[House Hearing, 106 Congress]
[From the U.S. Government Publishing Office]




 YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE 
                                 LEARN?

=======================================================================

                             JOINT HEARING

                               before the

                 SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
                      INFORMATION, AND TECHNOLOGY

                                 of the

                     COMMITTEE ON GOVERNMENT REFORM

                                and the

                       SUBCOMMITTEE ON TECHNOLOGY

                                 of the

                          COMMITTEE ON SCIENCE
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED SIXTH CONGRESS

                             SECOND SESSION

                               __________

                            JANUARY 27, 2000

                               __________

                     Committee on Government Reform

                           Serial No. 106-149

                          Committee on Science

                           Serial No. 106-84

                               __________

   Printed for the use of the Committee on Government Reform and the 
                          Committee on Science


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform


                               __________

                    U.S. GOVERNMENT PRINTING OFFICE
66-711                     WASHINGTON : 2000


                                 ______

                     COMMITTEE ON GOVERNMENT REFORM

                     DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York         HENRY A. WAXMAN, California
CONSTANCE A. MORELLA, Maryland       TOM LANTOS, California
CHRISTOPHER SHAYS, Connecticut       ROBERT E. WISE, Jr., West Virginia
ILEANA ROS-LEHTINEN, Florida         MAJOR R. OWENS, New York
JOHN M. McHUGH, New York             EDOLPHUS TOWNS, New York
STEPHEN HORN, California             PAUL E. KANJORSKI, Pennsylvania
JOHN L. MICA, Florida                PATSY T. MINK, Hawaii
THOMAS M. DAVIS, Virginia            CAROLYN B. MALONEY, New York
DAVID M. McINTOSH, Indiana           ELEANOR HOLMES NORTON, Washington, 
MARK E. SOUDER, Indiana                  DC
JOE SCARBOROUGH, Florida             CHAKA FATTAH, Pennsylvania
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
MARSHALL ``MARK'' SANFORD, South     DENNIS J. KUCINICH, Ohio
    Carolina                         ROD R. BLAGOJEVICH, Illinois
BOB BARR, Georgia                    DANNY K. DAVIS, Illinois
DAN MILLER, Florida                  JOHN F. TIERNEY, Massachusetts
ASA HUTCHINSON, Arkansas             JIM TURNER, Texas
LEE TERRY, Nebraska                  THOMAS H. ALLEN, Maine
JUDY BIGGERT, Illinois               HAROLD E. FORD, Jr., Tennessee
GREG WALDEN, Oregon                  JANICE D. SCHAKOWSKY, Illinois
DOUG OSE, California                             ------
PAUL RYAN, Wisconsin                 BERNARD SANDERS, Vermont 
HELEN CHENOWETH-HAGE, Idaho              (Independent)
DAVID VITTER, Louisiana


                      Kevin Binger, Staff Director
                 Daniel R. Moll, Deputy Staff Director
           David A. Kass, Deputy Counsel and Parliamentarian
                    Lisa Smith Arafune, Chief Clerk
                 Phil Schiliro, Minority Staff Director
                                 ------                                

   Subcommittee on Government Management, Information, and Technology

                   STEPHEN HORN, California, Chairman
JUDY BIGGERT, Illinois               JIM TURNER, Texas
THOMAS M. DAVIS, Virginia            PAUL E. KANJORSKI, Pennsylvania
GREG WALDEN, Oregon                  MAJOR R. OWENS, New York
DOUG OSE, California                 PATSY T. MINK, Hawaii
PAUL RYAN, Wisconsin                 CAROLYN B. MALONEY, New York

                               Ex Officio

DAN BURTON, Indiana                  HENRY A. WAXMAN, California
          J. Russell George, Staff Director and Chief Counsel
   Bonnie Heald, Director of Communications/Professional Staff Member
                          Chip Ahlswede, Clerk
                     Michelle Ash, Minority Counsel
                    Trey Henderson, Minority Counsel
                          COMMITTEE ON SCIENCE

          F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman
SHERWOOD L. BOEHLERT, New York       RALPH M. HALL, Texas, RMM **
LAMAR SMITH, Texas                   BART GORDON, Tennessee
CONSTANCE A. MORELLA, Maryland       JERRY F. COSTELLO, Illinois
CURT WELDON, Pennsylvania            JAMES A. BARCIA, Michigan
DANA ROHRABACHER, California         EDDIE BERNICE JOHNSON, Texas
JOE BARTON, Texas                    LYNN C. WOOLSEY, California
KEN CALVERT, California              LYNN N. RIVERS, Michigan
NICK SMITH, Michigan                 ZOE LOFGREN, California
ROSCOE G. BARTLETT, Maryland         MICHAEL F. DOYLE, Pennsylvania
VERNON J. EHLERS, Michigan *         SHEILA JACKSON LEE, Texas
DAVE WELDON, Florida                 DEBBIE STABENOW, Michigan
GIL GUTKNECHT, Minnesota             BOB ETHERIDGE, North Carolina
THOMAS W. EWING, Illinois            NICK LAMPSON, Texas
CHRIS CANNON, Utah                   JOHN B. LARSON, Connecticut
KEVIN BRADY, Texas                   MARK UDALL, Colorado
MERRILL COOK, Utah                   DAVID WU, Oregon
GEORGE R. NETHERCUTT, Jr.,           ANTHONY D. WEINER, New York
    Washington                       MICHAEL E. CAPUANO, Massachusetts
FRANK D. LUCAS, Oklahoma             BRIAN BAIRD, Washington
MARK GREEN, Wisconsin                JOSEPH M. HOEFFEL, Pennsylvania
STEVEN T. KUYKENDALL, California     DENNIS MOORE, Kansas
GARY G. MILLER, California           JOE BACA, California
JUDY BIGGERT, Illinois
MARSHALL ``MARK'' SANFORD, South 
    Carolina
JACK METCALF, Washington


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on January 27, 2000.................................     1
Statement of:
    Koskinen, John, Assistant to the President, chairman, 
      President's Council on Year 2000 Conversion; Joel C. 
      Willemssen, Director, Civil Agencies Information Systems, 
      U.S. General Accounting Office; Charles Rossotti, 
      Commissioner, Internal Revenue Service; and Fernando 
      Burbano, Chief Information Officer, Department of State....    13
    Miller, Harris, president, Information Technology Association 
      of America; Cathy Hotka, vice president for information 
      technology, National Retail Federation; and Gary Beach, 
      publisher, CIO Communications, Inc.........................    99
Letters, statements, et cetera, submitted for the record by:
    Barcia, Hon. James A., a Representative in Congress from the 
      State of Michigan, prepared statement of...................   129
    Beach, Gary, publisher, CIO Communications, Inc., prepared 
      statement of...............................................   113
    Biggert, Hon. Judy, a Representative in Congress from the 
      State of Illinois, prepared statement of...................    11
    Burbano, Fernando, Chief Information Officer, Department of 
      State, prepared statement of...............................    75
    Horn, Hon. Stephen, a Representative in Congress from the 
      State of California, prepared statement of.................     4
    Koskinen, John, Assistant to the President, chairman, 
      President's Council on Year 2000 Conversion, prepared 
      statement of...............................................    17
    Miller, Harris, president, Information Technology Association 
      of America, prepared statement of..........................   102
    Rossotti, Charles, Commissioner, Internal Revenue Service, 
      prepared statement of......................................    63
    Willemssen, Joel C., Director, Civil Agencies Information 
      Systems, U.S. General Accounting Office, prepared statement 
      of.........................................................    26

 
 YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE 
                                 LEARN?

                              ----------                              


                       THURSDAY, JANUARY 27, 2000

        House of Representatives, Subcommittee on 
            Government Management, Information, and 
            Technology, Committee on Government Reform, 
            joint with the Subcommittee on Technology, 
            Committee on Science,
                                                    Washington, DC.
    The subcommittees met, pursuant to notice, at 10 a.m., in 
room 2154, Rayburn House Office Building, Hon. Stephen Horn 
(chairman of the Subcommittee on Government Management, 
Information, and Technology) presiding.
    Present for the Subcommittee on Government Management, 
Information, and Technology: Representatives Horn, Biggert, 
Walden, and Turner.
    Staff present for the Subcommittee on Government 
Management, Information, and Technology: J. Russell George, 
staff director and chief counsel; Mathew Ryan, senior policy 
director; Bonnie Heald, director of communications and 
professional staff member; Chip Ahlswede, clerk; Deborah 
Oppenheim, intern; Michelle Ash and Trey Henderson, minority 
counsels; and Jean Gosa, minority clerk.
    Present for the Subcommittee on Technology: Representatives 
Morella, Green, Barcia, Wu, and Baird.
    Staff present for the Subcommittee on Technology: Jeff 
Grove, staff director; Ben Wu, counsel; Michael Quear, minority 
professional staff member; and Marty Ralston, minority staff 
assistant.
    Mr. Horn. This joint hearing of the House Subcommittee on 
Government Management, Information, and Technology, and the 
House Subcommittee on Technology will come to order.
    It is now 27 days into the new millennium. The lights are 
still on, telephones keep ringing, and the airplanes are still 
flying. So far, the biggest challenge, at least here on the 
east coast, is shoveling through the mountainous snowdrifts 
dumped by the first major storm of the year 2000. Thanks to the 
hard work of thousands of dedicated people at a cost in the 
billions of dollars, we have the luxury of meeting today to 
discuss the benefits that have been derived from the year 2000 
computer challenge.
    Over the past 4 years, these subcommittees have spent 
countless hours examining the Federal Government's computer 
preparations for the year 2000, or Y2K. When we began this 
process in April 1996, two Cabinet Secretaries had never heard 
of Y2K, much less begun preparing for it. That ultimately 
changed, but not without congressional prodding through 43 
hearings and 10 report cards, grading agencies on their 
progress. In addition to fixing all of the government's 6,400 
mission-critical computer systems, the subcommittees expected 
agencies to develop viable contingency plans in case those 
computer fixes did not work. We prodded, we questioned, and we 
hoped for the best, and the best happened. The Federal 
Government experienced a successful transition into the new 
millennium.
    Some glitches did occur, however, giving cause to wonder 
what might have happened if the work had not been completed. I 
am inserting in the hearing record a statement stressing that 
without the work of many in the executive and legislative 
branches, it would not have been as successful.
    Without objection, that will be in the record at this 
point.
    The Defense Department had problems with its surveillance 
satellites. Some retailers were unable to process customer 
credit card purchases. A Chicago area bank was unable to 
process Medicare payments. As far as we know, those isolated 
problems were quickly repaired. Some still question whether 
other incidents might have occurred, but were unexpected due to 
a fix first, report later mentality.
    Successfully meeting the year 2000 challenge has provided 
many lessons that must not be ignored or forgotten. The 
unextendable deadline forced government leaders to focus on 
information technology issues. Program and technology personnel 
worked intensely and closely to get the job done. In addition, 
government agencies and private sector organizations were 
forced to develop detailed inventories of their technology 
resources and computer systems, in many cases for the first 
time. Unnecessary and obsolete systems have hopefully been 
discarded.
    Finally, government agencies and their partners have tested 
and retested data flows at unprecedented levels. Strong 
teamwork and rugged determination solved the year 2000 problem.
    Some critics now question whether the high cost of this 
massive effort was necessary. The best estimates currently 
indicate that the executive branch will spend more than $8 
billion on year 2000 fixes. The Secretary of Commerce has 
reported that the United States will have spent about $100 
billion on the effort as a whole.
    Was that money well spent? Of course it was.
    The executive branch of the Federal Government has not 
always been known as a careful steward of the citizens' money, 
regardless of what party is in power. Large corporations have 
waste also, and those that are publicly traded could not afford 
to squander hundreds of millions of dollars on unnecessary 
computer problems and contingency plans. Boards of directors 
and stockholders would not permit it. Whether large or small, 
successful businesses rarely fritter away money. This was a 
massive problem that required a massive solution.
    We are grateful to everyone who contributed the many ideas, 
solutions, and hard work that led to the success of this 
effort, from government personnel to grassroots organizations 
and the private sector. Thank you all for a job well done.
    Today we welcome some of those dedicated leaders. The 
Honorable John Koskinen, Assistant to the President and Chair 
of the President's Council on Year 2000 Conversion; Mr. Joel 
Willemssen, Director of Civil Agencies Information Systems for 
the General Accounting Office; the Honorable Charles Rossotti, 
Commissioner of Internal Revenue; Mr. Fernando Burbano, Chief 
Information Officer of the Department of State and cochairman 
of the Security Privacy and Infrastructure Committee of the 
Chief Information Officer Council; Mr. Harris Miller, president 
of Information Technology Association of America; Ms. Kathy 
Hotka, vice president for Information Technology of the 
National Retail Federation; and, last, Mr. Gary Beach, 
publisher of the CIO Communications, Inc. I might say that is a 
very distinguished magazine, and I read it regularly. We 
welcome each of you, and look forward to your testimony.
    It is a pleasure to first introduce Mr. John Koskinen, 
special assistant to the President, Chairman, President's 
Council on Year 2000 Conversion.
    [The prepared statement of Hon. Stephen Horn follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.001
    
