<DOC> [106th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:60954.wais] THE YEAR 2000 COMPUTER PROBLEM: LESSONS LEARNED FROM STATE AND LOCAL EXPERIENCES ======================================================================= HEARINGS before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ AUGUST 13, 14, AND 17, 1999 __________ Serial No. 106-48 __________ Printed for the use of the Committee on Government Reform U.S. GOVERNMENT PRINTING OFFICE 60-954 WASHINGTON : 1999 Available via the World Wide Web: http://www.house.gov/reform ______ COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida PATSY T. MINK, Hawaii THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio Carolina ROD R. BLAGOJEVICH, Illinois BOB BARR, Georgia DANNY K. DAVIS, Illinois DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts ASA HUTCHINSON, Arkansas JIM TURNER, Texas LEE TERRY, Nebraska THOMAS H. ALLEN, Maine JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont HELEN CHENOWETH, Idaho (Independent) DAVID VITTER, Louisiana Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director David A. Kass, Deputy Counsel and Parliamentarian Carla J. Martin, Chief Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Bonnie Heald, Professional Staff Member Grant Newman, Clerk C O N T E N T S ---------- Page Hearing held on: August 13, 1999.............................................. 1 August 14, 1999.............................................. 187 August 17, 1999.............................................. 443 Statement of: Aikens, Willie, Director, companywide process and strategy, the Boeing Co.; Don Jones, director of year 2000 readiness, Microsoft Corp.; Joan Enticknap, executive vice president, Seafirst Bank; William Jordan, deputy superintendent of public instruction, State of Washington; and Rich Bergeon, consultant, Nuevue International, LLC, Audit 2000.......... 589 Cortez, Elias, director, Department of Information Technology, State of California; Joel Willemssen, Director, Civil Agencies Information Systems, U.S. General Accounting Office; Doug Cordiner, principal auditor, Bureau of State Audits, California State Auditor's Office; Joan Smith, supervisor, Siskiyou County, on behalf of the Regional Council of Rural Counties; and Cathy Capriola, administrative services director, city of Citrus Heights... 12 Hall, Garth, manager of project 2000, Pacific Gas & Electric Co.; Karen Lopez, division manager, administrative services, Silicon Valley Power; Frances E. Winslow, director, Office of Emergency Services, city of San Jose; William Lansdowne, chief of police, city of San Jose; and John McMillan, deputy fire chief, city of San Jose......... 353 Hall, Garth, manager of Y2000 project, Pacific Gas and Electric Corp.; Tom Latino, public safety director, Pacific Bell, appearing for Mike Petricca; Roy Le Naeve, senior project manager, Y2K readiness program, Sacramento Municipal Utility District; Steve Ferguson, chief of information technology, county of Sacramento, accompanied by Carol Hopwood, emergency management, county of Sacramento................................................. 116 O'Rourke, Joe, chief information officer, Bonneville Power Administration; Jerry Walls, project manager, embedded systems, Puget Sound Energy; James Ritch, deputy superintendent, finance and administration, Seattle City Light; Marilyn Hoggarth, Washington State public affairs manager, General Telephone Co.; Dave Hilmoe, division director, Water Quality and Supply, Seattle Public Utilities; and Brad Cummings, Y2K program manager, University of Washington Academic Medical Centers.......... 542 Tschogl, Kathleen, manager, governmental and regulatory affairs, Raley's Supermarkets; Alan Rabkin, general counsel, senior vice president, Sierra West Bank, on behalf of the California Bankers Association; Guy Koppel, chief information officer, U.C. Davis Medical Center; and Holly Delaney, year 2000 program, Mercy Healthcare Sacramento.... 169 Whitworth, Brad, Y2K marketing and communications manager, Hewlett Packard Co.; Pat Cavaney, year 2000 program manager, customer service and support group, Hewlett Packard Co.; Richard Hall, director, california governmental affairs, year 2000 program manager, Intel Corp.; Tom Latino, product manager, Pacific Bell; and Ralph Tonseth, director of aviation, San Jose International Airport.................................................... 301 Willemssen, Joel C., Director, Civil Agencies Information Systems, General Accounting Office; Chris Hedrick, director, Washington State Year 2000 Office; Clif Burwell, Y2K program manager, King County, WA; Marty Chakoian, project manager, city of Seattle Year 2000 Office; and Barbara Graff, emergency preparedness manager, city of Bellevue, WA............................................... 451 Willemssen, Joel, Director, Civil Agencies Information Systems, U.S. General Accounting Office; Mark Burton, Y2K project manager, city of San Jose; Dana Drysdale, vice president, information systems, San Jose Water Co.; Ronald E. Garratt, assistant city manager, city of Santa Clara; and Christiane Hayashi, year 2000 communications manager, city of San Francisco...................................... 192 Letters, statements, etc., submitted for the record by: Aikens, Willie, Director, companywide process and strategy, the Boeing Co., prepared statement of...................... 592 Bergeon, Rich, consultant, Nuevue International, LLC, Audit 2000, prepared statement of................................ 618 Burton, Mark, Y2K project manager, city of San Jose, prepared statement of............................................... 236 Burwell, Clif, Y2K program manager, King County, WA, prepared statement of............................................... 503 Capriola, Cathy, administrative services director, city of Citrus Heights, prepared statement of...................... 79 Chakoian, Marty, project manager, city of Seattle Year 2000 Office, prepared statement of.............................. 518 Cordiner, Doug, principal auditor, Bureau of State Audits, California State Auditor's Office, prepared statement of... 64 Cortez, Elias, director, Department of Information Technology, State of California, prepared statement of..... 15 Drysdale, Dana, vice president, information systems, San Jose Water Co., prepared statement of........................... 241 Enticknap, Joan, executive vice president, Seafirst Bank, prepared statement of...................................... 599 Ferguson, Steve, chief of information technology, county of Sacramento, and Carol Hopwood, emergency management, county of Sacramento, prepared statement of....................... 155 Garratt, Ronald E., assistant city manager, city of Santa Clara, prepared statement of............................... 246 Graff, Barbara, emergency preparedness manager, city of Bellevue, WA, prepared statement of........................ 526 Hall, Garth, manager of Y2000 project, Pacific Gas and Electric Corp., prepared statements of.................. 118, 355 Hall, Richard, director, california governmental affairs, year 2000 program manager, Intel Corp., prepared statement of......................................................... 336 Hayashi, Christiane, year 2000 communications manager, city of San Francisco, prepared statement of.................... 260 Hedrick, Chris, director, Washington State Year 2000 Office, prepared statement of...................................... 498 Hilmoe, Dave division director, Water Quality and Supply, Seattle Public Utilities, prepared statement of............ 578 Hoggarth, Marilyn, Washington State public affairs manager, General Telephone Co., prepared statement of............... 571 Horn, Hon. Stephen, a Representative in Congress from the State of California: Merced County document................................... 87 Prepared statements of............................. 5, 190, 447 Jordan, William, deputy superintendent of public instruction, State of Washington: Information concerning Y2K readiness..................... 606 Prepared statement of.................................... 611 Lansdowne, William, chief of police, city of San Jose, prepared statement of...................................... 428 Le Naeve, Roy, senior project manager, Y2K readiness program, Sacramento Municipal Utility District, prepared statement of......................................................... 149 Lopez, Karen, division manager, administrative services, Silicon Valley Power, prepared statement of................ 364 McMillan, John, deputy fire chief, city of San Jose, prepared statement of............................................... 433 O'Rourke, Joe, chief information officer, Bonneville Power Administration, prepared statement of...................... 545 Ose, Hon. Doug, a Representative in Congress from the State of California, prepared statement of....................... 9 Petricca, Mike, Pacific Bell, prepared statement of.......... 145 Ritch, James, deputy superintendent, finance and administration, Seattle City Light, prepared statement of.. 561 Smith, Joan, supervisor, Siskiyou County, on behalf of the Regional Council of Rural Counties, prepared statement of.. 73 Tonseth, Ralph, director of aviation, San Jose International Airport, prepared statement of............................. 346 Tschogl, Kathleen, manager, governmental and regulatory affairs, Raley's Supermarkets, prepared statement of....... 171 Walls, Jerry, project manager, embedded systems, Puget Sound Energy, prepared statement of.............................. 556 Whitworth, Brad, Y2K marketing and communications manager, Hewlett Packard Co.: Information concerning Hewlett Packard's program......... 321 Prepared statement of.................................... 304 Willemssen, Joel, Director, Civil Agencies Information Systems, U.S. General Accounting Office, prepared statements of....................................... 22, 194, 453 Winslow, Frances E., director, Office of Emergency Services, city of San Jose, prepared statement of.................... 420 THE YEAR 2000 COMPUTER PROBLEM: LESSONS LEARNED FROM STATE AND LOCAL EXPERIENCES ---------- FRIDAY, AUGUST 13, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology, Committee of Government Reform, Sacramento, CA. The subcommittee met, pursuant to notice, at 9 a.m., in the Sacramento Board of Supervisors Chambers, room 1450, 700 H Street, Sacramento, CA, Hon. Steve Horn (chairman of the subcommittee) presiding. Present: Representatives Horn and Ose. Staff present: J. Russell George, staff director and chief counsel; Bonnie Heald, director of communications and professional staff member; and Grant Newman, clerk. Mr. Horn. I'm Steve Horn, the chairman of the House Subcommittee on Government Management, Information, and Technology. The presiding officer today will be Mr. Ose, who is a valued member of this committee and represents part of this area as we go north, I guess, from Sacramento a little bit and various other areas. And I'm just going to make an opening statement and then he's going to preside. And I will have the opportunity to ask some questions. He will, too. And we have an excellent panel today which should give a real good feel for where we are in government, at least in California and with some of the private utilities and others. The hearing is in order as a quorum is present, and I, of course, thank Mr. Ose and the staff for all they've done to make this a very pleasant visit in my home State of California. I represent the area from Long Beach, CA, and I grew up in northern California where I still have a ranch at San Juan Batista. So when I got off the plane a few years ago when I was university president, a lady came up to me and I don't know how she ever knew I ever had anything to do with anything, and she said, ``You're stealing our water.'' So I understand northern California, the views. It's tough to get water; and believe me, when you have a ranch, it's even tougher. The year 2000 computer problem, which is the subject of today's hearing, affects nearly every aspect of operations in the government and the private sector and, therefore, impacts all of us. From Social Security and Medicare to telephone service and electric power, the year 2000 computer bug is the largest management and technology change and challenge that we as a community and as a Nation have confronted. No single organization, city or State, can solve the problem alone, nor can they guarantee their computers will work until the organizations and agencies that exchange data with them are also compliant. Almost all of the agencies now report their critical computer systems have been renovated. These are the computer systems that must continue functioning in order for Federal agencies to provide their services. That is only part of the complex job that lies ahead. The agency must now complete systemwide testing to ensure that these are renovated and new computers are compatible with other computer systems. As most computer students know, when you tinker with one area of a computer system, you can create unexpected problems in another area. The problem was created in the mid-1960's when many of you know, at least my age, you had computers which filled a room of this size, and they had very little memory. The laptop you get now has as much memory as that whole room of computers. And somebody said, ``Hey, why are we punching in a four-digit year?'' Instead of 1967, let's just say 67 and knock the 19 off. And, that gained them some memory. I was running the university then, and I'm well aware of the really difficult time we had to get enough memory. And of course, they knew even then that in the year 2000 it would be 00, not 2000, and that would confuse the computer to get either 1900 or 2000, and they wouldn't know what to do. It would just be simply 00. So some attention was given to this early on in the 1980's, and we had one department where a very able programmer told all of the brass, ``Hey, we've got to start work on this. This is 1987.'' They never did a thing. They are still getting If's, once we got into this in 1996. It's been very slow. That's the Department of Transportation and obviously FAA is the key aspect there. They're moving ahead. They've got an excellent Administrator that's picked up the pieces that hadn't been picked up in years. And the other group that had done it on its own was the Social Security Administration. They knew we looked ahead to 1989 that we've got to deal with it because we've got 50 million different customers here for one program and 43 for another one. And they did it all on their own. There was no precedential guidance in budget and management and they just did it. And, therefore, they've been the first to really be 100 percent compliant, and we shouldn't have any problems on that front. And 3 years ago we started our first hearing, which was roughly April 1996. And we've held about 30 hearings and issued about eight report cards monitoring the status of the executive branch of the Federal Government. We wrote the President in 1997. We said, ``You've got to appoint somebody to coordinate this full-time within the executive branch.'' He acted on that. That was 1997; he acted on it in 1998. And, in effect, Mr. Koskinen took office in April 1998. He's done a very fine job. He's pulled a lot of people together. They are also working with the industrial sector and various panels and so forth. So all of that has been helpful. At our first hearing we asked the Gardner Group, ``How much you think it's going to cost the Federal Government and nation?'' They said, ``Well, it's $600 billion worldwide problem. We're half the computers in the world, so it will be about $300 billion. That's the private sector and State and local government.'' And I said, ``How much for the Federal Government?'' They said, ``It's going to cost about $30 billion.'' As I got into this more and more, I thought that was a little high and knew more likely it would be $10 billion. We're now at the $9 billion mark with the Federal Government through September 30th. We might well use another billion in the last closing panic bit, if there is any of getting the right people in the right place at the right time. It might hit $10 billion. But basically they've done it with that amount of $9 billion, and we're going to have our opening witness with a very fine representative of the General Accounting Office who has kept tabs on the executive branch in their role as the watchdog programmatically and financially on behalf of the legislative branch. So in addition to programs such as Social Security, Medicare and the Nation's air traffic control system, 10 of these federally funded programs are operated by the State. These programs which depend on State and county computers, as well as the Federal systems, include Medicaid, food stamps, unemployment insurance, child support enforcement and a myriad of other things. None of the 10 programs will be ready for the year 2000 until December, leaving little if any time to fix unforeseen problems. Data exchanges and interdependencies exist at all levels of government and the private sector. A single failure could disrupt the entire chain of information. The Social Security Administration, for example, maintains a data base of Social Security payment information for eligible citizens. When these payments are due, the Social Security Administration sends the information to the Department of the Treasury's Financial Management Service, where the check is issued, and then either electronically deposit it into a personal bank account or deliver it by the U.S. Postal Service. Each of these agencies has its own network of computers. If even one of them fails, the entire system will break down and the check will not be delivered. Fortunately, the Social Security Administration has been working on this problem for 10 years and it's in good shape. But even the best prepared computers won't work without power. Two of the most essential questions involving the year 2000 challenge are, will the lights stay on and the gas pumps remain full. For without electricity and fuel, farm crops cannot move from field to table and commerce cannot flow from factory to household. The year 2000 computer problem also presents other potential threats to communities, from computed interrupting services, such as 911, to delays in assistance for disasters, such as California's all too familiar earthquakes, floods, fire, you name it, we do it. Why we are here today is to examine California's readiness for this challenge as well as the preparations being made by regional local governments and businesses. But even with the best of plans, no one can predict what might or might not happen once the clock ticks midnight this New Year's Eve. The only certainty is that the January 1st deadline cannot be extended. I understand that California and Sacramento have been working hard toward meeting this deadline. And I welcome today's witnesses and look forward to the testimony. And with that, Mr. Ose will preside and Chair as the chairman pro tem. He's a valued member of our committee in Washington. Since we're in his district, he's going to chair it and run us through it, and I will ask some questions and so will he. Does the gentleman from California have an opening statement? [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED] T0954.001 [GRAPHIC] [TIFF OMITTED] T0954.002 [GRAPHIC] [TIFF OMITTED] T0954.003 Mr. Ose. I do, Mr. Chairman. First of all, let me thank you for coming all this distance to visit with us today. Your work on this subject has been the backbone of everything we're trying to do to make sure this does not become a problem. As arcane as the subject is, the country owes you a great debt of gratitude. First, I'd like to thank everyone for joining us today at this special field hearing. Today we are going to look at how State and local government entities, utilities and selected businesses in the community have prepared their computer systems for the next century. On the Federal level, this committee has reviewed the Federal Government's Y2K preparations for several years under the guidance of Chairman Horn. So far this year, it's a long title, but the Government Reform Committee's Government Management, Information, and Technology Subcommittee, of which Mr. Horn is chairman and on which I sit, has held over a dozen hearings on the Y2K computer problem. As Chairman Horn contends, the Federal Government has been slow to act on the problem. As a result, some of the agencies have had to work overtime to become compliant with the challenge. At this point, about 94 percent of the government's mission-critical systems will be ready for January 1st--excuse me, are ready for January 1st. And the remaining 6 percent have yet to be completed. The purpose of this hearing, again, is to look beyond the Federal Government and see how localities are dealing with this problem. On the State level, it appears that the State of California's followed a similar path as the Federal Government identifying the problem and going to work on it. The State Auditor prepared a report in February 1999 and the director of the Department of Information Technology is here with us today to discuss it. As in the Federal Government, the State is hustling, if you will, to make sure that their systems comply as of the end of the year, and I'm looking forward to this testimony. I'm also pleased to see that we have a wide variety of witnesses who will testify before us today. We'll hear from the representative of Sacramento County and from the Sacramento County Emergency Services. We have someone from my city, the city of Citrus Heights. We'll have a representative from the Regional Council of Rural Counties, and finally from the Government Accountability Office. We're also going to receive testimony from utility providers, those being PG&E, Pacific Bell, and SMUD. Finally, we'll hear from important industries on the private side such as banking, agriculture, and health care. I look forward to everyone's testimony, and I hope this hearing will help educate the public on our region's preparedness for the year 2000. [The prepared statement of Hon. Doug Ose follows:] [GRAPHIC] [TIFF OMITTED] T0954.004 [GRAPHIC] [TIFF OMITTED] T0954.005 [GRAPHIC] [TIFF OMITTED] T0954.006 Mr. Ose. I would like to invite the first panel down for their testimony. We're going to have you sit right here with-- so those folks, Joel Willemssen, Elias Cortez, Doug Cordiner, Joan Smith, Cathy Capriola if you would come join us down here. OK. We're going to have Mr. Cortez testify first. He's got a 10 a.m. flight. But before we get into that, this being a congressional oversight hearing, I need to swear the witnesses. Folks, if you'll raise your right hands. Do you solemnly swear the testimony you will give before this subcommittee will be the truth, the whole truth and nothing but the truth? Let the record show the witnesses responded in the affirmative. [Witnesses sworn.] Mr. Ose. So, Mr. Cortez, you're up. Thank you for joining us. STATEMENTS OF ELIAS