EXECUTIVE
SUMMARY
TABLE
OF CONTENTS
EXECUTIVE
SUMMARY
- INTRODUCTION
- SUMMARY
OF GOVERNMENT-WIDE PROGRESS
Table 1 -- Government-wide Summary of Year 2000
Status
-
- AGENCY
SPECIFIC PROGRESS
Process
of Agency Evaluation
Tier One Agencies
Tier Two Agencies
Table 2 -- Tier 2 Agencies -- Progress, But Concerns
Tier Three Agencies
Small and Independent Agencies
Table 3 -- Summary of Small and Independent Agency
Reports
- Appendix
A -- Summary Tables of Agency Progress
- Appendix
B -- Agency Exception Reports
- Appendix
C -- Key Federal Web Sites on the Year 2000
EXECUTIVE
SUMMARY
President
Clinton is committed to ensuring that Federal agencies are meeting
the challenges posed by the year 2000 computer problem and to making
sure that critical government services will not be disrupted by the
transition to the year 2000. Since the last quarterly report, agencies
have continued to make progress in their year 2000 efforts. As of
August 15:
- Of
the Government's 7,343 mission-critical systems, 50 percent are
now year 2000 compliant -- up from 40 percent in May. Of the remaining
systems, 40 percent are being repaired, 9 percent are being replaced,
and 1 percent are being retired.
- Of
the systems being repaired, 71 percent have now been renovated
-- up from 55 percent in May.
- For
instances where system failures are possible, agencies are developing
plans to assure continuity of their core business functions. Completing
and testing these plans will become increasingly important as
we approach the year 2000.
Individually,
nine of the 24 major Federal agencies, grouped into Tier 3, are identified
as continuing to make adequate progress on the year 2000 problem.
Among these agencies, 74 percent of mission-critical systems are now
year 2000 compliant, and 89 percent of systems being repaired have
now been renovated.
At the
same time, many agencies continue to face significant challenges in
their year 2000 efforts. Eight agencies are identified as making progress,
but with concerns (Tier 2), and seven are identified as not making
adequate progress (Tier 1). In this report, one agency, the State
Department, was downgraded to Tier 1. While increased high-level focus
on the problem has resulted in improvement at some of the most troubled
agencies, their overall progress must increase if they are to meet
the Government-wide year 2000 milestones for completing their work
by March 31, 1999.
To ensure
that agencies are prioritizing their year 2000 efforts, on June 19,
1998, OMB directed all agencies of concern (Tiers 1 and 2) to provide
to OMB their plans for monthly progress, and to subsequently provide
to OMB, on a monthly basis, a report which measures progress against
those plans. In addition, John Koskinen, Assistant to the President
and Chair of the President's Council on Year 2000 Conversion, now
attends monthly senior management meetings of the Tier 1 Cabinet agencies
about the year 2000 problem.
Moreover,
based on the rankings of this report, Vice President Gore on September
2 met with heads and senior officials of the Departments of Defense,
Education, Energy, Health and Human Services, State, and Transportation,
and of the U.S. Agency for International Development to review their
plans for prioritizing year 2000 efforts.
On cost,
agencies now estimate they will spend $5.4 billion fixing the problem
in Federal systems -- up from $5 billion in May. This increase is
consistent with the Presidents budget request, which anticipated
that additional requirements would emerge over the course of the year
and included an allocation to provide flexible funding to address
emerging needs. In fact, additional needs for one-time funding have
been arising as anticipated. This increase is due, in part, to the
success of verification and validation efforts which have enabled
agencies to better ascertain the compliance of their systems. In response
to these needs, the Administration supports Congressional action to
create an emergency funding mechanism for Y2K computer conversion
requirements. This action is consistent with the President's budget.
A number
of Government-wide efforts are underway to coordinate progress in
the areas of telecommunications, buildings systems, and bio-medical
devices and laboratory equipment. These efforts have encountered resistance
from some vendors, who, at times, are reluctant to provide the Federal
Government with information about the compliance of their products.
The Administration's proposed "Year 2000 Information Disclosure Act"
would help to eliminate many of the barriers to information sharing.
In the areas of Federal/State data exchanges, most Federal agencies
have provided status information, as have most States.
Top
of Page
Progress
on Year 2000 Conversion
Report of the U.S. Office of Management and Budget
as of August 15, 1998
I. INTRODUCTION
This report
is the sixth in a series of quarterly summary reports to Congress
on the Administration's progress in fixing the year 2000 ("Y2K") computer
problem in Federal systems. It outlines the continuing work to avert
the problems that could occur if systems are not able to correctly
process the year 2000. This summarizes data received from the 24 agencies
that make up the Federal Chief Information Officers' (CIO) Council
and from nine small and independent agencies. These data were due
to OMB on August 15, 1998.1/ It
also describes the status of government-wide activities underway.
This report and all previous reports are available on OMB's web site
[/OMB], on the web site for the President's
Council on Year 2000 Conversion [http://www.y2k.gov],
or on the Federal Chief Information Officers' web page [http://cio.gov].2/
OMB's
initial Y2K report, entitled "Getting Federal Computers Ready for
the Year 2000," was transmitted February 6, 1997. The report outlined
the Federal Government's strategy to address the Y2K problem in its
systems, one that remains predicated on agency accountability. The
Government's approach follows the five phases of awareness, assessment,
renovation, validation, and implementation. Working with the CIO Council,
OMB set government-wide milestones for the completion of each phase.
Agencies then established plans for each phase. The five
phases overlap -- for example, validation of some systems begins while
renovation of others continues.
The Administration
has taken several significant steps during the last quarter to spur
progress on the problem within and beyond the Federal Government.
At a July 14 event on the Y2K problem, President Clinton and Vice
President Gore underscored the importance of preparing systems for
the year 2000, not only within the Federal government, but in the
private sector as well. The President's Council on Year 2000 Conversion,
which began operations in March and is chaired by Assistant to the
President John Koskinen, has continued its efforts to increase awareness
of the problem beyond the Federal Government. Under the Council's
direction, agencies are reaching out to private sector organizations,
State and local governments, and international institutions in their
policy areas and are participating on 35 Council working groups to
address year 2000 activities in key economic sectors. The working
groups are working closely with industry to facilitate and coordinate
information sharing on year 2000 progress and solutions. Their efforts
are an important part of the Council's "National Campaign for Year
2000 Solutions," which was kicked-off at a July 28 event focused on
the Y2K problem's implications for the electric power industry.
1/
Except where noted, the summary data provided in this report refer
solely to the 24 agencies on the CIO Council.
2/
A list of key Federal year 2000 web sites may be found on the last
page of this report.
The Administration
also recognizes a critical need for industry to share information
about their year 2000 problems and solutions with each other and with
the public. Such sharing and cooperation is essential to making sure
that companies can avoid "reinventing the wheel" and can proceed with
their fixes in the most effective and timely way. Accordingly, the
Administration has proposed the "Year 2000 Information Disclosure
Act," which would encourage companies to share information about possible
solutions to year 2000 problems.
The Administration
has taken significant actions in the last quarter to ensure that agencies
are focusing on compliance. On June 19, 1998, OMB directed all agencies
in Tier 1 (those where there is insufficient evidence of adequate
progress) and Tier 2 (those that have demonstrated progress, but still
are of concern) to provide to OMB plans for monthly progress, and
to subsequently provide to OMB, on a monthly basis, reports which
measure actual progress against those plans. In addition, John Koskinen
is now attending the monthly senior management meetings of Tier 1
agencies on the year 2000 problem to work with them on their programs.
And on September 2, the Vice President met with heads and senior officials
of Tier 1 Cabinet agencies, based on this report -- the Departments
of Defense, Education, Energy, Health and Human Services, State, and
Transportation, and the U.S. Agency for International Development.
He stressed the importance surmounting obstacles to year 2000 progress.
Top
of Page
II. SUMMARY OF GOVERNMENT-WIDE PROGRESS
This
summary report shows that:
- Only
two agencies -- AID and HHS -- are working toward dates that are
beyond the Government-wide milestones or the completion of their
Y2K work. The government-wide milestones are completion of renovation
by September 1998, validation by January 1999, and implementation
by March 1999. Some agencies -- Justice, Treasury, GSA, OPM, SBA,
and SSA -- have set goals ahead of the Government-wide milestones.
(See Appendix A, Table 1.)
- Senior
Federal managers continue to reevaluate which systems are truly
critical to their organizations' missions and reset their priorities
accordingly. Agencies now identify 7,343 mission critical systems,
which is slightly more than the 7,336 identified in the May report.
(See Appendix A, Table 2.)
- Of
the 7,343 mission critical systems, 50 percent (3,692) are now
year 2000 compliant, compared to 40 percent in the previous report.
This includes systems repaired, replaced, and those that were
already compliant. (See Appendix A, Table 2.)
- Of
the 7,343 mission critical systems, 40 percent (2,910) are still
being repaired; 9 percent (650) are still being replaced; and
1 percent (91) will be retired. (See Appendix A, Table 2.)
