ITAA's Year 2000 Outlook March 6, 1998 Volume 3, No. 9 Published by the Information Technology Association of America, Arlington, VA Bob Cohen, Editor bcohen@itaa.org ITAA's Year 2000 Outlook is sponsored in part by BDM International, Inc., CACI International Inc., DMR Consulting Group Inc., IBS Conversions, Inc., Softworks, Inc. and Y2Kplus, Inc. Board Report Notes Gaps in DoD Y2K Defenses A Defense Science Board Task Force interim report finds numerous deficiencies in DoD Y2K preparedness and calls for the appointment of a full time executive to plan and lead the effort. While indicating that most weapon systems do not have serious date problems, the report raises a series of difficult issues about how well the military is prepared to do battle with the century rollover. Missing from DoD's plan of attack are realistic management measures, information about the Y2K status of the intelligence community, comprehensive testing measures, adequate funding, an information warfare strategy, and approaches to overseas military base infrastructure vulnerabilities. The task force report comes in response to a request last July by Joseph Eash, Acting Principal Deputy Under Secretary of Defense (Acquisition and Technology). While a final report of the group is still expected, the document now in circulation, signed by task force chairman Craig Fields, also calls on the Office of the Secretary of Defense to establish a Y2K "escape valve" fund for special needs as well as funds for the FY99 budget. The report also recommends strong incentives for program managers and other key people. The task force questions whether many DoD mission critical systems really deserve the "mission critical" designation. The report suggests that a "so what?" test to mission critical systems would lead to meaningful prioritization of efforts-knocking the number of systems down by a factor of 10 or more. No matter how systems are classified, the task force found that current status information about them is lacking because information supplied is too general. "Good program management processes do not appear to be in place to report against and, thus, realistic determination of status of the ongoing efforts is not possible," the report notes. The task force also flagged DoD's tendency to accentuate the positive: "Almost all presentations report everything is going well and no difficulty is expected in meeting compliance by 2000...In contrast industry and commercial concerns view their problems with alarm." The task force finds that the DoD has created the "worst of both worlds with lots of reporting required of the components but little value to the reports." The task force criticism of management practices is not limited to the military. Drawing a bead on computer and software companies, the task force notes that "many of these companies seem to feel they have no responsibility for Y2K compliance of their previously delivered products." Weapon systems such as Aegis, F-15, MLRS, Patriot, and AWACS appear good to go, according to the report, with the task force assigning "high confidence in the ability of the systems themselves to meet mission requirements." Less clear is how these will interface with secondary systems. The task force finds inadequate attention to what it calls "system of systems" testing, general contingency planning and the creation of emergency response teams. For example, the report notes that end-to-end testing of systems supporting a conventional cruise missile strike would include relevant intelligence collection, analysis and processing systems, C3 systems, mission planning systems, and several weapon platform systems. Later, the report notes that "Independent testing agencies within DoD...are alarmed at the lack of requests for Y2K testing assistance by system owners and operators." The task force determined that DoD lacks a central certification authority, thereby providing no assurance that uniform testing conditions will be applied. The report suggests that the nation's top brass may also be in the dark when it comes to the Y2K preparedness of intelligence systems. Because intelligence community (IC) data is not collected in the Defense Integration Support Tools (DIST) database, a facility which helps DoD manage its many thousands of systems and associated programs, "...most of OSD does not know whether Intelligence Community data will be available when needed." The IC has not provided Y2K impact information, the report notes, leaving users guessing. Question marks pertain to crypto systems as well as the archived data bases which "contain numerous calendarized fields and which provide crucial inputs to our command and control systems." The task force also takes issue with DoD's "take it out of hide" approach to Y2K funding. Making do is fine if a program has replacement or upgrade funds available, the group reasons, but not so good for systems which lack these resources. Conversion dollars should flow from any and all programs, not