, we gained some residual benefits which will be of \ngreat value as we proceed to our even more challenging business \nsystem modernization programs. These benefits will only be \nrealized if we actively continue the practices established \nduring Y2K, including regular replacement and upgrades of \nhardware and software. We will keep the subcommittees apprised \nof any remaining problems and our actions to correct them.\n    I thank you for the opportunity to discuss our efforts, and \ncertainly thank you for your interest and support over the last \n3 years.\n    Mr. Horn. Well, we thank you very much.\n    [The prepared statement of Mr. Rossotti follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.046\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.047\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.048\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.049\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.050\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.051\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.052\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.053\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.054\n    \n    Mr. Horn. As Mr. Koskinen leaves the scene, there is no \nquestion in my mind the toughest job in the executive branch is \nthe Commissioner of Internal Revenue. If anybody is going to \nturn that agency around, you are.\n    So, thank you.\n    The last witness on this panel is Mr. Fernando Burbano, the \nChief Information Officer of the Department of State. We are \nglad to have you here.\n    Mr. Burbano. Thank you, Mr. Chairman, Madam Chairwoman and \ndistinguished members of both committees. Since my oral \ntestimony is limited to 5 minutes, my written testimony \nincludes more detail.\n    As chairman of the CIO Council Subcommittee on Critical \nInfrastructure Protection, I am pleased to have this \nopportunity to discuss how lessons learned, products and \nprocesses developed in support of Y2K, can be leveraged into \nour ongoing critical infrastructure security efforts and \nchallenges facing Federal agencies in implementing security \npleasures.\n    As well, in my role as CIO of the State Department, I would \nlike to thank you for providing me this opportunity to talk \nabout the results and continuing impacts of the Department's \nsuccessful Y2K preparation efforts. The Department of State, \nalong with rest of the Federal Government, showed just how \npowerful and effective we can be when we are singularly focused \nand committed to solving a problem and are provided the \nnecessary resources to get the job done.\n    First, let me quickly address the cost of preparing for \nY2K. The question is, did we spend too much? The answer is very \nsimple: Absolutely not. We should be careful not to confuse the \nlack of catastrophic disruptions with unnecessary preparations \nby the Federal Government.\n    Now, moving on to the actual results of the Y2K rollover \nand its impacts to the global community. In general, there are \nfew and only minor Y2K failures reported internationally, and \nnone that impacted the safety of American citizens worldwide. I \nbelieve this global success is a direct result of the U.S. \nGovernment's international outreach and awareness campaign led \nby the Department of State, the Department of Defense and the \nPresident's Council on the Y2K Conversion, in coordination with \nthe United Nations and World Bank.\n    Embassies representing the U.S. presence in over 160 \ncountries around the world played a key role in monitoring and \nreporting events in their host countries and post facilities \nthrough a Y2K task force convened in State's operations center. \nAdditionally, internal State Department systems fared \nexceptionally well throughout the rollover, experiencing no \nsignificant failures among our mission critical, critical and \nroutine systems.\n    As you are well aware, many of the products and processes \ndeveloped to address Y2K problems can be applied to future \nchallenges and serve as the foundation for managing issues with \ncross-agency and public-private boundaries, including critical \ninfrastructure protection. In fact, much of the work already \ndone is a prerequisite for PDD 63, critical infrastructure \nprotection, Clinger-Cohen, and other government performance \nresults act initiatives.\n    Specifically, Y2K preparation forced government agencies to \ntake a close look at its IT applications and produce a complete \nprioritized inventory. This is a critical first step to \nidentifying and refining the mission essential infrastructure \nas required by PDD 63.\n    The Y2K effort produced program management methodologies \nwhich were applied across all government agencies and included \nexecutive and congressional oversight, Assistant Secretary \nlevel management and repeatable standardized measures and \nprocesses. This management structure can also be applied to \ncritical infrastructure protection.\n    All elements of the Federal Government reviewed and \ndeveloped contingency plans for critical business processes. \nThe development of these contingency plans resulted in a \ngreater understanding by senior policy managers of the \ndependency of business processes on IT systems. Additionally, \nthese plans are durable beyond Y2K established a foundation for \nall future contingency operations planning.\n    For the Y2K rollover period, the government developed a \nrobust global reporting structural which can be leveraged into \na mechanism for monitoring threats against critical \ninfrastructure elements. For example, within the Department of \nState, we have developed a web-based geographic information \nsystem to collect cyber-threat information from all overseas \nposts. This tool can serve as a pilot system for other agencies \nto collect and analyze cyber-threat data.\n    Finally, Y2K preparation efforts increased the level of \ninteragency cooperation and coordination between the public and \nprivate sectors. The same working level teamwork will be \nrequired to effectively implement critical infrastructure \nprotection plans.\n    There are two areas which I believe allow the Federal \nGovernment to successfully overcome widespread Y2K problems in \nthe face of an unmovable tight deadline.\n    First, continued participation by key congressional \noversight organizations provided Federal Y2K programs the \nauthority needed to push agency resources to their limits.\n    Second, the ability of Federal Y2K programs to rapidly \nobtain and more importantly retain adequate separate \nsupplemental funding, specifically designated for Y2K, allowed \neach agency to acquire the resources necessary to achieve the \ntime sensitive objectives.\n    This ability of Federal agencies to have access to a \ncongressionally managed yet continuous separate supplemental \nfunding stream designated specifically for the Y2K effort \nallowed Federal CIOs and Y2K program managers the ability to \nacquire and retain qualified resources in the needed quantity.\n    Critical infrastructure protection requires the same \napproach. Involvement by Congress and other oversight \norganizations to raise the level of awareness and visibility \nthroughout the Federal community and overseas CIP \nimplementation in support of national security goals is vital, \nand this activity is already underway.\n    But just as important to me and my colleagues through our \ngovernment is access to funding which allows each of us to \nbegin developing and implementing our plans in accordance with \nPDD 63 and other critical infrastructure protection guidance \nand statutes.\n    One of the key obstacles preventing agencies from \nimmediately pursuing CIP initiatives is the lack of current \nfunding for these projects. Due to the Federal Government's \nbudget cycle, forecasting the future work is done 2 years prior \nto the budget year. Therefore, as new requirements are levied, \ncurrent agency budgets do not reflect changing priorities and \nrequirements, such as the need for critical infrastructure \nprotection implementation initiative. In light of this, there \nare numerous events that have prevented agencies from \nadequately addressing current CIP implementation requirements \nin their fiscal year 2000 and fiscal year 2001 budgets.\n    First, the unprecedented and unpredictable growth of \nInternet use and technologies over the last 2 years; second, \nthe corresponding collateral growth of the cyber underworld \nduring this same period; third, the extent to which our daily \nbusiness relies on Internet-based systems and the fundamental \nshift of business tools to be used in a web-based environment; \nfinally, expanding CIP requirements on Federal agencies, \nincluding the recent critical infrastructure plan released and \nits 10 programs, some of which require immediate \nimplementation.\n    These are just some of the reasons why Federal agencies are \npoorly positioned to successfully implement critical \ninfrastructure to address the challenge posed by the ever-\ngrowing cyber underworld, not to mention to be in compliance \nwith executive guidance. Although we of the CIO council fully \nunderstand fiscal constraints, reallocation of such a fraction \nof the current surplus would be a solid investment for the \nprotection of the Federal Government's critical infrastructure.\n    In closing, it is my belief and the belief of members of my \nsubcommittee and CIO's across the Federal Government that in \norder for the national CIP initiatives to be fully successful, \ncontinued congressional support as well as the ability to get \naccess to specific CIP and security-related funding is vital. I \ncannot emphasize that without congressional-backed support, \nincluding adequate funding, we on the subcommittee of the \ncritical infrastructure committee believe that the government \nwill significantly fall short of national critical \ninfrastructure protection goals. Thank you.\n    Mr. Horn. We thank you very much for that statement.\n    [The prepared statement of Mr. Burbano follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.055\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.056\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.057\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.058\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.059\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.060\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.061\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.062\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.063\n    \n    Mr. Horn. We are sure there will be questions for every \nwitness. I am going to start with the cochairman of the task \nforce, the gentlewoman from Maryland, to begin the questioning. \nIt will be limited to 5 minutes by each Member, and it will \nalternate between those who have not had a chance, starting \nwith Mr. Turner after the gentlewoman from Maryland.\n    Mrs. Morella. Thank you, Mr. Chairman.\n    You know, I hear from all of you some of the same results \nassessments. First of all, you became more familiar in your \nvarious agencies, departments, groups with whom you work, with \ninformation technology and its role in the future. Second, \nthere was an assessment of the systems that you have, so you \nare ready to move ahead with information technology.\n    Also, I think, rising to the forefront is the concept of \nthe partnerships, partnerships within the Federal Government, \nthe executive branch, legislative branch, but also partnerships \nwith the private sector, partnerships with local governments. I \nthink that is something that we could all learn from and hope \nto continue to preserve.\n    We also--I think you all said you felt this was very \nimportant and that it did prevent some big problems.\n    My two questions I am going to meld into one because of the \ntime constraints. First of all, I am surprised myself that \nthere weren't some problems with the Pakistans of this world, \nRussia. They didn't seem to have any major problems. These are \nplaces with older computer systems. I just wondered if you all \nwere surprised at the lack of the problems we have heard about \nemanating from those countries and other countries that would \nbe in the same category?\n    Second part, as we look to leap year, February 29th, do you \nforesee any major or minor problems? Is there something we \nshould be doing about that?\n    I guess I could start then with Chairman Koskinen.\n    Mr. Koskinen. Well, as I noted in my testimony, I think \nthings did go better abroad than anyone had expected. \nPartially, though, I think that is because we fell prey to what \nI thought people did here, which is we didn't believe other \ncountries when they gave us their progress reports.\n    In the last 2 months of the year, country after country \nissued reports that didn't say there wasn't a problem, but \nbasically said they identified the places where they needed to \napply resources; they had done that effectively and they were \nprepared. We all sort of said it was late in the day, are they \nreally prepared? It turned out they were, for a number of \nreasons that I discussed.\n    One is, a lot of them had much less reliance on information \ntechnology, certainly in their infrastructure, than we do here. \nIn fact, I think there are a relatively small number of \ncountries in the world that have complicated computerized \ncontrol systems for their infrastructure that put them at risk. \nSo a lot of countries discovered that the embedded-chips did \nnot create a problem for their infrastructure.\n    In fact, in the last quarter of last year, we noted, based \non testimony and information from industry experts, that it was \nunlikely that the lights would go out anywhere or that a dial \ntone would stop anywhere, that the risk in infrastructure \nsystems with embedded systems was gradual degradation of \nservice over a period of time.\n    So in the countries that we knew were in the middle--the \ntruly developing countries have very little IT and were at risk \nprimarily in financial systems, it was the Pakistans, \nIndonesias, Russias, Chinas of the world--that had a reasonable \nreliance on information technology, where people were concerned \nabout how much they had done.\n    I think it is a combination of the fact that they started \nlate, but they spent a lot of time in the last 6 to 9 months \nworking hard on it. They got the benefit of learning from \neverybody else. There was a tremendous amount of information \nexchanged as we moved through it, and third, a lot of their \nsystems are still analog, they are not digital. They did not \ndepend upon new digitalized equipment, and therefore, they were \nable to prioritize their resources in a much more focused way.