EXECUTIVE SUMMARYTABLE OF CONTENTS
Tier One Agencies Tier Two Agencies Table 2 -- Tier 2 Agencies -- Progress, But Concerns Tier Three Agencies Small and Independent Agencies Table 3 -- Summary of Small and Independent Agency Reports President Clinton is committed to ensuring that Federal agencies are meeting the challenges posed by the year 2000 computer problem and to making sure that critical government services will not be disrupted by the transition to the year 2000. Since the last quarterly report, agencies have continued to make progress in their year 2000 efforts. As of August 15:
Individually, nine of the 24 major Federal agencies, grouped into Tier 3, are identified as continuing to make adequate progress on the year 2000 problem. Among these agencies, 74 percent of mission-critical systems are now year 2000 compliant, and 89 percent of systems being repaired have now been renovated. At the same time, many agencies continue to face significant challenges in their year 2000 efforts. Eight agencies are identified as making progress, but with concerns (Tier 2), and seven are identified as not making adequate progress (Tier 1). In this report, one agency, the State Department, was downgraded to Tier 1. While increased high-level focus on the problem has resulted in improvement at some of the most troubled agencies, their overall progress must increase if they are to meet the Government-wide year 2000 milestones for completing their work by March 31, 1999. To ensure that agencies are prioritizing their year 2000 efforts, on June 19, 1998, OMB directed all agencies of concern (Tiers 1 and 2) to provide to OMB their plans for monthly progress, and to subsequently provide to OMB, on a monthly basis, a report which measures progress against those plans. In addition, John Koskinen, Assistant to the President and Chair of the President's Council on Year 2000 Conversion, now attends monthly senior management meetings of the Tier 1 Cabinet agencies about the year 2000 problem. Moreover, based on the rankings of this report, Vice President Gore on September 2 met with heads and senior officials of the Departments of Defense, Education, Energy, Health and Human Services, State, and Transportation, and of the U.S. Agency for International Development to review their plans for prioritizing year 2000 efforts. On cost, agencies now estimate they will spend $5.4 billion fixing the problem in Federal systems -- up from $5 billion in May. This increase is consistent with the Presidents budget request, which anticipated that additional requirements would emerge over the course of the year and included an allocation to provide flexible funding to address emerging needs. In fact, additional needs for one-time funding have been arising as anticipated. This increase is due, in part, to the success of verification and validation efforts which have enabled agencies to better ascertain the compliance of their systems. In response to these needs, the Administration supports Congressional action to create an emergency funding mechanism for Y2K computer conversion requirements. This action is consistent with the President's budget. A number of Government-wide efforts are underway to coordinate progress in the areas of telecommunications, buildings systems, and bio-medical devices and laboratory equipment. These efforts have encountered resistance from some vendors, who, at times, are reluctant to provide the Federal Government with information about the compliance of their products. The Administration's proposed "Year 2000 Information Disclosure Act" would help to eliminate many of the barriers to information sharing. In the areas of Federal/State data exchanges, most Federal agencies have provided status information, as have most States. Progress
on Year 2000 Conversion This report is the sixth in a series of quarterly summary reports to Congress on the Administration's progress in fixing the year 2000 ("Y2K") computer problem in Federal systems. It outlines the continuing work to avert the problems that could occur if systems are not able to correctly process the year 2000. This summarizes data received from the 24 agencies that make up the Federal Chief Information Officers' (CIO) Council and from nine small and independent agencies. These data were due to OMB on August 15, 1998.1/ It also describes the status of government-wide activities underway. This report and all previous reports are available on OMB's web site [/OMB], on the web site for the President's Council on Year 2000 Conversion [http://www.y2k.gov], or on the Federal Chief Information Officers' web page [http://cio.gov].2/ OMB's initial Y2K report, entitled "Getting Federal Computers Ready for the Year 2000," was transmitted February 6, 1997. The report outlined the Federal Government's strategy to address the Y2K problem in its systems, one that remains predicated on agency accountability. The Government's approach follows the five phases of awareness, assessment, renovation, validation, and implementation. Working with the CIO Council, OMB set government-wide milestones for the completion of each phase. Agencies then established plans for each phase. The five phases overlap -- for example, validation of some systems begins while renovation of others continues. The Administration has taken several significant steps during the last quarter to spur progress on the problem within and beyond the Federal Government. At a July 14 event on the Y2K problem, President Clinton and Vice President Gore underscored the importance of preparing systems for the year 2000, not only within the Federal government, but in the private sector as well. The President's Council on Year 2000 Conversion, which began operations in March and is chaired by Assistant to the President John Koskinen, has continued its efforts to increase awareness of the problem beyond the Federal Government. Under the Council's direction, agencies are reaching out to private sector organizations, State and local governments, and international institutions in their policy areas and are participating on 35 Council working groups to address year 2000 activities in key economic sectors. The working groups are working closely with industry to facilitate and coordinate information sharing on year 2000 progress and solutions. Their efforts are an important part of the Council's "National Campaign for Year 2000 Solutions," which was kicked-off at a July 28 event focused on the Y2K problem's implications for the electric power industry.
1/ Except where noted, the summary data provided in this report refer solely to the 24 agencies on the CIO Council. 2/ A list of key Federal year 2000 web sites may be found on the last page of this report. The Administration also recognizes a critical need for industry to share information about their year 2000 problems and solutions with each other and with the public. Such sharing and cooperation is essential to making sure that companies can avoid "reinventing the wheel" and can proceed with their fixes in the most effective and timely way. Accordingly, the Administration has proposed the "Year 2000 Information Disclosure Act," which would encourage companies to share information about possible solutions to year 2000 problems. The Administration has taken significant actions in the last quarter to ensure that agencies are focusing on compliance. On June 19, 1998, OMB directed all agencies in Tier 1 (those where there is insufficient evidence of adequate progress) and Tier 2 (those that have demonstrated progress, but still are of concern) to provide to OMB plans for monthly progress, and to subsequently provide to OMB, on a monthly basis, reports which measure actual progress against those plans. In addition, John Koskinen is now attending the monthly senior management meetings of Tier 1 agencies on the year 2000 problem to work with them on their programs. And on September 2, the Vice President met with heads and senior officials of Tier 1 Cabinet agencies, based on this report -- the Departments of Defense, Education, Energy, Health and Human Services, State, and Transportation, and the U.S. Agency for International Development. He stressed the importance surmounting obstacles to year 2000 progress.