just IT maintenance and upgrade funding, the report notes, adding, "Our impression is that several hundred million dollars will have to be diverted from other than IT related funds to meet Y2K needs." The task force suggests creation of an escape valve fund to support "system of systems" testing, remediation of "homeless" systems, replacement of unfunded legacy systems, and funding of special CINC needs. Such a fund is estimated in excess of $100 million. Funding may not be all that requires rethinking. The report notes that DoD should assume "that hackers will try to cause mischief including exposing and widely disseminating Y2K vulnerabilities...Domestic and international perceptions also are important. Perceived vulnerabilities at a critical time period, even if not real, can lead to serious difficulties for the U.S. Therefore, strong and visible actions by the DoD to address Y2K issues are important not only to fix the problems but also to impact these perceptions in the desired manner. To date, there has been little or no concern relating to the possible introduction of Information Warfare [IW] vulnerabilities in the course of making Y2K fixes and there has been little effort to involve the IW community in the Y2K arena." While U.S. nuclear weapons systems are being seriously tested, NATO nuclear systems "warrant attention...Additionally, attention should be directed to nuclear weapons in China and Russia particularly for their control, safety & security." Incentives suggested by the task force for program managers and other key personnel include extended tours to cover the period into the Year 2000, bonuses to recognize accomplishments, modifications to leave policy and deferred comments on fitness reports to capture actual Y2K performance data. Horn Hangs Dunce Cap on Government Y2K Efforts With less than two years to go, the federal government has just over one-third of its mission critical systems Y2K complete. This lackluster performance yielded the world's largest software user no better than a "D-" on a report card issued this week by Rep. Stephen Horn. Horn chairs the House Subcommittee on Government Management, Information, and Technology and began grading the Year 2000 efforts of federal agencies last year as a way to bring greater awareness to the problem. Perhaps the biggest loser in this year's grades was the Department of Defense, which dropped from a C- to an F. DoD's 2915 mission critical systems represent one-third of all such systems within the federal government. "You do not have to think very hard about the function of many of those defense systems to agree that failure is intolerable," Horn said. "Added to this is the disturbing fact that Department of Defense has just suffered an exodus of its entire staff leadership on the Year 2000 problem. It is time for people outside Defense-as well as inside-to start sweating about this." The Department of Labor and State joined DoD in dropping two grades to be tagged with an F. The Department of Education and Transportation retained their failing marks from last year. Another notable backslider was Health and Human Services, which went from a B- to a D. Those jumping up two grades were Veterans Affairs (C to A), Agriculture (D- to B), Commerce (D to B) and Office of Personnel Management (D to B). According to Horn's calculations, just two-thirds of all federal government mission critical systems will be completed by January 1, 2000. Among those dogging it to the deadline are Labor, which Horn estimates will have just 26 percent of mission critical systems done, Transportation with 33 percent done, Defense with 36 percent and State with 40 percent. Grade calculations are based on agency self-reported rates of progress. Agencies completing their Y2K conversion programs before the rollover earn a base grade of A. Those finishing during 2000 receive a C. Wrapping up in 2001 is worth a D; any agency with a complete date after 2001 fails. Base grades are adjusted on a variety of factors: the use of a system replacement strategy, a significant drop in the number of systems deemed mission critical, and the extent to which agencies have addressed non-mission critical and embedded system vulnerabilities. Agencies with a significant dependence on replacement systems are the Small Business Administration, which says it will replace 75 percent of its mission critical systems, the Nuclear Regulatory Commission shopping for 43 percent, State swapping out 38 percent and Labor with 36 percent. New systems pull grades down because they have a very poor record of being delivered on time, according to Horn's report. Agencies reporting significant declines in the total number of mission critical systems are NASA, Energy, Education, DoD and the Agency for International Development. Horn's subcommittee terms such activity suspicious because it suggests that these systems are not being fixed, just reclassified. Horn praised the appointment of former Office of Management and