    [GRAPHIC] [TIFF OMITTED] T6711.002
    
    Mr. Horn. I now yield for opening statement from the 
cochairman of the task force, Mrs. Morella, the gentlewoman 
from Maryland.
    Mrs. Morella. Thank you very much, Mr. Chairman. We will 
hear from Mr. Koskinen and the very prominent panel very 
shortly.
    I appreciate having this hearing. I think it is important 
that we look back at what has happened, and in particular, look 
ahead to the future. If I had told everyone in this room a 
month ago that in January 2000 the Federal Government would 
shut down for 2 days and virtually the entire southeast and 
northeast would be crippled, most likely everyone would have 
immediately blamed Y2K millennium bug and not mother nature. 
Yet it took a blizzard of snow and ice to accomplish what many 
doomsayers had predicted long ago for the millennium bug. So 
how is it that a winter storm caused more damage and 
inconveniences than the Y2K problem?
    In the ensuing weeks since the passage of January 1, 2000, 
similar questions have been posted. Was the Y2K problem real or 
was it overhyped? Was the $100 billion spent in the United 
States, roughly $365 for every American citizen overall? Did 
all of our efforts stave off an impending disaster, or was Y2K 
simply a nonevent waiting to happen?
    In my mind, there is no doubt the problem was real. From 
the very first hearing that my technology subcommittee 
conducted in the spring of 1996, to right up to the final month 
of December 1999, we witnessed systems failing Y2K tests and 
crashing completely. Our concern for the Y2K issue was 
initially so great and disturbing that we have held almost 100 
hearings in both the House and the Senate on the issue, which I 
understand makes Y2K the single most thoroughly investigated 
issue ever in the history of congressional oversight.
    Ultimately, I believe two factors tipped the balance from 
the grave uncertainty many of us harbored in the beginning. The 
first was that we all knew the Y2K problem would strike on a 
certain date, January 1, 2000, thereby allowing us to 
collectively plan, coordinate and collaborate toward that 
deadline.
    The other and more significant factor was that after over a 
year and a half of persistent cajoling by Congress, after we 
realized this, our Nation required executive action to 
effectively combat the Y2K problem, the President finally 
exercised his authority in the spring of 1998. Y2K was suddenly 
catapulted to become a top administration management priority, 
and John Koskinen was appointed to oversee our Federal 
Government's efforts and to partner with our Nation's private 
sector and with other countries internationally.
    John certainly deserves a great deal of accolades for his 
stewardship. The well-deserved cheers I wanted to point out to 
for our victory in vanquishing the millennium bug should also 
go to those who ably served in the front lines of this epic 
battle, all the dedicated Federal employees, public servants 
and professionals who were the technicians, and those who gave 
countless hours on their holidays to provide assurance to the 
American people that our Nation would be prepared for Y2K.
    I think the fact that nothing of disastrous proportions 
happened does not mean that nothing would have happened. For 
example, the American Banking Association reported that, but 
for the $10 billion in Y2K fixes, mortgage calculations would 
have been incorrect, direct deposit of pay and government 
benefits would have been problematic, and credit cards could 
not be read due to problems with expiration dates.
    Similarly, the telecommunications industry reported that 
the $3.6 billion that they spent over the past 3 to 4 years 
prevented the potential gradual deterioration of public switch 
telephone network performance, including slow response times 
for dial tone access as well as interruptions of service.
    The result of our Y2K experience is a testament to the fact 
that we prepared well and we invested properly.
    I believe, however, the investments were not just about 
Y2K, but also about improving our Nation's information 
technology systems and gaining knowledge about those systems. 
That is the focus of our hearing today. This hearing is not 
designed to simply pat each other on the back or to allow our 
panelists to take a figurative victory lap around the witness 
table, but to ascertain the lessons that we learned from our 
Y2K experience.
    Will Y2K inspire a conscious effort for greater long-term 
planning and more reliable and secure technology, or will it 
just prolong the shortsighted thinking that made Y2K so costly?
    While many systems have relays replaced, some programs were 
fixed by applying a Y2K patch that will require another round 
of fixes within the next two decades. I look forward to 
addressing these and many other issues with our distinguished 
panel of witnesses, most of whom have appeared before us on 
many occasions. It is only appropriate that since this is the 
absolutely positively final last and ultimate hearing of the 
House Y2K Task Force, we close with those who have been 
involved with this issue since the very beginning.
    Perhaps this hearing can provide the foundation for 
initiatives as we address the 5-digit computer date problem, 
Y10K as it may come to be known. If so at that time, maybe 
Steve Horn and I can chair that task force, along with Strom 
Thurmond in the Senate.
    I would like to extend my deep appreciation to all the 
members of my technology subcommittee and Congressman Horn's 
government management subcommittee and his leadership for the 4 
years of vigilant and cooperative bipartisan initiatives, and I 
especially want to acknowledge the hard work of my ranking 
member, Jim Barcia, and certainly Chairman Horn, the 
distinguished cochair of the task force, and Jim Turner of the 
government management subcommittee, ranking member, and the 
members of both subcommittees who have been very dedicated, and 
I yield back. Thank you.
    Mr. Horn. We thank you so much for your nice words for all 
the Members, and all of our witnesses. We agree with you, and I 
am delighted to now yield to the gentleman who has been here 
right from the beginning of his duties as the ranking member on 
the side of the subcommittee on government management, Mr. 
Turner from Texas. We are delighted you could make it out of 
the snow, if you have any down there, and into Washington for 
this meeting. So thank you very much for all you have done to 
help us in the field hearings and everywhere else.
    Mr. Turner. Thank you, Mr. Chairman. When I left Texas the 
other day, it was 80 degrees.
    I want to commend you, Mr. Chairman, and Chairwoman 
Morella, for the good work you have done. This task force and 
these two committees were about a 3\1/2\-year project. As I 
recall, my staff advised me we had 24 different hearings of 
this subcommittee alone on this subject. Many observers say 
that the Y2K problem was the greatest management challenge the 
Federal Government has faced, and perhaps that is true. I think 
most of us had a high degree of confidence after the many 
hearings that we had that we would make it through January 1st 
without great problems, but nobody really knew for sure. The 
fact we did make it I am sure is due, in large part, to the 
hard work you, Mr. Chairman, and Chairwoman Morella, have made 
in an effort to make sure the Federal Government is ready.
    I also want to commend the ranking member of the science 
subcommittee, Mr. Barcia, and I want to thank Mr. Williamson. 
He worked very diligently, met with this committee time and 
time again, and I think, in large part, usual efforts helped us 
get to where we needed to go.
    Of course, Mr. Koskinen and the President's Y2K council, I 
think, did an outstanding job. I really felt sorry for you when 
I was watching you on television on New Year's Day and you kept 
holding these press conferences with nothing to say. That is 
the worst nightmare of any politician, that somehow we would 
have a press conference and there is nothing to say. But you 
seemed to have survived it well, and you and your council did 
an outstanding job working not only with the public sector and 
Federal agencies, but reaching out to the private sector to 
ensure that we got to where we needed to go.
    That is not to say there weren't significant potential 
problems. As I recall from many of our hearings, we tried to 
ask witnesses that came before us to tell us what they fixed, 
what would happen if they had not been diligent about 
remediation of their Y2K problems, and some of the stories we 
heard clearly convinced me that all of the effort and all of 
the work that took place was needed, did accomplish the desired 
result, and the fact that we had no great crisis on January 1 
was to the credit of all of those many thousands of people who 
spent countless hours and millions of dollars to remediate the 
problem.
    We are here today not to congratulate ourselves, but to 
look back and to review the results of our efforts, to see what 
lessons we have learned. I feel confident we are better 
prepared as a Nation to meet a future national emergency than 
we have ever been in terms of keeping our computer systems 
working, which, of course, every facet of our life now depends 
upon our computers working well.
    So I think we are going to have a good hearing today, and I 
appreciate all the witnesses being here. Again, I would like to 
thank Chairman Horn and Chairwoman Morella for the good work 
that you did.
    Mr. Horn. Well, thank you very much. You have sure been 
with us since the ground floor, and we have another person who 
has been with us ever since she has been elected to Congress, 
and the gentlewoman from Illinois, Mrs. Biggert, we have held 
hearings in her area, which is a wonderful suburb outside of 
Chicago, and we appreciate your regular attendance at these 
meetings and the contributions you have made in staff meetings 
and Member meetings. So thank you very much for coming to this 
hearing. The gentlewoman from Illinois, Mrs. Biggert.
    Mrs. Biggert. Thank you, Chairman Horn and Chairwoman 
Morella. Let me thank you for calling this hearing on the 
impact of the Y2K date change. Contrary to what some people 
felt might happen, the planes didn't fall from the sky when the 
clock struck midnight, telephones retained their dial tones, 
water still ran from the faucets and America's New Year's 
celebrations were not left in the dark. So I think we had a 
good new year.
    But remarkably, and a little bit surprisingly, substantial 
Y2K problems were not experienced out of this country either, 
despite the lack of preparation on the part of some of the 
nations' computers and other essential services across the 
globe. We really saw no major disruptions.
    But as this committee heard numerous times during its 
hearings, Y2K-related glitches could have had a substantial and 
extremely negative impact on the variety of services, the 
smooth turnover from 1999 into 2000 is directly related, I 
think, to the billions of dollars and hundreds of man-hours 
directed toward preventing and correcting potential Y2K 
problems. I think it goes without saying that from what we have 
seen, or seen thus far relating to Y2K disruptions, that these 
efforts paid off handsomely. Y2K preparations paid off in other 
ways as well as a result of the Y2K concerns; there are now 
thousands more American families that own the equipment, such 
as generators needed to prepare for other types of emergencies, 
namely snowstorms, floods and hurricanes.
    All of my family, even my 7-month-old grandson, now have 
new flashlights and fresh new batteries. Government leaders on 
every level now have a better understanding of technology, 
management issues and are aware of the importance of 
cooperation between local, State and Federal officials. What is 
more, the millennium bug provided a reason to upgrade 
government technology systems and to inventory resources.
    So just being able to say some 3 weeks after the year 2000 
rollover, it turned out to be a positive experience, that is a 
testament to the hard work of the House Y2K task force and to 
the leadership of Chairman Horn and Chairman Morella, and it is 
also a testament to the efforts of today's witnesses, 
particularly Mr. Koskinen and Mr. Willemssen and the others at 
the General Accounting Office. Your work over the last--at 
least 3 years in raising awareness and highlighting the 
potential problems related to the Y2K date change is to be 
recognized and commended.
    I don't want to leave you with the impression that Y2K 
glitches didn't occur. In fact, at least one bank in my home 
State of Illinois did experience some Y2K problems when it was 
temporarily unable to make some Medicare transactions. The 
Federal Government, I don't think, was immune either. Three of 
the Federal Housing Administration mission-critical systems 
experienced problems shortly after January 1st.
    So we are here today really, I think, to see if there are 
any outstanding Y2K issues and to sort out what went right and 
what went wrong, and to help the American people understand 
what transpired on January 1, 2000, and let them know about the 
significant long-term benefits this situation provided to our 
government and to private industry.
    So, again, I commend the men for calling the hearing today 
and for all the work you have both done on this important issue 
and look forward to hearing from the witnesses. Thank you.
    [The prepared statement of Hon. Judy Biggert follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.003
    
    [GRAPHIC] [TIFF OMITTED] T6711.004
    
    Mr. Horn. Well, thank you very much. I now yield to the 
gentleman from Oregon, Mr. Walden, who has been with us in 
field hearings and a faithful worker in the very active work of 
these subcommittees. Mr. Walden, the gentleman from Oregon.
    Mr. Walden. Thank you very much, Mr. Chairman. I want to 
extend my appreciation to the work you have done and others on 
this committee certainly for bird-dogging this issue throughout 
the last year or more. I think in large measure, the report 
cards that you issued were a very positive step in not only 
notifying our own agencies, but the world, where we stood and 
proved to be a very effective technique for spurring on the 
changes that needed to be made to cope with the Y2K issue.
    In my other life, I was a small business owner, and I can 
tell you Y2K was not a cheap thing to go through. Our own 
little company spent well over $40,000 in upgrading software. I 
know that I am not alone in the small business community in 
that respect. So there was an enormous amount of capital spent 
to deal with this issue, and hopefully the programmers who will 
deal with the 10K issue, I won't have to help pay for them down 
the road.
    But I think it was an excellent exercise. I think it forced 
both of us in both the government and private industry to do an 
incredible amount of improvement to our software and to our 
hardware. That should help us down the road in a competitive 
status as well.
    So, Mr. Chairman, I again want to thank you for your 
tireless efforts to make that the country was ready, and I look 
forward to hearing from our panelists as well. Thank you.
    Mr. Horn. I thank the gentleman for your kindness.
    The next gentleman has also been very active since he has 
come here in the last election, Mr. Green of Wisconsin, Mark 
Green. He has been faithfully working on some of these problems 
and has a whole series of other things he wants us to consider 
too, and we will.
    Mr. Green. Thank you, Mr. Chairman. I have no comments at 
this time, but will look forward to the testimony.
    Mr. Horn. Thank you very much.
    Now it is a great pleasure to present the person that put 
the executive branch together, where it was no question it 
wasn't going anywhere until the President picked Mr. Koskinen 
out of retirement, who delayed his trip to France to have time 
for retirement after his position as Deputy Director for 
Management of the Office of Management and Budget. You did a 
great job, John, and we are delighted to have you here with 
your thoughts as to what happened and what did we learn from 
it, and what can we use from it.

   STATEMENTS OF JOHN KOSKINEN, ASSISTANT TO THE PRESIDENT, 
CHAIRMAN, PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION; JOEL C. 
WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. 
  GENERAL ACCOUNTING OFFICE; CHARLES ROSSOTTI, COMMISSIONER, 
     INTERNAL REVENUE SERVICE; AND FERNANDO BURBANO, CHIEF 
            INFORMATION OFFICER, DEPARTMENT OF STATE

    Mr. Koskinen. Thank you, Mr. Chairman. Good morning. I am 
pleased to appear once again before this joint session of the 
subcommittees to discuss the activities of the President's 
Council on Year 2000 Conversion and the Nation's successful 
transition to the year 2000. With your permission, I will 
submit my full statement to the record and summarize it here. I 
appreciate everyone's kind comments and would like to 
acknowledge as well the work of your subcommittees in helping 
to prepare the Federal Government and the country for the 
century date change.
    I appreciate your work and I think it deserves recognition 
as we look back on what has been truly a remarkable effort.
    I continued to believe that Y2K was the greatest management 
challenge the world has faced in the last 50 years. Given the 
size of the task, it is easy to understand why just 2 or 3 
years ago many serious people who had looked at the situation 
maintained there was no way the work could be finished in time. 
When I returned to the government in March 1998 to work on Y2K, 
things were fairly grim. The consensus was the government 
wouldn't make it. In the private sector, information 
bottlenecks were widespread and companies weren't saying much 
about their own readiness for Y2K.
    On top of all that, the World Bank released a study showing 
that three-quarters of the world's countries had no Y2K plans 
at all. In short, Y2K looked too mammoth, too complicated and 
too interconnected to be solvable. Now, almost 2 years later, 
the United States and much of the world have made the 
transition into the year 2000 with few problems that have had a 
noticeable impact on the general public.
    How did it hatch? It wasn't by accident. There was a 
tremendous mobilization of people and resources to make sure 
that systems would operate effectively into the year 2000. 
Domestically, participants in key infrastructure sectors, such 
as electric power, telecommunications finance and 
transportation devoted great attention and resources to the 
problem, and as we moved to the ends of the year, operators of 
systems in those areas stated they were basically done with 
their Y2K work.
    We reported this information in our last quarterly 
assessment, and, as we expected, there were no major 
infrastructure failures, nationally or regionally in the United 
States. The Federal Government was also ready for the year 
2000. Two weeks before the new year, 99.9 percent of the 
government's more than 6,000 mission-critical systems were Y2K 
ready.
    The result was that while it has been noted there have been 
some glitches, thus far Y2K issues have not affected the major 
government services and benefits provided to the American 
people.
    Internationally, after a slow start, countries made a 
concerted effort to ensure that critical issues would be ready 
for the date change and, as a general matter, major 
infrastructure systems abroad functioned smoothly during the 
rollover.
    There is general agreement that the Y2K transition went 
more smoothly than any of us would have imagined. In fact, as 
noted in the week since the rollover, some people have 
suggested that Y2K was an insignificant problem, hyped by the 
media, computer consultants and those with other reasons for 
hoping the world as we know it was about to end.
    The short answer is that I don't know of a single person 
working on Y2K who thinks that they did not confront and avoid 
a major risk of systemic failure. Indeed, some of the 
noteworthy problems we have seen from difficulties at State 
motor vehicle offices to credit card processing problems to its 
Defense Department satellite system failure, proved that Y2K 
was a very real threat indeed.
    While I do not think that the significance of the Y2K 
problems was exaggerated, there were those who disagreed with 
our reports indicating that the problem was being successfully 
addressed. This form of hype can be traced to the skepticism 
and disbelief in some quarters that companies or governments 
reporting on their own progress could be telling the truth. In 
the United States, I kept reminding my doomsayer friends that 
it made no sense to discount these reports, since everyone who 
was in a position of responsibility would be easily found after 
January 1. Many continued to assume the worst would 
materialize, some now discounting the significance of the Y2K 
threat point to the relative lack of major disruptions abroad.
    How did countries that appeared to have spent so little and 
were thought to be relatively unprepared emerge unscathed? 
Here, I think, there were a number of factors at work. Chief 
among them was the difficulty of getting accurate status 
reports, especially internationally on a fast-moving issue such 
as Y2K. Information 3 months old was out-of-date. But in the 
absence of additional details, people often relied on that 
older information, and then were surprised when it turned out 
to have been overtaken by subsequent progress.
    Additionally, once you get beyond the world's largest users 
of information technology, countries like the United States, 
Canada, Japan and the United Kingdom, the reliance upon 
information technology drops off quickly. Furthermore, the 
technology being used in other countries is more likely to be 
off the shelf and not customized applications that are more 
difficult to fix.
    Finally, countries starting later had the benefits of the 
lessons learned by those working on Y2K for several years. We 
spent a lot of time in the last 12 months encouraging the 
sharing of technical information about problems, products, 
fixes and testing techniques, and I think it is obvious that 
worked paid off.
    So what lessons can we draw from the Y2K experience? First, 
Y2K has taught us that top management needs to be more involved 
in information technology on an ongoing basis, since 
information technology cuts to the very heart of how 
organizations conduct their business. In many companies, it was 
only when the board of directors or the chief executive officer 
took ownership of the problem that we could see the first signs 
of any real progress.
    Y2K has also shown us that we need to do a better job of 
configuration management, in other words, keeping track of the 
technology we use and the functions it performs. Y2K provided 
many large firms a reason to conduct, for the first time ever, 
a comprehensive inventory of their information technology 
infrastructure and processes.
    Not surprisingly, organizations found that some systems 
could be discarded without any loss in productivity. Other 
systems were replaced by newer, more efficient models. Third, 
Y2K has demonstrated the value of forming partnerships across 
traditional boundaries to achieve a common goal. In addition to 
showing us the increasing interconnectedness of organizations 
through technology, Y2K highlighted the fact that private 
industry and government can work together to address major 
national issues.
    I think that spirit of partnership obviously extended to 
the political arena as well. Most people realized early on 
there was not a Democratic or Republican solution to this 
problem, and we really have worked well together, particularly 
in the partnership that led to the passage of the Year 2000 
Information Readiness and Disclosure Act in 1998.
    Finally, I think that Y2K has demonstrated that we need to 
include the American public in the discussions about any future 
large-scale challenges. Given the facts, whatever they are, 
people generally responded appropriately. Even when industry 
and government information provided to the public revealed that 
there was still substantial work left to do, people were 
reassured rather than alarmed. They seemed comforted to know 
their organizations were treating the problem seriously, were 
working together to solve it, and would keep them informed with 
the status of the situation.
    The President's Council will soon cease its operations. 
Before we post the going-out-of-business sign, we will focus on 
monitoring activities during the leap year rollover. We do not 
expect any major national problems and we anticipate the 
Council will shut down for good by the end of March.
    In closing, I would like to echo the comments made that the 
Federal Government and the country's successful resolution of 
the Y2K problem attributes to the skill, dedication and hard 
work of thousands of professionals that have focused on this 
issue. It has been my pleasure to assist them as part of this 
vital national effort, and I look forward to answering any 
questions you may have at the conclusion of the other 
statements.
    Mr. Horn. Thank you very much.
    [The prepared statement of Mr. Koskinen follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.005
    