II. SUMMARY OF GOVERNMENT-WIDE PROGRESS This summary report shows that:
3/ These estimates include the costs of identifying necessary changes, evaluating the cost effectiveness of making those changes (fix or scrap decisions), making changes, testing systems, and preparing contingencies for failure recovery. They include the costs for fixing both mission critical and non-mission critical systems, as well non-information technology products and systems such as air conditioning and heating. They do not include the costs of upgrades or replacements that would otherwise occur as part of the normal systems life cycle. They also do not include the Federal share of the costs for state information systems that support Federal programs.
The Federal Government continues to make progress in addressing the year 2000 problem. However, the overall rate of progress for some agencies is still not fast enough. OMB has categorized agencies into one of three tiers. Tier 1 comprises agencies where there is insufficient evidence of adequate progress. For agencies in Tier 2, OMB sees evidence of progress, but also has concerns. The remaining agencies in Tier 3 are making satisfactory progress. Although 74 percent of Tier 3 agency systems are compliant, only 42 percent of Tier 1 agency are compliant. The following table provides detail on the progress of the agencies by tier. Government-wide Summary -- Year 2000 Status Mission-Critical Systems
4/ Percentage of all mission-critical systems that will accurately process data through the century change; these systems have been tested and are operational and includes systems that have been repaired and replaced, as well as those that were found to be already compliant. 5/ Percentage of mission-critical systems that have been or are being repaired; "Renovation complete" means that necessary changes to a system's databases and/or software have been made. 6/ Percentage of mission-critical systems that are being or have been repaired; "Implementation Complete" means that the system has been tested for compliance and has been integrated into the system environment where the agency performs its routine information processing activities. For more information on definitions, see GAO/AIMD-10.1.14, "Year 2000 Computing Crisis: An Assessment Guide," September 1997, available at http://cio.gov under Year 2000 Documents.
During the last quarter, the Administration took several steps to focus management attention and resources to this problem in order to ensure that solving the year 2000 problem is the agencies' top management priority. As mentioned previously, John Koskinen attending the monthly senior management meetings of the Tier 1 Cabinet agencies on the year 2000 problem to engage in discussions of ways to evaluate and prioritize work. In addition, to better focus management attention on plans and progress, all agencies that were rated as Tier 1 or Tier 2 were requested to provide to OMB their plans for meeting their renovation, validation, and implementation goals with monthly benchmarks. These agencies are now reporting monthly on their progress against those benchmarks. These plans and progress reports are a factor in OMB's evaluation of agency-specific progress as outlined in section IV. Finally, agencies are required to report on any mission-critical systems for which year 2000 renovation or replacements have fallen more than two months behind schedule. Agencies are also required to report on any system that will not meet the March 1999 target for completion of implementation. These agency exception reports are summarized in Appendix B. A significant number of these plans show agencies completing work on a large number of systems in the month just before their target dates -- usually March 1999. This is troubling, as information technology projects in general are prone to unanticipated complications and delays. In response to this end-loading of work in plans, some agencies have taken strong and aggressive management action to make sure that their goals are met. For example, the Secretary of Defense, on August 7, 1998, directed detailed reviews and reports of the status of year 2000 implementation by each of the Unified Commanders-in-Chief and warned that, as of October 1, IT funding for the owners of some systems may be withheld if there is not sufficient evidence of progress. Independent verification assists senior management by providing a double-check that their mission-critical systems will, in fact, be ready. All large agencies have independent verification programs underway for that reason. These activities are paying off, as agencies have realized that some systems, which were considered compliant, were not. This process allows management sufficient time to take action. It is essential that accurate information be reported to senior management in a timely manner, so that they can take appropriate action. Agency Inspectors General have been helpful to senior management in this regard as well. They are, for example, taking an active role in verifying the accuracy of reports to senior agency management and reports to OMB and the Congress. CONTINGENCY PLANNING AND CONTINUITY OF BUSINESS PLANNING In the reports this quarter, agencies have provided more detailed information on contingency planning for those systems that are expected to miss the March 1999 deadline for implementation. (See Appendix 5.) In addition, although most agencies provided some information on the steps they are taking to develop continuity of business plans, a great deal of work remains to be done. These plans should describe risk mitigation strategies and work-around alternatives to ensure the continuity of the agency's core business functions. Such functions rely not only on the agency's internal systems, but also on services outside of the agency's control, such as the ability of suppliers to provide products, services, or data, or the loss of critical infrastructure. This work remains in its early stages, but, given its importance, will be addressed by agencies in coming months. To support agencies in these efforts, the Year 2000 Committee of the CIO Council worked with GAO to develop guidance on continuity of business planning.7/ The Business Continuity and Contingency Plan of the Social Security Administration was shared with other agencies as a model. In addition, on July 22, 1998, OMB issued "Revised Reporting Requirements for Year 2000 Efforts" (M-98-12), which asked for additional information on contingency planning and continuity of business planning. The President's budget anticipated that additional requirements would emerge over the course of the year and included an allocation to provide flexible funding to address emerging needs. In fact, additional needs for one-time funding have been rising as anticipated. In response to these additional needs, on August 13, 1998, OMB asked agencies to provide to OMB their comprehensive plans and associated funding requirements for achieving year 2000 compliance. This information will augment the quarterly reports to OMB and will be used to assess the possible need for additional funding for each agency. The Administration supports Congressional action to create an emergency fund mechanism for Y2K computer conversion requirements. This action is consistent with the President's budget. If approved by the Congress, such a fund could make up to $3.25 billion available to the agencies, to be used exclusively for the direct costs of addressing the year 2000 problem. The availability of these funds would be contingent upon the President's certification that these are, in fact, emergency requirements. These funds would be available to cover the unanticipated costs of agency year 2000 efforts for all types of information technology, including computer software and hardware, telecommunications systems and their components, and other systems and components (such as building security systems and medical devices) that contain or depend on embedded microchips. OMB expects that such funding will be particularly important for problems uncovered as a result of verification and validation efforts and for contingency planning and continuity of business planning.