- Of
those systems that have been or will be repaired, 71 percent have
completed renovation, an increase from 55 percent in the previous
report. Forty-four percent have now completed validation, while
implementation is now 37 percent complete. (See Appendix A, Table
3.)
- Agencies
now estimate they will spend $5.4 billion fixing the problem from
fiscal year 1996 through fiscal year 2000, an increase from $5.0
billion in the previous report.3/
(See Appendix A, Table 4.) This is consistent with the President's
budget, which anticipated that requirements would emerge over
the course of the year and included an allocation to provide flexible
funding to address emerging needs. In fact, as anticipated, additional
needs for one-time funding have been rising.
- This
increase in estimated cost is attributable to refinement of estimates
as agencies move through the phases of renovation and validation
and to the newly-found costs associated with fixing the embedded
chip problem. To the extent that agencies encounter unexpected
difficulties, these estimates will continue to rise. Moreover,
as agencies work through the validation phase and develop continuity
of business plans, it is possible that some agencies will determine
that they require significant additional funding. Such funding
must be made available quickly in order to ensure that work proceeds
without interruption. The Administration supports Congressional
action to create an emergency funding provision for Y2K computer
conversion requirements. This action is consistent with the President's
budget.
- Most
agencies report that they have completed their assessments of
non-mission critical systems. By definition, such systems are
less critical to the functioning of the agencies, but many are
still important. All of the agencies reported they have an active
program to fix these systems, albeit as a lower priority.
-
Most agencies report that they have taken steps to assess embedded
chip problems. This area is of increasing concern.
3/
These estimates include the costs of identifying necessary changes,
evaluating the cost effectiveness of making those changes (fix or
scrap decisions), making changes, testing systems, and preparing contingencies
for failure recovery. They include the costs for fixing both mission
critical and non-mission critical systems, as well non-information
technology products and systems such as air conditioning and heating.
They do not include the costs of upgrades or replacements that would
otherwise occur as part of the normal systems life cycle. They also
do not include the Federal share of the costs for state information
systems that support Federal programs.
The Federal
Government continues to make progress in addressing the year 2000
problem. However, the overall rate of progress for some agencies is
still not fast enough. OMB has categorized agencies into one of three
tiers. Tier 1 comprises agencies where there is insufficient evidence
of adequate progress. For agencies in Tier 2, OMB sees evidence of
progress, but also has concerns. The remaining agencies in Tier 3
are making satisfactory progress.
Although
74 percent of Tier 3 agency systems are compliant, only 42 percent
of Tier 1 agency are compliant. The following table provides detail
on the progress of the agencies by tier.
Top
of Page
Table 1
Government-wide Summary -- Year 2000 Status
Mission-Critical Systems
Agency
Status |
All
Systems |
Systems
Being Repaired |
Y2K
Compliant 4/ |
Renovation
Complete 5/ |
Implementation
Complete 6/ |
Tier
Three
(VA, EPA, FEMA, GSA,
NASA, NRC, NSF, SBA, SSA) |
74% |
89% |
70% |
Tier
Two
(USDA, DOC, HUD, DOI,
DOL, DOJ, Treasury, OPM) |
56% |
72% |
42% |
Tier
One
(DoD, Education, DOE, HHS,
State, Transportation, AID) |
42% |
66% |
24% |
All
Agencies |
50% |
71% |
37% |
4/
Percentage of all mission-critical systems that will accurately process
data through the century change; these systems have been tested and
are operational and includes systems that have been repaired and replaced,
as well as those that were found to be already compliant.
5/
Percentage of mission-critical systems that have been or are being
repaired; "Renovation complete" means that necessary changes to a
system's databases and/or software have been made.
6/
Percentage of mission-critical systems that are being or have been
repaired; "Implementation Complete" means that the system has been
tested for compliance and has been integrated into the system environment
where the agency performs its routine information processing activities.
For more information on definitions, see GAO/AIMD-10.1.14, "Year 2000
Computing Crisis: An Assessment Guide," September 1997, available
at http://cio.gov
under Year 2000 Documents.
During
the last quarter, the Administration took several steps to focus management
attention and resources to this problem in order to ensure that solving
the year 2000 problem is the agencies' top management priority. As
mentioned previously, John Koskinen attending the monthly senior management
meetings of the Tier 1 Cabinet agencies on the year 2000 problem to
engage in discussions of ways to evaluate and prioritize work. In
addition, to better focus management attention on plans and progress,
all agencies that were rated as Tier 1 or Tier 2 were requested to
provide to OMB their plans for meeting their renovation, validation,
and implementation goals with monthly benchmarks. These agencies are
now reporting monthly on their progress against those benchmarks.
These plans and progress reports are a factor in OMB's evaluation
of agency-specific progress as outlined in section IV.
Finally,
agencies are required to report on any mission-critical systems for
which year 2000 renovation or replacements have fallen more than two
months behind schedule. Agencies are also required to report on any
system that will not meet the March 1999 target for completion of
implementation. These agency exception reports are summarized in Appendix
B.
A significant
number of these plans show agencies completing work on a large number
of systems in the month just before their target dates -- usually
March 1999. This is troubling, as information technology projects
in general are prone to unanticipated complications and delays. In
response to this end-loading of work in plans, some agencies have
taken strong and aggressive management action to make sure that their
goals are met. For example, the Secretary of Defense, on August 7,
1998, directed detailed reviews and reports of the status of year
2000 implementation by each of the Unified Commanders-in-Chief and
warned that, as of October 1, IT funding for the owners of some systems
may be withheld if there is not sufficient evidence of progress.
Top
of Page
III.
GOVERNMENT-WIDE ISSUES
VERIFICATION
EFFORTS
Independent
verification assists senior management by providing a double-check
that their mission-critical systems will, in fact, be ready. All large
agencies have independent verification programs underway for that
reason. These activities are paying off, as agencies have realized
that some systems, which were considered compliant, were not. This
process allows management sufficient time to take action.
It is
essential that accurate information be reported to senior management
in a timely manner, so that they can take appropriate action. Agency
Inspectors General have been helpful to senior management in this
regard as well. They are, for example, taking an active role in verifying
the accuracy of reports to senior agency management and reports to
OMB and the Congress.
CONTINGENCY
PLANNING AND CONTINUITY OF BUSINESS PLANNING
In the
reports this quarter, agencies have provided more detailed information
on contingency planning for those systems that are expected to miss
the March 1999 deadline for implementation. (See Appendix 5.) In addition,
although most agencies provided some information on the steps they
are taking to develop continuity of business plans, a great deal of
work remains to be done. These plans should describe risk mitigation
strategies and work-around alternatives to ensure the continuity of
the agency's core business functions. Such functions rely not only
on the agency's internal systems, but also on services outside of
the agency's control, such as the ability of suppliers to provide
products, services, or data, or the loss of critical infrastructure.
This work remains in its early stages, but, given its importance,
will be addressed by agencies in coming months.
To support
agencies in these efforts, the Year 2000 Committee of the CIO Council
worked with GAO to develop guidance on continuity of business planning.7/
The Business Continuity and Contingency Plan of the Social Security
Administration was shared with other agencies as a model. In addition,
on July 22, 1998, OMB issued "Revised Reporting Requirements for Year
2000 Efforts" (M-98-12), which asked for additional information on
contingency planning and continuity of business planning.
FUNDING
The President's
budget anticipated that additional requirements would emerge over
the course of the year and included an allocation to provide flexible
funding to address emerging needs. In fact, additional needs for one-time
funding have been rising as anticipated.
In response
to these additional needs, on August 13, 1998, OMB asked agencies
to provide to OMB their comprehensive plans and associated funding
requirements for achieving year 2000 compliance. This information
will augment the quarterly reports to OMB and will be used to assess
the possible need for additional funding for each agency.
The Administration
supports Congressional action to create an emergency fund mechanism
for Y2K computer conversion requirements. This action is consistent
with the President's budget. If approved by the Congress, such a fund
could make up to $3.25 billion available to the agencies, to be used
exclusively for the direct costs of addressing the year 2000 problem.
The availability of these funds would be contingent upon the President's
certification that these are, in fact, emergency requirements. These
funds would be available to cover the unanticipated costs of agency
year 2000 efforts for all types of information technology, including
computer software and hardware, telecommunications systems and their
components, and other systems and components (such as building security
systems and medical devices) that contain or depend on embedded microchips.
OMB expects that such funding will be particularly important for problems
uncovered as a result of verification and validation efforts and for
contingency planning and continuity of business planning.
7/
GAO report, "Year 2000 Computing Crisis: Business Continuity and Contingency
Planning." July, 1998; GAO/AIMD-10.1.19.
GOVERNMENT-WIDE
INITIATIVES
The Chief
Information Officers (CIO) Council Committee on the Year 2000 has
a established Subcommittees on Telecommunications, on Buildings, and
on Biomedical Devices and Laboratory Equipment, to work on government-wide
areas where the Y2K problem occurs outside of computer systems. In
these areas, the problem occurs in commercial products that rely on
computers or have computer chips inside them; the problem needs to
be fixed by manufacturers of those products. The Committee has also
established a subcommittee on State Issues that is focusing on ensuring
that exchanges of data between the Federal government and the States
will not be interrupted.