Budget Deputy Director John Koskinen to head a federal Y2K task force, but he added, even Koskinen's skills "...do not change the fact that the executive branch is still on the edge of failure...We need a centralized approach. We need to prioritize. We need to coordinate. We need to do all of that very soon." Year 2000 Draws Eye of G-7 The Year 2000 computer glitch will join the party at the G-7 economic summit. U.S. Treasury Secretary Robert Rubin said the group will take up the topic at its meeting in Birmingham, England on May 15-17. In a speech to the Institute of International Bankers first reported by the Bureau of National Affairs, Rubin said, "there is room for substantial concern based on the anecdotal information that I and others have gotten as you talk to people around the world, about the lack of progress with respect to the year 2000 problem in many countries, including some of the advanced industrial nations." Talk around the office might prove sufficiently convincing. With less than one-quarter of its systems fixed, Rubin's Department of Treasury earned a "D" in the grading of federal agencies released this week. Y2K Bill Passes Senate A bill to extend authority of the Office of Thrift Supervision (OTS) and National Credit Union Administration (NCUA) to examine the operations of service corporations or other entities providing services to thrifts and credit unions passed the Senate today. The legislation, co-sponsored by Sens. Bob Bennett (R-UT) and Chris Dodd (D-CT) also requires federal financial regulatory institutions to conduct Y2K seminars and provide model approaches for solving the date change problem. Similar legislation passed the House last week. New Y2K Bill in House Would "Beef Up" CIO Role Rep. Bob Goodlatte (R-VA) has introduced the USDA Year 2000 Compliance Enhancement Act, legislation intended to assure the Department of Agriculture better farm policies and programs through a centralized approach to IT resource management. The bill would create a chief information officer reporting directly to the Secretary of Agriculture. WV Bill Would Disqualify Non-Compliant Vendors West Virginia House Bill 4691 would disqualify from state contracts vendors found selling non-Y2K compliant information equipment, hardware, software or related services after July 1, 1998. Such vendors would be barred from state business until July 1, 2003. The measure would also require vendors to provide a special Y2K-compliance warranty and may include specific remedies for breach of warranty. The bill has passed the House and is now being considered by the Senate Government Organization Committee. Closer to Home MatriDigm Corporation of San Jose, California has received ITAA *2000 certification. ITAA *2000 is the industry's century date change certification program. The program examines processes and methods used by companies to perform their Year 2000 software conversions. MatriDigm Corporation participated in a rigorous evaluation of its approach to date conversion, with extensive analysis in eleven discrete process areas deemed necessary to a successful Year 2000 conversion. Certification indicates that MatriDigm Corporation has the core capabilities needed to address the Year 2000 challenge. The company developed MatriDigm Advanced Process 2000 (MAP2000SM), the Millennium Control System (MICOSTM) and MatriDigm COBOL Analysis Product (MCAPTM) using certified processes and methods. Business to Business Strategia Corp., Louisville, KY, has been awarded Y2K contracts by the University of Kentucky and the Central Illinois Light Co. CTA, Incorporated, Rockville, MD, has announced the availability of their complete Y2K assessment and remediation services for embedded systems. NeoMedia Technologies, Fort Myers, FL, has entered into a Y2K partnership agreement with COMSYS Information Technology Services. Princeton Softech, a wholly owned subsidiary of Computer Horizons Corporation, Princeton, NJ, has acquired Mainware Incorporated. Sterling Software, Inc., Los Angeles, CA, has announced the availability of VISION:Reseller, an innovative marketing program that supports resellers of VISION:Clearaccess. IBS Conversion, Inc., Chicago, IL, has selected Joseph Weingarz as Director of Technology Services. Century Services, Inc., a wholly owned subsidiary of Zmax Corporation, Germantown, MD, has won a Y2K conversion contract with the U.S. Department of Housing and Urban Development. McCabe & Associates, Columbia, MD, has announced the availability of McCabe Visual 2000 version 3.0, a Y2K tool that assesses and pinpoints client/server Y2K risk areas. Computer Associates International, Inc., Islandia, NY, has been selected to perform Y2K conversion services by the Naval Supply Systems Command of the U.S. Navy. Sponsor Advertising BDM International, Inc. Are you confident that your renovated software applications are millennium-ready? Have you also validated the associated hardware, firmware, interfaces, third party software, and