Year 2000 (Y2K) compliance refers to the complex process whereby governments, businesses, and individuals upgrade computer systems so that 2000 is recognized by those systems as a valid date. The Y2K problem was developed beginning in the late 1960s when the modem computer industry began, i.e., when computers began to be able to store data in addition to processing it. The problem will occur because many computer programs and applications were written to store data in only two digits, so that 1999 would be stored as "99" and 2000 as "00." Computers programmed to understand years using only two digits were expected to misread 2000 as 1900 (or some other date), causing many computers to crash or malfunction.
The Y2K problem affects not only computer programs and applications, but also operating systems, computer hardware, and other products and systems that rely on embedded chips and/or utilize computerized technology.
Why were dates written with two instead of four digits? When many programs were written and stored on mainframe computers in the 1960s, the cost of computer resources and storage space were at a premium. Memory was expensive, hard drive space was expensive, and computer time was expensive. In order to conserve costly storage space, the date field was truncated from four digits to two digits as a standard for most. applications and operating systems. As a result, millions of programs, millions of computers, and millions of embedded systems that utilize computer technology are expected to malfunction when they are required to accept date information beginning with January 1, 2000.
The Y2K problem is expected to affect virtually every computer program and application written since the 1960s and not updated to correct the problem. To correct the problem, billions of lines of computer code need to be examined. As one Y2K expert put it, "The code has been broken." Fixing this aspect of the problem requires massive amounts of manpower and the time to do it. General Motors projected it would spend between $710 million and $780 million to prepare its computer systems for the year 2000.
As difficult as code auditing is, embedded system remediation may pose an even greater problem. Remediation is the process by which applications or embedded systems are inventoried, assessed, reprogrammed, tested, and re-implemented. When one takes into account the scope and complexities of embedded systems throughout the world, the magnitude of the Y2K problem becomes more apparent. The prevalence of embedded computer systems reflects just how deeply computers have become integrated into everyday life. For example, computer systems are imbedded in the following everyday processes:
Embedded systems are those devices that perform an automated function or process using a built-in microprocessor, program, and computerized clock (also known as a RTC or real time clock). These devices are sometimes called PLCs, or process logic controllers. Embedded systems are found in devices ranging from VCRs to satellite control systems. There are an estimated 25 billion embedded systems worldwide. Of those, it is not known how many are date sensitive and prone to Y2K failure, although estimates range from .25 percent to 10 percent.
Many of the embedded systems that are date sensitive may or may not be mission critical, depending on the industry and the application. In one case involving Kraft Foods, the company tested 832 PLCs and found 10 percent of them to be date sensitive. PLCs at Kraft control safety and food production and so were mission critical. In what was possibly a related incident, Kraft had to destroy several million dollars worth of food, because its expiration date was after January 1, 2000.
Several factors have made it difficult to examine and remediate embedded systems. Since many of the embedded systems are continuously "live," testing can only take place in a simulated environment, without integration with other systems. In addition, it would be impossible to test embedded systems that have been upgraded until all such systems were in place, and the upgraded systems would not be ready to test at the same time. In other cases remediation cannot be accomplished, because the microprocessors themselves can no longer be manufactured.
In theory the Y2K problem can be fixed, and Y2K compliance can be achieved. In practical terms, though, several factors prevent full compliance. These boiled down to two key factors: manpower and time. On a worldwide basis there are not enough people to examine and rewrite programs. An estimated 400 computer languages have been used, with COBOL accounting for about 30 percent of non-compliant languages. In addition, many businesses and government agencies were running out of time. Large organizations needed to begin addressing the problem well before 1999. Small to medium-sized companies are even further behind in remediation and replacement of non-compliant systems. As of March 1999, an estimated 22 million small businesses, or approximately 50 percent, had done nothing to prepare for Y2K, according to one survey.
Another factor to be considered as January 1, 2000, approached was the fact that it was an absolute deadline. Historically, complex information technology (IT) projects have not been completed on time. There was no reason to expect that a project as complex as Y2K compliance would be completed on time either.
Since businesses might not have the resources to make sure every piece of equipment is Y2K compliant, they are urged to prioritize all processes and deal with those that are the most critical. One method called "triage" was adopted from emergency medical procedures, whereby soldiers with critical injuries were categorized into three classes based on whether or not they would survive with or without medical treatment. The term has been applied to Y2K systems to determine whether or not they are "mission critical." Using this method, businesses can allocate limited resources to saving the most critical systems first.
