<DOC> [106th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:60621.wais] OVERSIGHT OF THE YEAR 2000 PROBLEM AT THE DEPARTMENT OF DEFENSE: HOW PREPARED IS OUR NATION'S DEFENSE? ======================================================================= JOINT HEARING before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM and the SUBCOMMITTEE ON TECHNOLOGY of the COMMITTEE ON SCIENCE HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ MARCH 2, 1999 __________ Committee on Government Reform Serial No. 106-41 Committee on Science Serial No. 106-47 __________ Printed for the use of the Committee on Government Reform and the Committee on Science Available via the World Wide Web: http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 60-621 WASHINGTON : 1999 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida GARY A. CONDIT, California THOMAS M. DAVIS, Virginia PATSY T. MINK, Hawaii DAVID M. McINTOSH, Indiana CAROLYN B. MALONEY, New York MARK E. SOUDER, Indiana ELEANOR HOLMES NORTON, Washington, JOE SCARBOROUGH, Florida DC STEVEN C. LaTOURETTE, Ohio CHAKA FATTAH, Pennsylvania MARSHALL ``MARK'' SANFORD, South ELIJAH E. CUMMINGS, Maryland Carolina DENNIS J. KUCINICH, Ohio BOB BARR, Georgia ROD R. BLAGOJEVICH, Illinois DAN MILLER, Florida DANNY K. DAVIS, Illinois ASA HUTCHINSON, Arkansas JOHN F. TIERNEY, Massachusetts LEE TERRY, Nebraska JIM TURNER, Texas JUDY BIGGERT, Illinois THOMAS H. ALLEN, Maine GREG WALDEN, Oregon HAROLD E. FORD, Jr., Tennessee DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont JOHN T. DOOLITTLE, California (Independent) HELEN CHENOWETH, Idaho Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director David A. Kass, Deputy Counsel and Parliamentarian Carla J. Martin, Chief Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Matt Ryan, Senior Policy Director Mason Alinger, Clerk Faith Weiss, Minority Counsel COMMITTEE ON SCIENCE HON. F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman SHERWOOD L. BOEHLERT, New York GEORGE E. BROWN, Jr., California, LAMAR SMITH, Texas RMM** CONSTANCE A. MORELLA, Maryland RALPH M. HALL, Texas CURT WELDON, Pennsylvania BART GORDON, Tennessee DANA ROHRABACHER, California JERRY F. COSTELLO, Illinois JOE BARTON, Texas TIM ROEMER, Indiana KEN CALVERT, California JAMES A. BARCIA, Michigan NICK SMITH, Michigan EDDIE BERNICE JOHNSON, Texas ROSCOE G. BARTLETT, Maryland LYNN C. WOOLSEY, California VERNON J. EHLERS, Michigan* ALCEE L. HASTINGS, Florida DAVE WELDON, Florida LYNN N. RIVERS, Michigan GIL GUTKNECHT, Minnesota ZOE LOFGREN, California THOMAS W. EWING, Illinois MICHAEL F. DOYLE, Pennsylvania CHRIS CANNON, Utah SHEILA JACKSON-LEE, Texas KEVIN BRADY, Texas DEBBIE STABENOW, Michigan MERRILL COOK, Utah BOB ETHERIDGE, North Carolina GEORGE R. NETHERCUTT, Jr., NICK LAMPSON, Texas Washington JOHN B. LARSON, Connecticut FRANK D. LUCAS, Oklahoma MARK UDALL, Colorado MARK GREEN, Wisconsin DAVID WU, Oregon STEVEN T. KUYKENDALL, California ANTHONY D. WEINER, New York GARY G. MILLER, California MICHAEL E. CAPUANO, Massachusetts JUDY BIGGERT, Illinois VACANCY MARSHALL ``MARK'' SANFORD, South VACANCY Carolina JACK METCALF, Washington Subcommittee on Technology CONSTANCE A. MORELLA, Maryland, Chairwoman CURT WELDON, Pennsylvania JAMES A. BARCIA, Michigan** ROSCOE G. BARTLETT, Maryland LYNN N. RIVERS, Michigan GIL GUTKNECHT, Minnesota* DEBBIE STABENOW, Michigan THOMAS W. EWING, Illinois MARK UDALL, Colorado CHRIS CANNON, Utah DAVID WU, Oregon KEVIN BRADY, Texas ANTHONY D. WEINER, New York MERRILL COOK, Utah MICHAEL E. CAPUANO, Massachusetts MARK GREEN, Wisconsin BART GORDON, Tennessee STEVEN T. KUYKENDALL, California TIM ROEMER, Indiana GARY G. MILLER, California Ex Officio F. JAMES SENSENBRENNER, Jr., GEORGE E. BROWN, Jr., California+ Wisconsin+ C O N T E N T S ---------- Page Hearing held on March 2, 1999.................................... 1 Statement of: Lieberman, Robert J., Assistant Inspector General for Auditing, Department of Defense; Jack L. Brock, Director, Governmentwide and Defense Information Systems, U.S. General Accounting Office; John J. Hamre, Deputy Secretary of Defense, Department of Defense, accompanied by Gary A. Ambrose, Director, Air Force Year 2000; Kevin McHale, Director, Year 2000 Project Office, Marine Corps; Stephen I. Johnson, Project Manager, Year 2000 Project Office, Navy; Miriam F. Browning, Director for Information Management, Office of the Director for Information Systems, Army; Robert F. Willard, Deputy Director for Operations for Current Readiness and Capabilities and Director, Year 2000 Office, Joint Chiefs of Staff; and R.F. Smith, Vice Director, NORAD Combat Operations.......................... 7 Letters, statements, etc., submitted for the record by: Brock, Jack L., Director, Governmentwide and Defense Information Systems, U.S. General Accounting Office, prepared statement of...................................... 35 Hamre, John J., Deputy Secretary of Defense, Department of Defense, prepared statement of............................. 65 Lieberman, Robert J., Assistant Inspector General for Auditing, Department of Defense, prepared statement of..... 11 Ose, Hon. Doug, a Representative in Congress from the State of California, followup questions and responses............ 124 Smith, R.F., Vice Director, NORAD Combat Operations, prepared statement of............................................... 99 OVERSIGHT OF THE YEAR 2000 PROBLEM AT THE DEPARTMENT OF DEFENSE: HOW PREPARED IS OUR NATION'S DEFENSE? ---------- TUESDAY, MARCH 2, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology of the Committee on Government Reform, joint with the Subcommittee on Technology of the Committee on Science, Washington, DC. The subcommittees met, pursuant to notice, at 10 a.m., in room 2154, Rayburn House Office Building, Hon. Stephen Horn (chairman of the Subcommittee on Government Management, Information, and Technology) presiding. Present: Representatives Horn, Morella, Ehlers, Gutknecht, Biggert, Walden, Ose, Bartlett, Miller, Turner, Maloney, Mink, Jackson Lee, Udall, Rivers, Stabenow, and Wu. Staff present from the Subcommittee on Government Management, Information, and Technology: Russell George, staff director and chief counsel; Matt Ryan, senior policy director; Bonnie Heald, director of information/professional staff member; Mason Alinger, clerk; Faith Weiss, minority counsel, Committee on Government Reform; and Jean Gosa, minority clerk, Committee on Government Reform. Staff present from the Subcommittee on Technology: Richard Russell, staff director; Benjamin Wu, professional staff member; Richard Lukas, intern; and Joe Sullivan, clerk. Mr. Horn. A quorum being present, the joint hearing of the House Subcommittee on Government Management, Information, and Technology of the House Government Reform Committee and the Subcommittee on Technology from the House Science Committee will come to order. Only 304 days remain to reassure American citizens that the Federal Government's computer systems, those that are most critical to our lives, are year 2000 compliant. Unfortunately, even today many governmental entities, as well as private organizations, are only now recognizing the potential severity of this problem. Some have just begun to fix their systems, leaving little, if any, time for one of the most important aspects of this effort, adequate testing. The problem is real. The deadline is unmovable. The House Subcommittee on Government Management, Information, and Technology has focused on the potential problem since April 1996. The year 2000 computer glitch, often called the ``millennium bug,'' or simply ``Y2K,'' dates back to the 1960's and 1970's when computers were bulky in size but small in memory. To conserve limited space or memory, programmers began designating the year by using two digits rather than four. The year 1967, for example, appears as ``67.'' The first two digits are assumed to be ``19.'' Unless corrected, these date- sensitive computer systems and microchips embedded in countless mechanical devices may misinterpret the two zeros in 2000 as 1900, or just have sheer confusion with the ``00.'' This confusion could cause the systems to generate erroneous information, corrupt other systems or possibly shut down. Last week the subcommittee issued its seventh report card which showed considerable improvement throughout the Federal Government. Still, much work still remains. We will continue to steadfastly monitor the Federal Government's year 2000 readiness, prodding those departments and agencies that seem to be lagging behind. I view our Department of Defense as the Nation's supreme national insurance policy. I sleep soundly every night, Mr. Secretary, secure in the belief that our national defense is the best in the world. However, the Department's biggest battle currently resides with its own computer systems that are paramount to its mission. The year 2000 technology challenge confronts many organizations, but Defense is especially critical to the Nation. Given the Department's size and vital mission, today we will hear the testimony from Department officials about the status of the Department of Defense's year 2000 readiness. Since November, and as shown in our most recent report card, the Defense Department has reported modest improvement in making its mission-critical systems year 2000 compliant. In December, the Department reported that 81 percent of its mission-critical systems were compliant. In February, the report of the Office of Management and Budget in the Defense Department reported only that 72 percent of its mission- critical systems are compliant. This discrepancy shows that either the Department has taken a huge step backward in its year 2000 readiness, or the Department is inconsistent in what systems are critical to its mission. Either way, I am concerned about this inconsistency. I hope that we can clear it up this morning, as to what steps the Department of Defense is taking to solve its year 2000 issues. The Department of Defense also recently reported that it has more than 2,300 mission-critical systems. That awesome figure represents more than one-third of all mission-critical systems in the Federal Government. In addition, at last report the Department of Defense still had to repair, test, and implement an additional 636 mission- critical systems. My concern is that while the Department has made good progress, there remains much work to be accomplished and the timeframe to do so is relatively compressed. January 1, 2000 will not wait for anyone, not even the U.S. Department of Defense. This morning we will hear from the Defense Department's Office of Inspector General, which has gone over 140 reports on the DOD progress. We will also hear from the General Accounting Office, which has been doing outstanding work for this subcommittee on numerous Federal departments. Finally, we will hear from Dr. John Hamre, distinguished Deputy Secretary of Defense, who has proved the importance of solid management leadership in solving the year 2000 challenge. I look forward to delving into all of these views and these issues this morning, and I welcome today's witnesses. This is a joint committee hearing as I said earlier, with the Science Technology Subcommittee. I will now yield for an opening statement to the distinguished chairman of that committee, Mrs. Morella of Maryland. Mrs. Morella. Thank you. Thank you, Mr. Chairman. I am pleased to participate with our subcommittee jointly with you in the latest installment of our ongoing series of joint hearings on the impact of the year 2000 computer problem on our Nation's public and private sectors. This morning we turn our attention to a topic of very critical importance to the country, our national security. The very same doomsayers that initially told us that as the clock strikes midnight on January 1, 2000, planes will fall out of the sky, would also have us believe that missiles will be launched across the globe. We know that is not true. Just as we have been assured by the Federal Aviation Administration that the safety of air transportation will not be compromised, we have already heard from the Department of Defense that Y2K will not cause our nuclear arsenal to inadvertently be deployed. What the millennium bug can do however, is potentially render our defense systems inoperable so that we would not be able to respond effectively to any challenges to our country's security. In this age of weapons of mass destruction delivered by missiles and by terrorists, to be unprepared is to potentially jeopardize the safety of our Nation, and by extension, the world. The United States is a world leader, and we as a Nation are expected to lead the world. There is no alternative. For there is no other country capable of organizing against an Iraqi dictator who wants to get weapons of mass destruction. We are the one. There is no other country capable of sustaining freedom against a North Korean dictatorship actively seeking to get nuclear weapons. We are the one. We cannot allow Y2K to compromise our Nation's military preparedness and readiness. We have American men and women who across the globe are protecting our Nation and the principles for which this Nation has been founded. For over 200 years, we have placed these men and women in harm's way to secure the peace with a covenant that if they provide their courage and skill, we will provide them with the effective equipment and support to do their job. We must not let the Y2K bug sever that covenant. We must do all the we can to ensure that military hardware and the three ``C's,'' command, control and communication, are not endangered as a result of this computer glitch. I am concerned about the IG and GAO reports that reveal the depths of the problems at DOD, especially the Inspector General's recent report about the haphazard Y2K certification of our nuclear weapons stockpile. Defense is not a sector that can be taken lightly. Last year, Congress appropriated $1.1 billion specifically for the Department's Y2K efforts because we understand the importance of DOD's mission to our Nation. We will not allow for our national security to be jeopardized. We in Congress stand ready to help in any way that we can. It is up to Secretary Cohen and the President now to work with us to ensure that we can effectively maintain the peace throughout the world as we ring in the new millennium. I look forward to hearing our very distinguished witnesses today. Thank you, Mr. Chairman. Mr. Horn. Thank you very much. I now turn to the ranking minority member on the committee, Mr. Turner of Texas. Mr. Turner. Thank you, Mr. Chairman. I want to commend you and Chairwoman Morella for your leadership in trying to be sure that all of our Federal agencies are ready for the Y2K conversion process. It is a very difficult task for both the public and the private sector and certainly a great challenge for the Department of Defense. As we know, the Department of Defense is heavily automated. It relies on more than 2,000 mission-critical systems. These systems span diverse operational areas ranging from the Department of Defense command and control systems, satellite systems, the global positioning system, all the way to detail systems relating to inventory, transportation management, medical equipment and payment and personnel records. Its weapons, equipment and facilities all contain embedded microprocessor chips, some of which may have the Y2K date problems. As of February 1999, the Department of Defense reports that it has repaired, validated and implemented 72 percent of its mission-critical systems. However, that means that 632 mission- critical systems have not yet been fixed and implemented. As many as 220 mission-critical systems may miss the federally imposed deadline of March 31 of this year. The Department of Defense also has over 2,000 non-mission-critical systems that still need to be repaired. Clearly, there is much work to be done. Last year, the Department of Defense Inspector General identified serious problems with the accuracy of some of the Department's reports on the number of Y2K-compliant systems. Today we will hear that the Department of Defense has improved its ability to track its Y2K work. But it will be difficult to know whether the Department has properly classified its systems as mission-critical or non-mission-critical until it completes its simulated year 2000 exercises and other planned testing. The Department of Defense faces a huge challenge in its Y2K conversion efforts due to a late start, the size of its systems, and their complexity. Although the pace of repairs and testing has been improved, the Inspector General cautions that the number and severity of Y2K problems at the Department of Defense cannot be quantified until, at least, June of this year, when additional test results will be available. What is more, the Inspector General expresses the concern that the Department's Y2K testing may be rigorous enough to catch serious problems, given the compressed testing schedule. Each of us looks forward to your testimony today. We hope to hear more about the testing process, the operational evaluations that you have conducted to date and the Department's assessment of its own condition. I hope the Deputy Secretary of Defense will also address whether our weapon systems will be repaired in time. The good news is that at the highest levels of the Department there is an increased focus on Y2K. The Department has seen great improvements in recent months. We appreciate each of our witnesses being hear today. Again, Mr. Chairman and Mrs. Morella, thank you for your leadership in this area. Mr. Horn. Thank you very much. We will now yield for an opening statement to the vice chairman of the Subcommittee on Government Management, Information, and Technology and that is Mrs. Biggert of Illinois. Mrs. Biggert. Thank you, Mr. Chairman. Thank you for your excellent work in putting together such a fine schedule of hearings to highlight our Nation's readiness for the year 2000. I too am committed to the oversight of our Federal departments and agencies. I am pleased that so many of our agencies are making progress in their efforts to become Y2K compliant. I am also concerned that some of our departments, especially those with critical missions such as our Nation's defense, have much work to do before they are ready for the year 2000 date change. The Department of Defense operates about one-third of our Federal computer inventory. It has identified some 2,500 mission-critical systems. Yet, only 72 percent of these systems were Y2K compliant as of February this year. Admittedly, the Department of Defense faces a heavy burden to ready itself for the year 2000. Our Nation though is known for its military strength. Much of this military advantage comes from the United States' investment in information technology. However, it is this same technology that must be now updated, tested and readied for the year 2000 date change. The Department of Defense, I believe, has made much progress in its efforts to ensure continued computer capacity in the new millennium. I am interested to hear today's testimony discussing the Department's progress on its command and control systems, satellite technology, global positioning systems and highly specialized management systems. I, too, thank today's witnesses for coming to our hearing today. I look forward to the testimony and the opportunity for questions. Mr. Horn. Thank you very much. I now yield to the gentlewoman from the Subcommittee on Technology, distinguished Member from Hawaii, Mrs. Mink. Mrs. Mink. Thank you, Mr. Chairman. I have no prepared statement. I do want to say that this series of hearings that you have called, Mr. Chairman, on this very important issue is certainly keyed into the entire country's concern about whether this Nation is prepared for the looming coming of the year 2000. Nothing is more important, in my opinion, than hearing from the Department of Defense and all other agencies and entities related to our defense, to see where the status of readiness is with reference to this very important issue. So, I look forward to the testimony of all our witnesses who are here and hope that we have made considerable progress on the questions that have been raised last year and currently by the GAO. Thank you very much. Mr. Horn. Now, the gentleman from California, Mr. Ose. Mr. Ose. I do not have a statement, Mr. Chairman. Mr. Horn. OK. Now we have the gentlewoman from Texas, Sheila Jackson Lee. Ms. Jackson Lee. Mr. Chairman, thank you for your kindness. I will only offer my appreciation to all of the chairmen and ranking members for holding this very vital hearing. Let me say, Mr. Chairman, I have found out by being in the District that Y2K now is the topic of discussion. This could not be a more vital area of oversight for the American people. They are looking to this Congress for guidance. They certainly are concerned about issues, not only of national security, which is the topic of this hearing, but our readiness overall. We have a responsibility I think, Mr. Chairman, not only to our citizens, but to the world. I will continue to work with you in oversight of this issue for our commitment to ensure the safety and quality of life that Americans have come to understand. I would ask, Mr. Chairman, that I can submit my entire statement into the record. I thank you for the time. Mr. Horn. Thank you very much. Our next opener is Mr. Miller of California. Mr. Miller. Thank you, Mr. Chairman. I really appreciate your conducting this hearing today on the status of the Department of Defense's preparedness for facing the technical challenges associated with the year 2000. Of all the agencies, DOD's Y2K compliance, to me, is of most great concern. If the dooms-dayers are right, and I am really praying that they are wrong about the seriousness of the year 2000 problem, failure of the DOD to inoculate their systems against the Y2K bug could pose many major domestic and foreign safety issues. I am particularly interested in hearing from the witnesses on whether the DOD will be Y2K compliant and what the agency is doing to prepare our forces here and overseas against those individuals or governments who may try to take advantage of weak times. The questions are: are we prepared to defend ourselves, our deployed troops and our embassies? Moreover, are we prepared to assist our allies if they are attacked in the year 2000? These are important questions whose answers need to be addressed. Once again, Mr. Chairman, I thank you very much. Mr. Horn. I thank you very much. Now I yield some time to the gentlewoman from Michigan, Ms. Stabenow of the Subcommittee on Technology. Ms. Stabenow. Thank you, Mr. Chairman. I would just also echo the thanks to both you and our Chairwoman Morella for holding one more hearing on this critical issue. I have held two series of meetings in my district in Michigan, one last year and one this year. I find that the concerns certainly of my constituents have risen. It is important that we have accurate information so that people know how to prepare without overreacting and yet being prudent. One issue that comes up over and over again is the Department of Defense, and grave concern about the progress that we have been making and where we will be. I am very anxious to hear today, and I know that my constituents are anxious to hear as well. I