 |
CS99 Pre-Y2K ReportMilitary |
 |
|
CS99 Pre-Y2K ReportMilitary |
|
Abstract
The Department of Defense, with more than 25,000 computer systems, relies heavily on outdated legacy information technology systems. The DoD also has a high dependence on computers and related IT for its military advantage over other nations. In this paper we survey the status of the United States Military in coping with the Y2K problem and assess the potential for serious problems in mission-critical systems. We also look at how the Y2K problem will effect other nations' military, and the relation of foreign Y2K related military disruption to our nation's safety.
In a statement before the Senate Armed Services Committee, the Y2K problem was described as an "especially large, complex and insidious threat for the Department of Defense." [DL604] The Department of Defense operates on a global scale, and has an information infrastructure that relies on largely on outdated, non-Y2K compliant legacy systems. Deputy Secretary of Defense John J. Hamre went on to describe how crucial working technology was to DoD operations, and the reliance on information technology that the U.S. uses as a military advantage:
"The situation, [experts] warn, presents an incalculable opportunity for hostile foreign military services and terrorist groups to sabotage our information systems." [NPCA98]
The Military's Y2K challenge comes from the opportunity that the Y2K provides to anyone, terrorist or nation, that seeks to undermine U.S. Military superiority. With the damaging effects on a military force that relies heavily on information technology in a battlefield advantage well known to all nations of the world, a less technologically-based force would have a one-time advantage over potentially weakened U.S. forces. Combined with the religious fanaticism that the millennium causes in some societies, the Military must be extremely prepared to react and respond in an effective and timely matter on January 1st, 2000.
This paper will cover different aspects of the Year 2000 (Y2K) problem as it relates to the military, both foreign and domestic. The first section of this paper will examine and compare the different major sections of the military as to their relative levels of Y2K preparation and readiness. In the second section of this paper, the levels of preparation of the military forces of several relevant countries will be examined. This paper will also look at some of the Y2K related military preparedness cover-ups that have occurred. We will also examine the new contingency planning that the Military is using, and conclude with a forecast of our nation's possible readiness in the year 2000.
The Department of Defense was cited as having "more than 25,000 computer systems, of which 11 percent (or 2,803 systems) are, mission critical." [DL604] Deputy Secretary of Defense Hamre also stated that "The problem will also extend to all forms of commercial communication and mass transportation systems (traffic lights, trains, subways, and elevators), which will affect our men and women in uniform." [DL604]
Starting with around 1 billion lines of codes to review and repair in the Pentagon alone, [DEFBRF] the DoD's Y2K problems are potentially some of the most severe of any organization surveyed in Computer Science 99. The Pentagon began planning for Y2K related problems as far back as 1995, yet as of the spring of 1998, repairs of mission-critical systems were only 9 percent completed. [NWRJ98] The head of the Defense Department's Y2K office, Bill Curtis, admitted that "even the military's most 'mission critical' systems - perhaps 2,800 in all - won't be ready in time" [NWRJ98] Extensive testing of critical systems has also shown many weaknesses in the Military, such as the Pentagon's Global Command Control System, a vital link in the Gulf War, which failed a year 2000 readiness test last summer. [NWRJ98]
Mission Critical Systems, the systems that are vital to the operation and effectiveness of the Military, include weapons systems, Command and Control systems, satellite systems including the GPS, medical equipment, as well as commercial communication and mass transportation systems. The number of Mission Critical systems has changed over time, increasing from 2,083 to 3,135 in August of 1998, with the Army and Navy increasing their total number of Mission Critical systems by 150 each. [GAO98027]
House of Representatives Subcommittee on Government Management, Information and Technology started assessing the Y2K problem within government agencies in 1995. [SCOM1] On September 15, 1997, they issued the first "YEAR 2000 PROGRESS — Grade Card", and have been releasing updates on an approximately quarterly schedule. In these report cards they estimate the progress and assign a grade to twenty-four different government agencies. The grade reflects the overall progress as well as contingency plans, telecommunication systems, embedded systems, external data exchange and strong management involvement. [Y2KPROGF99, p. 4]
|
Department of Defense Grade Card [Y2KPROGF99, pp. 2-3] |
|||||
| Year complete | Done by 3/99 | May 98 | Aug 98 | Nov 98 | Feb 99 |
| 2000 | 82% | D | D | D- | C- |
Compared to other sections of the U.S. Government, the DoD is performing poorly in fixing and upgrading systems to full Y2K compliance. As of February 1999, grades ranged from the Social Security Administration, Nuclear Regulatory Commission, National Science Foundation, Small Business Administration, and Environmental Protection Agency's grades of "A", to the Department of State, Department of Transportation, and the Agency for International Development's failing grades. The Department of Defense is near the bottom of the rankings with a "C-" grade, with 82% estimated to be completed by March 1999. This is as opposed to eleven of the twenty-four agencies that have a 100% rating and a grade of "A" or "A-", and another seven that manage a grade of "B-" or better. [Y2KPROGF99, p. 2]
A department's basic grade is calculated from their projected completion date and percent done. Furthermore, a department will be docked grade points for failure to have adequate contingency planning, as well as failing to fully account for the effects of failures in Telecommunications, Embedded Chips, and External Data Exchange. The DoD's lack in these areas earned it the present grade of C-.
Another notable is that the DoD's grade of C- was only upgraded in February of 1999 from a grade of D-. The Department of Defense is one of only four agencies graded that have a projected completion date after January 1st 2000. According to various news sources, DoD will not have many of its mission-critical systems finished in time. Most official government sources strongly disagree, stating that Y2K will in no way hinder the United States' ability to defend itself come January 1st.
The Military and the DoD are well aware of the seriousness of the Y2K problem. In a news release in June of 1998, the Special Assistant for the Year 2000 reported on the near failing grades that the OMB had assigned to the DoD Y2K compliance level.