    [GRAPHIC] [TIFF OMITTED] T6711.006
    
    [GRAPHIC] [TIFF OMITTED] T6711.007
    
    [GRAPHIC] [TIFF OMITTED] T6711.008
    
    [GRAPHIC] [TIFF OMITTED] T6711.009
    
    [GRAPHIC] [TIFF OMITTED] T6711.010
    
    [GRAPHIC] [TIFF OMITTED] T6711.011
    
    Mr. Horn. We will go down, as you know, with this panel and 
then open it up to questions, because I think some of the 
information will jibe and some won't.
    The gentleman from the General Accounting Office, Mr. Joel 
Willemssen, the Director of Civil Agencies Information Systems, 
Accounting and Information Management Division. Mr. Willemssen 
has gone all over the United States with the subcommittee on 
government management and has been an active participant in the 
various panels we have had of government officials, private 
sector and so on. So it is a pleasure to have you here.
    I know you were working right up to midnight there, as I 
saw you in John's command center. So we appreciate all you have 
done and your team at the General Accounting Office.
    Mr. Willemssen. Thank you, Mr. Chairman, Chairwoman 
Morella, Ranking Member Turner, members of the subcommittees, 
thank you for inviting us to testify today. As requested, I 
will summarize our statement.
    Overall, during the rollover period, our country had 
relatively few Y2K-related errors that affected the delivery of 
key services. While the Y2K challenge is not yet over, because 
some key business processes have not yet been fully executed 
and some risky dates remain, the Nation's success thus far is a 
very positive indicator that these hurdles will also be 
overcome. The leadership exhibited by the legislative and the 
executive branches and the partnerships formed by numerous 
organizations were pivotal factors behind the success.
    The Y2K-related errors that were experienced during the 
rollover generally did not affect the delivery of key services 
because they were either corrected quickly or contingency plans 
were implemented. A key reason that Y2K errors had little 
effect on the delivery of services is that Federal agencies and 
other organizations used the rollover weekend to identify and 
correct errors before the problems resulted in operational 
consequences.
    In the Federal Government, the few Y2K disruptions that 
were significant were mitigated by quick action. For example, 
the Department of Defense, Health Care Financing Administration 
and Federal Aviation Administration each experienced 
significant Y2K events that they were able to address quickly.
    For high impact State-administered problems such as 
Medicaid, food stamps and unemployment insurance, actions by 
States and the Federal Departments of Agriculture, Health and 
Human Services and Labor have paid off. Errors reported were 
often cosmetic printing or display problems with few failures 
resulting in disruptions to service.
    The threat posed by Y2K was a much needed wake-up call for 
organizations to improve their management of information 
technology. Y2K has laid a foundation for longer term 
improvements in the way that Federal Government manages 
information technology. I would like to quickly summarize some 
of the key lessons that we have learned out of the Y2K 
experience.
    First, as mentioned, one of the most important factors 
underpinning the success of Y2K was leadership at the highest 
levels of government. In particular, congressional oversight 
played a central role in pushing agencies forward on Y2K. Mr. 
Koskinen and the President's Y2K Council provided strong 
effective leadership.
    Second, Y2K served as a notice to many on how much we rely 
on information technology to deliver key services.
    Third, there was standard guidance that was put together 
that was universally accepted, adopted and implemented, which 
facilitated Y2K efforts and oversight. Such guidance provided 
consistency, imposed structure and discipline and enhanced the 
rigor of testing and assessment efforts.
    Fourth, as Mr. Koskinen mentioned, the establishment of 
partnerships among various organizations was especially 
important. In particular, the partnerships formed by Mr. 
Koskinen, Federal agencies and private sector organizations 
were instrumental to the Nation's Y2K efforts.
    Fifth, we found that using standard techniques and metrics 
to monitor performance was especially helpful in measuring 
progress and remaining challenges.
    Finally, Y2K saw many agencies take charge of their 
information technology resources in much more active ways. In 
many instances, it forced agencies to inventory their systems 
and to link those systems to agencies' core business processes. 
Also the development and testing of contingency plans should 
have benefits way beyond Y2K.
    Further, Y2K prompted agencies to establish needed policies 
in areas such as configuration management, risk management and 
software testing.
    In summary, the Y2K rollover was clearly a success for our 
Nation. A key challenge now for the Federal Government is 
ensuring that the lessons learned in addressing Y2K can be 
effectively used to improve overall information technology 
management.
    That concludes the summary of my statement. Thank you very 
much.
    Mr. Horn. I thank you very much. We have a lot to pursue in 
your very fine document here as to what did go wrong.
    [The prepared statement of Mr. Willemssen follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.012
    
    [GRAPHIC] [TIFF OMITTED] T6711.013
    
    [GRAPHIC] [TIFF OMITTED] T6711.014
    
    [GRAPHIC] [TIFF OMITTED] T6711.015
    
    [GRAPHIC] [TIFF OMITTED] T6711.016
    
    [GRAPHIC] [TIFF OMITTED] T6711.017
    
    [GRAPHIC] [TIFF OMITTED] T6711.018
    
    [GRAPHIC] [TIFF OMITTED] T6711.019
    
    [GRAPHIC] [TIFF OMITTED] T6711.020
    
    [GRAPHIC] [TIFF OMITTED] T6711.021
    
    [GRAPHIC] [TIFF OMITTED] T6711.022
    
    [GRAPHIC] [TIFF OMITTED] T6711.023
    
    [GRAPHIC] [TIFF OMITTED] T6711.024
    
    [GRAPHIC] [TIFF OMITTED] T6711.025
    
    [GRAPHIC] [TIFF OMITTED] T6711.026
    
    [GRAPHIC] [TIFF OMITTED] T6711.027
    
    [GRAPHIC] [TIFF OMITTED] T6711.028
    
    [GRAPHIC] [TIFF OMITTED] T6711.029
    
    [GRAPHIC] [TIFF OMITTED] T6711.030
    
    [GRAPHIC] [TIFF OMITTED] T6711.031
    
    [GRAPHIC] [TIFF OMITTED] T6711.032
    
    [GRAPHIC] [TIFF OMITTED] T6711.033
    
    [GRAPHIC] [TIFF OMITTED] T6711.034
    
    [GRAPHIC] [TIFF OMITTED] T6711.035
    
    [GRAPHIC] [TIFF OMITTED] T6711.036
    
    [GRAPHIC] [TIFF OMITTED] T6711.037
    
    [GRAPHIC] [TIFF OMITTED] T6711.038
    
    [GRAPHIC] [TIFF OMITTED] T6711.039
    
    [GRAPHIC] [TIFF OMITTED] T6711.040
    
    [GRAPHIC] [TIFF OMITTED] T6711.041
    
    [GRAPHIC] [TIFF OMITTED] T6711.042
    
    [GRAPHIC] [TIFF OMITTED] T6711.043
    
    [GRAPHIC] [TIFF OMITTED] T6711.044
    
    [GRAPHIC] [TIFF OMITTED] T6711.045
    
    Mr. Horn. It is always a pleasure to have the Commissioner 
of Internal Revenue here. We will see you again on April 15th. 
We would love to hear your statement, because you had a lot of 
burdens counting on it, people that wanted refunds and all the 
rest of it. So thank you, Commissioner, for being here.
    Mr. Rossotti. Thank you, Mr. Chairman. It is good to be 
here. Madam Chairman and distinguished Members, I am very 
pleased to report that the IRS experienced a smooth Y2K 
rollover starting on December 29th and continuing up to the 
present with fewer problems this January than we normally 
experience in a normal January. To date, we have had good 
success. It was hard work and our success can be attributed to 
the comprehensive planning and preparations we have conducted 
over the last 3\1/2\ years. We also are very grateful for the 
guidance and assistance you provided, your committee, as well 
as Mr. Koskinen and GAO.
    I do want to note we cannot yet declare total victory on 
Y2K at the IRS. Some risks do remain, and in particular, we 
have to be very vigilant about Y2K problems that could still 
crop up during our high volume tax filing season, which really 
starts in February and continues through April.
    As I discussed in previous hearings, the scope of the Y2K 
problem at the IRS was enormous and required a significant 
investment, about $1.3 billion, to plan and prepare.
    But fortunately, that investment was made. Had we not 
adequately prepared for Y2K, I think it is fair to say the tax 
system of the United States would simply have ground to a halt. 
In my written testimony, I described several scenarios for 
today, I picked out a few of the events that would have 
occurred.
    For example, our 14-year-old system for entering data from 
paper tax returns would have stopped working if we had simply 
allowed it to roll over without modification. This particular 
combination of hardware, software and third-party products 
could not be renovated, and therefore, was totally redesigned 
and replaced during 1998 and 1999. Without this system, about 
90 million individual income tax returns that come in on paper 
would have just been piling up right now.
    Second, interest and penalty calculations would have been 
incorrect and would have generated wrong notices to taxpayers. 
For example, if we had not replaced the system, we would have 
sent about 67 million wrong notices to taxpayers telling them 
that they owe money to the IRS. Those numbers would have been 
wrong.
    Third, our data transfers with important external 
organizations such as the financial management service and the 
Federal Reserve Bank would have failed because of incompatible 
dates. This would have impaired or eliminated the ability to 
issue about 80 million refunds.
    Just a final example, I think this is particularly 
interesting, and certainly not unexpected, but after years of 
fixing and testing these systems, we did one final end-to-end 
test that was completed about the middle of December. This 
particular final end-to-end test identified 175 problems. Some 
of those would have been very serious had we not fixed them at 
the end. For example, a system that generates new balance 
notices to taxpayers for certain tax periods was displaying the 
date as 2099 instead of 1999 for some of those notices.
    So if this problem had not been fixed, we would have been 
sending out hundreds of thousands of notices to taxpayers with 
incorrect tax periods and wrong payment dates that would have 
generated mass confusion among those taxpayers, and this was 
just only one example. There are many more scenarios in my 
written testimony. Of course, none of these things actually did 
happen, and that was simply because we acted in time to solve 
the problems.
    Now, the question is sometimes asked in the form of was Y2K 
a blessing in disguise? I would have to say that I would not 
consider it to have been a blessing, whether it was disguised 
or not disguised, but there are some important residual 
benefits in the IRS that we will realize from the investment. I 
will mention the four most important.
    The first is we did replace a lot of obsolete hardware and 
system software products. As a result of the Y2K program, most 
of our hardware in the IRS has been replaced, since most of it 
was really obsolete, and software releases have been brought 
up-to-date. This bringing up-to-date of this infrastructure is 
essential for supporting what we are now embarked on, our 
technology modernization program, and, of course, it is 
imperative that we have adequate annual replacements of 
hardware and regular routine upgrades of software releases in 
order to keep this vast installed base up-to-date.
    Second, we did implement some very important improvements 
in our program management practices. Our Y2K program was 
successful largely because effective program management 
practices were implemented over the last 3 years. These 
practices will be extremely valuable as we now move forward 
with our technology modernization program.
    I do want to note as challenging as Y2K was, our 
modernization program imposes even more and different 
challenges because it involves major business changes as well 
as technology.
    Third, we were able to standardize many products. The IRS-
installed base of hardware and software was not only obsolete, 
it was heterogeneous in the extreme. The Y2K program has 
allowed us to set up and largely implement standard products. 
Because of our reorganization under the leadership of our CIO, 
Paul Cosgrave, we now have the management structure and 
delegated authority in place to make design and procurement 
decisions to maintain standardization of technology.
    Finally, we implemented improved inventory management. GAO 
has justly criticized the IRS for years for the poor condition 
of our IT inventory. Because of Y2K, we were forced to examine 
our inventory and bring it up-to-date as never before. So the 
condition of our inventory records is greatly improved, 
although I have to note it is still not fully where it needs to 
be, and there is much that needs to be done in the future on 
that problem.
    In conclusion, Mr. Chairman, we are gratified with our 
results. I stress there are still some risks that remain. 
Clearly, we gained some residual benefits which will be of 
great value as we proceed to our even more challenging business 
system modernization programs. These benefits will only be 
realized if we actively continue the practices established 
during Y2K, including regular replacement and upgrades of 
hardware and software. We will keep the subcommittees apprised 
of any remaining problems and our actions to correct them.
    I thank you for the opportunity to discuss our efforts, and 
certainly thank you for your interest and support over the last 
3 years.
    Mr. Horn. Well, we thank you very much.
    [The prepared statement of Mr. Rossotti follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.046
    
    [GRAPHIC] [TIFF OMITTED] T6711.047
    
    [GRAPHIC] [TIFF OMITTED] T6711.048
    
    [GRAPHIC] [TIFF OMITTED] T6711.049
    
    [GRAPHIC] [TIFF OMITTED] T6711.050
    
    [GRAPHIC] [TIFF OMITTED] T6711.051
    
    [GRAPHIC] [TIFF OMITTED] T6711.052
    
    [GRAPHIC] [TIFF OMITTED] T6711.053
    
    [GRAPHIC] [TIFF OMITTED] T6711.054
    
    Mr. Horn. As Mr. Koskinen leaves the scene, there is no 
question in my mind the toughest job in the executive branch is 
the Commissioner of Internal Revenue. If anybody is going to 
turn that agency around, you are.
    So, thank you.
    The last witness on this panel is Mr. Fernando Burbano, the 
Chief Information Officer of the Department of State. We are 
glad to have you here.
    Mr. Burbano. Thank you, Mr. Chairman, Madam Chairwoman and 
distinguished members of both committees. Since my oral 
testimony is limited to 5 minutes, my written testimony 
includes more detail.
    As chairman of the CIO Council Subcommittee on Critical 
Infrastructure Protection, I am pleased to have this 
opportunity to discuss how lessons learned, products and 
processes developed in support of Y2K, can be leveraged into 
our ongoing critical infrastructure security efforts and 
challenges facing Federal agencies in implementing security 
pleasures.
    As well, in my role as CIO of the State Department, I would 
like to thank you for providing me this opportunity to talk 
about the results and continuing impacts of the Department's 
successful Y2K preparation efforts. The Department of State, 
along with rest of the Federal Government, showed just how 
powerful and effective we can be when we are singularly focused 
and committed to solving a problem and are provided the 
necessary resources to get the job done.
    First, let me quickly address the cost of preparing for 
Y2K. The question is, did we spend too much? The answer is very 
simple: Absolutely not. We should be careful not to confuse the 
lack of catastrophic disruptions with unnecessary preparations 
by the Federal Government.
    Now, moving on to the actual results of the Y2K rollover 
and its impacts to the global community. In general, there are 
few and only minor Y2K failures reported internationally, and 
none that impacted the safety of American citizens worldwide. I 
believe this global success is a direct result of the U.S. 
Government's international outreach and awareness campaign led 
by the Department of State, the Department of Defense and the 
President's Council on the Y2K Conversion, in coordination with 
the United Nations and World Bank.
    Embassies representing the U.S. presence in over 160 
countries around the world played a key role in monitoring and 
reporting events in their host countries and post facilities 
through a Y2K task force convened in State's operations center. 
Additionally, internal State Department systems fared 
exceptionally well throughout the rollover, experiencing no 
significant failures among our mission critical, critical and 
routine systems.
    As you are well aware, many of the products and processes 
developed to address Y2K problems can be applied to future 
challenges and serve as the foundation for managing issues with 
cross-agency and public-private boundaries, including critical 
infrastructure protection. In fact, much of the work already 
done is a prerequisite for PDD 63, critical infrastructure 
protection, Clinger-Cohen, and other government performance 
results act initiatives.
    Specifically, Y2K preparation forced government agencies to 
take a close look at its IT applications and produce a complete 
prioritized inventory. This is a critical first step to 
identifying and refining the mission essential infrastructure 
as required by PDD 63.
    The Y2K effort produced program management methodologies 
which were applied across all government agencies and included 
executive and congressional oversight, Assistant Secretary 
level management and repeatable standardized measures and 
processes. This management structure can also be applied to 
critical infrastructure protection.
    All elements of the Federal Government reviewed and 
developed contingency plans for critical business processes. 
The development of these contingency plans resulted in a 
greater understanding by senior policy managers of the 
dependency of business processes on IT systems. Additionally, 
these plans are durable beyond Y2K established a foundation for 
all future contingency operations planning.
    For the Y2K rollover period, the government developed a 
robust global reporting structural which can be leveraged into 
a mechanism for monitoring threats against critical 
infrastructure elements. For example, within the Department of 
State, we have developed a web-based geographic information 
system to collect cyber-threat information from all overseas 
posts. This tool can serve as a pilot system for other agencies 
to collect and analyze cyber-threat data.
    Finally, Y2K preparation efforts increased the level of 
interagency cooperation and coordination between the public and 
private sectors. The same working level teamwork will be 
required to effectively implement critical infrastructure 
protection plans.
    There are two areas which I believe allow the Federal 
Government to successfully overcome widespread Y2K problems in 
the face of an unmovable tight deadline.
    First, continued participation by key congressional 
oversight organizations provided Federal Y2K programs the 
authority needed to push agency resources to their limits.
    Second, the ability of Federal Y2K programs to rapidly 
obtain and more importantly retain adequate separate 
supplemental funding, specifically designated for Y2K, allowed 
each agency to acquire the resources necessary to achieve the 
time sensitive objectives.
    This ability of Federal agencies to have access to a 
congressionally managed yet continuous separate supplemental 
funding stream designated specifically for the Y2K effort 
allowed Federal CIOs and Y2K program managers the ability to 
acquire and retain qualified resources in the needed quantity.
    Critical infrastructure protection requires the same 
approach. Involvement by Congress and other oversight 
organizations to raise the level of awareness and visibility 
throughout the Federal community and overseas CIP 
implementation in support of national security goals is vital, 
and this activity is already underway.
    But just as important to me and my colleagues through our 
government is access to funding which allows each of us to 
begin developing and implementing our plans in accordance with 
PDD 63 and other critical infrastructure protection guidance 
and statutes.
    One of the key obstacles preventing agencies from 
immediately pursuing CIP initiatives is the lack of current 
funding for these projects. Due to the Federal Government's 
budget cycle, forecasting the future work is done 2 years prior 
to the budget year. Therefore, as new requirements are levied, 
current agency budgets do not reflect changing priorities and 
requirements, such as the need for critical infrastructure 
protection implementation initiative. In light of this, there 
are numerous events that have prevented agencies from 
adequately addressing current CIP implementation requirements 
in their fiscal year 2000 and fiscal year 2001 budgets.
    First, the unprecedented and unpredictable growth of 
Internet use and technologies over the last 2 years; second, 
the corresponding collateral growth of the cyber underworld 
during this same period; third, the extent to which our daily 
business relies on Internet-based systems and the fundamental 
shift of business tools to be used in a web-based environment; 
finally, expanding CIP requirements on Federal agencies, 
including the recent critical infrastructure plan released and 
its 10 programs, some of which require immediate 
implementation.
    These are just some of the reasons why Federal agencies are 
poorly positioned to successfully implement critical 
infrastructure to address the challenge posed by the ever-
growing cyber underworld, not to mention to be in compliance 
with executive guidance. Although we of the CIO council fully 
understand fiscal constraints, reallocation of such a fraction 
of the current surplus would be a solid investment for the 
protection of the Federal Government's critical infrastructure.
    In closing, it is my belief and the belief of members of my 
subcommittee and CIO's across the Federal Government that in 
order for the national CIP initiatives to be fully successful, 
continued congressional support as well as the ability to get 
access to specific CIP and security-related funding is vital. I 
cannot emphasize that without congressional-backed support, 
including adequate funding, we on the subcommittee of the 
critical infrastructure committee believe that the government 
will significantly fall short of national critical 
infrastructure protection goals. Thank you.
    Mr. Horn. We thank you very much for that statement.
    [The prepared statement of Mr. Burbano follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.055
    