appreciate all of you being here. Mr. Horn. I thank the gentlewoman. The gentleman from Oregon on our side, Mr. Walden, waives his opening statement. We now turn to the other gentleman from Oregon, Mr. Wu. Mr. Wu. I have no opening statement, Mr. Chairman. Thank you. Mr. Horn. All right. Both of you go to the top of the line in the chairman's view. [Laughter.] Good freshmen, they are. They are excellent Members. Now, we finally get down to business. You all know where we are coming from after our opening statements. So let me note to you that the tradition of the Government Management, Information, and Technology Subcommittee is to swear in all witnesses. So, ladies and gentlemen, if you will stand and raise your right hands. Yes, and by the way, all the people behind you will take a microphone so that I don't do this 10 times this morning. [Witnesses sworn.] Mr. Horn. The clerk will note that all have taken the oath. We are delighted to have all of you here. Everybody knows this is the department about which we have the major concern, both for the good of the world as well as the good of the United States. So, we are going to start with the first individual from the Office of Inspector General in the Department of Defense, Mr. Robert J. Lieberman, who is the Assistant Inspector General for Auditing for the Department of Defense. Mr. Lieberman will make the opening statement. Obviously, we would like you to summarize it. But, take your time if you don't want to summarize it. Give us the important things. A number of Members probably just flew in to vote today and have not had the chance to see the testimony. So, lay it all out there. STATEMENTS OF ROBERT J. LIEBERMAN, ASSISTANT INSPECTOR GENERAL FOR AUDITING, DEPARTMENT OF DEFENSE; JACK L. BROCK, DIRECTOR, GOVERNMENTWIDE AND DEFENSE INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE; JOHN J. HAMRE, DEPUTY SECRETARY OF DEFENSE, DEPARTMENT OF DEFENSE, ACCOMPANIED BY GARY A. AMBROSE, DIRECTOR, AIR FORCE YEAR 2000; KEVIN MCHALE, DIRECTOR, YEAR 2000 PROJECT OFFICE, MARINE CORPS; STEPHEN I. JOHNSON, PROJECT MANAGER, YEAR 2000 PROJECT OFFICE, NAVY; MIRIAM F. BROWNING, DIRECTOR FOR INFORMATION MANAGEMENT, OFFICE OF THE DIRECTOR FOR INFORMATION SYSTEMS, ARMY; ROBERT F. WILLARD, DEPUTY DIRECTOR FOR OPERATIONS FOR CURRENT READINESS AND CAPABILITIES AND DIRECTOR, YEAR 2000 OFFICE, JOINT CHIEFS OF STAFF; AND R.F. SMITH, VICE DIRECTOR, NORAD COMBAT OPERATIONS Mr. Lieberman. Good morning, Mr. Chairman, Madam Chair, members of the subcommittees. Thank you for the opportunity to discuss the challenge confronting the Department of Defense because of the so-called ``millennium bug.'' I would like to save time by verbally highlighting some of the significant parts of my statement and ask that the remainder be entered into the record. Mr. Horn. I might say that every statement that anybody makes in any hearing is automatically put into the record the minute we introduce you. It is a unanimous consent motion, forever. Mr. Lieberman. Thank you. The task of ensuring that there is no significant impairment of the Department's ability to execute its missions is one of the most complex challenges ever faced by DOD managers. This is primarily because of the sheer magnitude of the DOD problem. In terms of size, complexity and diversity, no other public or private sector organization faces a Y2K problem of such scale. In addition, with the benefit of hindsight, it is clear that the DOD Y2K conversion challenge has been made more difficult by a combination of half-a-dozen or so factors related to DOD management culture. The two most important of these factors, in my opinion, are first the legacy of very decentralized information technology resources management, which led to the runaway proliferation of systems. It has made it doubly hard to establish a well-synchronized and controlled DOD-wide Y2K conversion program. Second, there was an initial tendency, particularly middle- management level of the Department, to view the millennium bug as a purely technical problem that could be solved by information technologists without a need for much involvement by managers and commanders. The IG approached the Department's Chief Information Officer in early 1997 with an offer to help in him achieving sufficient oversight and management control in those areas considered to have the most risk. Based on the resulting informal partnership agreement, we have provided 50 Y2K audit reports to the Department over the past year-and-a-half. We are currently working on about the same number of additional audits. Summaries of a few of these reports are attached to my written statement. In addition, we have coordinated Y2K efforts by the Military Department Audit and Inspection Organizations, which have issued over 90 reports in accordance with their own Y2K coverage agreements or tasking within their services. We have also worked closely with the GAO and exchanged information with our counterparts in several countries. I want to stress this morning that generally DOD managers and commanders have been extremely cooperative and responsive to audit advice. This includes taking measures to ensure better accuracy in reporting. Top DOD management's encouragement of intensive independent auditing of Y2K progress and its responsiveness to audit results, positive or negative, deserve note. Turning to the question of what these audits have shown. The DOD clearly got off to a slow start. In hindsight, most managers underestimated both the complexity of the problem and the commitment of resources and executive managers' time that would be necessary. As late as last summer, audits were still indicating a widespread lack of awareness, insufficient Y2K staffing at all levels of the Department, and only rudimentary Y2K planning at dozens of crucial organizations, including most combatant commands, most functional area staffs within the Office of the Secretary of Defense, many support commands and most installations. Although many DOD organizations were working hard on the remediation of mission-critical information systems, a high percentage of remediation plans provided for completion very late in calendar year 1999 and large scale system of systems test plans were in vague conceptual form only. There was even some resistance to the notions of modifying previously planned exercises to accommodate Y2K scenarios or of planning for other large scale testing. The decisive turning point came in early August 1998, when the Secretary of Defense declared that progress up to that point had been insufficient. His strong and unambiguous message that Y2K was a genuine threat to readiness had the intended effect. The number of mission-critical systems that have been certified as Y2K compliant now stands at about 72 percent, as has been mentioned. Somewhat behind plan, but considerably better than the 24 percent figure from this time last year. Equally important, efforts have finally accelerated over the past few months to assess the Y2K readiness of DOD-owned infrastructure, of the private infrastructure on which the DOD also depends, of the diverse range of data exchange partners and of host nations abroad. In addition, one of the largest testing efforts ever undertaken by the Department has now started and will continue through calendar year 1999. With sustained close management attention through 1999, we in the IG's office are confident that the Department can achieve its goal of ensuring the continuity of critical operations and capabilities as the millennium passes. However, I want to stress that much work remains to be done. No assessments of overall progress can be entirely credible in the absence of significant quantities of test results, which will still not be available for a few more months. It must also be recognized that the belated start in some areas has caused a fairly high risk level to persist there. In our opinion, those areas of continuing concern include, first, the well over 600 mission-critical systems that remain Y2K non-compliant. Second, the infrastructure, especially overseas. Third, supplier readiness. Fourth, untested contractor off-the-shelf products. Fifth, contingency planning, particularly at the mission or functional level. Sixth, mainframe computer platforms and seventh, the greatly compressed testing schedules. I would like to close with a few extra words on the testing challenge. The DOD Y2K conversion effort is unprecedented in many ways. One is the scope of the critical Y2K testing that will continue through the end of 1999. We cannot over-emphasize the need for robust, in-depth testing. The huge number of systems involved, the risk of incompatible Y2K fixes because of the number of different firms and individuals involved in remediating code, the late fielding of many remediated systems, and the compression of this ambitious testing schedule into just over a year, pose a formidable testing management challenge. In our view, effective testing is the most daunting of the remaining Y2K challenges. In conclusion, we believe that the DOD is overcoming the increased risk posed by its belated start in several facets of the Y2K conversion effort. As the intensive effort continues, we remain committed to our partnership with the Department on this difficult matter and will continue striving to provide DOD, the President's Council on Y2K Conversion, the Office of Management and Budget, and Congress with reliable, candid and timely feedback on Y2K progress. Thank you, and I would be happy to answer any questions. [The prepared statement of Mr. Lieberman follows:] [GRAPHIC] [TIFF OMITTED] T0621.001 [GRAPHIC] [TIFF OMITTED] T0621.002 [GRAPHIC] [TIFF OMITTED] T0621.003 [GRAPHIC] [TIFF OMITTED] T0621.004 [GRAPHIC] [TIFF OMITTED] T0621.005 [GRAPHIC] [TIFF OMITTED] T0621.006 [GRAPHIC] [TIFF OMITTED] T0621.007 [GRAPHIC] [TIFF OMITTED] T0621.008 [GRAPHIC] [TIFF OMITTED] T0621.009 [GRAPHIC] [TIFF OMITTED] T0621.010 [GRAPHIC] [TIFF OMITTED] T0621.011 [GRAPHIC] [TIFF OMITTED] T0621.012 [GRAPHIC] [TIFF OMITTED] T0621.013 [GRAPHIC] [TIFF OMITTED] T0621.014 [GRAPHIC] [TIFF OMITTED] T0621.015 [GRAPHIC] [TIFF OMITTED] T0621.016 [GRAPHIC] [TIFF OMITTED] T0621.017 [GRAPHIC] [TIFF OMITTED] T0621.018 [GRAPHIC] [TIFF OMITTED] T0621.019 [GRAPHIC] [TIFF OMITTED] T0621.020 Mr. Horn. Thank you very much. We are going to withhold all the questions until all the witnesses have testified. Our next presenter is Mr. Jack L. Brock, the Director of the Governmentwide and Defense Information Systems for the U.S. General Accounting Office, the auditing on both finance and program arm of the Congress and the legislative branch. Thank you. Mr. Brock. Mr. Brock. Thank you, Mr. Horn. Thank you, Mrs. Morella and members of the two subcommittees. I am pleased to be here today. Before I start, I would like to say that we have worked very closely with the DOD IG during the course of our audits and they have done commendable work and I think have added an immense amount of credibility to what the Department is trying to do to be Y2K ready. I would also like to say that if we had testified last year, our message would have been far more grim than it is today. I would like to congratulate the Department on an incredible amount of progress that has been made over the past year. A lot of that progress has to do with the very much increased level in presence of top management within the Department assuming ownership and control over the problem. It still faces major issues in being year 2000 ready. I think this is a situation where the risks are so great and the need for insurance is so great, it is like going to a party and you don't want to risk your pants falling. Not only do you want to wear a belt, but you want to have suspenders on as well. What we would like to see here are the presence of additional controls that will allow increased assurance that risk will be minimized and that business processes and war fighting processes will work. We are no longer talking about systems, because the systems have to operate in an environment of business operations. These operations depend on a variety of factors, not just a system. I think the Department is moving into that realm, but we have a few items of advice. Mr. Lieberman I think correctly described the complex organization that the Department is. It clearly, of all the Government agencies and possibly of any entity in the world, has the most complex set of operations to carry out. Many of the other hearings that you have had on Y2K have dealt with agencies that are primarily engaged in transaction processing, very complex operations that pale in light of the complex command and control, weapon systems, and other types of systems that the Department has to field and make sure is ready. In that backdrop, I would also like to say that the Department has a history of very poor management over information technology. In fact, we would argue that some of its success has been the ability to tap vast sums of money to overcome problems in development. In fact, these poor controls in management process have limited the effectiveness of their Y2K program. I think there are lessons to be learned from this that we will address later, but this was an initial barrier to the Department in getting on top of its program. I also agree with Mr. Lieberman that the program really began to turn around last summer when both Deputy Secretary Hamre and Secretary Cohen issued very strong letters to the Department saying, ``We are running behind. We need to make fixes. We need to start focusing on our key functional and operational capabilities to make sure that these functional and operational capabilities will be able to continue after the year 2000.'' I would like to highlight a couple of things that the Department has done in that regard. First of all, it has had a very high level of involvement in ownership of the problem by senior management. Second, in turn the Department has now shifted its focus toward ensuring the continuity of core business processes and military operations. More specifically, I would like to identify five areas that the Department has done.- First, last summer the Secretary of Defense directed the commanders-in-chief to plan and execute a series of simulated year 2000 operational exercises. These exercises are essentially to determine whether the Department can carry out critical military tasks with the systems' clocks rolled forward to the year 2000. These are such things as providing strategic early warning, deploying and maneuvering forces, and employing fire power. Thirty-one such evaluations are now scheduled through the fall of 1999. Second, the Department is requiring its principal staff assistants, these are the Under Secretaries and Assistant Secretaries that own the functional areas of the Department or have responsibility for those, to conduct end-to- end tests to ensure that the systems that they have collectively support core business areas and can inter-operate in a year 2000 environment.- The Department originally designated five functional areas: communications, health and medical, intelligence, logistics and personnel, and has since added weapons and finance to those functional areas. Third, the military services commanders are conducting integration testing of their systems. This testing is intended to build upon completed systems renovation testing and certification, and ultimately is designed to reduce risk and ensure the ability to execute critical combat missions in a year 2000 environment.- Fourth, Defense directed installation commanders to ensure that the 600-plus installations scattered all over the world will be ready to house both the military and civilian work force, as well as the weaponry and supporting activities that are necessary for national defense.- As you can gather from these four things, they are pretty complex and diverse. Last, the Department has initiated what they call ``synchronization meetings'' that are chaired by the Deputy Assistant Secretary of Defense and the Joint Chiefs-of- Staff Year 2000 Task Force leader. These are designed to improve and facilitate coordination of the activities that cut across organizational boundaries.- Because of the complex interrelationships between these activities, we have recently begun additional audit work, Mr. Chairman, to look at those relationships and to see how well they are being carried out. While we don't have a complete answer on their success or on their progress, we do have a number of observations that we are prepared to make on those.- First of all, I would like to say that the initial operational evaluations carried out by the CINCs have been successful. The guidance that was provided by the Joint Chiefs- of-Staff was excellent. It was very much in line with our own criteria and we found it very useful in conducting our audits. The exercises that have already been conducted at NORAD and the Strategic Command have gone pretty well. Last week I had staff at NORAD and they were looking at NORAD's test of the missile warning operational evaluation. My team there said that the test worked. It was primarily to look at processing responses to airborne threats. The operational evaluation was very carefully planned. They followed the test script. The results showed no Y2K failure. There were a number of relatively minimal system failures that were not related to Y2K. The staff and personnel at NORAD were able to take care of these and to successfully move the test on. As the course of these operational evaluations continue, we will continue to follow their progress as well. However, because of the interrelationships of systems all across the various commands and all across the functional areas of DOD, many of these planned evaluations will require extensive support from the functional areas, such as communications and logistics. For example, when we were talking to officials at the Strategic Command, who were doing a five- phase operational evaluation program, they indicated that they required extensive support from DISA. DISA is the agency within the Department of Defense that supplies communication and computing support. They provide support to the Strategic Command on its communications backbone. The initial phase of this plan had to be delayed because of one of DISA's programs not being ready for testing. There are all sorts of dependencies that exist among these tests that have to be carefully monitored to make sure that the tests can be completed. Finally in this regard, our initial reviews of the plans for functional areas, these are the health, personnel, finance, logistics, et cetera, show these plans have mixed results. Our review has shown mixed results. For example, while each of the functional plans discusses business functions supporting systems and testing requirements, many of the plans lack important details such as a test schedule, complete data for contingency plans or detailed mapping of systems and support activities to business functions. While DOD has correctly shifted its emphasis to continuity of business processes rather than the status of individual systems, its controls and reporting mechanisms are still centered around individual systems. To effectively manage the program in the future, we believe that managers and executive decisionmakers need reliable information about the nature and status of year 2000 conversion efforts from a core business process. This isn't readily available in DOD. For example, although the functional areas and commands have been instructed to develop testing and contingency plans based on business functions, the overall DOD Y2K management plan and supporting guidance have not been updated to reflect reporting and control mechanisms that need to be in place to reinforce this shift in focus. It is entirely conceivable that every component, every command and every function is developing appropriate plans with an appropriate level of control to ensure that the right thing is being done at the right time. There is simply not a mechanism to provide assurance. Our reviews, for example, of the functional plans, suggest an uneven level of planning and execution across the Department. We believe that the Department needs greater visibility into the core business processes throughout the agency. Specifically, for each core business process identified, the Department should determine the following. First, the status of each supporting information system critical to that process, including its schedule for remediation and testing--this information is largely being gathered now. Second, the source and year 2000 status of any suppliers or vendors that are critical to that process. Third, the status of outside dependencies that affect readiness. Fourth, interfaces with other processes and outside organizations. Fifth, the scope and schedule of end-to-end testing for the process. And sixth, the scope and schedule for business continuity planning for that process to continue. For any of these elements that are behind schedule, Defense needs to know what steps will be taken to get the schedule back in line, and what steps will be taken to minimize the risks that might be associated with delay. Once the assessments are complete, the Department is going to be in a better position to take an overall look at their prospective readiness; to identify gaps or unnecessary overlaps; to reallocate resources, if necessary, and to develop comprehensive business continuity plans that cut across organizational lines. Additionally, the Department needs greater assurance that the information being provided is consistent, both in terms of content and accuracy. To this end, the Department needs to provide standard expectations for both content and reporting requirements and performance metrics for all of the above elements, and to establish control mechanisms that ensure reported information is both complete and accurate. Finally, just to make a few remarks. I mentioned earlier that GAO has long had a concern with the Department's information management. In fact, since 1995, this area has been on our high risk list. One of the major barriers to effective information that we have observed within the Department is their inability to cut across stovepipes and overcome cultural inertia to change. They have plenty of processes, but no action. I think now we are seeing a shift. In the Y2K program, we have seen a lot of shift in management attention, willingness to cut across program lines--maybe not as many processes as we would like--but a real shift. The lessons learned from Y2K can be transferred to their overall management of information technology. While this might be an expensive lesson, it will be an important one, and hopefully worthwhile for the Department. That concludes my statement, Mr. Horn. [The prepared statement of Mr. Brock follows:] [GRAPHIC] [TIFF OMITTED] T0621.021 [GRAPHIC] [TIFF OMITTED] T0621.022 [GRAPHIC] [TIFF OMITTED] T0621.023 [GRAPHIC] [TIFF OMITTED] T0621.024 [GRAPHIC] [TIFF OMITTED] T0621.025 [GRAPHIC] [TIFF OMITTED] T0621.026 [GRAPHIC] [TIFF OMITTED] T0621.027 [GRAPHIC] [TIFF OMITTED] T0621.028 [GRAPHIC] [TIFF OMITTED] T0621.029 [GRAPHIC] [TIFF OMITTED] T0621.030 [GRAPHIC] [TIFF OMITTED] T0621.031 [GRAPHIC] [TIFF OMITTED] T0621.032 [GRAPHIC] [TIFF OMITTED] T0621.033 [GRAPHIC] [TIFF OMITTED] T0621.034 [GRAPHIC] [TIFF OMITTED] T0621.035 [GRAPHIC] [TIFF