"Deputy Secretary [of Defense] Hamre stated last week in his testimony to the Senate Armed Services Committee that the Department of Defense is at least four months behind schedule. We agree with the recent OMB evaluation that DoD is in the "Tier One" or red zone. We appreciate your recent upgrade of DoD from an "F" to a "D."" [DEFLINK1]
Year 2000 compliance is one of the first major projects that the DoD has undertaken with an immovable deadline. There is no room for the project to fall behind schedule. If the DoD does not meet the deadline, there will be no project extensions, and the United States will be immediately and severely compromised in its ability to defend itself and wage war abroad. Therefore, the DoD is placing severe restrictions on all non-Y2K specified projects, and has developed a proposal to place a moratorium on all development on systems that are not Y2K compliant. [DEFLINK1]
In addition to focusing all new funding on the Y2K repair efforts, the DoD has fielded a crack programming/hardware team of experts to help with problem areas that may spring up as the repair and upgrade efforts progress. Working as a DoD funded third party assessment team, they will both work with the different departments within the DoD, s well as perform independent verification of the compliance of mission-critical repairs that are made to key systems. The 250-person task force will concentrate on functional testing, mission testing, and emergency response systems. [DEFLINK1]
Even with stringent restrictions, the DoD will not be Y2K compliant in time. The Special Assistant to the Year 2000 reported in a speech praising the organization of the DoD Y2K project that "Despite these efforts, however, we know that all DoD systems will not be Year 2000 compliant by the immovable deadline of January 1, 2000." [DEFLINK1] The Secretary of Defense William J. Perry, in a memo released to the public, charged that "The Department of Defense (DoD) is making insufficient progress in its efforts to solve its Y2K computer problem." [SECDEFMEMO] Deadlines were set, and the government demanded in the memo that a detailed report on the Y2K compliance of nuclear command and control systems would be provided by September 15, 1998. The Secretary of Defense went on to state that funding could be cut for any project that did not have complete specifications and plans for coping with the Y2K problem.
"Funds are not obligated … to any National Security System (NSS) that [has incomplete Y2K specifications]... If we are still lagging behind, all further modification to software, except those needed for Y2K remediation, will be prohibited after January 1, 1999." [SECDEFMEMO]
The United States Military is a well-established hierarchy of command, under control of the Secretary of Defense. However, if we look at the chain of command at the macro level, the hierarchical tree is strikingly flat. Consequently, and also due to a varied command structure within each section of the DoD, tackling Y2K problems was largely up to the individual departments. The Y2K issue has only recently become a top-down issue within the Military, with the Secretary of Defense issuing notices to departments that were seen as lagging in their efforts.
In the previously mentioned memo, dated August 7 1998, Secretary of Defense William J. Perry expressed a need to "develop a joint Y2K operational evaluation program" as well as have the Senior Readiness Oversight Council report on the readiness implications of Y2K. Setting priority to evaluating the nuclear command and control system, he nevertheless required a full evaluation of all systems in DoD be evaluated by the October 1st 1998. Secretary Perry also assigned Defense Information Systems Agency to oversee the evaluations and report any "domain users" who fail to complete the tests. [SECDEFMEMO]
This memo was clearly published to show the public DoD is increasing their efforts to become Y2K compliant in time. However, coming at such a late date and focusing solely on evaluation before October 1st 1998, this initiative will not ensure success unless the individual sections of the Military had already made significant leaps to fixing the problem. Therefore, it is necessary to assess the progress of the individual sections, as we will do in the following sections, focusing on the Navy, Army and Air Force.
Although DOD will miss the Office of Management and Budget's March 31 deadline for having mission-critical systems operational, Hamre said 94 percent of DoD's systems should be fixed by the March deadline. [FEDCW] However, in comparing this statement to the DoD report card which says 82% will be done by March, to achieve the 94% a total of 12% of all systems would have to be fixed in March alone.
According to officials within the Department of Defense, our nation's military is coping extremely well with the Y2K threat to our nation's security. While some departments may have received low grades from internal audit agencies, officials maintain that our country will still be fully prepared to defend itself come January 1, 2000. Despite panicked news releases to the opposite, government officials repeatedly downplay the threat of Y2K on our nation's defense capabilities. Officials state that our Military will meet the deadline, and will be in full working order by January of 2000, and will be fully prepared to defend our country from both external and internal threats.
Funding for Y2K has not been an issue with the Military. Faced with a potential cessation of all non Y2K related expenditures on new research, different departments within the DoD have both requested additional funding to cope with the problem, as well as reallocated funds internally. Overall, there have been very few reports of departments within the Military being denied funding. The problem is not money, the problem is the amount of fixes that need to be made.
Deputy Defense Secretary John Hamre expects Year 2000 computer problems to be "nuisances, not crises," he said on October 14, 1998, at a Pentagon press meeting. "In July, we said to the chairman and the chiefs, 'This is a warfighter issue.' That galvanized the leadership.... The department is slated to receive $1.1 billion from Congress as part of a supplemental aimed at correcting Year 2000 problems. DoD officials said the total cost for the problem will be around $1.9 billion, not including testing costs." [DEFLINK2] Increased to a $2 Billion cost total, the Air Force is projected to spend $625 million, the Navy and Marine Corps $444 million, and the Army $316 million, as of the time of this paper.
The Army has been especially successful in dealing with Y2K bug fixes, and is well ahead of the rest of the Military in Y2K compliance. Having started on Y2K compliance as far back as 1996 when the DoD first released the Y2K tasks to the different sections of the Military, the Army is the least behind schedule. More complete Y2K testing specifications, as well as more complete and through contingency planning helped the Army cope with the problem faster than its other Military counterparts.
