Constance A Morella

Opening Address at the Standards and Technology International Symposium - June 9, 1997

Constance A Morella
June 09, 1997— Gaithersburg, Maryland
National Institute of Standards and Technology International Symposium
Print friendly

Good morning and welcome to Gaithersburg, Maryland, especially for those of you who have traveled from out of town to be with us over the course of the next two days at this International Symposium on the Year 2000.

The reason that you are all here is because the end is coming and time is running out.

The end of the century, that is.

And if we don't act fast, we will be ringing in the beginning of the new millennium with the mother of all computer glitches.

We are all right now competing in a race against time to avert an impending computer catastrophe and unless something is done, when we're in the year 2000, computers around the world will think that it's in 1900.

When that happens, millions of computers, billions of dollars, and just about every human on the planet may be affected.

Computer systems applications that touch customers across the world - for example, ATM machines, or air traffic control, or financial calculations, or health care systems - are likely to fail.

You'd be amazed at how many things computers do that require the correct year.

When the year is right, the mortgage is calculated correctly, the Social Security payment is made, the airplane is serviced, and the veteran receives his or her proper medication at the VA hospital.

If the date is a hundred years off, or at least if the computer thinks so, chaos would ensue.

We all know the problem: you see, computers, especially those big and expensive ones that operate on COBOL computer code written in the 1960's, believe there is only one century, this one.

To imagine the problem, think of the device that keeps track of the date in most computers as similar to an odometer in your car, each year turning to the next.

The thing that makes this odometer different, however, is that only the last two numbers move, and the first two digits are always "1" and "9" - so 97 means to the computer 1997, 98 means 1998, 99 means 1999, but 00 means 1900.

Consequently, what happens when that odometer clicks on New Year's Day in the year 2000, is that many computers will automatically assume the year is 1900 - and worse yet, many other computers won't even know what to think and may even crash.

So you ask, how did we arrive at the brink of such a catastrophic collapse of our computer systems - especially since computer programmers are supposedly so smart?

The problem actually began many, many years ago, stemming from a decision made at the dawn of the Computer Age to save then-scarce memory by giving all dates a two-digit field in the belief that these early systems would eventually be replaced by the Year 2000.

Since the capacity of the early computers had little memory storage, programmers were loath to use up to four whole spaces for the year, when two would do just fine.

And subsequently, as an added incentive, the programmers who were paid to put in data also found it to be cheaper to put in two numbers instead of four.

Now decades later, those thrifty ways are threatening to cost us big because instead of replacing those costly mainframe computer systems as had been originally envisioned, those systems have been simply "upgraded" through the years.

While using a two-digit field may have made early, memory-deficient programs run faster and cheaper, its use now threatens to literally shutdown today's computer-dependent society.

And to make matters worse, there's not much time before this millennium bug takes a mega-bite out of our computers.

There are just 2 years and 205 days from today to get the job done.

What about the government? Are we ready for the new millennium?

Last year, experts who testified before us in Congress told us the federal government was dropping the ball.

So to find out if that was true, in April 1996 we surveyed various agencies on their Year 2000 computer conversion efforts.

My other Committee, the Government Reform and Oversight Committee, performed the survey through its Information and Technology Subcommittee, chaired by Congressman Steve Horn of California.

As a result, 24 Cabinet departments and federal agencies were graded on their efforts to address the Year 2000 computer problem.

When the report card came out, the grades weren't very encouraging at all.

Ten agencies received "D's" and four flunked because they had absolutely no conversion plan.

At that time, only six could even estimate how much money they would need to correct the problem.

We came to the inescapable conclusion that many federal government departments and agencies were simply not moving with the necessary dispatch to become Year 2000 compliant in a timely manner.

Without greater urgency, federal government agencies were placing themselves at risk of being unable to provide services or perform functions that are critical to their mission and to the American public, unless senior agency management took immediate aggressive action.

In a nutshell, this is what we found in the Government Reform and Oversight April 1996 survey:

Major departments were still only in the initial planning stages, even though agencies needed to have their systems inventoried and fixed by the end of 1998, in order to provide sufficient time to validate and ensure total accuracy.