7/ GAO report, "Year 2000 Computing Crisis: Business Continuity and Contingency Planning." July, 1998; GAO/AIMD-10.1.19.
The Chief Information Officers (CIO) Council Committee on the Year 2000 has a established Subcommittees on Telecommunications, on Buildings, and on Biomedical Devices and Laboratory Equipment, to work on government-wide areas where the Y2K problem occurs outside of computer systems. In these areas, the problem occurs in commercial products that rely on computers or have computer chips inside them; the problem needs to be fixed by manufacturers of those products. The Committee has also established a subcommittee on State Issues that is focusing on ensuring that exchanges of data between the Federal government and the States will not be interrupted. Information sharing among vendors, manufacturers, service providers, and customers -- in this case, Federal agencies -- about year 2000 problems and solutions is critical. Despite intense efforts on the part of the Federal Government, many vendors, manufacturers, and service providers are reluctant to share information. In most cases, they fear that such information will be used as the basis for a liability lawsuit later -- despite the fact that failure to share information increases the probability that their products will not be ready in time. In response, the Administration has proposed the "Year 2000 Information Disclosure Act," which would encourage companies to share information about possible solutions to year 2000 problems. Like the private sector, the Federal agencies are reliant upon commercial vendors and the information they supply to address the compliance of their telecommunications systems. GSA owns, manages, or resells consolidated telecommunications services to Federal agencies throughout the United States. In most cases, agencies must work with telecommunications vendors to receive system upgrades; a number of agencies have expressed frustration that some vendors have been slow to either provide information about the status of their products or to repair the system. The Telecommunications Subcommittee, chaired by GSA's Federal Technology Service (FTS), is working with industry to ensure that the telecommunications services and systems provided to the Federal Government are year 2000 compliant. FTS has completed its inventory and assessment for all GSA Consolidated Systems, which provide local telecommunications services (including hardware, licensed proprietary software, and features such as voice mail) to Federal agencies nationwide. Through special interest groups for testing telecommunications equipment, the Subcommittee has established a government-wide database with information about compliant and non-compliant telecommunications products. This database is available for vendors to post the status of their products at http://y2k.fts.gsa.gov. The site also provides links to the Web sites of more than 50 vendors. The Federal Government will participate in network interoperability testing of certain critical systems scheduled by industry for early 1999. Thus far, testing has shown that 90 percent of the PBXs owned by GSA are already compliant. For the remaining 10 percent, manufacturers have indicated that they will provide upgrade solutions. With respect to service obtained from Local Exchange Carriers (LECs), GSA is contacting LEC service providers for information on their year 2000 status which it is then providing to other Federal agency users. In the Washington Metropolitan Area, the Washington Interagency Telecommunications Systems (WITS) provides approximately 170,000 analog and digital lines supporting both data and voice applications to Federal agencies. The system was fixed in July 1998. FTS 2000 Through the Government's FTS 2000 contract, GSA is responsible for ensuring year 2000 compliance for all Federal Government long distance telecommunications. GSA intends to transition to FTS2001 contracts where possible before the onset of the year 2000 to ensure compliance and a smooth transition. In the event that the transition to FTS2001 has not been completed by January 1, 2000, GSA has a contingency plan to use Sprint and AT&T FTS2000 services. Both companies have made formal commitments that their systems will be year 2000 compliant prior to the year 2000. International Telecommunications Within the United States, the International Direct Distance Dialing contract with AT&T that is managed by FTS has been certified compliant. Overseas, however, Federal agencies that have extensive foreign operations are reviewing the effect that the year 2000 may have on their ability to communicate with their overseas offices, which depend on the telecommunications infrastructures of other countries. The State Department has determined that more than 90 percent of the telecommunications equipment it operates overseas is compliant or can be operated in a manual mode. Roughly 5 percent of its telecommunications services are supported by equipment that is operated by the host nation. Several agencies, including the Peace Corps and the Agency for International Development, have expressed concern that overseas operations in some countries may be adversely affected by host nation telecommunications problems. In these instances, international agencies are working together to develop contingency plans or to identify backup systems, such as satellites, to ensure communications are maintained. Other Government-wide Telecommunications Services The equipment supplied by the Federal Wireless Telecommunications Service (FWTS) has been certified compliant by GTE. Contracts for the Wire and Cable Service; Electronic Commerce, Internet, and E-Mail Access; and Technical and Management Support contain year 2000 compliance clauses. All task orders for the Telecommunications Support Contract 2, which provides consulting and telecommunications services, include year 2000 compliance clauses. Many products or systems in buildings, such as security systems, elevators, or heating and air conditioning systems, contain embedded chips. Frequently, these chips include a date function that helps run the system -- for example, to time maintenance procedures or to regulate temperature. If this date function is not year 2000 compliant, then the chip may not work. This problem is particularly complex, because chip manufacturers do not closely track how these chips are used. In addition, a manufacturer of equipment (such as a security system) is unlikely to know the status of the chips it is using. It may also be difficult to accurately test the compliance of these chips in a working environment. Once non-compliant chips are identified, they must be replaced. This otherwise simple task of replacement is complicated by the large numbers of such chips and the lack of complete information about where they are located. In response, GSA is contacting the vendors and manufacturers of all equipment in all GSA-owned or GSA-managed buildings to determine the compliance or non-compliance of equipment and to determine any necessary remedial action. Based on this