"As far back as 1996 when MTMC received the Y2K tasking from DoD, the command has been at work to solve this phenomenon." [ALNEWS2]
The Army maintains a website dedicated to sharing information about Army's battle with the Y2K problem. The website contains numerous descriptions of real-life Y2K problems along with an assessment for each problem and information on whether the problem has been solved. The Army also claims to be committed to preparing contingency plans for all systems before the DoD deadline of June 1st 1999. Overall, the extent of the offered information indicates Army is well aware of the problem and is making timely repairs. It also indicates high preparedness in case of unexpected systems failures. [ARMYY2K]
"We have completed the inventory and assessment phases of the project," John Finafrock, project manager for the Year 2000 Task Force, said. "We are nearing completion of the fix phase and we expect that nearly everything we're responsible for will be fixed by Sept. 30; and that the associated testing and certification, that anything that required fixing has been fixed and tested, will be complete by Dec. 31." [ALNEWS1]
The Army has acknowledged a total of 209,042 systems as in danger related to Y2K problem. A vast majority of these are terminals, which are in no way used for tactical purposes. The Army classifies only 376 of these as mission critical, and as of June 1998, 160 (43%) of them had been fixed, 120 were still to be repaired, 78 to be replaced and 18 to be shut down. Y2K issues were given a top priority on March 31st 1997, and although some experts judge this as a rather late date, it reinforces the position of the Army as a forerunner in the Y2K "battle" among all of Military.
However, the Army's Non-Mission Critical systems are falling behind in their Y2K remediation efforts. 19,731 systems are lagging, with 12,120 still in need of repair. 67 systems are in the assessment phase, with half undergoing renovation. The army badly underestimated the total cost it would take to fix the Y2K problem. They used the Gartner Group formula, estimating the total repair costs based on lines of code needing repair. However, this estimate of $429 million was nearly 50% lower than it should have been, with current estimates as to the total price at around $196.7 million. (REFRENCE)
The Navy is in special risk of not being able to function properly on January 1st, 2000, according to a General Accounting Office (GAO) report. Weapons systems, surveillance electronics, and personnel records could all malfunction, according to the report. As well as being behind schedule with repairs and upgrades, the Navy has failed to develop contingency plans as recommended by the DoD to deal with the Y2K related failures when they potentially occur. [PONLMIL1] As well as the Navy's repair efforts lagging behind other departments of the Military, the central Navy inventory database, tracking which parts need to be replaced or upgraded to be Y2K compliant is also lacking in detail, further obscuring how severe the problem actually is.
"The Navy reported to the GAO that as of February [1998], it had 781 mission-critical computer systems, 135 [(17%)] of which had been "corrected'' for operating in the new millennium. Of its 1,422 non-mission-critical systems, 198 [(14%)] had been corrected, the service told the GAO." [PONLMIL1]
The Navy force consists of 325 vessels, which house approximately 350,000 soldiers. Most of the ships and submarines are grouped into fleets, which are assigned to monitor and defend different seas around the world. Due to large distances between them, separate fleets have a certain degree of independence in repairing Y2K.
U.S. Seventh Fleet is America's largest deployed naval fleet, and is responsible for 52 million square miles of Pacific and Indian oceans. It consists of 60 ships and 350 aircraft and employs 60,000 troops. Admiral Walter Doran of the Seventh Fleet said on March 8, 1999, that his fleet will have its systems ready come January 1st 2000. The steps taken in that direction include plans to have each individual ship checked before September 30 and to use the remaining three months to do inter-operability checks between ships. [YHDNNVY1]
"I will tell you honestly, the United States Seventh Fleet will do Y2K, we will be Y2K compliant. Just so I can certify to our leadership that on the 1st of January, I could fight the Seventh Fleet if I had to.'' [YHDNNVY1]
There is, however, some reason for concern. Primarily, September 30th deadline gives a rather tight schedule for any unexpected repairs. However, the more worrying fact is that Seventh Fleet ships also interact to a certain extent with systems in Taiwan, Japan and South Korea. Doran declined to answer how Asian defense forces were handling the Y2K problem. [YHDNNVY1] There is a reason to suspect preparations of these countries may not be on par with Seventh Fleet preparations, which could result in problems.
"The inter-operability question is on all of our minds,'' Doran said. "So it really isn't that helpful for the U.S. Navy if we get to a point where we are very good, but all we can do is talk to ourselves.'' [YHDNNVY1]
In February 1999, tests were performed aboard of USS Kinkaid with its internal clocks set to January 1st, 2000. In one of the tests, USS Kinkaid performed a simulation of a battle and was able to launch its entire arsenal "including Harpoon and surface-to-air missiles." Overall, tests went without notable problems and there was a reason for optimism, according to Navy officials. Also functioning during the test were other standard weapons for a Navy Destroyer, including Tomahawk missiles, Mk-46 torpedoes, lightweight guns, and sea Sparrow point defense AAW missiles.
"We are finding very, very minor problems that have no effect on our ability to perform our function so I am extremely confident," Navy Captain Tim Traverso said in regard to the tests. [CNNNAVY1]
The significance of this individual test remains to be seen. The optimism after a single Destroyer was tested in an isolated, simulated environment, could be perceived to be premature. One explanation could be that the Navy did not anticipate such smooth operation. If so, perhaps Navy's problems may be even greater than initially thought. Another worry is the isolated environment in which the destroyer was tested. The GPS signal to the Destroyer was not modified to simulate the GPS rollover, along with other co-dependent systems that can not be easily tested until the problem actually occurs.
