Officials pledge departmentwide compliance by deadline; testing still must validate software and hardware fixes.
The Defense Department has declared war on the year 2000 problem, and it expects the campaign to end with a whimper, not a bang. Fully 95 percent of military information systems were expected to be compliant by December 31, 1998, with this number including all mission-critical elements. Department leadership is cautiously optimistic that its goals are being met, but it is hedging its bets in case some systems slip through the cracks.
The department operates more than 25,000 information systems. These range from battlefield information systems to conventional support systems for personnel. Add to these the millions of older semiconductor chips embedded in various electronic devices, and the department faces a quantifiably large task in addressing its year 2000, or Y2K, challenges.
Exclusive of validation testing, the military expects to spend $1.9 billion on Y2K fixes, which comes out of the information technology budget of about $10 billion. These efforts range from rewriting software code to replacing all the embedded chips that are not Y2K compliant. This cost, however, is just for remediation, and department officials expect it to climb when testing and validation kick in. Congress has authorized a supplemental $1.1 billion.
Complicating this effort are the issues of security and contingency planning. Many commercial Y2K software code solutions are being written by resident noncitizens or even overseas contractors. The Defense Department has no security structure to deal with foreign personnel writing code for its commercial off-the-shelf systems, and it cannot easily determine whether these solutions also introduce vulnerabilities.
The Defense Department also must factor the needs of the general public into its contingency planning for January 1, 2000. Concurrent with the department’s own efforts, it must prepare to support the national infrastructure should significant system failures occur. This could include providing emergency power, water and telecommunications to citizens on a regional basis.
Deputy Secretary of Defense Dr. John Hamre defines the department’s approach to the Y2K problem in military terms. “The operational metaphor that now guides us is that this is going to be war,” he declares. “We know the exact time and place where the enemy will attack.”
The enemy is the software glitch that fouls computers when their two-digit year clocks roll over from 99 to 00. The time is the first millisecond of January 1, 2000. The place is within every information system or piece of hardware containing a computer chip that suffers from this condition. The results, if not addressed, could be as devastating as an all-out attack by hostile forces.
“This has the potential of shutting off our fuel supply systems,” Hamre continues. “It has the potential of shutting off our command and control. It has the potential of disrupting our logistics resupply.
“There isn’t an opponent in the world that doesn’t try to do that in real warfare, and frankly, that’s what we’re confronting.”
Hamre is “modestly optimistic” about the department’s goal of full Y2K compliance. As late as last fall, he was not completely convinced that the department would reach 95 percent Y2K compliance by the end of 1998. However, even slippage in this figure could be overcome by testing and supplemental fixing over the succeeding months.
“The country’s security won’t be at risk,” he predicts for 2000. The department “should be able to keep the problems down to nuisances, not crises.”
To ensure proper solutions for the military’s Y2K problems, the secretary of defense delegated authority to the military departments, the commanders in chief (CINCs) and the defense agencies. They are responsible for ensuring Y2K compliance of their systems, including working with commercial suppliers to obtain relevant expertise in solving the problem. This action takes place at the grass-roots level of repair.
According to Dr. Marvin Langston, deputy assistant secretary of defense for chief information officer policy and implementation, “The new initiative that has caused the operational forces and the functional leaders to be engaged in the problems … has achieved an enormous amount of initiative and activity.” This thrust changed Y2K from purely a technical problem to an operational problem, he explains.
This challenge is complicated by the department’s reliance on nondefense hardware and networks. Commercial off-the-shelf systems require their own fixes, which may differ from those of defense systems. And, the department relies on considerable amounts of data and products from outside organizations such as federal, state and local agencies. These situations may be multiplied at regional facilities that have their own internal infrastructures as well as interoperate with local organizations.
Langston offers that the department is “in pretty good shape in our installations largely because we don’t have a lot of modern equipment. We have enough old equipment that is really not automated to the point where this is a problem.”
The Defense Department began its Y2K effort by giving mission-critical systems top priority. These systems generally fell into three categories. The first comprises elements that are defined by the Clinger/Cohen Act as national security systems. These include intelligence; cryptologic activities related to national security; command and control for military forces, weapons or weapon systems; and systems critical to military or intelligence missions.