outreach, elevators, once thought to be highly susceptible, are no longer considered to be a concern. On the other hand, security/access systems are now coming under closer scrutiny. In addition, GSA has established a website (http://globe.lmi.org/lmi_pbs/y2kproducts/) that provides year 2000 information for building systems products. While there are now over 9,000 products listed on this site (up from 6,000 in the previous report), less than 5 percent of all products are identified as non-compliant. Another website has been established which allows personnel from Federal agencies to determine the year 2000 compliance status of Federally owned and leased facilities. This site is for Federal Government use only. GSA Owned or Managed Buildings To ensure that Federal buildings are ready for the year 2000, the CIO Council established the Building Systems Subcommittee, which is chaired by GSA's Public Buildings Service (PBS). Their charge is to ensure that any equipment that contains embedded chips in GSA- owned or GSA-managed buildings is year 2000 compliant. In space where GSA is the owner, PBS continues to thoroughly review inventory and coordinate with vendors and manufacturers of equipment that contains embedded chips. Approximately 75 percent of the GSA building inventory has been surveyed to identify equipment considered susceptible to year 2000 issues. GSA Leased Buildings GSA is also working closely with the owners of buildings that are leased by GSA. For leased space, GSA sent letters that describe potential problems associated with building systems containing embedded microchips and requesting that lessors certify their space as year 2000 compliant. About 40 percent responded. GSA will send follow-up letters to non-responsive lessors and will forward brief surveys for "high-risk" leased locations within 60 days. Through a contractor, GSA is developing compliance reports for each building in order to provide building managers with the basis for developing remedial action plans. Finally, a year 2000 clause was developed for inclusion in all Solicitations For Offers for all new leased space. Other Federal Government Buildings The Subcommittee also holds monthly meetings with representatives from 45 Federal agencies and bureaus in order to disseminate information to tenant agencies as well as share information with agencies that own or manage their own buildings. Contingency Planning for Buildings GSA has also established a Business Continuity and Contingency Planning (BCCP) Task Force. This interagency task force is developing a model BCCP for buildings for use by Federal agencies. The BCCP will be organized around core business processes. The BCCP will also be made available to the public. Biomedical Devices and Laboratory EquipmentBiomedical devices and laboratory equipment often rely on computer chips to help provide timing and maintenance functions. Although the effects on many devices are not serious, for others, they may result in equipment failure. Such failure will put patients at risk. Federal agencies and private sector users of biomedical devices and laboratory equipment need to know which equipment is susceptible to failure and must take corrective action. To provide better information on the status of biomedical devices and laboratory equipment to the Federal agencies that own and use such devices, the CIO Council Year 2000 Committee established the Biomedical Equipment Subcommittee, chaired by the Department of Health and Human Services. On January 21, 1998, the Deputy Secretary of the Department sent a letter to over 14,000 manufacturers of biomedical devices and laboratory equipment, asking them to verify the compliance of their products. On June 29, the FDA sent a follow-up letter to 1,935 manufacturers whose products were likely to contain electronic components. To date, only a little over 10 percent of manufacturers have responded to the initial inquiry and to follow-up inquiries. This information has been made publicly available to health care providers, facilities, and consumers on a web site located at http://www.fda.gov/cdrh/yr2000/html. The web site contains information about products that still need to be made year 2000 compliant, as well as solutions that the manufacturer will offer to mitigate the problem (e.g., software updates), and the date on which a compliant product will be available. Ultimately, the responsibility for informing the public about the compliance of products lies with manufacturers. It is critical that manufacturers provide information about the compliance of their products in order to prevent year 2000 date problems in biomedical equipment from endangering the nation's patient care and health research activities. Accordingly, the Federal Government is considering taking action to prohibit the acquisition of biomedical equipment from any manufacturer if the manufacturer has not informed the Federal Government of the year 2000 compliance for all of its products. State IssuesFederal agencies exchange data with each other; with foreign, State, and local governments; and with private entities. Because States operate many vital Federal programs, such as unemployment insurance and Medicaid, these exchanges are extremely important. (Although the Federal Government exchanges very little data with local governments, it remains concerned about progress there.) The Subcommittee on State Issues of the CIO Council's Year 2000 Committee is working with the National Association of State Information Resource Executives to focus on the exchanges between the Federal Government and State governments. All Federal agencies have inventoried their data exchanges and have discussed both the format of the exchanges and the timing of making fixes to them with their data exchange partners. On behalf of the CIO Council, GSA has established a secure web site for use by the Federal agencies and the States, and in July, all parties began to post the status of their data exchanges on the web. 8/ The status of each data exchange is shown as one of five categories: (1) compliant and successfully tested by both parties; (2) successfully bridged with both parties concurring in the format; (3) Federal side ready but not yet tested; (4) State ready but not yet tested; and (5) not yet compliant or testing still in progress. This information is being updated by both parties on a monthly basis. At this point, the database is being set up and both sides are making sure that data are accurate. Most Federal agencies have posted the status of their data exchanges. Some agencies have requested that their data exchanges not be posted for security reasons. In these cases, the information has been sent to NASIRE for distribution to State CIOs. Over half of the States have verified the data posted by the Federal agencies. As more status information is posted, standard reports will be distributed to Federal agencies and States which will provide an up-to-date view of data exchanges.
8/ Access to the site is limited to authorized personnel from the Federal agencies and State governments.