On September 7, 1998, Lt. Gen. William Donahue said that the Air Force would ensure systems are not disrupted on January 1, 2000. "Your Air Force is going to fly, and we're going to be mission-ready," Donahue said, "It's going to be a non-event." [GCNAF1] He however acknowledged that the Air Force was not doing "as good as [they] ought to be doing," and acknowledged that 54 mission-critical systems are still to be renovated, which needs to be done before proper tests can be conducted. Donahue expected that 31 mission-critical systems would not be evaluated by the administration's January 1999 deadline. [GCNAF1]
In addition, in August of 1998 the Air Force reported to the office of Management and Budget that repairs had not been completed on any of the 455 mission-critical systems. Donahue said that the main reason is the lack of focus, since the Air Force had also been working on 1000 non-mission-critical systems. He asserted this was a waste of time and funds and that funding for repairing such systems would soon dry up. [GCNAF1] "Some of them are really a bunch of trash," Donahue said of the non-mission critical systems. [GCNAF1]
To see what kind of problem the Air Force is facing, we examined the complexity of their software base. They have around 40 million lines of code that make up 60,000 programs written in 77 programming languages. The majority of the code is written in COBOL, C and Assembler, and runs on 35 different platforms and 16 operating systems. [DEFLOGY2K] In addition, embedded systems, which are used in all aircraft, present an additional challenge. Arthur L. Money, DoD Chief Information Officer, in his "Year 2000 Management Plan" gives the following example:
"The F-16 … has more than 35,000 embedded chips that support a multitude of onboard systems. A date-related failure of any of these chips might result in a degradation or loss of F-16 capability." [Y2KMGTPL, p. 1]
Optimists point out the successful Y2K-compliance tests performed in the Edwards Air Force Base on November 2 1998, which primarily tested the compliance of the B-1B Lancer. [B1BY2K] B-1B Lancer is a long-range strategic bomber, capable of flying intercontinental missions without refueling. A B-1B Lancer can be used to carry conventional as well as nuclear bombs, and a single unit costs over $200 million. [B1BINFO] Because the aircraft was introduced back in 1985, these tests might indicate that the situation with other U.S. aircraft might not be as bad as it seems.
On the other hand, Defense Department Inspector General's office issued a report in December 1998 that expressed concerns that Airborne Warning and Control System (AWACS) may suffer from serious Year 2000 date-change. AWACS is an aircraft that provides all-weather surveillance and command and control support to U.S. and NATO forces around the world. [IDGAF1] A failure in an AWACS system may cause a chain reaction that would cripple logistics of not only Air Force but also other corps of Military. The failure to notice the problem before was caused by "…the lack of proper management of the Year 2000 problem at two major air logistics centers." [IDGAF1]
One should note that the Air Force is the most technology-dependant corps of the Military. However, although they have the Y2K funding of $625 million – more than the Army and the Navy – they face a much greater problem. As they struggle to catch up in their Y2K efforts, they will see most of the funds disappear: $438 million was spent in 1998 alone [GCNAF1], leaving less than $200 million to be spent in 1999, when most of the repairs are to be completed.
GPS troop movement, submarine navigation, and missile accuracy may all be compromised if a Y2K like problem is not corrected for in their internal Global positioning System's electronic Clock. Consisting of 24 NAVSTAR (Navigation Satellite: Timing and Ranging) satellites orbiting the earth, [FSLGPS] the GPS system is responsible for "industrial, scientific, military, radio and TV, communications, legal and financial applications." [GPSSYNC]
On August 22, 1999, all 24 of the United States Global Positioning Satellites recycle back to January 6, 1980. [POPSCIGPS] GPS receivers that have not been upgraded or corrected to compensate for the rollover can report an incorrect time, which is used internally in the GPS system to calculate a more accurate position. The rollover happens once every 1024 weeks to save internal memory in the satellites, and the satellites will continue to broadcast correct data. However, any military receivers that haven't been upgraded to come with the date rollover will reset to January 6, 1980. This may result in incorrect calculations of positions.
The Military has known about this Y2K like problem for some time, as well as the exact items affected and the necessary fixes for each of the items. The GPS problem is, in effect, a "perfect" Y2K problem, with full problem-scope knowledge of most effected systems. Even so, the Military has fallen far behind in the projected repair schedule, according to a recent DoD report. Due to lack of cooperation of the involved agencies, including DoD organizations, civilian Federal agencies, Defense contractors, and allied nations, distribution of Y2K compliance information has been disrupted, and there exists a greatly increase risk of "mission disruption. " [DOD99063]
"The Defense Special Weapons Agency (DSWA) claimed that three of five so-called "mission critical" computer systems, essential to conducting its most primary duties, were fully prepared to face the computer crisis despite never conducting necessary testing, according to a recent Defense Department Inspector General's Report." [USAT907]
The U.S. agency managing the nation's nuclear weapons stockpile is testing its most critical computers after Pentagon inspectors discovered nobody had verified whether key systems could withstand year 2000 problems. [OK901]
The government has been less than forthcoming in accurately reporting the status of the Y2K compliance process, and with good reason. With the overall effort falling behind schedule, the United States will not be fully secure after the Y2K date rollover. Any non-compliant systems are a very real danger to the DoD and mission-critical systems. As a result, the NSA has decided that all matters relating directly to the DoD's efforts to fix the problem are "highly sensitive" and of a "national security interest." The central Y2K database, the compilation of all the specific information on government Y2K progress at Y2K.xsp.org, is considered a high security risk.
"As a result, the Pentagon has cut off the military services and DOD project offices from the Defense Integrated Support Tool (DIST) database, which the Defense Information Systems Agency maintains to provide details on all DOD computer systems and interfaces for use in planning and deployment." [FCWNSA]
The classification of the central DoD Y2K database has hampered the repair effort. One former high-ranking DOD official was anonymously cited in Federal Computer Weekly as saying the classification of the database was typical Government "gross mismanagement" of Year 200 Issues. [FCWNSA] It is our opinion that the NSA would not be nearly as worried about the security risk that the Y2K Database posed if the majority of the Military's systems were going to be working on January 1st, 2000. The fact that the NSA was enough concerned enough about system failure to throw a blanket over the whole procedure, further slowing the process, seems to indicate that they know the Military has the potential for serious Y2K related problems.