CORTEZ, DIRECTOR, DEPARTMENT OF INFORMATION TECHNOLOGY, STATE OF CALIFORNIA; JOEL WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE; DOUG CORDINER, PRINCIPAL AUDITOR, BUREAU OF STATE AUDITS, CALIFORNIA STATE AUDITOR'S OFFICE; JOAN SMITH, SUPERVISOR, SISKIYOU COUNTY, ON BEHALF OF THE REGIONAL COUNCIL OF RURAL COUNTIES; AND CATHY CAPRIOLA, ADMINISTRATIVE SERVICES DIRECTOR, CITY OF CITRUS HEIGHTS Mr. Cortez. Good morning. Honorable chair and members, on behalf of Governor Davis, I welcome you and your committee to the State of California. I am Elias Cortez, chief information officer for the State of California and director of the Department of Information Technology. I would like to thank the members of the subcommittee and all your staff for the opportunity to deliver a brief statement on California's comprehensive year 2000 program. Based on recent reviews and detailed analysis of the Y2K program, efforts not only within the State, but across the Nation, we're confident that California's approach to the year 2000 issue is progressive and comprehensive. The executive order D-3-99, signed by Governor Gray Davis in February 1999, identified the Y2K issues as the State's No. 1 information technology priority. This emphasizes and ensures that the State's resources are focused on public safety, economic stability, continuation of business, and the uninterrupted delivery of essential government services to all of California's citizens and business partners. The executive order empowered me to lead and make bold, decisive initiatives to assess, validate, and communicate the status of Y2K remediation and preparedness activities. The executive order also empowered me with authority over all information technology units and resources within the State. Through this role, I forged successful partnerships with representatives of both the public and private sectors, including local governments and State governments and other State entities such as the Governor's Office of Emergency Services, and various committees and task forces convened by the Governor. Our main purpose and focus was to accelerate and escalate a progressive and successful year 2000 program, and included are subcommittees such as the year 2000 executive committee, year 2000 business economy task force, the year 2000 business council, the year 2000 emergency preparedness task force, and the year 2000 communications and outreach task force. As we implemented and enhanced our year 2000 program in February 1999, we found that government entities were not as prepared as we had thought or had been previously reported, and as a result, we immediately accelerated and escalated our year 2000 program through the proactive implementation of a statewide program management office for Y2K and the development of prescriptive methodologies based on the industry best practices for Y2K. This approach is documented in the Department of Information Technology's Strategic Plan, which is included in the documents supplied to you. California's year 2000 program is a comprehensive approach to the year 2000 remediation and preparedness and includes the establishment of baseline status for more than a 100-plus State entities, an assessment of each entity, a high-level analysis and the assessment results, and the independent validation and verification of those entities with a mission-critical system's focus by external vendors. The assessment and review outcomes are tracked through a corrective action planning process. This process ensures accountability and action and focus from the entities with the corrective action plans and resources in place that they are required to complete prior to September 1, 1999. A compilation of the State Department Status Information is presented for review on-line on the web on the California Y2K website, which is www.year2000.ca.gov. This bold-step initiative allows any government entity or citizen to access objective, quantitative, current information about State entities' Y2K efforts. Additionally, the website information communicates entity status to business partners within and external to the State government entity and structure. California's Y2K program has a significant commitment to ensuring that business continuity and contingency planning occurs for all entities. The year 2000 management program office, the statewide program, must receive a completed and tested plan from each entity prior to October 1999. The commitment to business continuity and contingency planning echoes a message of Governor Davis' executive order and ensures a seamless delivery of services in order to make the century change a nonevent. In addition to technical assessments and reviews, our Y2K program consists of extensive communication and outreach activities. These include year 2000 emergency preparedness and business continuity and contingency planning, conferences, infrastructure industry roundtables, legislative-sponsored attendance in hearings in which we participated; additional activities are anticipated over the coming months and the new year relative to communications and outreach on Y2K. Finally, we have raised the bar regarding end to end testing. We will broaden and strengthen interface testing of data with all our partners in local government to ensure that mission-critical public safety, health and welfare and education services are delivered uninterrupted into the new year. We have a successful and productive collaboration with counties and local governments and even private sector organizations relative to the services that we deliver from the State. All Y2K activities conducted by the State of California are a direct reflection to the decisive actions taken in support of Governor Davis' administration and the legislature, as well as an unprecedented cooperation among State government entities and partners for the State. Recent accomplishments by the program will allow the State to ensure continuity of State and county mission critical services to the community at large regardless of unforeseen information system impacts. I'm extremely confident that California can and will deliver the mission-critical services for residents before, during and after the century event. In summary, the State has been extremely proactive and focused on California's expectations of uninterrupted services by doing the following things: We focused in the area of addressing the most challenging issues and mission-critical priorities first and concentrating on the greatest impacts to health, safety and revenues. We've maintained public trust in the infrastructure that Californians depend on by accurately reporting the progress made and any challenges facing forward, managing those to date, making sure that there is a workable solution in place to provide uninterrupted service if an unforeseen year 2000 event occurs, preparing for the unexpected year 2000 related impacts by anticipating scenarios and directing the resources necessary to maintain confidence in our communities via the Office of Emergency Services. Again, thank you for giving the State the opportunity to testify before you about our comprehensive year 2000 program. We are proud not only to share our current status, but we have proactively shared our methodologies with all local government, small business and entities relative to Y2K. Thank you. [The prepared statement of Mr. Cortez follows:] [GRAPHIC] [TIFF OMITTED] T0954.007 [GRAPHIC] [TIFF OMITTED] T0954.008 [GRAPHIC] [TIFF OMITTED] T0954.009 Mr. Ose. Director, if I may, in deference to your time, we're going to ask what few questions we have of you first so that you can catch your plane. First of all, you mentioned the website that you had, the www.year2000.California.gov. I want to make sure that we've got that correctly identified as www.year2000.ca.gov., right? Mr. Cortez. Yes, sir. Mr. Ose. So if anybody is watching, that's a first--that's one resource everybody can use. The other question I have most directly is under Chairman Horn's leadership, one of the things that has been most apparent is that our initial attempts to cure this problem have been changed or governed by agencies' self-examination after the fact. And what I'd like to find out is: There are three particular situations I'm concerned about. First, is it the agencies themselves who are reporting on their compliance, or do you have an independent third party doing that? Second, since, say, January 1st, have you seen any material change in the degree of readiness amongst the agencies? And, finally, as it affects regional and local governments in particular, has the State been able to provide any financial assistance to those levels of government to help them get into compliance? Mr. Cortez. Thank you. Regarding the agencies, we are very proud to say that that was a concern for our legislature coming in. Again, the program wasn't where we had expected it to be. We did see prior to our acceleration and escalation of this program a need for independent validation of verification. We immediately implemented that program. No entities do self-assessment or self-reporting. We've put that behind us. Our new program not only allows us to do current triages, but we have ongoing statewide program management in which we continually track on a weekly basis and post on line on our web the status of any corrective action plans required for these departments. Furthermore, we're proud to say we're putting that on the web so that any local government and citizens who have any concerns regarding our compliancy or status can go on line and see positive steps taken, actions that need to be taken, and corrective actions and plans in place and resources with dates proactively displayed. So we are totally having an objective review. It's all external and it's independent. And, again, we have a multitude of vendors that are helping us with that process. Second, the issue on the degree of readiness, we have seen an extreme acceleration and escalation of the Y2K program, and we've even documented that on line. So when you see the department status, you can see the initial baseline and its actual validation where it was when we started the program and where it currently is. And you can see some major improvement and action items taken care of. So we view this program as extremely successful and have recommended to other local government entities not only the methodology that we use; we post it on line and they can download it and use it as a tool kit for themselves if they don't have resources to hire expensive consultants. And many government entities have taken the opportunity to do so. And, furthermore, we continually assess on a week-to-week basis and allow the departments to give current status. So, as an example, if a department finds an issue that hadn't been dealt with prior to this, it gets red-flagged again and brought into the loop of the program. So we have a comprehensive review of all issues left to be compliant and complete into the new year. Regional governments, we have proactively been out in the community working with regional governments sharing our methodologies at no cost to them. We're doing conferences. We are aggressively pursuing a communication and outreach program making sure that our message and their message is in sync with the community. We have proactively worked with the legislature to provide dollars so that we can fund such programs. And, again, at this point, the funding that has been put in place I know has gone to core programs and other programs. Again, at this point, I'm not aware of legislation with additional funding. Mr. Ose. Chairman Horn. Mr. Horn. Just one brief question. I know the Governor doesn't run the State education systems here, but increasingly Governors do, and I wondered if you as the chief technology boss of the State have a feel for what's happening on K-12, what's happening at the community college level, what's happening at the California State University level. And we do have one witness from the UC-Davis campus, the medical school, but I wondered what you know about what's happening at the University of California, also. Mr. Cortez. Yes. We are proud to say that we've had the opportunity to work side by side with Assembly Member John Dutra, Chair of the Assembly Information Technology Committee, and we've gone across the State and had hearings like this in similar forums, and we have seen that smaller government entities, not just school districts, have had financial challenges that they recently have come out of, and so their starts with the Y2K program have been late. I personally have met the leader of the Board of Education for our State and have shared our methodology. We have proactively worked with them on the assessment for their department. They take--all government entities take this challenge seriously, and we are continuously working with them. And as an example, through communications and outreach programs trying to disseminate Y2K status and methodologies through their broadcast system. We do and we have found in again smaller government entities that financial strains have been an issue for them. As we did in one case, a city up in northern California, they used $100,000 reserve plus borrowed $50,000 to complete their Y2K program. So all in all we've seen a major impetus to get the job done. We've seen many challenges on a different level, and we believe the smaller government entities do need help not only in methodologies, but resources. And they need to shift their own internal resources to get this job done, as we've seen with other local government entities. Mr. Horn. Well, I appreciate that answer. The State auditor has a representative here after you, and we'll ask him some of the questions, but the statewide audit in February I'm sure was helpful in assessing where you were. I don't know the degree to which California departments have, say, an inspector general because there's another--at least at the Federal level, another independent authority that can call them as they see them. Are you concerned about the verification of what some of the departments are submitting? Mr. Cortez. Actually, I'm confident to say that we've taken the auditor's report to heart. We welcome all their comments. We aggressively pursued as we have expanded and escalated our program all their issues into our program. We reported to them currently and recently about the program and the status of the program. We do not use self-assessment. We do not believe that's the appropriate measure of Y2K. We have proactively worked with what we call the Y2K Business Council. Right across the mountains here, we have the leaders in the world on technology. And we are lucky to have used them, and they have committed their CIOs to be our compass and guide for our Y2K program; and we've been able to take industry best practices, procedures, and policies, such as software freezes and other things that are related to a good compliant information project--Y2K information project in place. And so we're confident that not only the recommendations from the Bureau of State Audits we've taken into account and implemented; but, furthermore, we've got an additional set of eyes on our program and advisory to our program and that has embellished our program tremendously. Mr. Horn. Thank you very much. Mr. Ose. Director, thank you. Appreciate you coming. Now to the rest of the panel, I appreciate your patience. That's very courteous to extend that to the director. So we'll just go down the list. Mr. Willemssen. Thank you, Congressman, for inviting us here today. Chairman Horn, as requested, I'll briefly summarize our statement on the Y2K readiness for Federal Government, State and local government, in key economic sectors. Regarding the Federal Government, reports indicate continued progress in fixing, testing and implementing mission- critical systems. Nevertheless, numerous critical systems must still be made compliant and must undergo independent verification and validation. The most recent agency quarterly Y2K reports due to OMB today should provide further information on agency progress. Our own reviews of selected agencies have shown uneven progress and remaining risks in addressing Y2K and, therefore, point to the importance of business continuity and contingency planning. Even for those agencies that have clearly been Federal leaders such as the Social Security Administration, work still remains to ensure full readiness. If we look beyond individual agencies and systems, the Federal Government's future actions will need to be increasingly focused on making sure that its high priority programs are compliant. In line with this, OMB has identified 43 high-impact programs such as Medicare and food safety. As you know, Mr. Chairman, we're currently reviewing for you the executive branch's progress in addressing these high-impact programs. Available information on the year 2000 readiness of State and local governments indicates, also, that much work remains. For example, according to recently reported information on States, about eight States had completed implementing less than 75 percent of their mission- critical systems. Further, while all States responding said they were engaged in contingency planning, 14 reported their deadlines for this as October or later. State audit organizations, including the California State Auditor, as earlier mentioned, have also identified significant Y2K concerns in areas such as testing, imbedded systems, and contingency planning. Mr. Ose. Mr. Willemssen, just a moment. If everyone would turn off their pagers and cell phones, that would be a great benefit to the witnesses. Thank you. Mr. Willemssen. Another area of risk is represented by Federal human services programs administered by States, programs such as Medicaid, food stamps and child support enforcement. Of the 43 high-impact priorities identified by OMB, 10 are State-administered Federal programs such as these. OMB reported data on the systems supporting those kinds of programs show that numerous States are not planning to be ready until close to the end of the year. Further, this is based on data that has not been independently verified. Recent reports have also highlighted Y2K issues at the local government level. For example, last month we reported on the Y2K status of the 21 largest U.S. cities. On average, these cities reported to us completing work for 45 percent of their key services. Y2K is also a challenge for the public infrastructure in key economic sectors. Among the areas most at risk are health care and education. For health care we've testified on several occasions on the risks facing Medicare, Medicaid and biomedical equipment. In addition, last month we reported that while many surveys have been completed on the Y2K readiness of health care providers, none of the 11 surveys we reviewed provided sufficient information with which to assess the true status of these providers. For education, last week's report of the President's Council on Y2K conversion indicates that this continues to be an area of concern. For example, according to the council report, many school districts could have dysfunctional information systems because less than one-third of institutions were reporting that their systems were compliant. That concludes a summary of my statement, and I'd be pleased to address any questions you may have. [The prepared statement of Mr. Willemssen follows:] [GRAPHIC] [TIFF OMITTED] T0954.010 [GRAPHIC] [TIFF OMITTED] T0954.011 [GRAPHIC] [TIFF OMITTED] T0954.012 [GRAPHIC] [TIFF OMITTED] T0954.013 [GRAPHIC] [TIFF OMITTED] T0954.014 [GRAPHIC] [TIFF OMITTED] T0954.015 [GRAPHIC] [TIFF OMITTED] T0954.016 [GRAPHIC] [TIFF OMITTED] T0954.017 [GRAPHIC] [TIFF OMITTED] T0954.018 [GRAPHIC] [TIFF OMITTED] T0954.019 [GRAPHIC] [TIFF OMITTED] T0954.020 [GRAPHIC] [TIFF OMITTED] T0954.021 [GRAPHIC] [TIFF OMITTED] T0954.022 [GRAPHIC] [TIFF OMITTED] T0954.023 [GRAPHIC] [TIFF OMITTED] T0954.024 [GRAPHIC] [TIFF OMITTED] T0954.025 [GRAPHIC] [TIFF OMITTED] T0954.026 [GRAPHIC] [TIFF OMITTED] T0954.027 [GRAPHIC] [TIFF OMITTED] T0954.028 [GRAPHIC] [TIFF OMITTED] T0954.029 [GRAPHIC] [TIFF OMITTED] T0954.030 [GRAPHIC] [TIFF OMITTED] T0954.031 [GRAPHIC] [TIFF OMITTED] T0954.032 [GRAPHIC] [TIFF OMITTED] T0954.033 [GRAPHIC] [TIFF OMITTED] T0954.034 [GRAPHIC] [TIFF OMITTED] T0954.035 [GRAPHIC] [TIFF OMITTED] T0954.036 [GRAPHIC] [TIFF OMITTED] T0954.037 [GRAPHIC] [TIFF OMITTED] T0954.038 [GRAPHIC] [TIFF OMITTED] T0954.039 [GRAPHIC] [TIFF OMITTED] T0954.040 [GRAPHIC] [TIFF OMITTED] T0954.041 [GRAPHIC] [TIFF OMITTED] T0954.042 [GRAPHIC] [TIFF OMITTED] T0954.043 [GRAPHIC] [TIFF OMITTED] T0954.044 [GRAPHIC] [TIFF OMITTED] T0954.045 [GRAPHIC] [TIFF OMITTED] T0954.046 [GRAPHIC] [TIFF OMITTED] T0954.047 [GRAPHIC] [TIFF OMITTED] T0954.048 [GRAPHIC] [TIFF OMITTED] T0954.049 Mr. Ose. We're going to go through the other witnesses and then come back for questions. I actually think there are microphones on the table here in the event you want to sit to give your testimony. You're welcome to stand, of course. Mr. Cordiner, from the State Auditor's Office. Mr. Cordiner. Mr. Chairman, Congressman, and Members, I appreciate the opportunity to speak to you this morning on a very important topic. Thus far our office has had two opportunities to review the Y2K effort in California. The first of our audits was published in August 1998. Under the former administration, agencies self-reported their progress on remediating their systems to the Department of Information Technology, and we were concerned that those reportings were accurate reportings. So we looked at several of the systems of these agencies and found that they were overly optimistic as to where they currently were in their progress. In addition, we did some survey work and found the same held true for some other agencies. Moreover, there were many of these agencies that had not begun to do business continuity planning, which we felt was critical in light of the fact that they would seem to be lagging behind on the remediation progress. Most were doing planning, but it was more of a disaster recovery type of planning rather than concentrating on what would happen if their remediation efforts failed or weren't done in time. Based on our recommendations in the first audit, the legislature again wanted us to look at this area, and we did publish another report in February 1999. This time we looked-- we chose a sample of what we considered the most critical agencies supplying services to Californians, and that would include health and safety, payment systems, and revenue agencies. We chose a sample of 14 agencies to look at. We looked at the critical systems supporting those programs and found that 11 of the 14 agencies had not completed their remediation of critical systems that by a previous administration Executive order should have been done by December 31, 1998. Areas that weren't finished included thoroughly testing their systems, dealing with the threats posed by imbedded technology that those systems depend on, as well as data exchange partners. They hadn't