Information
sharing among vendors, manufacturers, service providers, and customers
-- in this case, Federal agencies -- about year 2000 problems and
solutions is critical. Despite intense efforts on the part of the
Federal Government, many vendors, manufacturers, and service providers
are reluctant to share information. In most cases, they fear that
such information will be used as the basis for a liability lawsuit
later -- despite the fact that failure to share information increases
the probability that their products will not be ready in time. In
response, the Administration has proposed the "Year 2000 Information
Disclosure Act," which would encourage companies to share information
about possible solutions to year 2000 problems.
Telecommunications
Systems
Like the
private sector, the Federal agencies are reliant upon commercial vendors
and the information they supply to address the compliance of their
telecommunications systems. GSA owns, manages, or resells consolidated
telecommunications services to Federal agencies throughout the United
States. In most cases, agencies must work with telecommunications
vendors to receive system upgrades; a number of agencies have expressed
frustration that some vendors have been slow to either provide information
about the status of their products or to repair the system.
The Telecommunications
Subcommittee, chaired by GSA's Federal Technology Service (FTS), is
working with industry to ensure that the telecommunications services
and systems provided to the Federal Government are year 2000 compliant.
FTS has completed its inventory and assessment for all GSA Consolidated
Systems, which provide local telecommunications services (including
hardware, licensed proprietary software, and features such as voice
mail) to Federal agencies nationwide.
Through
special interest groups for testing telecommunications equipment,
the Subcommittee has established a government-wide database with information
about compliant and non-compliant telecommunications products. This
database is available for vendors to post the status of their products
at http://y2k.fts.gsa.gov.
The site also provides links to the Web sites of more than 50 vendors.
The Federal
Government will participate in network interoperability testing of
certain critical systems scheduled by industry for early 1999. Thus
far, testing has shown that 90 percent of the PBXs owned by GSA are
already compliant. For the remaining 10 percent, manufacturers have
indicated that they will provide upgrade solutions. With respect to
service obtained from Local Exchange Carriers (LECs), GSA is contacting
LEC service providers for information on their year 2000 status which
it is then providing to other Federal agency users.
In the
Washington Metropolitan Area, the Washington Interagency Telecommunications
Systems (WITS) provides approximately 170,000 analog and digital lines
supporting both data and voice applications to Federal agencies. The
system was fixed in July 1998.
FTS
2000
Through
the Government's FTS 2000 contract, GSA is responsible for ensuring
year 2000 compliance for all Federal Government long distance telecommunications.
GSA intends to transition to FTS2001 contracts where possible before
the onset of the year 2000 to ensure compliance and a smooth transition.
In the event that the transition to FTS2001 has not been completed
by January 1, 2000, GSA has a contingency plan to use Sprint and AT&T
FTS2000 services. Both companies have made formal commitments that
their systems will be year 2000 compliant prior to the year 2000.
International
Telecommunications
Within
the United States, the International Direct Distance Dialing contract
with AT&T that is managed by FTS has been certified compliant.
Overseas, however, Federal agencies that have extensive foreign operations
are reviewing the effect that the year 2000 may have on their ability
to communicate with their overseas offices, which depend on the telecommunications
infrastructures of other countries. The State Department has determined
that more than 90 percent of the telecommunications equipment it operates
overseas is compliant or can be operated in a manual mode. Roughly
5 percent of its telecommunications services are supported by equipment
that is operated by the host nation. Several agencies, including the
Peace Corps and the Agency for International Development, have expressed
concern that overseas operations in some countries may be adversely
affected by host nation telecommunications problems. In these instances,
international agencies are working together to develop contingency
plans or to identify backup systems, such as satellites, to ensure
communications are maintained.
Other
Government-wide Telecommunications Services
The equipment
supplied by the Federal Wireless Telecommunications Service (FWTS)
has been certified compliant by GTE. Contracts for the Wire and Cable
Service; Electronic Commerce, Internet, and E-Mail Access; and Technical
and Management Support contain year 2000 compliance clauses. All task
orders for the Telecommunications Support Contract 2, which provides
consulting and telecommunications services, include year 2000 compliance
clauses.
Buildings
Systems
Many products
or systems in buildings, such as security systems, elevators, or heating
and air conditioning systems, contain embedded chips. Frequently,
these chips include a date function that helps run the system -- for
example, to time maintenance procedures or to regulate temperature.
If this date function is not year 2000 compliant, then the chip may
not work. This problem is particularly complex, because chip manufacturers
do not closely track how these chips are used. In addition, a manufacturer
of equipment (such as a security system) is unlikely to know the status
of the chips it is using. It may also be difficult to accurately test
the compliance of these chips in a working environment. Once non-compliant
chips are identified, they must be replaced. This otherwise simple
task of replacement is complicated by the large numbers of such chips
and the lack of complete information about where they are located.
In response,
GSA is contacting the vendors and manufacturers of all equipment in
all GSA-owned or GSA-managed buildings to determine the compliance
or non-compliance of equipment and to determine any necessary remedial
action. Based on this outreach, elevators, once thought to be highly
susceptible, are no longer considered to be a concern. On the other
hand, security/access systems are now coming under closer scrutiny.
In addition,
GSA has established a website (http://globe.lmi.org/lmi_pbs/y2kproducts/)
that provides year 2000 information for building systems products.
While there are now over 9,000 products listed on this site (up from
6,000 in the previous report), less than 5 percent of all products
are identified as non-compliant. Another website has been established
which allows personnel from Federal agencies to determine the year
2000 compliance status of Federally owned and leased facilities. This
site is for Federal Government use only.
GSA
Owned or Managed Buildings
To ensure
that Federal buildings are ready for the year 2000, the CIO Council
established the Building Systems Subcommittee, which is chaired by
GSA's Public Buildings Service (PBS). Their charge is to ensure that
any equipment that contains embedded chips in GSA- owned or GSA-managed
buildings is year 2000 compliant. In space where GSA is the owner,
PBS continues to thoroughly review inventory and coordinate with vendors
and manufacturers of equipment that contains embedded chips. Approximately
75 percent of the GSA building inventory has been surveyed to identify
equipment considered susceptible to year 2000 issues.
GSA
Leased Buildings
GSA is
also working closely with the owners of buildings that are leased
by GSA. For leased space, GSA sent letters that describe potential
problems associated with building systems containing embedded microchips
and requesting that lessors certify their space as year 2000 compliant.
About 40 percent responded. GSA will send follow-up letters to non-responsive
lessors and will forward brief surveys for "high-risk" leased locations
within 60 days. Through a contractor, GSA is developing compliance
reports for each building in order to provide building managers with
the basis for developing remedial action plans. Finally, a year 2000
clause was developed for inclusion in all Solicitations For Offers
for all new leased space.
Other
Federal Government Buildings
The Subcommittee
also holds monthly meetings with representatives from 45 Federal agencies
and bureaus in order to disseminate information to tenant agencies
as well as share information with agencies that own or manage their
own buildings.
Contingency
Planning for Buildings
GSA has
also established a Business Continuity and Contingency Planning (BCCP)
Task Force. This interagency task force is developing a model BCCP
for buildings for use by Federal agencies. The BCCP will be organized
around core business processes. The BCCP will also be made available
to the public.
Biomedical
devices and laboratory equipment often rely on computer chips to help
provide timing and maintenance functions. Although the effects on
many devices are not serious, for others, they may result in equipment
failure. Such failure will put patients at risk. Federal agencies
and private sector users of biomedical devices and laboratory equipment
need to know which equipment is susceptible to failure and must take
corrective action.
To provide
better information on the status of biomedical devices and laboratory
equipment to the Federal agencies that own and use such devices, the
CIO Council Year 2000 Committee established the Biomedical Equipment
Subcommittee, chaired by the Department of Health and Human Services.
On January 21, 1998, the Deputy Secretary of the Department sent a
letter to over 14,000 manufacturers of biomedical devices and laboratory
equipment, asking them to verify the compliance of their products.
On June 29, the FDA sent a follow-up letter to 1,935 manufacturers
whose products were likely to contain electronic components. To date,
only a little over 10 percent of manufacturers have responded to the
initial inquiry and to follow-up inquiries.
This information
has been made publicly available to health care providers, facilities,
and consumers on a web site located at http://www.fda.gov/cdrh/yr2000/html.
The web site contains information about products that still need to
be made year 2000 compliant, as well as solutions that the manufacturer
will offer to mitigate the problem (e.g., software updates), and the
date on which a compliant product will be available.
Ultimately,
the responsibility for informing the public about the compliance of
products lies with manufacturers. It is critical that manufacturers
provide information about the compliance of their products in order
to prevent year 2000 date problems in biomedical equipment from endangering
the nation's patient care and health research activities. Accordingly,
the Federal Government is considering taking action to prohibit the
acquisition of biomedical equipment from any manufacturer if the manufacturer
has not informed the Federal Government of the year 2000 compliance
for all of its products.