    [GRAPHIC] [TIFF OMITTED] T6711.056
    
    [GRAPHIC] [TIFF OMITTED] T6711.057
    
    [GRAPHIC] [TIFF OMITTED] T6711.058
    
    [GRAPHIC] [TIFF OMITTED] T6711.059
    
    [GRAPHIC] [TIFF OMITTED] T6711.060
    
    [GRAPHIC] [TIFF OMITTED] T6711.061
    
    [GRAPHIC] [TIFF OMITTED] T6711.062
    
    [GRAPHIC] [TIFF OMITTED] T6711.063
    
    Mr. Horn. We are sure there will be questions for every 
witness. I am going to start with the cochairman of the task 
force, the gentlewoman from Maryland, to begin the questioning. 
It will be limited to 5 minutes by each Member, and it will 
alternate between those who have not had a chance, starting 
with Mr. Turner after the gentlewoman from Maryland.
    Mrs. Morella. Thank you, Mr. Chairman.
    You know, I hear from all of you some of the same results 
assessments. First of all, you became more familiar in your 
various agencies, departments, groups with whom you work, with 
information technology and its role in the future. Second, 
there was an assessment of the systems that you have, so you 
are ready to move ahead with information technology.
    Also, I think, rising to the forefront is the concept of 
the partnerships, partnerships within the Federal Government, 
the executive branch, legislative branch, but also partnerships 
with the private sector, partnerships with local governments. I 
think that is something that we could all learn from and hope 
to continue to preserve.
    We also--I think you all said you felt this was very 
important and that it did prevent some big problems.
    My two questions I am going to meld into one because of the 
time constraints. First of all, I am surprised myself that 
there weren't some problems with the Pakistans of this world, 
Russia. They didn't seem to have any major problems. These are 
places with older computer systems. I just wondered if you all 
were surprised at the lack of the problems we have heard about 
emanating from those countries and other countries that would 
be in the same category?
    Second part, as we look to leap year, February 29th, do you 
foresee any major or minor problems? Is there something we 
should be doing about that?
    I guess I could start then with Chairman Koskinen.
    Mr. Koskinen. Well, as I noted in my testimony, I think 
things did go better abroad than anyone had expected. 
Partially, though, I think that is because we fell prey to what 
I thought people did here, which is we didn't believe other 
countries when they gave us their progress reports.
    In the last 2 months of the year, country after country 
issued reports that didn't say there wasn't a problem, but 
basically said they identified the places where they needed to 
apply resources; they had done that effectively and they were 
prepared. We all sort of said it was late in the day, are they 
really prepared? It turned out they were, for a number of 
reasons that I discussed.
    One is, a lot of them had much less reliance on information 
technology, certainly in their infrastructure, than we do here. 
In fact, I think there are a relatively small number of 
countries in the world that have complicated computerized 
control systems for their infrastructure that put them at risk. 
So a lot of countries discovered that the embedded-chips did 
not create a problem for their infrastructure.
    In fact, in the last quarter of last year, we noted, based 
on testimony and information from industry experts, that it was 
unlikely that the lights would go out anywhere or that a dial 
tone would stop anywhere, that the risk in infrastructure 
systems with embedded systems was gradual degradation of 
service over a period of time.
    So in the countries that we knew were in the middle--the 
truly developing countries have very little IT and were at risk 
primarily in financial systems, it was the Pakistans, 
Indonesias, Russias, Chinas of the world--that had a reasonable 
reliance on information technology, where people were concerned 
about how much they had done.
    I think it is a combination of the fact that they started 
late, but they spent a lot of time in the last 6 to 9 months 
working hard on it. They got the benefit of learning from 
everybody else. There was a tremendous amount of information 
exchanged as we moved through it, and third, a lot of their 
systems are still analog, they are not digital. They did not 
depend upon new digitalized equipment, and therefore, they were 
able to prioritize their resources in a much more focused way.
    But I would emphasize that the image of those countries, as 
if they didn't do anything, they were unconcerned and just 
waited around, was wrong. We met with 173 country delegates in 
June at the United Nations, and every one of those countries 
understood this was a problem that, in some degree, affected 
them. Every one of those countries was then focused on Y2K, 
every country met at least twice in every region of the world 
cooperating, or most of the countries did, cooperating, sharing 
information.
    So I think what happened was in that last 6 months far more 
work was done in a very focused, effective way than any of us 
were able to get a window on.
    With regard to February 29th, it has turned out in testing, 
certainly in the Federal systems and in the private sector, 
that there have been more mistakes than one would have thought. 
You would have thought people would have gotten the right 
result for the wrong reason, which is, they didn't understand 
the rule of centuries, they just divided by 4 and figured out 
the year 2000 was a leap year.
    It turned out there were a reasonable number of programmers 
that had just enough information to be dangerous, which is, 
they knew centuries generally aren't leap years, they just 
didn't know the rule of the exception divisible by 400.
    So this is primarily a software problem, although there 
were some potential embedded chip and system operations 
problems. Our judgment is we will see no more glitches than we 
saw on January 1, which were relatively minor and modest.
    We are going to monitor it for two reasons. One is we think 
it is important for those who are operating systems to 
understand it is a real problem and there is still time for 
them to test their systems. Most major companies have already 
done that.
    Second, it will be important to monitor the 3 days: the 
28th, 29th and 1st of March, so the glitches that occur, and I 
think inevitably there will be some, are put in the appropriate 
context. If we had not been able to identify the limited nature 
of the glitches as they occurred over that first 2 or 3 days on 
the rollover, we would have had a very different media 
response. When reports came in of legitimate glitches, the 
fact, we were able to confirm their accuracy, but expand by 
saying that is the only country in which it happened, or the 
only area that happened. It allowed us to put the glitch in the 
right context. Absent that, you would have had a greater 
likelihood of unnecessary overreaction by either the media or 
the public. We don't expect there will be many glitches, but we 
think it is important for the public to know where they are and 
what their significance is.
    Mrs. Morella. I would like to give you opportunity to 
respond, Mr. Burbano. Incidentally, I love that acronym for the 
critical infrastructure, CIAO. It is easy to remember.
    Mr. Burbano. Thank you. Working at the State Department, I 
had a great opportunity to actually go overseas to many of the 
countries and meet the John Koskinens of those countries and 
their sector leaders. I found two things quite interesting, and 
that is why I personally wasn't too surprised.
    One is in talking to them, I found out they were not as 
automated as some of the people thought they were. But more 
importantly, the culture in a lot of these countries is not to 
report the status of government systems, whether it is good or 
bad, believe it or not. But they will reveal more orally, which 
obviously when you try to track status, is the only thing that 
are looked at is written, and if you don't have information to 
provide, you assume the worst, and that is why they don't get 
reported as well. Those were the two reasons I found.
    Mrs. Morella. Like people say about the President, 
underestimate so that the results will be attributed to you, 
however it comes out.
    Mr. Horn. I thank the gentlewoman.
    I now yield to the gentleman from Texas, Mr. Turner, the 
ranking member, 5 minutes for questioning.
    Mr. Turner. Thank you, Mr. Chairman.
    Mr. Koskinen, I don't know if you have this information or 
are set up to collect it, but earlier we had a lot of dire 
predictions about lawsuits being filed all over the place 
regarding Y2K problems, and I would be curious as to whether or 
not any of that has occurred and the degree to which that was a 
significance problem?
    Mr. Koskinen. Well, some of us maintained last year that 
you couldn't have massive lawsuits without having massive 
failures, and therefore, at least the President Council's 
position was there was not likely to be this flood of 
litigation, because there was not likely to be a flood of 
failures.
    That turns out to have been correct. There have been a 
relatively modest number, but significant lawsuits have been 
filed where people are arguing about who is going to pay for 
the fixes, and the question is whether insurance policies cover 
the failures that companies avoided, particularly in major 
companies in the United States.
    But as a general matter, in the absence of any very 
significant Y2K failures since the 1st of the year, obviously, 
you can't have a lawsuit if you don't have somebody damaged in 
some way. So at this juncture, the only lawsuits out there are 
primarily focused on arguments between those who fixed the 
systems and primarily their insurance companies about who ought 
to pay for it. Even that is not anything like a flood of 
litigation.
    Mr. Turner. As I recall, of those issues that you mentioned 
regarding who should pay for fixing, it was not the subject of 
the litigation nor the success of the legislation that 
attracted so much attention in the Congress, because all issues 
were separate and aside from the issues that were dealt with in 
the Y2K litigation.
    Mr. Koskinen. That is right. The legislation that the 
Congress passed primarily addressed the rights and 
responsibilities of potential plaintiffs and defendants if 
there were system failures, focused primarily on giving 
potential defendants the opportunity and the right to fix any 
of those failures within a defined period of time, and again, 
since there have been relatively few of those problems that 
amounted to much, there have been a lot of glitches along the 
way, there hasn't been much need for the legislation. But I am 
sure people would argue that since there were great risks, if 
we didn't get the work done, that there would be failures, 
there was some potential that the failures obviously would have 
generated litigation. The fact that we haven't had the failures 
has had the side effect that we are not going to much 
litigation.
    Mr. Turner. That is all I have, Mr. Chairman. Thank you.
    Mr. Horn. Thank you very much.
    We are in the question period. Does the gentlewoman from 
Illinois have some questions? The gentlewoman is recognized for 
5 minutes.
    Mrs. Biggert. Thank you.
    As far as what is going to happen in the future, will there 
be a plan like continuation of your Council, or is there going 
to be an office that will remain after probably the leap year?
    Mr. Koskinen. Well, if there is, it won't have me in it. 
No, the Council will, as I noted, fold up its tent and fade 
away into the dusk, probably by the end of March. The issue 
going forward that Mr. Burbano noted that people are focused on 
is how will we deal with information technology security and 
threats to the critical infrastructure, and there is a 
Presidential decision directive, PDD 63, that sets out a 
structure and an organizational framework for dealing with 
those issues, coordinated by the National Security Council out 
of the White House. So that operation, while we have been 
coordinating very closely together over the last 2 years, will 
continue, but it is already set up in the Critical 
Infrastructure Assurance Organization [CIAO], as Chairwoman 
Morella noted, and that will be separate from the President's 
Council.
    Mrs. Biggert. So there will no longer be a CIO czar?
    Mr. Koskinen. That is right. I never saw myself as the CIO 
czar. The CIOs actually have been very capable of taking care 
of themselves.
    Mrs. Biggert. Again to Mr. Koskinen, what was the biggest 
surprise of the rollover?
    Mr. Koskinen. Well, if you look back at our quarterly 
assessments, we did four of those. In the last one we put out 
in the fall, basically in the United States the rollover went 
as we predicted. We said there were going to be no national 
infrastructure failures, there would be no regional failures, 
if there were any failures, there would be isolated problems at 
the local level. That is what we basically have seen. So in the 
United States we have been pleased that there haven't been more 
visible problems for small businesses. A number of them have 
had glitches, but they seem to have been able to deal with 
those, because that was an area we were concerned about.
    So, like others, I think the bigger area of uncertainty for 
us was what was going to happen abroad. Again, we did not think 
as we noted in our report and in a report by the Department of 
Commerce that any glitches abroad would have any significant or 
noticeable impact on the American economy.
    We looked at the range of possibilities, where the 
countries were that were at risk, and where our trade and 
business partners were, and it was clear to us, no matter what 
happened in the countries we thought were at risk, it was not 
going to have an economic impact on us. That also turned out to 
be true.
    But as we discussed earlier, I think all of us were, 
primarily for a lack of information, concerned about a number 
of countries that rely on some information technology who 
started late, where it was hard to know exactly how much work 
they had gotten done in the last 6 to 9 months of 1999. It 
turned out that in their basic infrastructure, I think 
primarily because it was not as much at risk as we might have 
suspected, there haven't been any infrastructure failures.
    The other thing to bear in mind is in the areas where I 
think they were at greatest risk, which is in financial 
transactions and communications, those systems were being 
tested and worked on for the last 2 years on an international 
basis. So even in a country that didn't have an organized 
process for infrastructure protection, its banking system had 
to be testing and working with other banking systems, because 
the central bankers around the world for the last 2 years 
focused on that. That was, in many ways I think, the biggest 
risk they had and the biggest success they had.
    Mrs. Biggert. I guess just one last question, that so many 
valuable lessons came out of the experience, and how are we 
going to ensure that these lessons aren't lost if we don't 
continue on after leap year day, February 29th, I guess it is?
    Mr. Koskinen. We created in my prior incarnation, with the 
help of this committee and others, the Clinger-Cohen Act and 
the Chief Information Officers Council and CIOs in all of the 
agencies, with the idea they would be as they have been the 
focus for information technology issues across the government.
    That council is chaired by my successor as the Deputy 
Director for Management at OMB, and independent of the 
information technology issues, the security issues that are 
under the critical infrastructure assurance organization, but 
focused on by the CIOs as well, there is an existing vehicle 
that I think, over the last 3 years of its existence, has 
turned out to be very effective for bringing together all of 
the Federal agencies and their senior information technology 
people to work together on isolating and identifying what are 
the critical challenges the Federal Government faces, how 
should we be organized to deal with those, and then 
implementing those situation suggestions.
    Mrs. Biggert. Thank you. Thank you, Mr. Chairman.
    Mr. Horn. Thank you very much. Let me ask you, Mr. 
Koskinen, you have had a lot of experience in the executive 
branch, first in OMB and other consultant operations, and, of 
course, this. You note in your formal statement here, and you 
mentioned it also, I believe, in your oral summary, this is the 
greatest management challenge the world has faced in the last 
50 years. I think there is probably a lot of truth to that on 
the world.
    But when we look at major management challenges within the 
executive branch over 50 to 60 years, we see the atomic bomb 
and the hydrogen bomb, major challenges of how you put that 
together; going to the moon is certainly another one, setting a 
goal as President Kennedy there; Admiral Rickover and the 
nuclear Navy, where you cut through a lot of bureaucracy and 
got the job done.
    I guess I would ask you, as you look here, how do 
Presidents best get served in dealing with those management 
problems and the one you just presided over? So give us a 
little insight into that.
    Mr. Koskinen. Well, as I say, I think the difference 
between the Y2K problem and the other significant challenges 
you floated, which I think were important for the country is, 
this was a challenge that affected every system in the Federal 
Government, every agency. So it was not a question of having 
NASA or the Energy Department or someone else focusing on a 
very major challenge.
    This was a challenge of having every Federal agency, large 
and small, challenged at the same time, not only within each 
agency but across agency lines. The Treasury Department 
services and provides financial services to a wide range of 
Federal agencies, for example.
    I think in all of those cases, what is needed is for people 
to identify the problem and for it to have a high level of 
commitment and attention from the Congress as well as from the 
executive branch. Again, I think the structure set up of the 
CIO council for information technology challenges going forward 
is an effective structural vehicle for the government to be 
able to surface what the issues are and deal with them 
effectively.
    So as we move forward, I think information technology is 
not a series of episodic challenges for us. Information 
technology is an ongoing issue, not just for the Federal 
Government, but for the private sector and world as we become 
more reliant on information technology for everything from 
communication to financial transactions.
    Mr. Horn. What do you see based on usual experience as to 
the one or two management challenges after this is done? What 
do you see? You have had a real eye-opener, I think, throughout 
the last few years.
    Mr. Koskinen. Clearly information technology is a 
challenge. I think it has affected our ability to modernize 
systems across the government, to have them implemented and 
operate effectively, has been for some time and will continue 
to be a challenge.
    I think performance measurement. I was a great supporter of 
the Government Performance and Results Act. I think it is 
important, not only for effective management within the 
government, but for an improved dialog with the public about 
what our goals are and our objectives are and how we are doing 
and achieving those.
    So as we go forward, I think we have on our plate 
significant challenges, and we probably don't have to reach out 
and find new ones. If we could handle both of those 
effectively, deliver services more effectively under GPRA and 
provide improved updated modernized information technology 
delivery systems across the government, I think we are headed 
in the right direction in those areas, but I think they are 
major challenges.
    Mr. Horn. We are going to be holding hearings with the 
Government Management Subcommittee on Clinger-Cohen that was 
mentioned, which came out of this subcommittee and the full 
committee, and also on the computer security issue, which came 
up here, so we will be looking for you to testify on those 
things. Those certainly cut across different agencies within 
the executive branch. We have a whole other agenda also we can 
get into with whoever is in place there with the CIOs, because 
I think that is very important, what you did when you took the 
job and came out of retirement. You went around and sat down 
with the Deputy Secretaries who often operate the departments, 
and I think that was very important.
    Would you like anything else to have done that you didn't 
have time to do?
    Mr. Koskinen. No. Oddly enough, this was my feeling even 
before we had the successful transition, if I had to do it over 
again, I wouldn't do anything differently. We did all we needed 
to do, I think, and all we could do. I got tremendous 
cooperation from not only the leadership in all of the Federal 
agencies, but as I noted, I think a stunning achievement by 
career public servants in the Federal Government and State and 
local government, demonstrating an ability to meet a real 
challenge and meet it effectively.
    Mr. Horn. What are you going to do with that $50 million 
headquarters? Who moves in?
    Mr. Koskinen. That includes the operational cost for a 
year, so not all of it will be in place. But OMB is working 
with the agencies and I have said that when we do our last 
briefing on March 1st for the rollover, OMB at that time will 
announce exactly what its plans are for the operational 
capacity at the information coordination center.
    Mr. Horn. Most Presidents early in the morning get a 
national security briefing coming over from CIA. Do any 
Presidents ever get a management briefing in the morning as to 
what is going on in the executive branch and why not?
    Mr. Koskinen. That is not in my jurisdiction at this point, 
so I can't tell you whether that is done or not.
    Mr. Horn. It was in part when you were Deputy Director for 
management. The question is most Presidents don't know what is 
going on in the executive branch unless there is some crisis 
that hits the papers. Shouldn't Presidents also be looking at 
the domestic situation, just as they look in the morning at the 
foreign situation?
    Mr. Koskinen. There is no doubt that our ability to manage 
the vast organizations we have and the significant funds that 
we have is an important part of our responsibility to the 
public, and I think that not just in the executive branch and 
the Congress as well, it is oftentimes more exciting to talk 
about new policies or new programs or failures isolated.
    It is much harder, as you know, in the leadership you have 
had in your subcommittee, to get people to understand and focus 
on day-in and day-out management. But when push comes to shove, 
our ability to make changes and provide benefits to people 
depends on our ability to manage programs effectively. Good 
ideas poorly implemented are actually very ineffective.
    Mr. Horn. I am going to yield now to Mr. Wu from Oregon for 
5 minutes of questioning.
    Mr. Wu. Thank you, Mr. Chairman. I am just going to use a 
little bit of my time and really focus on this a little bit 
more with the private sector panel coming up. I just want to 
ask one question:
    With the upgrades, the new equipment, the other preparation 
work which was done in the Federal agencies, do you see, or are 
you currently experiencing a dip in procurement as a result of 
the bulge, if you will, prior to December 31st?
    Mr. Koskinen. I think the agencies can probably answer that 
question better.
    Mr. Burbano. I would like to address that as the CIO for 
the State Department. I would say not really, for this reason. 
There was a lot of systems, and I know at the State Department 
we put a moratorium on systems development and implementation 
and so forth if it wasn't Y2K-related.
    So all of that was put on the shelf, and now it is getting 
off-the-shelf as soon as the leap year is over. So that is 
going to offset.
    Mr. Rossotti. With respect to the IRS what really happened 
is that over a 2 to 3-year period, we made an investment to 
bring up-to-date our hardware and operating system software. 
But, for example, with PCs, personal computers, we really need 
to be on about a 3-year replacement cycle there, so we are 