fully agreed on formats or some hadn't tested that agreed-upon format to ensure that information passed between the data exchange partners would be seamless and wouldn't cause a corruption of data. We also found that one of the State's two large data centers that many agencies depend on to support their systems didn't have--it had a risky strategy for Y2K in that the infrastructure that these other agencies depend on hadn't been thoroughly tested to determine that it would work. And they also had noncompliant products out there that they had notified others that they shouldn't use, but they hadn't removed them as we felt would be prudent in the circumstance. Last, we looked at the infrastructure, mainly telecommunications and the power grid, and we found that with the decentralization that has occurred in this industry, there are many players, if you will, that oversee segments of the infrastructure, but there was no centralized place that one could go to determine, you know, what's the progress on, say, telecommunications, or what's the progress on whether all the providers of power are fully ready to meet the new century. That concludes my summary, and I would be glad to answer any questions. Mr. Ose. We appreciate that. We're going to go ahead and have the other two testify and then we'll just take questions as a whole. Mr. Cordiner. Thank you. [The prepared statement of Mr. Cordiner follows:] [GRAPHIC] [TIFF OMITTED] T0954.050 [GRAPHIC] [TIFF OMITTED] T0954.051 [GRAPHIC] [TIFF OMITTED] T0954.052 [GRAPHIC] [TIFF OMITTED] T0954.053 [GRAPHIC] [TIFF OMITTED] T0954.054 Mr. Ose. I stand corrected. We would like you to give your testimony up here at the podium. This is Joan Smith, supervisor from Siskiyou County. Thank you for joining us. Ms. Smith. Thank you, Congressman Ose. Good morning. I want to thank you for the opportunity to provide testimony for the subcommittee with regards to the year 2000 readiness of local governments. I'm here today speaking on behalf of the Regional Council of Rural Counties [RCRC], which is an organization that represents 27 of California's rural counties. I would like to begin by thanking our distinguished congressional representatives for taking time from their busy schedules to be here in Sacramento today. A warm northern California welcome to all of you. The issues that we are addressing are of great importance to the communities represented by Congressman Ose and throughout rural California. There are only 140 days left before the year 2000, and we still have much work to do. The Y2K preparedness level of local government varies widely within the State of California. California has 58 counties, 471 cities, and over 2,300 independent special districts. Some are ready right now, but many, most, are not. Today's hearing is especially important because it concerns the readiness of public services their citizens come in contact with every day. Here's where the rubber hits the road for fire, police and the programs and services counties provide for children and families and the basic services that allow communities to function and the economy to grow. It is vital that the citizens in rural California have confidence that county services will still function and that there are realistic contingency plans should any systems fail. Recently, the General Accounting Office was asked to identify the Y2K status of key services provided by the Nation's 21 largest cities, as was testified here today. As of early July, America's largest cities report on average that they have completed 43 percent of the work that will be required for an uneventful transition to the year 2000. Information from the National Association of Counties estimate that only 27 percent of the more than 3,000 counties it represents nationwide have completed Y2K testing. Apparently, more than 2,000 counties have a lot of work to do in the next 140 days. Siskiyou County Y2K experiences. As was previously stated, I'm from the very top of the State, Siskiyou County. We border--we have a population of approximately 45,000 people, and we're located on the Oregon border, and we lie between the counties of Modoc and Del Norte. Siskiyou County began its year 2000 preparedness program in October 1998, with the formation of an interdepartmental task force. Mr. Chairman, I just wanted to let you know our Superintendent of Schools, Barbara Dillan does sit on our Y2K task force and they are working with us and bringing things up to date. This task force works to identify essential services for each county department, institute contingency planning, coordinate systems testing, test all essential communication systems by the manufacturer, ensure medical facilities have replaced essential equipment and have additional supplies available, create a coordinated response procedure for potential increase in medical response, including home health patients, address potential increase in law enforcement calls, conduct over 100 community awareness programs, develop planning information for all county departments, cities and special districts in our area. The county of Siskiyou has worked with our region's electric and telephone service providers to ensure that their systems will be fully functional. We are fortunate that our electric provider, Pacificorp, has completed its Y2K compliance testing. In fact, they have rolled their date forward. They are now in the year 2000. They managed to work out any bugs that they had, and we are still functioning in the year 2000 in our area. The Federal Department of Energy has advised us to prepare for the potential of a 2- to 3-day power outage during the first month of the year 2000. Siskiyou County has actively worked with other governmental entities in the community in the development and implementation of our Y2K preparedness plan to make the transition to the new year as smooth as possible. We believe that our hard work and advance planning related to the Y2K issue will leave us in good shape for anything that may come our way. The Regional Council of Rural Counties, in response to this hearing, commenced a survey to gauge the year 2000 readiness of our member counties of which you have a copy of the results before you. While this survey is only a snapshot of rural county preparedness, it does provide an interesting accounting of how local governments perceive they are doing. For your information, we have attached a copy of the survey and a computation. The first section of the Y2K Compliance Survey asked the rural counties to identify the systems they have checked and if and where any problems have occurred and identified. The responses indicated that they are actively checking programs such as 911 emergency systems, jail functions, data bases, billing/payroll, mobile data systems, communication infrastructure, wastewater treatment and a number of other systems. Several counties have checked and have made needed adjustments to 100 percent of their critical systems. Many of the counties responded they are not checking systems within their counties, that they are the responsibility of State, Federal or private entities. These systems would include rail crossings, mass transit systems and traffic control systems. However, most of the respondents are working with their telephone, electricity, and water suppliers to ensure that these operations are being examined. The county of Alpine responded that there are no public elevators in the entire county to check and that their 911 emergency services are provided by Douglas County, NV. The second area of the Y2K Compliance Survey asked the rural counties to note who they are currently working with to determine their ability to interface with other systems. They indicated they were working with State entities, cities, counties and special districts, schools and community organizations to test specific critical interfaces. The counties of Yuba and Shasta have expressed that they have worked closely with their health care providers. Only five of the counties say they have communicated directly with Federal entities regarding Y2K issues. There appears to be little district Federal-to-county technology interface, with most payment and communication systems being linked between the Federal and the State. The third section of the survey focused on risk assessment. Most of the counties have developed a formal year 2000 preparedness plan and have completed between 50 and 95 percent of the necessary compliance checks. The 15 counties in the survey assessed their combined current readiness is 73 percent. The counties of Lassen and Alpine indicated they do not have official year 2000 preparedness plans. Most of the counties stated that they are attempting to address the Y2K issues internally, and only two counties, Glen and El Dorado, have hired outside consultants to assist them with their effort. The responses show that 69 percent of counties currently employ a full-time information technology staff person. The last section asks the counties to indicate the amount and type of public outreach on year 2000 issues that they have conducted. The survey shows the counties have effectively utilized community forums, media presentations to businesses-- media--excuse me--presentations to business and social organizations, and public service announcements to communicate how they are preparing, especially to the elderly community. Many of the counties have developed a brochure or have posted information on their webpages to inform their community about Y2K issues. Merced County's website is located at 222.co.shasta.ca.us and Shasta County is www.co.shasta.ca.us. They are two very good examples. Before you is a copy of the Y2K Cookbook. This was developed by Merced County with the assistance of the State of California, the Department of Information Technology or DOIT, as we call it. In conclusion, for the past 3 years California's rural counties have invested hundreds of hours of staff time, replaced and upgraded hardware and software and have spent millions of dollars to prepare for Y2K. The survey and recent conversations with rural county Y2K representatives appear to indicate that most of the counties will be well prepared for any potential disruptions that may occur due to the changeover at the end of the year. As stated by several counties, the potential of losing services such as electricity or telephone service is not much greater than the possibility of a severe snowstorm, flood or forest fires, all of which we have survived. We strongly believe that no matter what, everyone should always be prepared in case of an emergency. That means having warm blankets, extra food and water, flashlights and backups for all systems containing program logic. There has been a fair amount of media attention focused on people acquiring survivalist property in rural areas, food and gas hoarding, and the impact of increased traffic on rural roads as people escape urban areas. These doom-and-gloom forecasts will potentially lead to additional impacts upon county services that will be difficult to assess. California's rural counties are looking forward to a smooth transition to the year 2000 and are working hard to ensure that our citizens and businesses will not be adversely impacted by the failure of any governmental-operated systems. Thank you. Mr. Ose. Thank you for joining us, Supervisor Smith. [The prepared statement of Ms. Smith follows:] [GRAPHIC] [TIFF OMITTED] T0954.055 [GRAPHIC] [TIFF OMITTED] T0954.056 [GRAPHIC] [TIFF OMITTED] T0954.057 [GRAPHIC] [TIFF OMITTED] T0954.058 [GRAPHIC] [TIFF OMITTED] T0954.059 Mr. Ose. Our last witness is Cathy Capriola from the city of Citrus Heights. Ms. Capriola. Good morning. On behalf of the Citrus Heights City Council and our community, I'd like to say thank you for the opportunity to participate in this congressional hearing. Citrus Heights is in a very fortunate position relative to the year 2000. As Congressman Ose knows, since he served on the Citrus Heights Incorporation Project and was president of that at one time, we are a newly incorporated city. We became a city on January 1st and opened our doors for business to the community in July 1997. So because of that and because of the kind of character of our community and the service delivery, we're in a far better position probably than most of our peer agencies. There are three reasons that we're somewhat of an anomaly with the year 2000. One is because we are a startup, so we have no legacy systems. All of our technology is new, and we have no custom applications that have been developed in-house through the years. We're just installing our local area network and are completing that and at this point have held off on purchasing any other specialized software until the year 2000 passes. We also have a limited scope of operations. Because we're not a full service city, again, as a newly incorporated city of 88,000, a number of special districts provide services to our residents. So those individuals in the area of parks and recreation and water retain the programmatic policy and the year 2000 responsibility. The third area that makes us a little different is we're a contract city, more like some of the southern California cities where we contract back to other jurisdictions and the private sector for services. Specifically back to Sacramento County that provides our law enforcement--very, very well, solid waste, and street and related infrastructure maintenance. So we're coordinating with Sacramento County and private firms that provide services for us and communicating with them. In terms of what the city has done--a complete inventory and prioritization of what we do have, and that's 98 percent complete. The systems we currently use require some remediation--and even with new technology there are still patches and tinkering that needs to occur. So, we will be completing that within the next 45 days. We're doing some community outreach. We'll be holding some workshops with our community in September and also working with our contracting agency, Sacramento County, et cetera, on emergency operations and some of our mission critical items. So overall, just to summarize, I think that for we as a city, timing is everything, and we became a city at the right time on this one. And we're in a very fortunate position. Just the way we're structured, being new, we're less complex in scope and smaller than all of our peers. I'd be happy to answer any questions. Mr. Ose. Thank you, Cathy. [The prepared statement of Ms. Capriola follows:] [GRAPHIC] [TIFF OMITTED] T0954.060 [GRAPHIC] [TIFF OMITTED] T0954.061 [GRAPHIC] [TIFF OMITTED] T0954.062 Mr. Ose. Now, as far as how we proceed from here, many of you have not participated in a congressional hearing. What we do is the chairman and I will direct questions at the witness and you're free to answer. If there is something you care to add to someone else's testimony, be happy to take that testimony. So with that, Mr. Chairman, would you like to proceed? Mr. Horn. Well, let me ask Mr. Willemssen, who has been a faithful attender at every single one of our field hearings for the last 3 years, what you heard this morning, how does that fit in with other things the General Accounting Office has looked at in other areas and States? And are we missing something here that we should ask about, and what do you think it is? Mr. Willemssen. One area that you might want to pursue with some of the witnesses, I realize the State IT director is no longer here, but I heard touched on very briefly but you may want to pursue a little more, testing of data exchanges with other organizations. Many of the witnesses talked about where they are at with their own systems and they are making great progress; but as you know as well as anyone, the testing of data exchanges is especially critical to make sure that there aren't any disturbances that affect the systems outside of your control. And I think your question earlier to the State Director on the education side again points to that. I know that Secretary of Education has expressed great disappointment with the low number of schools who have opted to test their data exchanges with the Federal Department of Education on loans and grants. And I think that it would be worthwhile for California, among other States, to begin looking at how well their postsecondary schools are actually doing in the testing of those exchanges, because my understanding is nationally it still remains a very low number who have taken advantage of it. Mr. Horn. I think you're correct. I wrote a letter to the Secretary of Education Riley about a month and a half ago. I don't think we have an answer to it yet, but our feeling was given the lack of money in many school districts and the smaller ones along the Pacific Coast where you've got a lot of rural schools still, and I'm proud to say I went to one, I thought I got a great education, but the fact is this takes money. And I think I told him to make an estimate for us and see what's needed and would they administer the program. Mr. Willemssen. The other thing I might add, Mr. Chairman, is taking a look at the California State Auditor's Report of February 1999, I thought that raised some good issues. The question, if I were in your chair that I would want to ask, is what their plans are for upcoming review, if they have an audit or report that is due to be issued so there could be some check on the statements that were made by the State director of IT. Mr. Horn. What plans does the State Audit operations have? Mr. Cordiner. The way our office operates, we do audits at the request of Joint Legislative Audit Committee and thus far they have not asked us to do any further work in this area. However, based on our prior reports, we do get periodic updates on the progress of our recommendations and whether they've been implemented or not; and insofar as that goes, a lot of what Mr. Cortez said we're encouraged by, the planning that has gone into this. And the new administration, obviously they've dedicated considerable resources. We're still somewhat concerned, however, in that the last quarterly report that was generated by the Department of Information Technology which came out in July indicated while a number of agencies that are deemed critical agencies that have programs that are highly necessary for Californians and that they depend on have progressed, they're still--one of the things that is measured and you were concerned earlier with was, ``Well, how much independent work has been done?'' Now, clearly there has been independent work done on assessing where they are currently at to get a measurement, but another part of DOIT's planning is to have an independent verification and validation of those very critical systems to see, ``OK, they are ready for the date change.'' That has not occurred in any of the ones that are listed on the website, to my knowledge. And so there is still a concern in that area. In addition, we had recommended in our February 1999 report that particularly for critical programs that business continuation planning be done by June 30, 1999 which mirrors industry standards so that there's enough lead time for those that require hiring additional staff or whatever the work around is going to be for that to occur. In addition, to be able to test that plan to see if it's viable. And we saw again in the last quarterly report that those plans are being requested. They drafted them in August and the final in September, and now I see in the prepared comments that that date has slipped even further, and so they are looking for one that's been fully tested in October. Well, if they fall short of the mark, that's pretty close to an immoveable date. So we've got some concerns in that area. I failed to mention in my statement because of the time constraints that one of the issues we looked at in the February 1999 report was also to survey every State agency that was in the Governor's budget. 