Federal
agencies exchange data with each other; with foreign, State, and local
governments; and with private entities. Because States operate many
vital Federal programs, such as unemployment insurance and Medicaid,
these exchanges are extremely important. (Although the Federal Government
exchanges very little data with local governments, it remains concerned
about progress there.) The Subcommittee on State Issues of the CIO
Council's Year 2000 Committee is working with the National Association
of State Information Resource Executives to focus on the exchanges
between the Federal Government and State governments. All Federal
agencies have inventoried their data exchanges and have discussed
both the format of the exchanges and the timing of making fixes to
them with their data exchange partners.
On behalf
of the CIO Council, GSA has established a secure web site for use
by the Federal agencies and the States, and in July, all parties began
to post the status of their data exchanges on the web. 8/
The status of each data exchange is shown as one of five categories:
(1) compliant and successfully tested by both parties; (2) successfully
bridged with both parties concurring in the format; (3) Federal side
ready but not yet tested; (4) State ready but not yet tested; and
(5) not yet compliant or testing still in progress. This information
is being updated by both parties on a monthly basis.
At this
point, the database is being set up and both sides are making sure
that data are accurate. Most Federal agencies have posted the status
of their data exchanges. Some agencies have requested that their data
exchanges not be posted for security reasons. In these cases, the
information has been sent to NASIRE for distribution to State CIOs.
Over half of the States have verified the data posted by the Federal
agencies. As more status information is posted, standard reports will
be distributed to Federal agencies and States which will provide an
up-to-date view of data exchanges.
8/
Access to the site is limited to authorized personnel from the Federal
agencies and State governments.
Year
2000 Information Directory
GSA also
manages and maintains the Governmentwide Year 2000 Information Directory
web site on behalf of the CIO Council. The directory provides one-stop
access to information, solutions, and Internet sites dealing with
the year 2000 problem. It acts as a clearinghouse for information
for Federal, State and local governments, as well as for private industry
and the public. This web site [http://www.itpolicy.gsa.gov/mks/yr2000/y2khome.htm]
was selected for inclusion in The Dow Jones Business Directory.
The web site includes articles and information on year 2000 product
compliance, contingency planning, and health care and industry concerns,
as well as a guide on the legal issues surrounding procurement and
contracts. The site also includes links to sites with information
on telecommunications, commercial-off-the-shelf (COTS) products, facilities,
and biomedical equipment.
Database
of Compliant COTS Products
On behalf
of the CIO Council, the Office of Governmentwide Policy at GSA also
maintains a directory of compliant, COTS Products that are used by
Federal agencies. This information is also available to the public.
[http://y2k.policyworks.gov]
Information contained in the database is based on vendor assertions
about their products and agency statements about their experiences
with particular COTS products.
Top
of Page
IV.
AGENCY SPECIFIC PROGRESS
PROCESS
OF AGENCY EVALUATION
Virtually
all of the agencies have made progress in the last quarter, although
in many cases there are serious concerns about the rate of that progress.
To evaluate agency progress, OMB used four criteria:
- Measurable
improvement -- Is there measurable and adequate progress on
renovation, validation, and implementation of computer systems,
including data exchanges? Is there progress on addressing other
systems, including buildings, telecommunications, and systems
and products containing embedded chips?
- Schedule
for completion of best practices phases and overall prognosis
-- Has the agency adopted a realistic schedule that is consistent
with the government-wide goals? Has there been a change in the
number of mission-critical systems that are expected to miss the
March 1999 implementation date? Does the agency have a strong
management team and a credible strategy in place?
- Risk
management -- Is the agency preparing a workable continuity
of business plan for its core business functions? Does the agency
have a deadline for when plans must be complete? Does the agency
have an effective and independent validation and verification
program in place? Is there adequate oversight of efforts to replace
non-compliant systems? Are systems previously reported behind
being brought back on schedule?
- Dramatic
changes in previously reported information or other indications
of concern -- Have there been dramatic changes in cost, schedule,
changes to the number of systems, or changes to the number of
systems behind schedule? Are there any concerns with the availability
of key personnel?
TIER
ONE AGENCIES
Tier One
comprises agencies where there is insufficient evidence of adequate
progress. The six agencies in the first tier are:
Department
of Defense
The Department
of Defense has a massive year 2000 challenge which must be accomplished
on a tight schedule. The Department has improved its rate of progress
in addressing the challenge, but the pace must be increased to meet
government-wide milestones. The percentage of mission critical systems
that are now compliant has risen to 42 percent, up from 29 percent
in May. Additionally, the percentage of mission-critical systems being
repaired that have completed renovation stands at 70 percent, up from
58 percent, and the percentage of those systems that have been implemented
has risen to 27 percent from 17 percent. On August 7, the Secretary
ordered greater effort by the Unified Commanders-in-Chief, inaugurated
operational evaluations of the affects of the year 2000, and created
an expanded management team to address this critical national defense
issue.
Department
of Education
The Department
of Education has made significant progress in the past quarter. Of
the Department's eight mission-critical systems, renovation went from
zero to four. However, rate of repair on the remaining systems is
cause for concern. Renovation of the Pell Recipients Financial Management
System is expected in December 1998, five months later than scheduled.
Renovation of ED's Local Area Network is expected in November 1998,
two months late. Two other systems are scheduled to be renovated by
September 1998, but will require close monitoring to meet their tight
deadline. In addition, four of the six systems that are in the validation
stage have completed testing for year 2000 compliance, but will be
re-tested -- prior to certification as compliant -- once recent programmatic
changes have been incorporated.
The Department
has made significant progress the systems it calls "mission-important"
and "mission-supportive." Of the 168 systems in these categories,
Education has completed all work on 130 systems, (84 of which were
completed during the most recent quarter). The Department is aggressively
validating data exchanges and it continues to communicate year 2000
information to the entire education community through its outreach
efforts.
Department
of Energy
Compliance
has increased from 36 percent to 40 percent in the last quarter, and
modest progress has been made in the other phases. However, the Department
has not identified all mission-critical systems at its Government
and contractor sites, and assessment of the Department's embedded
chips and lab equipment continues. Although DOE has defined 411 systems
as mission critical, explicit departmental prioritization and allocation
of resources among those systems has not occurred. The Department's
independent Office of Oversight Review has recommended that DOE "focus
management attention on complex, critical systems that face moderate
to significant risk."
All State
and local government data exchanges with the Department are reported
compliant. Intra-departmental data exchanges are 63 percent compliant,
data exchanges with other Federal agencies are 56 percent compliant,
and data exchanges with private organizations are 43 percent compliant.
The Department's Acting CIO is conducting site compliance reviews
in cooperation with the Office of the Inspector General and Office
of Oversight, but no independent verification and validation contractors
are being used for compliance reviews.
Department
of Health and Human Services
The Department's
Health Care Financing Administration (HCFA) remains a serious concern
as a result of its internal and external systems remediation schedule
and escalating cost estimates. As of this report, only 56 percent
of HCFA's internal systems and 14 percent of external contractor systems
have been renovated. While HCFA's remediation schedule indicates that
most systems will be renovated and implemented by the HHS deadline
of December 31, 1998, it is likely that some internal and many external
systems will fail to meet that date. Furthermore, OMB is concerned
that at least some Medicare contractors may fail to meet the March
1999 government-wide deadline for completing implementation. Achievement
of the HHS and government-wide milestones will require an extraordinary
acceleration of the remediation process in the last three months of
1998, leaving very little margin for error to deal with unforeseen
and unanticipated problems. Finally, HCFA's cost estimates for Y2K
remediation have increased dramatically since the last quarterly report.
HCFA is
attempting to address these concerns. It has delayed non-Y2K systems
work, such as standard system transitions and implementation of certain
statutory provisions, to increase the resources available for Y2K.
HCFA has also negotiated a contract amendment with its fiscal intermediaries
and carriers that makes Y2K compliance a performance measure. In addition,
HCFA has increased its Y2K staff by hiring retired Federal employees
with Medicare systems experience, and is informing physicians and
other health care providers of the importance of ensuring their systems
are Y2K compliant.
HCFA has
also begun developing contingency plans in case some mission-critical
systems fail in 2000. HCFA's lack of contracting flexibility, which
limits its ability to competitively contract for claims processing
activities, may negatively affect contingency planning. The Administration
urges Congress to pass contracting reform legislation, transmitted
to Congress on May 19, 1998, as soon as possible to ensure that HCFA
is able to contract with any qualified entity to ensure the continued
operation of the Medicare program in the case of a claims processing
system failure.