In order to determine which systems are mission critical, an organization must first complete an asset inventory of all computers, software, and other equipment with embedded chips. These include personal computers, software, fax machines, heating and ventilation equipment, communications equipment, modems, security systems, and safes. This process can be aided by forming search committees to take an asset inventory and assess what areas are mission-critical to the operation of the business.
The asset inventory then prepares an organization for a Y2K audit, a several-step process to identify potential Y2K problems and takes steps to fix them. Potential problems could occur in the following areas:
Customers, suppliers, and vendors also need to be contacted. Any with non-compliant systems can potentially contaminate a business's systems and become open to Y2K litigation. Businesses are urged to contact suppliers or equipment manufacturers in order to assess the possibility that inventoried items will not function properly. Businesses also needed to consider the impact of critical outside service providers, including telephone, electricity, water, gas, and possible raw material suppliers. Such suppliers should be contacted to confirm Y2K readiness in writing.
In some cases businesses need to develop contingency plans for critical services and products, in case there is a Y2K malfunction, especially for service providers who appeared to be lagging in Y2K compliance efforts. Businesses are also urged to review all legal contracts and insurance policies to determine coverage for Y2K-related problems. Finally, a disaster plan should be developed to cover scenarios involving utilities or a lack of supplies.
To get the ball rolling, organizations need to make high-level management decisions regarding what to fix and what to risk not fixing. Management also needs to make business decisions regarding time and resource allocation to address the problem. Small business owners can seek assistance on the Web, where there are sites tailored to the small business owner that provided self-assessment checklists and programs.
Several key 1999 dates represented potential failure points for embedded systems. Some analysts predicted that one-fourth of all Y2K-related problems would occur in 1999. The Gartner Group predicted that only 8 percent of all Y2K problems would happen on January 1, 2000. Taskforce 2000, a privately funded organization, predicted in April 1999 that 60 percent of computer errors and data disruption would occur during 1999, and 30 percent would occur after January 1, 2000. The group estimated only 5-10 percent of the problem would occur on January 1 because of the rollover from 1999 to 2000.
Two key dates in 1998 passed without noticeable effects. These were July 1, 1998, which was the start of fiscal 1999 for 46 states, and October 1, 1998, the beginning of fiscal 1999 for the federal government. These were dates when computers began to look forward into fiscal 2000 to calculate benefits. While errors were expected, no significant interruption of government service occurred.
January 1, 1999, was the date that many computer applications, such as inventory, benefits, and banking and credit systems, began looking ahead to 2000. On this date the chances were high that an undetected Y2K problem could trigger a variety of results: miscalculation of expiration dates on time-sensitive inventories; errors in check payments to employees, beneficiaries, or suppliers; under- or over-estimation of interest on credit accounts; and others. Some 13 states and the District of Columbia applied short-term patches to computer systems to ensure they would be able to issue benefit checks on or after January 1, 1999.
January 4, 1999, was the first working day of the year. On this day new data was entered into systems looking ahead to 2000. While older files may have been isolated from database calculations, new data was subject to risks associated with potential Y2K problems. Other 1999 dates related to Y2K included those dates on which fiscal 2000 began for various governments, including April I (Canada, Japan, and New York), July 1 (46 states), and October I (U.S. government). Y2K problems on these dates could affect the earnings reports of companies that are highly dependent on government for revenues as well as the credit and bond ratings for those governments.
August 22, 1999, was the date that the Global Positioning System reached the end of its built-in calendar and rolled over to start a new calendar for 20 years. If a company was using an older CPS receiver, it was possible that the rollover would affect traffic management. However, most commercial users of GPS had already upgraded their systems, including the Federal Aviation Administration (FAA) and the airlines.
The "Year 2000 Information and Readiness Disclosure Act" was signed into law on October 19, 1998. The purpose of the law was to encourage business-to-business communication on readiness, strategies, tools, and any other information related to Y2K compliance. However, businesses were reluctant to discuss Y2K compliance actions, even after the bill was passed. A 1999 survey by the California Public Employees' Retirement System, which had more than $35 billion invested in 2,469 companies, garnered a response from only 600 of those firms. A mere 13.5 percent provided meaningful information. One reason for such reluctance might have been the fact that there were several class action lawsuits filed in 1997 and 1998 against information technology vendors based in part on Y2K statements made to customers and to the public.
