Year 2000 Deadline Not Negotiable

hether Jan. 1, 2000, will be a day of high anxiety or relief for federal executives depends on whether the government successfully completes its largest information technology project to date, a multibillion-dollar effort to solve what is known as the year 2000 problem. Awareness of the problem has grown significantly over the last year; the challenge now is to correct it.

The issue-which affects all types of computers, from large mainframes down to personal computers-is that many software applications will not recognize the year 2000. To conserve once-precious electronic storage, programmers designed applications to use two-digit years. Unless changes are made before midnight on Dec. 31, 1999, these applications will not run correctly, if at all. The problem is most common in older, mainframe-based applications. But even some newer commercial software packages won't recognize the year 2000.

Nor is the problem limited to software: It affects stored data and also many computers whose chips don't recognize the next century. In some cases the hardware can be "patched" with software; in other cases it must be replaced.

A related problem that has only recently come to light concerns the many elevators, air-conditioning systems, telephone systems, fax machines and other equipment that relies on microprocessor chips that might malfunction in the year 2000. Only some of this equipment is officially defined as information technology. In early March, the CIO Council Subcommittee on Year 2000 began working with General Services Administration officials to evaluate the problem this will pose for public buildings. Also in March, the House Government Reform and Oversight subcommittee on government management, information and technology and the Science subcommittee on technology held a hearing about these embedded microprocessors; the two subcommittees then urged government regulatory agencies to assess the issue.

The General Accounting Office recently named the year 2000 problem a "high risk" area because of the potential losses to the government if the problem is not corrected. Calculations involving next-century years already have been thrown off in some systems.

According to an Office of Management and Budget report released in February, the price tag for fixing the federal year 2000 problem will be $2.3 billion. Both analysts and government officials have questioned the figure, which was calculated using the agencies' and departments' own estimates. Sally Katzen, administrator of OMB's Office of Information and Regulatory Affairs, and the Clinton administration's point person on the year 2000 effort, says she expects the figure to go up as more agencies finish assessing their systems. The Defense Department's estimate has already increased from $969.6 million at the time data was collected for the report to $1.1 billion, and DoD says the figure may change again.

Estimates vary for how much the governmentwide total might rise. Katzen says the figure may reach $5 billion; Jim Kerrigan, president of COLMAR Corp., a Reston, Va.-based market forecasting firm, says it will be about $9 billion; other consulting firms have put the tab as high as $30 billion. Departments are being told not to expect additional appropriations for the year 2000 effort, which means the funds will need to be diverted from other information technology programs.

Government Initiatives

To address the year 2000 problem, agencies must ensure that both their installed base of hardware and software and the information technology products they are buying will not fail at the turn of the century. With regard to an agency's installed base, the year 2000 problem is fundamentally an information systems maintenance project.

But the project is unique in two ways: A large number of systems are affected and its deadline is not negotiable. This, coupled with the desire not to expand the problem by buying more non-compliant products, has prompted the government to begin several initiatives to help departments and agencies better address the problem.

In February, GAO issued an exposure draft of a report outlining a phase-by-phase framework and checklist for assessing agencies' preparedness for the year 2000. Also in February, OMB issued a report that includes a year 2000 compliance strategy and sets governmentwide milestones for the completion of each phase. The strategy encourages agencies to focus on mission-critical systems and follow industry's best practices. OMB will require quarterly progress reports from agencies and will "meet with those [agencies] with later target dates and press them to accelerate, if possible," Katzen says.

The CIO Council Subcommittee on Year 2000 is trying to promote the sharing of managerial and technical expertise among agencies. It maintains a best practices document on the government's official Year 2000 World Wide Web site. It also hopes to establish a database listing the year 2000 compliance status of commercial products. (The Defense Information Systems Agency has posted a similar list on its Web page.) The subcommittee is working with the GSA to develop a logo that identifies year 2000 compliant products on GSA schedules.

In response to the subcommittee's urging, the National Institute of Standards and Technology amended the federal digital date standard to a four-digit year. In January, the CIO Council adopted this standard for all data exchanges among agencies.

Last September, the GSA recommended year 2000-related contract warranty language. An interim Federal Acquisition Regulation rule was then issued in January. Referencing the GSA warranty clause, the rule defines year 2000 compliance and requires agencies to procure only products that already are or will soon be year 2000 compliant. The final version of the FAR rule was expected to be announced at the end of April or beginning of May.