Other
HHS operating divisions have made some progress this quarter. However,
although all but one mission-critical system are projected to be implemented
by the government-wide deadline of March 1999, only 62 percent of
non-HCFA mission-critical systems are compliant. With respect to embedded
chips, facilities, and telecommunications, the relatively late start
in assessing costs in this area has produced a significant increase
in estimated costs. Increased emphasis on verification has also added
to costs -- but generally all operating divisions are doing a good
job of incorporating independent validation and verification into
their schedules appropriately. Virtually all critical systems will
be subject to independent verification. Non-HCFA operating divisions
have also begun serious programs for contingency and continuity of
business planning and for outreach.
Department
of State
The Department
of State faces a significant challenge in managing its extensive Y2K
project while, at the same time, completely replacing information
systems installed at over 230 locations around the world as part of
the ALMA (A Logical Modernization Approach) program. Additionally,
State is the major provider of telecommunications services to U.S.
Government agencies operating overseas. State has done an impressive
assessment of its Y2K situation, particularly its embedded systems,
and is asserting a leadership role in providing Y2K support to U.S.
operations overseas. The Department has assembled a strong program
management capability and successfully raised awareness of the problem
among the Foreign Service and U.S. Diplomatic communities.
Although
State is making progress in replacing and modernizing its information
and telecommunications infrastructure, progress on renovation, verification
and implementation of mission-critical systems is of increasing concern.
In the last quarter, State did not report adequate progress on completion
of systems it is renovating, nor did it report adequate progress on
final validation of systems. The Department also must accelerate progress
on replacing 26 mission-critical applications if it is to meet the
March 1999 government-wide milestone for completing implementation.
It should
be noted that State's ALMA deployment includes several mission-critical
applications that the Department will not take credit for having completed
implementation until ALMA installation is completed worldwide in April
1999. Deployment of ALMA is proceeding at about 90 percent of State's
deployment plan, which could further affect the ability of several
smaller posts to operate in 2000. State has begun contingency planning
to ensure that operations at these locations are not adversely affected.
Department
of Transportation
The Department
of Transportation's improved management oversight, combined with an
accelerating rate at which the Federal Aviation Administration (FAA)
is remediating air traffic control system components, is significantly
mitigating risk. At the end of July 1998, the Department-wide percentage
of mission-critical systems renovated stood at 65 percent, a significant
improvement over the 25 percent reported in the previous quarter.
However, with only 23 percent of its mission-critical systems validated
and 11 percent implemented, the Department continues to lag well behind
the government-wide schedule.
The FAA
reflects this improved trend with 59 percent of mission-critical systems
renovated, up from 11 percent reported in May. However, with 10 percent
of its systems validated and 3 percent implemented, it remains significantly
behind schedule. The FAA has taken decisive action concerning the
HOST computer system and other critical air traffic control systems.
It has initiated procurement of new HOST computers while simultaneously
verifying, to a reasonable degree of certainty, that the existing
HOST microcode is free of year 2000 vulnerabilities which would affect
the operational processing of flight and radar data. In addition,
an ongoing date roll-back test has been very promising and serves
as a contingency plan should replacement efforts be delayed and should
HOST experience unexpected year 2000 problems.
Notwithstanding
this improvement, more needs to be done in three areas. First, more
work is needed concerning system interfaces. A number of systems that
were reported as fully renovated have not had their system interfaces
completely evaluated. At a minimum, individual system interfaces need
to be tested and validated before end-to-end system testing can be
successfully completed. Second, the year 2000 compliance status of
a number of systems that are under development is uncertain. The FAA
needs to work with the contractors and modify contracts, if necessary,
to have a reasonable assurance of compliance prior to the testing
phase. Finally, the FAA needs to reevaluate its master schedule and
make a concerted effort to accelerate its implementation schedule
for all systems to March 1999, or as soon thereafter as possible.
The U.S.
Coast Guard's improved management and operational attention to year
2000 issues has also minimized risk. While still facing challenges
associated with antiquated hardware and software on some critical
systems, the Coast Guard is presently well positioned to ensure continuity
of its safety-related systems. The Department's other operating administrations
seem to be on track to a smooth millennial transition.
U.S.
Agency for International Development
AID again
reported no progress in terms of the total number of systems renovated,
validated, or implemented. While AID has made a number of management
improvements, including plans to increase independent validation and
verification of contractor deliverables and increasing agency-wide
Y2K awareness, they are not expected to make measurable progress in
renovating or replacing any of their mission-critical systems until
the end of August 1998. Renovation of AID's most important system,
the New Management System, has begun. With contractor assistance,
AID is evaluating options to reprogram resources to accelerate progress.
AID has
selected three vendors to replace desktop hardware and software and
intends to award a contract for Independent Verification and Validation
services for all mission-critical applications this September. AID
has begun continuity of business planning in August, identifying critical
functions that must be supported and assessing the need for related
contingency plans. The agency has assumed a leadership role in performing
year 2000 outreach and awareness training in the over 80 nations in
which it operates, providing management assistance to host nations
and other international aid organizations operating in these countries.
TIER
TWO AGENCIES
For agencies
in Tier 2 the second tier, OMB sees evidence of progress, but also
has concerns. Some of these agencies have strong Y2K programs and
OMB expects them to continue to improve. The eight agencies in Tier
2 are: the Departments of Agriculture and Commerce, Housing and Urban
Development, Interior, Justice, Labor, and Treasury, and the Office
of Personnel Management. A summary of progress and concerns for these
agencies appears below.
Top
of Page
Table 2
Tier
2 Agencies -- Progress, But Concerns
Agency |
Progress |
Concerns |
USDA |
Management
team active. Guidance on business continuity and contingency
planning and independent validation and verification has been
finalized. |
Pace
of work must increase if government-wide goals are to be met,
particularly with the Forest Service. Embedded systems, facilities,
and telecommunications issues are not yet resolved. |
DOC |
Overall,
making progress. The new CIO is providing leadership on the
Y2K issue; undertaking IV&V and contingency planning; anticipates
completing renovation phase for all but one mission-critical
system by September and implementation by March, 1999. PTO has
prepared a contingency plan for the Classified Search and Image
Retrieval System. |
Lags
behind government-wide goals. NOAA must accelerate implementation
of IV&V for mission-critical systems. |
HUD |
Good
progress in renovating mission-critical systems and non-mission
critical systems. Inspector General is auditing Year 2000 Program
and HUD has retained an independent validation and verification
contractor. Completed continuity of business plan and is preparing
contingency plans. |
HUD
must increase and sustain its rate of progress if it is to meet
the March 1999 goals. HUD has 84,000 data exchange partners
using 34 systems that must be resolved. Reported a $12.2 million
(26 percent) increase in total year 2000-related costs. |
DOI |
Project
management continues to be refined. Good progress on embedded
chip, telecommunications, and data exchange issues. Independent
validation and verification efforts have been formally established. |
Pace
of renovation, validation, and implementation must improve if
Department and government-wide goals are to be met. |
DOJ |
Good
renovation progress. Justice has assessed most of its embedded
systems, and is making good progress in assessing and upgrading
its non-wireless telecommuni-cations systems. Office of the
Inspector General actively reviewing bureau status. Independent
verification and validation contractor is reviewing test plans
and improving compliance verification. Continuity of business
and continency plans are being developed. |
Pace
must improve if Department and government-wide goals are to
be met. DOJ has also identified $27 million in new costs, almost
doubling its previous estimate. An extensive number of data
exchanges must be verified as year 2000 compliant. |
DOL |
Good
progress on data exchanges, especially with State unemployment
systems; good progress against internal schedule; anticipates
completing the renovation phase for all but one system by September
and implementation for all systems by March 1999. The Department
has completed the assessment of embedded chips. |
Despite
some progress, still well behind government-wide goals for agency
mission-critical systems. Two large, critical systems at the
Bureau of Labor Statistics and the Pension and Welfare Benefits
Administration will miss the September renovation goal. |
Treasury |
Strong
project team in place. Good progress on embedded chip, telecommunications,
contingency planning, and data exchange issues. |
Rate
of renovation, validation, and implementation must improve if
the Department and government wide goals are to be met -- particularly
for IRS, Customs, and FMS. |
OPM |
Continued
senior management involvement is resulting in progress according
to OPM's schedule. Expect significant accomplishments in next
quarter. Contingency planning underway. |
Rate
of renovation, validation and implementation of mission critical
systems repairs must increase to meet government-wide goals. |
Top
of Page
TIER
THREE AGENCIES
The remaining
agencies are in Tier 3 and appear to be making satisfactory progress.
These nine agencies are the Environmental Protection Agency, the Federal
Emergency Management Administration, the National Aeronautics and
Space Administration, the Social Security Administration, the General
Services Administration, the National Science Foundation, the Nuclear
Regulatory Commission, the Small Business Administration, and the
Department of Veterans Affairs.
SMALL
AND INDEPENDENT AGENCIES
Based
on the results of a request for reports from 41 small and independent
agencies, OMB asked nine agencies to report again on their progress,
because of the importance of these agencies' missions, because of
concerns about the rate of progress, or because their initial reports
did not provide sufficient detail. Those agencies are: the Federal
Communications Commission, the Federal Housing Finance Board, the
National Archives and Records Administration, the National Labor Relations
Board, the Office of Administration in the Executive Office of the
resident, the Peace Corps, the Tennessee Valley Authority, the U.S.