The federal law contained provisions and guidelines regarding "Year 2000 Readiness Disclosures." It also provided a limited temporary exemption from federal and state antitrust laws to permit businesses to exchange Y2K data between and among traditional competitors, for the purpose of correcting or avoiding Y2K processing problems. While the law did not lessen the liability of companies if there were to be a Y2K product or service failure or defect, it did establish a high but fair and consistent standard of proof for a claimant to use an entity's "Year 2000 Statement" as the basis for legal action. The overall purpose of the law was to establish uniform legal standards in the disclosure of Y2K information; it did not in any way lessen the ability of wronged parties to take legal action against entities with whom they had a contractual relationship, for failures, fraud, or breaches of contract.
A subsequent piece of legislation, known as The Y2K Act or The McCain-Dodd Y2K Act, passed the House and Senate of the U.S. Congress by mid-1999, and was headed for conference. The bill was supported by a wide range of businesses, industry associations, and the high-tech community, while being opposed by attorney groups such as the Trial Bar. The Y2K Act sought to discourage Y2K litigation and encourage remediation. Its provisions were aimed at discouraging frivolous lawsuits related to Y2K by preserving existing contracts, establishing a cure period for Y2K disputes, and allowing a reasonable efforts claim into evidence in contractual disputes.
Many small businesses simply did not have the resources to address the Y2K problem in a timely manner. To assist small businesses in becoming Y2K compliant, the U.S. Congress passed the Small Business Year 2000 Readiness Act, which set up a $500 million guaranteed loan program in 1999 for small businesses trying to fix the Y2K problem. The program was to be administered by the U.S. Small Business Administration.
Other federal resources included the Presidential Council on Year 2000 Conversion headed by John Koskinen, which devoted most of its efforts to providing information to the public about Y2K compliance. It said that national systems such as power grids, telecommunication networks, and air traffic were Y2K compliant, but it warned of localized, temporary disruptions. It created 25 working groups to facilitate communication between industries and developed a Y2K toolkit to promote community involvement. It also helped to develop a "Year 2000 Investor Kit" to help investment firms, markets, regulators, and the media provide information to the public about the Y2K readiness of the financial services industry. It also set up a toll-free information line for consumers.
The Federal Emergency Management Agency (FEMA) conducted a series of ten regional workshops in February and March 1999 for emergency management and fire services officials. The workshops covered initial Y2K compliance assessments, potential consequences of Y2K disruptions, and the coordination of responses among local, state, and federal agencies.
Also addressing the Y2K problem was a Senate special committee, headed by Sen. Robert Bennett and Sen. Christopher Dodd. Various reports were issued by the U.S. Office of Management and Budget (OMB) and the Government Accounting Office (GAO).
Y2K compliance of federal government agencies was under constant scrutiny. An Office of Management and Budget report listed 43 high impact government systems, of which only two were Y2K compliant in early 1999. The Federal Aviation Administration (FAA) said it was 99 percent Y2K compliant in September 1998. However, by June 1999 it was reportedly only 92 percent compliant and was faced with a string of control system failures at major airports, including La Guardia (New York), O'Hare (Chicago), Dallas/Forth Worth, and San Diego, among others. FAA expected to achieve Y2K compliance by July 1999. The agency said its air traffic control computers passed a major test in April 1999. Compounding the problem for the FAA was the fact that most of the nation's 670 domestic airports began their Y2K compliance efforts too late.
U.S. Representative Christopher Horn (R-CA) issued a quarterly report card on Y2K compliance by federal agencies. His June 1999 report card found that the federal government's mission-critical systems were 94 percent compliant. However, the report noted that two critical systems—the FAA's air traffic control system and the payment management system of the Department of Health and Human Services—were not yet Y2K compliant. Also of concern were systems with December 1999 completion dates, which covered areas such as child nutrition, food stamps, child care, child support enforcement, child welfare, and more.
Individual states set up Y2K project offices to provide support and information. City governments were expected to do their own auditing and compliance checking. Key areas of concern were being able to provide basic services such as water and electricity as well as 911 and other emergency services.
While many major corporations began Y2K compliance programs before 1999, not all industries appeared able to achieve Y2K compliance before the year 2000. Heavily regulated fields, such as banking, insurance, and finance, were the furthest ahead. Among the industries lagging behind were health care, where some two-thirds of all hospitals had no plans to test their systems for Y2K compliance, and oil, where computer links to foreign suppliers were a concern. Food processing, farming, agriculture, construction, and education were other areas that had fallen behind schedule in their Y2K compliance efforts. Following are a few example of how different industries were dealing with the Y2K problem.