140 of them are responsible for 460 programs. We found that for two-thirds--nearly two-thirds of the programs or the systems supporting the programs they operate, one or more critical steps wasn't completed at that point in time, which was December 31, 1998, and that nearly one-half of the agencies did not have business continuation plans. Mr. Horn. You're absolutely right. In terms of verification approach, and I wondered if as the welfare system in the State with the Federal billions and the State billions and then the county welfare in 58 counties, what is the interconnection there between the smaller welfare groups like San Benito and San Luis Obispo? Mr. Cordiner. As far as the Y2K exposure, a lot of it is the interface that Joel mentioned earlier. It's critical both upstream and down for State agencies to be able to seamlessly communicate with both the Federal, local and outsiders. Say, Medi-Cal, for instance, has third-party providers. It's a tremendous amount of interface that goes on. Mr. Horn. Has much of that been tested, to your knowledge? Mr. Cordiner. To my knowledge, the quarterly report--in fact, I looked at the appendix that was attached to that that lists every one of the departments, and some indicated that they completed testing, or at least say they have, or an independent party says they have without the independent verification of it that they have tested their data exchange. For others, that information was not included, when we've known based on our past work that these systems that didn't indicate anything about data interchange do have that. So I don't know what the status is, to tell you the truth. Mr. Horn. This question isn't necessarily on the year 2000, but it's a computer question, and that's the deadbeat dad situation. In Congress we had to get an exemption for California because you would have had a lot of money taken away since I think--what is it--about 24, 25 counties don't like the L.A. system and wanted their own system, and where are we on that? Mr. Cordiner. The current status on that--it's fortuitous you ask. I was on that. We just released an audit report on the 5th on that. What California tried to do is create a consortia which would have been a link--four systems, including Los Angeles, would have been linked together, and that would have been the State's plan to develop a statewide automated child enforcement system. That was recently rejected. That plan was rejected at the Federal level. We are now back to basically square one where the Health and Welfare Data Center which is responsible for developing the IT solution for this program has awarded four different contracts to vendors to come up with a design. The winner of that will be given a future contract to develop or replicate an existing system for California to use. So we're--in my mind, we're years away from a statewide automated system. There are systems in use out there, and the ones that we visited, most of them are Y2K ready now. Some weren't and they were migrating to other systems that were. Mr. Horn. Thank you. Mr. Ose. If I may follow up on something, Mr. Cordiner, in your testimony you talked about noncompliant products being used I believe at the Teale Data Center? Mr. Cordiner. Correct. Mr. Ose. After the Teale data operator advised everybody not to use those same products, and my question is whether or not we're still using those noncompliant products? Mr. Cordiner. Based on their last response to our audit, those have been--they are in the process of removing them. Mr. Ose. That was the critical question, whether they complied with their own recommendation. Second, if I might, I know that the director of--I like the acronym DOIT--the director of DOIT testified about the independent verification validation, but in your opinion, are those truly independent? Mr. Cordiner. We haven't really reviewed--I know they had established a prequalified pool of vendors that could meet the need. We didn't really look at that process and we haven't really evaluated what's being done in the IV&V to determine that. The answer to that question, I would hope that they are. And I think you know this isn't about pointing a finger. Mr. Ose. I understand. Mr. Cordiner. And I think Mr. Cortez is sincere in wanting this to be done the best possible way. So with that in mind, I'm confident that those people are doing a good job. Mr. Ose. Do I understand that your charge to do an audit follows a request? In other words, you cannot move independent of having received a request either from the Governor's office or the Legislature? Mr. Cordiner. That's correct. Mr. Ose. OK. Mr. Horn. If I might ask one more question. Mr. Ose. Certainly. Mr. Horn. One question comes to mind, having read in The Sacramento Bee this morning makes me ask this, a 15-year-old that knifes and kills a woman older than him, and he's out as a juvenile and should have been locked up earlier. And that gets down to what's happening in a number of States when they checked for 2000 conformity, they found their jail/prison security systems are opening the doors sometimes. And unless they check that, you're going to have a real problem. I wondered in terms of the sheriffs and State and if the audit team has gone into any of that? Mr. Cordiner. We--in our last audit, we looked at the Department of Corrections and we looked at two specific systems. One was where the prisoners were at. You know, their status, reporting status. We found that to be OK. The other was an imbedded chip issue with the electrified fences that encompass 23 of 33 institutions. They still had work to do on those, so there was no assurance that those work as intended. It's my understanding that Mr. Cortez had a group of independent contractors go out and see where that was at, but I see on his website that Corrections still is designated with a pink, which is a high-risk element associated with their ability to be ready at the appropriate time. We were assured, however, during hearings that Corrections has backup systems to those electrified fences whereby if push came to shove they would have 24/7 guards in the towers. So hopefully we can sleep a little bit better knowing that. Mr. Horn. Yeah. Interesting. Mr. Ose. Supervisor Smith, the question I have is given the nature of my district, seven of my eight counties are effectively rural, what are the unique challenges that the rural counties are facing? Have we been helpful? Has the State been helpful and what can we do to assist solving those problems that are unique? Ms. Smith. Well, Congressman, as I had mentioned, we have the Y2K Cookbook which the State did assist in; and going on line, I believe, is very helpful with the smaller counties that don't have the ability to hire the technology. In Siskiyou County we're fortunate that we do have a technology staff, if you will. Small, but they've been helping us with what our Y2K task force has come forward with. I was surprised to see the small amount of interface with the Federal level. So most of our interface comes up at the State level. So we are working with the State. What our biggest challenge right now is I think we've gone in internally and we've done our planning there, but I believe what our biggest challenge is and what we're in the process of doing is getting out to the public. We're going into the smaller communities. We're finding that we're getting calls on a daily basis from the elderly community who are very concerned and frightened, ``What if the electricity goes out?'' It's very, very cold in Siskiyou County in January, and they are concerned about heating and about telephones. So we're getting out to the public. We're telling them what we've done. We're also advising them to have--as I had mentioned in any emergency, to have things on hand in case of an emergency: Warm blankets, extra food, extra water, for at the most a 2- to 3-week period, but we're saying 2 to 3 days as has been advised, I believe, by the State and Federal Government. I think that having some funding available which I believe the State has some available, I'm not sure at the Federal level, it's very helpful for some of the smaller counties. As you know, the budgets are very restrictive in the smaller counties and we don't have a lot of extra money, although Siskiyou County has been in the process of replacing a lot of our computer system and we have spent probably half a million dollars doing that and we will probably be spending another $100,000 between now and the end of year in replacing the things that we have to. We are also are hoping we will be up and ready to go by at least October because, as Mr. Cordiner said, in October there is not a whole lot extra you can do at that time. Most of the counties--I was surprised and pleased to see that most of the counties are addressing this issue. I think that in the area--many of the areas that has not been addressed are the very small areas such as the service districts and small water companies and we're working very hard to work with them. It would be nice if the State would help us with that and the Federal Government, Because they just don't have the staff to do it nor the money, and those are the areas that we're concerned about. Mr. Horn. If I might, Mr. Chairman, without objection, I'd like to see the Merced document entered into the record in full. Mr. Ose. Without objection. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T0954.063 [GRAPHIC] [TIFF OMITTED] T0954.064 [GRAPHIC] [TIFF OMITTED] T0954.065 [GRAPHIC] [TIFF OMITTED] T0954.066 [GRAPHIC] [TIFF OMITTED] T0954.067 [GRAPHIC] [TIFF OMITTED] T0954.068 [GRAPHIC] [TIFF OMITTED] T0954.069 [GRAPHIC] [TIFF OMITTED] T0954.070 [GRAPHIC] [TIFF OMITTED] T0954.071 [GRAPHIC] [TIFF OMITTED] T0954.072 [GRAPHIC] [TIFF OMITTED] T0954.073 [GRAPHIC] [TIFF OMITTED] T0954.074 [GRAPHIC] [TIFF OMITTED] T0954.075 [GRAPHIC] [TIFF OMITTED] T0954.076 [GRAPHIC] [TIFF OMITTED] T0954.077 [GRAPHIC] [TIFF OMITTED] T0954.078 [GRAPHIC] [TIFF OMITTED] T0954.079 [GRAPHIC] [TIFF OMITTED] T0954.080 [GRAPHIC] [TIFF OMITTED] T0954.081 [GRAPHIC] [TIFF OMITTED] T0954.082 [GRAPHIC] [TIFF OMITTED] T0954.083 [GRAPHIC] [TIFF OMITTED] T0954.084 [GRAPHIC] [TIFF OMITTED] T0954.085 [GRAPHIC] [TIFF OMITTED] T0954.086 [GRAPHIC] [TIFF OMITTED] T0954.087 [GRAPHIC] [TIFF OMITTED] T0954.088 [GRAPHIC] [TIFF OMITTED] T0954.089 [GRAPHIC] [TIFF OMITTED] T0954.090 Mr. Horn. I think it would be helpful for people in the hearing. Mr. Ose. In case anybody would like to see what that looks like, it's the yellow book, actually pretty attractive. If you can get a copy and pass it to your colleagues, that would be great. But it will be entered into the record. Ms. Smith. We do have a few extra copies available, and it's also on the website--on the Merced website, the www.ca.merced.--wait a minute. Mr. Ose. www.co.merced.ca.us. Ms. Smith. Thank you. Mr. Ose. As far as the newest, largest city in the State, that means Citrus Heights, is it just happenstance that brings you to the fortuitous position you are, or are there things you've done in particular that we could share with other municipalities as far as an effort to be Y2K compliant? Ms. Capriola. As I mentioned in my testimony, I think it is the timing. We don't have old systems. We don't have legacy systems that we're trying to create or bring up to date. In some ways it's an enviable position that we're in. And I would wish it upon everyone. But I think we've also learned from our colleagues who have gone through the process that's been articulated by State and Federal guidelines in terms of what we should be trying to do in trying to work with those service providers, Sacramento County and private firms that do provide a great deal of services for us, to make sure that the service delivery continues. The one good thing, I think, that is coming out of year 2000 is that it's an opportunity for every organization to kind of step back and review what their technology systems are and it's kind of this crisis that's pushing us to get rid of some systems that need to be moved on; but change is hard, as we know, especially in large organizations. So I actually think that out of every crisis, including this one, there are very good things that are happening to our governments and to--so we become more entrepreneurial with better services and systems coming out at the end, though the process is painful and expensive. Mr. Ose. Do you have anything else to add, Mr. Chairman? Mr. Horn. Well, you're absolutely correct, and we've raised that question often in the hearings and a lot are doing exactly what you're doing, and that's the right thing to do. You can get rid of a lot of them or combine them or whatever, and this is the chance to do it. Mr. Ose. Well, I would like to express the appreciation of Chairman Horn and myself for the testimony of the witnesses this morning. I know some of you have come quite a distance. We appreciate you participating. We're going to stay on this. One thing I hear everybody talking about is the interrelationship and the interdependencies between the Federal, State, and local, you know. We're kind of in this together so we need to keep working together. So I again thank you. With that, Mr. Chairman, I'd like to bring the second panel down. Thanks for coming. Second panel is--we're going to take a short break here, but the second panel is Garth Hall with PG&E, Mike--is it Petricca? Mr. Latino. It's Tom Latino. Mr. Ose. OK. It's Tom Latino with Pacific Bell, Roy Le Naeve and Steve Ferguson accompanied by Carol Hopwood. These will be largely utilities and service providers at the local level. So having heard from the State and local government, now we're into a new group. Now I need to again swear everybody in. [Witnesses sworn.] Mr. Ose. Let the record show that the witnesses answered in the affirmative. So, again, what we'll do here is we'll take testimony from the witnesses in total, and then come back with questions. We do request you go to the podium provided. And with that, Garth you're first. This is Garth Hall with PG&E, the manager of their Y2K project. STATEMENTS OF GARTH HALL, MANAGER OF Y2000 PROJECT, PACIFIC GAS AND ELECTRIC CORP.; TOM LATINO, PUBLIC SAFETY DIRECTOR, PACIFIC BELL, APPEARING FOR MIKE PETRICCA; ROY LE NAEVE, SENIOR PROJECT MANAGER, Y2K READINESS PROGRAM, SACRAMENTO MUNICIPAL UTILITY DISTRICT; STEVE FERGUSON, CHIEF OF INFORMATION TECHNOLOGY, COUNTY OF SACRAMENTO, ACCOMPANIED BY CAROL HOPWOOD, EMERGENCY MANAGEMENT, COUNTY OF SACRAMENTO Mr. Hall. Mr. Chairman, members of the committee, I really appreciate the opportunity on behalf of PG&E Corp. to talk to you today. I represent the corporate program office across all the lines of business nationwide. You know PG&E, the utility. But the businesses nationwide, I assure you, have adopted and followed the same standards across the board that we have applied in utility, and I have been responsible in ensuring all of those things. I know that is of interest to you because of your national interest, but I will now focus up on the utility because that is the scope of the California hearing today. Our program, of course, covers all of the elements that have traditionally been discussed and some of which you heard of today: The inventory process, the analysis process, the remediation, the fixing process, the testing, finally the certification process, and then the very important contingency planning process. All of those elements are very, very far along across our corporation and in the utility as well. In July, we were very pleased to report to the North American Electric Reliability Council, which has received a charter from the Department of Energy, that we--for all the electric delivery systems in the utility--we are ready. So that means that anything that has to do with delivery of power to the consumers, we have assessed, we have fixed, we have tested, and we have certified. That includes, also, the power generation plants, the hydro and the fossil power plants that we still own, understanding, of course, that we have sold many lately. So all of those that we own in those domains are included in that. So that should be of enormous relief to those who have concerns about power, and we heard some of those reflected today. In addition to that, we are very, very far along in the nuclear power area. We are down to less than 1 percent of items still in testing in the gas supply area and in the nuclear generation area at Diablo Canyon. There are very, very few, fewer than a handful of things, left in testing and certification of all those is expected in September. By November 1st, the California Public Utilities Commission requires us to file a written certification as to our state of readiness across all of our departments and functions in the utility. And we fully expect to file at that time that we are ready across the board, that everything is tested, certified and is ready. Even though we are very confident about all of these things, we have also taken contingency planning very seriously. Every one of our mission-critical business partners, suppliers and government agencies has a contingency plan developed by us. In other words, for each one of those entities that we depend on to a strong degree for our ongoing continuation of business, we have already developed a contingency plan. Even when we are fairly confident, as with Pac Bell and many of the others that are represented today, that the service will be there and reliable, we still have developed a contingency plan. In addition to that--at a higher level--we have developed business recovery plans that are really just continuations of our standard business recovery planning. As everyone would appreciate, we face storms, earthquakes, floods, during which power outages and gas line interruptions can occur. Our organization, having been trained and practiced in response to those, is the same organization that would have to deal with any type of high-level disaster whether driven by storms or Y2K or anything. Even though the probability of those may be very, very slight, we have drilled those internally twice in the utility now, making sure that everybody understands what they would have to do; and we have participated in one nationwide drill in April, organized by the North American Electrical Reliability Council, and we will do that again on September 9th. We also recognize the importance of communicating our readiness out to the community, have met with over 100 various customer groups, including Hewlett Packard, Wells Fargo, Shell Oil, the Woodland Chamber of Commerce, many city councils, many county boards of supervisors, water agencies and trade groups. We will continue to do that. We understand the importance of communicating our readiness so people understand and have advice on how they should prepare. That's going to be an ongoing process for us. With those remarks, I thank you again for the opportunity. Mr. Ose. Thank you, Mr. Hall. [The prepared statement of Mr. Hall follows:] [GRAPHIC] [TIFF OMITTED] T0954.091 [GRAPHIC] [TIFF OMITTED] T0954.092 [GRAPHIC] [TIFF OMITTED] T0954.093 [GRAPHIC] [TIFF OMITTED] T0954.094 [GRAPHIC] [TIFF OMITTED] T0954.095 [GRAPHIC] [TIFF OMITTED] T0954.096 [GRAPHIC] [TIFF OMITTED] T0954.097 [GRAPHIC] [TIFF OMITTED] T0954.098 [GRAPHIC] [TIFF OMITTED] T0954.099 [GRAPHIC] [TIFF OMITTED] T0954.100 [GRAPHIC] [TIFF OMITTED] T0954.101 [GRAPHIC] [TIFF OMITTED] T0954.102 [GRAPHIC] [TIFF OMITTED] T0954.103 [GRAPHIC] [TIFF OMITTED] T0954.104 [GRAPHIC] [TIFF OMITTED] T0954.105 [GRAPHIC] [TIFF OMITTED] T0954.106 [GRAPHIC] [TIFF OMITTED] T0954.107 [GRAPHIC] [TIFF OMITTED] T0954.108 [GRAPHIC] [TIFF OMITTED] T0954.109 [GRAPHIC] [TIFF OMITTED] T0954.110 [GRAPHIC] [TIFF OMITTED] T0954.111 [GRAPHIC] [TIFF OMITTED] T0954.112 [GRAPHIC] [TIFF OMITTED] T0954.113 [GRAPHIC] [TIFF OMITTED] T0954.114 [GRAPHIC] [TIFF OMITTED] T0954.115 Mr. Ose. Mr. Latino. Mr. Latino. Good morning. My name is Tom Latino and I am director of the Public Safety Organization for Pacific Bell. I appreciate the opportunity to update you on SBC's readiness for the year 2000, and I'm happy to say that we have some great news to share. The bottom line is that when you pick up the phone on January 1st of the year 2000, our network will be ready to serve you just as it always has and so will the wireless, data, Internet, and other services which we provide. We spent nearly 4 years preparing for this issue. As of June 30th virtually all necessary upgrades have been completed. A very few upgrades are scheduled to be completed by September. As we wrap up these upgrades, we will continue to focus on testing and finalizing our business continuity plans. All of our services will be tested and retested in simulated year 2000 environments prior to January 1st. Our testing efforts also go well beyond our own network. SBC is working with the Alliance for Telecommunications Industry Solutions to test our services in conjunction with other communications companies and other industries. As a matter of fact, ATIS recently announced the successful completion of a Y2K test involving communication networks serving the credit card and financial industries. SBC and other communication carriers had no difficulty in transmitting financial data in a simulated Y2K environment. We have also worked closely with Telco Year 2000 Forum, which in December completed tests showing that local networks are prepared to provide uninterrupted service. This internal and third-party testing provides further evidence that Y2K will be a nonevent for our customers. And while we strongly believe that that will be the case, we also recognize that factors outside of our control could potentially impact our services. To further ensure continuous quality service, SBC is enhancing its business continuity plans to prepare for Y2K contingencies. These plans are an extension of Southwestern Bell's existing procedures for providing service in the event of an emergency or natural disaster. As part of these business continuity plans, SBC will increase staffing at customer support in business centers during peak periods leading up to and including the New Year's holiday weekend. We also are establishing command centers throughout our service territory to ensure a smooth transition to the new year. As you can tell, Y2K readiness has been a very big job. All told SBC has spent $200 million to prepare for Y2K. SBC's Y2K project management team is led by an officer of the company, and each of our major business units have dedicated Y2K coordinators responsible for managing year 2000 issues within their organization. To keep our customers up to date on our progress, SBC's Y2K team maintains a comprehensive website with the latest information available. Anyone looking for detailed information on our Y2K readiness can access the Preparing for the Millennium Section of SBC's website at www.sbc.com. The site includes a selection that allows you to check on the readiness of the central office switch that serves your community. You can also register at the website to receive a copy of SBC's final readiness report. Thank you again for the opportunity to provide this update. Mr. Ose. Thank you, Mr. Latino. [The prepared statement of Mr. Petricca follows:] [GRAPHIC] [TIFF OMITTED] T0954.116 [GRAPHIC] [TIFF OMITTED] T0954.117 Mr. Ose. Next Mr. Le Naeve. He's the senior project manager for the Y2K readiness program at Sacramento Municipal Utility District. Mr. Le Naeve. Good morning, Mr. Chairman, members of the committee. I am Roy Le Naeve, the senior project manager for the Sacramento Municipal Utility District's Y2K program. I thank you for the invitation to speak here today. Sacramento Municipal Utility District, commonly referred to as SMUD, is a community-owned utility that services approximately a half million customers. We are the second largest community-owned utility in California and the fifth largest nationally. SMUD has 11 generating facilities with a maximum generating capacity of 1140 megawatts. Our purchase requirements ranges from zero to 1500 megawatts with largest purchases generally occurring during the summer months. Our customer base includes some very influential entities such as the county seat, the Sacramento County, a major State prison in Folsom--Mr. Horn referred to prisons earlier--the California Independent System Operator located headquarters and their control center in Folsom, the Western Area Power Authority, also headquartered in Folsom, the Office of Emergency Services for the entire State of California, and the residing body and support locations for the State of California. We clearly recognize and strive to meet our serious responsibility to provide a high quality of dependable and reliable power to our customers. At the outset of the Y2K project, SMUD recognized and respected the public's concern. We also understood that in spite of any eventual successes of overcoming the threat of Y2K problems, if those successes were not credibly presented to the public, a sense of personal concern would continue. Consequently, as our project was put together, the task of communicating openly and frequently to our customers and the public at large was placed very high in our project plan. This has been achieved through a variety of processes such as news events, community forums, special media presentations, key account presentations, bill inserts, and the SMUD website. We believe the word is getting out. Over the last 6 months we have seen a noticeable drop in what was previously widespread Y2K anxiety as SMUD is receiving less and less requests for Y2K information. We formalized our Y2K project in the late part of 1997 by inventorying all the items in the district that may be subject to Y2K anomalies, or the bug as you've heard of them. At the end of the inventory we placed each item in two major categories: mission critical and nonmission critical. To date, we placed and prioritized more than 1,500 items onto the Y2K vulnerable list. Each of SMUD's inventory items have received reviews, evaluations, and in the case of mission critical items, serious testing. As of this date there are 35 items remaining on the list for disposition and currently undergoing remediation. SMUD has plans to remediate or replace all the