OMITTED] T0621.036 [GRAPHIC] [TIFF OMITTED] T0621.037 [GRAPHIC] [TIFF OMITTED] T0621.038 [GRAPHIC] [TIFF OMITTED] T0621.039 [GRAPHIC] [TIFF OMITTED] T0621.040 Mr. Horn. Thank you very much, Mr. Brock. The GAO always gives us a lot of helpful comments. We appreciate it. We now are going to the Deputy Secretary of Defense, Dr. John Hamre, who is accompanied by a number of the program directors. Now I am going to sort of have to juggle things here to let the Deputy Secretary of Defense get back to work, because he is going to be back up here this afternoon. Mr. Hamre. I have another hearing. Mr. Horn. So, I think I am going to ask one question here, and then give the statement. Then every Member will have a shot at you here, so to speak. I would just ask this. You have heard the IG and you have heard GAO. Do you have any reaction to their testimony at this point? Mr. Hamre. Sir, I have a couple of reactions that I think will come out in the context of the statement that I am going to give. Mr. Horn. OK, fine. Mr. Hamre. By and large, we have had a very open process. We meet on a monthly basis, and Jack Brock sits through these endless sessions with me and has been at every single one of them. I have been grateful to have him there, as has Bob Lieberman. Mr. Horn. And he hasn't won the Scowcroft Award by going to sleep or anything? [Laughter.] Mr. Hamre. No. He has woken me up a few times, I must say. I really thought this was going to be a hostile hearing, at first. You started with an accusation that over at the Department we had too much bulk and too little memory. I thought you were talking about me. Mr. Horn. I was talking about the 1960's computers. Mr. Hamre. OK. Yes, our computers. I'm afraid I might qualify as well. [Laughter.] May I say at the outset, that the most important people-- the Secretary, you are right, was the catalyst that got the Department focused. But we have four kinds of catalytic converters here. It is Art Money, who is going to replace me when I have to get up and leave, and he is our Assistant Secretary of Command Control Intelligence; Marv Langston, who is his Deputy, has really been riding shotgun over this, and his trusty agent, Bill Curtis, has been doing absolutely all of the legwork for the Secretary. Bob Willard here has been for the Joint Staff, really pulling the test environment together. These are the four individuals that I needed to highlight to you. They have been absolutely instrumental and have done a terrific job. I will ask Art to step in, very briefly, after I leave. Sir, it is rare that any military organization knows exactly the time and the place when the enemy will attack. Indeed, we are largely preparing ourselves, in the strategic sense, for opponents that we will confront. Rarely do we know exactly when the enemy will attack and exactly where the enemy will attack. This is an exception. We know exactly where it is going to be and we know exactly when it will happen. It isn't a matter of just computer geeks not keeping our computers running. It is warriors, like Bob Willard and others, who are not going to be able to do their job if we are not ready. So, this is not about management. This is about being able to protect and defend the United States of America. I would like to put the bottom line right up front. We will be able to protect and defend the United States of America on January 1, 2000, and on the second and on the third and every day after that. That is not just our computer systems that run personnel records or accounting. That is our war machines, those things which will go out if we have to ask them, to take to combat the enemy. We will be ready. I will go through that today. With your permission, sir, I would like to go through a series of charts just to try to illustrate what it is we are going to do. Can I get the first chart please? [Chart shown.] Mr. Hamre. This is where we stand right now and this is the progress. If it is red, it is what we have reported. If it is the dash line, it is where we are against our totals. We have 2,300 systems that we need to have fixed if we are going to be able to carry out our missions. This is across the board. This is everything from an aircraft carrier and all the systems on the aircraft carrier, to intelligence systems, to accounting systems, to finance for payroll, the whole works. At the end of December we had 1,673 systems. Today, I think it is 1,730, something like that; 1,722 systems are fixed as of today, and validated as being fixed. Mr. Horn. On that point, ``fixed'' and ``validated,'' is there room for testing here? Mr. Hamre. Yes, sir. That is all going through with the systems testing, not the end-to-end operational functional tests that Jack was talking about. But it is systems testing. So before they can ever get permission to be put on that column as being ``filled,'' they have to be fixed, and an independent source has to validate that it has been fixed. As you can see, we are stretching out. You will see by the next chart we will be in 90 percent, 93-94 percent here by the end of March. We will make 100 percent of our goal by the end of the year. Let's go to the next chart, if we could. [Chart shown.] Mr. Hamre. Seventy-three percent of the systems were totally fixed and fielded. You see these bars here that have that little shaded area at the top? That is meant to represent that the system is fixed, but is not completely fielded. So, Brother Johnson is here with all of the ships out in the Navy. Not all of the ships may be completely fitted with a fix. But those that are going to war will be fitted. What you are seeing here of that differential is the difference between: we know the software works. We know it works when it is installed, but it isn't in every single ship, for example. Or it is not every piece of equipment. As you can see, it narrows down and gets smaller. By the end of the year, we will have six systems that are not going to be year 2000 compliant out of the 2,300. In those six, the fix is done. It is just a fielding issue. The ship may not go to sea for another 14 months. So this is just an example of it's fixed, not fielded. But it doesn't matter. OK? As you can see, we will by March have 93 percent of the systems fixed. What I would like to do is to show three followup charts that illustrate how we are tracking individually. Let us go first to the Army. [Chart shown.] Mr. Hamre. First of all, the bar when it is red, it is still being fixed. When it is green, it is fixed but is still being fielded. So as you see, the top three systems will all be fixed. They will be fixed by the summer. It just takes virtually a day to get it installed. It does not take any time. For the systems below that, as you can see, there tends be a longer implementation period. But in each case, we have got the fix largely in hand and it is just being fielded. Now these are the 10 most important systems out of the Army. There are 24 all together that are not fixed right now. These are the 10 most important. We are tracking every one of them. We have got witnesses here that know every single fix, down to where the electrons go. So if you want to ask any questions about them, we can. Mr. Horn. I understand from staff that we don't have these charts. Mr. Hamre. Be glad to give them to you. Mr. Horn. I would like them put in the record at each part of your presentation. I realize your color charts are way ahead of the congressional and GPO charts. We have a little problem distinguishing green and red. It is always in versions of black. Mr. Hamre. I understand. We will annotate them. Could we go back to the previous chart? I just wanted to make a point on something. Mr. Chairman, in your opening statement you said that we were reporting 81 percent fixed, but the report that you got from OMB said that we were only 62 percent fixed, or something like that. I will tell you what the problem is. It is a useless reporting requirement that is not doing anyone any good. We submit these reports. They are a couple of months late by the time it goes through all the building and writing a thick, darn report. Our preference would be to have your staff come over and sit in on our monthly sessions. You can see the data the day we do it. Mr. Horn. I think some of them have. Mr. Hamre. Instead of us generating a report that is 2 months late and does not give you information and just confuses you, thinking that we are slipping back, I would rather have you there looking at the stuff we are looking at. It would make a lot more sense. Mr. Horn. I will take your invitation up. We have had staff in your meetings. Mr. Hamre. Yes, on several of them. We would be glad to have them attend our monthly meetings. It would be great. That is where we are today, 81 percent. We will be at 93 percent. We will make 100 percent. OK, let's go two down to the Navy charts, if we could. [Chart shown.] Mr. Hamre. Same situation, where we are showing you the 10 most important. In this case, as you see, largely it is a fielding issue. If it is a long, green bar, it is largely a fielding issue. In very few cases, for example the backup mission planning system for Navy SpaceCom, is one that is late. It is a backup system. It is not our primary control system for our satellites. OK, next chart. Let's go to the Marine Corps. [Chart shown.] Mr. Hamre. Only three systems. The thin red line. You know they don't have much, but they are getting it fixed. It is going to be just fine. OK, next chart, Air Force. [Chart shown.] Mr. Hamre. Air Force is doing very well. As you can see, it is largely fielding questions and will easily be done. Mrs. Morella mentioned GPS, or Mrs. Biggert mentioned GPS. GPS will be fixed. We have a somewhat additional, different problem. There is a thing called the ``end of week'' problem that occurs this fall which we have fixed. The satellites are fixed. The ground stations are fixed. The Government-licensed receivers are fixed. But if people have made a non-licensed receiver, they may have problems. We have been trying to advertise this because it is an important technical detail associated just with the GPS system. But we will be ready. Any war machine will be ready for it. Again, we would be glad to go into any of the details behind any of these. Here is where we are with nuclear command and control systems. As you can see, the green bar is where it is completed and totally fixed. The yellow is where it is completed and not completely fielded. As you can see here, by the end of March we are going to have all but 12 systems completed, some in some various phase of fielding. This is absolutely everything. This is from the early warning satellites, to the radars, to the command and control displays at NORAD here in town, down to the mission planning systems for the nuclear systems, down to the stewardship custodial systems that we have for individual warheads. Everything is being tracked. We will be done and fully tested by the last quarter of the fiscal year. There is no risk that the Department of Defense cannot manage and control its nuclear weapons. OK, next chart. [Chart shown.] Mr. Hamre. I just would like to take a moment to explain. There is a proposal that we have made to our counterparts in Russia. We are not worried about their control over their nuclear weapons. This is a country and a government that has emphasized control over everything else. We are absolutely convinced that there will be positive control over nuclear assets. We are less optimistic that their early warning systems will function. We don't think the early warning systems are all of a sudden going to show satellite tracks of attacking warheads or anything like that. We don't know how you would go from a computer glitch to trajectories of an attack profile. We don't think that will happen. But it is possible that computer screens could go blank or could be interrupted. In this world, we are not interested in having a lot of confusion and doubt. So we have approached our counterparts in Russia and have invited them to join us in a center for Y2K strategic stability. We will have an early warning center. We modeled this after the air traffic control center that we operated in Berlin for 25 years. For 25 years, when Berlin was still a divided city, the United States, Russia, France and the United Kingdom jointly operated an air traffic control center so that there would not be any confusion in people's minds about aircraft coming in. Every airplane had to be logged in advance. There were coordination procedures. We felt that the best thing to do was to do that together in one room. That is our model for this. We will be ready this fall. We will be ready in the last quarter. We have invited our counterparts from Russia to come over and join us at the center. They will have their own communication links so they can get back home secure, on their own. They can look at our machines just in case there is any disruption that they might have. We think that this is an important contribution to stability. This is something that we are pursuing quite aggressively. Mr. Horn. I would agree with you. Have you had a reception of this that is positive? Mr. Hamre. Sir, yes, we have. There has obviously been a bit of concern by both parties. You know, we are anxious to have them join us. We have to do it in a way where they cannot look back up our system and determine what the configuration of our system is like and any vulnerabilities it might have. Similarly, they are always apprehensive that this is somehow a plot, you know. We are going to spy on them or something. So there is a natural reticence that always comes when we approach things like this. We just had a team over, I think it was a week ago. They had very good discussions. There are going to be followup discussions, I think, next month. We have been talking with them more widely about year 2000. Mr. Money can describe that to you because of our efforts with them. But I think that we have received a good response. I rather think this is going to happen. I think it is a confidence-building measure that both parties understand and think would be important. I might say that I think we are prepared to offer this to other countries too, if we feel that we need to provide a reassuring environment. Mr. Horn. Well, that was going to be my next question. What about some of the nuclear countries that are not too cooperative with us? Mr. Hamre. I think our view is that this is a stabilizing contribution that would be useful to others. We of course have to work this out collaboratively. We are open to discussing that with people. There are no impediments on our side to wanting to talk to people about that. OK, let's go to the next chart. [Chart shown.] Mr. Hamre. I'll break this down. This is just general timelines. There is no real precision to it. The axis at the bottom shows you the dates. We started the remediation some time back. It will continue right up until probably November. I think some of the last systems do not field until probably November. There has been contingency planning going on along at the same time. Every one of these systems has to have a contingency plan if there is failure. These are the gents at the table here that are the individuals responsible for developing those contingency plans, if we have problems. Operational testing has begun. As a matter of fact, I will ask Admiral Willard to describe a test that he just observed out at our Southern Command. I would ask your permission, Mr. Chairman, for Colonel Smith to give a brief report on the test we just did at NORAD, both in December and just last week, to give you a sense of what the operational testing environment is like. We have designated the Y2K operations period from I think it is September 1st through March 31st. There will be a special command and control, as it were, over our systems for that period. I will describe the significance of that by going to the next chart. [Chart shown.] Mr. Hamre. What you see here are test periods. Again, the axis on the top shows you the months of the year. On the vertical axis is our various military war fighting command. So, USACOM is the Atlantic command. There is a Central Command, the European Command, the Pacific Command, Forces Korea, all of our CINCs. What the Secretary did was he said, ``This is a war fighting issue. Are we going to be able to defend the country or not? I am going to put the CINCs in charge of testing, because they are going to have to live with the results.'' The first sense of discipline in the system was to say that we were not going to take anybody's word except for the guys that are going to live or die if it does not work. We put the CINCs in charge of testing. These are the test windows. We are going to just discuss one of them when I ask Colonel Smith to do it, down where you see where it says ``NORAD,'' the third up from the bottom. There were some tests that were done back in December. He has just done some tests in February and I will ask him to give a brief description. We are doing literally hundreds of tests. This is the most sophisticated testing environment that has been established, I think, in the Department to prove out that this stuff works. Let me go to the next chart. [Chart shown.] Mr. Hamre. This shows you the testing that is being done in functional areas, not just the war fighting systems. Now let me go down in, for example, Finance. I used to be the Comptroller, so I was concerned about this. An example of what we are doing in Finance is that we are doing an end-to-end test where the payroll clerk will leave an earning statement for an individual and will see that those electrons get over to the Defense Finance and Accounting Service to authorize payment. That will go to the Federal Reserve, which will take the electrons and pass them to the banking system. The banking system will route them to a correspondent bank, the correspondent bank into the service member bank. Then we will see if all of the accounts clear. That is the kind of end-to-end testing that we are doing, for example, in the finance world. We are doing that kind of end-to-end testing in each one of these areas. It is very extensive testing going on here for the next 4 to 6 months. Now, generally, you will see blocks. Some of them are designated as backup blocks in case we uncover some problems. So far, what you will see is that the testing has gone fairly well. In other words, the test fixes that we identified when we did the systems tests and proved in the systems tests have carried over to the end-to-end tests. That has largely been our experience. We have also found that in the systems tests that some of the commercial products that we have been given that were told were fixed, really were not fixed. We were able to quickly identify what the problems were. This kind of a rigorous test environment is letting us get on top of the problem and be able to get things turned around very quickly. Before we go to the next thing, I wonder if I could just ask Admiral Willard to talk briefly about his experiences he just had watching the SOUTHCOM test. Admiral Willard. Good morning, sir. I would like to talk about a test that was conducted by the Commander in Chief (CINC) of Southern Command (Southcom) and it had to do with their mission in performing counternarcotics operations. Specifically in support of that mission, they were examining their ability to detect, track, and monitor both aircraft and vessels on the sea, as well as source-zone targets in the countries of South America. They examined their abilities to hand off to their joint counterparts, as well. It was a collaborative effort between headquarters of SOUTHCOM and the interagency task forces that exist to support counternarcotics operations radar site, as well as aircraft and ships at sea that were participating in the exercise. In all, they tested over 30 systems, of which 24 in the architecture included clocks or date functions. They encountered no hard failures in any of their systems. They encountered one, what they termed a ``soft failure,'' that was year 2000 related, having to do with a message handling system and specifically, an archive function of the message handling system. Though it did not impact their operations, it was nonetheless considered a Y2K minor failure. They also uncovered a couple of other systems failures that were not associated with the year 2000 but, interestingly, were date functions within all of the systems, whether they had Y2K related clocks or not. So they were uncovering a good deal about themselves. They published some very good lessons learned that we are sharing with the other commanders in chief, the unified commanders, who are readying for their own operations evaluations. Also, in their preliminary report, they reported a number of ancillary benefits that they have derived from this entire process: a better understanding of their own architectures; a better understanding of how they interact with their supporting agencies; in fact, a better understanding of their entire mission area. We are finding that we not only derive benefits in terms of our confidence level and our ability to deal with the year 2000 issue, but we are deriving a number of other departmental benefits, as well. Mr. Horn. Well, I am delighted to hear that because I have visited the Southern Command about 2 or 3 years ago, and watched what they have been doing on narcotics. I was very impressed with the coordination that has finally been occurring over the last few years among all relevant agencies. Have we still got so many flights ending up over the waters of Puerto Rico that we had 3 years ago? It is really unbelievable. Admiral Willard. The answer to that is, yes, sir. We are continuing to be successful. Mr. Horn. I am impressed by that end-to-end testing. I think that has been our worry from day one. I agree with you completely. This ought to be an exercise which cleans up the management flow-through of decisionmaking and other things. Get rid of some and keep the others. I hope that exercise has been just what you say it is in other commands. Mr. Hamre. Sir, we will give you an example of that just shortly. If I might go to, I think this is the last chart. [Chart shown.] Mr. Hamre. I would like to explain something. We are shifting over our focus. By the way, I agree with what Jack Brock said to you. We do need to shift our focus from systems now to functional agencies. I think we are doing that. I will be glad to sit down with Jack to figure out if there are some things we need to improve in our process. I think that is the right focus. I would like to shift and conclude here by saying if there are going to be problems, the Department of Defense is going to get asked to try to help remediate them here in the United States. FEMA doesn't have its own helicopters. We have helicopters. When there is flooding, they ask us to show up and do the relief activity. If there are hurricanes that come ashore, we are the ones that set up the tent cities and pump the clean water and deliver food. So we know we are going to be called to respond if there are problems in the United States. We also know that we have to have a process where we do not respond and put at risk our ability to fight a war if we have to. So we have developed a system of priorities. The Secretary has approved this. We can allocate our resources, at least