In early 1999 Microsoft was saying that it had tested 2000 of its software applications and found 93 percent of them "Y2K ready." However, "ready" did not mean "compliant." In some cases, a patch upgrade was needed for the software to be Y2K compliant. In addition, Microsoft made PC Analyzer available as a free software tool to determine Y2K compliance. While the company faced some litigation with regard to Y2K-related problems, one such suit concerning its FoxPro database software was dismissed "with prejudice," meaning that it could not be appealed.
Microsoft also had to provide patch upgrades for its Windows NT Terminal Server Edition (TSE), which it first released in mid-1998 in a non-compliant version. Patches promised for September and December 1998 were not delivered. Patches posted in January 1999 were later admitted to be inadequate, with the result that some companies mistakenly believed that TSE deployments were Y2K compliant. Customers were left wondering if an NT Service Pack scheduled for March 1999 delivery would provide adequate Y2K compliance.
The Securities Industry Association (SIA) ran a series six weekend tests during March and April 1999. More than 400 U.S. securities firms, stock exchanges, and asset managers tested how well computers would handle stock, bond, and mutual fund trades at the end of the year. The tests simulated conditions on December 29, 1999, the last trading day of the year.
The Options Clearing Corporation began its computer conversion process in 1985 and became Y2K compliant in 1996. The OCC expected its Y2K team to continue to be active well into the year 2000. As the clearinghouse for the American Stock Exchange, the Chicago Board Option Exchange, the Pacific Stock Exchange, and the Philadelphia Stock Exchange, the OCC typically had a daily liability of $30 billion. It could not afford to have any downtime at all, so not surprisingly it invested heavily in Y2K compliance. After achieving software compliance, it focused on the embedded chips residing in its servers and mainframe computers. Other efforts included contacting its power company, telephone company, and building management to ensure that communications and electricity would not be cut off and that the elevators in its building would continue to operate.
Northwest Airlines has been addressing the Y2K problem since 1991. The company's efforts involved examining more than 34 million lines of computer code and testing 14,000 pieces of equipment at 130 sites in the United States. The airline spent some $45 million to become Y2K compliant and assigned about 200 employees to the task.
Efforts at Y2K compliance among the nation's retailers has been coordinated by the National Retail Federation since February 1997. Its efforts included risk assessment, the development of best practices guidelines, and contingency planning.
In early 1999 USA Today reported that banks were beginning to tighten credit standards for companies that seemed to be lagging in their Y2K compliance efforts. Banks were starting to ask companies to show that computers were Y2K compliant, or that they would be compliant in time. For companies that were not Y2K compliant, some banks were requiring more collateral to back loans or would not add to existing credit lines. Regulators were encouraging banks to tighten credit on business loans to companies who were not Y2K compliant to minimize losses in case the Y2K bug disrupted the companies' business and made it more difficult for them to repay loans.
The Federal Deposit Insurance Corporation (FDIC) planned to tour several cities to talk to newspapers and other media in an effort to calm people's fears about the effect of Y2K on banking operations. A March 1999 Gallup poll revealed that more than half of all Americans believed that banking systems would fail on January 1, 2000. The FDIC reported that 97 percent of banks had done a satisfactory job of dealing with the Y2K problem, with the remaining 3 percent (about 320 banks) being mostly small banks. Industry analysts and banking experts tended to agree with the FDIC's assessment, saying that banks seemed to be on top of the problem.
Federal banking regulators, operating under very stringent guidelines from the federal government and FDIC, conducted numerous bank examinations to make sure the banking industry would be Y2K compliant. As a result, federal officials were not especially concerned about the banking industry's Y2K preparedness as of late March 1999. The regulators had made sure that banks had Y2K compliance plans as well as teams and resources in place. A second phase of examination involved determining whether individual banks had been successful in correcting their systems. Banks were required not only to test their own systems, but also their interfaces with important third parties. The final phase of federal oversight involved reviewing contingency plans.
Also of concern was the public's confidence in the banking system. People who did not have a lot of confidence in technology in the first place were likely to run to the bank and take their money out. Several programs were being conducted to educate the public and boost its confidence in the banking system. In addition, the Federal Reserve significantly increased its currency order to ensure that an adequate supply of cash would be available in case of a run on banks.