outstanding items by October 1st, 1999. SMUD's Y2K efforts have enabled it to declare all of its 11 generating facilities Y2K compliant. The year 2000 compliance for SMUD means that all mission critical systems have been tested for proper operation through the 1999 year and into the year 2000 timeframe. Further, where remediation actions were required, appropriate actions were taken. The systems were retested and no reasons are known to us that would preclude the system from performing into the year 2000. To date, all the generation and distribution systems have undergone vigorous test requirements and they have been declared Y2K ready with minor exceptions by the North American Reliability Council. The exceptions deal with nongenerating requirements. For example, affluent meters are very important to us but are not important for the sake of producing electricity. As a point of interest, the meters in question had been made compliant and will be installed in our system prior to October 1999. Our Y2K project has received the highest possible organizational oversight from executive management. As the Y2K project manager, I report on a weekly basis to an executive sponsor. On a monthly basis I brief and receive guidance from the entire SMUD executive team. Additionally, I brief and receive policy direction from our entire board of directors on a monthly basis. This practice is scheduled to continue well into the year 2000. As Americans we enjoy the best and most reliable electric service in the world. While each utility plays its respective role, the high service reliability is achieved because of a network of utilities that have joined together to work together. The North American Electric Reliability Council promotes the reliability of the electric supply for North America and it oversees our Y2K activities. Over the past months we have worked with NRC and the utilities to be ready to respond. In April we exercised all of our national and local communications capabilities to ensure that we could talk to each other under degraded communications capabilities. The next national exercise is scheduled for September 9th. The exercise is scripted to be a dress rehearsal for the night of rollover. We anticipate that much will be learned concerning our posturing activities in preparation for the new year. In summary, SMUD offers no guarantee. We do a test. We have searched, evaluated, tested, reevaluated every vulnerable item known to us, and we're unaware of anything that would keep the lights from burning as bright on the night of rollover as they do today. Thank you. Mr. Ose. Thank you, Mr. Le Naeve. [The prepared statement of Mr. Le Naeve follows:] [GRAPHIC] [TIFF OMITTED] T0954.118 [GRAPHIC] [TIFF OMITTED] T0954.119 [GRAPHIC] [TIFF OMITTED] T0954.120 [GRAPHIC] [TIFF OMITTED] T0954.121 Mr. Ose. Mr. Ferguson from the city of Sacramento. Mr. Ferguson. Thank you very much. My name is Steve Ferguson. I'm CIO information officer for the county of Sacramento. Mr. Ose. Excuse me. Mr. Ferguson. On behalf of the county Board of Supervisors, I wish to welcome your committee and all of the witnesses today to our community. On the Y2K issue, the county began addressing its Y2K issues back in 1995. In 1995 we formed a Y2K steering committee consisting of county executives and key business players. We began a formal assessment of our status risks and remediation alternatives at that time. Our Board of Supervisors has taken a very strong interest in this issue. They have made it clear to us that they expect to be informed on how the county is doing. In response to that, our first comprehensive assessment report was made to our Board of Supervisors in June 1998. Subsequently, we have updated the information of that report in February and the first part of this month. The Board has asked we give them a final readiness report in December 1999. I thought I would take a few minutes to review a few of the key points that we've given to our Board that were identified in that report. The county of Sacramento plans to spend over $60 million in remediation of Y2K. While that may not be impressive at the Federal level or State level, it certainly represents a sizable investment for this community. There have been some big benefits out of that. No. 1 is we have used that investment. We have leveraged that investment to provide a technological foundation for the county's future. This foundation will help us provide better and more efficient community services in the future. For example, we've upgraded our networks that will allow us to engage in e-commerce. We have upgraded our applications that will allow us to more interactively interact with our citizens in foreign e-government, and the IT work forces have had the opportunity to learn new skills. The county is planning for a number of Y2K-related activities. We've been discussing some of the business continuity issues. We're also aware as provider of local services to a large community that we have public safety issues that have to be dealt with as well. We are planning the operation of a joint emergency operation center with the city of Sacramento over the millennium change, and we are planning numerous table-top exercises to prepare for what we expect to be a high level of activity due to celebrations around Y2K. We also realize we have a responsibility to communicate readiness to our citizens and our county public information officer has been very active in preparing a countywide public information campaign. We've shared with our Board a number of concerns about our readiness in Y2K. I thought I'd just summarize those quickly for you. The first area of concern is the Family Support Bureau of child support issues. A recent failure in the State project has put the county at risk. We do not have time to remediate legacy systems in that area. However, plans are under way to implement a system, one of the four consortiums that was mentioned by your earlier testimony in the child support area, and that's planned to go live in November of this year. Embedded chips, as others have mentioned, have been a major concern. The county operates numerous facilities from clinics to crime labs to jails and the airport, and we have been making major inroads in the testing and remediation of those types of issues. We believe most of that has been corrected and it will be operational through the millennium. In the public safety arena, we've identified Y2K problems in our criminal justice systems. Pleased to report that just last month the Y2K readiness system went on line. The Sheriff's Department has identified Y2K problems with their computer- aided dispatch. They are now in the process of contingency planning should that system fail. These problems, as I mentioned, are being addressed and we will continue to keep our Board informed on progress. A final area of concern that other members--other witnesses today have touched upon is the area of State interfaces. The county of Sacramento relies heavily on communication with the State of California. Myself and other CIOs throughout the State have expressed concerns repeatedly over the last few years about this, and I want to express my appreciation to Mr. Cortez, who has taken our concerns to heart and the State has renewed its focus in assisting counties in testing and working on those interfaces. Again, thank you very much for the opportunity to testify today on behalf of Sacramento County, and we hope that your visit to the area is enjoyable. Mr. Ose. Thank you, Mr. Ferguson. [The prepared statements of Mr. Ferguson and Ms. Hopwood follow:] [GRAPHIC] [TIFF OMITTED] T0954.122 [GRAPHIC] [TIFF OMITTED] T0954.123 [GRAPHIC] [TIFF OMITTED] T0954.124 [GRAPHIC] [TIFF OMITTED] T0954.125 [GRAPHIC] [TIFF OMITTED] T0954.126 [GRAPHIC] [TIFF OMITTED] T0954.127 Mr. Ose. Mr. Chairman, would you like to proceed? Mr. Horn. Wonder if Mr. Willemssen could join us at the table. He's our all-around expert in Washington for the General Accounting Office. It's part of the legislative branch. Mr. Ose. Without objection. Mr. Horn. We always like to hear what he says. He's been to I don't know how many States now, but if he's putting pins on them, I think he will hit about 50. Mr. Le Naeve. Does he have easy questions? Mr. Willemssen. Sometimes. Mr. Ose. It's the answer we're after, Mr. Le Naeve. Mr. Horn. Go ahead. What's your reaction now? You've heard the whole second panel, you've heard the first panel. Mr. Willemssen. I thought you might want to followup on a couple of things that Mr. Hall and Mr. Le Naeve pointed out just to confirm the August 3rd, 1999 report of the North American Electrical Reliability Council does identify Pacific Gas & Electric as Y2K ready and does identify Sacramento Municipal Utility District as ready with limited exceptions, as was testified to. The report also notes 84 percent of the Y2K programs of all these bulk electrical suppliers have been audited and reviewed, some of them by internal auditors, some by external reviewers. It does not identify which ones have had those kind of reviews. You may find it useful to ask the witnesses today if they've had independent verification and validation reviews and if those reviews are--the reports of those reviews are publicly available. Mr. Horn. That's a good question. I also would wonder, on that report by the council, is there any difference in terms of the state of analysis and surety between the nuclear and nonnuclear reactors. Mr. Willemssen. There is a distinction made, and I believe the latest data on nuclear facilities indicates that there are approximately 35 such facilities that still have some exceptions that are being aggressively dealt with. Mr. Horn. Because you know the Nuclear Regulatory Commission has told us they were going to do a 10 percent audit. We objected and said, ``Why don't you do 100 percent?'' And they objected, and said, ``You don't understand what we're doing.'' And I said, ``Fine. Put it in writing.'' I don't think I've still heard from them in writing. It helps hone the mind when you get them to put it down on paper, but I was curious what's happening in that area. You heard the question. I just wondered if you have any thoughts in response to Mr. Willemssen's point. Mr. Hall. Let me speak for PG&E. On the August 3rd report by the North American Electrical Reliability they were correct, in referring to PG&E, that they reflected our report to them that our electric delivery systems were totally ready. In other words, our systems are tested and certified. The question about Diablo Canyon, which is our nuclear power plant, I'll just focus on that. That's 1 of the 35 that were reported to the Nuclear Regulatory Commission as having limited exceptions. It has one, and that will be in place and certified by September. The NRC, of course, is watching things very closely, and we are very diligently working with them. In terms of audits, the NRC, in terms of the contingency planning arena, selected six plants nationwide, to my best knowledge, one of which happened to be Diablo Canyon. Diablo Canyon was audited by the NRC very exhaustively in terms of its readiness for handling emergencies in terms of contingency plans, and we have the report on that. That was very favorable. To my best knowledge, it's available to the public at the NRC's website. It's a publicly available document. If I missed anything, please followup. Mr. Horn. Anyone else like to comment on Mr. Willemssen's question? Mr. Le Naeve. I would just comment about the auditing of our project. Our auditing department works specifically and directly for the general manager which bypasses about 10 levels of the bureaucracy, if you will. There are three full-time auditors that I call them the truth sayers. They don't work for me, which means that they make me tell the truth. Two of them are SMUD employees, and the other is an outside auditor. In terms of being ready with exceptions, the rules are always a little sticky. Our plants, as I have testified, are very capable tonight to generate everything that it's supposed to generate. The meters, they're affluent monitoring meters that we need that data in order to report the types of pollutants that are going into the air and they meet with Federal standards and State standards but they have nothing to do with the generation capability. Mr. Horn. Any other thoughts, comments, anything else from the General Accounting Office? Mr. Willemssen. I felt one thing that you have asked at prior hearings and especially in terms of counties is when they had actually started their Y2K efforts. The year that the county started in 1995 is generally much earlier than what we've heard in other jurisdictions throughout the country, so I think that's worth noting. I also think it's worth noting what the county mentioned in terms of its plans for additional table-top contingency plan exercises, no matter what good of shape they are in because so much is outside of their control, I think that is a worthwhile effort to pursue. Mr. Horn. I guess I'd ask this panel, what is the sort of continuity and fallback plan that you have? For example, the Federal Government when we ask them, ``Where were your contingency plans?'' And most of them said, ``Oh, we're depending on the U.S. Postal Service.'' So we held a hearing with the United States Postal Service, and it turned out they didn't have a contingency plan. So if something is falling through the cracks, how do we solve that problem with the utilities? Mr. Hall. Did you want to go first? Mr. Le Naeve. In our case we are mandated by NRC. If not just a prudent action, we have contingency plans that takes into account our worst-case scenario as well as our worst- probable scenario and those contingency plans basically means we operate our system manually and we exercise accordingly. But to my knowledge, we have a contingency plan for just about any eventuality, not the least of which is Y2K. In the case of Y2K, we certainly don't expect any structural damage, which is what we typically have during storms. So I believe, speaking certainly for SMUD, we have contingency plans in place and we exercise them. Mr. Hall. As far as PG&E, in addition to the remarks I made during my testimony about that, over the New Year weekend for a period of 4 days solid, we will be activating to the highest level of preparedness our emergency operation centers, which really places additional staff operating people in the field and at all key places and at the central location. Even though we don't expect anything to happen, we want to make sure everybody is prepared and ready, and the preparedness of those people goes very deep in terms of the activities they would have to undertake. It also does include, by the way, invitations and close links with OES, Office of Emergency Services, directors from the counties and from the State who are tied into our distribution emergency centers. And so are the police force and fire station links. That's where the linkage occurs. So the good part of this is for emergencies unrelated to Y2K, those practices and infrastructures and procedures are in place. What we're doing with Y2K is just bringing them up to a level where everybody is there, ready, in case anything happens, which we do not expect. Mr. Horn. Well, it's like Jeopardy. You answered the question before I asked it. I'm curious because in some States we find there's a lack of frequencies where they can communicate. There is just overload, and we had that in L.A. County about 10 years ago where none of the police departments could talk to the Sheriff's office or anything else. And they've remedied that. They needed some more frequencies. So I take it it's not a problem for you, where you operate. You have what, two-thirds of California, at least? Mr. Hall. Approximately so. Frequencies--apart from depending on Pac Bell, we have our own internal telephone network which covers the entire area independently. We also are relying on radio, and we also will be having satellite telephones as backup in a few key locations if everything else fails, including Pac Bell, which we do not expect. Mr. Latino. Mr. Congressman, Pacific Bell certainly will be ready. Business continuity plans are in place. They have been socialized with the appropriate support personnel and those systems that require those plans will, in fact, be fully staffed. We will have plans to activate our command centers as well as our network operation centers. Once again, they will be fully operational as well as fully staffed. Additionally, specifically as it concerns public safety, we will have knowledgeable personnel in the field at key public safety sites in order to assist in any identification, isolation and resolution of trouble. Moreover, we will have established a command center for our 911 infrastructure itself. Additionally, we have worked extensively with our 364 public safety answering sites in order to ensure they take steps to have contingency plans in place such as alternate answer. And last, we have worked closely with our directory assistance in the event, the unlikely event, of a 911 failure where seven-digit emergency numbers could be communicated to the public. Mr. Horn. Interesting. Mr. Le Naeve. I'd just like to say we are in exactly the same situation. We typically have 2,500 employees. That night 20 percent of those folks will be up and running and in their office and in their locations both in our emergency center as well as our energy management center as well as manning our key bulk substations, which are things we typically would not do just in the eventuality that something happens. Mr. Horn. Does SMUD have the natural gas as one of its products? Mr. Le Naeve. We are a purchaser. We don't produce any-- matter of fact, Mr. Hall's company produces and issues most of our gas. We don't deliver gas to anybody. Mr. Horn. Reason I ask that, in Eastern Europe and Central Europe we have a major natural gas problem where most of that is supplied by the Russians and through either pipeline or ship; and this is, of course, January, and it could be if that can't get through that or is utilized or leakage or whatever, you would have most of Eastern and Central Europe freezing pretty badly. Because if it was a Y2K affair that triggered something--and we know that there are microchips involved in the refinery and in the ships that haul that's under compression and so forth. So we don't have that problem here? Mr. Le Naeve. Not at SMUD. Mr. Horn. OK. Mr. Ferguson. If I could comment on the county's preparedness contingency planning. Like any other local government in California, we have considerable experience responding to natural disasters. With one exception, the county is preparing for Y2K similarly to prepare for any other disasters that's also our flood season here. So we're prepared, the exception being that, and we've discussed this at great length, many times, the response of natural disaster depends upon mutual aid between governmental jurisdictions. We realize at this point that this problem could be very widespread. So we're not counting on mutual aid in our preparations. Mr. Ose. If I may inquire, Mr. Ferguson, as it relates to the airport, December 31st is typically a pretty heavy travel day. As it relates to the airport operations, what, if anything, has the county--how has the county interfaced or interacted with FAA or operations at the airport to ensure that an unlikely contingency can be handled out there, that being the system goes down for either an unfortunate lack of power or an imbedded chip failure or something of that nature? Mr. Ferguson. Well, the rest of the--fall into three categories. Businesses, which I briefly addressed in my responses, to the extent they need to get bills paid and payroll out. Second area is in the imbedded chip area. These are systems that run the airport, everything from the parking tickets dispensing system and fuel dispensing, et cetera. We assisted the airport. They've done a very good job in evaluating those imbedded chips and we have a program under way. Third area of risk, we call this retractable kinds of risk. To the extent that the airport depends on the Federal Aviation Administration to control traffic, we have no opportunity to deal with that. It's just something we depend on someone else to provide as well as with the airlines. They have their own major business systems that run their reservations ticketing operations. And we are relying on them, as we are at the FAA, to deal with their Y2K risks. All reports we have at this time is that they are making good progress. Mr. Ose. You're confident about the county success rate of progress to date on the systems that they have authority over or responsibility for? Mr. Ferguson. I would say the county is--it's at the 90 percent rate in terms of remediation across the board at this point. Mr. Ose. Are you going to be at 100 percent come the first of the year? That's the question. Mr. Ferguson. Probably 99.99 percent. There are obviously going to be a few areas we miss, a small computer in a remote office, but we don't expect that to have any impact on our business operations. Mr. Ose. I want to visit on one other aspect of this. SMUD has a website? Mr. Le Naeve. I'm sorry, sir? Mr. Ose. Does SMUD have a website? Mr. Le Naeve. We do. Mr. Ose. OK. And Pacific Bell has a website? Mr. Latino. Yes, sir. Mr. Ose. And PG&E has a website? Mr. Hall. Indeed, we do. Mr. Ose. And I'm curious whether or not on any of those websites, in the unlikely event of a failure wherever, your subscribers, your ratepayers, or your service recipients could access those websites for contingency alternatives? Mr. Le Naeve. In our case, Congressman, that whole website issue is being discussed as it is and will continue to be right up to the night of rollover. We're getting several reports from the FBI and a few other places of criticality of people coming in and getting into our system and attempting to bug it, if you will. And getting into our system of direct path is through our website. We are toiling--emphasize the decision has not been made--but we're toiling with the possibility of shutting that website down for a few hours before and a few hours after the actual rollover. Now, should the disaster happen that we've all heard about, clearly we would expect to communicate either through the National Emergency Broadcast System or some other means to get the word out as to what we're going to be doing. We will be in constant contact with the county. They will be in contact with us, and we would look to the county and to the State to assist us in getting out whatever word we need to. But to tell this committee that we are going to guarantee that they can access our website, I'm unable to do that. Mr. Ose. I'm more interested in, say, between now and 11:59 on December 31st, posting information on the website in your respective organizations in the event of X---- Mr. Le Naeve. We do that, yes, sir. Mr. Ose. Pacific Bell do that and PG&E? Mr. Hall. We have some guidelines and questions--typical key questions and answers that have been