replacing each year about one-third of the computers 
representing what was installed 3 years ago. That is kind of 
the way that we are planning it.
    There will be some dropoff in a few areas where we had to 
make some special investments, but, on the whole, what we 
really want to do is get on a long-range planning basis where 
we invest a certain amount every year so that we don't get 
behind as badly as we were 3 years ago.
    Mr. Wu. And with respect to personnel, the people you 
brought aboard, whether on a long-term basis or on a contract 
basis to help you with the Y2K problem, are they being 
redeployed within your agencies, have they left? What is going 
on with the people?
    Mr. Rossotti. Speaking for myself and the IRS, what we have 
done is we simply made a determined effort 2 years ago to 
retain the people we had. Unfortunately, we were suffering 
attrition. So we made some very successful efforts to retain 
the people we had, the people who really know some of these old 
software systems, and simply had to put many, many other things 
on hold. We even had to go to the Congress when they passed the 
Restructuring Reform Act, and ask that some of the effective 
dates for the law be extended out to 2001, because there was no 
way to implement some of the things while still working on the 
2000 fixes. So what we did was we simply took our staff, tried 
to retain it, and allocated it to fixing Y2K as the top 
priority, putting other things on hold. What we are now doing 
is trying to dig out from this huge backlog.
    Furthermore, we are in an unusual position in that we are 
now just embarking on an enormous technology modernization 
program. What IRS has right now is we have relatively new 
hardware in most cases, and relatively up-to-date operating 
systems, such as your Windows-type operating systems and your 
mainframe operating systems.
    What we don't have is up-to-date application software. We 
have, in fact, extremely obsolete applications software, and we 
have a lot of it. So our role now over the next several years 
is with the help of a prime contractor is to reengineer that 
technology, and as I mentioned in my opening statement, that 
involves business change as well as technology change. So you 
could almost think of Y2K as just laying the groundwork for 
what we really have to do over the next several years to 
reengineer our applications.
    Mr. Burbano. From my view at the State Department, with the 
new Y2K initiative, if you want to call it the critical 
infrastructure protection I have been talking about, there is 
going to be a huge demand for new people with possibly 
different skills for computer security, cyber terrorism and so 
forth. So there will be a replacement. Some of the skills used 
in Y2K can certainly be applied. Others, maybe not. So you have 
to look at it on a case-by-case basis. Regardless, there is 
going to be a huge demand for this new initiative that is 
facing us that is very serious.
    Mr. Wu. On net, do you think you are adding folks in the 
hardware-software information systems area, or are you shedding 
a few now in the State Department?
    Mr. Burbano. I think it is a combination. Not with 
employees, with contractors. It is a combination of shifting, 
replacement of skills, keeping some. But don't forget, we are 
still not out of the Y2K window until the rollover of the leap 
year. So that is a little bit too early to say right now. But 
we are starting to look at it in that view, that since we do 
have this new huge initiative that is very important and will 
go on for the unforeseeable future, there will be a replacement 
of skills, and some of those will be applicable and some not.
    Mr. Wu. I thank the witnesses. Thank you, Mr. Chairman. I 
yield back the balance of my time.
    Mr. Horn. The gentleman from Washington, Mr. Baird, 5 
minutes.
    Mr. Baird. No questions.
    Mr. Horn. Mrs. Biggert, the gentlewoman from Illinois.
    Mrs. Biggert. Thank you. In making the fixes on the 
computers, organizations really used a lot of different 
methods, and some, apparently, I think what we heard before 
were like short-term fixes as far as the date change of 
windowing, making the dates like 99 and 00 rather than 1999 or 
2000.
    Will there be any oversight or will organizations, do you 
think, pursue a permanent change, or will these temporary 
changes or fixes really last for the long time, or will there 
have to be something done there? Is there any oversight, I 
guess, is the question or do they need to--do you know of 
organizations that will need to pursue the permanent fix? Maybe 
Mr. Willemssen.
    And one other thing, I think, like HCFA delayed putting in 
a new system until this was over. Do you see that the Y2K will 
have benefited how for them to pursue that, the new changes in 
their systems?
    Mr. Willemssen. First of all, you are correct, many 
organizations had to use techniques such as windowing, because 
in many instances they had no choice. There wasn't enough time 
to go through a full date expansion of the software and data 
bases. So many of them did use those kind of techniques.
    They will not last forever. Many of those same 
organizations plan to have new systems over the next few years, 
so that the risk, if those new systems come in, is relatively 
small. However, the caveat to that is when programmers put in 2 
digits in the 1970's and 1980's, they thought their systems 
also would be replaced, and many of them were not.
    So there still has to be some oversight of that issue. I 
would say it is very difficult, though, to generalize among 
agencies because even within a specific agency business 
function, some may have windowed, some may have gotten a new 
system, while others may have fully expanded the date field. It 
is therefore, an issue where you have to go in and do a full 
examination and know what you are dealing with and be aware of 
where your risk points are as time continues with these kind of 
patched systems.
    Mr. Burbano. I would like to say that at the State 
Department, since the Y2K program office was run underneath the 
CIO, which is remaining, we do track where we used windowing. 
We used a combination of windowing repairs as well as 
replacements. We do have a list of those. We are tracking them, 
and most of those are 10 years or more out. But we do have a 
list of those and we will track them so long as the CIO office 
lasts.
    Mrs. Biggert. Thank you. Thank you, Mr. Chairman.
    Mr. Horn. Thank you. Now the cochairman of this task force, 
Mrs. Morella, the gentlewoman from Maryland.
    Mrs. Morella. Thank you, Mr. Chairman. A question for Mr. 
Willemssen. GAO recently reported that some of the Y2K 
remediation that was done at Federal agencies was contracted 
out to private corporations, and in your report, you noted that 
some of the private companies used non-U.S. citizens to work 
out the remediation. I just wondered if you would comment for 
the record on what you found and what you think implications 
are, if any?
    Mr. Willemssen. We did have a request from the full House 
Science Committee to look at the use of foreign nationals at 
the Federal Aviation Administration in both the remediation of 
software and in the post-remediation review of software that 
had been previously remediated, and we did find some oversights 
on the part of FAA. To the FAA administrator's credit, she 
aggressively took action on these oversights, and they are now 
in the process of going out and making sure that all of the 
individuals who worked on the code are indeed checked out. FAA 
did not know for sure, for all of the systems that were 
remediated and reviewed, that the individuals had an 
appropriate background investigation, and therefore whether the 
risk was manageable in terms of manipulating the code.
    So there were some issues that we did find. Again, to FAA's 
credit, they have been very aggressive in following up on these 
issues. One of the issues I think you pointed out at one of the 
prior hearings, was that there was a security risk involved to 
the extent that it wasn't managed with all of this push to get 
Y2K done. That it would be done quickly, losing sight of some 
of the necessary controls, and that is in fact, what happened 
here at FAA. All the controls were not in place to check out 
all of the individuals working on the code.
    Mrs. Morella. Do you feel comfortable that this has then 
become a symbol for what could happen if you don't have proper 
implementation of the regulations and that the agencies all 
know this? Did we learn from it, besides the FAA immediately 
saying we will correct the oversight?
    Mr. Willemssen. I hesitate to generalize because FAA is the 
only agency where we went into depth on this particular point, 
so I hesitate to say that other agencies may have similar 
issues, although I know the executive branch is looking into 
that.
    I know that, as I mentioned, FAA has been very aggressive 
and actually we are expecting a more detailed report from FAA 
within the next couple of days on all of their actions in 
response to a recommendation to do the background checks on 
individuals working on the code.
    Mrs. Morella. I think you would like to comment on that.
    Mr. Burbano. Yes. The State Department, we looked at this 
issue very carefully at the beginning. First of all, 
domestically, we did not use any foreigners, especially that is 
where mission critical systems are. We do require, regardless, 
we do require all of our contractors and employees to go 
through secret clearances. In addition to that, some minor 
systems overseas did have some FSNs, foreign service nationals, 
working on their systems, but they were closely supervised by 
the Americans at the Embassies, and we have had no problem at 
all. Everybody goes through a clearance check anyway.
    Mrs. Morella. Splendid. Thanks for that assurance.
    I yield back, Mr. Chairman.
    Mr. Horn. Thank you very much. Let me ask a few questions 
here in closing with this panel. I would like the commissioner 
and Mr. Koskinen to respond to this.
    The question would be the extent to which windowing was 
used to repair systems, and is that really a permanent 
situation, or how do you feel about the windowing aspect where 
you are trying to piece it altogether and fool it, shall we 
say, in terms of the computers?
    Mr. Koskinen. I don't think anybody has the capacity to 
tell you how much of the work was done by windowing and how 
much was date expansion. Windowing is a technique that is 
effective as long as you don't care about when people were born 
or transactions in those windows. In other words, if you really 
are only worried about relative dates, you can window. But in 
things like Social Security, you can't window very effectively, 
because you care very much about whether or not somebody has 
been born on one side of the window or another.
    Second, I think the point Mr. Willemssen made is important, 
and that is, when we talk about configuration management and 
better control of IT systems, obviously monitoring the way we 
fix systems for Y2K as we go forward is an important part of 
that management, and I think it is exactly right to note that 
25 years ago, 15 years ago, people working on systems that knew 
they weren't going to be Y2K compliant were comfortable because 
they thought those systems wouldn't be operating. So you have 
to be a little worried about anybody saying today, well, my 
windowing works until 2015 or 2023, so I don't have a problem, 
because those dates will come before we know it.
    So I think the answer to that is not was it done, it 
clearly was done. It was a very effective technique, it was 
cost effective, and particularly if you are going to replace or 
upgrade those systems, it was probably the right way to go. It 
will turn out to be a mistake if you lose track of it, continue 
to run the systems through the window, and discover you have 
got a major challenge down the road.
    Mr. Rossotti. I am pleased to say in this case, one of the 
few occasions I can answer very easily, we did not use 
windowing at the IRS, we did everything with 4-date digit 
expansion and required a special exception from the CIO to have 
any exceptions, and, to my knowledge there were just maybe a 
very tiny handful, maybe one system given an exception. 
Interestingly, the reason for that decision was not primarily 
because of worries that would, you know, become obsolete in 10 
or 20 years, but because we had so many heterogeneous systems 
that had to work together, we were not convinced that if we 
used some windowing here and some data expansion here, that we 
wouldn't run into incompatibilities among our own systems. So 
we made a decision to keep it simple, and so everything was 
made compliant by four-digit date expansion.
    Mr. Horn. OK. Now it has been mentioned on the foreign 
workers in some of the patching up of these systems, I would be 
curious how you all think how vulnerable our computer systems 
are as a result of the Y2K, and are you concerned that those 
remediating systems could have engaged in acts contrary to the 
best interests of the government? So I would just appreciate--
let's start with Mr. Burbano.
    Mr. Burbano. Yes. In terms of the concern, you should 
always be concerned, but because of the process I mentioned 
that we took at State with requiring security clearances, all 
domestic systems, where our mission critical/critical systems 
are at, only used Americans. We don't have as much concern 
there.
    Overseas, again, I mentioned we did use FSNs who have to be 
cleared and who only work the minor systems and who are closely 
monitored by Americans when working on the systems. So we are 
not as concerned. However, we did develop a project in concert 
with my sister bureau, Diplomatic Security, on doing some spot 
checks on some of the systems, just to make sure.
    But, just to let you know, you know, even with commercially 
off-the-shelf systems, you don't know where those systems are 
developed. They could have foreigners working on those systems 
also. So you do have to be vigilant about these systems.
    Mr. Horn. Commissioner, in terms of computer security, I am 
sure you have to deal with that every day in some way.
    Mr. Rossotti. Well, we have, of course, major security 
challenges in the IRS from a number of perspectives, including 
from the old applications software. But I think on this 
particular issue, that is to say, the contractor support we 
used for the Y2K, I think we were in pretty good shape on that. 
There was one particular component of one system that, for a 
particular reason, was developed with some offshore people, but 
that was then subsequently cross-checked by a different group 
that was cleared. So as far as I know, I think we can be pretty 
confident on this, we do not have much vulnerability for this 
particular problem.
    That is not the same thing as saying we don't have 
vulnerabilities for other reasons.
    Mr. Horn. Mr. Koskinen, why don't you give us your side of 
it?
    Mr. Koskinen. I think Mr. Burbano made the important point, 
which is, security is an issue beyond Y2K, you ought to be very 
careful about whoever works on your systems. As a general 
matter, we were concerned about this issue from the start and 
we worked with the intelligence agencies and the National 
Security Council and others, both to warn private sector 
companies as well as domestic companies to be alert to this 
issue. Most of them in a large sense are.
    Most of the off-shore work was done by the private sector 
and not the government. Most government work was done by normal 
contracting, or internal resources, so that there was much less 
of that done here than in the private sector.
    Monitoring what has gone on in the private sector, what has 
gone on, we have seen very little, in fact, almost no evidence 
that work done offshore included some kind of security threat. 
Obviously, the absence of glitches over the rollover means at 
least if somebody was targeting the time to create mischief, 
that was not one of those times.
    But I think the bottom line to that is, again, as we move 
forward, information security has to be high on everybody's 
list. I think, again, the point is well made. It is not just 
people who have access to your system. It is when you buy 
systems, whether it is off-the-shelf systems or otherwise, you 
have to be worried about who worked on those systems, what is 
in them and what potential impact could they have on your own 
system. So I think if anything requires eternal vigilance, it 
will be, in fact, information security and security about those 
working on your systems.
    Mr. Horn. I thank you. We will be holding a separate 
hearing on the computer security anyhow, so we will postpone 
the rest of those questions.
    Mr. Willemssen, before we round out this panel, I would 
like you to summarize the following under page 16 of your 
formal statement, ``Reported Year 2000-related Errors in the 
Federal Government.'' If you could just sort of bullet them to 
me in one sentence, each one, just so we have it in the record, 
I would appreciate it.
    Mr. Willemssen. On page 16 is a summary of what we observed 
during the rollover from both the perspective of the 
information coordination center and specific agencies where we 
were onsite. We tried to summarize what we thought seemed to be 
significant issues that did come up, even though they were 
addressed very quickly.
    Briefly, those included the Department of Defense 
intelligence satellite system, the Federal Aviation 
Administration had some systems with some Y2K failures that 
again, they were able to remediate and fix very quickly, and 
the Health Care Financing Administration ran into some 
difficulties with partners. In one case HCFA had a problem with 
a bank on some electronic payments leading to some delays in 
payments, although it is still within the required targets. 
Also, HCFA will continue to work aggressively with their 
providers in making sure that they put forward accurate dates 
on their claims so that claims are not returned.
    Mr. Horn. You say here there are 26,000 claims from 
providers with these erroneous dates in the first week of the 
new year.
    Mr. Willemssen. That is why we thought it important to give 
a sense of the magnitude, because they are not just little 
things that we are talking about. They are little within the 
scope of the entire Medicare program, but they do have some 
impact. But, again, HCFA has done an outstanding job over the 
last couple of years on getting on top of Y2K. They as much as 
anyone faced a mission impossible on Y2K, and through the 
leadership of their administrator, again, they continue to be 
very aggressive in following up and making sure that the 
disruptions are kept to a minimum.
    Mr. Horn. And then the ones that concern most of us based 
on our air travel regularly is the low level wind shear alert 
system. Can you tell us anything about that?
    Mr. Willemssen. Again, those systems were out at about 
eight locations, but they were out for no more than 2 hours, I 
think 2 hours 12 minutes at the outside. Fortunately, when they 
were out, we saw no evidence of bad weather in those locations. 
So we could be sure, based on the evidence we saw that there 
were no safety implications from those systems being out. 
Again, it speaks toward the advantage of all the agencies being 
poised to respond during the rollover. FAA was ready to get 
right on top of those systems and fix them immediately, and 
that they did, to their credit.
    Mr. Horn. Yes. I was spending part of that December 31st in 
the L.A. Tower, and I got a good education from the technicians 
there. They have a terrific job to do when they are getting 
those radar sites into operation when something goes crazy with 
them. I was very impressed by that group.
    So are there any other major things that is a worry to the 
General Accounting Office?
    Mr. Willemssen. I again conclude by saying the rollover was 
a great success, thanks to the leadership of Mr. Koskinen and 
yours and Chairwoman Morella's leadership. However, I think it 
is important that we continue to monitor events over the next 
couple of months. I would strongly concur with Mr. Koskinen's 
plan to bring up the ICC again during the leap year, because I 
think there will be a few disruptions that again occur, and I 
think there will also be a few disruptions that we start 
hearing about as processing cycles complete themselves. So we 
haven't heard the last of Y2K. But I think it will be much, 
much less than what we had once feared.
    Mr. Horn. I want to end on a happy note here and help the 
Department of State a little, Mr. Burbano. In November 1999, 
the Department of State submitted its regular quarterly report 
for the year 2000 to the Office of Management and Budget, and 
of course, that does come to our subcommittee. After a lot of 
discussion with you and OMB, it became clear that the language 
in that quarterly report didn't really accurately reflect the 
actual level of effort for the Department's independent 
verification and validation work. Just so we can give you an A 
on this, please explain to me the independent verification 
process that you actually went through but wasn't in the 
report.
    Mr. Burbano. Thank you very much. At the State Department, 
one of the things that I did when I came on board in May 1998, 
as you all know, I came on board, we had straight F's for about 
a year, so I had to move quickly in order to especially meet 
the deadlines of Congress. But I wanted to make sure that we 
did it correctly and not get any surprises at the rollovers. So 
I set up a very rigorous process where not only did we have the 
separate bureaus test our systems, but underneath my office, 
the Y2K office separate from their individual bureau Y2K 
offices, I had independent contractors test the systems. That 
was the first level of independent tests.
    But in addition to that, I did a partnership with the 
Inspector General where they would do a second test with their 
own contractors to review the test and so forth, and certify 
the systems, along with myself as the CIO. So we went through 
two levels of independent verification tests, in addition to 
the testing that the Bureau did themselves.
    The misunderstanding that came in that, we were about 66 
percent in November or somewhere around that nature, in terms 
of certification, but when, in fact, it really equalled to 
about 160 percent, because we had already finished our first 
level. That is where the misunderstanding came. I think we 
proved that right since we had really no significant--not only 
in the mission criticals, but in the criticals as well as the 
routines, this thoroughness that we did.
    Mr. Horn. Well, thank you very much. On that, are there any 
questions any Member has? If not, we appreciate what each of 
you has had to contribute to this and the fine work you have 
done that kept us going with very minor glitches. So thank you 
all for coming.
    We now go to panel two.
    Mr. Horn. I would ask you to stand and raise your right 
hands.
    [Witnesses sworn.]
    Mr. Horn. The reporter will note all three confirmed. Mrs. 
Morella will preside.
    Mrs. Morella [presiding]. Thank you. I want to thank the 
second panel for being so patient and waiting in going through 
the first panel testimony and the questions that were asked. So 
we will be concise. We know that you can offer a great deal to 
supplement what we learned about Y2K. Proceeding again with the 
5-minute rule, you can give us a synopsis of your testimony.
    We will start with, first of all, Mr. Harris Miller. I want 
to comment on the fact that from the very beginning Mr. Miller 
has been very tuned into this issue, has appeared before this 
committee probably as many times as any other person who has 
testified. So we very much appreciate his coming back now at 
the end as we do our summation and look ahead to the future. He 
is president of the Information Technology Association of 
America.
    Ms. Kathy Hotka has not appeared before this committee 
before, so you are the alpha and the omega, the beginning and 
the end. Ms. Hotka is vice president for technology at the 
National Retail Federation here in Washington, DC. We welcome 
you. Thank you.
    Mr. Gary Beach has appeared before this joint committee, 
and he is the publisher of CIO Communications, Inc., from 
Framingham, MA. Again, thank you for appearing here. Thank you 
for waiting.
    Let's start off with Mr. Miller.