Even those agencies considered leaders on this issue, such as the Social Security Administration and the Department of Defense, were not even close to completing their inventory and solution stages of Year 2000 conversion.

For example, in 1989, the Social Security Administration, with great foresight, realized the looming danger of the Year 2000 glitch to every Social Security recipient's checks.

Long considered the model Year 2000 agency, Social Security is currently educating other government agencies about how to resolve the problem and working diligently to correct it within their agency.

But even with an 11-year head start, the Social Security Administration admitted they would not even be finished rewriting its code until late 1998.

Only six agencies had cost estimates on the monetary resources needed to resolve the problem.

In fact the Department of Health and Human Services had cost estimates for only two divisions.

The Department of Agriculture had cost estimates for only one division.

The Department of Defense had not yet completed its inventory of computer software code that needed to be converted.

The National Aeronautics and Space Administration, one of the most innovative, advanced, and computer-dependent agencies in the federal government, had not prepared a plan to solve the problem and did not anticipate having a plan completed until March 1997 - leaving less than a year to inventory and fix systems!

The Department of Transportation, which includes the Federal Aviation Administration, Federal Highway Administration, and the Federal Railroad Administration, either didn't or couldn't even respond to the survey.

The Department of Energy had not even begun to address the Year 2000 issue until a week after it had received the April 1996 survey.

These findings left us in Congress startled and not very confident about the federal government's ability to successfully meet the challenges of the date conversion problem.

And what about the projected cost of the problem?

Last May, The Gartner Group testified before my Technology Subcommittee that the estimated cost for the federal government could be as high as $30 billion.

Gartner also estimated that factoring in software found in computer systems used by foreign governments, federal, state, and local governments, businesses and individuals, the "debugging" process could cost a staggering $600 billion world-wide.

Obviously, the task before the federal government was enormous.

Unfortunately, though, few federal agencies were responding at all to the problem, let alone aggressively.

There was, however, a Congressional sense of urgency to address this critical challenge and to mandate the government to immediate and decisive action.

So, at this time last June, while we knew the magnitude of the Year 2000 problem and that it would cost a lot of money to fix, we still didn't have a comprehensive strategy to attack the problem.

That is why we inserted legislative language in last year's Treasury, Postal, and general government appropriations bill directing the Office of Management and Budget to create a national federal strategy and submit it to Congress in February with the President's budget for this year.

We asked OMB to provide an accurate estimate of what it would cost to convert all federal computers from two-digit to four-digit fields and to map out a detailed plan for each agency - and a timetable - to ensure that all government computers will continue to operate in the year 2000.

In February, OMB submitted this strategy to Congress.

The strategy optimistically stated that each agency could meet their targeted milestones for completion at a total cost of $2.3 billion.

The government's strategy was predicated on three conditions:

  1. First senior agency managers will take whatever action is necessary to address the problem once they are aware of its potential consequences.
  2. Second, there can and will not be a single solution.
    Since a "silver bullet" is a logical impossibility, solving the problem would require technicians and engineers to write or revise software code and to replace existing hardware.

  3. Third, given the limited amount of time, emphasis will have to be prioritized to mission critical systems.

In many agencies, the mission critical systems are generally the largest and most complex, requiring the most time and are the most challenging to fix.

The OMB strategy relied heavily on the newly established Chief Information Officers (CIO) Council, to direct federal Year 2000 initiatives and to observe industry's best practices, which include the following five phases:

  • Raising management awareness of the problem,
  • Assessing the scope of the problem by inventorying systems and deciding which ones to change, replace, or discard,
  • Renovating the systems to be changed,
  • Validating and testing the changed systems,
  • Implementing the revised systems, including developing a contingency plan.

The CIO's, established in this past Congress through the Information Technology Management Reform Act of 1996, represent 28 of the largest federal departments and agencies and are responsible for maintaining a sound information technology architecture for each agency.

OMB's federal cost-estimate of $2.3 billion cumulatively for the next three years was determined through preliminary estimates from each agency.