Postal Service, and the Office of the U.S. Trade Representative. John
Koskinen will meet with selected small and independent agencies in
the next quarter. OMB will continue to work with all small and independent
agencies, as appropriate, to ensure that they are prepared for the
year 2000. OMB is asking all small and independent agencies to report
again on May 15, 1999.
Top
of Page
Table 3
Summary
of Small and Independent Agency Reports
Agency
|
No.
MC Systems
|
No.
MC
Systems Compliant
|
Total
Cost
(in
millions)
|
Progress
|
Concerns
|
Federal
Communications Commission |
30
|
13
|
15.2
|
Major
licensing systems compliant. Work started on 16 mission-critical
systems. Will obtain IV&V contractor. IG involved. Leading
outreach efforts to telecommunications industry. |
Rate
of progress must be accelerated, particularly in replacement
systems. Move to new headquarters building addresses embedded
systems, but complicates year 2000 work. |
Federal
Housing Finance Board |
6
|
1
|
0.34
|
Key
staff are on board. Progress continues on renovation, validation,
and implementation. |
IV&V
process has not been formalized. Contingency planning needs
strengthening. |
National
Archives and Records Administration
|
22
|
10
|
5.7
|
Assessment
will be complete by September 30, 1998. Ten of its 22 mission-critical
systems are now compliant. |
Seven
of 22 mission critical systems will miss the March 1999 implementation
goal. Contingency planning has not begun. Security and environmental
control systems at Presidential Libraries are a significant
challenge. |
National
Labor Relations Board |
29
|
11
|
7.5
9/
|
Two
systems have been implemented. When it became clear the Case
Tracking System (CATS) designed to replace seven existing systems
would not be implemented in time, a contingency plan was adopted
to renovate existing systems. |
Two
mission-critical systems will miss the March 1999 goal, including
one which is a contingent system for CATS. No plans for independent
verification. No continuity of business plan. |
Office
of Administration, EOP |
86
|
1
|
16.4
|
Assessment
completed, strategy established, and critical projects to upgrade
information technology infrastructure are underway. |
Behind
government-wide goals due to limited FY 1998 funds; virtually
all work is to be accomplished in FY 1999. |
Peace
Corps |
17
|
5
|
9.0
|
Payroll
is shifting to USDA by June 1999. Renovation of all mission-critical
systems should complete by September 1998. Good contingency
and continuity planning process. |
Needs
to accelerate validation and implementation. Renovated financial
management system will not be ready for testing until May 1999.
Dependent on foreign banks for disbursement. Need a formal and
independent verification capability. |
Tennessee
Valley Authority |
347
|
104
|
37.0
|
Good
overall management. Completed assessment of embedded chip problem. |
A
number of mission critical applications will miss March 1999
deadline. Need continuity of business plan. |
U.S.
Postal Service |
166
|
56
|
504
|
Comprehensive
program addresses all known areas where year 2000 can
have
a significant impact on the Postal Service. The USPS year
2000 initiative is receiving considerable executive management
attention.
|
USPS
has a massive challenge, given its size and potential role in
the contingency plans of many other organizations, including
Federal agencies. |
U.S.
Trade Representative, EOP |
6
|
0
|
1.2
|
Funding
includes replacement of LAN/desktop infrastructure. Mission-critical
systems are standard COTS office support packages or simple
databases that have been renovated and are being tested. Systems
in Geneva will be compliant in September. |
Need
to complete inventory, repair and verification of data exchanges.
Embedded systems, while minimal, should be identified and assessed.
Impending award of task order for IV&V services should be
accelerated if possible. |
9/
Represents only FY1998 and 1999 costs.
Top
of Page
Appendix A
Table 1
Agency
Goals for Compliance of Mission Critical Systems
|
Assessment
Date
|
Renovation
Date
|
Validation
Date
|
Implementation
Date
|
Gov't-wide
Goal |
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Agriculture
|
Oct-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Commerce
|
Mar-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Defense
|
Jun-97
|
Jun-98
|
Sep-98
|
Dec-98
|
Education
|
Nov-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Energy
|
Jan-97
|
Sep-98
|
Feb-99
|
Mar-99
|
HHS
|
Jun-98
|
Dec-98
|
May-99
|
Jun-99
|
HUD
|
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Interior
|
Mar-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Justice
|
Jun-97
|
Jul-98
|
Oct-98
|
Jan-99
|
Labor
|
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
State
|
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Transportation
|
Aug-97
|
Sep-98
|
Jan-99
|
Mar-99
|
Treasury
|
Jul-97
|
Oct-98
|
Dec-98
|
Dec-98
|
VA
|
Jan-98
|
Sep-98
|
Jan-99
|
Mar-99
|
AID
|
Nov-97
|
Mar-99
|
Jun-99
|
Sep-99
|
EPA
|
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
FEMA
|
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
GSA
|
Jun-97
|
Jul-98
|
Sep-98
|
Jan-99
|
NASA
|
Aug-97
|
Sep-98
|
Jan-99
|
Mar-99
|
NRC
|
Sep-97
|
Sep-98
|
Jan-99
|
Mar-99
|
NSF
|
Jun-97
|
Sep-98
|
Jan-99
|
Mar-99
|
OPM
|
Jun-97
|
Oct-98
|
Jan-99
|
Jan-99
|
SBA
|
May-97
|
Sep-98
|
Sep-98
|
Sep-98
|
SSA
|
May-96
|
Sep-98
|
Dec-98
|
Jan-99
|
Note:
Bold dates are earlier than those reported previously.
Italicized
dates are later than those reported previously.
Top
of Page
Appendix A
Table 2
Progress
on Status of Mission-critical Systems
Mission-critical
Systems
|
|
Total
Number
|
Number
Compliant
|
Percent
of Total
|
Number
Being Replaced
|
Number
Still Being Repaired
|
Number
Being Retired
|
Agriculture
|
647
|
406
|
63%
|
56
|
171
|
14
|
Commerce
|
455
|
348
|
76%
|
49
|
58
|
0
|
Defense
|
2965
|
1236
|
42%
|
184
|
1521
|
24
|
Education
|
14
|
4
|
29%
|
2
|
8
|
0
|
Energy
|
411
|
164
|
40%
|
110
|
109
|
28
|
HHS
|
298
|
122
|
41%
|
34
|
135
|
7
|
HUD
|
62
|
37
|
60%
|
7
|
17
|
1
|
Interior
|
91
|
29
|
32%
|
8
|
54
|
0
|
Justice
|
207
|
64
|
32%
|
16
|
127
|
0
|
Labor
|
61
|
24
|
39%
|
15
|
22
|
0
|
State
|
59
|
21
|
36%
|
26
|
12
|
0
|
Transportation
|
616
|
286
|
46%
|
60
|
264
|
6
|
Treasury
|
323
|
144
|
45%
|
44
|
132
|
3
|
VA
10/
|
319
|
196
|
61%
|
0
|
123
|
0
|
AID
|
7
|
1
|
14%
|
2
|
4
|
0
|
EPA
|
58
|
46
|
79%
|
3
|
8
|
1
|
FEMA
|
49
|
34
|
69%
|
7
|
8
|
0
|
GSA
|
58
|
45
|
78%
|
8
|
5
|
0
|
NASA
|
158
|
99
|
63%
|
6
|
49
|
4
|
NRC
|
7
|
2
|
29%
|
2
|
3
|
0
|
NSF
|
17
|
14
|
82%
|
0
|
3
|
0
|
OPM
|
111
|
53
|
48%
|
10
|
46
|
2
|
SBA
|
42
|
31
|
74%
|
0
|
11
|
0
|
SSA
|
308
|
286
|
93%
|
1
|
20
|
1
|
TOTAL
|
7343
|
3692
|
50%
|
650
|
2910
|
91
|
10/
In the last quarterly report VA identified 11 mission critical areas.
For government-wide consistency in the tracking process, VA has disaggregated
these areas into 319 separate applications that support these mission
critical areas.