Other Information Sharing InitiativesYear 2000 Information Directory GSA also manages and maintains the Governmentwide Year 2000 Information Directory web site on behalf of the CIO Council. The directory provides one-stop access to information, solutions, and Internet sites dealing with the year 2000 problem. It acts as a clearinghouse for information for Federal, State and local governments, as well as for private industry and the public. This web site [http://www.itpolicy.gsa.gov/mks/yr2000/y2khome.htm] was selected for inclusion in The Dow Jones Business Directory. The web site includes articles and information on year 2000 product compliance, contingency planning, and health care and industry concerns, as well as a guide on the legal issues surrounding procurement and contracts. The site also includes links to sites with information on telecommunications, commercial-off-the-shelf (COTS) products, facilities, and biomedical equipment. Database of Compliant COTS Products On behalf of the CIO Council, the Office of Governmentwide Policy at GSA also maintains a directory of compliant, COTS Products that are used by Federal agencies. This information is also available to the public. [http://y2k.policyworks.gov] Information contained in the database is based on vendor assertions about their products and agency statements about their experiences with particular COTS products. Virtually all of the agencies have made progress in the last quarter, although in many cases there are serious concerns about the rate of that progress. To evaluate agency progress, OMB used four criteria:
Tier One comprises agencies where there is insufficient evidence of adequate progress. The six agencies in the first tier are: Department of Defense The Department of Defense has a massive year 2000 challenge which must be accomplished on a tight schedule. The Department has improved its rate of progress in addressing the challenge, but the pace must be increased to meet government-wide milestones. The percentage of mission critical systems that are now compliant has risen to 42 percent, up from 29 percent in May. Additionally, the percentage of mission-critical systems being repaired that have completed renovation stands at 70 percent, up from 58 percent, and the percentage of those systems that have been implemented has risen to 27 percent from 17 percent. On August 7, the Secretary ordered greater effort by the Unified Commanders-in-Chief, inaugurated operational evaluations of the affects of the year 2000, and created an expanded management team to address this critical national defense issue. Department of Education The Department of Education has made significant progress in the past quarter. Of the Department's eight mission-critical systems, renovation went from zero to four. However, rate of repair on the remaining systems is cause for concern. Renovation of the Pell Recipients Financial Management System is expected in December 1998, five months later than scheduled. Renovation of ED's Local Area Network is expected in November 1998, two months late. Two other systems are scheduled to be renovated by September 1998, but will require close monitoring to meet their tight deadline. In addition, four of the six systems that are in the validation stage have completed testing for year 2000 compliance, but will be re-tested -- prior to certification as compliant -- once recent programmatic changes have been incorporated. The Department has made significant progress the systems it calls "mission-important" and "mission-supportive." Of the 168 systems in these categories, Education has completed all work on 130 systems, (84 of which were completed during the most recent quarter). The Department is aggressively validating data exchanges and it continues to communicate year 2000 information to the entire education community through its outreach efforts. Department of Energy Compliance has increased from 36 percent to 40 percent in the last quarter, and modest progress has been made in the other phases. However, the Department has not identified all mission-critical systems at its Government and contractor sites, and assessment of the Department's embedded chips and lab equipment continues. Although DOE has defined 411 systems as mission critical, explicit departmental prioritization and allocation of resources among those systems has not occurred. The Department's independent Office of Oversight Review has recommended that DOE "focus management attention on complex, critical systems that face moderate to significant risk." All State and local government data exchanges with the Department are reported compliant. Intra-departmental data exchanges are 63 percent compliant, data exchanges with other Federal agencies are 56 percent compliant, and data exchanges with private organizations are 43 percent compliant. The Department's Acting CIO is conducting site compliance reviews in cooperation with the Office of the Inspector General and Office of Oversight, but no independent verification and validation contractors are being used for compliance reviews. Department of Health and Human Services The Department's Health Care Financing Administration (HCFA) remains a serious concern as a result of its internal and external systems remediation schedule and escalating cost estimates. As of this report, only 56 percent of HCFA's internal systems and 14 percent of external contractor systems have been renovated. While HCFA's remediation schedule indicates that most systems will be renovated and implemented by the HHS deadline of December 31, 1998, it is likely that some internal and many external systems will fail to meet that date. Furthermore, OMB is concerned that at least some Medicare contractors may fail to meet the March 1999 government-wide deadline for completing implementation. Achievement of the HHS and government-wide milestones will require an extraordinary acceleration of the remediation process in the last three months of 1998, leaving very little margin for error to deal with unforeseen and unanticipated problems. Finally, HCFA's cost estimates for Y2K remediation have increased dramatically since the last quarterly report. HCFA is attempting to address these concerns. It has delayed non-Y2K systems work, such as standard system transitions and implementation of certain statutory provisions, to increase the resources available for Y2K. HCFA has also negotiated a contract amendment with its fiscal intermediaries and carriers that makes Y2K compliance a performance measure. In addition, HCFA has increased its Y2K staff by hiring retired Federal employees with Medicare systems experience, and is informing physicians and other health care providers of the importance of ensuring their systems are Y2K compliant. HCFA has also begun developing contingency plans in case some mission-critical systems fail in 2000. HCFA's lack of contracting flexibility, which limits its ability to competitively contract for claims processing activities, may negatively affect contingency planning. The Administration urges Congress to pass contracting reform legislation, transmitted to Congress on May 19, 1998, as soon as possible to ensure that HCFA is able to contract with any qualified entity to ensure the continued operation of the Medicare program in the case of a claims processing system failure. Other HHS operating divisions have made some progress this quarter. However, although all but one mission-critical system are projected to be implemented by the government-wide deadline of March 1999, only 62 percent of non-HCFA mission-critical systems are compliant. With respect to embedded chips, facilities, and telecommunications, the relatively late start in assessing costs in this area has produced a significant increase in estimated costs. Increased emphasis on verification has also added to costs -- but generally all operating divisions are doing a good job of incorporating independent validation and verification into their schedules appropriately. Virtually all critical systems will be subject to independent verification. Non-HCFA operating divisions have also begun serious programs for contingency and continuity of business planning and for outreach. Department of State The Department of State faces a significant challenge in managing its extensive Y2K project while, at the same time, completely replacing information systems installed at over 230 locations around the world as part of the ALMA (A Logical Modernization Approach) program. Additionally, State is the major provider of telecommunications services to U.S. Government agencies operating overseas. State has done an impressive assessment of its Y2K situation, particularly its embedded systems, and is asserting a leadership role in providing Y2K support to U.S. operations overseas. The Department has assembled a strong program management capability and successfully raised awareness of the problem among the Foreign Service and U.S. Diplomatic communities. Although State is making progress in replacing and modernizing its information and telecommunications infrastructure, progress on renovation, verification and implementation of mission-critical systems is of increasing concern. In the last quarter, State did not report adequate progress on completion of systems it is renovating, nor did it report adequate progress on final validation of systems. The Department also must accelerate progress on replacing 26 mission-critical applications