These estimates covered:

  • the costs of identifying necessary changes,
  • evaluating the cost effectiveness of making those changes (for example, deciding to fix or scrap programs or hardware),
  • actually making the changes,
  • testing the systems,
  • providing contingencies for failure recovery.

The estimates, however, did not include the costs of upgrades or replacements that would otherwise occur as part of the normal system life cycle.

Nor did they include the federal share of the costs for state information systems that support federal programs.

Under the OMB strategy, agencies are to fund their Year 2000 work by redirecting resources from other planned activities - such as modernization - because it does not make sense to spend money on upgrades if the basic system will fail to operate.

This policy was reflected in funding decisions for major information systems in the President's budget request for this year.

While the February 1997 OMB strategy demonstrated some progress since our initial April 1996 survey, it is still clear that we have a long way to go before we can be fully confident that all federal computer programs can keep on clicking after midnight December 31, 1999.

Since the submission of the OMB strategy, Congress has been working closely with the Executive Branch to make sure that the federal government remains on track with its Year 2000 efforts.

As part of this oversight, we have helped institute a quarterly reporting requirement to OMB for each agency.

The first reporting requirement deadline was May 15 of this year, to be followed subsequently by an August 15 deadline, and then every three months thereafter.

Meanwhile, Congress continues to have significant concerns regarding the government's ability to have its computer systems ready for the century date conversion in the Year 2000.

Specifically, Congress is very concerned:

  • that the government-wide estimate of $2.3 billion to correct the Year 2000 problem is significantly understated,
  • that various agencies are not allowing adequate time for the validation of converted systems,
  • that inadequate attention government-wide is being paid to other date sensitive systems, such as the embedded chip problem, which I will discuss in more detail later.

Congress expects that OMB, as the central management arm of the federal government, will not only take on the Year 2000 challenge in a centralized fashion but will also be aggressive in its oversight of agencies.

It is expected that Congress, in upcoming legislation, will further direct OMB in its quarterly reporting requirements to:

  • include a summary of costs to date,
  • review agency validation schedules and to report back on the adequacy of these validation schedules, including a summary of contingencies in the event that the validation schedules are inadequate,
  • ensure successful interfaces with systems external to the federal government - including state, local, and private sector systems.

Despite these outstanding Congressional concerns, I am pleased that the White House now, after some initial reluctance, is beginning to share our Congressional sense of urgency on this issue.

OMB Director Frank Raines, who we have charged with monitoring federal Year 2000 efforts, is one who has dealt with this problem in the private sector.

I am confident that Director Raines understands how critical it is that senior managers make decisions about whether to repair, replace, or discard systems as soon as possible and the need to address this problem effectively and expeditiously.

There is no question that we must continue to move federal agencies to a decisive course of action to solve this computer dilemma.

In this 105th Congress, we will continue providing vigorous Congressional oversight on this issue to ensure that the problem is addressed appropriately and cost-effectively for the taxpayers.

We will address not just the federal efforts, but will also continue focusing on state and local efforts, as well as private sector efforts.

Our next Congressional hearing on the Year 2000 challenge is scheduled for the second week in July.

We will be reviewing OMB's first quarterly report from the agencies.

This hearing should give us a snapshot of where the federal government currently stands àvis a vis the February OMB strategy.

This past March, we held our last Congressional hearing in an on-going series of hearings, discussing the risks and consequences of Year 2000 failure, along with liability and embedded chip issues.

Witnesses at the hearing made several forecasts:

One prediction, made by The Gartner Group, was that more than one-half of all organizations world-wide will not fully complete their Year 2000 effort.

I found this particularly troublesome because when Steve Horn and I began investigating this problem at the beginning of last year, our focus was to ensure timely and effective action by our nation to meet the tremendous challenge of solving the Year 2000 problem, both in the public and the private sector.

Now it appears as if we must recategorize our thinking, embrace the risks of failure, discuss its consequences, and develop priorities for competing Year 2000 projects.

Additionally, the Giga Information Group suggested that the Year 2000 problem may affect more than just computers and could expand to embedded computer chips in a variety of systems and products.