\n    But I would emphasize that the image of those countries, as \nif they didn't do anything, they were unconcerned and just \nwaited around, was wrong. We met with 173 country delegates in \nJune at the United Nations, and every one of those countries \nunderstood this was a problem that, in some degree, affected \nthem. Every one of those countries was then focused on Y2K, \nevery country met at least twice in every region of the world \ncooperating, or most of the countries did, cooperating, sharing \ninformation.\n    So I think what happened was in that last 6 months far more \nwork was done in a very focused, effective way than any of us \nwere able to get a window on.\n    With regard to February 29th, it has turned out in testing, \ncertainly in the Federal systems and in the private sector, \nthat there have been more mistakes than one would have thought. \nYou would have thought people would have gotten the right \nresult for the wrong reason, which is, they didn't understand \nthe rule of centuries, they just divided by 4 and figured out \nthe year 2000 was a leap year.\n    It turned out there were a reasonable number of programmers \nthat had just enough information to be dangerous, which is, \nthey knew centuries generally aren't leap years, they just \ndidn't know the rule of the exception divisible by 400.\n    So this is primarily a software problem, although there \nwere some potential embedded chip and system operations \nproblems. Our judgment is we will see no more glitches than we \nsaw on January 1, which were relatively minor and modest.\n    We are going to monitor it for two reasons. One is we think \nit is important for those who are operating systems to \nunderstand it is a real problem and there is still time for \nthem to test their systems. Most major companies have already \ndone that.\n    Second, it will be important to monitor the 3 days: the \n28th, 29th and 1st of March, so the glitches that occur, and I \nthink inevitably there will be some, are put in the appropriate \ncontext. If we had not been able to identify the limited nature \nof the glitches as they occurred over that first 2 or 3 days on \nthe rollover, we would have had a very different media \nresponse. When reports came in of legitimate glitches, the \nfact, we were able to confirm their accuracy, but expand by \nsaying that is the only country in which it happened, or the \nonly area that happened. It allowed us to put the glitch in the \nright context. Absent that, you would have had a greater \nlikelihood of unnecessary overreaction by either the media or \nthe public. We don't expect there will be many glitches, but we \nthink it is important for the public to know where they are and \nwhat their significance is.\n    Mrs. Morella. I would like to give you opportunity to \nrespond, Mr. Burbano. Incidentally, I love that acronym for the \ncritical infrastructure, CIAO. It is easy to remember.\n    Mr. Burbano. Thank you. Working at the State Department, I \nhad a great opportunity to actually go overseas to many of the \ncountries and meet the John Koskinens of those countries and \ntheir sector leaders. I found two things quite interesting, and \nthat is why I personally wasn't too surprised.\n    One is in talking to them, I found out they were not as \nautomated as some of the people thought they were. But more \nimportantly, the culture in a lot of these countries is not to \nreport the status of government systems, whether it is good or \nbad, believe it or not. But they will reveal more orally, which \nobviously when you try to track status, is the only thing that \nare looked at is written, and if you don't have information to \nprovide, you assume the worst, and that is why they don't get \nreported as well. Those were the two reasons I found.\n    Mrs. Morella. Like people say about the President, \nunderestimate so that the results will be attributed to you, \nhowever it comes out.\n    Mr. Horn. I thank the gentlewoman.\n    I now yield to the gentleman from Texas, Mr. Turner, the \nranking member, 5 minutes for questioning.\n    Mr. Turner. Thank you, Mr. Chairman.\n    Mr. Koskinen, I don't know if you have this information or \nare set up to collect it, but earlier we had a lot of dire \npredictions about lawsuits being filed all over the place \nregarding Y2K problems, and I would be curious as to whether or \nnot any of that has occurred and the degree to which that was a \nsignificance problem?\n    Mr. Koskinen. Well, some of us maintained last year that \nyou couldn't have massive lawsuits without having massive \nfailures, and therefore, at least the President Council's \nposition was there was not likely to be this flood of \nlitigation, because there was not likely to be a flood of \nfailures.\n    That turns out to have been correct. There have been a \nrelatively modest number, but significant lawsuits have been \nfiled where people are arguing about who is going to pay for \nthe fixes, and the question is whether insurance policies cover \nthe failures that companies avoided, particularly in major \ncompanies in the United States.\n    But as a general matter, in the absence of any very \nsignificant Y2K failures since the 1st of the year, obviously, \nyou can't have a lawsuit if you don't have somebody damaged in \nsome way. So at this juncture, the only lawsuits out there are \nprimarily focused on arguments between those who fixed the \nsystems and primarily their insurance companies about who ought \nto pay for it. Even that is not anything like a flood of \nlitigation.\n    Mr. Turner. As I recall, of those issues that you mentioned \nregarding who should pay for fixing, it was not the subject of \nthe litigation nor the success of the legislation that \nattracted so much attention in the Congress, because all issues \nwere separate and aside from the issues that were dealt with in \nthe Y2K litigation.\n    Mr. Koskinen. That is right. The legislation that the \nCongress passed primarily addressed the rights and \nresponsibilities of potential plaintiffs and defendants if \nthere were system failures, focused primarily on giving \npotential defendants the opportunity and the right to fix any \nof those failures within a defined period of time, and again, \nsince there have been relatively few of those problems that \namounted to much, there have been a lot of glitches along the \nway, there hasn't been much need for the legislation. But I am \nsure people would argue that since there were great risks, if \nwe didn't get the work done, that there would be failures, \nthere was some potential that the failures obviously would have \ngenerated litigation. The fact that we haven't had the failures \nhas had the side effect that we are not going to much \nlitigation.\n    Mr. Turner. That is all I have, Mr. Chairman. Thank you.\n    Mr. Horn. Thank you very much.\n    We are in the question period. Does the gentlewoman from \nIllinois have some questions? The gentlewoman is recognized for \n5 minutes.\n    Mrs. Biggert. Thank you.\n    As far as what is going to happen in the future, will there \nbe a plan like continuation of your Council, or is there going \nto be an office that will remain after probably the leap year?\n    Mr. Koskinen. Well, if there is, it won't have me in it. \nNo, the Council will, as I noted, fold up its tent and fade \naway into the dusk, probably by the end of March. The issue \ngoing forward that Mr. Burbano noted that people are focused on \nis how will we deal with information technology security and \nthreats to the critical infrastructure, and there is a \nPresidential decision directive, PDD 63, that sets out a \nstructure and an organizational framework for dealing with \nthose issues, coordinated by the National Security Council out \nof the White House. So that operation, while we have been \ncoordinating very closely together over the last 2 years, will \ncontinue, but it is already set up in the Critical \nInfrastructure Assurance Organization [CIAO], as Chairwoman \nMorella noted, and that will be separate from the President's \nCouncil.\n    Mrs. Biggert. So there will no longer be a CIO czar?\n    Mr. Koskinen. That is right. I never saw myself as the CIO \nczar. The CIOs actually have been very capable of taking care \nof themselves.\n    Mrs. Biggert. Again to Mr. Koskinen, what was the biggest \nsurprise of the rollover?\n    Mr. Koskinen. Well, if you look back at our quarterly \nassessments, we did four of those. In the last one we put out \nin the fall, basically in the United States the rollover went \nas we predicted. We said there were going to be no national \ninfrastructure failures, there would be no regional failures, \nif there were any failures, there would be isolated problems at \nthe local level. That is what we basically have seen. So in the \nUnited States we have been pleased that there haven't been more \nvisible problems for small businesses. A number of them have \nhad glitches, but they seem to have been able to deal with \nthose, because that was an area we were concerned about.\n    So, like others, I think the bigger area of uncertainty for \nus was what was going to happen abroad. Again, we did not think \nas we noted in our report and in a report by the Department of \nCommerce that any glitches abroad would have any significant or \nnoticeable impact on the American economy.\n    We looked at the range of possibilities, where the \ncountries were that were at risk, and where our trade and \nbusiness partners were, and it was clear to us, no matter what \nhappened in the countries we thought were at risk, it was not \ngoing to have an economic impact on us. That also turned out to \nbe true.\n    But as we discussed earlier, I think all of us were, \nprimarily for a lack of information, concerned about a number \nof countries that rely on some information technology who \nstarted late, where it was hard to know exactly how much work \nthey had gotten done in the last 6 to 9 months of 1999. It \nturned out that in their basic infrastructure, I think \nprimarily because it was not as much at risk as we might have \nsuspected, there haven't been any infrastructure failures.\n    The other thing to bear in mind is in the areas where I \nthink they were at greatest risk, which is in financial \ntransactions and communications, those systems were being \ntested and worked on for the last 2 years on an international \nbasis. So even in a country that didn't have an organized \nprocess for infrastructure protection, its banking system had \nto be testing and working with other banking systems, because \nthe central bankers around the world for the last 2 years \nfocused on that. That was, in many ways I think, the biggest \nrisk they had and the biggest success they had.\n    Mrs. Biggert. I guess just one last question, that so many \nvaluable lessons came out of the experience, and how are we \ngoing to ensure that these lessons aren't lost if we don't \ncontinue on after leap year day, February 29th, I guess it is?\n    Mr. Koskinen. We created in my prior incarnation, with the \nhelp of this committee and others, the Clinger-Cohen Act and \nthe Chief Information Officers Council and CIOs in all of the \nagencies, with the idea they would be as they have been the \nfocus for information technology issues across the government.\n    That council is chaired by my successor as the Deputy \nDirector for Management at OMB, and independent of the \ninformation technology issues, the security issues that are \nunder the critical infrastructure assurance organization, but \nfocused on by the CIOs as well, there is an existing vehicle \nthat I think, over the last 3 years of its existence, has \nturned out to be very effective for bringing together all of \nthe Federal agencies and their senior information technology \npeople to work together on isolating and identifying what are \nthe critical challenges the Federal Government faces, how \nshould we be organized to deal with those, and then \nimplementing those situation suggestions.\n    Mrs. Biggert. Thank you. Thank you, Mr. Chairman.\n    Mr. Horn. Thank you very much. Let me ask you, Mr. \nKoskinen, you have had a lot of experience in the executive \nbranch, first in OMB and other consultant operations, and, of \ncourse, this. You note in your formal statement here, and you \nmentioned it also, I believe, in your oral summary, this is the \ngreatest management challenge the world has faced in the last \n50 years. I think there is probably a lot of truth to that on \nthe world.\n    But when we look at major management challenges within the \nexecutive branch over 50 to 60 years, we see the atomic bomb \nand the hydrogen bomb, major challenges of how you put that \ntogether; going to the moon is certainly another one, setting a \ngoal as President Kennedy there; Admiral Rickover and the \nnuclear Navy, where you cut through a lot of bureaucracy and \ngot the job done.\n    I guess I would ask you, as you look here, how do \nPresidents best get served in dealing with those management \nproblems and the one you just presided over? So give us a \nlittle insight into that.\n    Mr. Koskinen. Well, as I say, I think the difference \nbetween the Y2K problem and the other significant challenges \nyou floated, which I think were important for the country is, \nthis was a challenge that affected every system in the Federal \nGovernment, every agency. So it was not a question of having \nNASA or the Energy Department or someone else focusing on a \nvery major challenge.\n    This was a challenge of having every Federal agency, large \nand small, challenged at the same time, not only within each \nagency but across agency lines. The Treasury Department \nservices and provides financial services to a wide range of \nFederal agencies, for example.\n    I think in all of those cases, what is needed is for people \nto identify the problem and for it to have a high level of \ncommitment and attention from the Congress as well as from the \nexecutive branch. Again, I think the structure set up of the \nCIO council for information technology challenges going forward \nis an effective structural vehicle for the government to be \nable to surface what the issues are and deal with them \neffectively.\n    So as we move forward, I think information technology is \nnot a series of episodic challenges for us. Information \ntechnology is an ongoing issue, not just for the Federal \nGovernment, but for the private sector and world as we become \nmore reliant on information technology for everything from \ncommunication to financial transactions.\n    Mr. Horn. What do you see based on usual experience as to \nthe one or two management challenges after this is done? What \ndo you see? You have had a real eye-opener, I think, throughout \nthe last few years.\n    Mr. Koskinen. Clearly information technology is a \nchallenge. I think it has affected our ability to modernize \nsystems across the government, to have them implemented and \noperate effectively, has been for some time and will continue \nto be a challenge.