think about them in a rational manner, when we are responding to the consequences. Our first priority is to fight and win a war, if we have to. First of all, any unit, right now, its day-to-day mission is to carry out an on-going military operation, to carry out on-going intelligence operations, to protect and support the national command authorities, to do those kind of ``survival of the Nation'' functions. Any unit that is assigned to do that may not divert its resources to anybody for anything, without getting the permission of the Secretary of Defense. That is priority No. 1. Priority No. 2 is any organization that is an early deployer for a war, if we have to get involved, and by this we mean within the first 60 days, we will let that unit commander help out locally. But they may not consume material, resources, and supplies that cannot be recovered within 60 days, without getting the permission of the chairman of the Joint Chiefs. We are not going to compromise or sacrifice our ability to get ready to deploy for a major war if we have to. After that, all commanders are authorized to make resources available to help out locally. There is going to have to be some rationalization process. We think that the next most important thing is, priority No. 3, supporting our sister agencies in the Federal Government. We don't want to have a problem with the Federal penitentiaries. I am not forecasting there will be, but that is clearly an area where we are going to be helpful if we are asked to be helpful. We want to help our brethren in the Customs Service if something comes up in the FAA. Let me give an example. We have the ability in the Department of Defense, of course, to set up our own air traffic control. When we send a deployment, for example, to Bosnia, we don't necessarily trust the local air traffic control system. So we set up our own, complete with air traffic control towers and radars, approach radars, et cetera. We can do that for several dozen locations at once. If we have problems here in the United States, we are prepared to help set up air traffic control. But we need to know that we are not going to do that and put at risk our ability to support a war plan. It is that sort of rationalizing of scarce resources so that we can make sure we can do it without jeopardizing our primary mission. That is the purpose of this process. Mr. Horn. Has the FAA Administrator or the Secretary of Transportation asked for help? Mr. Hamre. Sir, no, they haven't. Everything we hear, and again I am taking my knowledge from talking in detail with John Koskinen, and John sits in with our monthly sessions, that we think they are going to be OK. There could be some problems with regional airports, more at the local level. We don't know that yet. I know that that is very much what they are turning their focus to. Again, we are saying that we have assets. We will support. We will provide the supporting activity for the rest of the Government. We are first going to have a process to make sure that we can afford to do that from our primary war fighting mission. Mr. Horn. Well after this hearing is over, I am going to phone up and see why they aren't calling you, because they should. Mr. Hamre. Well, sir, I think our preference would be is that we do this together through the process John Koskinen has set up for the Federal Government, rather than them just call us directly. Of course they can call and we would be glad to respond. We would like to have it in a coordinated manner through John. John is doing a terrific job. We think that mechanism could work and could work fairly well. OK, I think that here is where we are. We will be ready on January 1st. As I said, there are only six systems, and they are not crucial for going to war because the systems are not going to be going to war. Our war fighters are responsible for testing. So if there is a problem with the guys that are going into combat, they have a responsibility for telling us we have a problem. There are contingency plans in place for every one of these systems. Infidelity. This was one of those issues we worked earlier in the year. I know the fidelity was less than it should have been earlier. I think it has improved. I will have to rely on some continuing input from the IG and GAO to help us identify that. We are very open to doing it. The nuclear command and control system is fixed, or is going to be fixed. It is going to be very scrupulously and rigorously tested. We are prepared to support domestic activity and overseas activity, if necessary. We are going to have to do that in a very disciplined way. We have got lots of assets, but we don't have anything close enough to cover it if it is a very, very widespread problem. Now, sir, with your permission I would like to ask Colonel Smith to give you a summary of the testing that we did, one of those little boxes. This was the little box that we did out at NORAD. It was really the first, lead sophisticated testing. If I could indulge the committee to take this briefing right now. [The prepared statement of Mr. Hamre follows:] [GRAPHIC] [TIFF OMITTED] T0621.041 [GRAPHIC] [TIFF OMITTED] T0621.042 [GRAPHIC] [TIFF OMITTED] T0621.043 [GRAPHIC] [TIFF OMITTED] T0621.044 [GRAPHIC] [TIFF OMITTED] T0621.045 [GRAPHIC] [TIFF OMITTED] T0621.046 [GRAPHIC] [TIFF OMITTED] T0621.047 [GRAPHIC] [TIFF OMITTED] T0621.048 [GRAPHIC] [TIFF OMITTED] T0621.049 [GRAPHIC] [TIFF OMITTED] T0621.050 [GRAPHIC] [TIFF OMITTED] T0621.051 [GRAPHIC] [TIFF OMITTED] T0621.052 [GRAPHIC] [TIFF OMITTED] T0621.053 [GRAPHIC] [TIFF OMITTED] T0621.054 [GRAPHIC] [TIFF OMITTED] T0621.055 [GRAPHIC] [TIFF OMITTED] T0621.056 [GRAPHIC] [TIFF OMITTED] T0621.057 [GRAPHIC] [TIFF OMITTED] T0621.058 [GRAPHIC] [TIFF OMITTED] T0621.059 [GRAPHIC] [TIFF OMITTED] T0621.060 [GRAPHIC] [TIFF OMITTED] T0621.061 [GRAPHIC] [TIFF OMITTED] T0621.062 [GRAPHIC] [TIFF OMITTED] T0621.063 [GRAPHIC] [TIFF OMITTED] T0621.064 [GRAPHIC] [TIFF OMITTED] T0621.065 [GRAPHIC] [TIFF OMITTED] T0621.066 [GRAPHIC] [TIFF OMITTED] T0621.067 [GRAPHIC] [TIFF OMITTED] T0621.068 [GRAPHIC] [TIFF OMITTED] T0621.069 [GRAPHIC] [TIFF OMITTED] T0621.070 Mr. Horn. Please, come to the table and take whichever one of these sad microphones you can put your fingers on. Colonel Smith. Will that be sufficient? Mr. Horn. That is fine. Just speak into the mic. Colonel Smith. Mr. Chairman, Madam, for the next 5 minutes I would like to give you some understanding of what your North American Aerospace Defense Command has been doing for the last 4 or 5 months in the skirmish in the operational evaluation of the Y2K problem. I am going to show you a number of fairly technical charts. Your staff will have those charts. I trust you understand my intention is not to confound the committee and not to impress, but rather to express the level of detail with which we have examined the problem, and the amount of rigor that has been applied to testing them in the operational environment. Next chart, please. [Chart shown.] Colonel Smith. As you heard described, there are four parts to the DOD Y2K plan. Each of the 11 combined and unified Commanders-in-Chief have been tapped with the responsibility of taking the work that has been done by the system program offices doing individual technical testing and the services and agencies and functional deputies doing various portions of their string and functional area tests and apply that system's approach to the actual mission environment. In other words, take a sensor to shooter string of operational systems; apply an exercise scenario over the top of that; operate the systems in the Y2K environment and ensure that we can conduct the mission. Next chart, please. [Chart shown.] Colonel Smith. These are the two critical missions that North American Aerospace Defense Command has and General Myers is responsible to you and to the American people for aerospace warning and aerospace control. Integrated tactical warning and attack assessment is the warning of ballistic missile attacks, nuclear attacks, atmospheric and space attacks. The control part is the air sovereignty and air defense part. The portion of this chart shown in red is the portion that we addressed in our December operational evaluation. The remainder was addressed in the last 2 weeks during our February operational evaluation, otherwise known as Amalgam Virgo 99-2. Next chart, please. [Chart shown.] Colonel Smith. This is obviously a chart to choke a horse. Again, the purpose of this chart is not to address in detail each of the systems involved, but to express the level of detail we went to to ensure that we understood the complete missile warning mission architecture: every box, every connecting communication system that is involved in that architecture. From that architecture we carved out the minimum number of systems, from sensor to shooter, if you will, required to execute each of the two missions I showed you on the previous chart. Next, please. [Chart shown.] Colonel Smith. What that looks like in an operational sense is that the global missile warning system, for example, to include the radar sensor systems shown in yellow; the infrared satellite detection systems and their sensor processor systems, shown in blue; the correlation centers where all of the radar and infrared information is brought together and correlated shown in pink, principally Cheyenne Mountain; and in green, the forward users or shooters, in this case the principals being the National Military Command Center, the National Defense Headquarters in Ottawa and CINCSTRAT's headquarters in Omaha. Next chart, please. [Chart shown.] Colonel Smith. This is what I call a blue box chart, if you will. It is the thin line that we carve out of that, that is, the minimum number of systems. This is what we looked at in December. We looked at a representative sample of each of those three kinds of radars that I showed you and the infrared processing system. We processed it through the two correlation centers. In this case, principally the alternate missile warning center at Offutt and forward to STRATCOM headquarters to the National Military Command Center. In participation with the Nuclear Command Control and Communications process, we also forwarded that information to site R to make sure one, that we had a good proof of process for operational evaluations; and two, that we could take a look at some of our systems. Each of the blue blocks that you see here represents a system that has a clock in it, whether it be a distribution or a process system, or a SECURECOM interface or some kind of a display. Next chart, please. [Chart shown.] Colonel Smith. What we found from that December operational evaluation were no failures. Not only did we have good performance in the real-world environment, which suggested to us that, whatever happens, our real-world system is going to operate properly for us. Our final report was posted on January 5th, 1999, and that can be made available. Next chart. [Chart shown.] Colonel Smith. Having established a good proof of process for operational evaluations and an understanding of our systems, we went forward this last 2 weeks in our second operational evaluation looking at all of that space and missile warning architecture, as well as the air warning and control architecture. We ran runs prior to clock rollovers, across the clock rollover, and after the clock rollover for each of the four critical dates, the so-called 9/9/99 date, dated September 9th, the December 31st rollover, and the two leap years, February 28th and 29th. We looked at a representative sample again at the IR missile sites and space sites. In the air side, we looked at like and simulated tracks to make sure that we had good redundant data, and we looked again at the same environment there looking at critical sites. Next chart, please. [Chart shown.] Colonel Smith. This is a missile warning thin line. In addition to what we did in December, we picked up that last ballistic missile early warning radar system that we had not looked at. In addition, we looked at several elements of the survivable endurable nuclear command and control system to include the mobile ground stations and the mobile consolidated command centers. We also brought forward the national defense headquarters in the Canadian NORAD Region, along with the Fylingdales radar station in the United Kingdom. Next chart, please. [Chart shown.] Colonel Smith. The space warnings thin line is very much similar to that with the exception of the radar that we added at Eglin Air Force Base. Next chart, please. [Chart shown.] Colonel Smith. Looking at that air warning system, the second week, we took of the over 100 radars that ring the North American continent for aerospace early warning, we took five representative samples of the five key types of radars that constitute that entire system. Next chart, please. [Chart shown.] Colonel Smith. What those look like when you apply them to that thin line environment, is the radar processors that we looked at through the radar display systems and processing systems at each of the regions, CONUS, Canada, and Alaska, through Cheyenne Mountain again, a slightly different display system, but essentially the same processing through to those same forward users or shooters at the National Command Center, STRATCOM, and the NDHQ in Canada. Next chart, please. [Chart shown.] Colonel Smith. The summary, then, is that the first exercise of Vigilant Virgo 99-1 went without a hitch. We had high confidence based on nominal performance after that evaluation. We just completed our second evaluation of the entire mission string that we require. Our quick look is that there were no hard failures for our NORAD system. And, I will tell you that we were running some non-mission-critical systems in the background to take advantage of the architecture that we put together, and in one of those systems, we had a situation similar to what Admiral Willard described with a message handling piece, but the system program office that is responsible for that tells us that it will be 60 days or less before we have that one fixed. And in any case, it is not a mission-critical system. So, we were successful in finding some problems and in time to have them fixed. The last message that I would give you here is a continuity of operations bullet. My point there is that, having completed our operational evaluations, we at NORAD do not consider ourselves finished. We are responsible now to put together a real-world operations plan so that we can deal with the actual dates as they occur, so that we work with our local community to make sure that we have prioritization and sharing of resources to deal with unexpected consequences, that we have the right people in the right place to deal with the systems, and that we are prepared to distribute messages throughout the system to validate the performance immediately after each rollover. So that we don't have to wait until a real-world event occurs to find out whether it is actually working or not. So, we are going to apply very rigorous process to that operational planning, so that we are prepared to deal not only with what we have discovered in our test, but what happens in the real world. The bottom line is the Commander-in-Chief, NORAD General Myers, is going to be able to provide that warning and control, just as Dr. Hamre has described, on January 1st and every day thereafter. Subject to your questions, that concludes my statement. [The prepared statement of Mr. Smith follows:] [GRAPHIC] [TIFF OMITTED] T0621.071 [GRAPHIC] [TIFF OMITTED] T0621.072 [GRAPHIC] [TIFF OMITTED] T0621.073 [GRAPHIC] [TIFF OMITTED] T0621.074 [GRAPHIC] [TIFF OMITTED] T0621.075 [GRAPHIC] [TIFF OMITTED] T0621.076 [GRAPHIC] [TIFF OMITTED] T0621.077 Mr. Horn. Well, let just sum it up. You have had extensive testing and interactions in a real-world environment for most of your systems in NORAD, and you only have very few left to go. And as I have looked at the basic Y2K mission-critical system, we are talking about the Army, at 10 out of 24, OK; USN, 10 out of 55; USAF, 10 out of 14, and then the nuclear side, of the 275, most will be completed by the end of March, except for 12 different systems, as I heard the testimony. So, how much is really left here after the President's date of March 31st? Colonel Smith. As far as our mission-critical systems---- Mr. Horn. Yes. Colonel Smith [continuing]. For NORAD? All of the mission- critical systems for NORAD, those that are supplied to us by the Army, Navy, Air Force, are compliant. We have some non- mission-critical systems of which only one will extend, as far as I understand it, past the 31 March deadline. Mr. Horn. OK, they are compliant and that is after the testing in a regular real-world interaction going on around it? Colonel Smith. That is correct, sir. Mr. Hamre. Mr. Chairman, if I might just wrap up just to say that I think Admiral Willard said something very important to me while we were listening to R.F., and that was, we are glad that we saw a couple of failures, because if they just came back and said everything worked fine, we would think our testing wasn't good. So we look on failures not as a sign that we have got problems, but, frankly, that the test environment is working. And I think that it is very important. Sir, that really wraps up what we wanted to say to you. Of course, I got all the smart guys here to answer the real hard questions. Mr. Horn. Since you are going to succeeded by Assistant Secretary Money, is part of the problem why the Pentagon was delayed, the fact that General Paige retired as Assistant Secretary, then his Deputy Assistant Secretary retired, then two Directors under them retired, so, I taketh you have had a tough time filling that area. Mr. Hamre. Well, sir, I think that in fairness, it is half right and half wrong. What is right about it, is that you are absolutely right. Art Money has made all the difference in the world to get in there. And we went for a period of time of 8 months without having somebody in the job. So, that was a huge change. I remember attending my first Y2K session back about 4 years ago when I was a Comptroller, and it was very hard to get people to feel that this was something other than just a computer geek problem. You know, this was largely viewed as just a technical problem. And it really took until last summer, when we said, and this isn't about computers; this is about fighting and winning wars; this is about people; this is about leadership. And it was bringing them onboard, and fortunately, what Art was able to do was to bring a discipline process that he and Marv and Bill had worked out, so that we really could take advantage of that energy that the Secretary put into the system. It is working. I think we are going to be OK. I don't want to give you the impression that we won't have some surprises, but we are going to be able to take care of this country. Mr. Horn. Let me ask you one last question for me, and I will yield to my colleagues. The microchip situation, not just the critical mission bit. How many? You have probably got a billion or so---- Mr. Hamre. Yes, lots of them. Mr. Horn [continuing]. Somewhere throughout the Department of Defense. What are we doing on that? Mr. Hamre. Sir, some others here know. I think the answer is we have done some testing already. We found that the problem isn't nearly bigger than we thought it was, and who---- Admiral Willard. I can cover it in general. Sir, the process of checking microprocessors is part of our remediation series of events. It is actually handled in the management plan. And these systems that you are seeing tested here are not strictly date functions that are associated with software, but, indeed, date functions associated with microprocessors as well. And you are right, there are a great many of them in our systems. But, once again, as we took the systems through testing and through remediation, in addition to our software requirements, microprocessors were part of that entire checks- and-balances issue. Mr. Horn. I yield 5 minutes to Mrs. Morella, the co- chairman of the task force. Mrs. Morella. Thank you very much. I thank you for your testimony and the charts, and I think the testimony has been somewhat comforting. I have a number of concerns. One was the personality; you have tried to address that. Computer chips was another one. I am concerned about the contractors that you deal with, knowing that you deal with so many of them. How are you going to handle making sure that not only they say they are compliant, but that they have been adequately tested? I don't know whether you have a special department or group that are looking at that, or whether each of the compartments is looking at its own, in terms of its contractors, and have you found them reticent to respond to your inquiry in terms of validating or assuring that they are compliant? Mr. Hamre. Mrs. Morella, of course, we have so many contractors. Mrs. Morella. Yes. Mr. Hamre. I mean, several hundred thousands of contractors that we work with, and, of course, all the utilities all around the country, et cetera. So, it is not a process that we can run centrally. This is one where we have to give individual organizations responsibility to check with who they work with most and that sort of thing. And everybody has been given that job. And our answer is that, for example, if we have a contractor we are not sure if they are going to be able to provide spare parts, you know, in a Y2K environment, let's not go out and stockpile a bunch of spare parts. Let's find a contractor who is. You know, let's find somebody. Let's use the power of the marketplace here to get people to fix their systems. Now, we have found it difficult for companies to give us unequivocal answers about where they will be. And it is partly this fear of lawsuits, you know, that has frozen up so many people here with year 2000. This is a big problem. This is a problem that, frankly, rests--there is only one place in the world that you can settle it; that is here in Congress, and that is to reconcile the relative priorities of the legal due process rights that belong with both aggrieved parties and claimants and defenders versus the problem we are having getting unequivocal answers to questions. We are doing our best to work around that, but, frankly, the environment people that are in there are never going to give you 100 percent guarantees. I can understand that because of the environment we have. So, we work other ways of trying to get a handle on, are they going to be ready; aren't they? We ask to see, well, tell us about your testing plan. Tell us about how you are going through your internal procedures to confirm you will be compliant. You can get a pretty good sense pretty quick. I mean, if they get kind of a blank bovine and stare, you know that we are in trouble. Mrs. Morella. I hope so, because I still find that daunting and rather frightening. Are you also indicating that you feel some kind of liability legislation is appropriate? I mean, you know we have legislation that is saying that it is not a waiver of immunity; it does not offer the immunity, not a waiver of liability, but it looks at frivolous lawsuits, talks about alternative dispute resolution, and has a series of other components that might well reduce that chilling effect. Do you have a feeling about it? Mr. Hamre. Madam