asked--for public information, but it is an idea that I want to take back with me and pursue a little more. I think there is some more merit in that idea that we haven't pursued all the way. I think especially approaching the year end timeframe there may be a subset of our customers that might choose to look first there. So I'm going to take that back and take a closer look at the opportunities for that. Mr. Ose. It would seem to me even if the websites--in order to shut off access from someone trying to hack, even if the websites are shut down at least between now and then, people can print out or pull down off the web these very suggestions and print them out and keep them readily available. Mr. Le Naeve. We do that, Congressman, even to the point of the use of portable generators, which is a big fear that the average person would attempt to use a portable generator and without some basic knowledge and understanding all they do is get into a self-destruct mode. So we use our website to get that type of information out as well and to caution them for the proper usage as well as the most common asked questions. There's a shred out to our website that is Y2K specific and we update that at a minimum on a monthly base. Mr. Ose. As a representative from a rural area, you can understand my concern. Many of my people have livestock that require regular water and regular feed. Mr. Le Naeve. Sure. Mr. Ferguson. If I may just briefly comment on the county's website efforts. We, too, have a website. However, we are aware that we serve all the constituents of Sacramento County, many of which may not have access in their homes to Internet technology. So our program is multifaceted and involves a public information campaign, town hall meetings, and actual written material that we're mailing out in our utility bills to try and get exposure to the broadest level of our constituency. Mr. Ose. Now, there's a date coming up in September, September 9, 1999, which I'm familiar with, but would anybody care to briefly explain what that date comprises? It's a virtual equivalent in some instances to the December 31, 1999 rollover. Mr. Ferguson. I think that's something that's been overexaggerated a little bit. Commonly in the old days programmers used a collection of nines perhaps to represent the end of a file or some other condition. Fortunately, I think most computers would represent that date as September 9, 1999. So it's unlikely it will cause some of the predicted failures that people have talked about. But in all of our remediation efforts of our legacy systems, we have examined that as well as other Y2K-related issues. There's a date coming up in February 2000 which would be the first leap year date after the change of the millennium, making sure that is corrected as well. Mr. Ose. Some of you have actual tests going to transpire on the 9th of September? Mr. Latino. Pacific Bell, Congressman, is continually ongoing in their testing requirements. Specifically in relation to September 9, 1999, we have prepared a separate business continuity plan for that day where we will have people staffed at our critical systems, and I'm addressing specifically our 911 system. And we have a scheduled list task to be performed in order that the right metrics can be evaluated to ensure that processing is going as expected. Mr. Le Naeve. In our case, the reason NRC decided to play the national exercise on September 9th was precisely for that reason. That puts all the required forces in the utilities in the right place in the eventuality that something did happen. Mr. Horn. Mr. Latino, it's good to hear that Pacific Bell's 911 lines will operate. Isn't there a problem here with the people that are taking those calls? Most of them are either law enforcement or established by city managers, however, and how vulnerable does that make--you might have a good capability, but what's the human element here? Mr. Latino. Certainly the human element here is to make sure that there is not miscommunication, and toward that end, we have really launched an extensive effort in 1999 to communicate with our public safety partners. We've done this through numerous letters indicating the status of their equipment that we, in fact, provide and the need for them to check with other systems that we do not have responsibility for. We have participated in over one dozen forums, both with the public as well as with public safety personnel. We have sent out bill notices and inserts to further communicate the status of the 911 infrastructure concerning Y2K. And just as we said, we have distributed this to every public safety agency in the State that we supply which is, once again, our cookbook on how prepared we are for Y2K with 911. Mr. Horn. If you could submit that for the record, maybe we can get a lot of it in the hearing. Mr. Latino. Yes, sir. Mr. Ose. Without objection. [Note.--The publication prepared by Pacific Bell entitled, ``Pacific Bell Public Safety Solutions'' is retained in the files of the subcommittee.] Mr. Ose. Now, before I go on with my other questions, I want to get the website addresses each of you have in the record. It's www.smud.com and www.sbc.com? Mr. Latino. Yes, Mr. Congressman. Mr. Ose. www.pge.com. Mr. Hall. Right. And I just emphasize that's ``pge'' without the ``&.'' Mr. Ose. Right. Just the letters, no ampersand. Mr. Le Naeve. Sorry, sir. You said SMUD dot--ours is org, o-r-g. Mr. Ose. www.smud.org in your case? Mr. Le Naeve. Yes. Mr. Ferguson. And the county's website is www.co.sacramento.ca.us. Mr. Ose. Sacramento all the way out. Mr. Ferguson. Spelled. Mr. Ose. All 10 letters. Mr. Ferguson. It's a mouthful. Mr. Ose. Couple of other questions, if I might. I know PG&E receives some gas from foreign sources, that being Canada, and Pacific Bell is going to receive calls from overseas presumably, and SMUD perhaps by wheeling may receive energy from Canada, either through WOP or otherwise. Are there challenges each of you face in interacting with companies that might not be Y2K compliant and how are you dealing with those? Mr. Hall. You mentioned PG&E first so I'll respond first-- and we also include gas from Texas. Mr. Ose. That's a foreign country, too. Mr. Hall. That's a foreign country to us, indeed. But to be frank, initially the Canadian utilities were not under the same freedoms or onuses to reveal the status of their programs as their U.S. counterparts were, and so we initially had difficulty obtaining valid information as to where they were going and where they were. That has changed. And we have derived--and our affiliates who actually transport the gas from the Northwest have derived--very good information and have participated in several face-to-face meetings where a substantial amount of readiness information has been shared--to the point where we are very comfortable that they have taken it seriously. They'll be ready. So I think at this point we see both from the Texas side and from the Canadian side that we do not see any issues there that we can identify right now. Mr. Latino. Congressman, if I may add, our corporate headquarters is in Texas. So we have a very good relationship with that particular foreign country. And certainly we are testing internally. There are two key forums from the telecommunications perspective we have worked closely with. The first one is Telco forum, which consists of 21 suppliers, and that forum interactively with those suppliers tested 82 different telecommunication elements. And those elements were chosen as a result of them being representative across Northern America. When you start looking from an overseas perspective and long distance calls completing, the other organization which we conducted testing with is known as ATIS, the Alliance for Telecommunications Industry Solutions. Those testing has been done and the results have, in fact, been successful. Mr. Le Naeve. In our case, most, if not all, the power we purchase comes from the organization, from the Western States Coordinating Council or those agencies that are members, and, as Mr. Hall says, we're now encouraged that Canada is on board. And speaking for SMUD, we believe they are at least as well off in being prepared as we are. And I'm even more encouraged after today because the bulk of the power we buy, we get it from PG&E. So I'm satisfied. Mr. Ose. How about at the airport? I know we have--we have a single carrier coming into the airport from foreign--Canadian Air, can they fly into Sacramento airport? Mr. Ferguson. Personally, I'm not familiar with all the carriers out at the airport. I did want to mention one other public--quasi-public utility. Sacramento County and the Office Communication Information Technology operates Sacramento Regional Radio System, which supplies public safety radio services to all the agencies in the region. We operate a system that contains about 8,000 portable and mobile radios and supplies communication services to the sheriff, the police department, utilities, the fire districts. That system has been tested and is Y2K compliant. Mr. Ose. Well, gentlemen, I want to say that I appreciate you coming down here. What I hear you saying is the systems are going to be ready, and I can tell you as a representative of a large agricultural area and numerous urban areas, you give me a great deal of comfort in that respect. I'm going to hold you accountable. Mr. Chairman, anything else? Mr. Horn. No, that's it. That was asked. Mr. Ose. I got this covered. Let's go ahead and release this panel. Again, our appreciation and bring the third panel down. So we need to have Kathleen Tschogl, Alan Rabkin, Guy Koppel and Holly Delaney. I saw Kathleen walk out the back of the room. Better get in here, we're waiting on you. Mr. Willemssen, you might want to just sit up here because you'll probably have to move back up here eventually. As we have with other panels, I would like to swear you in as we do with every other congressional testimony, so if you'll rise. Do you solemnly swear that the testimony you will give before this subcommittee will be the truth, the whole truth, and nothing but the truth? Let the record show the witnesses answered in the affirmative. [Witnesses sworn.] Mr. Ose. We're going to start with Kathleen Tschogl from Raley's. She's the manager of governmental and regulatory affairs with Raley's Supermarkets. Please go to the podium to present your testimony. STATEMENTS OF KATHLEEN TSCHOGL, MANAGER, GOVERNMENTAL AND REGULATORY AFFAIRS, RALEY'S SUPERMARKETS; ALAN RABKIN, GENERAL COUNSEL, SENIOR VICE PRESIDENT, SIERRA WEST BANK, ON BEHALF OF THE CALIFORNIA BANKERS ASSOCIATION; GUY KOPPEL, CHIEF INFORMATION OFFICER, U.C. DAVIS MEDICAL CENTER; AND HOLLY DELANEY, YEAR 2000 PROGRAM, MERCY HEALTH-CARE SACRAMENTO Ms. Tschogl. I didn't bring any pictures because they say that a picture is worth 1,000 words. So I just brought 1,000 words. I hope that's OK. Mr. Ose. We have a picture here. Ms. Tschogl. OK. On behalf of Raley's Supermarkets, I'd like to thank you for the opportunity to speak before you today about the issue of Y2K and the food industry. With the year 2000 only a few months away, resolving this problem is an urgent necessity. It's been estimated that the average major food company will spend $27 million to become Y2K compliant, combining to an industry total of $1.8 billion. You will be relieved to know the Grocery Manufacturers of America reports that 95 percent of its members have already completed and tested their Y2K upgrades. The overwhelming amount of time and money invested leaves us confident that the food industry will be well prepared for the year 2000. At Raley's we began upgrades in 1997 by analyzing and testing our current systems, including telecommunications, internal software, and point of sale hardware. These upgraded systems have been operating successfully since June 30th of this year. An area of great concern to our customers is the electronic funds transfer, the EFT network. Debit and credit card terminals at cash registers are run by computers, and many people fear they will be either unable to use their ATM cards or that inaccurate transactions will take place. To solve this problem, Raley's and other supermarkets have completed certifications with their EFT network providers on Y2K readiness. Perhaps even more important than attending to one's own Y2K problems is making sure others are taking care of theirs. In an industry so heavily reliant upon a network of suppliers, manufacturers, shippers and retailers, it is essential that every link in the supply chain be strong enough to handle the new millennium. We're working closely with vendors and suppliers on their Y2K compliance efforts. We keep a list of all outside companies who may possibly affect our Y2K readiness and receive regular updates on their efforts. The great amount of media hype surrounding Y2K have customers worried that food shortages will occur and that their supermarket's shelves will be empty. The food industry has been hard at work since 1997 to make sure that this does not happen. We would like to remind the public that grocery stores are well accustomed to dealing with natural disasters, storms and holiday rushes. We are no strangers to providing goods and services during the harshest conditions. We are completely capable of ordering and receiving additional supplies as necessary. No change in supplies expected. We urge customers not to stockpile any more water or food than they would normally do in preparation for winter. The bulk of our concerns are not internal but related to outside government programs and regional utilities. These are areas beyond our control. We as an industry urge the government to provide support and oversight so that these crucial systems operate efficiently, allowing goods to be manufactured, transported, and supplied to the public. Another possible Y2K concern is connected to the food assistance program. Many of our customers rely upon programs such as WIC and food stamps. These programs often rely upon electronic benefit transfers creating a possible Y2K problem. While they are not under the industry control, we have been working with the USDA to prepare these systems for the new millennium. We request the Government give the necessary attention to the programs in connection to the Y2K issue so that we may continue to serve the people who rely on them. We take our responsibility to provide for the people seriously. We've been working to ensure that our customers' needs will be met. We have tested, retested, and reinforced our systems for the year 2000. Raley's plans to have a Y2K team on hand throughout the New Year weekend to handle any complications that may unexpectedly arise. We are more than prepared for the year 2000. Thank you. Mr. Ose. Thank you. [The prepared statement of Ms. Tschogl follows:] [GRAPHIC] [TIFF OMITTED] T0954.128 [GRAPHIC] [TIFF OMITTED] T0954.129 [GRAPHIC] [TIFF OMITTED] T0954.130 [GRAPHIC] [TIFF OMITTED] T0954.131 [GRAPHIC] [TIFF OMITTED] T0954.132 Mr. Ose. Mr. Rabkin, general counsel, senior vice president of Sierra West Bank, testifying on behalf of the California Bankers Association. Mr. Rabkin. Thank you very much. I appreciate the opportunity to be here today and to speak to you concerning the banks' readiness for Y2K. My name is Alan Rabkin. I am the general counsel and senior vice president of a regional bank by the name of Sierra West Bank, which was recently acquired by Bank of the West. Now we serve the eastern California and western Nevada markets, so I can speak to you on those issues, but I'm generally familiar with what banks are doing nationwide. I'm knowledgeable about the banks' security aspect of Y2K since I served on SCC panels to formulate rules concerning that issue. I've seen firsthand the operational lending and other aspects of the year 2000, and I hope I know what I'm talking about. Well, I've got good news for you. I think this is the shining moment for banks in the United States. We have done our work. We have gotten down to business. We have made our equipment ready. We have ordered new equipment when it's not ready. We have fixed and tested, retested, created plans and educated the public and our customers. Together we have assessed risks, account risks, loan risks, facilities risks. We canceled staff vacations. We've generally taken our lumps on 1999 earnings. We basically have done what a responsible bank should do, but we're not completely done. We always have things to do, but we certainly are through the door of compliance and we will meet the dawn of the new millennium with completely updated, fully compliant Y2K systems. I like to say in my public presentations that if Father Time needs cash at the new millennium, we will deliver it. So what does this mean? What can we expect? Are there going to be major problems in the Y2K systems for banks? The answer is, I can't predict exactly what will happen, but I will tell you that I doubt it. Some of you have read about recent problems in Y2K areas dealing with banks. Just about a week ago I opened the papers and there was an article about a company by the name of Affiliated Computer Services, a small Texas-based ATM provider who seems to have some sort of Y2K failure in their software systems. But when you look into the problem, it wasn't Y2K related at all. Instead, it was simply a software upgrade failure. It was simply a lack of fully engineered upgrade. And that happens a lot these days. Recently in the area I'm in, a local regional airline carrier introduced an upgrade not related to Y2K, and that upgrade did not take well, and their whole system went down, they backed up with their prior system, they made the fixes and they came back on line. This is the reality of computing in the 1990's. So once you get beyond the potential for errors caused by new software introduction, I think you'll find that banking has very, very few Y2K problems left to it. In fact, I myself still have all my money--or most of my money in FDIC-insured institutions. I'm fully confident I won't lose one dollar. I'm fully confident I'll be able to withdraw as much or as little money as I need. I'm fully confident my cash needs will be met on a day-to-day basis. I do need money to get through the end of the year and probably the best New Year's celebration of the millennium. However, I don't think I need my life savings to do that. What's more of a Y2K concern to me, however, is the misinformation that I see daily. You know Y2K is good theater, and I'm getting a little tired of it, especially when it comes to ads like those run by KIA Motors Corp. implying that banks are not Y2K compliant. Frankly, there's no proof for that. In fact, there's opposite proof. All the Federal banking agencies, the Securities and Exchange Commission, even Alan Greenspan have represented banks as the poster child of Y2K compliance. We are the good conduct citizens of Y2K. We got started very early. So what's all this misinformation about? Well, the L.A. Times came out with a story about a week ago saying even though it's been shown that banks are 99 percent compliant, that 42 percent of the consumers still believe ATMs will not operate. And 38 percent fear checks will bounce, and 20 percent believe that Y2K will shut down the banks. So we have to do a better job. We have to market our skills better in Y2K. We have to get the word out that banks are fully compliant, and if there are any glitches they will be dealt with. So we are going to be more proactive. We're going to market Y2K just like we market our bank products. I think you've seen that recently with banks such as Union Bank who have the ``Y2K OK'' campaign going statewide right now. Every delivery system will be used to get the word out between now and the end of the year; statement stuffers, public speaking, these hearings. Everything so that we can get face to face with our customers. And we will ask the customers what they are not aware of, what they need more information on, and we will be good corporate citizens going into the end of the year. So with that proactive attitude, we continue to win the race. We continue to be up front and we feel that Y2K if it's not a dud, will certainly be a dud as to banking. So I'm here to answer any questions you might have concerning the banking industry, but we have arrived. We may have to be at work on January 1st just to be sure; but if you see us a little tipsy on January 2nd of the new millennium it's because we're celebrating a very, very good performance by the banking industry. Thank you. Mr. Ose. Thank you, Mr. Rabkin. Mr. Koppel, who is the chief information officer of U.C. Davis Medical Center is here to join us, also. Mr. Koppel. Thank you and good morning. First, let me apologize, I have neither a picture nor a thousand words prepared. We had some communications mix-up and we just--last evening I found out I was selected to appear here this morning. I would like to address the Y2K issues in terms of UCD Med Center and the health system. The health system is the combination of the school of medicine and the medical center. We in the health systems began looking at Y2K issues back in 1995 and 1996 and we took advantage of opportunities with our electronic systems to begin modifying in-house development, and making sure we had tractional language for acquisition of new systems. In 1997 the university office of the president started formalizing the process and brought all the university medical centers and campuses together and developed a reporting system in which we participate. In July 1998 the UC Health Systems in Sacramento developed a task force. I co-chair that task force, and we have representatives from all across the organization that represents major operations and functionality areas. We developed an action plan, which tests all the obvious processes: Inventory, assessment, renovation, all the things that are necessary for Y2K readiness. The major areas of concern that we have are--because we're in the patient care business, of course, trying to be self- sufficient in case everything fails. So the areas that we've looked at are not only information systems, but our health and safety areas with fire alarms, water and power. And I'd just like to say in terms of water and power, we're very fortunate to have a brand new power plant that is driven by natural gas. It has a secondary backup system, diesel. Our third redundancy is SMUD, and our fourth redundancy is portable generators that will plug into each of our major buildings. As far as water goes, we're depending on the city, but we have two wells in place right now, the third one going into the infrastructure is being constructed. I don't think water and power will be an issue. Most of the medical equipment that we have is another major issue. We've notified vendors. We inventoried all of our equipment. We have tested it and set aside funding for acquisition of new equipment as we realize in some cases the vendors will not be upgrading for Y2K compliancy. Most of the orders for the new equipment and replacement equipment have been submitted, and