Another issue is the lack of post-simulation data. Over and over, the media reports "Full Y2K Simulation Today" or "Army Set to Test GPS System," but rarely if ever follows up with good news about the success of the simulation. This could be attributed to the Military not releasing testing results, or the media's preference to report bad news about the Y2K issue. Either way, the lack of confirming, positive test follow-up stories is reason for concern.
More than any other affected section of possible Y2K related failures, the Military involves other nations. The problem becomes a global one, both for countries who's military defense capabilities may be crippled by the Y2K bug, as well as for the nations or terrorists that may take advantage of any sudden weakness to mount an offensive.
With Y2K being such a hot topic in the United States for several years now, one could assume that it is a similar concern elsewhere in the world. Moreover, one would also assume that the severity of the problem is perceived in a similar fashion. However, our research has conclusively shown both assumptions are wrong. According to a DoD Y2K workshop, China, Russia, Japan, Germany, and Indonesia are all "Laggards" in the race to fix Y2K related problems. The "Leaders" include the US, Canada, UK, Australia, and Israel. [DODPLAN] This paper will examine the Military of Russia, China, and Canada, and how they are dealing with their respective Y2K problems.
Many third world countries experience hardships on a regular basis that the United States is less accustomed to, including poverty, poor infrastructure, poor utilities, civil unrest, as well as droughts and floods. Serious, even life-threatening problems, are encountered on a more regular basis than within the United States. Because of the severity and frequency of such problems within a large number of third world nations, the possibility of the loss of normal services, such as power and water, that some agencies are predicting within the United States is a fact of life in many countries, and is viewed with much less alarm.
If there is no threat during the downtime that it takes to repair affected systems, Y2K becomes a non-crucial issue for the Military. Therefore, it becomes reasonable to examine allied countries that are similar to the United States in Military preparedness for Y2K, as well as countries that could reasonably pose a threat due to the Y2K bug.
Paul C. Warnke (president of BASIC's U.S. Council): "The only prudent course may be to de-alert or even de-activate those nuclear missile systems where date-related malfunctioning in associated command, control and communications systems poses even a remote possibility of accidental launch,"
One possible doomsday scenario is an accidental nuclear missile launch due to the Y2K bug. Notable newer nuclear powers, including India and Pakistan, have a recently developed nuclear arsenal. However, because Y2K problem is most commonly related to older installments of computer software, we choose to focus on post-communist countries, which have had nuclear warheads for a many years, as well as in many cases a troubled economy. Most examples of post-communist countries do not posses nuclear or long-range earth-to-earth weapons systems, but most do have nuclear power plants, which could prove as threatening in global terms, as well as the slight possibility of triggering a nuclear-missile detection system. Four of the old Soviet republics: Russia, Ukraine, Belarus, and Kazakhstan [UK66] had been left with nuclear weapons after the breakup of the Soviet Union. Of these countries, Russia is the only one that has not given up their arsenal. Also noted should be North Korea, which has been developing long range missiles [KAFS] as well as nuclear warheads for quite some time now.
A decade ago Gorbachev succeed in implementing his revolutionary changes in the Soviet political system (Perestroika), putting an end to the cold war. The last ten to fifteen years in Russia have been years of economical difficulties, high unemployment, and increasing crime rates, including the emergence of Russian Mafia. Consequently, Russian public opinion has been divided to those who think of current difficulties as a step in the right direction, and those who long for the old glory and respect Soviet Union drew from the world. Russia never gave up their military power because their arsenal has a strategic importance in negotiations with western countries, such as getting a special status in meetings of the ‘Big Seven.' Since the reforms assign a much smaller portion of Russian GPA to the military, cutbacks in research as well as in the number of personnel have been forced. The Russian military continues to rely heavily on old legacy military systems, presenting a very serious problem.
Until recently, Russian military officials have categorically denied there is a real threat behind the Y2K bug. In a news conference on August 12 1998, Marshal Igor Sergeyev said "(Y2K) problem affects more those spheres where mass-market computer technology is used. In Russia's Strategic Missile Forces, there is no risk because special computer technology is used." [RUS98]. More recently, an official in Russia's Atomic Energy Ministry was quoted as saying, "We don't have any problems yet. We'll deal with the problem in the year 2000.''[RUSOW] Even after Russia acknowledged the Y2K problem and the potentially serious effects it could have on Russia, including Russia's military forces, the lack of funding poses a serious problem. "Not a single government ruble will be spent on Y2K," said Krupnov (Chief of the State Communication Committee of the Russian Federation). [RUSOW]
Even in the most recent discussions between U. S. and Russian military officials about the Y2K problem, Russians have downplayed the importance of the talks [RUS99]. However, they have acknowledged the problem as a significant one [RUSSIG].
There are multiple conceivable reasons why Russia is reluctant to release much detail about the Y2K problem. Primarily, it is of strategic importance not to reveal any weaknesses in own defense system in case they are unable to fix the problem. People of Russian nationality predominantly populate Russia, with non-Russians making up only 18 percent of the population. Comparing Russia's 27 million people to the only 800,000 people in Chechnya, along with the fact that Russia was barely able to contain the independence movement, we can see how dangerous a potential breakout of nationalistic movements would be, fueled by a perceived weakness of the army.
Another problem is that of priority. Since Russia occupies the north of Europe and Asia, and January 1st comes in times of coldest winter, the Russian public is extremely concerned about problems such as food and heating. If heating installations were to fail in Russian cities, their population would face temperatures of 20-50 Centigrade below zero inside their houses, which would be fatal for many people. Russian winters are much harsher than in most of the United States: Parallels could be drawn against Canada, which is currently preparing for a national emergency.