Chairwoman, I really have to defer to John Koskinen, to speak on behalf of the administration, I think, for that, rather than I don't--the Department of Defense wouldn't have views independent of what the administration would have, and I really need to have him answer that question. Mrs. Morella. I understand the situation, and I guess I was just kind of thinking personally. Mr. Hamre. And we would like to work together with you to get that, yes. Mrs. Morella. My other concern, and I would certainly invite, if time allows, our Inspector General and GAO representative to comment on--I am very concerned about other countries; you mentioned Russia; you mentioned trying to assuage their concerns and to help them, and I assume this is Kazahkstan and all of the other Republics, too, of the former Soviet Union. But, I also traveled in Asia and even to Tokyo, to Japan, and of course, Indonesia and Korea, and they are just so far behind in terms of remedying of being compliant with Y2K. I don't even think they understand all the ramifications of it. My concern is, of course, obviously, the interoperability, the fact that we have bases on so many of those places, too. Are we placing our own people in jeopardy about the world? Would you like to comment further on that? Mr. Hamre. I will try to be very brief. We are not worried about our war-fighting systems, because, frankly, they are kind of designed to operate independently, wherever they are. But we are worried about, you know, the living conditions and the support functions that go on that we have overseas. We are apprehensive about where things stand in Korea and Japan, not that they don't have very talented people to fix things; they do, enormously capable people. But, you know, they have had their hands full with some serious economic problems for the last year and a half and they probably haven't been spending as much attention to this as have we. So, we are nervous about it. We have asked our Commander-in-Chief for United States Forces in Korea to work with the Koreans, and I believe that we really do have a good dialog now established with the Koreans about it. We are particularly worried about things like electrical power, things of that nature, telecommunications. Probably our biggest concern, if we have it overseas, is with nuclear power reactors in the old Soviet Union. We don't know that there are very good safety backup arrangements for them. That makes us worried. You know, we are nervous about that. Again, it is not so much that it affects our ability to operate our military ability, but I think in a broader sense, I think Americans should worry about that. Why don't I see if our colleagues here have some followup notes. Mrs. Morella. Thank you. Mr. Brock. I think that is a very important area, Mrs. Morella. The potential for Y2K disruptions in other countries I believe is much greater than it is in the United States. I think that Deputy Secretary Hamre is correct when he states that it might not have an immediate impact on our forces, but it, obviously, has an impact on economic relationships, on trade relationships, on our ability to get goods and services into the United States, and on our ability to have effective harmonious relationships with other countries that might be having disruptions caused by large-scale failures. The problem is, it is unlike the Department of Defense where we are able to go in and identify the issues and come up before you and discuss them; we don't have that same level of visibility within the international arena. Mrs. Morella. Mr. Lieberman. Mr. Lieberman. Within the last few weeks, I have had people doing extensive work in Korea and in the Middle Eastern countries, where we have forces stationed, and we have also done some work in Europe. I would concur that most countries in the world, other than most of the European countries, Australia, New Zealand, and Canada, are well behind us. We need to do a lot more communicating with them than has been done in the past. We have found basically a lot of situations where they are waiting for U.S. officials to come talk to them and we have not done that yet. So, the auditors have been trying to close those communication gaps. Actually, I think the level of awareness is going up very steeply in all of those countries, for a variety of reasons. There was a World Bank report in January which shook up lots of countries when the World Bank reported that they were not doing well in Y2K. In the Republic of Korea's case, they didn't answer the mail from the World Bank, so they got a blank on the chart which showed whether or not you were doing anything, and they are very upset, because they do have an active program now. We are dependent on these foreign countries for everything from air traffic control in Kuwait and using Kuwaiti hospitals to Republic of Korea railroads, power, water, all kinds of things. So, this is a critical concern. And it is one of those areas that, as I mentioned in my statement, still has to be worked very intensively as the year goes on. You probably couldn't have done that much 6 months ago because the countries simply weren't ready to talk, but I think now they are. And all of those that are members of the Organization for Economic Cooperation and Development, which include Japan, Korea, and most of the European countries where we have bases, are pushing forward much more vigorously with this now than they were before the turn of the year. Mrs. Morella. Thank you. I know my time has expired. Mr. Horn. Thank you. Mrs. Morella. China is another country, too, that, you know, enormous proportions. Thank you. Mr. Horn. Thank you. I now yield 5 minutes requesting to Mr. Turner of Texas, the ranking member of the subcommittee. Mr. Hamre. If you will indulge me, sir, Mr. Money, who knows everything, anyway, I am going to ask him to sit in my place. Mr. Horn. Well, can you indulge me for 30 seconds? Mr. Hamre. Oh, yes, sir, of course; you are the chairman. Mr. Horn. And I will tell you this: You will know with your experience on the Hill, but occasionally, a Member will throw in something when they have got the big man in front of them. So, this is a big man question that has come over from the Pentagon. ``For as long as anybody can remember, we Pentagon employees have been walking from the parking lot to the building, no matter how far from the building we have had to walk. Reason: it is against regulations to use government vehicles for employment commuting purposes, which is what a shuttle would be. Now, we find out the Defense Supply Center in Columbus, Ohio, operates a parking lot shuttle in a parking lot much smaller than the Pentagon's. As justification, they site DOD Regulation 4500.36-R. If that regulation can justify shuttle service for DOD employees in Columbus, Ohio, then why can't it justify the same service right here at the Pentagon.'' I merely bring this up because they might be working on the Y2K problem--[laughter]--and if you would not mind, Mr. Secretary---- Mr. Hamre. I will look into it. Mr. Horn [continuing]. Making sure there is an answer on disparity of treatment with this Department. Mr. Hamre. I absolutely will look into it. It is in our interest to get the workers there earlier. So, I will find out what is going on. Mr. Horn. OK. Thank you very much. [Laughter.] Mr. Money, then, will replace you. And, Mr. Money, tell us how long it took to, one, to get your appointment up there, and, two, to get confirmed? Mr. Money. It is not even up there yet. [Laughter.] Mr. Horn. Because we have all been wondering, you know, where are you? And, I take it, it took rather lengthy or what? Mr. Money. No, sir. I am still the senior civilian official. Mr. Horn. I see. OK. So, you haven't been confirmed yet? Mr. Money. I was confirmed about 3-plus years ago as the Assistant Secretary of the Air Force for Research, Development, and Acquisition. Dr. Hamre asked me to come down about a year ago to take on this job. So, pending, if I am nominated and if I am confirmed, then I would be the Assistant Secretary, but today I am the senior civilian official of the Department of Defense. Mr. Horn. This is the Assistant Secretary C3 plus intelligence? Mr. Money. Yes, sir. Mr. Horn. Yes, we are glad to have you onboard. Mr. Money. My pleasure. Mr. Horn. And Mr. Turner now has the floor. Mr. Turner. Thank you, Mr. Chairman. Secretary Money, after listening to Dr. Hamre, I think we all are very much reassured that the Department of Defense has gotten this house in order, and obviously, you are due much of the credit for that. And I think we heard some very interesting proposals that you are planning to implement, one of which I found very interesting, and that is the idea that you are going to invite the Russian military to come look over the shoulders of those who man our nuclear weapon systems on January 1. I wondered if that had ever been done before. This seems like certainly a groundbreaking event? Mr. Money. Not in the nuclear area, to my knowledge, Mr. Turner. The State Department is actually working that. We came up with the idea several months ago, but it is being worked through the State Department. As it was alluded to earlier; there have been several groups going back and forth to Russia discussing this. Also, I believe there is some discussion about bringing in anti-nuclear power, so that in fact they can, in fact, see that, through our early warning systems, if anything else is going on, to assure them that if there are screens that go blank or all light up, whatever may be a problem out of Y2K, that there is an independent or yet another source of information to preclude any inadvertent reactions. I might, if I could, just add onto a previous question that the IG responded to. Mr. Curtis, back here, he has been overseas a lot. We have had several workshops with various countries. In particular, what comes to mind are several NATO allies. We have also gone into Australia, Canada, into Russia, more recently. So, we have had an outreach program from the DOD. But the overall outreach program, and in fact it was being handled under the coordination with the Y2K coordinator, John Koskinen, but of note, he has had a meeting, I want to say, maybe 6 weeks ago, 2 months ago, up at the United Nations, where there were over 100 countries present, where the problem was talked about, awareness was heightened, as a beginning to get other countries in the world more aware, if not, into remediation. So, there has been a fair amount of outreach, albeit, there always could be more. But the State Department is also looking into that. But, when it comes to Y2K, we look to John Koskinen as being the defining authority on all those activities. Mr. Turner. What kind of potential problems do we face with our NATO allies where we have joint operations, say Bosnia? What kind of potential problem do we have, and have we done anything to try to remedy that? Mr. Money. Absolutely. We have the Supreme Allied Commander, General Wes Clark. He is also CINC for European command. So, he has those two hats. He stands up in front of the Secretary and the Deputy on certifying that the United States Forces in Europe are ready, but, also, we have looked at him and tried to help in the NATO area. Frankly, I have some concerns in NATO. Some of the countries are going after the Y2K problem with a vengeance; others are less so. The U.K., Netherlands, France, are very much up on Y2K. Germany is maybe a little bit behind, and then some of the other countries are quite a ways behind. In particular, operations into Bosnia today rely on circuits that are not Y2K compliant. We are trying to get them to be Y2K compliant by the end of the year, but there are some worries about that. We also have backups, though, from a U.S. standpoint, that would help. So, I can't give you a blanket guarantee that all the communications and command and control of the NATO are up and compliant to date because they are not. But there is effort being made against those areas, albeit I think it is a little late and maybe too short, not enough being done. Mr. Turner. So, the reports that we have been given today really are directed our own systems, and really do not represent an assessment of what kind of problems we might have when we are doing a joint operation with NATO? Mr. Money. You are absolutely right. What we are talking about is what the DOD can do for operations when there is a coalition or an allied operation; these folks will also look at that. So, let me just give Admiral Willard here a chance, but, also, the people here from the Army, Navy, Air Force, and Marine Corps. Admiral Willard. I would say this: Very recently, the Y2K Task Force lead for the North Atlantic Treaty Organization [NATO] visited us in the Pentagon, in fact, visited with me for some time just to compare notes in terms of the approaches to our respective problems. He is from the United Kingdom and was assigned the responsibility to oversee their remediation process and evaluation process. And, as Mr. Money points out, they are not as far along as this Department is right now, but are enthusiastic, and they understand the process. If not in remediation of actual systems, then in building the necessary contingency plans to be able to work around them. Also, we have an ongoing dialog between our European command and NATO, and NATO has an infrastructure that is, in fact, in place to address the problem. Mr. Money. Admiral Johnson, you want to talk about the Navy, and in particular, Mr. Turner's question? Admiral Johnson. We started last year recognizing that we had to deploy ships year 2000 compliant at least 6 months ahead of time because of the length of our cycle. The first year 2000 compliant battle group is the Constellation. We just finished the year 2000 joint systems integration test. Well, actually we haven't finished it. It is ongoing right now. But, New Year's Day 2000 was at 1600 local in the SOCAL operating areas on Saturday. I was there. The clocks rolled over and flight operations and the man overboard drill and everything else just continued, and they held a New Year's Eve party on board. The HMCS Regina, a Canadian ship, is deploying with that battle group. She has been involved in our testing and planning. Much of our C3 interoperability with our allies in the battle group environment are the results of FMS sales. Our FMS offices have contacted our allies, have informed them which ones of our sales are year 2000 compliant, which ones aren't, and what the fixes are. We are providing that information to our allies so that they can implement those changes. Regina is an example where we had the Canadians involved in our testing because they are going to deploy with us, and have gotten her capability tested in a year 2000 environment. Mr. Horn. General Ambrose. General Ambrose From the Air Force perspective, we are absolutely sure that our systems and our people will be ready to go on January 1, 2000. For foreign systems on the FMS side of things, we do a very good job of telling foreign countries to whom we export technology, what the status of that equipment is. And we know what the status of it is on the day that we transfer it to that foreign country. Now, quite honestly, if that country chooses to modify the equipment somehow or add a third country's technology to it, then we no longer know the status of it. For that reason, interoperability has become an important issue to us. And what we have done, is engaged our major commands, most of whom are components to a commander-in-chief somewhere in the world, and asked them to engage those commanders-in-chief, because the approach that you take to interoperability will be different in every theater because of the mix of countries you have there, because of the Y2K status of those countries, and there is certainly no uniformity in that anywhere across the globe. So, the right answer to this, I believe, is the approach we have taken, and that is, to have the war-fighters engage our coalition partners and allies and to work out those interoperability issues with them in theater for the situation they encounter. Mr. Horn. The answer to Mr. Turner's question? Ms. Browning. Good morning, Mr. Horn. First, let me tell you that, as of right now, about 95 percent of the Army war- fighting systems are compliant, and the rest of our systems, as has been talked earlier, will be compliant toward the end of the year, between now and then. Concerning the issue of interoperability, right now we are in the process of going through all our war-fighting divisions. Our 10 divisions are 4 corps, and we are testing all of the systems. Probably the biggest issue we have, as has been indicated by my colleagues, is the foreign military. We are working with our Army Materiel Command. We are working with our partners both in Korea and Europe to make sure that as we do the test not only in our corps and divisions, but also with unified commanders, that the equipment we are using in the coalition warfare, that information is knowledgeable to these folks, they are looking at our implementation of that, and if they have a system they need to adapt, that we provide them all the information in doing that. So, we guarantee when the United States, when the Army weapons are given to those other countries, we give them the status of the Y2K compliancy of those weapon systems. Mr. Horn. Colonel McHale. Colonel McHale. Thank you, sir. The Marine Corps presently has fixed 84 percent of our mission-critical systems, and we are on track to finish the remainder prior to September of this year. The way the Marine Corps is configured, we are more expeditionary and less dependent upon overseas bases, so we don't have the problems that the Army and the Air Force would have. We just completed an operational evaluation that we conducted in Norway, which was not intended to be an interoperability exercise with the Norwegians, but they observed our exercises, and we traded information with them about the status of where they were, and came away quite confident that they were taking similar measures, although they are not on the same time line that we are. We demonstrated some interoperability with them in Y2K systems, although it was not part of a detailed technical plan, and again, came away with the idea that they were on track and performing very similar measures that we were. Mr. Horn. Good. I thank the gentleman for that question, and now yield the 5-minutes to the vice chairman of the Subcommittee on Government Management, Information, and Technology, Mrs. Biggert, of Illinois. Mrs. Biggert. Thank you, Mr. Chairman. Rear Admiral Willard, I had the opportunity 2 weeks ago to be at the Southern Command on my way on counternarcotics, visiting six countries in Central and South America, and was very impressed with what was happening down there. You mentioned that the Y2K problem was not jeopardizing their mission down there, that they were able to do both at once. I wondered if, since it seems to have been a lot of progress made down there and doing the end-to-end testing, if they are providing help to other areas, if they are sending anybody there to work on this problem or are all these commands doing it separately? Admiral Willard. In the case of Southern Command, the entire area of responsibility for that CINC, the commands, both interagency and within Southern Command proper, are all participating in this event. That said, there is ongoing dialog with some of our host nations to involve them in our year 2000 assessments, and it has met with limited success. I would say that the true successes have been with our Uniformed Services in the operating area, as well as the Coast Guard and the other agencies down there that we are coordinating with. But, as is the case in Europe and as is the case in Asia, we find it challenging in the Southern Command to ascertain the exact status of infrastructures in and around our forces that are operating there, and we continue to strive to do that. Mrs. Biggert. I guess then my next question, is there a coordination between the different commands, like in Europe? Is there anybody that is in charge of overseeing all of those areas and making sure where there are successes in the testing of one area that that is forwarded to the other areas and to see if there is any difference? Admiral Willard. As you know, geographically, our world is divided among our uniformed commanders in chiefs, and they are, in fact, responsible for the conduct of the operations evaluations that you have seen illustrated this morning. They all have a reporting requirement not only insofar as their operations evaluations are concerned, but also as an ongoing assessment of the status of their forces within those regions of the world. So they are maintaining visibility on both the success of their operations evaluations as well as the forces that are in country by the various Services. And I would say too that the Uniformed Services individually maintain a great deal of visibility on their foreign base and facilities structures overseas and are continuously reporting their status as the year 2000 is concerned. Mrs. Biggert. I guess what I am asking is, at what point is there coordination between all the services? At what level is there someone who is coordinating all of the services? Admiral Willard. That is Mr. Money. Mrs. Biggert. Mr. Money would probably know. Admiral Willard. It is also the Joint Staff to some extent. So, though we focus primarily on the unified commands, the real focal point of effort, the real coordinating effort within the Pentagon is the conduct of the synchronization meetings that were described earlier where the uniformed services are represented. We in the Joint Staff represent our commanders-in- chief, and all of the agencies are responsible for their functional areas, and their tasks are also represented there, and we discuss at that level all of our interactions. Mr. Money. Ma'am, if I could just add to that--this admiral here is the joint staff representative that also pulls all of that together. And he and my deputy, Marv Langston, meet weekly now on these harmonizing meetings, if you will, to sort those things out. I also want to just mention, not one CINC stands alone. There is supporting CINCs like transportation or space command, or whatever; that information is also being brought to those CINCs. By law, we have two tests for everything we are doing, and you can see there is 27, going to 31 tests; there is 30 CINCs, so there is a lot of duplication of support functions that are also being tested. So, they are not totally standalone per se. Mrs. Biggert. Thank you. I guess then, Mr. Brock, you talked about the management function and how there needs to be improvement with that. Is this the area that you are talking about? Mr. Brock. Yes, ma'am, exactly. The example you saw earlier regarding the NORAD operational evaluation, was an example of a timely controlled test, well-defined test parameters, a well- defined test script; a test script was followed, and things worked. When things didn't work, there was a way of going around it, and people were able to track it. That, we have been finding, is fairly typical of what we are seeing in the operational evaluations. However, on the functional evaluations, and when we review the plans of the functional evaluations--these are things