non-information systems that keep your business running? If not, BDM can help you mitigate business risks across your enterprise with our BDM SMART ValidatorSM solution. SMART Validator helps you to objectively validate that each and every automated system affected by Year 2000 performs as intended. SMARTValidator provides customers with detailed processes, checklists, compliance statements, and guidelines to validate and maintain compliance beyond Year 2000. With 37 years of large-scale project management and testing experience backing our solutions, you can count on BDM and SMART Validator to help you prove Year 2000 compliance across your organization. (800) 794-6085 e-mail: year2000@bdm.com http://www.bdm.com. CACI International Inc. -- Restore 2000 CACI leverages 35 years of information technology experience and over 10 years of reengineering systems - solving the same problems Y2K poses - to offer a total solution to the Year 2000 challenge: Restore 2000SM. The Restore 2000 methodology applies a comprehensive three-phase process to your information systems: Assess, Plan, and Remediate. Furthermore, we give you the option of buying our methodology or our services - both backed by CACI experience and Y2K experts. Restore 2000 is certified by the ITAA as meeting the highest standards of Y2K compliance. In addition, software development processes at CACI have been independently certified as being at Level 3 of the Software Engineering Institute (SEI) Capability Maturity Model. Achieving SEI Level 3 provides clients further assurance that CACI solutions successfully and effectively deliver Year 2000 compliance while allowing you to save money, reduce risk, and minimize systems disruption. With approximately 3700 employees worldwide and FY97 revenues in excess of $270 million, CACI provides a depth of experience and expertise you can rely on. We've performed Year 2000 conversions for many of America's biggest enterprises, including major health insurance providers, retail clothing manufactures, gas companies, airlines, and government agencies. Superior functionality backed by decades of experience - CACI's Restore 2000. DMR Consulting Group Inc. DMR Consulting Group Inc.(formerly DMR TRECOM), an Amdahl company, is a global consulting organization of over 7,000 employees providing a comprehensive range of information technology services. Our Year 2000 Practice comprises a comprehensive offering of consulting, assessment, remediation, testing, and implementation services utilizing a formal methodology (APM/2000), best-in-class software tools, and six global conversion centers. We have multi-disciplinary experience in most mainframe, mid-range, and client-server/desktop environments. APM/2000 includes: · Program Management · Enterprise-Wide Assessment · Impact Analysis · Conversion Delivery · Testing and Implementation Year 2000 Risk Management Consulting Services include: Program Review, Stakeholder Readiness Assessment, Risk Management and Vendor Compliance Research. Contact: Stephen Frycki Managing Director, Year 2000 Services - US Phone: 201-200-3923 Fax: 201-200-9046 Email: fryckis@dmr.com Websites: http://www.dmr.com IBS Conversions, Inc. IBS Conversions, Inc., founded in 1982, is the first service organization to receive ITAA*2000 Certification for IBS/Solution 2000TM methodology, products and services. IBS is a recognized leader in automated conversion/migration software and consulting having translated millions of lines of code for companies worldwide. IBS/Solution 2000 IBS/Solution 2000TM is a full suite of Year 2000 services and products: Full project Analysis, Pilot Project and Repair, staffing and management/methodology Scan/Repair Conversion Factories for Mainframe and AS/400 environments Project Methodology Qwik-Sizer Analysis Licensing Scan/Repair Tools for AS/400 Y2K Projects License Conversion Factories/Tools to other Consulting Firms http://www.ibs2000.com SOFTWORKS, Inc. HOT DATE 2000/SIMULATE Preparing for the new millennium isn't easy, especially in the data center. Ensuring an accurate conversion could be a daunting task. That's why SOFTWORKS has created HotDate 2000/SIMULATE. HotDate 2000/SIMULATE is a comprehensive identification, testing, and simulation utility created to locate the programming changes needed to prepare for the Year 2000. Using a simulated Year 2000 environment, HotDate 2000/SIMULATE locates and tests potential date problems the Year 2000 will cause to your individual programs, applications, and entire system. HotDate 2000/SIMULATE is transparent to your applications and supports all programming languages. For more information about HotDate 2000/SIMULATE, call SOFTWORKS at 800-727-4422. Http://www.softworkscc.com Y2Kplus, Inc. Y2Kplus provides a portfolio of "best of class" software products and outsourcing services that address Year 2000 issues. These offerings are available both to IT Solution Providers and IT organizations. Y2Kplus has offerings that address the following needs: * A