Government Contingency Plans Readied As Year 2000 Deadline Nears

December 1999
By Michelle L. Hankins

With less than 30 days remaining before the new year, federal agencies are predicting only minor disruptions.

The U.S. government is focusing on contingency planning to deal with potential malfunctions that could threaten operations at the onset of 2000. Agencies have been tasked with developing business continuity and contingency plans, many of which were tested this fall for year 2000 durability. Even organizations that are believed to be 100 percent compliant are establishing procedures to ensure that their core business procedures are not halted unexpectedly. This includes creating backup plans and determining key decision makers in the event of an operation shutdown.

Organizations within the federal government have spent months and even years fixing systems to make them year 2000 (Y2K) compliant. They have been tweaking technology that has a two-digit date system to prevent it from reading 00 as 1900. However, this is not enough, according to proponents of contingency plan development. The government must also be prepared to function on alternative plans should something go wrong with their internal systems or operations.

Both the General Accounting Office and the Office of Management and Budget asked agencies to produce contingency plans to deal with potential problems that can result from the Y2K turnover. The President’s Council on Year 2000 Conversion has recognized the importance of planning for the “what-if” scenarios, and the call for contingency plans has stretched beyond just the executive branch to include the legislative bodies as well. The U.S. House of Representatives’ subcommittee on government, management, information and technology has periodically graded government organizations based in part on an organization’s level of planning to back up its operations into the year 2000. This extends beyond just the federal government. Some state and local governments have turned their attention to contingency planning, and some are working with the federal government to pursue their plans.

According to government officials, there are two types of contingency plans: system and operational. The system contingency plan focuses on a system failure, while the operational contingency plan identifies alternative procedures for the continuity of basic mission-critical operations. Plans must address both the operations within their organization that could fail as well as the operations of outside entities that could disrupt their systems or operations.

Many agency officials say they have been incorporating business continuity and contingency plans into their Y2K efforts for some time. Some officials point out that it is a normal business function to establish this type of plan regardless of the new year. But given the problems that could occur, most believe it is better to establish a plan to counteract the possible outcomes.

The Social Security Administration (SSA) has been leading the Y2K effort almost from the beginning. This agency has more than 300 mission-critical systems and has received top grades on Y2K preparation from the House subcommittee. The SSA has established a business continuity and contingency intercomponent planning team to develop contingency plans for the SSA in case its business operations are threatened in the new year. The team decided that contingency plans for local SSA offices were needed to guarantee SSA component operations.

SSA offers its contingency plan on the World Wide Web as a model to other departments and agencies. “SSA’s year 2000 business continuity and contingency plan will prepare the agency to avoid a crisis that could result if its automated systems are unable to recognize year 2000 dates,” the report contends.

One section of the administration’s plan contains a matrix to clearly delineate core business processes and the necessary steps to ensure that those processes continue into 2000. The matrix specifically identifies the systems used to support the business operations and defines possible risks and threats particular to those operations. A contingency and triggers section in the matrix outlines the event that sets the plan in motion. It establishes a plan of action and names those responsible to correct any Y2K-related problems. SSA officials regard this matrix as the core of the agency’s contingency plan.

Results released in November 1998 from the House committee’s survey showed the Department of Energy (DOE) at the other end of the grading scale. It earned an “F” when first evaluated. Recently, a major campaign was established within the department to encourage Y2K compliance. DOE Chief Information Officer John Gilligan has put increased emphasis on fixing the department’s 420 systems and readiness has shot upward.

“We have chosen to do it on a site basis,” Roderic Witschey says. He is the director of the oversight division within the DOE’s special projects office focusing on the Y2K issue. He explains that the DOE required draft plans from organizations within the department and shared lessons learned and best practices with its various offices and sites. The DOE is following up with further test drills and continued sharing of lessons learned.

The department has done site checks and has a Y2K coordinator at every location, forcing those within the agency to examine their operations and systems for Y2K compliance, Witschey says. “Good business practice means you have contingency plans anyway,” he contends. “We’re going to test it and test it and test it, and when December 31 comes, we’re going to be in good shape.”

While the DOE is focusing on the capabilities of federal systems, it also must pay attention to national and regional systems that are not DOE-specific. Recognizing the importance of maintaining electrical power throughout the year 2000 transition, Secretary of Energy William B. Richardson charged the North American Electric Reliability Council (NERC), Princeton, New Jersey, with coordinating efforts nationwide to ensure that electrical power service is not disrupted during the Y2K rollover.

As part of NERC’s plan, a backup communications network has been established using mobile satellite equipment and services. This satellite network will connect 21 NERC security coordinators in the United States, Canada and Mexico. The satellites were deployed and tested this summer in preparation for a nationwide drill that took place in September.

NERC spokesperson Eugene F. Gorzelnik believes that there will be little disruption of service to customers. “We think that it will be pretty much transparent to people,” he offers. While Gorzelnik claims that no major loss of service should occur, he says that NERC has made arrangements in case an adverse situation occurs.

NERC has focused the third phase of its Y2K effort on contingency planning and reviewing operational procedures. The second half of 1999 is devoted to this contingency planning effort. “Although the most critical period is expected to be on the dates of December 31, 1999 and January 1, 2000, configuring systems in a precautionary posture and then restoring normal conditions afterward are expected to require several weeks,” the report states.

NERC has emphasized training individuals. Once Y2K contingency scenarios are developed, people need to learn how to operate under these special circumstances. This training was scheduled to take place in preparation for tests of the systems and will continue well after the tests until December.

The September drill allowed officials to examine readiness and make any late changes to systems or procedures. NERC wanted to test the effects of supporting operations in five time zones. Two evaluations to be conducted after the drill are expected to assist NERC in identifying necessary improvements to plans, procedures, tools and equipment.

Because the Federal Emergency Management Agency (FEMA) is in the business of planning for emergencies, it is assisting the emergency services sector in developing contingency plans for possible Y2K scenarios. The agency’s role is to assist state and local governments should regional disruptions cause too heavy a burden for local jurisdictions to handle.

While FEMA does not expect any major catastrophes stemming from infrastructure problems, such as major blackouts, the agency is aware of the potential consequences of the transition and has planned accordingly. “We do not anticipate Y2K causing a disaster,” Clay G. Hollister assures. He is FEMA’s associate director for information technology services, chief information officer and represents the agency on the President’s Council on Year 2000 Conversion.

In addition to ensuring that its own 47 critical systems are Y2K compliant, the agency took itstraining staff on the road this spring. It held workshops that included Y2K exercises and videoconferences for emergency services personnel. Nearly 100 to 150 professionals participated in each of the workshops designed to address the “what if” questions.

“We’re in the consequences business,” Hollister affirms. “My experience from the emergency community is that they will be ready, and they will perform.”

Jack Gribben, a spokesman for the President’s Council on Year 2000 Conversion, says, “Contingency planning is an important part of preparing for the date change.” Gribben also notes that agencies not only need to focus internally on their own systems, but also need to look at external service providers and adjust for any problems that could result from discontinued service from them. “You need to think about the what-ifs,” Gribben says.

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.