\n    I think performance measurement. I was a great supporter of \nthe Government Performance and Results Act. I think it is \nimportant, not only for effective management within the \ngovernment, but for an improved dialog with the public about \nwhat our goals are and our objectives are and how we are doing \nand achieving those.\n    So as we go forward, I think we have on our plate \nsignificant challenges, and we probably don't have to reach out \nand find new ones. If we could handle both of those \neffectively, deliver services more effectively under GPRA and \nprovide improved updated modernized information technology \ndelivery systems across the government, I think we are headed \nin the right direction in those areas, but I think they are \nmajor challenges.\n    Mr. Horn. We are going to be holding hearings with the \nGovernment Management Subcommittee on Clinger-Cohen that was \nmentioned, which came out of this subcommittee and the full \ncommittee, and also on the computer security issue, which came \nup here, so we will be looking for you to testify on those \nthings. Those certainly cut across different agencies within \nthe executive branch. We have a whole other agenda also we can \nget into with whoever is in place there with the CIOs, because \nI think that is very important, what you did when you took the \njob and came out of retirement. You went around and sat down \nwith the Deputy Secretaries who often operate the departments, \nand I think that was very important.\n    Would you like anything else to have done that you didn't \nhave time to do?\n    Mr. Koskinen. No. Oddly enough, this was my feeling even \nbefore we had the successful transition, if I had to do it over \nagain, I wouldn't do anything differently. We did all we needed \nto do, I think, and all we could do. I got tremendous \ncooperation from not only the leadership in all of the Federal \nagencies, but as I noted, I think a stunning achievement by \ncareer public servants in the Federal Government and State and \nlocal government, demonstrating an ability to meet a real \nchallenge and meet it effectively.\n    Mr. Horn. What are you going to do with that $50 million \nheadquarters? Who moves in?\n    Mr. Koskinen. That includes the operational cost for a \nyear, so not all of it will be in place. But OMB is working \nwith the agencies and I have said that when we do our last \nbriefing on March 1st for the rollover, OMB at that time will \nannounce exactly what its plans are for the operational \ncapacity at the information coordination center.\n    Mr. Horn. Most Presidents early in the morning get a \nnational security briefing coming over from CIA. Do any \nPresidents ever get a management briefing in the morning as to \nwhat is going on in the executive branch and why not?\n    Mr. Koskinen. That is not in my jurisdiction at this point, \nso I can't tell you whether that is done or not.\n    Mr. Horn. It was in part when you were Deputy Director for \nmanagement. The question is most Presidents don't know what is \ngoing on in the executive branch unless there is some crisis \nthat hits the papers. Shouldn't Presidents also be looking at \nthe domestic situation, just as they look in the morning at the \nforeign situation?\n    Mr. Koskinen. There is no doubt that our ability to manage \nthe vast organizations we have and the significant funds that \nwe have is an important part of our responsibility to the \npublic, and I think that not just in the executive branch and \nthe Congress as well, it is oftentimes more exciting to talk \nabout new policies or new programs or failures isolated.\n    It is much harder, as you know, in the leadership you have \nhad in your subcommittee, to get people to understand and focus \non day-in and day-out management. But when push comes to shove, \nour ability to make changes and provide benefits to people \ndepends on our ability to manage programs effectively. Good \nideas poorly implemented are actually very ineffective.\n    Mr. Horn. I am going to yield now to Mr. Wu from Oregon for \n5 minutes of questioning.\n    Mr. Wu. Thank you, Mr. Chairman. I am just going to use a \nlittle bit of my time and really focus on this a little bit \nmore with the private sector panel coming up. I just want to \nask one question:\n    With the upgrades, the new equipment, the other preparation \nwork which was done in the Federal agencies, do you see, or are \nyou currently experiencing a dip in procurement as a result of \nthe bulge, if you will, prior to December 31st?\n    Mr. Koskinen. I think the agencies can probably answer that \nquestion better.\n    Mr. Burbano. I would like to address that as the CIO for \nthe State Department. I would say not really, for this reason. \nThere was a lot of systems, and I know at the State Department \nwe put a moratorium on systems development and implementation \nand so forth if it wasn't Y2K-related.\n    So all of that was put on the shelf, and now it is getting \noff-the-shelf as soon as the leap year is over. So that is \ngoing to offset.\n    Mr. Rossotti. With respect to the IRS what really happened \nis that over a 2 to 3-year period, we made an investment to \nbring up-to-date our hardware and operating system software. \nBut, for example, with PCs, personal computers, we really need \nto be on about a 3-year replacement cycle there, so we are \nreplacing each year about one-third of the computers \nrepresenting what was installed 3 years ago. That is kind of \nthe way that we are planning it.\n    There will be some dropoff in a few areas where we had to \nmake some special investments, but, on the whole, what we \nreally want to do is get on a long-range planning basis where \nwe invest a certain amount every year so that we don't get \nbehind as badly as we were 3 years ago.\n    Mr. Wu. And with respect to personnel, the people you \nbrought aboard, whether on a long-term basis or on a contract \nbasis to help you with the Y2K problem, are they being \nredeployed within your agencies, have they left? What is going \non with the people?\n    Mr. Rossotti. Speaking for myself and the IRS, what we have \ndone is we simply made a determined effort 2 years ago to \nretain the people we had. Unfortunately, we were suffering \nattrition. So we made some very successful efforts to retain \nthe people we had, the people who really know some of these old \nsoftware systems, and simply had to put many, many other things \non hold. We even had to go to the Congress when they passed the \nRestructuring Reform Act, and ask that some of the effective \ndates for the law be extended out to 2001, because there was no \nway to implement some of the things while still working on the \n2000 fixes. So what we did was we simply took our staff, tried \nto retain it, and allocated it to fixing Y2K as the top \npriority, putting other things on hold. What we are now doing \nis trying to dig out from this huge backlog.\n    Furthermore, we are in an unusual position in that we are \nnow just embarking on an enormous technology modernization \nprogram. What IRS has right now is we have relatively new \nhardware in most cases, and relatively up-to-date operating \nsystems, such as your Windows-type operating systems and your \nmainframe operating systems.\n    What we don't have is up-to-date application software. We \nhave, in fact, extremely obsolete applications software, and we \nhave a lot of it. So our role now over the next several years \nis with the help of a prime contractor is to reengineer that \ntechnology, and as I mentioned in my opening statement, that \ninvolves business change as well as technology change. So you \ncould almost think of Y2K as just laying the groundwork for \nwhat we really have to do over the next several years to \nreengineer our applications.\n    Mr. Burbano. From my view at the State Department, with the \nnew Y2K initiative, if you want to call it the critical \ninfrastructure protection I have been talking about, there is \ngoing to be a huge demand for new people with possibly \ndifferent skills for computer security, cyber terrorism and so \nforth. So there will be a replacement. Some of the skills used \nin Y2K can certainly be applied. Others, maybe not. So you have \nto look at it on a case-by-case basis. Regardless, there is \ngoing to be a huge demand for this new initiative that is \nfacing us that is very serious.\n    Mr. Wu. On net, do you think you are adding folks in the \nhardware-software information systems area, or are you shedding \na few now in the State Department?\n    Mr. Burbano. I think it is a combination. Not with \nemployees, with contractors. It is a combination of shifting, \nreplacement of skills, keeping some. But don't forget, we are \nstill not out of the Y2K window until the rollover of the leap \nyear. So that is a little bit too early to say right now. But \nwe are starting to look at it in that view, that since we do \nhave this new huge initiative that is very important and will \ngo on for the unforeseeable future, there will be a replacement \nof skills, and some of those will be applicable and some not.\n    Mr. Wu. I thank the witnesses. Thank you, Mr. Chairman. I \nyield back the balance of my time.\n    Mr. Horn. The gentleman from Washington, Mr. Baird, 5 \nminutes.\n    Mr. Baird. No questions.\n    Mr. Horn. Mrs. Biggert, the gentlewoman from Illinois.\n    Mrs. Biggert. Thank you. In making the fixes on the \ncomputers, organizations really used a lot of different \nmethods, and some, apparently, I think what we heard before \nwere like short-term fixes as far as the date change of \nwindowing, making the dates like 99 and 00 rather than 1999 or \n2000.\n    Will there be any oversight or will organizations, do you \nthink, pursue a permanent change, or will these temporary \nchanges or fixes really last for the long time, or will there \nhave to be something done there? Is there any oversight, I \nguess, is the question or do they need to--do you know of \norganizations that will need to pursue the permanent fix? Maybe \nMr. Willemssen.\n    And one other thing, I think, like HCFA delayed putting in \na new system until this was over. Do you see that the Y2K will \nhave benefited how for them to pursue that, the new changes in \ntheir systems?\n    Mr. Willemssen. First of all, you are correct, many \norganizations had to use techniques such as windowing, because \nin many instances they had no choice. There wasn't enough time \nto go through a full date expansion of the software and data \nbases. So many of them did use those kind of techniques.\n    They will not last forever. Many of those same \norganizations plan to have new systems over the next few years, \nso that the risk, if those new systems come in, is relatively \nsmall. However, the caveat to that is when programmers put in 2 \ndigits in the 1970's and 1980's, they thought their systems \nalso would be replaced, and many of them were not.\n    So there still has to be some oversight of that issue. I \nwould say it is very difficult, though, to generalize among \nagencies because even within a specific agency business \nfunction, some may have windowed, some may have gotten a new \nsystem, while others may have fully expanded the date field. It \nis therefore, an issue where you have to go in and do a full \nexamination and know what you are dealing with and be aware of \nwhere your risk points are as time continues with these kind of \npatched systems.\n    Mr. Burbano. I would like to say that at the State \nDepartment, since the Y2K program office was run underneath the \nCIO, which is remaining, we do track where we used windowing. \nWe used a combination of windowing repairs as well as \nreplacements. We do have a list of those. We are tracking them, \nand most of those are 10 years or more out. But we do have a \nlist of those and we will track them so long as the CIO office \nlasts.\n    Mrs. Biggert. Thank you. Thank you, Mr. Chairman.\n    Mr. Horn. Thank you. Now the cochairman of this task force, \nMrs. Morella, the gentlewoman from Maryland.\n    Mrs. Morella. Thank you, Mr. Chairman. A question for Mr. \nWillemssen. GAO recently reported that some of the Y2K \nremediation that was done at Federal agencies was contracted \nout to private corporations, and in your report, you noted that \nsome of the private companies used non-U.S. citizens to work \nout the remediation. I just wondered if you would comment for \nthe record on what you found and what you think implications \nare, if any?\n    Mr. Willemssen. We did have a request from the full House \nScience Committee to look at the use of foreign nationals at \nthe Federal Aviation Administration in both the remediation of \nsoftware and in the post-remediation review of software that \nhad been previously remediated, and we did find some oversights \non the part of FAA. To the FAA administrator's credit, she \naggressively took action on these oversights, and they are now \nin the process of going out and making sure that all of the \nindividuals who worked on the code are indeed checked out. FAA \ndid not know for sure, for all of the systems that were \nremediated and reviewed, that the individuals had an \nappropriate background investigation, and therefore whether the \nrisk was manageable in terms of manipulating the code.\n    So there were some issues that we did find. Again, to FAA's \ncredit, they have been very aggressive in following up on these \nissues. One of the issues I think you pointed out at one of the \nprior hearings, was that there was a security risk involved to \nthe extent that it wasn't managed with all of this push to get \nY2K done. That it would be done quickly, losing sight of some \nof the necessary controls, and that is in fact, what happened \nhere at FAA. All the controls were not in place to check out \nall of the individuals working on the code.\n    Mrs. Morella. Do you feel comfortable that this has then \nbecome a symbol for what could happen if you don't have proper \nimplementation of the regulations and that the agencies all \nknow this? Did we learn from it, besides the FAA immediately \nsaying we will correct the oversight?\n    Mr. Willemssen. I hesitate to generalize because FAA is the \nonly agency where we went into depth on this particular point, \nso I hesitate to say that other agencies may have similar \nissues, although I know the executive branch is looking into \nthat.\n    I know that, as I mentioned, FAA has been very aggressive \nand actually we are expecting a more detailed report from FAA \nwithin the next couple of days on all of their actions in \nresponse to a recommendation to do the background checks on \nindividuals working on the code.\n    Mrs. Morella. I think you would like to comment on that.