Can you defuse the Y2K bomb?
This article is the first in an occasional series on the Y2K problem and its impact on local government.
The countdown has begun. As of New Year’s Day 1999, there are only 365 days before the Year 2000 problem is expected to wreak havoc on computer and electronic systems. Cities and counties are now racing to fix the Year 2000 problem in their computer systems and operations. As part of that fix, local government agencies will need to develop risk management programs, and prepare and test contingency plans to ensure continued operations in the event of a Y2K meltdown.
The problem Given the late date, city and county governments have little time remaining to deal with the host of issues that Y2K presents. Few government agencies have fully assessed the impact of this far-reaching crisis on their organizations, their communities or their local economies. Nor have government agencies fully planned and prepared for Y2K disruptions, including 1999 dates that may create additional electronic system problems.
The Y2K problem is much more pervasive than was first thought. The problem is not limited to mainframe computer systems; in fact, it is a threat to computer components including networks, desktop computers, building systems and process controllers used in manufacturing and utilities. Because the Year 2000 problem can affect almost any electronic system, it may have extensive operational implications and may threaten many basic services.
City and county governments need to quickly understand the scope of the Year 2000 problem and its risk to power, water, sewer, telecommunications and other systems. Businesses and governments already have begun to experience failures of forward-looking systems that are unable to process Year 2000 dates. Systems such as those responsible for drivers’ licenses and building permits have time horizons that extend into the future. Systems that look one year ahead may exhibit problems starting in January 1999.
While local governments have the same types of business and technical issues as everyone else, the government provides “citizen-critical” services such as public safety, transportation and health care. Those services must continue unaffected in the face of potential Y2K disruptions; failure is not an option.
In addition, the public will look to the government for information and assistance as it grapples with the personal issues that Y2K presents. Governments will be expected to fix their own problems while continuing to provide the leadership, assistance and information that the public expects.
Fixing the problem Most organizations were late in beginning their Year 2000 projects, which quickly become large and difficult to manage. Typically, large IT projects are behind schedule, over-budget and suffer from poorly defined scope. Unlike many technology-related tasks, Y2K projects have an immovable deadline. In addition, users must depend on IT staff and project managers for whom retention and staff shortages already are becoming a crisis. Many small and late starting projects will have trouble finding Y2K resources because of high demand and cost.
It would be appropriate for local governments to take a “Manhattan Project” approach and deal with Y2K as a crisis. Executive level commitment and participation in the process is critical. Leaders should give both the Y2K project and the risk management teams the resources they need, including sufficient project management, and expedited administrative and budget processes.
Given the limited time and resources, prioritization of efforts will be critical. Resources should be distributed after determining which systems are critical and which will benefit most from repair efforts. Systems that can be retired or converted to manual processes should be identified.
All organizations also should consider a moratorium on new IT projects. Governments should be cautioned against making any legislative or administrative changes that will require additional computer revisions. And finally, governments should constantly assess the project’s progress.
Damage control A coordinated risk management effort will be required to reduce the risk of negative business impact. Emergency managers will need to develop scenarios based on the risk of major failures and prepare new disaster plans accordingly. Contingency planning soon will overtake remediation as the primary Year 2000 effort for governments.
A special Y2K risk management team should be developed with representatives from key organizations such as finance, police/fire, transportation, public works and public information. The risk management team will need to focus on maintaining the public’s safety and government services as well as ensuring a strong local economy through continued viability of businesses, organizations and residents. Several functions should be included in the risk management process: * Developing and implementing an education program to ensure that everyone in the organization knows what the Y2K problem is and what the risk management strategy is going to do about it. Everyone in every department should know what his or her responsibilities are. * Identifying all events (e.g., power failures or supply shortages) that can affect delivery of services, the damage such events can cause, the time requirements for restoration and the steps necessary to reduce probability and impact. * Developing alternate plans for all critical systems and operations based on an impact analysis. Y2K problems are not likely to be dealt with by using off-site data or systems that have the same Y2K flaw. As a result, new contingency plans that provide workable solutions are needed. In addition, contingency planning for non-information system disasters will be needed. Users should look for alternatives such as manual processing or setting the system date back. * Continuing business to ensure the availability of essential services, programs and operations in the event of disruptions, as well as ensuring the resumption of operations. In response to the potential effects of Y2K on those events, there is a need to focus on areas that have not traditionally been seen as part of the disaster recovery process. * Reviewing available options for alternative operating strategies to enable recovery of critical functions. “Quick-fix” strategies may suffice for the projects that fail. * Preparing emergency management officials to update and create disaster plans for potential Y2K scenarios. Plans should include the steps required to stabilize an emergency situation, such as a power outage, and how to respond to potentially large demands for emergency and social services. Emergency management officials should conduct desktop exercises on various “what-if” scenarios. * Training staff on how to use business continuity plans.
Government officials have an obligation to make Y2K a top priority and to take the appropriate actions. Government leaders will be judged by how well they understand the Y2K problem and, most importantly, by how well they respond to the challenge, inform and prepare their stakeholders, plan for the impact of the problem, and survive and prosper after 2000.