if it is to meet the March 1999 government-wide milestone for completing implementation. It should be noted that State's ALMA deployment includes several mission-critical applications that the Department will not take credit for having completed implementation until ALMA installation is completed worldwide in April 1999. Deployment of ALMA is proceeding at about 90 percent of State's deployment plan, which could further affect the ability of several smaller posts to operate in 2000. State has begun contingency planning to ensure that operations at these locations are not adversely affected. Department of Transportation The Department of Transportation's improved management oversight, combined with an accelerating rate at which the Federal Aviation Administration (FAA) is remediating air traffic control system components, is significantly mitigating risk. At the end of July 1998, the Department-wide percentage of mission-critical systems renovated stood at 65 percent, a significant improvement over the 25 percent reported in the previous quarter. However, with only 23 percent of its mission-critical systems validated and 11 percent implemented, the Department continues to lag well behind the government-wide schedule. The FAA reflects this improved trend with 59 percent of mission-critical systems renovated, up from 11 percent reported in May. However, with 10 percent of its systems validated and 3 percent implemented, it remains significantly behind schedule. The FAA has taken decisive action concerning the HOST computer system and other critical air traffic control systems. It has initiated procurement of new HOST computers while simultaneously verifying, to a reasonable degree of certainty, that the existing HOST microcode is free of year 2000 vulnerabilities which would affect the operational processing of flight and radar data. In addition, an ongoing date roll-back test has been very promising and serves as a contingency plan should replacement efforts be delayed and should HOST experience unexpected year 2000 problems. Notwithstanding this improvement, more needs to be done in three areas. First, more work is needed concerning system interfaces. A number of systems that were reported as fully renovated have not had their system interfaces completely evaluated. At a minimum, individual system interfaces need to be tested and validated before end-to-end system testing can be successfully completed. Second, the year 2000 compliance status of a number of systems that are under development is uncertain. The FAA needs to work with the contractors and modify contracts, if necessary, to have a reasonable assurance of compliance prior to the testing phase. Finally, the FAA needs to reevaluate its master schedule and make a concerted effort to accelerate its implementation schedule for all systems to March 1999, or as soon thereafter as possible. The U.S. Coast Guard's improved management and operational attention to year 2000 issues has also minimized risk. While still facing challenges associated with antiquated hardware and software on some critical systems, the Coast Guard is presently well positioned to ensure continuity of its safety-related systems. The Department's other operating administrations seem to be on track to a smooth millennial transition. U.S. Agency for International Development AID again reported no progress in terms of the total number of systems renovated, validated, or implemented. While AID has made a number of management improvements, including plans to increase independent validation and verification of contractor deliverables and increasing agency-wide Y2K awareness, they are not expected to make measurable progress in renovating or replacing any of their mission-critical systems until the end of August 1998. Renovation of AID's most important system, the New Management System, has begun. With contractor assistance, AID is evaluating options to reprogram resources to accelerate progress. AID has selected three vendors to replace desktop hardware and software and intends to award a contract for Independent Verification and Validation services for all mission-critical applications this September. AID has begun continuity of business planning in August, identifying critical functions that must be supported and assessing the need for related contingency plans. The agency has assumed a leadership role in performing year 2000 outreach and awareness training in the over 80 nations in which it operates, providing management assistance to host nations and other international aid organizations operating in these countries. For agencies in Tier 2 the second tier, OMB sees evidence of progress, but also has concerns. Some of these agencies have strong Y2K programs and OMB expects them to continue to improve. The eight agencies in Tier 2 are: the Departments of Agriculture and Commerce, Housing and Urban Development, Interior, Justice, Labor, and Treasury, and the Office of Personnel Management. A summary of progress and concerns for these agencies appears below. Tier 2 Agencies -- Progress, But Concerns
The remaining agencies are in Tier 3 and appear to be making satisfactory progress. These nine agencies are the Environmental Protection Agency, the Federal Emergency Management Administration, the National Aeronautics and Space Administration, the Social Security Administration, the General Services Administration, the National Science Foundation, the Nuclear Regulatory Commission, the Small Business Administration, and the Department of Veterans Affairs. SMALL AND INDEPENDENT AGENCIES Based on the results of a request for reports from 41 small and independent agencies, OMB asked nine agencies to report again on their progress, because of the importance of these agencies' missions, because of concerns about the rate of progress, or because their initial reports did not provide sufficient detail. Those agencies are: the Federal Communications Commission, the Federal Housing Finance Board, the National Archives and Records Administration, the National Labor Relations Board, the Office of Administration in the Executive Office of the resident, the Peace Corps, the Tennessee Valley Authority, the U.S. Postal Service, and the Office of the U.S. Trade Representative. John Koskinen will meet with selected small and independent agencies in the next quarter. OMB will continue to work with all small and independent agencies, as appropriate, to ensure that they are prepared for the year 2000. OMB is asking all small and independent agencies to report again on May 15, 1999. Summary of Small and Independent Agency Reports
9/ Represents only FY1998 and 1999 costs. Agency Goals for Compliance of Mission Critical Systems
Note: Bold dates are earlier than those reported previously. Italicized dates are later than those reported previously. Table 2 Progress on Status of Mission-critical Systems
10/ In the last quarterly report VA identified 11 mission critical areas. For government-wide consistency in the tracking process, VA has disaggregated these areas into 319 separate applications that support these mission critical areas. Table 3 Status of Mission Critical Systems Being Repaired
Table 4 Agency Year 2000 Cost Estimates 11/ (in millions)
11/ These estimates do not include the Federal share of the costs for State information systems that support Federal programs. For example, the Agriculture total does not include the potential 50 percent in Federal matching funds provided to States by Food and Consumer Services to correct their year 2000 problems. Similarly, the HHS total does not include the Medicaid baseline costs for the Federal share of State systems. And, while Labor's FY 1998 appropriation includes $200 million for States to correct year 2000 problems in State unemployment insurance systems, that amount is not included in this estimate. 12/ The FY 1999 cost estimate does not include $4.4 million planned for outreach to the education community. 13/ Increase in FY 1999 from May quarterly report is $213 million. Of this, $142.6 million is for HCFA. 14/ HHS' most recent estimate of Y2K costs for FY 2000, as reported in their August 1998 quarterly report to OMB, is not reflected in this table. The approximately $550 million in FY 2000 costs is still being reviewed by OMB. Almost all of these costs are attributable to HCFA. 15/ The FY 1999 and 2000 cost estimates do not include $1.4 and $1.2 million, respectively, planned for outreach to industry by the Mine Safety and health Administration and the Occupational Safety and Health Administration. 16/ Costs displayed differ from those reported previously, as they do not include costs for non-appropriated activities, other sources of funding such as reimbursements, and diversions of base resources that are not identified in the 99 Budget or as part of official reprogrammings. Costs for programs that do not receive appropriations are as follows: FY 96: $.2 M, FY 97: $9.4 M, FY 98: $53.2 M, FY 99: $38.1 M, FY00: $5.4 M. Costs that Treasury is funding through other sources, such as reimbursements, are as follows: FY: 97: $3.1 M, FY 98: $15.4 M, FY 99: $48.0 M. Diversions of base resources not identified in the 99 Budget or as part of an official reprogramming are as follows: FY 98: $17.2 M, FY 99: $70.8 M. (Costs displayed above for FY 1999 include additional needs verified by OMB.) Additional costs of $34.4 M for FY 2000 have not been verified by OMB and therefore are not included in the above table.