Along with the problem of national security within the borders of Russia, we should also note the international aspect of Russia's situation. During the cold war, both Soviet Union and United States spent billions on their respective intelligence agencies in attempts to learn more about capabilities and weaknesses of their opponents. Even though the cold war is over, the U. S. and Russia are not yet allies, and do not yet share all their information. The Pentagon has been found to falsely advertise their mission-critical systems as Y2K-ready, why should then Russia be assumed to be truthful in disclosures of the information about their mission-critical systems? [USAT907] In many cases, when considering the less stable nature of Russia's government, Russia may have a much greater incentive than the U.S. to exaggerate Y2K readiness.
With computers running many of the mission-critical systems in Russia, it would be highly improbable that the software written twenty or more years ago is Y2K ready. When looking to identify the most critical of the anticipated problems, U. S. officials are particularly concerned about the early-warning systems [RUSEWS]. While a Y2K related glitch or failure is very unlikely to cause a nuclear missile to spontaneously launch by itself, however, the "possibility of a false launch-detection by a Russian monitoring station is quite real" [RUSEWS]. This could increase the threat of retaliation to a non-existent attack, which could conceivably, in a worst-case scenario, begin a war. In September of 1998, United States President Clinton and Russian President Yeltsin signed an agreement to share early warning data in order to prevent such an event from occurring. There are concerns that the project may not be completed before January 1, 1998.
The greatest challenge within Russia, aside from the short amount of time and fixed deadline, is the cost that any comprehensive Y2K repair project would require. Compared to western countries, Russia is in extremely short supply of funds needed to repair the bug. February 1999 estimates of the cost to fix the most critical systems placed the total repair cost at 3 billion dollars [RUSFIX]. With the price tag for the repairs far exceeding what Russia's troubled economy can generate in the short amount of time left, Russia is asking other nations, including the U.S., for outside financial assistance.
Russia is facing a programming problem different from many other countries. Many of Y2K glitches are related to software written in COBOL, an older database programming language. Since more modern languages have replaced COBOL over the last twenty years, there is a shortage of COBOL experts needed to repair the Y2K bug in western countries. In Russia there are many experts trained in COBOL, however, competition for those programming experts is fierce. Many western companies are hiring them away from Russia for what is considered sub-par wages in the west, but what is many times the average wage in Russia. Without additional funding, the Russian government is unable to compete for the COBOL programmers' services, and is loosing the COBOL programmers to the west.
Needless to say, Russia is in a short supply of funds, especially compared to many western countries. Recent estimates of the cost to fix the most critical systems were at 3 billion dollars [RUS3B] As the time passes by and January 1 2000 comes closer, the cost is steeply increasing. This is the money that cannot be generated by their troubled economy. Instead, Russia is asking for outside financial and technical assistance, especially from United States. In an ironic sense, Y2K problem, beside being a real threat for the breakout of World War III, has a potential of bringing these two countries closer together than ever before.
China remains a large question mark as to how the Y2K bug will affect their Military. Very little is known about the computer systems used within the military, as well as possible preparation for their Y2K problems.
Much of China's military strength and spending is kept a secret, with the actual budget, being estimated at four times the published budget, a secret. [MSNBCC] With the world's third largest nuclear weapons arsenal, with an estimated 100 to 1000 nuclear missiles, 17-20 of which are targeted at the United States, the lack of open relations with china are hampering the increased communication over possible nuclear-related Y2K glitches that is happening in Russia. [MSNBCC]
Specifics on the rest of China's military are also largely unknown. The vast majority of China's 970 ship Navy is for the large part obsolete. China is known to field one Xia-class submarine, with a weapons load of 12 intermediate ranged ballistic missiles, as well as 18 obsolete destroyers. [MSNBCC] China is attempting to update its navy, with new destroyers and helicopter-capable frigates, as well as Kilo-class submarines and radar systems being purchased from Russia. [MSNBCC] The airforce is similarly upgrading, with new fighter development, as well as permission from Russia to produce the Su-27s fighter plane. [MSNBCC]
China also has fewer restrictions on the piracy of software, with an estimated 95%+ of the consumer software in China being pirated. If a similar ratio of pirated software exists in the military, with the commonplace appropriation of software for government use, it could hamper any fixing of the software, as well as rule out asking the manufacturer of the software for pre-made Y2K patches.
China remains a large unknown as to their Y2K problems, and the United States may never know how it will impact their military forces. As of February 1999, no major plans have been announced to share nuclear missile early launch data with China to avoid a malfunction or possible false alarm. There have been very few reports or admissions from China about their Y2K readiness, with little likelihood of the situation changing in the near future.
Canada is less concerned with the foreign threat, and has chosen instead to focus on preparing the Military to aid the domestic situation during the Y2K rollover. The preparations focus on maintaining communications systems during the glitch, and providing support to the citizens during Canada's harsh winter. With the United States as a neighboring ally, Canada can afford to focus on domestic issues during the rollover, and is preparing its military as a support role.
About 500 troops will begin a training exercise in February 1999, making sure all mission-critical Canadian communications systems function properly when Y2K arrives. Training exercises for Operation Abacus will continue throughout the year, employing five other command posts across the country in Yellowknife, Edmonton, Toronto, Quebec City and Halifax. A force of 14,500 service personnel has already been earmarked for mobilization on Jan. 1, 2000, and beyond as part of Operation Abacus, with another 4,000 reservists expected to participate in the operation. The rest of the 60,000 people in the Forces -- from search and rescue personnel to civilian staff -- will be available for duty if needed during the rollover of January 1st, 1999.