\n    Mr. Burbano. Yes. The State Department, we looked at this \nissue very carefully at the beginning. First of all, \ndomestically, we did not use any foreigners, especially that is \nwhere mission critical systems are. We do require, regardless, \nwe do require all of our contractors and employees to go \nthrough secret clearances. In addition to that, some minor \nsystems overseas did have some FSNs, foreign service nationals, \nworking on their systems, but they were closely supervised by \nthe Americans at the Embassies, and we have had no problem at \nall. Everybody goes through a clearance check anyway.\n    Mrs. Morella. Splendid. Thanks for that assurance.\n    I yield back, Mr. Chairman.\n    Mr. Horn. Thank you very much. Let me ask a few questions \nhere in closing with this panel. I would like the commissioner \nand Mr. Koskinen to respond to this.\n    The question would be the extent to which windowing was \nused to repair systems, and is that really a permanent \nsituation, or how do you feel about the windowing aspect where \nyou are trying to piece it altogether and fool it, shall we \nsay, in terms of the computers?\n    Mr. Koskinen. I don't think anybody has the capacity to \ntell you how much of the work was done by windowing and how \nmuch was date expansion. Windowing is a technique that is \neffective as long as you don't care about when people were born \nor transactions in those windows. In other words, if you really \nare only worried about relative dates, you can window. But in \nthings like Social Security, you can't window very effectively, \nbecause you care very much about whether or not somebody has \nbeen born on one side of the window or another.\n    Second, I think the point Mr. Willemssen made is important, \nand that is, when we talk about configuration management and \nbetter control of IT systems, obviously monitoring the way we \nfix systems for Y2K as we go forward is an important part of \nthat management, and I think it is exactly right to note that \n25 years ago, 15 years ago, people working on systems that knew \nthey weren't going to be Y2K compliant were comfortable because \nthey thought those systems wouldn't be operating. So you have \nto be a little worried about anybody saying today, well, my \nwindowing works until 2015 or 2023, so I don't have a problem, \nbecause those dates will come before we know it.\n    So I think the answer to that is not was it done, it \nclearly was done. It was a very effective technique, it was \ncost effective, and particularly if you are going to replace or \nupgrade those systems, it was probably the right way to go. It \nwill turn out to be a mistake if you lose track of it, continue \nto run the systems through the window, and discover you have \ngot a major challenge down the road.\n    Mr. Rossotti. I am pleased to say in this case, one of the \nfew occasions I can answer very easily, we did not use \nwindowing at the IRS, we did everything with 4-date digit \nexpansion and required a special exception from the CIO to have \nany exceptions, and, to my knowledge there were just maybe a \nvery tiny handful, maybe one system given an exception. \nInterestingly, the reason for that decision was not primarily \nbecause of worries that would, you know, become obsolete in 10 \nor 20 years, but because we had so many heterogeneous systems \nthat had to work together, we were not convinced that if we \nused some windowing here and some data expansion here, that we \nwouldn't run into incompatibilities among our own systems. So \nwe made a decision to keep it simple, and so everything was \nmade compliant by four-digit date expansion.\n    Mr. Horn. OK. Now it has been mentioned on the foreign \nworkers in some of the patching up of these systems, I would be \ncurious how you all think how vulnerable our computer systems \nare as a result of the Y2K, and are you concerned that those \nremediating systems could have engaged in acts contrary to the \nbest interests of the government? So I would just appreciate--\nlet's start with Mr. Burbano.\n    Mr. Burbano. Yes. In terms of the concern, you should \nalways be concerned, but because of the process I mentioned \nthat we took at State with requiring security clearances, all \ndomestic systems, where our mission critical/critical systems \nare at, only used Americans. We don't have as much concern \nthere.\n    Overseas, again, I mentioned we did use FSNs who have to be \ncleared and who only work the minor systems and who are closely \nmonitored by Americans when working on the systems. So we are \nnot as concerned. However, we did develop a project in concert \nwith my sister bureau, Diplomatic Security, on doing some spot \nchecks on some of the systems, just to make sure.\n    But, just to let you know, you know, even with commercially \noff-the-shelf systems, you don't know where those systems are \ndeveloped. They could have foreigners working on those systems \nalso. So you do have to be vigilant about these systems.\n    Mr. Horn. Commissioner, in terms of computer security, I am \nsure you have to deal with that every day in some way.\n    Mr. Rossotti. Well, we have, of course, major security \nchallenges in the IRS from a number of perspectives, including \nfrom the old applications software. But I think on this \nparticular issue, that is to say, the contractor support we \nused for the Y2K, I think we were in pretty good shape on that. \nThere was one particular component of one system that, for a \nparticular reason, was developed with some offshore people, but \nthat was then subsequently cross-checked by a different group \nthat was cleared. So as far as I know, I think we can be pretty \nconfident on this, we do not have much vulnerability for this \nparticular problem.\n    That is not the same thing as saying we don't have \nvulnerabilities for other reasons.\n    Mr. Horn. Mr. Koskinen, why don't you give us your side of \nit?\n    Mr. Koskinen. I think Mr. Burbano made the important point, \nwhich is, security is an issue beyond Y2K, you ought to be very \ncareful about whoever works on your systems. As a general \nmatter, we were concerned about this issue from the start and \nwe worked with the intelligence agencies and the National \nSecurity Council and others, both to warn private sector \ncompanies as well as domestic companies to be alert to this \nissue. Most of them in a large sense are.\n    Most of the off-shore work was done by the private sector \nand not the government. Most government work was done by normal \ncontracting, or internal resources, so that there was much less \nof that done here than in the private sector.\n    Monitoring what has gone on in the private sector, what has \ngone on, we have seen very little, in fact, almost no evidence \nthat work done offshore included some kind of security threat. \nObviously, the absence of glitches over the rollover means at \nleast if somebody was targeting the time to create mischief, \nthat was not one of those times.\n    But I think the bottom line to that is, again, as we move \nforward, information security has to be high on everybody's \nlist. I think, again, the point is well made. It is not just \npeople who have access to your system. It is when you buy \nsystems, whether it is off-the-shelf systems or otherwise, you \nhave to be worried about who worked on those systems, what is \nin them and what potential impact could they have on your own \nsystem. So I think if anything requires eternal vigilance, it \nwill be, in fact, information security and security about those \nworking on your systems.\n    Mr. Horn. I thank you. We will be holding a separate \nhearing on the computer security anyhow, so we will postpone \nthe rest of those questions.\n    Mr. Willemssen, before we round out this panel, I would \nlike you to summarize the following under page 16 of your \nformal statement, ``Reported Year 2000-related Errors in the \nFederal Government.'' If you could just sort of bullet them to \nme in one sentence, each one, just so we have it in the record, \nI would appreciate it.\n    Mr. Willemssen. On page 16 is a summary of what we observed \nduring the rollover from both the perspective of the \ninformation coordination center and specific agencies where we \nwere onsite. We tried to summarize what we thought seemed to be \nsignificant issues that did come up, even though they were \naddressed very quickly.\n    Briefly, those included the Department of Defense \nintelligence satellite system, the Federal Aviation \nAdministration had some systems with some Y2K failures that \nagain, they were able to remediate and fix very quickly, and \nthe Health Care Financing Administration ran into some \ndifficulties with partners. In one case HCFA had a problem with \na bank on some electronic payments leading to some delays in \npayments, although it is still within the required targets. \nAlso, HCFA will continue to work aggressively with their \nproviders in making sure that they put forward accurate dates \non their claims so that claims are not returned.\n    Mr. Horn. You say here there are 26,000 claims from \nproviders with these erroneous dates in the first week of the \nnew year.\n    Mr. Willemssen. That is why we thought it important to give \na sense of the magnitude, because they are not just little \nthings that we are talking about. They are little within the \nscope of the entire Medicare program, but they do have some \nimpact. But, again, HCFA has done an outstanding job over the \nlast couple of years on getting on top of Y2K. They as much as \nanyone faced a mission impossible on Y2K, and through the \nleadership of their administrator, again, they continue to be \nvery aggressive in following up and making sure that the \ndisruptions are kept to a minimum.\n    Mr. Horn. And then the ones that concern most of us based \non our air travel regularly is the low level wind shear alert \nsystem. Can you tell us anything about that?\n    Mr. Willemssen. Again, those systems were out at about \neight locations, but they were out for no more than 2 hours, I \nthink 2 hours 12 minutes at the outside. Fortunately, when they \nwere out, we saw no evidence of bad weather in those locations. \nSo we could be sure, based on the evidence we saw that there \nwere no safety implications from those systems being out. \nAgain, it speaks toward the advantage of all the agencies being \npoised to respond during the rollover. FAA was ready to get \nright on top of those systems and fix them immediately, and \nthat they did, to their credit.\n    Mr. Horn. Yes. I was spending part of that December 31st in \nthe L.A. Tower, and I got a good education from the technicians \nthere. They have a terrific job to do when they are getting \nthose radar sites into operation when something goes crazy with \nthem. I was very impressed by that group.\n    So are there any other major things that is a worry to the \nGeneral Accounting Office?\n    Mr. Willemssen. I again conclude by saying the rollover was \na great success, thanks to the leadership of Mr. Koskinen and \nyours and Chairwoman Morella's leadership. However, I think it \nis important that we continue to monitor events over the next \ncouple of months. I would strongly concur with Mr. Koskinen's \nplan to bring up the ICC again during the leap year, because I \nthink there will be a few disruptions that again occur, and I \nthink there will also be a few disruptions that we start \nhearing about as processing cycles complete themselves. So we \nhaven't heard the last of Y2K. But I think it will be much, \nmuch less than what we had once feared.\n    Mr. Horn. I want to end on a happy note here and help the \nDepartment of State a little, Mr. Burbano. In November 1999, \nthe Department of State submitted its regular quarterly report \nfor the year 2000 to the Office of Management and Budget, and \nof course, that does come to our subcommittee. After a lot of \ndiscussion with you and OMB, it became clear that the language \nin that quarterly report didn't really accurately reflect the \nactual level of effort for the Department's independent \nverification and validation work. Just so we can give you an A \non this, please explain to me the independent verification \nprocess that you actually went through but wasn't in the \nreport.\n    Mr. Burbano. Thank you very much. At the State Department, \none of the things that I did when I came on board in May 1998, \nas you all know, I came on board, we had straight F's for about \na year, so I had to move quickly in order to especially meet \nthe deadlines of Congress. But I wanted to make sure that we \ndid it correctly and not get any surprises at the rollovers. So \nI set up a very rigorous process where not only did we have the \nseparate bureaus test our systems, but underneath my office, \nthe Y2K office separate from their individual bureau Y2K \noffices, I had independent contractors test the systems. That \nwas the first level of independent tests.\n    But in addition to that, I did a partnership with the \nInspector General where they would do a second test with their \nown contractors to review the test and so forth, and certify \nthe systems, along with myself as the CIO. So we went through \ntwo levels of independent verification tests, in addition to \nthe testing that the Bureau did themselves.\n    The misunderstanding that came in that, we were about 66 \npercent in November or somewhere around that nature, in terms \nof certification, but when, in fact, it really equalled to \nabout 160 percent, because we had already finished our first \nlevel. That is where the misunderstanding came. I think we \nproved that right since we had really no significant--not only \nin the mission criticals, but in the criticals as well as the \nroutines, this thoroughness that we did.\n    Mr. Horn. Well, thank you very much. On that, are there any \nquestions any Member has? If not, we appreciate what each of \nyou has had to contribute to this and the fine work you have \ndone that kept us going with very minor glitches. So thank you \nall for coming.\n    We now go to panel two.\n    Mr. Horn. I would ask you to stand and raise your right \nhands.\n    [Witnesses sworn.]\n    Mr. Horn. The reporter will note all three confirmed. Mrs. \nMorella will preside.\n    Mrs. Morella [presiding]. Thank you. I want to thank the \nsecond panel for being so patient and waiting in going through \nthe first panel testimony and the questions that were asked. So \nwe will be concise. We know that you can offer a great deal to \nsupplement what we learned about Y2K. Proceeding again with the \n5-minute rule, you can give us a synopsis of your testimony.\n    We will start with, first of all, Mr. Harris Miller. I want \nto comment on the fact that from the very beginning Mr. Miller \nhas been very tuned into this issue, has appeared before this \ncommittee probably as many times as any other person who has \ntestified. So we very much appreciate his coming back now at \nthe end as we do our summation and look ahead to the future. He \nis president of the Information Technology Association of \nAmerica.