will be on hand well ahead of the Y2K time period. As far as office automation and facilities go, we've taken all kinds of measures to make sure that our office automation has contingency and business continuity depending on those systems. We put into place a program whereby we can interrogate and mitigate any PC-related problems in terms of resetting clocks, replacing chips or parts in the PCs. We've also addressed the issues of contracts, making sure that all of our contracts with people we do data exchange have Y2K compliant statements. We've notified all of our vendors and have gotten responses back from vendors regarding supplies and availability of supplies. As far as the actual Y2K orientation itself, we have been audited by the State Division of Audit and we came through fairly good. The audit report would say that there is one system that they looked at, that had a plan for testing, but at the time they looked at it, it wasn't tested due to the fact that we had to add some equipment. That system has now been tested and validated. Most all of our electronic systems have been modified, replaced, tested and validated. For those that are not completed will be completed, those well ahead of year 2000. The plan that we have at the Med Center is that we're going into the year 2000 very optimistically, but we also are going to hedge our bets by having a full staffing of our disaster recovery center, and we're going to be having full staff of any major area of concerns. Telecommunications, I'd like to talk to you about that for a minute. We're self-sufficient. We have our own switching system. We have a backup, Pac Bell. We utilize an 800 megahertz radio system which is connected for emergency purposes to the county of Sacramento, and we also have an emergency phone system that is hard wired throughout the medical center in case of failure of Pac Bell or in our own switching systems. I think that kind of concludes what I'd like to say, and I'd be happy to answer any questions. Mr. Ose. Thank you, Mr. Koppel. We're going to take questions at the end of all the testimony. Finally, our last panelist is Holly Delaney, who is in charge of the year 2000 program with Mercy Healthcare Sacramento. Ms. Delaney. I'd like to thank you, Congressman Ose and Chairman Horn, for the opportunity to present here today Mercy Health-care Sacramento's Y2K preparedness status. As you may or may not know, Mercy Healthcare Sacramento is a division of CHW, which is located down in San Francisco. They are a 48 Facility Healthcare System. We here in Mercy Healthcare Sacramento have seven hospitals, including skilled nursing facilities, home health organizations and clinic locations known as Med Clinic in the area. We began our year 2000 program in 1997 by developing an impact analysis. At the time the study identified 21 application system upgrade projects at a total of $2 million. In addition to that, we developed a Project Management Office at the corporate level that addresses all Y2K processes; including testing methodologies, standards for application systems, biomedical devices, facility equipment, computer hardware and network electronics. The PMO has tested all of our biomedical devices throughout our 48 facilities, our clinic locations and home health locations, et cetera, facilities equipment, which means elevators, alarm systems, fire suppression systems, et cetera, application systems and PC hardware, network and telecom. We, like most organizations, have utilized the seven-phase Y2K compliance approach, which I'm sure you've heard a little bit about today: Inventory, assessment, planning, upgrade, testing, remediation and contingency planning. With limited staff resources and a set time for completion for Y2K, Mercy instituted a Y2K project prioritization process to ensure our patient critical Y2K systems were addressed first, so that we could continue to provide excellent quality patient care as we have for the last 100 years. Our current Y2K status, interesting how quickly these numbers grow after you continue to investigate, has gone up to an estimate of $15 million effort, with 26,000 staff hours to make our medical equipment and support systems Y2K compliant. Mercy has since identified a total 108 application systems upgrade projects, 63 of which we consider patient critical systems. And out of a total of 12,829 biomedical devices identified only 344, which is about 3 percent, failed our Y2K testing and either required replacements or upgrade. So that's pretty good news for the community at large that patients pretty much can rely on biomedical devices. That would be things like IV pumps, EKG machines, defibrillators, et cetera. Only 3 percent of these were determined to be noncompliant through our testing efforts, and we are in the process of remediating all of those. Our current status, 84 percent of our patient critical applications systems are currently Y2K compliant. They have been tested and upgraded. By August 31st we believe 97 percent of our patient critical application systems will be Y2K compliant. All PC network telecom equipment will be Y2K compliant by the end of August, and all biomedical devices and facility's equipment will be Y2K compliant by September. All contingency plans are currently complete. They have been distributed to all the departments in our organization and we'll be undergoing a quality review process at--I believe it's next week, to test those plans out and our staff's ability to follow and understand those plans. The various issues that we found in addressing our Y2K problem are that hardware and software vendors have continually changed their Y2K compliance status, causing us to reevaluate our cost, staff resources, and project completion dates. Many of our small software vendors are charging excessive fees and are slowing down our upgrade process for becoming Y2K compliant. These are the one-man, two-man owned shops with PC- based software that are basically holding us hostage at times because they just don't have the wherewithal to complete all the upgrades. Third party software providers, we call them trading partners or EDI trading partners, both the data people and the vendors that we get supplies from at times cannot be tested or upgraded by Mercy. This includes some of our electronic claims remittance providers. We do have some risk in that area. However, we've mitigated this risk through contingency planning and basically we have manual processes in place by which we can continue to submit claims in a manual method. In addition, small isolated PC-based systems were difficult to inventory. And I'm sure everybody who is dealing with the Y2K effort has identified that. Thus, they're being identified as we complete our PC upgrades. This provides very little time for us to remediate. However, these are not patient critical systems, and they are mostly business systems used for efficiency, not the core critical business system processes. We're concentrating on contingency planning for these systems and basically people will have to do these efforts manually. Thank you. Mr. Ose. Thank you, Ms. Delaney. If you followed our panel list, you'll see that panel one is largely State and local government with a municipality. Panel two is largely utilities; and panel three is largely food, money, and health care kind of thing. So there is some sense or some method to our madness. If I may, Mr. Chairman, I'm going to proceed with my questions; and you can wrap up, and we'll do the paperwork, if you will, kind of thing. Ms. Tschogl, one of the questions I have is it--and it relates to Mr. Rabkin, also. The electronic funds transfer mechanism that many of your customers use, I want to make sure people understand that that's going to work when they come in at the end of the year, that the transactions are going to be accurate, that the system is going to be available. As I understood your testimony, that was the case that you have spent considerable effort making sure in conjunction with your partners, your business partners, that that will be available for folks? Ms. Tschogl. Our information services people have confirmed to me that they are absolutely certain that the electronic funds transfer mechanism will be working. You can probably talk more about the electronics. Mr. Ose. Turn that mic. Ms. Tschogl. Turn this? Mr. Ose. There you go. Much better. Mr. Rabkin. Mr. Chairman, fortunately, the regulators-- banking regulators have not stopped at banks. They've gone out to the vendors of banks and have examined vendors of banks on both mandatory and cooperative basis. On each of the primary Federal regulators both the Fed at fed.gov or fdic.gov or occ.gov you'll see listings of critical vendors like First Data or FDR, who are the primary drivers of what we call ACH or bank-card type transactions, and they've gone out and rather than make each bank test their driver of these systems, they've gone out and tested them with all the resources of the Government, which is very helpful. And, also, some enlarged banks have double-checked those findings and have checked the primary vendors as well and those noncompliant vendors are shown with their noncompliance status; but most, I would say, generally all, of the primary drivers of these very critical ACH wire transfer-type scenarios have been checked by the banking regulators. Mr. Ose. ACH is Automated Clearing House? Mr. Rabkin. Clearing House, that's correct. So this is not just one particular bank telling you that this will happen appropriately. It's the banking regulators telling us all that it will happen appropriately, and that's why I have comfort in it. Mr. Ose. So folks are engaged in electronic commerce whether they be on vacation or down at the grocery store or out in the rural areas buying feed or fertilizer and they wish to do electronic commerce. It seems as if the system is prepared whether it be at Raley's or at Henry Miller's Implement Dealer up in Yuba City or whomever. The system appears to be prepared for that ability to be achieved. Mr. Rabkin. That's correct. From what I've heard today, and prior testimony, we'll have power. We'll have phones. We'll have the banking and driver systems. Those are the critical elements to transacting any debit/credit transaction in any bank or merchant situation. So we have all the critical core elements to transact those transactions. Mr. Ose. So the financial system will be available. Let me explore, if I might, a little bit one issue that comes up regularly that we're all very attuned to whether we live in cities or in rural areas is food quality. And I know Raley's has an ongoing extensive program for food quality. Are there--is there any indication that there will be anything but a consistent high level of quality of product in the grocery stores by virtue of anything related to the Y2K problem? Ms. Tschogl. Absolutely not. There will be no change whatsoever; and as I mentioned earlier, we have dealt with power outages before, and in the event in a rural community or outlying area there really is a power outage, we've done this before and we have backup generators that will operate efficiently. Our refrigeration units are going to operate efficiently, just like they have every other time that we've had a little glitch in the system. This is not going to be any different. Mr. Horn. If I might just ask a question here. How about bottled water, will a lot of people do you think---- Ms. Tschogl. We predict that there will be people buying a lot more bottled water than they normally would, but I don't predict they are going to be buying that bottled water a week before the new year. I think they are probably going to start gearing up for it throughout. It's not necessary, but I do think that people will be doing this. There will probably be a run on plastic--empty plastic bottles for putting their own water in, but it's not going to be a crisis situation at the supermarket. Every major supermarket has been preparing for this for years, and it's not what turned out to be at one point was a computer problem has escalated into another problem. That's all of our own making in our imaginations here about what's going to happen with food shortages. Mr. Ose. I hear you saying---- Ms. Tschogl. And batteries. There will be no price gouging either, I might add. I don't know if you were going to ask that question, but that is another concern that some people have, that batteries are going to go for four dollars each when it gets into a crisis situation. I think you may have some of that. In some areas it may happen, but it won't happen in any of the major supermarkets across the country. I can speak for my colleagues in other supermarket chains that I won't mention. Mr. Ose. If I may follow on, Mr. Koppel and Ms. Delaney, I know that Ms. Delaney's organization just opened a state-of- the-art trauma center out near my home town, if you will, actually it's in Carmichael. We're going to claim it's in Citrus Heights anyway. I want to make sure, one thing I heard Ms. Delaney talk about was the compliance levels in equipment, but I didn't hear Mr. Koppel speak about that. I wanted to come back to that, particularly as it relates to embedded chips and equipment that's been held for a couple, 3 years. You were very clear that you're down to about a 3 percent noncompliance rate. Ms. Delaney. That's what we started with. Mr. Ose. You're even below that now? Ms. Delaney. Correct. We'll be 100 percent compliant with our biomedical devices by September. Mr. Ose. Is that going to be the case also at the Med Center? Mr. Koppel. We've identified--I thought I spoke to that issue, but I probably brushed over it quickly. We took an inventory and made a complete assessment of all of our medical equipment and to date we have purchased approximately $270,000 worth of equipment that we think needs to be replaced such as defibrillators, heart fusion pumps and small items. We expect there will be a few more. I can't tell you what the percentage is, but it's a fairly low percentage in comparison to the overall amount of investments that we made. The only medical equipment that is outstanding in terms of actual proof testing is some of our larger equipment like our MRIs, some CTs, cardiac catherization units, and the reason those are untested is because the vendors have notified all the users not to test these systems in the field. They are being tested at the factories and wherever else they have their testing sites. The reason being is some of these systems are so complex, if you set the time ahead, there's no going back on it. So it will just mess up the operating system; but except for that, we have plans to replace and we have the funding to replace all equipment that is not Y2K compliant, and it will be in before Y2K. Mr. Ose. Ms. Delaney--I appreciate that. Ms. Delaney, you brought up something I thought was particularly farsighted, and that was the claims submittal process for people who are enrolled in HMOs or who are on Medicare or Medicaid or Medi- Cal. It's clear that Mercy in particular has given some thought to making sure that claim process doesn't bog down and become a nightmare either. Can you just kind of go over that for us briefly, please. Ms. Delaney. The biggest difficulty that we have found is in third parties claims administrators. Generally they have software that they've developed in-house and one in particular we're having difficulty getting upgraded. Mr. Ose. Turn that mic around a hundred and eighty degrees. There you go. Nope, that's wrong. Ms. Delaney. I'll just talk closer. How's that? So that is one of the difficulties we are finding. However, that won't prevent the provision of patient care. That just prevents us from getting our money for the provision of patients' care. So although we're concerned about it from an organizational standpoint, our patients should not be concerned at all. As I said, we do have provisions to submit those claims manually, and we are working as a corporation with some of those organizations to provide our clout to get those systems rectified and Y2K compliant. But that is an issue the third- party payors are not always compliant. Mr. Ose. We have a very large organization in the U.S. Government called the Health Care Financing Agency [HCFA] in particular has had some difficulty just making sure that they are going to be compliant. Are you anticipating any difficulty there? And when you're finished, Mr. Willemssen, I'd appreciate any input you might have on this particular issue, too, with respect to Medicare claims and the like. Ms. Delaney. No. I read the reports on HCFA and I'm pretty sure--I know--they actually in the past have instituted--for example, when they've changed large computer systems, they've instituted a continued payment system, so I'm pretty sure that if anything should happen with the payment system, what they will probably do is just continue the average payments to the healthcare systems. So we're pretty confident that that won't be a financial risk to us. Mr. Willemssen. HCFA and Medicare represent one of the highest risk Federal programs that remains. The administrator has made a lot of excellent progress, but because they got such a late start and they have such a widespread intricate heavily computerized set of systems, they still have a long ways to go and limited time to do it. They are still overlapping remediation and testing activities that are occurring over the next few months. So there is still reason for concern. Reason for optimism is similar to what she pointed out. They have done a lot of good efforts in the contingency planning area, so that in the event there are disruptions, they will be prepared with backup plans. Those backup plans still need some further refinement and testing, however. So overall there's still definite room for concern on HCFA and Medicare. They are aware of it. They are working as aggressively as possible on it. If I also might point out, Congressman, in relation to comments you made earlier on biomedical equipment, I thought it useful to point out, I don't believe the witnesses had mentioned that there is a FDA data base on biomedical equipment that includes Internet links to over 400 manufacturers, and it indicates what those manufacturers say about their items. We've looked at that and there are over 35,000 products identified by those manufacturers, and about 4,500 of them are considered noncompliant. It may be--if the witnesses here haven't already done so, it may be worth their while to compare their efforts against what's reflected in those websites so it can match up any anomalies. Mr. Horn. On that point, Mr. Chairman, you were with us at the Cleveland hearing, I believe, and the very excellent representative from the Cleveland clinic talked about how they have this site where all the emergency room equipment could be checked against that, and the UC Davis submission is very impressive on how you people have been at this for a long time and well organized. I'm just curious, have you used the same site as the Cleveland clinic and a lot of them are using? Mr. Koppel. I'm not aware that we have. I know that we're working in conjunction with the purchasing department I know they have went out and interrogated these sites, and I'm sure they are working very close with our technical engineering department along these lines. I personally am not aware of that. Ms. Delaney. I have a quick comment about biomedical devices. CHW, when they began testing or when they chose to look at biomedical devices, found it was very difficult even from the manufacturer to determine which biomedical devices were Y2K compliant, because often the serial numbers didn't even reflect what embedded chips, et cetera, were in each device. So that's why we chose to go ahead and test all of our devices, and that is about 50 percent of the healthcare providers chose testing versus reviewing the data bases and the various information out there. We did choose to test because we started this early on, and we're very confident that we have the accurate information about Y2K because of that test. Mr. Ose. Mr. Chairman. Mr. Horn. I don't have any further questions. I think the panel has been excellent. I don't know if Mr. Willemssen has anything. Mr. Willemssen. Nothing else to add, Mr. Chairman. Mr. Horn. Thank you all. You were all impressive. You're right about the banks. We had them in our first hearing and the Clearing House and Mr. Greenspan and others have been doing a great job in making sure they comply, and the banks have done a great job. Mr. Rabkin. Maybe we should be giving away bottled water rather than toasters. Mr. Horn. How about plates in the Depression. Mr. Ose. Lower interest rates. Thank you all for participating. Mr. Horn. We have thanks to the staff here. And our staff director for the Subcommittee on Government Management, Information, and Technology is J. Russell George, and he's the chief counsel for the subcommittee. And on my right--your left--is Bonnie Heald, the professional staff member responsible for this hearing and the director of communications for the subcommittee. And the gentleman who was alert and moving those microphones around was Grant Newman, our clerk. And we had a lot of help from Mr. Ose's staff. And we want to thank Dan Scopek and Donna Willborn with Metro Cable, production director, and we also had from Mr. Ose's staff, Tory--you pronounce it---- Mr. Ose. Tovey Giezentanner. Mr. Horn. Tovey Giezentanner and Peter DeMarco. And our court reporter is Maria Esquivel-Parkinson, and we thank you very much for sticking with us. It's tough sometimes when you can't get a rest or anything else. With that, if there are no further comments, I thank you for all you've done for this subcommittee. Mr. Ose. I do have a closing remark, Mr. Chairman. Under your guidance we have been able to bring together here this morning government at all levels to talk about the challenges we face. We've been able to bring the critical utility providers together to talk about their level of preparedness. In my opinion, we've brought together the most critical elements of private industry, that being banking, food and delivery, if you will, and healthcare to talk about their relative levels, and this would not have happened without your interest and participation and those of us in Sacramento who will benefit from this. On their behalf I say thank you for taking the time to come. Mr. Horn. Well, I thank you because I tell you, we've been through a lot of these, Mr. Ose and I and the staff, and just by chance and lot of hard work has been a really broad-based operation here, and I've been very pleased with the quality of testimony, both your oral testimony, your response to questions, as well as your written testimony which automatically goes in the record the minute the chairman recognizes you. We're sorry we have to cut it down sometimes to 5 minutes, but we want to get to the questioning, and that's where we learn the most, we think, because we've already read your documents and we thank you all for coming and the panels before