comprehensive Renovation Preparation offering to enable you to prepare complete and accurate packages of software components ready for mainframe code renovation. * A powerful Code Renovation set of offerings that will renovate: * multiple languages including COBOL, Assembler, Pl/1 and Natural code for mainframe systems; * mid range COBOL systems running on DEC, HP, DG, NCR, Unisys, Wang, Prime, Bull, Tandem, and IBM AS/400 platforms. * A Re-engineering tool for mid range COBOL systems that will enable you to rehost to other platforms, thereby providing "value beyond year 2000". * Code Renovation outsourcing services for all of the above systems plus IBM AS/400 RPG. * Data Commander, a testing tool that enables you to warp test data dates to allow you to do future date testing by updating your current test data stream and then compare results of test runs before and after 2000. * Services for development and management of Comprehensive test plans and strategies to help your organization create effective baseline tests, improving the quality of risk mitigation derived from forward date testing. For more information, please send email to info@y2kplus.com, visit our web site at www.y2kplus.com or call Dave Ehlke at 781-863-8111. Calendar March 9-11, '98 DCI - Managing Y2K Projects: Washington, DC Info: 508-470-3870 The Key Issues External & Internal http://www.dciexpo.com March 10-12, '98 DCI - Testing For Y2K Compliance Washington, DC Info: 508-470-3870 http://www.dciexpo.com March 18, '98 Washington DC Y2K Group Meeting Washington, DC http://www.bfwa.com/bwebster/y2k March 18-20, '98 SPG Year 2000 Conference & Expo New York, NY Info: 508-652-1010 http://www.spgnet.com March 23-24, '98 IBC's Y2K Legal Compliance Conference New York, NY Info: 508-481-6400 http://www.ibcusa.com/conf/2000legal March 23-24, '98 An Action Plan For Year 2000 Boston, MA Info: 781-235-2895 Compliance - Seminar http://www.masp.com April 1, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm April 6-9, '98 Year 2000 National Symposium Atlanta, GA Info: 508-393-3266 BrainStorm Group, Inc. http://www.brainstorm-group.com April 14-15, '98 An Action Plan For Year 2000 New York, NY Info: 781-235-2895 Compliance - Seminar http://www.masp.com April 20-22, '98 SPG Year 2000 Conference & Expo Orlando, FL Info: 508-652-1010 http://www.spgnet.com April 21, '98 Washington DC Y2K Group Meeting Washington, DC http://www.bfwa.com/bwebster/y2k April 27-28, '98 Year 2000 Millennium Bug New York, NY Info: 800-931-6722 Investment Conference April 27, '98 Y2K Liability Conference London, England Info: 44-171-878-6888 http://www.mondaq.com April 29-30, '98 Y2K Info Net Technology Conference Toronto, Info: 905-454-8577 Canada May 4-5, '98 Y2K: The Complete Landscape of Phoenix, AZ Info: 202-8283174 Risks and Insurance lplatt@wrf.com May 6, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm May 18-20, '98 IBM Y2K Technical Conference Las Vegas, NE Info: 800-426-8322 http://www.training.ibm.com/ibmedu/conf/yr2000/ May 18-20, '98 IQPC's Year 2000 Industrial & Houston, TX Info: 617-482-3258 Process Control Systems Conference May 18-19, '98 An Action Plan For Year 2000 Boston, MA Info: 781-235-2895 Compliance - Seminar http://www.masp.com June 1-2, '98 An Action Plan For Year 2000 Chicago, IL Info: 781-235-2895 Compliance - Seminar http://www.masp.com June 3, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm June 22-25, '98 Year 2000 National Symposium Chicago, IL Info: 508-393-3266 BrainStorm Group, Inc. http://www.brainstorm-group.com June 22-23, '98 An Action Plan For Year 2000 San Francisco, CA Info: 781-235-2895 Compliance - Seminar http://www.masp.com June 29-July 1, '98 SPG Year 2000 Conference & Expo Chicago, IL Info: 508-652-1010 http://www.spgnet.com July 1, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm August 5, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm August 10-13, '98 Year 2000 National Symposium San Francisco, CA Info: 508-393-3266 BrainStorm Group, Inc. http://www.brainstorm-group.com September 2, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm September 23-25, '98 SPG Year 2000 Conference & Expo San Francisco, CA Info: 508-652-1010 http://www.spgnet.com October 7, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm November 4, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm November 9-11, '98 SPG Year 2000 Conference & Expo Boston, MA Info: 508-652-1010 http://www.spgnet.com December 2, '98 ITAA Y2K Task Group Meeting Arlington, VA Info: 703-284-5312 http://www.itaa.org/year2000.htm ITAA's Year 2000 Outlook is published every Friday to help all organizations deal more effectively with the Year 2000 software conversion. If you would like to receive this free publication, please sign up on the web at https://www.itaa.org/transact/2koutlooksub.htm. Copyright ITAA 1998. All rights reserved. The Information Technology Association of America, 1616 N. Fort Myer Drive, Suite 1300, Arlington, VA 22209. Internet: http:\\www.itaa.org