Agency Exception Reports Department of Commerce The Patent and Trademark Office reports that the Classified Search and Image Retrieval (CSIR) system will not be year 2000 compliant by March 31, 1999. The CSIR provides patent examiners with the capability to electronically search and retrieve U.S. patent images from their desktop workstations. PTO indicates that the CSIR system will be compliant by June 30, 1999. This system is delayed due to the contractor's inability to place qualified staff on the task. A contingency plan was submitted on August 14, 1998 for this system. Department of Defense The Department of Defense reports 51 mission critical systems are behind schedule for fixing year 2000 problems. This is an increase from the 9 reported last quarter. Seven of those previously reported systems remain behind schedule. In addition, DoD reports that 69 mission critical systems will miss the March 1999 deadline for being fixed, an increase from the 34 that were reported in May. These increases are due to DoD's efforts to improve reporting, impose more stringent validation and testing criteria, and provide senior management with early warning of any problems that may occur. Department of Education In the May quarterly report, Education reported two systems which had fallen two or more months behind schedule: 1) the Title IV Wide Area Network (TIVWAN), and 2) the National Student Loan Data System (NSLDS). TIVWAN had slipped from a renovation date of 2/98 to 8/98 and NSLDS had slipped from a renovation date of 6/98 to 8/98. In the August quarterly report, both of these systems had completed their renovation phases as scheduled and are no longer listed as exceptions. Also in the August quarterly report Education listed three systems which have fallen two or more months behind schedule: the Impact Aid Payment System, the Education Local Area Network, and the Pell Recipients' Financial Management System. For the Impact Aid Payment System, which is a replacement system, the renovation phase has been completed, but the validation and implementation phases have slipped by three and two months respectively from June 1998 to September 1998, and from July 1998 to September 1998. For the Education Local Area Network, which is a system being renovated, the renovation phase completion date has slipped by two months from September 1998 to November 1998. That slippage is being driven by difficulties with one of five components, the Enterprise Mail Messaging package, which will not be done with renovation until late November, 1998. For the Pell Recipients' Financial Management System, the slippage is more severe. The Pell System renovation phase has slipped by five months, from July 1998 to December 1998. Education has currently completed 40 percent of the work necessary to finish the renovation phase for the Pell System. Department of Energy In the May quarterly report, the Department had identified six systems with implementation dates beyond the March 1999 milestone. These six systems remain with implementation dates beyond the March 1999 milestone in the August quarterly report. The six systems are at two DOE facilities -- Sandia National Lab and Savannah River. At the Sandia National Laboratories the system with the implementation date October 1, 1999, is the Oracle Financial System. At the Savannah River site there are five systems. The Nuclear Materials Stabilization Program Operations System (implementation date of September 30, 1999), the Tank Farm Process Control System (implementation date of October 31, 1999), the Tank Farm Manufacturing Support System (implementation date of August 19, 1999), the Defense Waste Processing Facility Process Control System (implementation date of October 31, 1999) and the Defense Waste Processing Facility Manufacturing Support System (implementation date of October 31, 1999). These are the six system reported by the Department in its August quarterly report; in addition, however, the Department tracks progress against its own milestones and has identified 51 systems that are behind their internal renovation milestones. The Department has 27 systems out of 411 that are behind their schedule by more than 60 days. DOE also has 43 systems that are being renovated which are scheduled to be implemented in March 1999. Department of Health and Human Services From June status data, HCFA indicated that there were three Medicare contractors who had deadlines for implementation after March 1999. HCFA submitted a revision to that data on August 12 indicating that no systems were more than two months behind schedule and that there were no systems which would not be repaired before March 31, 1999. However, there is still serious concern that some contractors may fail to meet the March deadline. In the May quarterly report the Health Resources and Services Administration's (HRSA) contractor-operated National Organ Transplant System was projected not to be compliant until a new replacement system was implemented in July 1999. In the August quarterly report, HRSA reports that the schedule has been advanced at least 3 months: the National Organ Transplant System is scheduled to be validated by March 31, 1999, and is scheduled to be implemented in early April 1999. Department of Interior The Supervisory Control and Data Acquisition (SCADA) System for the Colorado River Storage Project within the Bureau of Reclamation is used to manage the Glen Canyon Dam's Power plant and water flow. In the May report, this system was discussed primarily because the preliminary estimates to renovate the system were significantly higher than anticipated. A statement of work was developed requiring a three-phase effort to reassess costs, make repairs, and test the system for year 2000 compliance. Additionally, a waiver to the Dual-Compensation Act has been granted for 10 Power plant Operators as part of a contingency plan that will allow all of the bureau's dams to be operated in a manual mode. Currently all of the bureau's continuity of operations manuals are being reviewed with regard to Y2K impact. SCADA is now considered be back on schedule with renovation, testing, and implementation to be completed by March 1999. The Global Seismic Network (GSN) of the U.S. Geological Survey collects and provides data from the global digital seismic network to incorporated research institutions. This system is integrated with the global positioning system and includes information on earthquake assessments, oil drilling distribution and maintenance and water resource management. Earlier schedule and budget estimates for GSN were based on data that was incomplete relative to the severity of several problems in the field system operating software. A new schedule has been developed to overcome these problems and result in a compliant system by February 1999. The Seismic Event Data Analysis System (SEDAS) of the U.S. Geological Survey contains information pertaining to earthquakes throughout the world. It is used by USGS researchers for information dissemination. Earlier schedule and budget estimates for SEDAS were based on repairing an older computer system which was then discovered to be too old for reliable Y2K renovation. A new system is now being procured and a revised schedule has been developed for a compliant system to be in place by January 1999. The U.S. National Seismograph Network (USNSN) of the U.S. Geological Survey (USGS) provides the hardware