\n    Ms. Kathy Hotka has not appeared before this committee \nbefore, so you are the alpha and the omega, the beginning and \nthe end. Ms. Hotka is vice president for technology at the \nNational Retail Federation here in Washington, DC. We welcome \nyou. Thank you.\n    Mr. Gary Beach has appeared before this joint committee, \nand he is the publisher of CIO Communications, Inc., from \nFramingham, MA. Again, thank you for appearing here. Thank you \nfor waiting.\n    Let's start off with Mr. Miller.\n\nSTATEMENTS OF HARRIS MILLER, PRESIDENT, INFORMATION TECHNOLOGY \n    ASSOCIATION OF AMERICA; CATHY HOTKA, VICE PRESIDENT FOR \n INFORMATION TECHNOLOGY, NATIONAL RETAIL FEDERATION; AND GARY \n           BEACH, PUBLISHER, CIO COMMUNICATIONS, INC.\n\n    Mr. Miller. Thank you, Madam Chairwoman. It is said that \npolitics makes strange bedfellows, but I found out that Y2K \nmakes strange bedfellows, for on the morning of January 1st, \ninstead of being snuggled warm in my bed with my wife, I was \ninstead with Chairman Horn at the C-SPAN studios doing a \nbroadcast on Y2K.\n    What is even more unusual is that at 8 a.m., constituents \nof his from California were calling in, which means at 5 \no'clock in the morning they were paying attention to what was \ngoing on with Y2K. But I appreciated working with both of you \nchairmen and the members of your subcommittee. I am going to \nskip the victory lap you mentioned, Madam Chairwoman. It is my \nwritten statement and will be in record. I obviously want to \ncommend the subcommittees, and particularly Mr. Koskinen, for \nhis leadership.\n    From the perspective of the private sector, we do believe \nthis is a real crisis that we did face, it was not something \nthat was hyped or made up. In fact, as I was walking down the \nhall this morning with our Y2K program manager, Heidi Hooper is \nwith me, she noted there wasn't a line about the hallway \nwaiting to get into the subcommittee hearing. I said that is \ngood news, because if, in fact, the problems had occurred, I \nsuggest you wouldn't have Harris Miller and Kathy Hotka and \nGary Beach on this panel, you would have Alan Greenspan and \nSecretary Summers discussing the global recession that had been \ncaused. So, in fact, the fact we didn't have a major crisis is \ngood news, and the fact we don't have hordes of people standing \naround is, in fact, very good news.\n    In terms of the magnitude of the effort, I would certainly \nagree with Mr. Koskinen's effort. In fact, I even go a little \nmore hyperbolic, I think it is the biggest success since the \nbuilding of the pyramids, because it was, in fact, a global \neffort, government, private sector, hundreds of thousands of \nindividuals around the globe working together to achieve this \nsuccess.\n    To talk about the lessons learned, I would like to refer to \nwhat I believe is a Y2K renaissance. What do I mean by a Y2K \nrenaissance? I think it really is two parts. First of all, the \nrationalization of the existing computer technology. You heard \na lot about this from the first panel in the Federal sector, \nbut the same thing was true very much in the private sector. \nThe fact that time and again, because of the necessity of \ndealing with this huge challenge, companies were able to get \nrid of deadwood programs, they were able to bring into their \ncompanies more modern and more efficient computer systems.\n    They also learned to do supply chain analysis and in a \nsystematic way that they had never done before. They were able \nto collaborate in ways never experienced before, either within \ncompanies or across companies. They were able to develop \ncontingency plans, many of which were not needed as it turned \nout, at least are now in place should there be future problems, \nand they learned to approach the entire IT system in a much \nmore strategic way.\n    That is going to mean that down the road these companies \nand ultimately their customers can take much more benefit from \ninformation technology. The productive gains which Mr. \nGreenspan and others have noted have helped to contribute to \nthe continued growth of our economy and the high productivity \nshould be even stronger because the IT systems in companies as \nwell as within the government are now being treated much more \nrationally and in a much more systematic way.\n    The second reason I call this a Y2K renaissance is the new \ndirections that companies are now taking. Because as they came \nto understand through Y2K the strategic as opposed to tactical \nimportance of IT, they are now moving ahead implementing future \nIT much more strategically. Obviously, the Internet changes \neverything, and we are seeing throughout the private sector and \nwe hope the government sector will quickly catch up the use of \nthe Internet for improved, dramatically improved in many cases, \ninternal processes, whether you are talking about personnel \nsystems, whether you are talking about human resources or \nfinancial services, whether you are talking about inventory \ncontrol, all of these basic day-to-day business operations are \nbeing done much more effectively and efficiently on the \nInternet. This is one of the new exciting aspects of Internet \ntechnology.\n    Also, of course, dealing with customers, and customers \ndon't just mean business to consumer, the kind of stuff you \nread about on the front page, about Amazon.Com and others. It \nalso means business to business, because businesses are also \ncustomers, and the ability of businesses to deal much more \neffectively.\n    So this is the kind of Y2K renaissance I see coming, \nbecause as we come out of what Mr. Burbano and others described \nin the Federal sector, which also occurred in the private \nsector, namely, a temporary freeze in many cases on new \nprograms and spending, and now all these projects which have \nbeen temporarily set aside are going to be brought out to the \nfore, and again, I think you are going to see massive increases \nin productivity, in major benefits to customers, and again, \ncustomers I define broadly as businesses and individual \nconsumers.\n    Let me talk about some other lessons learned. One of the \nlessons learned that was that while the government sector did \nan excellent job, as the previous panel discussed, the private \nsector also did a remarkable job.\n    Some names of individuals who you may not have come across, \nor maybe you have come across, like Bill Mont and Tim Shepherd \nWhalen from Global 2000, or Ron Balls from the ITU, people who \nare able to take entire sectors and coordinate them, you are \ngoing to hear from Ms. Hotka about the retail sector, \ncontributed mightily to the success. I think ongoing we have \nlearned lessons about the ability of these sectors to work both \nnationally and globally.\n    I also use that as a point for future global cooperation. \nThe International Y2K Coordination Center, which both of you \nwere very involved with and which Mr. Bruce McConnell headed so \nably, has demonstrated the opportunity for global cooperation. \nComing out of that, I am hopeful we will see some continued \nopportunities.\n    For example, the International Y2K Coordinating Center \nsteering committee is considering the creation of what is \ncalled the Center for Digital Opportunity, which would be a \ncooperative program to promote Internet growth in developing \ncountries to the same extent that it currently is in developed \ncountries. In fact, tomorrow the steering committee will have a \nconference call and I am involved in that also, as is Mr. \nKoskinen, to see about the possibility of building on the \nlinkages that have been established through Y2K in that area.\n    Similarly, the issue that Mr. Burbano talked about so \nextensively and Chairman Horn said you will be having further \nhearings on, the whole issue of information security.\n    While there are information security issues which are very \nspecific to the U.S. Government, there are many issues which \nare global in nature. Again, the 170-plus countries that work \ntogether through the international Y2K cooperation center \nshould be able to take those linkages which they established \nand build on them for information security. I think that is \nalso another lesson learned.\n    The last lesson learned which I would like to refer to, and \nI am a little bit over my time, is that the Y2K problem was \nsolved without government dictating what the private sector \nneeded to do, without legislation. As you remember, you two \nchair people, at a hearing early on, there was actually \ndiscussion about perhaps Congress having to mandate the private \nsector to take specific actions. You came to the correct \nconclusion that, in fact, there were better ways to do that, \nrather than mandating specific activity. We did get through \nthis without mandating specific activity on the part of the \nCongress to order the private sector to do activities because \nthe private sector was and to work collaboratively.\n    I think the lesson learned there is as we move ahead to \nother challenges in information technology, whether it be the \ninformation security area or regulation of the Internet, that \nthe claims that the private sector made to you then that we can \nhandle this in a collaborative manner, not working against \ngovernment, but cooperatively with government, did prove true \nin the Y2K area, and I think when Congress approaches other \nissues, such as information security or other issues of \nregulating the Internet, they should take that lesson learned, \nand perhaps it will also prove true that you do not need \nlegislation, that there are other ways to get things done in \nthis new economy and in this information revolution.\n    Thank you very much for giving me the opportunity to appear \nbefore you, and I would be glad to answer any questions.\n    Mrs. Morella. Thank you. I also want to comment on the fact \nthat I did hear that early morning C-SPAN program, and it was \nvery informative. Thanks for your leadership.\n    [The prepared statement of Mr. Miller follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.064\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.065\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.066\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.067\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.068\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.069\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.070\n    \n    Mrs. Morella. I am now pleased to recognize Ms. Hotka.\n    Ms. Hotka. Chairman Morella, Chairman Horn, members of the \ncommittee, retailers appreciate your leadership on this issue, \nand I appreciate the opportunity to appear here with you today.\n    As you may know, the National Retail Federation's Survival \n2000 project worked for 3 years to coordinate a joint retail-\nindustry response to the year 2000 issue. We worked with \ndepartment stores, restaurants, specialty stores, liquor \nstores, pharmacists, convenience stores and grocery stores to \nmake sure that you could shop this year. People are really \nshopping as a result.\n    How did retailers fare? Better than we expected. But the \nsector desk at the White House information coordination center \nthat seemed to have the most to talk about was ours, retail and \nsmall business. As expected, bigger businesses experienced \nannoyance grade glitches and some smaller ones found out that \nthat fix on failure policy they had was not such a great idea.\n    Anecdotally, we know of retailers still processing credit \ncards manually because of the IC verify problem. One retailer's \nstore credit cards failed. Cash registers at one chocolate \nstore chain would not open. But the examples here are \nrelatively minor.\n    Now, it remains to be seen whether the global supply chain \nwould be unaffected, larger retailers have some doubt about \nwhether or not we have sailed through this internationally.\n    Was it worth the work and expense? We already know the \nanswer. While retailers spent multiple billions of dollars to \nfind and fix and replace software and hardware and to conduct \nextensive testing, we also would not do it any differently. We \nhad conducted a survey in 1997 that showed that if retailers \ndidn't undertake this work, many key systems would simply be \ndead in the water. We found out that 100 percent, all, private \nlabel credit card systems would not have worked; 99 percent of \nwarehouse management systems would have failed. Most retail \nprocesses are touched by technology, and our members were not \nwilling to bet the business they would be fine without \nremediation. My members are astonished that some columnists \nhave questioned the value of the investment. Mr. Burbano \nmentioned earlier that some countries found they were less \ndependent on technology than they thought. We discovered we \nwere more dependent on technology than we had thought.\n    So what lessons did we learn? We learned four:\n    First, we learned that most organizations underestimated \ntheir reliance on IT despite healthy investments in technology, \nretailers found that some business critical processes were \nbeing run by business units on 15-year-old software. You cannot \nrun a company on paradox 1.0 for DOS. It is not a good idea.\n    Some companies maintained software they didn't need. Some \nkey programs were being run by people with no IT background. \nCompanies did not have contingency plans. In fact, we found \nonly one company that had a contingency plan at all.\n    In the end, though, savvy companies realized Y2K was not an \nIT issue but a business issue, and that IT needs the continuing \nattention of the CEO. Those companies that did best had the CEO \nin charge of this project. We who lead industries must bring a \nbetter appreciation of IT as knowledge management, not just PCs \nand printers.\n    Second, we learned that reliable information was hard to \ncome by on this, particularly in the early days. Should \nretailers have believed technology companies product updates? \nThey seemed to change hourly.\n    Should retailers have believed government agencies' self-\nreports? How about suppliers? How about the fear mongers? \nUltimately, no self-reported information was reliable, and \nretailers simply conducted their own verification in the \nabsence of reliable test data or organizational benchmarks, \nthis was our only choice. It was expensive and time-consuming. \nWe know of a number of companies, for instance, that put people \non airplanes all during 1999 to check on international \nreadiness. These people simply traveled from country to \ncountry.