Top
of Page
Appendix A
Table
3
Status
of Mission Critical Systems Being Repaired
|
Number
of Systems
|
Assessment
Percent Complete
|
Renovation
Percent Complete
|
Validation
Percent Complete
|
Implementation
Percent Complete
|
Agriculture
|
334
|
100%
|
71%
|
51%
|
50%
|
Commerce
|
141
|
100%
|
71%
|
60%
|
59%
|
Defense
|
2075
|
99%
|
70%
|
34%
|
27%
|
Education
|
8
|
100%
|
50%
|
13%
|
13%
|
Energy
|
154
|
99%
|
50%
|
32%
|
29%
|
HHS
|
163
|
100%
|
31%
|
12%
|
14%
|
HUD
|
40
|
100%
|
80%
|
58%
|
40%
|
Interior
|
83
|
100%
|
73%
|
42%
|
33%
|
Justice
|
160
|
99%
|
83%
|
24%
|
18%
|
Labor
|
27
|
100%
|
52%
|
22%
|
19%
|
State
|
12
|
100%
|
50%
|
25%
|
0%
|
Transportation
|
297
|
100%
|
65%
|
23%
|
11%
|
Treasury
|
234
|
100%
|
72%
|
51%
|
44%
|
VA
|
319
|
100%
|
94%
|
84%
|
61%
|
AID
|
5
|
100%
|
20%
|
20%
|
20%
|
EPA
|
29
|
100%
|
86%
|
79%
|
72%
|
FEMA
|
15
|
100%
|
67%
|
53%
|
47%
|
GSA
|
20
|
100%
|
80%
|
80%
|
75%
|
NASA
|
101
|
100%
|
76%
|
54%
|
51%
|
NRC
|
4
|
100%
|
50%
|
25%
|
25%
|
NSF
|
9
|
100%
|
100%
|
78%
|
67%
|
OPM
|
79
|
100%
|
52%
|
42%
|
42%
|
SBA
|
42
|
100%
|
74%
|
74%
|
74%
|
SSA
|
289
|
100%
|
93%
|
90%
|
87%
|
TOTAL
|
4640
|
99%
|
71%
|
44%
|
37%
|
Top
of Page
Appendix A
Table
4
Agency
Year 2000 Cost Estimates 11/
(in millions)
|
1996
|
1997
|
1998
|
1999
|
2000
|
TOTAL
|
Agriculture
|
2.7
|
16.9
|
62.1
|
30.3
|
7.8
|
119.8
|
Commerce
|
2.6
|
12.4
|
35.6
|
32.1
|
6.5
|
89.2
|
Defense
|
23.9
|
375.6
|
1069.4
|
435.3
|
52.1
|
1956.3
|
Education
12/
|
0.1
|
1.7
|
23.3
|
7.4
|
1.2
|
33.7
|
Energy
|
1.0
|
20
|
93.3
|
68.1
|
19.3
|
201.7
|
HHS
13/
|
7.9
|
33.1
|
143.0
|
325.8
|
14/
|
509.8
|
HUD
|
0.7
|
6.2
|
21.8
|
25
|
6.2
|
59.9
|
Interior
|
0.2
|
2.8
|
10.6
|
21.1
|
0.7
|
35.4
|
Justice
|
1.5
|
6.6
|
29.8
|
19.1
|
2
|
59.0
|
Labor
15/
|
1.7
|
5.4
|
14.5
|
18.1
|
8.8
|
48.5
|
State
|
0.5
|
49.3
|
63.1
|
47.9
|
6.8
|
167.6
|
Transportation
|
0.4
|
10.7
|
114.5
|
74.9
|
12.5
|
213.0
|
Treasury
16/
|
8.1
|
200.2
|
592.7
|
407.9
|
261.2
|
1470.1
|
VA
|
4.0
|
22
|
70
|
93
|
11
|
200.0
|
AID
|
1.1
|
3
|
18.3
|
13.7
|
3.2
|
39.3
|
EPA
|
0.8
|
5.3
|
13
|
6.1
|
1
|
26.2
|
FEMA
|
3.8
|
4.4
|
3
|
0.9
|
0.5
|
12.6
|
GSA
|
0.2
|
0.8
|
8.7
|
4.2
|
0
|
13.9
|
NASA
|
0.1
|
6.4
|
27.7
|
11.2
|
1.5
|
46.9
|
NRC
|
0.0
|
2.4
|
4
|
3.9
|
0.6
|
10.9
|
NSF
|
0.0
|
0.5
|
0.8
|
0.1
|
0
|
1.4
|
OPM
|
1.7
|
2.1
|
1.5
|
0.8
|
0.3
|
6.4
|
SBA
|
1.7
|
3.3
|
2.7
|
2.4
|
0.5
|
10.7
|
SSA
|
2.2
|
13.3
|
12.2
|
5
|
0.5
|
33.2
|
TOTAL
|
66.9
|
804.4
|
2435.6
|
1654.3
|
404.2
|
5365.5
|
11/
These estimates do not include the Federal share of the costs for
State information systems that support Federal programs. For example,
the Agriculture total does not include the potential 50 percent in
Federal matching funds provided to States by Food and Consumer Services
to correct their year 2000 problems. Similarly, the HHS total does
not include the Medicaid baseline costs for the Federal share of State
systems. And, while Labor's FY 1998 appropriation includes $200 million
for States to correct year 2000 problems in State unemployment insurance
systems, that amount is not included in this estimate.
12/
The FY 1999 cost estimate does not include $4.4 million planned for
outreach to the education community.
13/
Increase in FY 1999 from May quarterly report is $213 million. Of
this, $142.6 million is for HCFA.
14/
HHS' most recent estimate of Y2K costs for FY 2000, as reported in
their August 1998 quarterly report to OMB, is not reflected in this
table. The approximately $550 million in FY 2000 costs is still being
reviewed by OMB. Almost all of these costs are attributable to HCFA.
15/
The FY 1999 and 2000 cost estimates do not include $1.4 and $1.2 million,
respectively, planned for outreach to industry by the Mine Safety
and health Administration and the Occupational Safety and Health Administration.
16/
Costs displayed differ from those reported previously, as they do
not include costs for non-appropriated activities, other sources of
funding such as reimbursements, and diversions of base resources that
are not identified in the 99 Budget or as part of official reprogrammings.
Costs for programs that do not receive appropriations are as follows:
FY 96: $.2 M, FY 97: $9.4 M, FY 98: $53.2 M, FY 99: $38.1 M, FY00:
$5.4 M. Costs that Treasury is funding through other sources, such
as reimbursements, are as follows: FY: 97: $3.1 M, FY 98: $15.4 M,
FY 99: $48.0 M. Diversions of base resources not identified in the
99 Budget or as part of an official reprogramming are as follows:
FY 98: $17.2 M, FY 99: $70.8 M. (Costs displayed above for FY 1999
include additional needs verified by OMB.) Additional costs of $34.4
M for FY 2000 have not been verified by OMB and therefore are not
included in the above table.
Top
of Page
Appendix B
Agency Exception Reports
Mission-critical Systems Behind Schedule
Department
of Commerce
The Patent
and Trademark Office reports that the Classified Search and Image
Retrieval (CSIR) system will not be year 2000 compliant by March 31,
1999. The CSIR provides patent examiners with the capability to electronically
search and retrieve U.S. patent images from their desktop workstations.
PTO indicates that the CSIR system will be compliant by June 30, 1999.
This system is delayed due to the contractor's inability to place
qualified staff on the task. A contingency plan was submitted on August
14, 1998 for this system.
Department
of Defense
The Department
of Defense reports 51 mission critical systems are behind schedule
for fixing year 2000 problems. This is an increase from the 9 reported
last quarter. Seven of those previously reported systems remain behind
schedule. In addition, DoD reports that 69 mission critical systems
will miss the March 1999 deadline for being fixed, an increase from
the 34 that were reported in May. These increases are due to DoD's
efforts to improve reporting, impose more stringent validation and
testing criteria, and provide senior management with early warning
of any problems that may occur.
Department
of Education
In the
May quarterly report, Education reported two systems which had fallen
two or more months behind schedule: 1) the Title IV Wide Area Network
(TIVWAN), and 2) the National Student Loan Data System (NSLDS). TIVWAN
had slipped from a renovation date of 2/98 to 8/98 and NSLDS had slipped
from a renovation date of 6/98 to 8/98. In the August quarterly report,
both of these systems had completed their renovation phases as scheduled
and are no longer listed as exceptions. Also in the August quarterly
report Education listed three systems which have fallen two or more
months behind schedule: the Impact Aid Payment System, the Education
Local Area Network, and the Pell Recipients' Financial Management
System. For the Impact Aid Payment System, which is a replacement
system, the renovation phase has been completed, but the validation
and implementation phases have slipped by three and two months respectively
from June 1998 to September 1998, and from July 1998 to September
1998. For the Education Local Area Network, which is a system being
renovated, the renovation phase completion date has slipped by two
months from September 1998 to November 1998. That slippage is being
driven by difficulties with one of five components, the Enterprise
Mail Messaging package, which will not be done with renovation until
late November, 1998. For the Pell Recipients' Financial Management
System, the slippage is more severe. The Pell System renovation phase
has slipped by five months, from July 1998 to December 1998. Education
has currently completed 40 percent of the work necessary to finish
the renovation phase for the Pell System.
Department
of Energy
In the
May quarterly report, the Department had identified six systems with
implementation dates beyond the March 1999 milestone. These six systems
remain with implementation dates beyond the March 1999 milestone in
the August quarterly report. The six systems are at two DOE facilities
-- Sandia National Lab and Savannah River. At the Sandia National
Laboratories the system with the implementation date October 1, 1999,
is the Oracle Financial System. At the Savannah River site there are
five systems. The Nuclear Materials Stabilization Program Operations
System (implementation date of September 30, 1999), the Tank Farm
Process Control System (implementation date of October 31, 1999),
the Tank Farm Manufacturing Support System (implementation date of
August 19, 1999), the Defense Waste Processing Facility Process Control
System (implementation date of October 31, 1999) and the Defense Waste
Processing Facility Manufacturing Support System (implementation date
of October 31, 1999).