and the software for the Water Resources Division of USGS for scientific, accounting, and personnel information. Earlier schedule and budget estimates for USNSN were revised after determining that there is a much more comprehensive method for testing and validating total system Y2K compliance than was originally envisioned. The slip in the validation schedule is due to expanded testing of the system and revisions to the testing schedule itself. The system is currently scheduled for validation in October 1998, implementation in November 1998, and IV&V in December 1998. Department of Justice The most recent quarterly report shows that 13 systems will miss internal Justice milestones for assessment, renovation or validation, but the Department insists that all these systems will meet the Department's January 1999 deadline for completion of implementation. In addition, Justice has identified three mission critical systems that will miss the government-wide March 1999 implementation deadline. First, the Digital Monitoring Workstations in the Federal Bureau of Investigation (FBI) support investigative collections for authorized foreign counterintelligence surveillance and were found to be non-year 2000 compliant. The FBI is replacing the twelve systems at the rate of approximately one per month, and they should be fully implemented by October 1999. Second, the Immigration and Naturalization Service (INS) has decided to perform replacement of its mission-critical Local Area Network and its non-mission critical workstation/office automation upgrades simultaneously. Because a large number of sites are involved, INS will be unable to complete replacement of this infrastructure until July 1999. Third, Justice is replacing the Card Key System for its Washington, DC headquarters as part of the building's overall renovation; this renovation won't be finished until after March 1999. State Department The Supply Automated Receiving System (SARS), Enhanced Automated Procurement System (EAPCS), Mail Sorting Equipment Network (MSE), and the Electronic Receipts System (ERS) within the Bureau of Administration will all miss their September renovation milestones. In its last report, State expected these systems to be back on schedule in June, 1998. Early delays involved evaluation of commercial off-the-shelf system alternatives, funding requests and contract modifications. Renovation of the SARS is scheduled for completion in November 1998, and acceptance testing will be completed in March 1999. Assessment of EAPCS is now completed, and implementation is scheduled for February 1999. Renovation of MSE will begin in November, and certification and implementation is scheduled to be completed in March 1999. State had previously reported the Office of Personnel's Medical Archiving Retrieval System (MARS) as extending beyond the September 1998 renovation milestone, but this system has been subsequently been reclassified as a non-mission critical system. Deployment of the ALMA (A Logical Modernization Approach) upgrades to over 230 State Department posts worldwide will not be completed until April 1999. Included in the ALMA package are a number of Consular Affairs mission critical systems, including the Automated Citizen Services function, Modernized Immigrant Visa system, Non-Immigrant Visa and Computer Assisted Processing systems, and the Travel Document Issuance System. Through July 1998, ALMA has been deployed to 105 posts worldwide, meeting 92 percent of State's target goals. State is preparing continuity of business plans should any posts or embassies not have ALMA installed in time to meet the millennium. Department of Transportation The Federal Aviation Administration (FAA) is faced with a significant challenge in validating and implementing hundreds of systems, particularly air traffic control systems which require extensive end-to-end testing. At the present time, the FAA estimates that 62 systems will not be implemented by March 1999, a number of which are critical to FAA's telecommunications and data exchange infrastructure. The FAA presently expects to complete validation activities by March 1999 and implementation activities by June 1999. As stated in the report, the FAA needs to reevaluate its master schedule and make a concerted effort to accelerate its implementation schedule for all systems to March 1999, or as soon thereafter as possible. The U.S. Coast Guard reports that its consolidated accounting system, the Finance Center Information Resources Management System, has fallen behind schedule and will likely miss the March 1999 implementation date. The three systems reported as behind schedule in the previous quarter are now back on schedule. In addition, the Automated Aids Positioning System, which is still in development, was recently identified as having year 2000 vulnerabilities, but is expected to be implemented by the March 1999 milestone date and will not be fielded until fully compliant. Treasury Department GOALS, a FMS system that was to have been implemented after the government wide deadlines, is now on target to be compliant by March 1999. The Government On-Line Accounting Link System (GOALS) at the Financial Management Service is comprised of 18 application subsystems that collect, edit, and telecommunicate data. GOALS-II was initiated in September 1995 to replace GOALS-I. Based on the analysis of the current development schedule, not all of the 18 subsystems of GOALS-II will be completed and implemented prior to the year 2000. Consequently, FMS determined that it must renovate the existing GOALS-I system to ensure year 2000 compliance. In the May report, GOALS was described as a system that would be compliant after the March 1999 government-wide deadline. Based on a finalized assessment of GOALS, however, all critical applications have been scheduled for completion on or before March 1999. General Services Administration The General Services Administration identified one system, the Acquisition Management Program (AMP) as being delayed by more than two months, slipping from May 1998 to October 1998. AMP is used to manage the funds used to acquire vehicles at Fleet Management Centers throughout the nation. GSA decided to implement the system at the beginning of the fiscal year allowing the host computer platform to be upgraded. Agency for International Development Two AID mission critical systems will be implemented after the March 1999 goal. The Mission Accounting and Control System (MACS) will take longer to renovate than originally planned and is scheduled for implementation in May of 1999. The Agency's complex financial management, procurement, budget and program management system, called the New Management Systems (NMS) is scheduled for implementation in August 1999. AID will have contingency plans in place for both of these systems by February 1999. Additionally, AID will not have assurances until April 1999 that all of its desktop personnel computers are both year 2000 compliant and able to support other mission critical applications such as the American Time and Attendance. AID is working to accelerate deployment of its new desktop infrastructure in order to support deployment of mission critical applications. Key Federal Web Sites on the Year 2000
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Federal Register
| Jobs at OMB | FOIA | No FEAR | OMB Locator | USA.gov | Accessibility
| Privacy Policy
| Site Search
| Help
|