y2k lessons learned: report on a conference
Post on 31-Dec-2015
23 Views
Preview:
DESCRIPTION
TRANSCRIPT
Y2K LESSONS LEARNED:REPORT ON A CONFERENCE
Stuart Umpleby
The George Washington University
Overview (1)
• Who was at the conference
• Format of most presentations
• What happened January 1
• Was there really a problem?
• Why was there so little disruption?
• Why were there no problems in Italy, etc.?
• Why were there concerns about Russia?
Overview (2)
• Why were Americans not evacuated?
• Common themes
• The future
Who was at the conference?
• Sponsors: Center for Global Security Research of Lawrence-Livermore National Laboratory and the International Institute for Strategic Studies in London
• Heads of y2k projects of several governments, international organizations, and large departments such as DOD
• Very few “civilians”
Format of most presentations
• Background on the organization and its reporting relationships
• Goal: business continuity
• What was done
• Results: complete success
What happened January 1?
• A world map with many red dots indicating electric power outages
• Some power outages for several hours
• Quick fixes and work arounds prevented “reportable failures”
• Most affected equipment: PCs, servers, mainframes, networks, the internet, security systems, embedded chips
Breakdown of failures
• 80% were insignificant
• 16% caused brief service interruptions
• 4% caused significant service interruptions
Was there really a problem? (1)
• Percy Mangoaela, UN, “Some have interpreted success as vindication for earlier cynicism”
• $500 billion spent worldwide
• $100 billion spent in the U.S.
• $10 billion spent by the U.S. government
Was there really a problem? (2)
• Paul Weiss, EPRI, “We did not know whether the electric power system would work”
• John Boggs, IATA, “We were uncertain until the last moment”
• HP bought 60 Iridium telephones
• Command centers were set up by businesses and governments around the world
Why was there so little disruption? (1)
• Only 6 to 8 vendors worldwide of some key embedded systems
• Many systems had manual backups
• Early actors found where problems were and released the information
• Email and the web were widely used by businesses, governments, and international associations
Why was there so little disruption? (2)
• International corporations acted abroad as they did at home -- fix internal equipment and work with suppliers, including utilities
• Money required was not large -- less than 1% of operating budgets. Euro conversion is 3 to 6 times more expensive
• High level management commitment
• Low IT penetration in many countries
Why was there so little disruption? (3)
• Unprecedented cooperation among all affected organizations
• Recognition of common threat due to economic interdependencies
• Worked on critical sectors first -- electric power and telecommunications
Why were there no problems in Italy, etc.?
• Multi-national companies had been working for many months with local agencies
• Not the local custom to talk with government officials
• When the government found out about y2k, much work was already done
• Problems with government services can be expected
Why was there concern about Russia, etc.?
• There were problems with nuclear reactor monitoring systems which would have required that the reactors be shut down
• The policy was to use fossil fuel plants to provide power to nuclear reactors rather than the public
• There were problems with the automatic systems of fossil fuel plants, but the plants could be operated manually
The evacuation dilemma Spring 1999
• Should equipment and supplies be prepositioned? If so, where?
• Should American dependents be evacuated?
• If so, there would be significant logistical and political problems
Sources of information for the evacuation decision
• Interagency working group -- defense, state, commerce, AID, etc.
• International organizations
• Multi-national companies
Why did the good news not get out?
• “Good news is no news.” The good news blocked doomsday stories in the press but was not itself considered newsworthy
• Corporations said they were ready, but did not provide sufficient details to resolve doubts
• Fear of lawsuits blocked claims of complete compliance
Common themes (1)
• Email and the web were critical• Cooperation among businesses and
governments• Use of international associations• Fewer embedded systems problems than
expected• Fewer virus attacks than expected• Less “unusual behavior” than expected
Common themes (2)
• Fewer problems for customers than usual
• Rise of the IT sector
• New understanding of vulnerabilities and business processes
• IT community rose to the challenge
The future (1)
• In aviation Feb. 29 was the most common cause of failure in testing. It will be a normal day, not a lull.
• Electric companies have always had bad programs re leap years
• DOE will continue to work with Russian nuclear plants
• DOD has become aware of its dependencies
The future (2)
• UN will seek to improve the performance of UN agencies via use of IT
• Harris Miller, ITAA, “We avoided a train wreck and overhauled the train”
• An extraordinary example of global cooperation
• Important lessons learned
• Managers became aware of the importance of IT
top related