These
are the six system reported by the Department in its August quarterly
report; in addition, however, the Department tracks progress against
its own milestones and has identified 51 systems that are behind their
internal renovation milestones. The Department has 27 systems out
of 411 that are behind their schedule by more than 60 days. DOE also
has 43 systems that are being renovated which are scheduled to be
implemented in March 1999.
Department
of Health and Human Services
From June
status data, HCFA indicated that there were three Medicare contractors
who had deadlines for implementation after March 1999. HCFA submitted
a revision to that data on August 12 indicating that no
systems were more than two months behind schedule and that there were
no systems which would not be repaired before March 31, 1999. However,
there is still serious concern that some contractors may fail to meet
the March deadline.
In the
May quarterly report the Health Resources and Services Administration's
(HRSA) contractor-operated National Organ Transplant System was projected
not to be compliant until a new replacement system was implemented
in July 1999. In the August quarterly report, HRSA reports that the
schedule has been advanced at least 3 months: the National Organ Transplant
System is scheduled to be validated by March 31, 1999, and is scheduled
to be implemented in early April 1999.
Department
of Interior
The Supervisory
Control and Data Acquisition (SCADA) System for the Colorado River
Storage Project within the Bureau of Reclamation is used to manage
the Glen Canyon Dam's Power plant and water flow. In the May report,
this system was discussed primarily because the preliminary estimates
to renovate the system were significantly higher than anticipated.
A statement of work was developed requiring a three-phase effort to
reassess costs, make repairs, and test the system for year 2000 compliance.
Additionally, a waiver to the Dual-Compensation Act has been granted
for 10 Power plant Operators as part of a contingency plan that will
allow all of the bureau's dams to be operated in a manual mode. Currently
all of the bureau's continuity of operations manuals are being reviewed
with regard to Y2K impact. SCADA is now considered be back on schedule
with renovation, testing, and implementation to be completed by March
1999.
The Global
Seismic Network (GSN) of the U.S. Geological Survey collects and provides
data from the global digital seismic network to incorporated research
institutions. This system is integrated with the global positioning
system and includes information on earthquake assessments, oil drilling
distribution and maintenance and water resource management. Earlier
schedule and budget estimates for GSN were based on data that was
incomplete relative to the severity of several problems in the field
system operating software. A new schedule has been developed to overcome
these problems and result in a compliant system by February 1999.
The Seismic
Event Data Analysis System (SEDAS) of the U.S. Geological Survey contains
information pertaining to earthquakes throughout the world. It is
used by USGS researchers for information dissemination. Earlier schedule
and budget estimates for SEDAS were based on repairing an older computer
system which was then discovered to be too old for reliable Y2K renovation.
A new system is now being procured and a revised schedule has been
developed for a compliant system to be in place by January 1999.
The U.S.
National Seismograph Network (USNSN) of the U.S. Geological Survey
(USGS) provides the hardware and the software for the Water Resources
Division of USGS for scientific, accounting, and personnel information.
Earlier schedule and budget estimates for USNSN were revised after
determining that there is a much more comprehensive method for testing
and validating total system Y2K compliance than was originally envisioned.
The slip in the validation schedule is due to expanded testing of
the system and revisions to the testing schedule itself. The system
is currently scheduled for validation in October 1998, implementation
in November 1998, and IV&V in December 1998.
Department
of Justice
The most
recent quarterly report shows that 13 systems will miss internal Justice
milestones for assessment, renovation or validation, but the Department
insists that all these systems will meet the Department's January
1999 deadline for completion of implementation. In addition, Justice
has identified three mission critical systems that will miss the government-wide
March 1999 implementation deadline. First, the Digital Monitoring
Workstations in the Federal Bureau of Investigation (FBI) support
investigative collections for authorized foreign counterintelligence
surveillance and were found to be non-year 2000 compliant. The FBI
is replacing the twelve systems at the rate of approximately one per
month, and they should be fully implemented by October 1999. Second,
the Immigration and Naturalization Service (INS) has decided to perform
replacement of its mission-critical Local Area Network and its non-mission
critical workstation/office automation upgrades simultaneously. Because
a large number of sites are involved, INS will be unable to complete
replacement of this infrastructure until July 1999. Third, Justice
is replacing the Card Key System for its Washington, DC headquarters
as part of the building's overall renovation; this renovation won't
be finished until after March 1999.
State
Department
The Supply
Automated Receiving System (SARS), Enhanced Automated Procurement
System (EAPCS), Mail Sorting Equipment Network (MSE), and the Electronic
Receipts System (ERS) within the Bureau of Administration will all
miss their September renovation milestones. In its last report, State
expected these systems to be back on schedule in June, 1998. Early
delays involved evaluation of commercial off-the-shelf system alternatives,
funding requests and contract modifications. Renovation of the SARS
is scheduled for completion in November 1998, and acceptance testing
will be completed in March 1999. Assessment of EAPCS is now completed,
and implementation is scheduled for February 1999. Renovation of MSE
will begin in November, and certification and implementation is scheduled
to be completed in March 1999.
State
had previously reported the Office of Personnel's Medical Archiving
Retrieval System (MARS) as extending beyond the September 1998 renovation
milestone, but this system has been subsequently been reclassified
as a non-mission critical system. Deployment of the ALMA (A Logical
Modernization Approach) upgrades to over 230 State Department posts
worldwide will not be completed until April 1999. Included in the
ALMA package are a number of Consular Affairs mission critical systems,
including the Automated Citizen Services function, Modernized Immigrant
Visa system, Non-Immigrant Visa and Computer Assisted Processing systems,
and the Travel Document Issuance System. Through July 1998, ALMA has
been deployed to 105 posts worldwide, meeting 92 percent of State's
target goals. State is preparing continuity of business plans should
any posts or embassies not have ALMA installed in time to meet the
millennium.
Department
of Transportation
The Federal
Aviation Administration (FAA) is faced with a significant challenge
in validating and implementing hundreds of systems, particularly air
traffic control systems which require extensive end-to-end testing.
At the present time, the FAA estimates that 62 systems will not be
implemented by March 1999, a number of which are critical to FAA's
telecommunications and data exchange infrastructure. The FAA presently
expects to complete validation activities by March 1999 and implementation
activities by June 1999. As stated in the report, the FAA needs to
reevaluate its master schedule and make a concerted effort to accelerate
its implementation schedule for all systems to March 1999, or as soon
thereafter as possible.
The U.S.
Coast Guard reports that its consolidated accounting system, the Finance
Center Information Resources Management System, has fallen behind
schedule and will likely miss the March 1999 implementation date.
The three systems reported as behind schedule in the previous quarter
are now back on schedule. In addition, the Automated Aids Positioning
System, which is still in development, was recently identified as
having year 2000 vulnerabilities, but is expected to be implemented
by the March 1999 milestone date and will not be fielded until fully
compliant.
Treasury
Department
GOALS,
a FMS system that was to have been implemented after the government
wide deadlines, is now on target to be compliant by March 1999. The
Government On-Line Accounting Link System (GOALS) at the Financial
Management Service is comprised of 18 application subsystems that
collect, edit, and telecommunicate data. GOALS-II was initiated in
September 1995 to replace GOALS-I. Based on the analysis of the current
development schedule, not all of the 18 subsystems of GOALS-II will
be completed and implemented prior to the year 2000. Consequently,
FMS determined that it must renovate the existing GOALS-I system to
ensure year 2000 compliance. In the May report, GOALS was described
as a system that would be compliant after the March 1999 government-wide
deadline. Based on a finalized assessment of GOALS, however, all critical
applications have been scheduled for completion on or before March
1999.
General
Services Administration
The General
Services Administration identified one system, the Acquisition Management
Program (AMP) as being delayed by more than two months, slipping from
May 1998 to October 1998. AMP is used to manage the funds used to
acquire vehicles at Fleet Management Centers throughout the nation.
GSA decided to implement the system at the beginning of the fiscal
year allowing the host computer platform to be upgraded.
Agency
for International Development
Two AID
mission critical systems will be implemented after the March 1999
goal. The Mission Accounting and Control System (MACS) will take longer
to renovate than originally planned and is scheduled for implementation
in May of 1999. The Agency's complex financial management, procurement,
budget and program management system, called the New Management Systems
(NMS) is scheduled for implementation in August 1999. AID will have
contingency plans in place for both of these systems by February 1999.
Additionally, AID will not have assurances until April 1999 that all
of its desktop personnel computers are both year 2000 compliant and
able to support other mission critical applications such as the American
Time and Attendance. AID is working to accelerate deployment of its
new desktop infrastructure in order to support deployment of mission
critical applications.
Top
of Page
Appendix C
Key
Federal Web Sites on the Year 2000
Top
of Page
|