Mission-critical items in the second category were identified by the commanders in chief, and they focus on systems that would preclude successful missions across the full spectrum of missions. These include nuclear, readiness, transportation, sustainment, modernization, surveillance/reconnaissance, financial, security, safety, health, information warfare and information security. The third category of mission-critical systems includes elements required to perform department-level and component-level core functions.
These mission-critical systems faced earlier deadlines than their noncritical counterparts. The department has focused exclusively on renovation, validation and implementation for all systems since mid-1997. Planners targeted critical systems for renovation, which includes repair, replacement or termination, by June 1998. These items were slated to receive Y2K compliance testing for validation by September 1998, with implementation of Y2K fixes by the end of 1998. For noncritical systems, renovation was slated to be completed by September 1998, validation by the end of this month, and implementation by the end of March 1999.
“Industry and other people who are repairing Y2K problems are finding that they are never quite fixed the first time around,” Langston cautions. “We’re not naive enough to believe that we won’t have problems and that everything will just come out wonderfully. We believe that there will be retesting and rebuilding activity.”
The early months of this year will produce a clearer picture of the program’s accomplishments and the work remaining, Langston states. The real test will come when the department begins cross-testing service and agency systems in unified CINC end-to-end operational evaluations. The focus of these operations will be mission-critical systems, and the evaluations will reveal non-mission-critical systems that become critical elements in operations. The Joint Staff is developing a test environment for warfighting systems, and the under secretaries are responsible for testing support systems such as personnel management systems.
A key element of these military tests will be interfaces between systems. Cognizant of the potential for cascading Y2K-inspired system crashes, planners will evaluate these interfaces. In any event, Langston allows that flawed interfaces likely would not be weak links that crash an entire system. The suspect interface would be pulled off-line immediately, leaving the rest of the network to operate. “If we had to leave a piece of functionality out because we turned something off, the rest of the functions would still work,” he says.
Some of the department’s testing can be piggybacked on regularly scheduled exercises. One recent test at the Army’s White Sands Missile Range, Las Cruces, New Mexico, for example, involved coordinating F-15 aircraft, advanced medium range air-to-air missiles, drone aircraft and Patriot missiles. Planners simply added another day to the test schedule to evaluate Y2K effects on these systems in this joint environment. Hamre relates that this involved testing “not only the assets, but the test environment as well.”
Among the thorniest Y2K issues is that of embedded chips. Langston, describing this as “one of our more interesting problems,” explains that the department’s infrastructure tends to include elements with relatively low levels of attention or maintenance. He contrasts this with programs that tend to have an existing support infrastructure, which could quickly be mobilized to address the Y2K problem. The military has increased its automation efforts to encompass everyday items such as power and water control, for example, and many of these require Y2K compliance action.
The sheer number of chips in Defense Department systems and hardware also poses a challenge. Each embedded chip that is not Y2K compliant must be replaced. Swapping out each chip card “could become the long pole in the tent,” Langston offers.
Another key element is weapons systems. In this area, Y2K work seeks to ensure that they do not have a “safety of life” issue that could associate with operations. Langston notes that reports on weapons systems have been positive, and he is confident that they will test out.
Global positioning system satellites and their military receivers are fine, Langston assures. Some commercial receivers, however, may develop problems in areas associated with time-related functions. The department is working with all of the commercial receiver manufacturers to inform users of the need to obtain Y2K fixes.
Defense Department contingency planning for January 1, 2000, is underway at two levels: preparing work-arounds of functional problems that may emerge and fixing actual system programs. The unified commanders are engaging in a series of tabletop exercises known as chairman’s contingency assessments. These exercises are aggregating contingency ideas associated with the unified commanders and how they operate. At a higher level, exercises focus on the outside world and commercial and international elements.
Another functional set of tabletop exercises is a game that examines policies that may emerge from these exercises. In late February or early March of this year, the secretary of defense, the deputy secretary of defense and some of the CINCs will lead what Langston characterizes as “a very senior Defense Department game.” The department also is supporting a cabinet-level exercise for May or June.