While the government is stressing interagency cooperation, some analysts warn that a problem may be brewing within agencies. Program managers won't want to see their projects' funds diverted to the year 2000 effort, says COLMAR's Kerrigan, which could lead to "internal warfare."

Year 2000 Solutions

"There is no single, cookie-cutter approach for solving the year 2000 problem," states the recent GAO report. GAO and OMB divide the year 2000 effort into five sequential but overlapping phases: awareness, assessment, renovation, validation (testing) and implementation. The assessment phase, according to the OMB report, determines "the scope of the problem by inventorying systems and deciding which ones to change, replace or discard." During its assessment, DoD, for example, decided to eliminate more than 560 of its systems.

Most agencies are currently in the latter stages of the assessment phase, although many agencies are like the Internal Revenue Service, with "different systems in different [phases]," says Julia McCreary, the year 2000 technical adviser for the IRS. "It's a realistic way to approach the problem."

Year 2000-related software and data storage problems can be resolved in several ways.

The first is to use four-digit years, a solution which requires both code and data changes. An alternative is to use a 100-year "sliding window" that relies on context to determine in which century a two-digit year falls. The third option is to stuff four-digit dates into two-digit spaces and compress and expand them as needed. Each technique has advantages and disadvantages.

Analysts emphasize that the year 2000 problem is more an issue of management than technology. The solutions aren't difficult, but they require a large, well-coordinated effort. Although NIST estimates that only 1 to 2 percent of computer code may be affected, all of it must be examined in order to isolate the affected lines. Many organizations have at least a few old programs for which the code has been lost; in these cases, the code must be recreated before it can be assessed.

Fortunately, there are automated software tools to aid much of the year 2000 effort. During the assessment phase, tools can gauge the number of programs and lines of code that are date-sensitive, and some even generate cost and time estimates for the fix. During the renovation phase, tools can help programmers find lines of code that need changing; some can also do part of the modification. Testing tools are also available; these include date-simulation tools that allow programmers to find out what will happen in the year 2000 without needing to change their computers' clocks. There are also management tools for the entire project.

Year 2000 tools are not available for every programming language. In cases where an agency can find no tools on the market, it can either do more of the task by hand or develop its own tool. The Drug Enforcement Administration headquarters, for example, relies heavily on a newer, fourth-generation language for which no code scanning tool was available, so its year 2000 contractor developed a tool specifically for the project.

"Tools help but are no panacea," noted Kathleen M. Adams, the Social Security Administration's assistant deputy commissioner for systems and chair of the CIO Council Subcommittee on Year 2000, at a recent conference. "Using tools just helps shorten the manual process," says Mike Miller, senior vice president of Computer Associates International Inc.'s federal division in Reston, Va. "No technology will change program logic automatically," he says.

Many of these tools can be used for any information systems maintenance project, not just the year 2000 effort. Many vendors have simply repackaged existing maintenance tools with a few add-ons specific to the year 2000 problem (such as pre-written date calculation modules, or date-simulation testing tools). The trend is toward selling these packages with services, says Dick Heiman, a research manager at International Data Corp., a consulting and market research firm in Framingham, Mass.

New vendors and products are entering the field every day. Among the established companies are Keane Inc., Computer Associates, Compuware Corp., IBM Corp. and Viasoft Inc. (On April 1, Viasoft announced a program to sell year 2000 tools to federal government customers at a substantial discount.) Prices vary widely; "the only thing that is certain is that prices will go up" as the demand for qualified programmers outstrips the supply, Heiman says.

An organization should assess its existing information system maintenance program-its tools, process and system knowledge-to determine whether it needs a full solution or just individual tools for the year 2000 effort, Heiman says.

Analysts caution that the testing phase will account for fully half the work in the year 2000 effort, because so many systems are affected. Organizations may not have the computing power to test so many systems, in which case they may need to turn to a disaster recovery firm for support. Another challenge will be handling ongoing maintenance work while addressing the year 2000 problem. "A significant amount of new applications and enhancements to old applications will not get done," Miller says.

The government is trying to be realistic about the year 2000 effort. "There will undoubtedly be some systems, hopefully of much lesser importance, that will not be fixed" when the year 2000 arrives, Katzen says. Instead of expecting perfection, the government is concentrating on making at least its mission-critical systems compliant. Then, Katzen says, "we can truly celebrate the new year."

Luba Vangelova is a Washington-area freelance writer.