Our paper focused on Russia and the United States because Russian and US military have been using mainframe computers for the longest time. Russia and United States have over 10,000 warheads each (as well as long range missiles to carry them) while any other country has less then 500. China is often overlooked in talks about Y2K problem, because China did not have resources to all-out invest in mainframe computers in sixties and seventies, having only a few developed in the eighties [CHMF]. Because the problem China is facing is relatively small compared to the size of the country, the lack of response to the Y2K problem is understandable. Similar situation is with India and Pakistan, which have developed nuclear arsenal only recently, so they are assumed not to have too many problems.
The United Kingdom has already conceded a defeat in the Y2K "battle". David Longhurst, Y2K program manager of U.K. Ministry of Defense, said that only 80% of glitches will be fixed prior to January 1st 2000 [Y2KUK] The Daily Telegraph writes that "Many defense missile systems have computer chips embedded in them which record the time they were last serviced or used. Military officials say that when 2000 arrives, systems that have not been updated will register January 1, 1900 and instantly shut down." [DT98].
Any country with sizeable army force has to deal with their own Y2K problems. Some countries, like Albania, do not use equipment much more sophisticated than a machine gun and are spared the expense of fixing the problem. However, for many countries this is not the case. If a traffic light, with its fairly simple interface, can fail due to Y2K, the computer systems that control early alert, launch, navigation and other military interfaces can certainly fail worldwide. The large number of companies, difference in their military equipment, and political and economical diversity only adds to the complexity of the Y2K problem. Because of that, United States cannot rely on others to fix their systems, but instead prepare for the worst and be ready to defend itself on January 1st, 1999.
One should never assume we know all the bugs in any piece of software. The best anyone can do is run extensive tests, which will give a good probability the bugs are not there. However, when it comes to dealing with the millennium bug, bugs of this kind in some cases only emerge when a system is placed in a complex environment, communicating with other systems, and the incompatibilities come from inability of systems to communicate with each other. One could call these "high level bugs."
U. S. Army cannot presume all the systems have been fixed, even if all the scheduled fixes have been completed before January 1. Also, as we have seen above, the situation in the rest of the world is dismal at best. Something is bound to go wrong if not in United States, then in some other country that is unable or unwilling to assign sufficient resources to fixing the Y2K bug.
Several different types of failures are to be anticipated with Y2K-sensitive systems. One kind that is often overlooked is the early failures in systems that deal with future dates. We can also have failures after January 1 2000. Other kinds of anticipated failures are "certified-system" failures and interface failures (time corrupted data but works fine) [IMABBSCON]. As the list indicates, Y2K problem is not expected to strictly affect the period between December 31 1999 and January 2 2000; failures are to be expected long before and even after that period in U. S. and elsewhere.
On subject of the threat of accidental trigger from outside United States, Deputy Secretary of Defense John J. Hamre says, "The Department of Defense will be able to protect the people of the United States [on January 1 2000]. There is not a question about that, we will be 100 percent ready by the end of the year." [WIR360]. However, defending Americans who live in United States is only a small part of the problem. 20,000 Americans are currently deployed in the peacekeeping efforts in Bosnia, with another 10,000 troops currently located in Kuwait [NEWS363]. This is in addition to American troops scattered in bases and ships all around the world, as well as another few thousand troops participating in official UN peacekeeping efforts. All of these troops depend on computer-controlled equipment for communication and positioning, and are also more exposed to foreign attack when in hostile foreign nations. Overall, this is a significant number of people who are at a much greater risk if something were to go wrong due to the Y2K bug, and Pentagon should be concerned as to their safety.
The United States military is in a special situation when it comes to solving the Y2K problem. Having the most powerful military force in the world, it would not be easy for any other country to make a frontal attack, even in a hypothetical situation where unsolved Y2K bugs cripple the Military IT infrastructure. The U.S. Military also has the most resources to invest in fixing the millennium bug. However, being a frontrunner in the arms race after the World War II, the United States relies heavily on outdated computer equipment and software. On one hand, the international threat remains, even though unlikely. The chance, no matter how remote, of an accidental nuclear missile launch is serious enough to warrant the international cooperation efforts and information-sharing that are beginning to emerge. Just as important is the necessity of protecting thousands of American troops scattered all around the world in some unwelcome places such as Bosnia and Kuwait. Because of that, the potential failures of Military control due to Y2K problems pose an extremely serious threat to the United State's security if not resolved before January 1st, 2000.