STATEMENTS OF HARRIS MILLER, PRESIDENT, INFORMATION TECHNOLOGY 
    ASSOCIATION OF AMERICA; CATHY HOTKA, VICE PRESIDENT FOR 
 INFORMATION TECHNOLOGY, NATIONAL RETAIL FEDERATION; AND GARY 
           BEACH, PUBLISHER, CIO COMMUNICATIONS, INC.

    Mr. Miller. Thank you, Madam Chairwoman. It is said that 
politics makes strange bedfellows, but I found out that Y2K 
makes strange bedfellows, for on the morning of January 1st, 
instead of being snuggled warm in my bed with my wife, I was 
instead with Chairman Horn at the C-SPAN studios doing a 
broadcast on Y2K.
    What is even more unusual is that at 8 a.m., constituents 
of his from California were calling in, which means at 5 
o'clock in the morning they were paying attention to what was 
going on with Y2K. But I appreciated working with both of you 
chairmen and the members of your subcommittee. I am going to 
skip the victory lap you mentioned, Madam Chairwoman. It is my 
written statement and will be in record. I obviously want to 
commend the subcommittees, and particularly Mr. Koskinen, for 
his leadership.
    From the perspective of the private sector, we do believe 
this is a real crisis that we did face, it was not something 
that was hyped or made up. In fact, as I was walking down the 
hall this morning with our Y2K program manager, Heidi Hooper is 
with me, she noted there wasn't a line about the hallway 
waiting to get into the subcommittee hearing. I said that is 
good news, because if, in fact, the problems had occurred, I 
suggest you wouldn't have Harris Miller and Kathy Hotka and 
Gary Beach on this panel, you would have Alan Greenspan and 
Secretary Summers discussing the global recession that had been 
caused. So, in fact, the fact we didn't have a major crisis is 
good news, and the fact we don't have hordes of people standing 
around is, in fact, very good news.
    In terms of the magnitude of the effort, I would certainly 
agree with Mr. Koskinen's effort. In fact, I even go a little 
more hyperbolic, I think it is the biggest success since the 
building of the pyramids, because it was, in fact, a global 
effort, government, private sector, hundreds of thousands of 
individuals around the globe working together to achieve this 
success.
    To talk about the lessons learned, I would like to refer to 
what I believe is a Y2K renaissance. What do I mean by a Y2K 
renaissance? I think it really is two parts. First of all, the 
rationalization of the existing computer technology. You heard 
a lot about this from the first panel in the Federal sector, 
but the same thing was true very much in the private sector. 
The fact that time and again, because of the necessity of 
dealing with this huge challenge, companies were able to get 
rid of deadwood programs, they were able to bring into their 
companies more modern and more efficient computer systems.
    They also learned to do supply chain analysis and in a 
systematic way that they had never done before. They were able 
to collaborate in ways never experienced before, either within 
companies or across companies. They were able to develop 
contingency plans, many of which were not needed as it turned 
out, at least are now in place should there be future problems, 
and they learned to approach the entire IT system in a much 
more strategic way.
    That is going to mean that down the road these companies 
and ultimately their customers can take much more benefit from 
information technology. The productive gains which Mr. 
Greenspan and others have noted have helped to contribute to 
the continued growth of our economy and the high productivity 
should be even stronger because the IT systems in companies as 
well as within the government are now being treated much more 
rationally and in a much more systematic way.
    The second reason I call this a Y2K renaissance is the new 
directions that companies are now taking. Because as they came 
to understand through Y2K the strategic as opposed to tactical 
importance of IT, they are now moving ahead implementing future 
IT much more strategically. Obviously, the Internet changes 
everything, and we are seeing throughout the private sector and 
we hope the government sector will quickly catch up the use of 
the Internet for improved, dramatically improved in many cases, 
internal processes, whether you are talking about personnel 
systems, whether you are talking about human resources or 
financial services, whether you are talking about inventory 
control, all of these basic day-to-day business operations are 
being done much more effectively and efficiently on the 
Internet. This is one of the new exciting aspects of Internet 
technology.
    Also, of course, dealing with customers, and customers 
don't just mean business to consumer, the kind of stuff you 
read about on the front page, about Amazon.Com and others. It 
also means business to business, because businesses are also 
customers, and the ability of businesses to deal much more 
effectively.
    So this is the kind of Y2K renaissance I see coming, 
because as we come out of what Mr. Burbano and others described 
in the Federal sector, which also occurred in the private 
sector, namely, a temporary freeze in many cases on new 
programs and spending, and now all these projects which have 
been temporarily set aside are going to be brought out to the 
fore, and again, I think you are going to see massive increases 
in productivity, in major benefits to customers, and again, 
customers I define broadly as businesses and individual 
consumers.
    Let me talk about some other lessons learned. One of the 
lessons learned that was that while the government sector did 
an excellent job, as the previous panel discussed, the private 
sector also did a remarkable job.
    Some names of individuals who you may not have come across, 
or maybe you have come across, like Bill Mont and Tim Shepherd 
Whalen from Global 2000, or Ron Balls from the ITU, people who 
are able to take entire sectors and coordinate them, you are 
going to hear from Ms. Hotka about the retail sector, 
contributed mightily to the success. I think ongoing we have 
learned lessons about the ability of these sectors to work both 
nationally and globally.
    I also use that as a point for future global cooperation. 
The International Y2K Coordination Center, which both of you 
were very involved with and which Mr. Bruce McConnell headed so 
ably, has demonstrated the opportunity for global cooperation. 
Coming out of that, I am hopeful we will see some continued 
opportunities.
    For example, the International Y2K Coordinating Center 
steering committee is considering the creation of what is 
called the Center for Digital Opportunity, which would be a 
cooperative program to promote Internet growth in developing 
countries to the same extent that it currently is in developed 
countries. In fact, tomorrow the steering committee will have a 
conference call and I am involved in that also, as is Mr. 
Koskinen, to see about the possibility of building on the 
linkages that have been established through Y2K in that area.
    Similarly, the issue that Mr. Burbano talked about so 
extensively and Chairman Horn said you will be having further 
hearings on, the whole issue of information security.
    While there are information security issues which are very 
specific to the U.S. Government, there are many issues which 
are global in nature. Again, the 170-plus countries that work 
together through the international Y2K cooperation center 
should be able to take those linkages which they established 
and build on them for information security. I think that is 
also another lesson learned.
    The last lesson learned which I would like to refer to, and 
I am a little bit over my time, is that the Y2K problem was 
solved without government dictating what the private sector 
needed to do, without legislation. As you remember, you two 
chair people, at a hearing early on, there was actually 
discussion about perhaps Congress having to mandate the private 
sector to take specific actions. You came to the correct 
conclusion that, in fact, there were better ways to do that, 
rather than mandating specific activity. We did get through 
this without mandating specific activity on the part of the 
Congress to order the private sector to do activities because 
the private sector was and to work collaboratively.
    I think the lesson learned there is as we move ahead to 
other challenges in information technology, whether it be the 
information security area or regulation of the Internet, that 
the claims that the private sector made to you then that we can 
handle this in a collaborative manner, not working against 
government, but cooperatively with government, did prove true 
in the Y2K area, and I think when Congress approaches other 
issues, such as information security or other issues of 
regulating the Internet, they should take that lesson learned, 
and perhaps it will also prove true that you do not need 
legislation, that there are other ways to get things done in 
this new economy and in this information revolution.
    Thank you very much for giving me the opportunity to appear 
before you, and I would be glad to answer any questions.
    Mrs. Morella. Thank you. I also want to comment on the fact 
that I did hear that early morning C-SPAN program, and it was 
very informative. Thanks for your leadership.
    [The prepared statement of Mr. Miller follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.064
    