\n    Third, we learned that government may have a useful role in \nhelping companies use technology as a business tool. There is \nno doubt, but that the white hot spotlight of your committee's \nattention to this issue brought home to all of us the need to \nwork diligently. Your contributions to private industry \npreparedness should not be underestimated. We paid a lot of \nattention to those report cards. Our friends at GAO published \nworld-class, best-practices documents that gave private \nindustry some models to work from. John Koskinen and his \ntalented staff helped galvanize countries, governmental bodies, \nprivate industry and the media. All were key to helping \nretailers who rely on a global supply chain and public \nconfidence. We thank you all. Like Harris, we believe that this \nshould be a partnership and not a speaking from on high.\n    But, fourth, we learned that joint action was key. No one \nretailer did it alone. Fierce competitors worked together to \nkeep the industry ready. Generous companies allowed staff to \nspeak at conferences to spread the word to others.\n    So going forward, we would like to continue what we have \nbeen doing for the past several years, working to protect \nAmerica's business data. Congress should continue to show \ninterest in America's information infrastructure. The White \nHouse ICC where public-private partnerships were so useful \nmight continue to be a valuable tool. Business still needs best \npractices that can help smaller companies use technologies \nresponsibly, and reliable sources of information about threats \nto data from hackers, viruses and industrial espionage are \nneeded. Let's continue to work together. Public private \npartnerships got us through Y2K, but we have compelling reasons \nto keep working in 2000 and beyond.\n    Thank you.\n    Mrs. Morella. Thank you very much for that testimony.\n    Now we will hear from Mr. Beach.\n    Mr. Beach. Madam Chairwoman, Mr. Chairman, I thank you for \nthe opportunity to appear before the committee again. Madam \nChairwoman, talking about the victory lap analogy, I live close \nto Hopkinton, MA, which is the start of the Boston Marathon, \nand I would say what we have learned with all the great work \nhere is that we are in the first mile of a marathon, a marathon \nshowing how pervasive technology is in all of our lives.\n    The subject of my testimony here is in the written side, \nbut I will orally summarize it, is lessons learned, \nopportunities created, and I would encourage the committee to \nlook forward as to what are some of those exciting \nopportunities.\n    Increasing the crescendo of hyperbole, we heard about John \nKoskinen talking about it in the last 50 years, and Mr. Miller \ntalking about the work as is comparable to pyramids. I would \nsay that the year 2000 computer problem and the work that was \ndone on it by a myriad of groups is the most remarkable \npeacetime example of human cooperation in the history of the \nworld, and I have an idea for you at the end of my oral \ntestimony.\n    We are entering, what I see, as the age of digital \nenlightenment where technology is going to help nations govern \nbetter, help businesses conduct better business, and make \neveryone's digital life all the more meaningful.\n    The committee asked the panelists ``was Y2K hyped for \nprofit?'' Those of us on the front lines, the ITAA and Kathy \nand her group and others, have no doubt that without proper \nremediation and all the great work that this committee has \ndone, Y2K would have had a severe impact on computer systems \naround the world.\n    It is interesting, isn't it, that those companies that may \nhave benefited from an increase in sales of computer hardware \nor software over the last couple of years are now reporting in \nthe Wall Street Journal over the last couple of days saying \ntheir earnings reports are down because of Y2K. So what goes \naround comes around, and it is all going to even out in the \nend.\n    So, the long-term legacy of this challenge is going to be \nakin to the oil crisis that we saw in the mid-1970's, where we \nhad relatively short-term pain, and long-term we had more fuel-\nefficient cars. The Y2K long-term legacy was simply mentioned \nhere many times today that it caused the world to update its \ncomputing infrastructure in a relatively short period of time.\n    I was personally surprised at how well the rest of the \nworld made it through digitally unscathed on January 1st. I \nwould say this experience was a resounding clarion call to our \ngovernment and our industries that other nations, many of whom \npredominantly use U.S. technology, are running neck and neck \nwith the United States. It seems to me that the digital playing \nfield appears to be leveling off. And, in this new 21st \ncentury, where the economy is going to be very digital and \nelectronic, these other countries are prepared to provide \nstronger global competition.\n    On the earlier panel we talked about foreign nationals. I \nhad an opportunity last year to travel to Bangalore, India, \nwhere I saw thousands of workers producing Y2K remediation \nprojects, many for United States firms. These workers are now \ngoing to be looking to produce products and services in their \nown global environment.\n    The next big technological breakthrough is going to be e-\ncommerce. A CIO poll recently reported that 73 percent of \nAmerican businesses now have e-commerce initiatives started. \nWhat is even more important to me is by 2001, these e-commerce \ninitiatives are going to be the core business models of these \nbusinesses.\n    Shifting to opportunities for government, the Y2K \nrevolution has afforded the Federal Government and the State \nand local governments opportunities to modernize its computing \ninfrastructure. We should leverage these revitalized systems to \nbetter do the business of governing. Opportunities before this \nHouse and this committee in light of legislation continue on \nInternet taxation, how Americans will govern using technology, \nclosing the digital divide of the have's and have not's, and \npossibly the aspect of a not too long-term strategy of having \nthe United States wean off its dependence on foreign workers.\n    I did some work last year in Massachusetts reviewing the \nState's entire higher education system. While there are more \nand more men and women entering computer science courses in \nclasses across the country, the challenge is that the faculties \nat many of these institutions are not prepared to teach the new \ntechnologies.\n    As I mentioned in the beginning of my testimony, I had an \nidea. I would encourage Madam Chairman and Mr. Chairman to send \non behalf of the world's IT workers, a letter to the Nobel \nPrize committee in Oslo recommending that a special award be \ngiven in October to the world's IT workers, where possibly a \nperson from the informatics committee at the U.N. could go to \naccept it, and on a site, some place on a U.N. URL, any worker \nwho worked on Y2K could download it and proudly frame it in his \nor her office.\n    In closing, Y2K in context, was a massive tactical \nchallenge, but what it underscored on a more strategic level is \nthe importance of technology in governing and commerce, and \nwith the seemingly stable technology infrastructure in place, \nnow is the time to take advantage of these new opportunities.\n    Thank you.\n    Mrs. Morella. Thank you.\n    [The prepared statement of Mr. Beach follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.071\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.072\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.073\n    \n    [GRAPHIC] [TIFF OMITTED] T6711.074\n    \n    Mrs. Morella. I think that is a fitting way to end the \ntestimony of the panelists with this concept of the Nobel Prize \nand the fact that it is a great example, as you said, a feat \ngreater than or as great as the pyramids. Ms. Hotka had some \nvery glowing things to say about what we learned also. Coming \nfrom the private sector, it is particularly important.\n    We have a roll call vote right now, a quorum, but we will \nbe back for some questioning, so I would imagine 10 minutes or \nso. So we will recess this hearing for about 10 minutes.\n    [Recess.]\n    Mrs. Morella. I am going to reconvene this hearing. I can \nask a few questions, and then if other Members come in in the \nmeantime, they can continue to ask questions.\n    Of course, our policy has been that if it is acceptable to \nyou, that we might also submit questions to you by Members who \nmay not be here. Thank you. I appreciate that.\n    You know, I think there have been many, many benefits to \nthe Y2K work that has been done, whether or not it is the \ndimension of the pyramids or Nobel Peace Prize, but certainly \nthere has been a lot of cooperation that has been so \ncomprehendible. In going to the command station on December \n31st, I saw many people from the private sector on their own \ntime, unpaid, who were there for 24 hours and spent their New \nYears' Eve there, and then part of New Years' morning there \nalso.\n    I also saw a report that National Institutes of Standards \nand Technology did a lot of work with small businesses in \nremediation of the Y2K computer bug, and the small businesses \nhave said they thought this was a concept that they hoped would \ncontinue, the idea of being able to get help and get assistance \nfrom somebody, an agency or whatever, that cared about them.\n    So, again, it is another example of the private sector \nbenefiting from what the public sector had done.\n    Then just the other day at the District of Columbia \nhearing, both Chairman Horn and I are on that authorizing \ncommittee, I asked Mayor Williams about it, because, as you may \nremember, the District of Columbia was so far behind, and he \nwas very excited about the results, the fact that they have now \nbeen able to update their computer system, they know what they \nhave, and because technology will play such a big role, \nparticularly as we try to revitalize the District of Columbia, \nthat they feel they are going to benefit greatly by it. Also by \nworking with neighboring communities too.\n    So, again, the whole concept you all pointed out, and that \nis, building on the various linkages and the partnerships.\n    Well, I am going to ask you a question that deals with \npeople. The vast Y2K repair corps is now being scattered to the \nwinds after apparently saving the world from the Y2K disaster. \nSo now what are these people trained to correct Y2K, probably \nthose people who knew could balance, what do they do now? Can \nthese displaced Y2K workers help to alleviate the H1B \nsituation? What do you see with regard to the whole personnel \nissue? I will start with any one of you.\n    Ms. Hotka, why don't we start with you first.\n    Ms. Hotka. Just briefly, one of the things that struck us \nabout the people that worked on this was their ability to deal \nwith business units. IT does not live in a vacuum, and this was \nnever an IT problem.\n    These people went out and spent time in warehouse \nfacilities with people who run the trucks, with suppliers, with \nthe accounting offices and all through the business. What we \nare seeing in our industry is that those people will continue \nto work in these companies and that they will continue to work \nwith these business units to make sure that the IT tools that \nare created are actually used and are used effectively. That is \na skill. These are generally older people, people over 30, and \nthey have got----\n    Mr. Miller. Speak for yourself.\n    Ms. Hotka. Well, I am saying that because there is a \ntremendous emphasis, I think, in some parts of the IT world on \npeople who are very young, who have experience in new \ntechnologies. But some of us who are not that young have some \nexperience that might be useful, and we are finding that it is \nbeing priced in these retail companies. They don't want to lose \nthese people.\n    Mr. Miller. I think, Madam Chairman, what Mr. Burbano \ndiscussed is, in the Federal Government, very similarly true in \nthe private sector. If you take the first group of people, \nnamely, people who are interimly the staff of an organization, \nin most cases when the Y2K issue became a priority for the \norganization internally, and the organization decided to use \ninternal resources, they simply took other projects, put them \noff to the side and took those people and focused on Y2K; and \nnow that they have gotten through most of the Y2K era, leaving \naside having to get through the next 2 months to February 29th, \nthose projects, which have been temporarily frozen, are now \ngoing to come back as high priorities, and those people are \ngoing to go back and do those projects. That is one group to \nthink about.\n    The second group of people are the contractors who came in \nfrom outside to do work for customers, whether those customers \nwere in government or the private sector. A lot of those \ncompanies, which provided those outside services, were in a \nsituation where they anticipated very well the end of the Y2K, \nthey knew when their projects were going to end, and so they \nhad to do two things: No. 1, they had to find new clients so \nthey can continue to stay in business and continue to grow \ntheir businesses; and No. 2, they had to take into account the \nneed to upgrade the skills of their employees to do more \ncurrent projects, most of which are going to be e-commerce \nrelated or somehow on the Internet revolution as opposed to the \nmainframe projects.\n    If you look at the major companies that do business and \nlook at the revenue in 1999 versus 1998, you will see their \nrevenue continue to go up even as the Y2K work began to drop \noff. The reason is that because they were able to find new \ncustomers and they were able to retrain the work force.\n    So not only do I think this is not going to solve the H1B \nproblem, if you use the logic that I use in my testimony that \nthis is going to be a Y2K renaissance, and a lot of projects \nwere temporarily frozen while companies were getting through \nthe Y2K problem, I think there is going to be even a bigger \nexplosion and even more demand for IT workers. The trick is \ngoing to be, as you suggested in your question and as Ms. Hotka \ncommented in her comments, making sure the workers do have the \nretraining. The computer language skills they have are not the \nones most current or most in demand, and that has to be \nfactored into the process.\n    Mrs. Morella. I do think many of them are older, but, on \nthe other hand, I know the University of Maryland had a special \ncourse geared toward remediation of Y2K. Mr. Beach.\n    Mr. Beach. Madam Chairman, I just would like to once again \nmention the aspect of what human beings like most is \nrecognition, I am dead serious in challenging you and Chairman \nHorn to nominate these workers for noble awards.