The President's Council on Year 2000 Conversion developed a "Year 2000 Investor Kit" to help investment firms, markets, regulators, and the media provide information to the public about the Y2K readiness of the financial services industry. The Kit was developed jointly with the Securities and Exchange Commission (SEC), National Association of Securities Dealers (NASD), and Securities Industry Association (SIA). It contained a review of the financial services industry's efforts to prevent Y2K computer problems, a list of frequently asked questions (FAQs), a Y2K checklist, and information about checking personal computers and other equipment for potential Y2K problems.
Investors could also check on the Y2K readiness of registered broker-dealers, mutual funds, and investment advisors at the SEC Web site.
Preparing computer systems for Y2K has been a costly exercise requiring billions of dollars worldwide. While no accurate estimate of the total cost is available, some companies have reported how much they expected to spend. General Motors announced it would spend between $710 million and $780 million to prepare its computer systems for the year 2000. Boston's State Street Bank and Trust spent an estimated $200 million preparing for Y2K. Just to be on the safe side, State Street told its employees not to plan on taking a vacation over the New Year's weekend. Like the employees of many other companies, some 1,500-2,000 employees at State Street will be at their desks watching the clock tick past midnight to ensure that the bank's computers don't crash.
[ David P. Bianco ]
Abrams, Jim. - Y2K Alerts a Test for Government." Detroit Free Press, 9 June 1999.
Balas, Janet L. "Preparing the Library for the Year 2000." Computers in Libraries, March 1999.
Boyko, Allan. "A Y2K Checklist." Edmonton Sun, 29 March 1999.
Center for Strategic and International Studies. "Y2K: A Global Ticking Time Bomb?" Conference Proceedings, 2 June 1998.
"FDIC Plans Campaign to Calm Y2K Fears." Knight Ridder Newspapers, 29 March 1999.
"Federal Y2K GPA up Slightly." ITAA Year 2000 Outlook, 18 June 1999.
"FEMA Regional Y2K Workshops Begin." FEMA Press Release, 26 January 1999.
Gallagher, John. "Northwest Spends Millions to Make Sure that the Dreaded Y2K Bug is Just a Blip." Detroit Free Press, 27 April 1999.
"GM Forecasts Year 2000 Costs at $710-780 Million." Reuters, 12 March 1999.
Healy, Beth. "Party? Hardly. Financial Staffers on Full Y2K Alert." BusinessTodav.com , 12 March 1999.
Information Technology Association of America. "ITAA Guide to the 'Year 2000 Information and Readiness Disclosure Act.'" 28 June 1999.
——. "ITAA Summary of Key Provisions of Interest to the IT Industry: The Year 2000 Information and Readiness Disclosure Act - S.2392." 28 June 1999.
MacDonald, Michael. - Y2K Grief Hits Early for Some." The London Free Press, 29 March 1999.
Mcdonald, Susan. "Federal Regulators Ensure Banks' Readiness for Y2K." Business First, 29 March 1999.
Miller, Rich. "Y2K Fears Tighten Credit." USA Today, 19 April 1999.
Mukherjee, Sougata. "Y2K Loans May Spell Trouble." The Denver Business Journal, 29 March 1999.
"National Retail Federation Supports the Y2K Act." PR Newswire, 8 June 1999.
Pettitt, Jo. "Microsoft in Trouble over Year 2000 Again." VNU Business Publications, 12 March 1999.
Rankin, Robert A. "Y2K Problems Inevitable, Senate Panel Says." Detroit Free Press, 24 February 1999.
Ratcliffe, Mitch. "Y2K in 1999: Plumbing the Reality of the Problem." 29 December 1998. Available from www.zdnet.com ..
"Report: Y2K Bug Will Hit Early, Reverberate." Yahoo! News, 21 April 1999.
"Securities Industry Y2K Test Surpasses Expectations." BusinessToday, 8 March 1999.
Sowinski, Jay. "Do You Want to Risk Chaos for Your Firm? Ignore Y2K." Kansas City Business Journal, 29 March 1999.
Stewart, Julie. "As Calendar Winds Down, Cities Zero in on 2000 Woes." Arkansas Democrat-Gazette, 29 March 1999.
"U.S. Warns Airlines Insurance Must Cover 2000 Bug." Yahoo! News, 20 April 1999.
"Y2K Legislation." Information Week, 8 March 1999.
"Y2K Litigation Bill Passes Senate; Conference Could be Sticky." ITAA Year 2000 Outlook, 18 June 1999.
"Y2K News Site Issues Air Travel Public Safety Notice; Documents Timeline of FAA Failures." PR Newswire, 9 June 1999.
"Y2K Stats: The Options Clearing Corporation." PC Week, 6 July 1998.