We would like to thank Zachary Holt and Amir Katz for swapping URLs with us. We would like to thank the NSA for classifying the entire Y2K database, making the task of finding solid data for this paper a lot more "interesting." We would also like to thank Gary North for being such a fanatic about Y2K, as well as his incredible Y2K database
| [DL604] | Deputy Secretary of Defense John J. Hamre Dr. Hamre's Statement on Info Sys Before the Senate Armed Services Committee, DefenseLINK News, Thursday, June 4, 1998 |
| [NPCA98] | Y2K Terrorism?, National Security/Defense, Friday, Aug 7, 1998 |
| [DEFBRF] | Michael S. Hyatt MEDIA BRIEFING--Defense Department, Michael S. Hyatt's Y2K Prep, Visited March 7, 1999 |
| [NWRJ98] | Douglas Stanglin and Shaheena Ahmad "Year 2000 Time Bomb", U.S. News & World Report, 8 June 1998 |
| [GRADES] | Subcomittie on Government Management, Information, and Technology GMIT-Year2000 Grade Card, Prepared for Subcommittee Chairman Steven Horn, Feb 1999 |
| [DEFLINK1] | Mr. William A. Curtis, Special Assistant for Year 2000, Office of the Assistant Secretary of Defense DoD Y2K Endeavor Well Organized and Progressing, Subcommittee on Government Management, Information and Technology: Volume 13, Number 39, June 10, 1998 |
| [SECDEFMEMO] | The Secretary of Defense Y2k Sec Def Memo, Internal Memo, Fri, Feb 5, 1999 |
| [GAO98027] | Gregory Slabodkin Number of mission-critical systems increases; DOD says it¼s behind schedule, GCN, Sept 7, 1998 |
| [FEDCW] | Bob Brewin (antenna@fcw.com) DOD predicts success in preparations for Y2K, Federal Computer Week, January 25, 1999 |
| [Y2KPROGF99] | Report Card: Year 200 Progress (PDF), Subcomittie on Government Management, Information, and Technology, Feb. 23, 1999 |
| [DEFLINK2] | Jim Garamone Y2K Problem Will Be Nuisance, Not Crisis, American Forces Press Service, October 14,1998 |
| [Y2KMGTPL] | Year 2000Management Plan, Office of the Assistant Secretary of Defense (Command, Control, Communications, and Intelligence), Sept. 1998 |
| [ALNEWS1] | Skip Vaughn Aviation and Missile Command on schedule for averting year 2000 snafu, Army News Service, July 31, 1998 |
| [ARMYY2K] | Army Y2K Homepage, Nov 23, 1998 |
| [ALNEWS2] | Mark Stevens Computers and software face terminal death in the new millenium, Army News Service, Feb. 23, 1998 |
| [NUKFAQ] | Computers and software face terminal death in the new millenium, The Nuclear Age Peace Foundation, May 25, 1998 |
| [PONLMIL1] | Dave Mayfield Navy is dangerously slow to deal with Year 2000 computer bug, GAO report says, The Virginian-Pilot , July 7, 1998 |
| [CNNNAVY1] | Jim Hill Navy says it's winning battle with Y2K bug, CNN, February 18, 1999 |
| [YHDNNVY1] | Michael Perry U.S. Seventh Fleet Aims For Y2K Fighting Readiness, Reuters, Monday March 8 1999 |
| [GCNAF1] | Gregory Slabodkin The Air Force vows to be 2000-ready, on time, Government Comptuer News, September 7, 1998 |
| [DEFLOGY2K] | Sarah J. Reed Defense Logistics Agency's Year 2000 Program: Managing Organization-Wide Conversion and Compliance, Defense Logistics Agency System Design Center, January 1998 |
| [B1BY2K] | Lt Col. Arnold W. Bunch Jr B-1B demonstrates Y2K compliance, Air Force News: B-1B System Program Office, 2 Nov 1998 |
| [B1BINFO] | Air Combat Command B-1B Lancer Fact Sheet, Air Force News, February 1998 |
| [IDGAF1] | Daniel Verton (dan_verton@fcw.com) Air Force criticized on Y2K oversight, Federal Computer Week, Dec 23, 1998 |
| [FSLGPS] | Global Positioning System (GPS), Forestry Sciences Laboratory, Visited Feb 1999 |
| [GPSSYNC] | GPS Commercial Fact Sheet, Chrono-Log Corp., 1998 |
| [POPSCIGPS] | William G. Phillips Global Positioning System's Y2K-like Bug, Popular Science, Visited March, 1999 |
| [DOD99063] | Department of Defense Global Positioning System Receiver Compliance with Year 2000 Requirements, Report No. 99-063 (PDF), December 29, 1998 |
| [USAT907] | M.J. Zuckerman Pentagon exaggerated Y2K readiness, USA Today, January 1999 |
| [OK901] | Nuke Computers Found Untested for Y2K, AP - Washington, Nov 28, 1998 |
| [FCWNSA] | Bob Brewin, Heather Harreld, Daniel Verton NSA concerns could hamper DOD Y2K fix, Federal Computer Week, MAY 18, 1998 |
| [DODPLAN] | Mr. Michael E. Waschull, Director, DoD Y2K Contingency Planning Workshop (.ppt), Contingency Planning OASD C3I Y2K office, 22 January 1999 |
| [UK66] | Fred Hiatt Ukraine Nuclear Warheads Decaying and Dangerous, The Washington Post , January 19, 1994 |
| [KAFS] | Kevin Orfall and Gaurav Kampani CNS Resources on North Korea's Ballistic Missile Program, Monterey Institute of International Studies, 31 August 1998 |
| [RUS98] | Wired News Report Russia Brushes Off Y2K Scare, Wired News, 12 Aug 1998 |
| [RUSOW] | Y2K in Russia: A View From the Trenches, Castor, October 21, 1998 |
| [RUSSIG] | Yahoo-Russia, Yahoo Daily News |
| [CHMF] | China to be crippled by 2000 computer glitch, experts say, Nando Net, Viewed March, 1999 |
| [RUSEWS] | Michael J. Martinez Russia Y2K Program Behind Schedule, ABCNEWS.com, January 29, 1999 |
| [RUSFIX] | "Russia needs $3B to Fight Y2K Bug" Yahoo Daily News, Feb 2 1999 |
| [RUS3B] | U.S., Russian Experts Fight Y2K Bug, Reuters, Feb 22, 1999 |
| [MSNBCC] | Prof. June Dryfer China - Military FAQ Sheet, MSNBC, Jun 22, 1998 |
| [Y2KUK] | Battle of the Y2K, (Page has Since Been Removed) |
| [DT98] | Britain's Navy's Systems, Including Nuclear Missiles: 10% Compliant, Daily Telegraph, Dec 5 1998 |
| [IMABBSCON] | Contingency PLanning Document, Army WWW Site, Nov 23, 1998 |
| [WIR360] | Pentagon: We'll Be Ready for Y2K, Reuters (Via Wired), 15 Jan 1999. |
| [NEWS363] | US sends reinforcements to Kuwait, BBC News, February 17, 1998 |