\n    The international Y2K cooperation center that we heard \nabout today, and you are familiar with, and that Bruce \nMcConnell did an incredibly good job running, had a subset \ncalled YES Corps, which was the Y2K Experts Service Corps. I \nwas fortunate to be on that steering committee. This group \naimed to share information with 140 countries about Y2K, and \ncurrently it is migrating to another role. We all felt this \nnetwork was created for tactically addressing Y2K, the network \nwas more valuable than the actual focus on Y2K. So there is \nmovement afoot to expound this effort.\n    I would like to say there is a vested interest in large \nbusinesses in whatever they can do here in the States to help \nsmall businesses, because we are all living in this giant \neconomic supply chain. Many large businesses are even more \ndependent now on smaller businesses.\n    The H1B visa issue, I know there is a call now to bring the \nlimit up to 200,000. Long-term what we have to do, and I \naddressed it briefly in my testimony, is more rather than fewer \nstudents in America are entering computer science courses, \nwhether in California, Maryland or Massachusetts.\n    I chaired last summer for the Commonwealth of Massachusetts \na review of the entire higher education program, and the most \ndamning finding we found was that we were talking about older \npeople here, but the faculty, the faculty, No. 1, is older, is \nnot skilled in the new technologies of JAVA, XML, you name it. \nThere is a bottleneck there. If that bottleneck is not relieved \nor addressed, then our country is going to continue to have to \nrely on H1B visa issues.\n    Mr. Miller. Could I make one more point on personnel to \nfollow on the earlier discussion of information security? That \nis an enormous problem, because we do not have information \nsecurity specialists trained. That is one area where you can't \ndo H1Bs, you can't send the work offshore to Ireland or Israel \nor India. That work has to be done with U.S. citizens.\n    I know President Clinton mentioned this in his national \nplan, and Attorney General Reno talked about it. So this is one \narea where the government, working with academia and business, \nis going to have to focus. You are going to have to convince \npeople to go beyond their traditional education, to get \nadditional education, plus get security clearances, because \nobviously, the type of people that a Federal agency or a State \ngovernment wants to hire for security information, security \npurposes is going to need a clearance. Even you are going to \nfind in the private sector many private-sector financial \ninstitutions and others want to get people with very high \nsecurity clearances because they are being put in very \nsensitive security positions.\n    Mrs. Morella. As a matter of fact, the Science Committee \npassed, in the first session, actually the last Congress, a \ncomputer security bill which does have the dimension of \nfellowships for computer security. Even that is not enough. \nMuch more needs to be done. We have also been pushing teacher \ntraining in technology, not so much looking at the higher \neducation, but more education from K through 12, to make sure \nthat even those teachers know something about how to use \ntechnology because the youngsters do, so they can also inspire \nthem.\n    My legislation for women and minorities and disabled in \nscience, engineering and technology, the commission is meeting, \nit will be coming up with its recommendations to get more of \nthose groups that have traditionally not been involved, \ninvolved in those fields.\n    Well, I thank you. I am going to now----\n    Mr. Horn. If you might yield on that point----\n    Mrs. Morella. I am going to recognize you for your \nquestioning.\n    Mr. Horn. Your associations could do a lot of good in \nbringing together the people from the Silicon Valleys of this \nNation, and the community college teachers in particular.\n    When you think that these programmers get about $60,000 \nwhen they are out of college or out of the community college, \nand what we need, speaking now as a Californian where we \nstarted the community college movement and we have about 107 \ncampuses from San Diego to the Oregon border, and they should \nbe talking to the Silicon Valley types and vice versa. Because \nthe State will never have enough money to get the equipment \nthat is needed to educate people on to meet the people's needs \nas they go into the industry. It just seems to me there ought \nto be a summit meeting that perhaps your group, Mr. Miller, or \nyour group and friends in the publishing world, and getting all \nthese people in the room.\n    When you think of what Jamie Escalante, the great teacher \nin L.A., that took young people that everybody had given up on \nand they got right at the top of the college boards, and it can \nbe done. We need to do that and we need to get the Mexican \nAmericans, Hispanic Americans, African Americans, Americans, \nwhatever they are, into seeing a point in their lives where \nthey can make a substantial income. That is only going to \nhappen if we start, as the chairman here said, concerning the K \nthrough 12. That is fine. But I think the K through 13 and 14 \nhave to be considered, where their role, really, is to be \neither an academic program or a vocational program. In this \ncase it is both. You need the academic background. You also \nneed the vocational background. And you need the opportunity to \nwork on equipment that makes sense.\n    I know from what I had to go through with a very--probably \nthe largest school of engineering west of Texas A&M, and we \nwere just swamped with problems on equipment in the 1970's and \nthe 1980's. Finally, our trustees stepped up to the plate and \nsaid OK, so we will pay engineers more, we will pay people in \nthe business school more. Well, that doesn't solve all the \nproblems, because the equipment is the problem, and the \nmillions that takes. And that is where it is everybody's self \ninterest to do something along that line.\n    Now, I don't know if you want to add anything to that or if \nyou are willing to do that conference, but we ought to get them \nin the same room with the American Electronics Association and \nso forth.\n    Mr. Miller. We tried to do that the last couple of years, \nMr. Chairman. We are making progress. I think that the IT \ncommunity discovered the community college system very recently \nin a sense. They didn't previously think of it as a resource, \nexcept for some chip manufacturing companies, which didn't see \nthe need for a 4-year degree. So you had a couple of instances \nin Arizona, particularly where Maracopa Community College was \ntraining people to work in the cleaning rooms for some of the \nmajor chip manufacturers. But I think the IT industry at large \ndidn't see the community college as a good resource.\n    We held our first national work force convocation at the \nUniversity of California at Berkeley in January 1998, and I \nthink that is the first time that the IT industry began to \nunderstand that the community colleges were willing to be \nflexible, and, frankly, they can change a lot more quickly than \nformal 4-year universities, I am sure you know as a former \nuniversity president.\n    Mr. Horn. You are absolutely correct. You won't get your \nsupply from Berkeley. They are wonderful people. It is true. \nThey have research designs. Ph.Ds, there is a use for some of \nthose, face it, but you want the worker people, which does take \nskill, which does take imagination, and some day they might be \nrunning their own Silicon Valley firm. That is the way the \nwhole evolution of that Santa Clara Valley has happened.\n    Mrs. Morella. I used to teach, at a community college in \nMontgomery County.\n    Mr. Horn. Absolutely.\n    Mr. Miller. It is happening. Yesterday the National \nCommission on the 21st Century Workforce had its second field \nhearing, it was actually held at De Anza in Silicon Valley, and \nI know that that is a focus of attention.\n    I spoke at a major event that the Houston Partnership held \n3 months ago, and virtually every attendee was there from a \ncommunity college. So I think the communication is starting. We \nare having our third convocation in Chicago in April of this \nyear, and have invited many of the colleges to participate. The \nkey to the community college is obviously getting support of \nthe State legislatures to get the funding to be able to offer \nthe courses. In most cases State legislatures do seem willing \nto do that.\n    Mr. Horn. They see it helps their economy.\n    Mr. Miller. It is an economic development issue, not an \neducation issue. That is what employers want to know, if I move \nmy business there, where am I going to get my IT workers.\n    Mr. Horn. You might have covered this while I was going \nover to vote, but when you look at the issues that confronted \nthe Nation that I mentioned to Mr. Koskinen on the domestic \nside, do you have any particular issues that relate to \ntechnology that you think we ought to have that kind of \noperation that we have had in the last few years where you have \nsomebody on behalf of the President pulling these things \ntogether, if it affects the economy and efficiency of the \nexecutive branch, which is the jurisdiction of my particular \nsubcommittee? So what would your themes be that somebody ought \nto be looking at?\n    Mr. Miller. Well, I have a couple. One we discussed, I \nthink, at a previous hearing, which is an information security \nczar. I think that the Koskinen model is also applicable to the \ninformation security area.\n    Right now, Mr. Chairman, if someone from academia came up \nand put a chart up on the wall of how information security is \nhandled inside the government, I don't think that wall is big \nenough to put all the boxes up there, because it is split over \nso many places. Everyone is well intentioned and has good \npurposes.\n    Mr. Horn. With the Chief Information Officer role being \npretty much throughout the 24 major agencies, hasn't that \nhelped?\n    Mr. Miller. That is very helpful. But, again, even there, \nthat is just within the particular agency. We are also talking \nabout interrelationship with the private sector, and depending \non who you ask, 85 to 90 percent of critical infrastructure we \nhave to protect is in the private sector. Yet we have to \ncoordinate with the government. Who do we coordinate with? Do \nwe coordinate with Mrs. Morella's favorite office, the CIAO \noffice, or do we coordinate the NIPC, or do we coordinate with \nthe National Security Council or the Commerce Department? It \ngoes on and on and on.\n    So we are looking for simplicity. The great thing about Mr. \nKoskinen's office was it was a little bitty office. He couldn't \ndo a lot. What he could do was he could be an enabler, he could \nbe a man who cracks the whip and try to get you to move \nquickly. But at the end of the day, you had to do it. He was \nnever going to try to superimpose his own bureaucracy, either \non the private sector or on a government agency. That is what I \nmean by a czar, not somebody that literally dictates what the \nprivate sector or the Federal agencies do. Mr. Burbano has to \ndecide what the State Department does, Mr. Cosgrave has to \nunderstand what the IRS does. But someone who can coordinate \nand pull that all together, I think that would be very helpful.\n    Mr. Horn. Well, they have a council, and I don't know how \nactive that was before this assignment was given them, but they \ncertainly ought to be working on the consensual part. Of \ncourse, what I am after is, and I will be putting it in \nshortly, is the office of management idea where the President \nhas somebody there that knows something about management, not \njust the budget. Every President puts in a director that is \neither an accountant or politician or economist, but they don't \nput anybody in that knows a thing about management, that has \nthe President's ear.\n    So I want to split that off, and, fine, keep the director \nof the budget, but make a director of management. Roosevelt had \nthat, Truman had it, Eisenhower had it. It went downhill \nstarting with Kennedy and right through Reagan. They all \npoliticized the Bureau of the Budget, which were professionals, \nand they served every President, whether they were Democrats or \nRepublicans. It didn't matter. It didn't matter what their \nparty was. They were professionals. And we have lost that \ncontingent, until we got into this situation. When we wrote the \nPresident and said look, you have got to put somebody in \ncharge, because it is going nowhere, and nothing but \nprocrastination, and he did. He made a good choice.\n    The same thing I wrote him with Rossotti. I said look, \nevery President has put in tax attorneys and tax accountants, \nhow about getting a chief executive for the job. And he did a \ngreat job in getting Mr. Rossotti. So you had two splendid \nappointments that turned agencies around.\n    Mr. Miller. Absolutely. Mr. Cosgrave, who was the CIO of \nIRS, was previously a CEO of a company, was actually on my \nboard of directors, and Mr. Rossotti recruited him to come and \nfix the Y2K problem and run that. I certainly agree with you, \nMr. Chairman.\n    I guess another thing I would say in terms of a theme is \nwith all due respect to my friends in the Federal Government \nwho bemoan the fact there are not enough Federal IT workers, I \nthink they are trying to stop this tide, and they are not going \nto win this battle. We try to help them, we meet with CIO \ncouncil, et cetera, to try to figure out how the Federal \nGovernment is going to recruit more IT workers. But I think in \nthe long-term trend they are going to lose.\n    If they are going to lose, I would rather see them focus \nattention on the transition to a world where there is much more \nIT functionality outsourced, rather than trying to constantly \nrefight this battle of what are they going to rejigger in the \nOPM manual to somehow recruit a few more IT workers. And that \ndoes not slight the Federal IT work force. I think they are \ngreat people. But I think they are just fighting a losing \ntrend, because the delta between the Federal sector pay and the \nprivate sector pay is getting bigger and bigger. The benefits \nfor people going into the private sector are much higher.\n    My members never liked to voluntarily attract someone out \nof the Federal marketplace, because they are making their \ncustomers mad at them, but the reality is you can't throw away \na resume when someone sticks one in your hand and says I want \nto get paid 25 or 30 or 50 percent more, I want to come work \nfor your company, than I can make working in the Federal \nmarketplace.\n    So I think one of the issues your subcommittee wants to \nlook at is how do you do that transition. I think it is going \nto happen, and to do it smartly rather than constantly trying \nto smart stop the tide I think would be a much more productive \nuse of resources.