    [GRAPHIC] [TIFF OMITTED] T6711.065
    
    [GRAPHIC] [TIFF OMITTED] T6711.066
    
    [GRAPHIC] [TIFF OMITTED] T6711.067
    
    [GRAPHIC] [TIFF OMITTED] T6711.068
    
    [GRAPHIC] [TIFF OMITTED] T6711.069
    
    [GRAPHIC] [TIFF OMITTED] T6711.070
    
    Mrs. Morella. I am now pleased to recognize Ms. Hotka.
    Ms. Hotka. Chairman Morella, Chairman Horn, members of the 
committee, retailers appreciate your leadership on this issue, 
and I appreciate the opportunity to appear here with you today.
    As you may know, the National Retail Federation's Survival 
2000 project worked for 3 years to coordinate a joint retail-
industry response to the year 2000 issue. We worked with 
department stores, restaurants, specialty stores, liquor 
stores, pharmacists, convenience stores and grocery stores to 
make sure that you could shop this year. People are really 
shopping as a result.
    How did retailers fare? Better than we expected. But the 
sector desk at the White House information coordination center 
that seemed to have the most to talk about was ours, retail and 
small business. As expected, bigger businesses experienced 
annoyance grade glitches and some smaller ones found out that 
that fix on failure policy they had was not such a great idea.
    Anecdotally, we know of retailers still processing credit 
cards manually because of the IC verify problem. One retailer's 
store credit cards failed. Cash registers at one chocolate 
store chain would not open. But the examples here are 
relatively minor.
    Now, it remains to be seen whether the global supply chain 
would be unaffected, larger retailers have some doubt about 
whether or not we have sailed through this internationally.
    Was it worth the work and expense? We already know the 
answer. While retailers spent multiple billions of dollars to 
find and fix and replace software and hardware and to conduct 
extensive testing, we also would not do it any differently. We 
had conducted a survey in 1997 that showed that if retailers 
didn't undertake this work, many key systems would simply be 
dead in the water. We found out that 100 percent, all, private 
label credit card systems would not have worked; 99 percent of 
warehouse management systems would have failed. Most retail 
processes are touched by technology, and our members were not 
willing to bet the business they would be fine without 
remediation. My members are astonished that some columnists 
have questioned the value of the investment. Mr. Burbano 
mentioned earlier that some countries found they were less 
dependent on technology than they thought. We discovered we 
were more dependent on technology than we had thought.
    So what lessons did we learn? We learned four:
    First, we learned that most organizations underestimated 
their reliance on IT despite healthy investments in technology, 
retailers found that some business critical processes were 
being run by business units on 15-year-old software. You cannot 
run a company on paradox 1.0 for DOS. It is not a good idea.
    Some companies maintained software they didn't need. Some 
key programs were being run by people with no IT background. 
Companies did not have contingency plans. In fact, we found 
only one company that had a contingency plan at all.
    In the end, though, savvy companies realized Y2K was not an 
IT issue but a business issue, and that IT needs the continuing 
attention of the CEO. Those companies that did best had the CEO 
in charge of this project. We who lead industries must bring a 
better appreciation of IT as knowledge management, not just PCs 
and printers.
    Second, we learned that reliable information was hard to 
come by on this, particularly in the early days. Should 
retailers have believed technology companies product updates? 
They seemed to change hourly.
    Should retailers have believed government agencies' self-
reports? How about suppliers? How about the fear mongers? 
Ultimately, no self-reported information was reliable, and 
retailers simply conducted their own verification in the 
absence of reliable test data or organizational benchmarks, 
this was our only choice. It was expensive and time-consuming. 
We know of a number of companies, for instance, that put people 
on airplanes all during 1999 to check on international 
readiness. These people simply traveled from country to 
country.
    Third, we learned that government may have a useful role in 
helping companies use technology as a business tool. There is 
no doubt, but that the white hot spotlight of your committee's 
attention to this issue brought home to all of us the need to 
work diligently. Your contributions to private industry 
preparedness should not be underestimated. We paid a lot of 
attention to those report cards. Our friends at GAO published 
world-class, best-practices documents that gave private 
industry some models to work from. John Koskinen and his 
talented staff helped galvanize countries, governmental bodies, 
private industry and the media. All were key to helping 
retailers who rely on a global supply chain and public 
confidence. We thank you all. Like Harris, we believe that this 
should be a partnership and not a speaking from on high.
    But, fourth, we learned that joint action was key. No one 
retailer did it alone. Fierce competitors worked together to 
keep the industry ready. Generous companies allowed staff to 
speak at conferences to spread the word to others.
    So going forward, we would like to continue what we have 
been doing for the past several years, working to protect 
America's business data. Congress should continue to show 
interest in America's information infrastructure. The White 
House ICC where public-private partnerships were so useful 
might continue to be a valuable tool. Business still needs best 
practices that can help smaller companies use technologies 
responsibly, and reliable sources of information about threats 
to data from hackers, viruses and industrial espionage are 
needed. Let's continue to work together. Public private 
partnerships got us through Y2K, but we have compelling reasons 
to keep working in 2000 and beyond.
    Thank you.
    Mrs. Morella. Thank you very much for that testimony.
    Now we will hear from Mr. Beach.
    Mr. Beach. Madam Chairwoman, Mr. Chairman, I thank you for 
the opportunity to appear before the committee again. Madam 
Chairwoman, talking about the victory lap analogy, I live close 
to Hopkinton, MA, which is the start of the Boston Marathon, 
and I would say what we have learned with all the great work 
here is that we are in the first mile of a marathon, a marathon 
showing how pervasive technology is in all of our lives.
    The subject of my testimony here is in the written side, 
but I will orally summarize it, is lessons learned, 
opportunities created, and I would encourage the committee to 
look forward as to what are some of those exciting 
opportunities.
    Increasing the crescendo of hyperbole, we heard about John 
Koskinen talking about it in the last 50 years, and Mr. Miller 
talking about the work as is comparable to pyramids. I would 
say that the year 2000 computer problem and the work that was 
done on it by a myriad of groups is the most remarkable 
peacetime example of human cooperation in the history of the 
world, and I have an idea for you at the end of my oral 
testimony.
    We are entering, what I see, as the age of digital 
enlightenment where technology is going to help nations govern 
better, help businesses conduct better business, and make 
everyone's digital life all the more meaningful.
    The committee asked the panelists ``was Y2K hyped for 
profit?'' Those of us on the front lines, the ITAA and Kathy 
and her group and others, have no doubt that without proper 
remediation and all the great work that this committee has 
done, Y2K would have had a severe impact on computer systems 
around the world.
    It is interesting, isn't it, that those companies that may 
have benefited from an increase in sales of computer hardware 
or software over the last couple of years are now reporting in 
the Wall Street Journal over the last couple of days saying 
their earnings reports are down because of Y2K. So what goes 
around comes around, and it is all going to even out in the 
end.
    So, the long-term legacy of this challenge is going to be 
akin to the oil crisis that we saw in the mid-1970's, where we 
had relatively short-term pain, and long-term we had more fuel-
efficient cars. The Y2K long-term legacy was simply mentioned 
here many times today that it caused the world to update its 
computing infrastructure in a relatively short period of time.
    I was personally surprised at how well the rest of the 
world made it through digitally unscathed on January 1st. I 
would say this experience was a resounding clarion call to our 
government and our industries that other nations, many of whom 
predominantly use U.S. technology, are running neck and neck 
with the United States. It seems to me that the digital playing 
field appears to be leveling off. And, in this new 21st 
century, where the economy is going to be very digital and 
electronic, these other countries are prepared to provide 
stronger global competition.
    On the earlier panel we talked about foreign nationals. I 
had an opportunity last year to travel to Bangalore, India, 
where I saw thousands of workers producing Y2K remediation 
projects, many for United States firms. These workers are now 
going to be looking to produce products and services in their 
own global environment.
    The next big technological breakthrough is going to be e-
commerce. A CIO poll recently reported that 73 percent of 
American businesses now have e-commerce initiatives started. 
What is even more important to me is by 2001, these e-commerce 
initiatives are going to be the core business models of these 
businesses.
    Shifting to opportunities for government, the Y2K 
revolution has afforded the Federal Government and the State 
and local governments opportunities to modernize its computing 
infrastructure. We should leverage these revitalized systems to 
better do the business of governing. Opportunities before this 
House and this committee in light of legislation continue on 
Internet taxation, how Americans will govern using technology, 
closing the digital divide of the have's and have not's, and 
possibly the aspect of a not too long-term strategy of having 
the United States wean off its dependence on foreign workers.
    I did some work last year in Massachusetts reviewing the 
State's entire higher education system. While there are more 
and more men and women entering computer science courses in 
classes across the country, the challenge is that the faculties 
at many of these institutions are not prepared to teach the new 
technologies.
    As I mentioned in the beginning of my testimony, I had an 
idea. I would encourage Madam Chairman and Mr. Chairman to send 
on behalf of the world's IT workers, a letter to the Nobel 
Prize committee in Oslo recommending that a special award be 
given in October to the world's IT workers, where possibly a 
person from the informatics committee at the U.N. could go to 
accept it, and on a site, some place on a U.N. URL, any worker 
who worked on Y2K could download it and proudly frame it in his 
or her office.
    In closing, Y2K in context, was a massive tactical 
challenge, but what it underscored on a more strategic level is 
the importance of technology in governing and commerce, and 
with the seemingly stable technology infrastructure in place, 
now is the time to take advantage of these new opportunities.
    Thank you.
    Mrs. Morella. Thank you.
    [The prepared statement of Mr. Beach follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.071
    