like logistics, health, personnel, accounting, processes that the Department depends on on a day-to-day basis to support everything--and when we review their plans, we don't find that same level. I mean, we see a lack of test schedules, a lack of identification of specific goals and objectives, and it is more difficult to track what is going on there. I think the synchronization meetings that Mr. Money was talking about go a long ways toward resolving some of these differences, and we attend those synchronization meetings. But, to some degree, they are just reports of individual components and they are not funneled in such a way that all the information comes in in the same format or the same form that is easy for the top managers to make decisions about, and to determine what is going wrong and what is going right. So, this is the area that we are recommending that they need to improve, the type of management information coming in, so that there can be better oversight over these processes. Mrs. Biggert. Thank you. Mr. Horn. If I might just interject a minute, to clarify that answer--you make a very good point, Mr. Brock. I would like to ask Mr. Money and yourself if you have seen not only a report that comes in on a regular cycle to the responsible manager--I would be curious, Mr. Money, in answer to Mr. Brock's answer to Mrs. Biggert--to what degree do you have them on, say, weekly reports, every other week, or monthly reports? What is our timetable there to get a sense of urgency throughout the whole establishment? Mr. Money. Let's see, at the Department level, we meet monthly, reviewing what has transpired according to a plan from the previous month. Each of these functional people or PSA's, Principal Staff Authorities, over whatever these functional areas are, are meeting more often with whatever is going on in their particular area. I don't dispute or find any deviation from what Jack is talking about. Those plans aren't as rigorous and robust as we'd like them. We will continue to work with those folks. But I would say, this is now getting daily attention at some level. It rolls up, and we will have a roughly a 2-hour session with the Deputy Secretary once a month. Your staff, other committee's staff from Congress are invited and attend, as well as the IG, GAO, and John Koskinen has been very good at attending every one of those as well. So, it depends on what level you are on. There are various daily to monthly attention being given. I want to just foot-stomp, if I might, what Dr. Hamre said; some of the reporting, though, is obviously late, but also, it is burdensome. Let me give you an example. Every time you put out a report card for us, and when we were still at the ``F'' or the ``D-minus'' level, my office, frankly, it would be the Secretary of Defense, or, frankly, the President, would get letters from the general public. Those would then go to the Secretary of Defense and eventually get to my office. We have 10 people, or thereabouts, continuously responding to the private citizen. I would rather have those 10 people off working on Y2K compliance versus answering mail, where our policy is we will answer every piece of mail. So, that is part of the additional duties, if you will, that maybe aren't quite as productive as we would like, but we will do that. Mr. Horn. Well, if you are successful in getting all the mail answered, we would like you to come over and spend a few weeks on Capital Hill. They keep telling us why they can't get it answered. I now yield to the gentlewoman from New York, Mrs. Maloney. Mrs. Maloney. Thank you. I would like to ask the IG, your office has completed 50 reports on the Y2K efforts in DOD. You have already completed 50 reports, and I am told that you have an additional 50 reports in progress. Is that true? Mr. Lieberman. Yes, ma'am. Mrs. Maloney. Well, then it is obviously, I would say, the highest priority of your office. I would like to know, has the Department of Defense responded adequately to your concerns and the problems that you have raised? Mr. Lieberman. Yes. I think it is fair to say that we probably never have had as much responsiveness from the most senior levels of the Department to any given body of audit work than we have had to these Y2K audits. References have been made to some of the positive outcomes or silver linings in the cloud from Y2K--I think one of the lessons learned is that a lot of managers in the Department have learned how to use their internal auditors constructively, and to unleash us instead of trying to keep us out of areas. I would say, with very few exceptions, that there are mechanisms to work those exceptions, management has normally taken corrective action even before we formally report. Mrs. Maloney. As recently as last September, you found that 9 of the 16 weapon systems contracts that you reviewed, that they did not contain the required language for Y2K 2000 compliance. And this seems like a widespread problem due to DOD's decentralization of contracts and procurements in weapons systems. Do DOD contracts now contain a standard Y2K compliance assurance clause? Mr. Lieberman. They are supposed to. We are still finding isolated instances where they don't, but I would say the problem basically is as close to being solved as it is going to be. We will still look for that in every single audit that we do, but I think the Department has come a long way. Initially, auditors were finding this non-compliance quite frequently, but now it has become an isolated exception. Mrs. Maloney. The DOD report to OMB, no longer contains information on the status of the intelligence community. And again, I would like to ask the IG, the current status of the intelligence computer system and whether there is a concern within the intelligence community. And I would also like to add that possibly we shouldn't be asking detailed questions about the intelligence community in public hearings. If you would be more comfortable, I have a series of questions in writing I could give to you on the intelligence community. Mr. Lieberman. That would be fine. And Mr. Money runs the Office of the Assistant Secretary of Defense (Command, Control, Communications and Intelligence), so he can weigh-in also. Mr. Horn. And if you can't respond here, we will have Mrs. Maloney's questions go over to you, and at this point in the record, without objection, the answers and questions will be put in. Mr. Money. Yes, sir, but I can give you an answer here. All those numbers included every critical system that DOD needs to conduct any operations, including intelligence systems. The data base issue was dropped out, meaning it is handled at a classified data base because we were concerned about how much information was present in that data base. So, it is still being reported as handled in a classified manner. Mrs. Maloney. But I tell you, the report that you put up there, it was quite comprehensive, and it had many tests taking place at the same time. Mr. Money. Yes, ma'am. And those included the intelligence system that whatever that test needed. Mrs. Maloney. Right. OK, I will still put my questions in though. Mr. Money. And we will be glad to answer. Mrs. Maloney. On the weapons systems, again, I would like to go back to the IG. How safe are we that we won't have some weapon that goes off? And we have got some serious weapons now. I understand that most of our nuclear weapons have a manual process that is required to launch them. They have to be manually activated, but that we have other serious weapons that aren't manually operated, that are computer operated. And how safe are we? What is the status of these weapons systems? Is it correct to say that they will fail safe, that they will not accidently misfire? Have you been reviewing all of these and making sure there won't be a problem? Mr. Lieberman. We have only looked at a small sampling of weapon systems, I would say probably about 20. In none of those cases were there any dangers of that type. Statistically, the Department is reporting that about 90 percent of the weapon systems are compliant at this point. There are 40 some that still need to be worked through as the year progresses. But I would have to defer to my colleagues here to the left to talk to those systems that the IG hasn't looked at. Mr. Money. Let me answer one question and then pass it down, because this is not only a joint staff answer, but each service. But just go back a few weeks. We had missiles about to be in the air, and we had positive recall in a command-and-control sense. They may be an automated sense, but initially they are started, and there is a person in the loop. Some of that requires Presidential authority and release; others require CINC. So, it is not just that things are all totally automatic; there is something that starts it, and there is a human in that loop. But each of these people can answer that as well. Admiral Willard. With regard to weapons, I would just remind everyone that it is a special functional area. It receives very particular oversight by Mr. Money. As well, we have a system where each of our mission-critical systems and the weapons that fall into that category have been or are being remediated and checked Y2K compliant. Overarching that is the systems integration testing by the Services and they are testing all of their weapons systems, and above that, are the CINC operational evaluations that are testing from sensor to shooter. So, these mission-critical systems are receiving not only the attention that they need to make them compliant in the first place, but are undergoing rigorous integration and warfighting testing, as well, in several ways. I would defer to the Services to speak to their individual weapons systems, but you can be assured that the weapons systems are getting all the attention they deserve. Admiral Johnson. I want to emphasize that we have tried not to put any new processes in place to try and resolve this problem. We have used existing processes that have been proven over the years--our weapons systems safety processes, our safety of flight, our submarine safety programs, and the like. We know how to do systems integration and systems engineering. We have added Y2K aspects onto those, but our weapons systems are safe. General Ambrose. And I will add to what Admiral Johnson said that safety is an important part of our business, day in and day out. You can't use something to defend the Nation if you are destroying it yourself. So, we are very, very careful. Y2K is just one more thing we are very careful about. Now, when it comes to testing, we test our systems when we are in the process of certifying them. But when we go into these operational evaluations, we will only test Y2K compliant systems. So, we won't be testing systems that we are not yet sure are absolutely safe. In addition, I am not personally aware of very many weapons that have date-sensitive functions in them. That doesn't mean there aren't any, but I am just not aware of very many. Finally, in our testing to date, the Air Force has not encountered a catastrophic failure of any sort involving any weapons. So, our weapons are all safe. Ms. Browning. The Army is in very good shape on its weapons systems. About 95 percent are already Y2K compliant. You need to know, too, that the Army has no nuclear weapons. That is just a fact. The Army started testing of its weapons systems and its divisional units back in the fall. Let me just give you a brief snapshot of some of those tests and what we found. We did a lot of tests, as you know, at White Sands Missile Range. We did live fire tests. We tested our helicopters, our infrastructure, our command-and-control pieces. We found very few Y2K errors. The one or two we did find, they were easily fixable and we moved on. We have also tested our first deployable forces of the 18 Airborne Corps at Fort Bragg. We did a number of communications tests back in the fall. They are part of our testing of our divisions and our corps units. Again, we found very few, if any, Y2K problems. We tested the 3rd Corps Field Artillery at Fort Sill, OK--that is an ongoing test--and the 10th Mountain Division in Fort Drum, NY, which will be deployed to Bosnia shortly. They have requested a full Y2K test. I would also echo what General Ambrose has said. Many of our weapons systems do not process dates, so you can rest more comfortably with that. But the ones that do, we have tested them and we are very confident that they will work. Colonel McHale. The Marine Corps is a shopper, not a developer, of weapons systems; 49 percent of our weapons systems are developed by the other services. The Army is the primary developer of our ground combat systems, and the Navy is the developer of our aviation systems. And we are tracking with them very closely on the status of their systems, and we take their compliant reports and ensure that the equipment is in fact certified, that we are using them and that we have incorporated them into our operational evaluations. We have conducted two operational evaluations to date, one in December, and one just last month in Norway, that I mentioned earlier, and have found no failures in any of the systems that we are operating. Mrs. Maloney. Thank you. Mr. Horn. Thank you. And I now yield 5 minutes to Mr. Ose, the gentleman from California. Mr. Ose. Thank you, Mr. Chairman. I want to also share with you that I was with Mrs. Biggert when we visited South Comm, and thereafter on Chairman Mica's reprise of the Bataan death march for the rest of the trip. I am still tired. I had a couple of questions, and I want to ask them in the context of, are there things that Congress needs to provide to make this happen, so that, come December 31, we have got it solved, this Y2K problem solved? If I understood the testimony today, the battle groups that we have out on deployment operating independently of any host-nation by virtue of being on international waters, they are OK. Am I correct on that? Go ahead. Admiral Johnson. We never operate independently. We are always in a combined environment of Naval forces or a joint environment, because we are always communicating with our Air Force, Marine Corps, Army counterparts, as we do our operations and supply maritime support from the sea. To that respect, we do rely upon the shore infrastructure; we do rely upon the space infrastructure. In the Constellation battle group test, we actually carved out a separate communications node so that we could use our Reachback Comms in the year 2000 testing environment this last weekend and ongoing today. So, to the extent that our forces are off the coast, and they are using their own capabilities for surface surveillance, undersea surveillance, air surveillance, and mission performance, yes, they are independent. Like every force in a coalition or joint environment, we are dependent upon the shore infrastructure and the other capabilities that might come to bear from either host nations or our joint commanders. And we are testing those in our operational evaluations. Mr. Ose. Does our dependence on those joint operations impact us to the degree that we are not capable? I thought I heard the testimony today that said we are OK irrespective of those joint interactions. Admiral Willard. There are a couple of things to consider. The battle groups themselves are being tested as an entity in the---- Mr. Ose. That is the question that I am trying to get to. Admiral Willard. The answer is, yes, very rigorously. In fact, there is a sequence of five battle groups that will be tested, and the testing is very rigorous and extends throughout the battle group to ensure its Y2K compliance as an entity. In addition, the component Services are all captured in both their individual integration testing and unified command operations evaluations. So, those important interfaces between Services and between headquarters in the individual components' Services are all part of this examination. Mr. Money. The comments you have may be related to--I don't know if I made it or Dr. Hamre--when we are in garrison, if you will, in foreign countries, we are dependent on local power, and so forth. When we go to the field, we are self-sufficient. Mr. Ose. It was Dr. Hamre---- Mr. Money. Yes. Mr. Ose [continuing]. But I am most concerned about the deployed battle groups, not the ones that are in drydock, and not the ones spinning up for the next mission. Admiral Willard. Sir, and again, I should defer to Admiral Johnson, but the entire Navy approach currently is to ensure that the integral battle group, to include the amphibious ready group component, is Y2K compliant as a whole, and they are actually being sequenced through their testing in accordance with their deployment dates, to ensure that we don't push a battle group across the millennium that has not been fully integration tested and captured in our operations evaluation process that is not Y2K compliant. Admiral Johnson. Today, the Peleliu and the Constellation battle group are operating off the coast of southern California, and all the clocks on those ships read, now it is January 2, 2000. Mr. Ose. To reference the test they are doing. Admiral Johnson [continuing]. And they are flying sorties. They are conducting practice bombing runs. They are doing AAW. They are doing man overboard drills, everything that they would normally do as part of their battle group qualifications, because PAC Fleet is a force provider to the joint commanders, responsible that those forces, when provided, will be fully certified to do their war-fighting mission in a year 2000 environment. Mr. Ose. We have battle groups that are nuclear; we have battle groups that are non-nuclear. Are the battle groups that are nuclear, have the core reactors been tested? Admiral Johnson. The Naval reactors, I won't speak for Admiral Bowman, except to say that the nuclear propulsion plants are year 2000 compliant. Mr. Ose. Right. Mr. Chairman, I am not going to get to all of my questions, but I do appreciate your patience. That gets me to my second question. On these operational evaluations for calendar year 1999, you have the various command locations, and this is somewhat frightening and I am actually understanding what the acronyms mean. Some of them have primary; some of them have backup. The one that does not have a backup is the transportation command down at the bottom. Does that affect our logistics ability and what are we doing about that? Admiral Willard. In fact, Transportation Command--this may be a slight error. Every unified command operations evaluation must be backed up. So I would ask you to allow us to correct that slide and provide you the dates of their backup period. In fact, it was our requirement that, as they scheduled their operations evaluations, that they carve out an adequate period of time to handle further remediation and retesting, if required. So, it is mandatory that they have that available. Mr. Money. That is exactly right. That period from, roughly, July 1st, through the end of the September, in fact, is being viewed as, if we don't, if something goes haywire the first time or two, then there is where it will be tested yet again. So, I think the chart is wrong here. Mr. Ose. All right, thank you. I have two more questions. My time is going to expire, Mr. Chairman---- Mr. Horn. No, it hasn't. Mr. Ose [continuing]. So I will get to one. Mr. Horn. It hasn't expired, and my rule is, if you can get the question out, they can take a half hour to answer it. Mr. Ose. Holy smokes. Hold on. Fasten your seatbelts. [Laughter.] Two questions. The first is having to do with the communication facilities for our forward-deployed units. I see we have on that same page a primary system, but no back up. And my second question is, with respect to Russia, I know that we talked about the command control systems that are in place there, but with respect to their perceived lack of civilian control in that country and the third-party organizations that might operate, they are dependent on computers. Does Y2K cause a problem in terms of, if you will, proliferation of nuclear weapons or development of nuclear weapons within countries that are now nuclear capable but who lack civilian control? That is two completely unrelated questions. I appreciate the chairman's dispensation on the communication. Admiral Willard. Sir, I can handle the communication question that you asked. The functional areas are being handled a little bit differently than the unified command operations evaluations. These functional end-to-end tasks, their detailed planning and the tests are being executed by the agencies responsible for our DOD-wide or, in some cases, national networks. They don't fall under the same categorization as the commander in chief OPEVALs (Operational Evaluations). And as such, they are being handled differently. You don't see backup periods against all of them because they are fairly extensive tests that occur within the timeframe that you see, but in some cases stop and go leverage off of CINC OPEVALs on occasion, even venture into the public domain. And we have collaborative efforts ongoing, for example, in the public phone network, to check public switches with them. It is being spearheaded by Mr. Money and his agencies, but, again, it is being handled a little bit differently, and you don't see necessarily a backup date in there, but in fact there is adequate time to remediate and retest. Mr. Ose. Do we end up with a dual or a backup system, a backup communication system for forward-deploying units? Admiral Willard. We have numerous redundancies in our communication systems and command and control systems, for that matter, for deployments. Mr. Ose. That are Y2K compliant? Admiral Willard. Absolutely. Mr. Ose. All right. Mr. Horn. You want to ask a question? Mr. Money. I was just going to add, by law, we have two tests for every one of these. So the charts are not showing you backup, but we will guarantee you there will be two tests for every one of these systems as it goes through, whether it is an OPEVAL or a functional end-to-end test, or, in some cases, it is duplicated. Mr. Ose. Mr. Chairman, in the interest of time, I will yield back, if I could submit in writing my other question for response. Mr. Horn. Without objection, the questions and answers will be put in at this part of the record. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T0621.078 [GRAPHIC] [TIFF OMITTED] T0621.079 [GRAPHIC] [TIFF OMITTED] T0621.080 [GRAPHIC] [TIFF OMITTED] T0621.081 [GRAPHIC] [TIFF OMITTED] T0621.082 [GRAPHIC] [TIFF OMITTED] T0621.083 [GRAPHIC] [TIFF OMITTED] T0621.084 [GRAPHIC] [TIFF OMITTED] T0621.085 [GRAPHIC] [TIFF OMITTED] T0621.086 [GRAPHIC] [TIFF OMITTED] T0621.087 [GRAPHIC] [TIFF OMITTED] T0621.088 [GRAPHIC] [TIFF OMITTED] T0621.089 [GRAPHIC] [TIFF OMITTED] T0621.090 [GRAPHIC] [TIFF OMITTED] T0621.091 [GRAPHIC] [TIFF OMITTED] T0621.092 [GRAPHIC] [TIFF OMITTED] T0621.093 [GRAPHIC] [TIFF OMITTED] T0621.094 [GRAPHIC] [TIFF OMITTED] T0621.095 [GRAPHIC] [TIFF OMITTED] T0621.096 [GRAPHIC] [TIFF OMITTED] T0621.097 [GRAPHIC] [TIFF OMITTED] T0621.098 [GRAPHIC] [TIFF OMITTED] T0621.099 [GRAPHIC] [TIFF OMITTED] T0621.100 [GRAPHIC] [TIFF OMITTED] T0621.101 [GRAPHIC] [TIFF OMITTED] T0621.102 [GRAPHIC] [TIFF OMITTED] T0621.103 [GRAPHIC] [TIFF OMITTED] T0621.104 [GRAPHIC] [TIFF OMITTED] T0621.105 [GRAPHIC] [TIFF OMITTED] T0621.106 Mr. Horn. Did any other service want to comment on this? If not, I now yield time to the gentleman from Minnesota who is the vice chairman of the Science Technology Subcommittee, Mr. Gutknecht? Mr. Gutknecht. Thank you, Mr. Chairman. I think at this point most of the important questions have been asked. But I do want to come back to a very important point, and in fact, if Mr. Ose would like, I would probably have time to yield to him, but I more or less want to make a statement here. I really do believe that our own Defense Department is doing an excellent job, and I think you are all to be commended for the seriousness that you take relative to this problem. I think the concern that you have heard echoed in different ways is, what can we do to affect both our allies and those who may not be particular friendly toward us? There is a growing body of countries out there, friendly and unfriendly alike, who are working around the clock to develop intercontinental ballistic missiles, or at least different venues to deliver weapons to other places around the world. And my real fear, and I think the fear of Members of Congress, and I think I speak on behalf of the American people, I think the biggest concern about this is we really don't have a contingency plan in place if something should go wrong. And part of the reason I have been a supporter through the years of development and deployment of a strategic defense program is, I think, highlighted by this circumstance. I mean, we are not just talking about Russia here; we are talking about Red China; we are talking about North Korea; we are talking about potentially countries in the Middle East. There is a growing list of potential problems out there whose technology is not necessarily what the United States is. And so, while I applaud what you folks are doing to solve these problems relative to the United States, I really do think that we need to do more on an international basis, either through the United Nations, through our own State Department, whatever we can do to make certain that we avoid the potentiality of a problem on December 31st or January 1st, whichever way you look at it, so that we don't have a problem with an inadvertent launch or some other mistake that may happen as a result of this particular computer glitch. And I don't know if you really want to respond to that or not, but I think it is something, Mr. Chairman and Madam Chairman, that we need to continue to pursue and put pressure on our government officials, as well as officials from around the country because this is a very serious potential problem. Mr. Money. Yes, sir, we do have a couple of comments, if we might, Admiral Willard, and then I will add something. Admiral Willard. I would just, sir, point out that only the United States and Russia have extremely robust strategic early warning systems that could be subject to the year 2000 failure. In fact, though proliferation is all of our concern. The only countries that you mentioned have somewhat limited early warning capacity. So, from the standpoint of the initiative that was mentioned earlier between the United States and Russia, it is focused on the partners that have the worldwide early warning capability to begin with that could ever be prone to failure. Mr. Ose. Would the gentleman yield? Mr. Money. And if I just might add, you asked, and I failed to answer your previous question about, or whoever brought up about what can you all do. I encourage you in any interactions you will have with your counterparts, for example, in the Duma and other bodies that you may have some interaction with, to encourage them to get on with the Y2K remediation, and in the particular case, for the Duma support of this stability center. We testified in front of Senator Bennett just the other day, I believe the Senate, and maybe you all would like to join in, is thinking about going over and having a conversation at the right time with folks in the Duma, for example. My request is if that in fact occurs. I would also recommend or ask you for your support to stopping in locations where we have troops stationed--Germany, South Korea, Southwest Asia--to encourage the local governments there to help make sure that our interdependency on whatever power water, telephones, and so forth, when we are in garrison and those countries, is in fact up to snuff, so that will alleviate some of demands on us. So, I would ask for that kind of consideration. Mr. Gutknecht. Mr. Chairman, I yield---- Mr. Horn. I think that is a very good suggestion, and I can assure you a number of us will be doing that. Mr. Gutknecht. Mr. Chairman, I will yield the balance of my time to Mr. Ose. Mr. Ose. If I could followup on one thing--the early warnings systems joint effort with the Russians, is there any number of hotspots around this world or countries who might not have an early warning system, but might be receptive to the idea of having access to, at that point and time, where the technological failure is greatest, might welcome the chance to sit at this same table with direct communications to their CINCs, or what have you? I wonder, in particular, about you notwithstanding the recent comradery about India, Pakistan, for instance? Mr. Money. Yes, sir. In fact, that is being suggested. The State Department, in fact, is working that. I could conceive this not just being there only for the Y2K period, but being there in a permanent sense. So, as countries develop nuclear weapons, they have some idea what their neighbor may or may not be doing that would, I think, add to the stability of that. So, my recommendation, but it is a State Department action, is any country that has nuclear weapons ought to be invited to be there just to see what else is going on, so they have some assurance that they are not under attack or whatever suspicion they might have. So, I agree wholeheartedly with you, it ought to be broaden. Mr. Ose. Mr. Chairman, I would welcome the chance to sign a letter of your aghast futilage to that effect, and I yield back the rest of my time. Mr. Horn. I think it is a good suggestion. Mrs. Morella and I would be glad to join you in that with maybe all of our colleagues to get the message across. We do have relations, of course, with the European community. We have discussed this with them when Mr. Gilman led the delegation over there. But, we also have a concern about the lackadaisicalness of some of the countries on the domestic side where they just sort of say, well, you know, if it happens, it happens. I mean, they are still in a state of denial in a few industrial countries, and in the developing countries, they simply don't have the money or the technology know-how to get at the problem on even the domestic side. So, I think we all face that problem. Does the gentleman from Texas have any other questions he would like to ask? Mr. Turner. Mr. Chairman, maybe just a couple. And, I certainly want to commend our witnesses today for the testimony because I think it has been very reassuring to us. And, I think anyone who listens objectively to what has been said here should rest easier about the status of the Department of Defense and Y2K compliance. I wanted to ask Mr. Money, just could you give us an estimate as to how much it will cost the Department of Defense by the time we get through to comply with Y2K? Mr. Money. Yes, sir, and this is an estimate. There is not a lot of high precision behind this. But the current estimate, the latest to the OMB is we are somewhere around $3 billion. Mr. Turner. $3 billion? Mr. Money. $3 billion. Mr. Turner. It always amazes me, and of course, we have had many of these hearings with Federal agencies, but the price tag that we have had to incur and pay to be sure we are Y2K compliant has been enormous. It makes you realize that, no matter how sophisticated we have become as a society, we are really not too smart after all. [Laughter.] Mr. Money. Whoever is here 1,000 years from now, I hope they are not having the same problem. Mr. Turner. Right. One of the things that Mrs. Maloney asked you about earlier was what kind of--I believed she asked the Inspector General--what kind of contractual language do we have to protect the Department and the Government against Y2K problems? Have you, in all of your efforts to remediate, and after you will spend $3 billion to correct this problem, has any of the responsibility ever been shouldered by any of our outside contractors or suppliers of the various systems and computers that we utilize in the Department of Defense? Mr. Money. Oh, yes, sir. Let me start with the answer on the contracts. As Bob mentioned, roughly a year--maybe it has even been longer than that, language was to be put into every new contract--whatever that contract was to deliver to the DOD, would be Y2K compliant. We chose not to go back and notate all the previous contracts. We said we would start from that point on. Contractors, again, vary in degrees just like countries or maybe departments and governments, that some are taking it more seriously than others. But when systems are being delivered today, they are being tested. They are tested at--the contractors will test them. If they fall into a mission- critical system, some do, but not many, what we call mission- critical is what we will go to war with today or conduct any operation, whatever is called upon us. So that is pretty much equipment that is already in the inventory. So, all that is being done. Some contractors are taking us on with a vengeance, some with more diligence than others, but I would say, by and large, the private industry, and so forth, have come onboard with what is needed. I do worry about the 15th-tier supplier. We have talked with primes and second-tier and third-tier, but you get down to several tiers now. So I just picked the 15th-tier that supplies something. We fully expect, because we have gone through just- in-time inventories, regardless of who you are, in the government or contractor sub-tier, and so forth, that some missing some deadline there, rolling effect could, in fact, happen, and to me that is probably the biggest danger that we will be facing, and that is totally unpredictable. We can't. So we just have to wait for that to occur, and then we will react to it. I can't overemphasize, though, that your Department of Defense can meet any operational problem that comes along, whether that is humanitarian operations in Africa or whatever may be called upon, or in Southwest Asia or Kosovo, wherever we may be in armed conflict. We have the wherewithal to conduct those operations, and if one of these systems does fail, we have contingency plans, and we are exercising those to back fill, so we can continue to operate in any of these calendar disruption periods. Mr. Turner. I guess I might ask--this is my last question. Is there any area of lingering concern that you have based on all your oversight of this process of remediation in the area, lingering concern, anything that still keeps you awake at night that you might want to share with the committee, so we will be thorough, to have examined every area of potential problem? Mr. Money. Well, you just said it. There is no way, time, money, that we can examine every possibility. We talk about mission-critical systems, and then the thread through as you tie one to another to another. We are not testing all the infinite combinations of those threads. We are testing the threads that the CINCs are most likely need to use. Consequently, there are things that we are not testing, and that does worry me, but we are doing the best we can with the resources. Frankly, the biggest resource we are lacking now is time to pull all of this off. I am confident; I, frankly, do sleep at night. It may not be as long as I like. Nevertheless, Dr. Hamre mentioned my name a couple of times. Frankly, these people down on the table here and the services are the ones, and many, many, many people that aren't here today--essentially, the Department of Defense has really taken this on. I admit there are some people maybe that don't have quite the awareness, but I believe everybody in the Department today at least knows what Y2K means and how that might impact them. The other part of this is--Bob Lieberman mentioned this--we have learned how to use the auditors. We view these folks as additional, independent, clearly independent, but additional people on the team to say what we are doing right or wrong because they view things from a different prospective. So, it has really been a total effort, including the GAO. That may not be often you hear that over here from a DOD person, but it is true. We have opened the door to everything we do, to whomever wants to come in, and consequently, because we do appreciate the perspective from people when they see things from another viewpoint. So, I hope my, Dr. Hamre, our mission today was--we are not arrogant; I don't mean it that way at all, but we are confident that we can ride through any calendar disruption and conduct any operation the Nation may call upon us. Mr. Turner. Thank you, Mr. Chairman. Mr. Horn. I just want to clarify one point in the answer. We have heard so often that there is a danger of polluting our fixed computers that are Y2K compliant. Is there any danger that the non-critical mission plans and systems in the Department of Defense would interact with the critical mission systems which are compliant, and is that a problem? Admiral Willard. Sir, it is a good question. Frankly, the non-mission-critical systems are undergoing the same rigorous testing and remediation processes that our critical mission systems did, and as well, they are part of the architectures that we are testing in our operations evaluation process. So, first of all, they are being remediated. Second, they are being captured in these large-scale integration tests that we are doing. I think, to answer Mr. Turner's question in the glass half full sense, when you consider the relative successes that we are seeing through the small number of operations evaluations that we have completed thus far, I think our level of confidence is rising that this rigorous process that we apply to each individual system is a good one, and that together the systems will test satisfactorily. That should give us a good deal of confidence, even of the systems that are outside the bounds of these critical thin lines and architectures that the commanders in chief, for example, are testing. Mr. Horn. So, you have analyzed those systems that are just regular business systems, or whatever; they can't get into your other systems that are compliant with the year 2000? Admiral Johnson. If I could, sir--in the Constellation Battle Group systems integration tests that we are doing right now, we identified approximately 30 mission support systems that we thought were necessary for the functionality of that battle group, and included them in our testing. What we are finding is that we have good program managers. We told them what to do; they went out and did it, and they defined their interfaces; they tested those interfaces, and then as we put those systems together, in fact, they are performing the way we expect. We are finding that the kinds of problems we have found in the last week on CONNIE, a display on a COTS system, actually, that was certified to us by a supplier, read 1900 instead of 2000. It still worked, just had a display error. Those are the kinds of things that we are finding. We are finding the systems operate. We may have a display functionality wrong or a day functionality wrong, but in terms of actually supporting the war-fighter, the systems work. Mr. Horn. Any of the other services want to comment on this, the separation of non-critical mission systems that are not compliant or have not even been looked at because you are focusing correctly on the mission-critical systems? The Air Force? General Ambrose. Well, although the Air Force tracks a little over 400 mission-critical systems, we are looking at about 3,400 total systems. And, although all of them aren't as far along as the mission-critical systems, all of them will be Y2K compliant by January 1, 2000. So, we are confident that those systems won't corrupt the mission-critical systems. Mr. Horn. The Army, Ms. Browning. Ms. Browning. The Army tracks approximately 700 mission- essential systems, and we are tracking them quite closely. One of the things that we are doing both for our mission-critical and non-mission-critical, when we test them, we have to test all the interfaces, so if a mission-critical system interfaces with a non-mission-critical system, that is part of the test. So your concern about its corrupting one another, we have already accounted for that. And our main concern is the operational function that it is supporting, regardless of whether the system is mission-critical or not. The test we did at White Sands, the test we have done at Fort Bragg and at Fort Sill, include both mission-critical and non-mission-critical in the threads that we are testing. In fact, our non-mission-critical systems, if you will, are probably ahead of our mission-critical systems in compliancy because they are, frankly, less complex and have less interfaces. So, we are very confident of those. But right now, we see no potential for corruption since our testing rules require that all the interfaces be done during the test. Mr. Horn. Thank you. Colonel McHale, the Marines? Colonel McHale. As I mentioned earlier, the majority of our systems are operated and maintained by the other services, and we are confident that they are tracking the right thing and we are tracking them as they track those systems. Mr. Horn. So, you see no danger of pollution out of your other systems that are not critical? Colonel McHale. And in the definition of mission-critical that was taken into account when we defined the system as mission-critical, and as Ms. Browning said, the interfaces are being tested in all the operational evaluation scenarios. Mr. Horn. We thank you. And now I yield to the gentlewoman, the co-chairman of the Working Group Task Force, whatever we are called now, Mrs. Morella. Mrs. Morella. Well, it is ongoing. Thank you, Mr. Chairman. I want to thank you all for your testimony, and the fact that it reflects to us a commitment, and a commitment is what is really necessary, I think, in compliance with this incredible challenge. I go back to what Mr. Lieberman said in his testimony and orally, that the most daunting aspect of Y2K is testing. And, I think we have heard that in different ramifications throughout--the idea of, is it the right testing? Are we circumventing doing it the right way in order to save time and to save money, inadvertently sometimes, the whole magnitude of testing? I am just wondering if you have any comments on it? I would like to also mention an article that came out in DOD Computing. It refers to an IG report that is entitled, ``Management of the Defense Special Weapons Agency Year 2000 Program,'' and the IG audit has found that the weapons agency didn't complete independent testing of three mission-critical systems before classifying them as ready. The articles goes on about the agency tested one mission-critical system, the Nuclear Management Information System, and two have 10 non- mission-critical systems, but the IG said the agency classified all 13 as 2000 ready. And it goes on in that vein. This indicates something about the problem with testing, and I would like to hear comments from you about how do we attack this problem? What are we doing? Do you agree that this is an enormous challenge? Maybe, should I start with you Mr. Lieberman, the IG? Mr. Lieberman. Fine. That audit report was issued the day before Thanksgiving, so it was November, and it reflected the situation in that particular agency as of a few weeks before that. Those particular systems, by the way, are back on track. The last two of them will be---- Mrs. Morella. Mr. Inspector General, this actually had been published, though, on January 25th. Mr. Lieberman. The press article, yes. All of the systems discussed in the audit report will be implemented by the end of this month, as a matter of fact. However, we had a lot of problems initially with the managers of systems prematurely certifying that they had fixed and validated the fix on their systems. I think that the problem is behind us. The Department went back and looked at all the systems that we had not late last year, and quite a few were moved backward in terms of the reporting. That is, they were decertified. One of the reasons why the percentage of completed systems had apparently dropped, and I would say that was to the good, because it was a more accurate representation of where we really were. We are now past the point where, for most systems, we are talking about individual system level testing and certification anymore. Now we are talking about group tests, end-to-end tests, or system- of-systems tests. Once again, I think you are absolutely right, we have to fight against any tendency to replace numbers of tests for rigor of testing, and there is a difference there. We have to do something to make sure that all these tests have the proper technical support while they are being run. An awful lot of things are happening at the same. The crunch is going to come, particularly, in the May, June, July timeframe, when the functional end-to-end tests kick in. Right now, we are just doing a few of these operational evaluations, so there is still a limited demand for technical expertise. But it is going to be tough to support all these tests adequately at the same time. And the last thing I would say is that those commands that were most ready to do good testing went first. So, we would agree, NORAD did a fine job. Generally, the Space Command and the Strategic Command are way ahead of the other unified commands. So, they went first, did a good job, as would be expected, and had good results. There are other commands that have different kinds of challenges, and I think the overseas commands, the big combatant commands, particularly, the Pacific Command, European Command, Central Command, are going to have a much more difficult time, for no other reason than they have real-world operational considerations that are going to distract them constantly. So, that still remains a big challenge. I am happy with my characterization of it as the most daunting challenge. Mrs. Morella. Let's take note of that. Would anyone else like to comment on it? All right, Mr. Brock and then Secretary Money. Mr. Brock. Yes, I think there is another issue. Testing is going to be daunting, and Mr. Lieberman is right that the two initial CINCs that did the testing had somewhat of an advantage over some of the others because they also controlled more of their own systems they used. And so, they didn't have as many interfaces or dependencies on systems outside their control. But, nevertheless, we did find the guidance for those processes to be very rigorous. And I want to repeat that, that we were very pleased with the guidance. Other tests that are coming out, as I have also mentioned in my statement, for some of the functional areas have not been defined yet. And that is our concern. These tests probably aren't as rigorous or require the same level of rigor found in operational tests, but by the fact that they aren't defined and some