\n    Mr. Horn. We would welcome any thoughts you have on this. I \nknow we are already in touch with you at the staff level for \nthe computer security hearing coming up soon.\n    Mr. Beach. Mr. Chairman, I would like to comment briefly on \nyour summit idea. I think that it is a very good idea and \nencourage you to consider submitting an op-ed piece we could \nrun in CIO Magazine that would bring it to the attention of \nabout 300,000 people.\n    I like the idea of director of management for one reason. \nAgain, I was referencing earlier the CIO Know Pulse Poll that \nwe recently did that shows within 18 months, 6 in 10 in the \nprivate side of the business are going to have e-business, and \nit is going to be their core business model. And how you have \nkept the feet to the fire for the Federal agencies here leading \nup to Y2K, I think this director of management, whoever he or \nshe is, should have as one of their tasks to make certain that \nall the agencies and the millions and billions of dollars that \nthe U.S. Government has spent to upgrade its systems, how are \nthese being used, what new services, what new applications are \nyou providing for getting our bang for a buck.\n    Getting back to the previous question, Mr. Rossotti \nmentioned I think that in the IRS, they upgrade each year one-\nthird of their computers. So what happens to the third that are \nbeing thrown out? Where are these going? The other issue is \nthere is a great opportunity in the junior colleges and the 4-\nyear schools for the faculty could be adjunct faculty from the \nbusiness community. These are the men and women who know most \nabout its leading technologies. I would encourage a program of \nadjunct faculty to our Nation's community colleges are 4-year \nschools.\n    Mr. Horn. You are absolutely correct, because the research \nuniversities are simply too involved in long-term research, \nwhich does have a payoff in many ways. A lot of our industry is \nbased on that research. But in terms of getting a curriculum \nturned around, as you correctly viewed, that can happen much \nmore easily in a community college. Rather than have the \nfaculty say let's think about this for 3 years.\n    So that is part of the problem. This is a national crisis \nin skills. On the Clinger-Cohen Act, we are focusing partly on \nthe information technology human resources issues and the need \nfor qualified individuals and managers when that comes up.\n    And that's another one coming up in the next few weeks. So \nlet me skip to something else that isn't as serious as what \nwe've had here, but I guess I'd want to ask Ms. Hotka that I'm \njust curious with the wonderful technology we have to trace \neverything in the stores of America, do you know how many \ngenerators were turned in?\n    Ms. Hotka. We were sure, Mr. Chairman, that we would see \nthis mass return of generators which would then be refused at \nthe store level by stores who said that they wanted to sell it \nto you instead of lend it to you. We were amazed instead that \nstores used this as a customer retention mechanism. They said \nplease, come back and return it and while you're here, buy \nsomething else.\n    Mr. Horn. I was educated yesterday by my staff when I \nraised this that there was such a thing as a stocking fee and \ntell me about that.\n    Ms. Hotka. What some of our retailers did was to charge a \nrestocking fee so that if you brought back the generator after \nJanuary 1 in the box because you didn't need it, that they \nwould charge 20 percent. Some of them did that, did in fact \ncharge that fee but some of them I think surprised all of us \nand used this as a way to get those valued customers back into \nthe store and while they were there, by the way, why don't you \nbuy this Christmas tree which is on deep discount and it worked \nbeautifully. We saw very little demand--that was one of the \nthings that surprised us too. We thought that the public was \ngoing to flock into stores at the end of the year and buy all \nkinds of stuff. We didn't see it at all.\n    Mr. Miller. If I could make one point about your CIO \nelevation on the last question, I want to bring to your \nattention a new institution which the Virginia secretary of \ntechnology Don Upson is creating called the CIO Academy. I \ndon't know if he's publicly rolled this out yet, but I know \nhe's already recruited several State CIOs to be on the board of \ndirectors.\n    He's recruited Jim Flyzik who is the CIO of the Department \nof Treasury who was kind enough to ask me to do it. He's got \nsome other people from the private sector. I think this relates \nto the whole issue that you, of course, implemented within \nClinger Cohen which is elevating the whole position of the CIO \nwithin the organization.\n    And obviously one of the major roles that Mr. Beach's \npublication does is it also creates a network through his \npublication, his polls, his meetings he sponsors. I think \nSecretary Upson tends to do this in a much more educational \nlevel. I think you're going to see more and more where this is \ngoing.\n    Now, the challenge, and I think, Mr. Beach, you had an \narticle in your publication recently about whether the CIO job \nwill even exist in 5 years. You had some futurists discussing \nthat. I think one of the conclusions was there would be no such \nposition, maybe a chief knowledge officer or something else \nlike that but there wouldn't be a CIO because technology will \nbecome so ubiquitous that the idea that you have a specialist \nwould be like saying you have a telephone specialist. That \nwon't exist anymore.\n    Generally, I think business and government are paying a lot \nmore attention to the whole role of the CIO and part of it is \nbecause of Y2K again. It all rolls back to the fact that Y2K \nsuddenly brought to the attention of the CIO and the CFO and \nboard of directors that this guy or gal who ran the technology \nwasn't some person who you could just put off on the side of \nthe back room, that he or she was fundamental to your strategic \nbusiness or strategic government delivery of services.\n    Mr. Horn. In educating a CIO, what is your percentage of \ntechnology versus management skills?\n    Mr. Miller. I'd say knowledge of technology is somewhere \nbetween 5 and 10 percent, management understanding business, \nunderstanding the core operation is probably about 90 percent. \nI think the same way as a CFO. I don't think you expect the CFO \nto be your bookkeeper. The CFO is your financial planner, \nbusiness organizer. I think the same thing is true of your CIO \nyou don't expect him or her to be necessarily the chief \ntechnical person, that he or she is the person who is looking \nat how the technology fits into the business organization. Mr. \nBeach probably has some surveys on that I'm sure.\n    Mr. Beach. We've got lots of them. It's along with what \nHarris said. I mentioned it several times here today that what \nhas happened is that technology and e-business and e-commerce \nand the overuse of the letter ``E'' but what has happened is \nthat there has got to be an extension to a company's business \nmodel. So technology has gone from being an extension of how we \ngovern to being the core--a core part of that infrastructure of \nhow we govern.\n    I would agree with the percentages of Harris that the more \nsuccessful CIOs that I see are those men and women who have a \nkeen understanding not of technology but of their customers \nbecause then they could always use technology to service that \ncustomer need rather than saying I know everything about fiber \nand all this other stuff, you say let's go find a customer to \nsatisfy that. So they are more customer-focused, and smart \nbusinesses and smart governments are realizing that technology \nis going to be a core platform in terms of how they provide a \ngood or service.\n    Mr. Horn. Does your magazine take a look at how Y2K made us \nlearn that we can now better manage the operation once we had \nto get in and say let's merge this system with that system or \nlet's just get rid of it? To what degree do you see that \nmovement in the executive branch?\n    Mr. Beach. In the executive branch here in Washington?\n    Mr. Horn. Right or the field.\n    Mr. Beach. I think the lesson learned from the CIOs in the \nprivate sector, what Y2K taught them is that no one is an \nisland, that all these businesses are connected in these global \nsupply chains. And I can't comment particularly on the question \nof executive branch, but I would say that you--no one aspect of \nthe government, whether it's legislative, the judicial, or the \nexecutive is--it's never been that way, but technology is \ngiving each of those branches a better opportunity to \ncommunicate and share information and govern in ways that we \nhaven't thought of.\n    Ms. Hotka. If I can expand on that too. I think one of the \nthings that we found was Y2K was such a flash point, that if I \ncalled up someone from a company who's not a member and said I \nneed to talk to you about Y2K, I could get that person on the \nphone instantly. It cut across all kinds of company barriers.\n    There was no competitiveness at all. We had an immovable \ndeadline and an issue that everybody understood and so everyone \nwas willing to talk to everyone. If we can come to some kind of \ngoal like that, obviously we'll not have this again. And thank \nGod for it, but if we could come up with some kind of goal for \ntechnology literacy and for good corporate use of IT, we could \nagain get to that point where I could pick up the phone and get \nanybody on the phone and be able to cooperate. It was useful. \nIf we can harness that again it would be terrific.\n    Mr. Horn. I think you're right. I've got just one or two \nthings to say here, and then I'm going to leave and Mrs. \nMorella, she reminds me we have a conference, all of us at 1 \np.m. Let me say without objection, I want to file within the \ntestimony when after Mr. Koskinen, an exchange of letters \nbetween the Secretary General of the United Nations and myself.\n    Mrs. Morella. Without objection, so ordered.\n    Mr. Horn. No. 2, I would like to thank the following people \nthat have been involved and not just in this hearing but in \nmost of our hearings. From the subcommittee on Government \nManagement, Information, and Technology, J. Russell George, \nstaff director and chief counsel; Matthew Ryan, senior policy \ndirector; Bonnie Heald, director of communications and \nprofessional staff member; Chip Ahlswede, chief clerk and \nunfortunately it's his last hearing with us; Deborah Oppenheim, \nintern; and minority staff, Trey Henderson, the counsel; and \nJean Gosa, minority staff assistant; and for the Technology \nSubcommittee of the House Committee on Science, Jeff Grove, \nstaff director; Ben Wu, counsel; Vicki Stackwick, staff \nassistant; the technical minority staff is Michael Quear, the \nprofessional staff member; and Marty Ralston, staff assistant; \nand our two court reporters today are Bob Cochran and Laurie \nHarris. And we thank you all for what you're doing.\n    In closing on my behalf, I would say governments and \nindustries worldwide have benefited from this experience. I \nthink that testimony was very clear today. This problem has \nmany silver linings as our witnesses have described. There are \nequally as many if not more people who have worked tirelessly \nin an effort to solve the year 2000 computer problem, and we \nsaw some of them before us today. Obviously Mr. Koskinen is \nAssistant to the President and Chair of the Council on the Year \n2000 Conversion. The General Accounting Office staff, \nparticularly that staff headed by Mr. Willemssen, who was here \ntoday. Federal, State, and local government personnel, the \nprivate sector, individual grass roots organizations, and the \ntwo staffs I've mentioned and the technology subcommittee which \nhas been our partner in overseeing this massive and unique \nexperience and we thank them and this success demonstrates what \ncan be accomplished with leadership, focus, and dedication, and \nit's a great legacy to begin this new millennium and we thank \nall of you for your hard work. I thank the chairwoman.\n    Mrs. Morella. I thank you, Mr. Horn. You've expressed it \nvery well for all of us. Hardly a time to ask another question. \nI guess my final one is now as we look into the near future, \nany comments about February 29 and this concept of windowing? \nHas that been taking place and is it anything that we should be \nlooking into, comment on, enlighten the public on? Mr. Miller.\n    Mr. Miller. The companies would take the same attitude that \nyou heard expressed by Mr. Koskinen and the panel this morning. \nThey don't expect very many problems with February 29, but they \nare maintaining diligent oversight of the problem. Every leap \nyear there's a problem.\n    I hate to tell you, whether it's supposed to be or not \nsupposed to, there's problems so it's not unique. I think there \nwill be diligence, but I wouldn't expect any major problems. As \nfar as windowing again, in a way it's postponing the problem. I \nthink the expectation is it's been postponed long enough. It \nwill be OK, but we got fooled last time around. There's another \nwindowing problem which you may know about, which is not \nnecessarily this subcommittee's concern, which there is a \ngentleman who has a patent on windowing who wants a lot of \ncompanies to pay him a lot of money for that. But that right \nnow is a matter before the patent office and perhaps a matter \nbefore the court so probably Congress doesn't want to touch \nthat one right now.\n    Ms. Hotka. When we did our testing, when retail companies \nwent through and tested all the systems they thought were fine, \nthe No. 1 thing that came up with was leap year. We don't \nexpect the world to come to an end. We think you'll still be \nable to shop, but if I had to pick one thing that I thought was \ngoing to be funky that is it. We'll be in the ICC again.\n    Mr. Beach. I would just make a comment on the windowing \nthat I believe Eduardo and the previous panel mentioned it that \nkeeping an inventory of those applications that have been \nwindowed might be wise. I'd like to know where those are in 20 \nyears. I don't think we should make the mistake that we made in \nthe 1960's and 1970's that these applications are not going \nto----\n    Mrs. Morella. Exactly. Even when you think of the 1980's, \nthe 20-year span whoever thought we would now be in the year \n2000. Any final comments that you'd like to make? I want to \nthank you all very much for again being here, sharing your \nexpertise, and also for all that you have done to make this Y2K \nmillennium bug be squashed. I thank you very much. So we now \nadjourn the meeting.\n    [Whereupon, at 1:07 p.m., the subcommittee was adjourned.]\n    [The prepared statement of Hon. James A. Barcia follows:]\n\n    [GRAPHIC] [TIFF OMITTED] T6711.075\n\x1a\n</pre></body></html>\n"