    [GRAPHIC] [TIFF OMITTED] T6711.072
    
    [GRAPHIC] [TIFF OMITTED] T6711.073
    
    [GRAPHIC] [TIFF OMITTED] T6711.074
    
    Mrs. Morella. I think that is a fitting way to end the 
testimony of the panelists with this concept of the Nobel Prize 
and the fact that it is a great example, as you said, a feat 
greater than or as great as the pyramids. Ms. Hotka had some 
very glowing things to say about what we learned also. Coming 
from the private sector, it is particularly important.
    We have a roll call vote right now, a quorum, but we will 
be back for some questioning, so I would imagine 10 minutes or 
so. So we will recess this hearing for about 10 minutes.
    [Recess.]
    Mrs. Morella. I am going to reconvene this hearing. I can 
ask a few questions, and then if other Members come in in the 
meantime, they can continue to ask questions.
    Of course, our policy has been that if it is acceptable to 
you, that we might also submit questions to you by Members who 
may not be here. Thank you. I appreciate that.
    You know, I think there have been many, many benefits to 
the Y2K work that has been done, whether or not it is the 
dimension of the pyramids or Nobel Peace Prize, but certainly 
there has been a lot of cooperation that has been so 
comprehendible. In going to the command station on December 
31st, I saw many people from the private sector on their own 
time, unpaid, who were there for 24 hours and spent their New 
Years' Eve there, and then part of New Years' morning there 
also.
    I also saw a report that National Institutes of Standards 
and Technology did a lot of work with small businesses in 
remediation of the Y2K computer bug, and the small businesses 
have said they thought this was a concept that they hoped would 
continue, the idea of being able to get help and get assistance 
from somebody, an agency or whatever, that cared about them.
    So, again, it is another example of the private sector 
benefiting from what the public sector had done.
    Then just the other day at the District of Columbia 
hearing, both Chairman Horn and I are on that authorizing 
committee, I asked Mayor Williams about it, because, as you may 
remember, the District of Columbia was so far behind, and he 
was very excited about the results, the fact that they have now 
been able to update their computer system, they know what they 
have, and because technology will play such a big role, 
particularly as we try to revitalize the District of Columbia, 
that they feel they are going to benefit greatly by it. Also by 
working with neighboring communities too.
    So, again, the whole concept you all pointed out, and that 
is, building on the various linkages and the partnerships.
    Well, I am going to ask you a question that deals with 
people. The vast Y2K repair corps is now being scattered to the 
winds after apparently saving the world from the Y2K disaster. 
So now what are these people trained to correct Y2K, probably 
those people who knew could balance, what do they do now? Can 
these displaced Y2K workers help to alleviate the H1B 
situation? What do you see with regard to the whole personnel 
issue? I will start with any one of you.
    Ms. Hotka, why don't we start with you first.
    Ms. Hotka. Just briefly, one of the things that struck us 
about the people that worked on this was their ability to deal 
with business units. IT does not live in a vacuum, and this was 
never an IT problem.
    These people went out and spent time in warehouse 
facilities with people who run the trucks, with suppliers, with 
the accounting offices and all through the business. What we 
are seeing in our industry is that those people will continue 
to work in these companies and that they will continue to work 
with these business units to make sure that the IT tools that 
are created are actually used and are used effectively. That is 
a skill. These are generally older people, people over 30, and 
they have got----
    Mr. Miller. Speak for yourself.
    Ms. Hotka. Well, I am saying that because there is a 
tremendous emphasis, I think, in some parts of the IT world on 
people who are very young, who have experience in new 
technologies. But some of us who are not that young have some 
experience that might be useful, and we are finding that it is 
being priced in these retail companies. They don't want to lose 
these people.
    Mr. Miller. I think, Madam Chairman, what Mr. Burbano 
discussed is, in the Federal Government, very similarly true in 
the private sector. If you take the first group of people, 
namely, people who are interimly the staff of an organization, 
in most cases when the Y2K issue became a priority for the 
organization internally, and the organization decided to use 
internal resources, they simply took other projects, put them 
off to the side and took those people and focused on Y2K; and 
now that they have gotten through most of the Y2K era, leaving 
aside having to get through the next 2 months to February 29th, 
those projects, which have been temporarily frozen, are now 
going to come back as high priorities, and those people are 
going to go back and do those projects. That is one group to 
think about.
    The second group of people are the contractors who came in 
from outside to do work for customers, whether those customers 
were in government or the private sector. A lot of those 
companies, which provided those outside services, were in a 
situation where they anticipated very well the end of the Y2K, 
they knew when their projects were going to end, and so they 
had to do two things: No. 1, they had to find new clients so 
they can continue to stay in business and continue to grow 
their businesses; and No. 2, they had to take into account the 
need to upgrade the skills of their employees to do more 
current projects, most of which are going to be e-commerce 
related or somehow on the Internet revolution as opposed to the 
mainframe projects.
    If you look at the major companies that do business and 
look at the revenue in 1999 versus 1998, you will see their 
revenue continue to go up even as the Y2K work began to drop 
off. The reason is that because they were able to find new 
customers and they were able to retrain the work force.
    So not only do I think this is not going to solve the H1B 
problem, if you use the logic that I use in my testimony that 
this is going to be a Y2K renaissance, and a lot of projects 
were temporarily frozen while companies were getting through 
the Y2K problem, I think there is going to be even a bigger 
explosion and even more demand for IT workers. The trick is 
going to be, as you suggested in your question and as Ms. Hotka 
commented in her comments, making sure the workers do have the 
retraining. The computer language skills they have are not the 
ones most current or most in demand, and that has to be 
factored into the process.
    Mrs. Morella. I do think many of them are older, but, on 
the other hand, I know the University of Maryland had a special 
course geared toward remediation of Y2K. Mr. Beach.
    Mr. Beach. Madam Chairman, I just would like to once again 
mention the aspect of what human beings like most is 
recognition, I am dead serious in challenging you and Chairman 
Horn to nominate these workers for noble awards.
    The international Y2K cooperation center that we heard 
about today, and you are familiar with, and that Bruce 
McConnell did an incredibly good job running, had a subset 
called YES Corps, which was the Y2K Experts Service Corps. I 
was fortunate to be on that steering committee. This group 
aimed to share information with 140 countries about Y2K, and 
currently it is migrating to another role. We all felt this 
network was created for tactically addressing Y2K, the network 
was more valuable than the actual focus on Y2K. So there is 
movement afoot to expound this effort.
    I would like to say there is a vested interest in large 
businesses in whatever they can do here in the States to help 
small businesses, because we are all living in this giant 
economic supply chain. Many large businesses are even more 
dependent now on smaller businesses.
    The H1B visa issue, I know there is a call now to bring the 
limit up to 200,000. Long-term what we have to do, and I 
addressed it briefly in my testimony, is more rather than fewer 
students in America are entering computer science courses, 
whether in California, Maryland or Massachusetts.
    I chaired last summer for the Commonwealth of Massachusetts 
a review of the entire higher education program, and the most 
damning finding we found was that we were talking about older 
people here, but the faculty, the faculty, No. 1, is older, is 
not skilled in the new technologies of JAVA, XML, you name it. 
There is a bottleneck there. If that bottleneck is not relieved 
or addressed, then our country is going to continue to have to 
rely on H1B visa issues.
    Mr. Miller. Could I make one more point on personnel to 
follow on the earlier discussion of information security? That 
is an enormous problem, because we do not have information 
security specialists trained. That is one area where you can't 
do H1Bs, you can't send the work offshore to Ireland or Israel 
or India. That work has to be done with U.S. citizens.
    I know President Clinton mentioned this in his national 
plan, and Attorney General Reno talked about it. So this is one 
area where the government, working with academia and business, 
is going to have to focus. You are going to have to convince 
people to go beyond their traditional education, to get 
additional education, plus get security clearances, because 
obviously, the type of people that a Federal agency or a State 
government wants to hire for security information, security 
purposes is going to need a clearance. Even you are going to 
find in the private sector many private-sector financial 
institutions and others want to get people with very high 
security clearances because they are being put in very 
sensitive security positions.
    Mrs. Morella. As a matter of fact, the Science Committee 
passed, in the first session, actually the last Congress, a 
computer security bill which does have the dimension of 
fellowships for computer security. Even that is not enough. 
Much more needs to be done. We have also been pushing teacher 
training in technology, not so much looking at the higher 
education, but more education from K through 12, to make sure 
that even those teachers know something about how to use 
technology because the youngsters do, so they can also inspire 
them.
    My legislation for women and minorities and disabled in 
science, engineering and technology, the commission is meeting, 
it will be coming up with its recommendations to get more of 
those groups that have traditionally not been involved, 
involved in those fields.
    Well, I thank you. I am going to now----
    Mr. Horn. If you might yield on that point----
    Mrs. Morella. I am going to recognize you for your 
questioning.
    Mr. Horn. Your associations could do a lot of good in 
bringing together the people from the Silicon Valleys of this 
Nation, and the community college teachers in particular.
    When you think that these programmers get about $60,000 
when they are out of college or out of the community college, 
and what we need, speaking now as a Californian where we 
started the community college movement and we have about 107 
campuses from San Diego to the Oregon border, and they should 
be talking to the Silicon Valley types and vice versa. Because 
the State will never have enough money to get the equipment 
that is needed to educate people on to meet the people's needs 
as they go into the industry. It just seems to me there ought 
to be a summit meeting that perhaps your group, Mr. Miller, or 
your group and friends in the publishing world, and getting all 
these people in the room.
    When you think of what Jamie Escalante, the great teacher 
in L.A., that took young people that everybody had given up on 
and they got right at the top of the college boards, and it can 
be done. We need to do that and we need to get the Mexican 
Americans, Hispanic Americans, African Americans, Americans, 
whatever they are, into seeing a point in their lives where 
they can make a substantial income. That is only going to 
happen if we start, as the chairman here said, concerning the K 
through 12. That is fine. But I think the K through 13 and 14 
have to be considered, where their role, really, is to be 
either an academic program or a vocational program. In this 
case it is both. You need the academic background. You also 
need the vocational background. And you need the opportunity to 
work on equipment that makes sense.
    I know from what I had to go through with a very--probably 
the largest school of engineering west of Texas A&M, and we 
were just swamped with problems on equipment in the 1970's and 
the 1980's. Finally, our trustees stepped up to the plate and 
said OK, so we will pay engineers more, we will pay people in 
the business school more. Well, that doesn't solve all the 
problems, because the equipment is the problem, and the 
millions that takes. And that is where it is everybody's self 
interest to do something along that line.
    Now, I don't know if you want to add anything to that or if 
you are willing to do that conference, but we ought to get them 
in the same room with the American Electronics Association and 
so forth.
    Mr. Miller. We tried to do that the last couple of years, 
Mr. Chairman. We are making progress. I think that the IT 
community discovered the community college system very recently 
in a sense. They didn't previously think of it as a resource, 
except for some chip manufacturing companies, which didn't see 
the need for a 4-year degree. So you had a couple of instances 
in Arizona, particularly where Maracopa Community College was 
training people to work in the cleaning rooms for some of the 
major chip manufacturers. But I think the IT industry at large 
didn't see the community college as a good resource.
    We held our first national work force convocation at the 
University of California at Berkeley in January 1998, and I 
think that is the first time that the IT industry began to 
understand that the community colleges were willing to be 
flexible, and, frankly, they can change a lot more quickly than 
formal 4-year universities, I am sure you know as a former 
university president.
    Mr. Horn. You are absolutely correct. You won't get your 
supply from Berkeley. They are wonderful people. It is true. 
They have research designs. Ph.Ds, there is a use for some of 
those, face it, but you want the worker people, which does take 
skill, which does take imagination, and some day they might be 
running their own Silicon Valley firm. That is the way the 
whole evolution of that Santa Clara Valley has happened.
    Mrs. Morella. I used to teach, at a community college in 
Montgomery County.
    Mr. Horn. Absolutely.
    Mr. Miller. It is happening. Yesterday the National 
Commission on the 21st Century Workforce had its second field 
hearing, it was actually held at De Anza in Silicon Valley, and 
I know that that is a focus of attention.
    I spoke at a major event that the Houston Partnership held 
3 months ago, and virtually every attendee was there from a 
community college. So I think the communication is starting. We 
are having our third convocation in Chicago in April of this 
year, and have invited many of the colleges to participate. The 
key to the community college is obviously getting support of 
the State legislatures to get the funding to be able to offer 
the courses. In most cases State legislatures do seem willing 
to do that.
    Mr. Horn. They see it helps their economy.
    Mr. Miller. It is an economic development issue, not an 
education issue. That is what employers want to know, if I move 
my business there, where am I going to get my IT workers.
    Mr. Horn. You might have covered this while I was going 
over to vote, but when you look at the issues that confronted 
the Nation that I mentioned to Mr. Koskinen on the domestic 
side, do you have any particular issues that relate to 
technology that you think we ought to have that kind of 
operation that we have had in the last few years where you have 
somebody on behalf of the President pulling these things 
together, if it affects the economy and efficiency of the 
executive branch, which is the jurisdiction of my particular 
subcommittee? So what would your themes be that somebody ought 
to be looking at?
    Mr. Miller. Well, I have a couple. One we discussed, I 
think, at a previous hearing, which is an information security 
czar. I think that the Koskinen model is also applicable to the 
information security area.
    Right now, Mr. Chairman, if someone from academia came up 
and put a chart up on the wall of how information security is 
handled inside the government, I don't think that wall is big 
enough to put all the boxes up there, because it is split over 
so many places. Everyone is well intentioned and has good 
purposes.
    Mr. Horn. With the Chief Information Officer role being 
pretty much throughout the 24 major agencies, hasn't that 
helped?
    Mr. Miller. That is very helpful. But, again, even there, 
that is just within the particular agency. We are also talking 
about interrelationship with the private sector, and depending 
on who you ask, 85 to 90 percent of critical infrastructure we 
have to protect is in the private sector. Yet we have to 
coordinate with the government. Who do we coordinate with? Do 
we coordinate with Mrs. Morella's favorite office, the CIAO 
office, or do we coordinate the NIPC, or do we coordinate with 
the National Security Council or the Commerce Department? It 
goes on and on and on.
    So we are looking for simplicity. The great thing about Mr. 
Koskinen's office was it was a little bitty office. He couldn't 
do a lot. What he could do was he could be an enabler, he could 
be a man who cracks the whip and try to get you to move 
quickly. But at the end of the day, you had to do it. He was 
never going to try to superimpose his own bureaucracy, either 
on the private sector or on a government agency. That is what I 
mean by a czar, not somebody that literally dictates what the 
private sector or the Federal agencies do. Mr. Burbano has to 
decide what the State Department does, Mr. Cosgrave has to 
understand what the IRS does. But someone who can coordinate 
and pull that all together, I think that would be very helpful.
    Mr. Horn. Well, they have a council, and I don't know how 
active that was before this assignment was given them, but they 
certainly ought to be working on the consensual part. Of 
course, what I am after is, and I will be putting it in 
shortly, is the office of management idea where the President 
has somebody there that knows something about management, not 
just the budget. Every President puts in a director that is 
either an accountant or politician or economist, but they don't 
put anybody in that knows a thing about management, that has 
the President's ear.
    So I want to split that off, and, fine, keep the director 
of the budget, but make a director of management. Roosevelt had 
that, Truman had it, Eisenhower had it. It went downhill 
starting with Kennedy and right through Reagan. They all 
politicized the Bureau of the Budget, which were professionals, 
and they served every President, whether they were Democrats or 
Republicans. It didn't matter. It didn't matter what their 
party was. They were professionals. And we have lost that 
contingent, until we got into this situation. When we wrote the 
President and said look, you have got to put somebody in 
charge, because it is going nowhere, and nothing but 
procrastination, and he did. He made a good choice.
    The same thing I wrote him with Rossotti. I said look, 
every President has put in tax attorneys and tax accountants, 
how about getting a chief executive for the job. And he did a 
great job in getting Mr. Rossotti. So you had two splendid 
appointments that turned agencies around.
    Mr. Miller. Absolutely. Mr. Cosgrave, who was the CIO of 
IRS, was previously a CEO of a company, was actually on my 
board of directors, and Mr. Rossotti recruited him to come and 
fix the Y2K problem and run that. I certainly agree with you, 
Mr. Chairman.
    I guess another thing I would say in terms of a theme is 
with all due respect to my friends in the Federal Government 
who bemoan the fact there are not enough Federal IT workers, I 
think they are trying to stop this tide, and they are not going 
to win this battle. We try to help them, we meet with CIO 
council, et cetera, to try to figure out how the Federal 
Government is going to recruit more IT workers. But I think in 
the long-term trend they are going to lose.
    If they are going to lose, I would rather see them focus 
attention on the transition to a world where there is much more 
IT functionality outsourced, rather than trying to constantly 
refight this battle of what are they going to rejigger in the 
OPM manual to somehow recruit a few more IT workers. And that 
does not slight the Federal IT work force. I think they are 
great people. But I think they are just fighting a losing 
trend, because the delta between the Federal sector pay and the 
private sector pay is getting bigger and bigger. The benefits 
for people going into the private sector are much higher.
    My members never liked to voluntarily attract someone out 
of the Federal marketplace, because they are making their 
customers mad at them, but the reality is you can't throw away 
a resume when someone sticks one in your hand and says I want 
to get paid 25 or 30 or 50 percent more, I want to come work 
for your company, than I can make working in the Federal 
marketplace.
    So I think one of the issues your subcommittee wants to 
look at is how do you do that transition. I think it is going 
to happen, and to do it smartly rather than constantly trying 
to smart stop the tide I think would be a much more productive 
use of resources.
    Mr. Horn. We would welcome any thoughts you have on this. I 
know we are already in touch with you at the staff level for 
the computer security hearing coming up soon.
    Mr. Beach. Mr. Chairman, I would like to comment briefly on 
your summit idea. I think that it is a very good idea and 
encourage you to consider submitting an op-ed piece we could 
run in CIO Magazine that would bring it to the attention of 
about 300,000 people.
    I like the idea of director of management for one reason. 
Again, I was referencing earlier the CIO Know Pulse Poll that 
we recently did that shows within 18 months, 6 in 10 in the 
private side of the business are going to have e-business, and 
it is going to be their core business model. And how you have 
kept the feet to the fire for the Federal agencies here leading 
up to Y2K, I think this director of management, whoever he or 
she is, should have as one of their tasks to make certain that 
all the agencies and the millions and billions of dollars that 
the U.S. Government has spent to upgrade its systems, how are 
these being used, what new services, what new applications are 
you providing for getting our bang for a buck.
    Getting back to the previous question, Mr. Rossotti 
mentioned I think that in the IRS, they upgrade each year one-
third of their computers. So what happens to the third that are 
being thrown out? Where are these going? The other issue is 
there is a great opportunity in the junior colleges and the 4-
year schools for the faculty could be adjunct faculty from the 
business community. These are the men and women who know most 
about its leading technologies. I would encourage a program of 
adjunct faculty to our Nation's community colleges are 4-year 
schools.
    Mr. Horn. You are absolutely correct, because the research 
universities are simply too involved in long-term research, 
which does have a payoff in many ways. A lot of our industry is 
based on that research. But in terms of getting a curriculum 
turned around, as you correctly viewed, that can happen much 
more easily in a community college. Rather than have the 
faculty say let's think about this for 3 years.
    So that is part of the problem. This is a national crisis 
in skills. On the Clinger-Cohen Act, we are focusing partly on 
the information technology human resources issues and the need 
for qualified individuals and managers when that comes up.
    And that's another one coming up in the next few weeks. So 
let me skip to something else that isn't as serious as what 
we've had here, but I guess I'd want to ask Ms. Hotka that I'm 
just curious with the wonderful technology we have to trace 
everything in the stores of America, do you know how many 
generators were turned in?
    Ms. Hotka. We were sure, Mr. Chairman, that we would see 
this mass return of generators which would then be refused at 
the store level by stores who said that they wanted to sell it 
to you instead of lend it to you. We were amazed instead that 
stores used this as a customer retention mechanism. They said 
please, come back and return it and while you're here, buy 
something else.
    Mr. Horn. I was educated yesterday by my staff when I 
raised this that there was such a thing as a stocking fee and 
tell me about that.
    Ms. Hotka. What some of our retailers did was to charge a 
restocking fee so that if you brought back the generator after 
January 1 in the box because you didn't need it, that they 
would charge 20 percent. Some of them did that, did in fact 
charge that fee but some of them I think surprised all of us 
and used this as a way to get those valued customers back into 
the store and while they were there, by the way, why don't you 
buy this Christmas tree which is on deep discount and it worked 
beautifully. We saw very little demand--that was one of the 
things that surprised us too. We thought that the public was 
going to flock into stores at the end of the year and buy all 
kinds of stuff. We didn't see it at all.
    Mr. Miller. If I could make one point about your CIO 
elevation on the last question, I want to bring to your 
attention a new institution which the Virginia secretary of 
technology Don Upson is creating called the CIO Academy. I 
don't know if he's publicly rolled this out yet, but I know 
he's already recruited several State CIOs to be on the board of 
directors.
    He's recruited Jim Flyzik who is the CIO of the Department 
of Treasury who was kind enough to ask me to do it. He's got 
some other people from the private sector. I think this relates 
to the whole issue that you, of course, implemented within 
Clinger Cohen which is elevating the whole position of the CIO 
within the organization.
    And obviously one of the major roles that Mr. Beach's 
publication does is it also creates a network through his 
publication, his polls, his meetings he sponsors. I think 
Secretary Upson tends to do this in a much more educational 
level. I think you're going to see more and more where this is 
going.
    Now, the challenge, and I think, Mr. Beach, you had an 
article in your publication recently about whether the CIO job 
will even exist in 5 years. You had some futurists discussing 
that. I think one of the conclusions was there would be no such 
position, maybe a chief knowledge officer or something else 
like that but there wouldn't be a CIO because technology will 
become so ubiquitous that the idea that you have a specialist 
would be like saying you have a telephone specialist. That 
won't exist anymore.
    Generally, I think business and government are paying a lot 
more attention to the whole role of the CIO and part of it is 
because of Y2K again. It all rolls back to the fact that Y2K 
suddenly brought to the attention of the CIO and the CFO and 
board of directors that this guy or gal who ran the technology 
wasn't some person who you could just put off on the side of 
the back room, that he or she was fundamental to your strategic 
business or strategic government delivery of services.
    Mr. Horn. In educating a CIO, what is your percentage of 
technology versus management skills?
    Mr. Miller. I'd say knowledge of technology is somewhere 
between 5 and 10 percent, management understanding business, 
understanding the core operation is probably about 90 percent. 
I think the same way as a CFO. I don't think you expect the CFO 
to be your bookkeeper. The CFO is your financial planner, 
business organizer. I think the same thing is true of your CIO 
you don't expect him or her to be necessarily the chief 
technical person, that he or she is the person who is looking 
at how the technology fits into the business organization. Mr. 
Beach probably has some surveys on that I'm sure.
    Mr. Beach. We've got lots of them. It's along with what 
Harris said. I mentioned it several times here today that what 
has happened is that technology and e-business and e-commerce 
and the overuse of the letter ``E'' but what has happened is 
that there has got to be an extension to a company's business 
model. So technology has gone from being an extension of how we 
govern to being the core--a core part of that infrastructure of 
how we govern.
    I would agree with the percentages of Harris that the more 
successful CIOs that I see are those men and women who have a 
keen understanding not of technology but of their customers 
because then they could always use technology to service that 
customer need rather than saying I know everything about fiber 
and all this other stuff, you say let's go find a customer to 
satisfy that. So they are more customer-focused, and smart 
businesses and smart governments are realizing that technology 
is going to be a core platform in terms of how they provide a 
good or service.
    Mr. Horn. Does your magazine take a look at how Y2K made us 
learn that we can now better manage the operation once we had 
to get in and say let's merge this system with that system or 
let's just get rid of it? To what degree do you see that 
movement in the executive branch?
    Mr. Beach. In the executive branch here in Washington?
    Mr. Horn. Right or the field.
    Mr. Beach. I think the lesson learned from the CIOs in the 
private sector, what Y2K taught them is that no one is an 
island, that all these businesses are connected in these global 
supply chains. And I can't comment particularly on the question 
of executive branch, but I would say that you--no one aspect of 
the government, whether it's legislative, the judicial, or the 
executive is--it's never been that way, but technology is 
giving each of those branches a better opportunity to 
communicate and share information and govern in ways that we 
haven't thought of.
    Ms. Hotka. If I can expand on that too. I think one of the 
things that we found was Y2K was such a flash point, that if I 
called up someone from a company who's not a member and said I 
need to talk to you about Y2K, I could get that person on the 
phone instantly. It cut across all kinds of company barriers.
    There was no competitiveness at all. We had an immovable 
deadline and an issue that everybody understood and so everyone 
was willing to talk to everyone. If we can come to some kind of 
goal like that, obviously we'll not have this again. And thank 
God for it, but if we could come up with some kind of goal for 
technology literacy and for good corporate use of IT, we could 
again get to that point where I could pick up the phone and get 
anybody on the phone and be able to cooperate. It was useful. 
If we can harness that again it would be terrific.
    Mr. Horn. I think you're right. I've got just one or two 
things to say here, and then I'm going to leave and Mrs. 
Morella, she reminds me we have a conference, all of us at 1 
p.m. Let me say without objection, I want to file within the 
testimony when after Mr. Koskinen, an exchange of letters 
between the Secretary General of the United Nations and myself.
    Mrs. Morella. Without objection, so ordered.
    Mr. Horn. No. 2, I would like to thank the following people 
that have been involved and not just in this hearing but in 
most of our hearings. From the subcommittee on Government 
Management, Information, and Technology, J. Russell George, 
staff director and chief counsel; Matthew Ryan, senior policy 
director; Bonnie Heald, director of communications and 
professional staff member; Chip Ahlswede, chief clerk and 
unfortunately it's his last hearing with us; Deborah Oppenheim, 
intern; and minority staff, Trey Henderson, the counsel; and 
Jean Gosa, minority staff assistant; and for the Technology 
Subcommittee of the House Committee on Science, Jeff Grove, 
staff director; Ben Wu, counsel; Vicki Stackwick, staff 
assistant; the technical minority staff is Michael Quear, the 
professional staff member; and Marty Ralston, staff assistant; 
and our two court reporters today are Bob Cochran and Laurie 
Harris. And we thank you all for what you're doing.
    In closing on my behalf, I would say governments and 
industries worldwide have benefited from this experience. I 
think that testimony was very clear today. This problem has 
many silver linings as our witnesses have described. There are 
equally as many if not more people who have worked tirelessly 
in an effort to solve the year 2000 computer problem, and we 
saw some of them before us today. Obviously Mr. Koskinen is 
Assistant to the President and Chair of the Council on the Year 
2000 Conversion. The General Accounting Office staff, 
particularly that staff headed by Mr. Willemssen, who was here 
today. Federal, State, and local government personnel, the 
private sector, individual grass roots organizations, and the 
two staffs I've mentioned and the technology subcommittee which 
has been our partner in overseeing this massive and unique 
experience and we thank them and this success demonstrates what 
can be accomplished with leadership, focus, and dedication, and 
it's a great legacy to begin this new millennium and we thank 
all of you for your hard work. I thank the chairwoman.
    Mrs. Morella. I thank you, Mr. Horn. You've expressed it 
very well for all of us. Hardly a time to ask another question. 
I guess my final one is now as we look into the near future, 
any comments about February 29 and this concept of windowing? 
Has that been taking place and is it anything that we should be 
looking into, comment on, enlighten the public on? Mr. Miller.
    Mr. Miller. The companies would take the same attitude that 
you heard expressed by Mr. Koskinen and the panel this morning. 
They don't expect very many problems with February 29, but they 
are maintaining diligent oversight of the problem. Every leap 
year there's a problem.
    I hate to tell you, whether it's supposed to be or not 
supposed to, there's problems so it's not unique. I think there 
will be diligence, but I wouldn't expect any major problems. As 
far as windowing again, in a way it's postponing the problem. I 
think the expectation is it's been postponed long enough. It 
will be OK, but we got fooled last time around. There's another 
windowing problem which you may know about, which is not 
necessarily this subcommittee's concern, which there is a 
gentleman who has a patent on windowing who wants a lot of 
companies to pay him a lot of money for that. But that right 
now is a matter before the patent office and perhaps a matter 
before the court so probably Congress doesn't want to touch 
that one right now.
    Ms. Hotka. When we did our testing, when retail companies 
went through and tested all the systems they thought were fine, 
the No. 1 thing that came up with was leap year. We don't 
expect the world to come to an end. We think you'll still be 
able to shop, but if I had to pick one thing that I thought was 
going to be funky that is it. We'll be in the ICC again.
    Mr. Beach. I would just make a comment on the windowing 
that I believe Eduardo and the previous panel mentioned it that 
keeping an inventory of those applications that have been 
windowed might be wise. I'd like to know where those are in 20 
years. I don't think we should make the mistake that we made in 
the 1960's and 1970's that these applications are not going 
to----
    Mrs. Morella. Exactly. Even when you think of the 1980's, 
the 20-year span whoever thought we would now be in the year 
2000. Any final comments that you'd like to make? I want to 
thank you all very much for again being here, sharing your 
expertise, and also for all that you have done to make this Y2K 
millennium bug be squashed. I thank you very much. So we now 
adjourn the meeting.
    [Whereupon, at 1:07 p.m., the subcommittee was adjourned.]
    [The prepared statement of Hon. James A. Barcia follows:]

    [GRAPHIC] [TIFF OMITTED] T6711.075