of them aren't scheduled, makes us wonder when they will be squeezed in. Second, there is a whole issue which we really haven't addressed today, and that is the need to develop contingency plans or business continuity plans. The vast number of mission threads or thin lines or business processes that we have been talking about today, for the most part, still need to be developed, and also need to be tested. And so, the Department has a fair amount of work to do in a relatively short period of time. Mrs. Morella. Try to follow that Secretary Money. Mr. Horn. Mr. Money. She has asked my questions, so take your time. Mr. Money. Back to the article. The article suggested that there was a fraudulent entry, and so forth. When that was published, the Deputy Secretary and myself, we called every service, every Defense agency, into the room and the high-level people in each of those services, like the vice chiefs and/or agencies attested to that their reporting, in fact, is accurate and not fraudulent. There was a misinterpretation, by the way, in the test plan. We requested that there be an independent signoff, not just the program manager or whoever was on the particular program. I believe we are past that. By no means do I want to minimize the testing that we performed. I see a very important date, somewhere around the end of March, March 31st, because we will have had the operational test, at least one series of those. We will learn a lot from that. I don't expect that every one of these will fly through with no hiccups and no problems. In fact, we will focus on some where those may be. Let me use an example of a few months ago; we had a test down at White Sands Missile Range, an end-to-end, and it flunked; it failed miserably. Went back and fixed the systems, had another one, roughly, I think it was about 3 months later-- this is about 3 months ago--and it flew. We were even doing telemedicine to some remote village. So, we will go through that. Relative to the functional testing, those were addressed later. A lot of the non-mission-critical area falls into there. But there are, to varying degrees, contingency plans. Let me give you an example. When Dr. Hamre talked about the DFAS going through the fed, going to various banks, when that is exercised, if we see any problem with that, we will then go back and buy check stocks so we can issue checks the old way versus electronic funds transfer. Frankly, I am holding onto that. That is $4 million I would rather spend somewhere else. We will make that decision roughly the end of June. That is time enough to get the checks in place, and so forth. So, we are working through those. By no means do I want to sit here and claim that we have this whipped, that we have thought of every aspect. One of you asked me earlier, what do I worry about? It is what we haven't thought of. You don't know what you don't know, what is going to come back and bite us in that way. But through the various tests and the extensiveness that we are trying to address those, we hope to uncover, discover, if you will, what is out there that we need to fix. Mr. Horn. Any other questions on that or other people? Mrs. Morella. I think Admiral Willard wanted to comment on that. Admiral Willard. Mrs. Morella, I would comment that, with regard to magnitude of testing, that there was a methodology applied to determining what would be tested, for example, in the operational evaluations. And that methodology dealt with determining the missions of each of our unified commanders and the tasks that supported those missions and picking the most critical tasks. There is no shortcut being applied to the architecture that supports that task. So, it wasn't arbitrary. On the contrary, it was very methodical. With regard to the points that Mr. Lieberman made on the paucity of technical expertise, that is a challenge that we continually face. By and large, when we have date functions in systems, we require the systems expert from the program manager of that system to be present to assist us in rolling clocks forward and rolling clocks back and restoring systems to 1999. It is a challenge associated with all of our evaluations, and we are spreading that expertise thin, as you can imagine. The ratio of technical expertise to systems with clocks averages about 0.75 to 1. I mean, we need nearly as many technical experts as we have systems with clocks as we step through these functional end-to-end tests and operations evaluations. So, scheduling those individuals is crucial. On the point that was made regarding the fact that the CINCs that are farthest along are conducting their operations and evaluations earliest is true. And we are doing that because our data base captures the lessons learned and results of those evaluations, and in turn, they are spread about the other CINCs. So, those CINCs that are challenged the most, that are overseas, that are busy in other areas of the world, or that have chosen the most difficult tasks to OPEVAL, have the benefit of these earlier evaluations, successes and failures to draw on. So, we are sharing lessons learned across them all, and we hope that by the time we get to the most difficult and most challenged unified commands, that they would have absorbed a great many of the lessons from the earlier evaluations. So that too, I think, is being done very methodically. And then my last point would be this: Again, back to the magnitude of testing, I think as the Services comment, you will find that the rigor with which they are testing is generally through very time-tested methodologies to test their various systems. They are not inventing a lot of new things. In the case of CINC OPEVALs and picking architectures according to task, that was relatively new to us. But many of the integration tests are leveraging off of very rigorous integration tests that we have performed on our weapons systems, and other systems for many, many years with success. Admiral Johnson. I would like to quickly address a couple of things, sir. One of them is the concern about shortchanging testing. A huge quantity of testing is completed by the program managers in their validations. That is complete for about 91 percent of the Navy systems right now. And now we are in the fielding business. What our experience in operational evaluations has found is that the testing was rigorous because we aren't finding problems in our operational validations. The operational testing is being run by operational commanders. They are defining the scope of testing, and they are calling upon the SYSCOM commanders and other technical experts to provide the support they need in order to satisfy them that the systems that are being deployed, in our deployed units, are in fact, going to work and provide them the capability they need. Another comment, and I am shifting to a separate subject, and that is on the area of contingency planning. We think we are very, very far along in the area of contingency planning. We have worked with our operational commands and our shore establishments to develop a contingency planning guide which we published last November. Our operators already have casualty procedures and operating procedures in place to deal with system failures. They do that on a daily basis. We have backup and redundant systems. And what we are doing is exercising those capabilities they already have and their operational capabilities to shift to backup systems or backup methods in the event of a system failure, and we are exercising those procedures in our operational evaluations. We already have disaster preparedness plans at our bases. We are looking at those in terms of year 2000, and making sure that those disaster preparedness plans reflect the year 2000 aspect of it, and will be ready to be implemented, if necessary. So we think the contingency planning aspect of that is much farther along than a lot of people think. And we are exercising all of those contingency plans and continuity operational plans in our operational evaluations. Mr. Horn. Admiral, as you have mentioned, contingency plans, and before General Ambrose does, I am reminded with Mr. Money's comment, they are going to go back to just writing out checks. There is even an earlier contingency plan the Navy practiced, which was just pay it out in cash and sign for it, which was what the Senate did when I came there in the 1960's. They had some Navy officer, who is now comptroller of the Senate, to just passing it out in cash. And I remember one basic commander, General Ambrose, who paid the whole base in $2 bills. And believe me, community relations went up with the Air Force when they saw thousands of $2 bills out there. But go ahead. General Ambrose. Until about 4 months ago, I was the Commander of Offutt Air Force Base in Omaha, NE, and fortunately, we have had such a tremendous relationship with downtown, I didn't need to do the $2 bill thing, but it will be a good hip pocket thing to hold. I would just like to point out, just a couple of days ago, our auditors presented a report to me on a phase validation we asked them to do. Basically, we asked them to go back and take a look at a sample of the systems that we have certified, across all criticalities, not just mission-critical, and take a look at the process, and the exit criteria for going through each step of the process, and make sure we did that right. And they went out and looked at 267 systems, most of which were chosen at random, and they reported no testing discrepancies of any kind, and in fact, only a couple of minor discrepancies of any kind, not a statistically significant number. In terms of OPEVALs, and especially the end-to-end tests, we are spending a lot of time right now making sure that when we test, the quantity and the quality are both what they should be, and that we are testing the right processes and the right systems. And realistically, you can't test every possible way that you will use even your mission-critical systems. So, what you must do is ask how do we use these in the preponderance of our operations and that is what we will test. Now, we are ready for the unexpected things that occur, because we have told our program managers and, more importantly, we have told our commanders that you need to take a look at all that you do from the standpoint of what is it that you can't stand to shut down, and then have another way to do that thing. And that is how, I think, the entire Department is approaching Y2K. So, if the computers work, and we think they will, great. If they don't work, we will continue to do business because we have another way to do it. Mrs. Morella. If I just might mention one thing--with our very distinguished military here, and Inspector General, and GAO representative, I am reminded--I have mentioned this once before at a hearing--of Admiral Grace Hopper. Remember the first woman admiral? She is the one who devised COBOL. Don't you wonder what she is thinking now, from where she is up with St. Peter as she looks down on the need for people who are skilled in using COBOL and in remedying this problem that she was a little part of? And I thank you. Thank you, Mr. Chairman. Mr. Horn. Ms. Browning. Ms. Browning. Mrs. Morella, I would like to answer two of your questions, one, whether we are testing the right stuff---- Mrs. Morella. Thank you. Ms. Browning [continuing]. And two, about the veracity of our certification? And by the way, I am sure Grace Hopper is laughing in her grave; I would think that. What I would like to give you--I don't know if you want to enter this into the record, but as to whether we are testing the right stuff, the Army looked at its major battlefield functional areas, how it does business. We have over 100, what we call, mission threads. We have boiled that down to 24 critical mission threads. This was done not by the techs; this was done by the war fighters. So, these are the threads; these 24 critical ones are the ones that we are testing. And we are testing them at the division, at the corps; they are being tested in the OPEVALs, in the end-to-end tests. We are also, in terms of testing the right stuff, the minimum we are doing are four critical dates. And that is true across the Defense Department. The September 9, 1999 date, the crossover, the midnight crossover on December 31, and there are two midnight crossovers on the leap year. Those are the minimum. Some tests, especially if they are complicated business systems, are testing more. But we are testing those. In addition, we have a lot of management controls on the test. The Army has been using for over a year and a half the Army Audit Agency. There are internal management consultants to Y2K from my office. They have been doing very good work for us. They are out there asking the questions on the contract compliance, on the interface agreements, et cetera, and we constantly get reports and updates from them. In addition, for our testing, we are going to use our operational tests and evaluation command, to sit with us, the technical folks, the functional folks, to do that. Mr. Horn. Without objection, that exhibit is put in the record at this point. Ms. Browning. Thank you. Also, for all of our contingency plans that we have for mission-critical systems, they not only have to have a technical piece, but also a functional piece. So, we are looking at that. Your second question on the veracity of the certification, and this is for the certification of our individual systems, for all mission-critical systems in the Army, we require either a senior executive service or a flag officer signature on that. And we require it in two channels, both the technical or the material developer channel, as well as the functional channel. We also, again, have those management controls. We have sent some of those back from our front offices because they haven't looked at everything. We also have the AAA working with us on that. One final thing, if you ask how I don't sleep at night because of Y2K, I would say the thing that probably bothers me the most is the outside dependencies. I am very confident in the Defense Department, not only in the Army, but the rest of the components. It is the outside dependencies, whether they be our suppliers, whether they be foreign countries, and the more that we can do nationally to get that message out and to educate people, I think the more we minimize risks come this December. Mr. Horn. Well, I take it you are looking at electricity, food supply---- Ms. Browning. Yes. Mr. Horn [continuing]. Water, et cetera. I mean, we might face a Berlin airlift, I think, in some of these bases, but I would think it depends on how distant they are from the main source of supplies. Ms. Browning. And how robust the infrastructure is around them. Mr. Horn. Right. And that should be a worry, just in general. Ms. Browning. Right. Mr. Horn. So is the Army asking those questions on the contingency plan? Because as I get the reports from the Department, and all departments, all 24 of them, we hardly see any movement in facing up to a contingency plan. Now, maybe they are just optimistic and say, well, gee, we will finish by March 31st and we will get the testing done and all of that. Very few contingency plans. The one that you see in the domestic departments, perhaps the Department of Defense, is we will use the United States Postal Service. And the other day, we had the Postal Service in, and we said, ``What is your contingency plan?'' I didn't snidely say, ``Is it a mailbox?'' I just let that pass. But, that is one of the problems on, say, getting checks out and everything else to one's employees, which have mortgages to pay and all the rest of it. So, that is a worry, and yet, I don't see much movement on the contingency plan in its reporting. Colonel McHale, what about the Marine situation? Colonel McHale. Certainly. Ms. Browning mentioned the Army developed the critical mission threads. Coincidentally, at the same time, at a parallel independent path, the Marine Corps arrived at the same conclusion in evaluating and constructing our OPEVALs much the same way the Army did. When I heard about the Army system, I immediately suspected that we had taken a wrong turn some place because we were doing the same thing, but it verified that we were doing the right thing. On contingency plans, the Marine Corps requires contingency plans for all our mission-critical and all our mission support systems because of that interdependency of the two systems. And we found that, in doing that, that causes us to be more rigorous about the way we were evaluating our plans. You are concerned about not having contingency plans, I believe, as the Department of Defense goes through this process of conducting the operational evaluations, conducting tabletop seminars, that that will cause us to focus again away from the system-by- system evaluation and to focus on the larger functional, and, in our case, the Marine Corps-wide plan of how we are going to operate on day one, how we are going to operate on January 1st, and those contingency plans will evolve as we get away from the system-by-system analysis. One comment about the operational evaluations that we are conducting: I am amazed that it turns out that every Marine Corps general officer was born in Missouri and they don't want to take anybody's word for anything. So as we have developed our operational evaluation plan, we have said, these are the systems that you have to test in a minimum configuration. And we have found in all the operational evaluations that we have conducted or are planning to conduct that they are additional systems, that our Army systems or Air Force systems, that they want to be able to have--if I can use the term ``warm and fuzzy'' feeling about--and the Commandant has charged them at the time of this operational evaluation cycle, which will complete for us at the end of July, that each one of them needs to come back to the Commandant and say, ``I can do my mission.'' And he is not really going to be concerned about, well, it was an Air Force or it was a Navy system that failed. A marine commander has to be able to do his mission regardless of what systems he has to bring to bear, and that is what he is evaluating. So, it far exceeds whatever the congressional requirements are for systems that are only Marine Corps owned and operated. Mr. Horn. Mr. Ose, any further questions? Mrs. Morella, any further questions? Mr. Turner, any further? Mr. Turner. No, thank you. Mr. Horn. I have one last question, and that is on the nuclear supply, and this is really directed at Mr. Money and Admiral Willard. In terms of your weapons support and the use of the nuclear suppliers in the United States, has the Department of Defense asked these questions of its supplier or have they left it generally to the Department of Energy as the cabinet department supplier, if you will? Because some people are worried about some of our reactors and are there microprocessors in there that lead in one condition or the other by--let's take it, we are in Illinois. Most of their electrical power is generated by nuclear reactors. If we have blackouts, which haven't had anything to do with nuclear reactors at this point--and sometimes we don't have the slightest idea what contributed to that blackout in either the San Francisco situation, the New York situation; that was a decade ago. I am just curious, if we are looking at suppliers, it seems to me the Defense Department has a role in there, and are they worried or not? Mr. Money. Yes, sir. If we start with the weapons versus the reactors generating power---- Mr. Horn. Right. Mr. Money [continuing]. DOE has that responsibility. DOD overlooks that CINCSTRAT in particular. Anything you want to add? Admiral Willard. Yes, sir. There is a simple answer: By and large, the facilities that are owned by the Department of Energy [DOE] are being overseen by DOE, and the interfaces to those facilities are being checked by the Department of Energy. In those areas where an interface exists between our strategic commands and those vendors, then Strategic Command is maintaining visibility. I think Admiral Mies would assure you of that. Mr. Money. When it gets to reactors, then that is a power generation and that will be a DOE reporting up through John Koskinen. Mr. Horn. OK. We thank you. We will be pursuing that in a couple of months, and obviously, we have got a major concern on the nuclear reaction in terms of supply for civilians, as well as military indirectly, in some cases. Let me just thank the people--and then I will have a few remarks here--thank the people that helped prepare this hearing: J. Russell George is in the door down there, staff director and chief counsel for the Subcommittee on Government Management, Information, and Technology; Matt Ryan, senior policy director, right behind me here for that subcommittee; Bonnie Heald, director of information and professional staff member; and Mason Alinger, the clerk for the subcommittee; Richard Lucas, our faithful intern; and for the Technology Subcommittee, Richard Russell is back of Mrs. Morella, staff director; Ben Wu, professional staff; and Joe Sullivan, the clerk. And for the minority we have Faith Weiss, the counsel, and Jean Gosa, the clerk. And for our faithful court reporter, it is Leslie Preer. I think you have all given some very compelling testimony this morning, and it, obviously, pleases all of us that both the Inspector General of Defense and the GAO are working together, and everybody in all the services seem to be working together. So, I commend you for that. Let's face it, the safety of our country and other countries depend on the Department of Defense's mission- critical services, and we have been concerned, obviously, that the Defense Department seems to be behind schedule, but it could be that you are in the Preakness or something and you are waiting for the last few laps. I don't know. I have sometimes said, with the administration, when it took a long time to get them organized, that it was like the ``Perils of Pauline.'' You know, she is strapped over the railroad, you think she is a goner, next Saturday, she is doing great. [Laughter.] And that is when movies were 10 or 15 cents. I appreciate Secretary Cohen and Deputy Secretary Hamre, and now, hopefully, Assistant Secretary-to-be Money, for the leadership they are providing. I think that has absolutely been essential in solving some of these problems. But we remain concerned about the preparedness and potential vulnerability of foreign military bases, and we are delighted with the initiative the Secretary took in relation to the Russians. I happen to feel very strongly that, if we don't win the Russians in with us as part of the western democracy down the line, we would have made the biggest mistake we could make in diplomacy in the last part of this century. So, I am glad those relations were started when General Powell was chairman of the Joint Chiefs of Staff; I am glad they are going on. And I thank all of you for testimony. It is good to know that progress has been made within the executive branch. I think we still see a lot that has to be done, and some of it relates to the national defense, and hopefully, with all of your hard work, we will get that job done. And we thank you for coming. With that, this meeting is adjourned. [Whereupon, at 1:12 p.m., the subcommittee was adjourned.]