Federal Government Numbers on Mission Critical Systems Drops Sharply

The Co-Intelligence Institute // CII home // Y2K home

Federal Government Numbers on Mission Critical Systems Drops Sharply

To: y2kforum@efn.org
From: cabeal@efn.org

http://www.infobeat.com/stories/cgi/story.cgi?id=2558983851-7e4

03/29/99

No. of Y2K 'Critical' Systems Drops

No. of Y2K 'Critical' Systems Drops By CHRIS ALLBRITTON
AP Cyberspace Writer

NEW YORK (AP) _ As the federal government approaches Wednesday's deadline for inoculating its "mission-critical computers" against the millennium bug, it turns out that some missions aren't so critical after all.

A study of the numbers of systems potentially vulnerable to the so-called Y2K bug shows that about one-third of them have simply dropped off the "mission-critical" list in recent months.

Government agencies "are under tremendous pressure from Congress to hit their numbers, to be 100 percent compliant. And in a practical sense, they will do so even if they have to drop some of their mission-critical systems," said Robert Alloway, who worked for a congressional committee on Y2K and now runs the National Leadership Task Force on Y2K, an independent, non-profit organization.

In part, the phenomenon of "disappearing" (Alloway's term) is simply bureaucratic. Systems once defined as critical have ceased to be so, but it has taken the Y2K threat to galvanize the government into sorting them out.

But the "disappearing" _ and the refusal of many agencies to spell out reasons for taking systems off the critical list _ is stoking suspicions among some Y2K-watchers that the government is hiding something.

As the deadline nears, "the pressure will only increase for organizations to define down their systems," said Ed Yardeni, chief economist for Deutsche Bank Securities in New York.

"Once an agency compiles its mission-critical systems, I don't think it should be able to change what's defined as mission-critical as the deadline approaches."

The Y2K bug occurs because many computers programmed to recognize only the last two digits of a year won't work properly beginning Jan. 1, 2000, when machines might assume it is 1900. Some computers can be reprogrammed, but many have embedded microchips that must be replaced.

The effect of the bug is largely unknown. Some, like Yardeni, predict chaos, huge power failures and nuclear accidents. Others say it will be no worse than a storm that briefly knocks out power.

In August 1997, the government listed 9,100 mission-critical systems, and its overall rating stood at 19.3 percent compliant, according to the General Accounting Office.

Since then, the government says, 3,298 systems have been fixed, and about 79 percent of its mission-critical systems are compliant.

But that figure would have been only 55.6 percent had 3,323 systems not been dropped or redefined, the GAO figures show.

John Koskinen, the chairman of the President's Council on Year 2000 Conversion, set a March 31 deadline for the federal government to have its mission-critical systems 100 percent compliant.

According to the GAO, the Department of Agriculture has dropped 886 mission-critical computer systems since August 1997, from 1,239 to 353. That enabled it to say it had gone from 10 percent compliant to 65 percent.

A similar tale at Housing and Urban Development: The agency started with 231 systems and ended with 62. Compliance jumped from 22 percent to 73 percent.

The Department of Defense's numbers went from 3,695 systems to 2,581, and compliance from 18 percent to 52 percent. It has classified the details, but the little information it did release shows that some formerly critical systems of control, early warning and communications were folded into others or split into smaller components.

Among systems reclassified by Housing and Urban Development are the Multifamily Data Warehouse, phased out in November without replacement, and the Funding and Contracting Tracking System, replaced last month by the Grants Evaluation Management System.

Requests to HUD seeking explanations of the system's functions were not answered.

The Department of Agriculture phased out systems that included one that controlled the cash receipts log and one that tracked discrepancies between bank deposits and the bookkeeping systems for the state and county offices of the Farm Service Agency.

Overall, of the 9,100 systems, 3,298 have been fixed, 3,323 redefined, and the rest are still being worked on, the GAO said.

Alloway, the task force director, concedes that of the mission-critical systems dropped in the last 18 months, about 500 probably were "slop" and needed to be dropped.

But he worries that many reclassified systems are "being dropped down to the next tier of importance, primarily so they'll drop off the radar of what's important."

The Office of Management and Budget, the watchdog agency of the Executive Branch, established guidelines for what constituted "mission-critical." But each agency then decided which systems fit the description, and how much detail to make public.

"This is purely bureau business and not for public consumption," said Debbie Weierman, a spokeswoman for the Federal Bureau of Investigation, when asked for a list of formerly mission-critical systems. "It's regarding investigative techniques and isn't something the public would benefit from."

Jack Gribben, spokesman for the President's Y2K council, acknowledged that the number of mission-critical systems has shrunk. "I don't think it takes away from the fact that agencies have been making real progress over the past several months," he said. "It's just a matter of what's a priority."

"The definition, in my eyes, has always been a problem," said Matt Ryan, a staff aide for the House Y2K subcommittee Alloway worked for. It is chaired by Rep. Stephen Horn, R-Calif., who in the past has voiced suspicions about redefined systems.

"We would expect some of that, but there is also a sense of 'gaming,"' said Ryan. "If you want to drop out 10 systems that are not mission-critical, you can do that. That will raise suspicions, though."

But Russell George, staff director and chief counsel for Horn's subcommittee, offered a cautious second opinion.

"The issue as to whether or not federal agencies were 'gaming the system' was raised some time ago and the subcommittee, working with the GAO, reviewed that issue and found no evidence that that was occurring," he said. "That is not to say that the situation did not or does not exist, but no evidence to that effect has been found."

Greg Parham, the Y2K project director for the Department of Agriculture, said nothing suspicious was going on at his agency. Instead, most of the 1,239 systems tallied in the original inventory were separate programs that were consolidated into one, he said. The Forest Service alone dropped from 423 to 17 systems.

Alloway is hopeful but wary. "I think they will achieve 100 percent mission-critical compliance," he said. "But they will reach it through a combination of creative redefining and hard work."