Although the Year 2000 problem has been commonly described as affecting only computer software, it also exists in some hardware components where integrated circuits, also called "chips," store or process data.

Since these chips are sometimes pre-programmed or "hard-wired" by the manufacturer with two-digit date fields, it could produce the same errors as the software that controls large computer systems in the Year 2000.

While these chips are used in all computer hardware, they are also used in many electronic devices that are not typically considered computers.

Some of these embedded chips, such as the read-only-memory (ROM), are used to store data.

Other embedded chips, called microprocessors, are used to control many different types of systems such as industrial machinery, thermostats, lighting, sprinklers, medical equipment and devices, building security systems, elevators, telephones, bar code readers, and power plant operations.

Although most chips do not store or process dates, those that do must be inspected and replaced, if necessary, to avoid product failure from Year 2000 incompatibility.

Other predictions made at my March hearing was that the risk of failure and its liability consequences of punitive and compensatory damages would sprout a large Year 2000 cottage industry for lawyers waiting to file suits and that the potential legal damages awarded could ultimately exceed the total cost for actually fixing the problem.

These concerns, coupled with the frustration and uncertainty about the Year 2000 problem, has led me to wonder if Congress can do more than we have already.

It seems clear that our Congressional hearings thus far, along with letters to agencies and legislation, have been effective in raising awareness and promoting private and public sector initiative.

And although I appreciate being called "the Paul Revere of the Year 2000 Crisis," I do still believe more must be done.

First, we need to have the President raise the visibility of the issue by issuing a strong directive or a policy statement.

We also need to send a strong signal to the information technology community that their products must now be Year 2000 compliant.

To achieve this goal, we are working on statutory language which prohibits the federal government from purchasing any information technology which is not Year 2000 compliant, pursuant to Part 39.106 of the Federal Acquisition Regulation.

By forcing government vendors - by law - to sell only Year 2000 compliant information technology, it increases the probability that those manufacturers, as well as others, will speed the commercialization of Year 2000 compliant products to the general marketplace for all Americans.

Year 2000 liability issues is another concern.

Some would like Congress to require that companies disclose their status in preparing for the Year 2000.

Some in the banking community have urged the Securities and Exchange Commission (SEC) to require all companies that have publicly traded stock to submit Year 2000 compliance disclosures for new stock offerings.

Additionally, since there looms the potential for great legal liability, many in industry have refused to acknowledge they are even aware of the problem for fear that it could ultimately leave them vulnerable to negligence and warranty suits.

This self-imposed silence has a chilling effect on the ability of industry to work collaboratively and move forward to fix the Year 2000 problem.

Some have suggested that the only method to open up an effective discourse among industry and speed some action is to statutorily limit or cap private sector legal liability.

Congress may also want to get more involved in the international efforts to deal with the Year 2000 problem.

Unless the problem is corrected within every country, both in government and the private sector, international commerce could be dramatically affected.

Ultimately, it will not matter if United States industry is fully Year 2000 complaint if there are interoperability problems with our global business partners.

I'm throwing out these potential action items to you in response to the concerns we, in Congress, have heard.

Since it is unclear to me whether the market alone will provide the necessary incentive to industry and government agencies to overcome the Year 2000 problem, Congress may, indeed, be forced to take direct future action.

Meanwhile, I will continue to do all I can to effectively implement the national federal strategy, work with OMB, and continue raising awareness of the issue to push our nation's businesses and state and local governments to take immediate corrective measures.

Remember, the deadline we face is unforgiving.

Time is running out.

The goal of this International Symposium on the Year 2000 is to bring together international industry and government to exchange information and strategies.

Let's all achieve that goal.

We must all work together to address and correct the problem and formulate solutions.

We must act expeditiously.

If you are here at this symposium to begin your Year 2000 efforts, RUN - do not walk - to the vendor exhibition right after my speech.

The time for talking is over.

The time for action is now.

If we fail to correct the Year 2000 problem, we will not fail through a lack of technical ability, we will fail because of a lack of awareness of the issue or an overabundance of self-confidence.

But I know, with your help, that we will not fail.

Thank you.

Speech from