When January 1, 2000, rolls around, the department will have its priorities established for contingency action. Hamre warrants that nuclear command and control is the first priority. This includes early warning and protection of the president as well as ensuring his ability to continue to operate. Ongoing military operations also will have priority. Hamre describes these as “survival of the nation priorities,” adding that they must be first in line for emergency capability.
The department already is taking pains to differentiate between sudden Y2K problems in January 2000 and an information attack timed to coincide and confuse. Langston notes that the new computer network defense joint task force at the Defense Information Systems Agency will serve a significant role in this situation. Tools developed to combat information attacks will be applied to anything that happens on January 1. While the department will endeavor to ensure that it does not spoof itself by mistakenly attributing a Y2K failure to an attack, it will treat all computer problems as potential hostile acts—until determined otherwise. “We will be treating all problems as information warfare, and then sorting out the information warfare pieces that really don’t look like an attack and are truly a Y2K problem,” Langston warrants.
Foreign Y2K Solutions Key to Joint Operations, Security
Even if the U.S. Defense Department attains its goal of 100 percent year 2000 compliance, alliance and coalition operations may fall prey to a lack of effective effort on the part of overseas allies. While some nations are hard at work solving their Y2K problems, others are lagging and putting coalition operations at risk.
In addition to joint operations, the Defense Department is concerned about early warning systems. Russia, which inherited most of the nuclear might from the old Soviet Union, is seeking assistance from the United States to ensure Y2K compliance in command and control for its nuclear deterrence.
Deputy Secretary of Defense Dr. John Hamre lauds the Y2K efforts underway in the United Kingdom, Australia and Canada. He warns of a fall-off, however, in the Y2K capabilities of other allies. “[These countries] don’t have awareness problems, [but] I don’t think they appreciate all the complexity and interconnections that we do, having worked on this for four years.
“My sense is that, in Europe, they are more preoccupied by the Euro 99 [currency implementation] than they are with Y2K. That’s far more immediate to them, and they’re focusing far, far more intellectual energy and effort on that than they are for Y2K,” he states.
Hamre hastens to add that some other countries do not have the Y2K problems inherent in U.S. forces. Many of these nations did not computerize as early as the United States, and they do not have as much old—by computing standards—information technology as does the United States. “What I don’t know is to what degree are they still using the old automation systems that we are, where the Y2K problem is deep,” he says.
Part of the concern with overseas Y2K compliance involves interoperability during joint operations. A combat information system that crashes aboard a foreign ship could hinder joint fleet operations, for example. Other interoperability issues arise in peacekeeping missions, where a noncompliant communicator could hamstring a network.
“We want to ensure that our communications links with allies, and with ‘not-so allies,’ are reliable,” Hamre emphasizes.
The Defense Department is tasked by the federal Y2K task force as the lead agency for defense and international security issues. In this role, the department is reaching out to nonallied nations to address the need for Y2K solutions.
U.S. forces based overseas also are preparing contingency plans in the event that supporting foreign infrastructure systems, such as water, telecommunications and power, fall prey to the Y2K bug. Every overseas U.S. installation is surveying its dependence on the local infrastructure and ensuring that it has the necessary emergency backup.
Foreign Y2K compliance is at least equally important in early warning systems, especially with nuclear forces. Hamre notes that the United States is actively working with Russia to ensure that it has the necessary nuclear assurance. This cooperation may take the form of shared early warning information.
Hamre states that Russia has been slow to organize dealing with Y2K. Only in the past few months have Russian officials had a dedicated focus, he allows. Teams from Russia are visiting the United States to learn about Y2K solutions, but implementation is lagging. Hamre offers that, with Russia’s economy in a tailspin and workers going unpaid for months, Y2K is not at the top of that government’s list of priorities.
The world’s largest country is hampered by another hurdle. A significant portion of its software in use was pirated from Western companies. Accordingly, its users are not eligible for Y2K software fixes being offered by the manufacturers. “One of our worries, frankly, with Russia is that so much of their code was appropriated and adapted,” Hamre allows. “The question is, how much is the Y2K problem still a problem? I don’t think we really know. They aren’t offering to let us pore through their computer code and help them.”