you. And with that, we're going to recess this hearing to tomorrow in the Silicon Valley in San Jose. We will have the last hearing in northern California, and then we're going on to the State of Washington next week for year 2000 testimony with the help of the Discovery Institute, which is a major foundation in Seattle. So with that, if there's no further comments, this is recessed to San Jose tomorrow. [Whereupon, the subcommittee was recessed.] THE YEAR 2000 COMPUTER PROBLEM: LESSONS LEARNED FROM STATE AND LOCAL EXPERIENCES ---------- SATURDAY, AUGUST 14, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology, Committee on Government Reform, San Jose, CA. The subcommittee met, pursuant to notice, at 10 a.m., in the San Jose City Hall, City Council Chambers, North First Street, San Jose, CA, Hon. Stephen Horn (chairman of the subcommittee) presiding. Present: Representative Horn. Staff present: J. Russell George, staff director and chief counsel; Patricia Jones, American Political Science Association congressional fellow; Bonnie Heald, communications director; Chip Ahlswede, clerk; Casey Beyer, chief of staff, Congressman Tom Campbell's district office staff. Mr. Horn. This hearing of the House Subcommittee on Government Management, Information, and Technology will come to order. I'd like to welcome the residents of Silicon Valley, the San Jose Region for joining us today for the subcommittee's 11th field hearing on the year 2000 technology challenge. The year 2000 computer problem affects nearly every aspect of operations in the government and the private sector. In Social Security and Medicare to local telephone service, electrical power and home personal computers, the year 2000 computer bug has certainly been a large management and technology challenge for all of us. No single organization, city, State or even country can solve the year 2000 problem alone, nor can they guarantee their computers will work until the organizations and agencies that exchange data with them are also compliant. The year 2000 problem was created in the mid-1960's when programmers seeking to conserve limited computer storage capacity began designating the year in two digits rather than four. In other words, if you had 1967, they saved memory on 19 and put in 67, and that was pretty soon practice, and you had two-digit years. Now they knew there would be a problem when there was a year 2000 because it would register 00 and a computer probably wouldn't know whether it was 1900 or 2000 or whatever it was, and those systems might malfunction, corrupt data or shut down completely. But they were optimists. They're Americans. They said, ``Technology will solve this.'' The fact is technology hasn't solved it. There's no silver bullet. It's a serious situation. Our first hearing was held in April 1996, and we had the clearing house, the banks, a number of key parts of our society, and they have been working steadily to make sure that those basic economic indicators and processes in our society work. But our focus as the subcommittee has been on the executive branch of the Government of the United States, and we found them ill prepared. And it took them about 2 more years despite our prodding to get prepared, and they finally appointed an individual to give full-time efforts to it, and he's done an excellent job. Mr. Koskinen is an assistant to the President and heads the Year 2000 Conversion Council, and we have had the pleasure of working with them. And our report cards you see out there on the desk are one of the prods we use to get them to face up to these matters, and slowly this is happening. We're optimistic. We think it will all be done prior to January 1, 2000. Current estimates show that the Federal Government will spend nearly $9 billion to fix its computer system in this fiscal year which ends September 30th. It might well go into another billion if there's the sort of panic mode, shall we say. If that's what we worried about in the beginning, let's have careful management, good organization and work systematically to achieve the goals, and they're finally getting that there. So as I said, I have faith that this will work. I have often said the figure will reach $10 billion, and it might. Recently, the President's Office of Management and Budget identified 43 essential Federal programs such as Social Security, Medicare, and the Nation's air traffic control system. Each day these programs provide critical services to millions of Americans. Of those 43 programs, 10 are federally funded, State-run programs including Medicaid, food stamps, unemployment insurance and child support enforcement. Based on the data we received in May, all of these State-run programs were not scheduled to be ready for the year 2000 until December, leaving little, if any, time to fix unforeseen problems. Data exchanges and interdependencies exist in all levels of government and throughout the private sector. A single failure in the chain of information could have very severe repercussions. For example, Social Security Administration maintains a data base of Social Security payment information for eligible citizens. One data base has about 50 million citizens registered in it and another 43. When these payments are due, the Social Security Administration sends that information to the Department of the Treasury's financial management service where the check is issued and either electronically deposited into the personal bank account of the client, or it's delivered by the U.S. Postal Service. Each of these agencies has its own network of computers. If even one of them fails, the entire system breaks down, and the check will not be delivered. Indeed, many of the Federal executive branch agencies and Cabinet departments have said, ``Well, our contingency plan is the U.S. Postal Service.'' When we saw that, we decided to hold a hearing with the U.S. Postal Service, and it turned out they had no contingency plan for themselves. So we're not sure about the various agencies on their fallback. But it will be slow. Fortunately, the Social Security Administration has been working on the problem for 10 years, and they're in good shape. And the only other one at this point 'til our next report is what we called in the old days the weather service. They're right on target. If there were still a few farms in the Santa Clara Valley, those farmers would be very happy. They could get all the weather news they want as they drive their tractors through the furrows and orchards of Santa Clara County, but they're hard to find anymore. But even well-prepared computers won't work without power. One of the most essential questions involving the year 2000 challenge, and we'll have some testimony on this before us today, will the lights stay on? Without electricity our modern society would be relegated back to the proverbial stone age, and that would have a major effect on our economy. We remember the General Motors strike in Michigan? That would be a drop in the bucket compared to power outages, assembly lines stopping, hundreds of suppliers that make up some major products such as airplanes for my own constituency where Boeing and the former Douglas operations, suppliers come from all over America. So blackouts, inadvertent or vertent, I guess, they can cause real economic damage. Our Nation has made great strides in the advancement of information technology to which we owe the credit to many corporate residents of Silicon Valley. We're extremely fortunate today to have as witnesses representatives from high technology companies that develop hardware, software, microchips and processors that enable our computer systems to function on a daily basis. We're very interested to hear how these companies have approached the year 2000 technology challenge and their experiences in dealing with this issue as we approach the new millennium. No one can predict what might or might not happen once the clock ticks past midnight this New Year's Eve. The only certainty is that this January 1st deadline cannot be extended. So I welcome today's panel of witnesses. [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED] T0954.133 [GRAPHIC] [TIFF OMITTED] T0954.134 Mr. Horn. We will have two panels here and panel three after that. And then the first one, I'd like to call those witnesses forward: Joel Willemssen, the Director of the Civil Agencies Information Systems of the U.S. General Accounting Office; Mark Burton, the Y2K project manager for the city of San Jose; Dana Drysdale, vice president, information systems, San Jose Water Co.; Ronald E. Garratt, assistant city manager, city of Santa Clara; Christiane Hayashi, the year 2000 communications manager for the city of San Francisco. If you will come forward, this is an investigating committee of the House, so we have the following process: We would ask you to stand, raise your right hands to affirm the oath to the truth of the testimony, and then I'll make some other requirements. [Witnesses affirmed.] Mr. Horn. The clerk will note that all five witnesses have affirmed the oath. As we introduce each one of you, your full statement is automatically put in the record, and these records get very thick as you can imagine, but you have some excellent information in the full statement. We would like you to summarize, if you could, to 5 minutes if you need a few more, OK. But if you could do it in five, that leaves time for a dialog between you and us, and between yourselves, and I think that is all very fruitful often, if we get that done. So let us start, then, with the first witness we have, and he follows us around America, precedes us, and that is Mr. Willemssen, the Director of the Civil Agencies Information Systems for the General Accounting Office. That is an arm of the legislative branch since 1921, and they have given us outstanding service in terms of looking at this very tightly, both on the economics, on the accounting and on the programmatic arrangements. They put out, with every new Congress, a high-risk profile on the various agencies of the government, and we use that as a model to examine what the executive branch is doing. So Mr. Willemssen, it's all yours. STATEMENTS OF JOEL WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE; MARK BURTON, Y2K PROJECT MANAGER, CITY OF SAN JOSE; DANA DRYSDALE, VICE PRESIDENT, INFORMATION SYSTEMS, SAN JOSE WATER CO.; RONALD E. GARRATT, ASSISTANT CITY MANAGER, CITY OF SANTA CLARA; AND CHRISTIANE HAYASHI, YEAR 2000 COMMUNICATIONS MANAGER, CITY OF SAN FRANCISCO Mr. Willemssen. Thank you, Mr. Chairman. As requested, I'll briefly summarize our statement on the Y2K readiness of the Federal Government, State and local government and key economic sectors. Regarding the Federal Government, reports indicate continued progress in fixing, testing and implementing mission- critical systems. Nevertheless, numerous critical systems must still be made compliant, and must undergo independent verification and validation. The most recent agency quarterly Y2K reports due to OMB yesterday should provide further information on agency progress. Our own reviews of selected agencies have shown uneven progress and remaining risks in addressing Y2K, and therefore point to the importance of business continuity and contingency planning. Even for those agencies that have clearly been Federal leaders such as the Social Security Administration, some work still remains to ensure full readiness. If we look beyond individual agencies and systems, the Federal Government's future actions will need to be increasingly focused on making sure that its high priority programs are fully compliant. In line with this, OMB has identified 43 high impact programs such as Medicare and food safety. Available information on the Y2K readiness of State and local governments indicates that much work remains. For example, according to recently reported information on States, about eight States had completed implementing less than 75 percent of their mission-critical systems. Further, while all States responding said that they were engaged in contingency planning, 14 reported the deadlines for this as October or later. State audit organizations, including the California State Auditor, have also identified significant Y2K concerns in areas such as testing embedded chips and contingency planning. Another area of risk is represented by Federal human services programs administered by States, programs such as Medicaid, food stamps, unemployment insurance and child support enforcement. OMB recorded data on the systems supporting these programs showed that numerous States are not planning to be ready until close to the end of the year, and further, this is based on data that have not been independently verified. Recent reports have also highlighted Y2K issues at the local government level. For example, in July we reported on the Y2K status of the 21 largest U.S. cities. On average these cities were reporting completing work on about 45 percent of their key services. Y2K also remains a challenge for the public infrastructure and key economic sectors. Among the areas most at risk are health care and education. For health care, we've testified on numerous occasions on the risks facing Medicare, Medicaid and biomedical equipment. In addition, last month we reported that while many surveys have been completed on the Y2K readiness of health care providers, none of the 11 surveys we reviewed provided sufficient information to assess the true status of these providers. For education, last week's report of the President's Y2K Conversion Council indicates that this continues to be an area of concern. For example, according to that report, many school districts could have dysfunctional information systems because less than one-third of institutions were reporting that their systems were compliant. That completes the summary of my statement, and after the panel is done, I'll be pleased to address any questions. Thank you. Mr. Horn. Thank you very much for that very helpful and thoughtful statement. [The prepared statement of Mr. Willemssen follows:] [GRAPHIC] [TIFF OMITTED] T0954.135 [GRAPHIC] [TIFF OMITTED] T0954.136 [GRAPHIC] [TIFF OMITTED] T0954.137 [GRAPHIC] [TIFF OMITTED] T0954.138 [GRAPHIC] [TIFF OMITTED] T0954.139 [GRAPHIC] [TIFF OMITTED] T0954.140 [GRAPHIC] [TIFF OMITTED] T0954.141 [GRAPHIC] [TIFF OMITTED] T0954.142 [GRAPHIC] [TIFF OMITTED] T0954.143 [GRAPHIC] [TIFF OMITTED] T0954.144 [GRAPHIC] [TIFF OMITTED] T0954.145 [GRAPHIC] [TIFF OMITTED] T0954.146 [GRAPHIC] [TIFF OMITTED] T0954.147 [GRAPHIC] [TIFF OMITTED] T0954.148 [GRAPHIC] [TIFF OMITTED] T0954.149 [GRAPHIC] [TIFF OMITTED] T0954.150 [GRAPHIC] [TIFF OMITTED] T0954.151 [GRAPHIC] [TIFF OMITTED] T0954.152 [GRAPHIC] [TIFF OMITTED] T0954.153 [GRAPHIC] [TIFF OMITTED] T0954.154 [GRAPHIC] [TIFF OMITTED] T0954.155 [GRAPHIC] [TIFF OMITTED] T0954.156 [GRAPHIC] [TIFF OMITTED] T0954.157 [GRAPHIC] [TIFF OMITTED] T0954.158 [GRAPHIC] [TIFF OMITTED] T0954.159 [GRAPHIC] [TIFF OMITTED] T0954.160 [GRAPHIC] [TIFF OMITTED] T0954.161 [GRAPHIC] [TIFF OMITTED] T0954.162 [GRAPHIC] [TIFF OMITTED] T0954.163 [GRAPHIC] [TIFF OMITTED] T0954.164 [GRAPHIC] [TIFF OMITTED] T0954.165 [GRAPHIC] [TIFF OMITTED] T0954.166 [GRAPHIC] [TIFF OMITTED] T0954.167 [GRAPHIC] [TIFF OMITTED] T0954.168 [GRAPHIC] [TIFF OMITTED] T0954.169 [GRAPHIC] [TIFF OMITTED] T0954.170 [GRAPHIC] [TIFF OMITTED] T0954.171 [GRAPHIC] [TIFF OMITTED] T0954.172 [GRAPHIC] [TIFF OMITTED] T0954.173 [GRAPHIC] [TIFF OMITTED] T0954.174 Mr. Horn. Our next witness is Mark Burton, the Y2K project manager for the city of San Jose, and, Mark, we're delighted with the kindness of the city administration to let us use their City Council Chamber today. So we thank you. Mr. Burton. Thank you. Good morning. Thank you for opportunity to speak before the subcommittee on the city of San Jose's efforts in preparing for a rollover in the millennium and how we're addressing the year 2000 computer problem. The city began its year 2000 efforts in the summer of 1997, and since that time has allocated over $10 million toward this effort, with $6 million of that at our airport alone to mitigate the impacts of Y2K computer interruptions. The Y2K Office in the Information Technology Department has had the responsibility for coordination of planning and remediation activities for Y2K efforts. In addition, the Information Technology Department has responsibility for the mitigation and year 2000 readiness for the city's traditional computer systems. Individual departments have focused on their internal systems and operational issues, and the Y2K task force comprised of representatives from all departments have focused on coordination activities between the departments and acted as a clearing house for Y2K information. In early 1999, recognizing the potential impacts of service interruptions on our critical health and safety services, a second Y2K Public Health and Safety Task Force was created to concentrate on the readiness for these services. This Public Health and Safety Task Force's focus is on emergency and health issues. Some examples include water service, waste water treatment, emergency medical response, emergency police response, sewage collection and storm drainage. Our year 2000 project has four major areas: Computer systems, embedded systems chips, business continuity planning and public information. In the computer systems area, systems and hardware were inventoried and assessed for operation into and through the year 2000. We inventoried and assessed over 160 systems and 150 applications for computers and servers. After Y2K assessment, decisions were made to repair, upgrade, replace or retire in-house and vendor supplied software. 15 systems remain in the remediation process at this time. For embedded systems chips, in critical service areas including our Convention Center, police and fire departments, municipal water service, telecommunications and streets, the city obtained services of expert contractors in embedded chips to assist in the inventory assessment. In these six departments, 2,500 pieces of equipment were inventoried and assessed. While the majority of the equipment was found to be year 2000 compliant in the assessment phase, over 30 percent was found questionable, and just over 1 percent not Y2K compliant. While interesting to find embedded systems chips in equipment, appliances and other things taken for granted both at home and work, it was surprising to find non-year 2000 compliant chips in our fire department's defibrillators. They are now year 2000 compliant, and Deputy Chief McMillan will go into more detail about the defibrillators. In late 1998 the city began its business continuing planning with development of department Y2K contingency strategies for mission critical and essential services and equipment. Preliminary plans were developed between December 1998 and March 1999 with more comprehensive plans recently completed in July. We are not only preparing the computer systems for the date change, we are also preparing contingency strategies which will be implemented, if required, to minimize disruptions of critical services. In the case of a temporary or more extended service interruption, we must be prepared with recovery strategies to bridge the gap and continue supplying critical services. With our dependency on others for services and products in our complex industrial technological society, we are taking the steps to ensure the continuation of critical city services should there be interruptions. Staff has developed detailed contingency plans for all critical services and systems. These contingency plans are based on our existing emergency operations plan, and they detail the procedures necessary to mitigate service impacts related to year 2000 failures, either locally, or in the event of power-grid outages or utility systems malfunctions. Dr. Winslow's testimony covers some of the training and practice exercises used to prepare staff and tune our contingency plans. The last component of our Y2K project I want to speak of is the public information phase. The city with the assistance of a media consultant is in the process of developing a public outreach campaign to reach out to residents to assist them with year 2000 home readiness. We're coordinating this with Santa Clara County and targeting our initial release for October to coincide with the 10th anniversary of the Loma Prieta earthquake. The emphasis will be on emergency preparedness, not only for year 2000, but for any emergency, be it earthquake or other natural disaster. Another area of concentration will be to educate city employees in home preparedness so they will be ready to respond to any Y2K problems with the knowledge that their families are OK. The city of San Jose has made good progress on its systems readiness for Y2K. However, due to our reliance on others for key services and supplies, the city is taking steps to be ready for Y2K interruptions whether they come from within or from a third party. The city's goal is clear, to be prepared for Y2K. Mission-critical systems and services must be ready for the new millennium, and at this time we see no reason that the city should not meet this goal. In conclusion, I'd like to thank the committee for the time to speak on the city of San Jose's year 2000 efforts. Mr. Horn. Well, thank you very much for your well-organized description of what you've gone through and what some of the implications are, and we'll get back to some of this in the question period. [The prepared statement of Mr. Burton follows:] [GRAPHIC] [TIFF OMITTED] T0954.175 [GRAPHIC] [TIFF OMITTED] T0954.176 Mr. Horn. Dana Drysdale is the vice president, information systems for the San Jose Water Co. Mr. Drysdale. Thank you, Chairman Horn. In the interest of time, I will skip our greeting and summary that's in the written statement and go directly to some detail which will be of use to you. We're very pleased to be here today. In my testimony, San Jose Water Co. will be referred to as SJWC. SJWC's Y2K readiness program can be summarized into six major steps. These steps are: No. 1. Customer contact. Every customer that requests information regarding San Jose Water Co.'s Y2K readiness program receives a personal written reply. Additionally, there is Y2K information on sjwater.com. That's our website. Step 2. Major power and water supplier contact. Both Pacific Gas and Electric Co. and the Santa Clara Valley Water District are critical to the normal operation of Silicon Valley's water system. These organizations have a Y2K readiness program. SJWC and all local water retailers meet quarterly as a group with the Water District. The April 21, 1999 meeting was devoted to a discussion of Y2K. The district shares knowledge of State and Federal water project readiness levels. As of June 1999, SJWC understands that the State completed the modification to its network to be Y2K ready and that these modifications are being tested by a consultant. As a result of the April 21st meeting, the district and SJWC identified a continuous supply of electrical power as a concern. Additional information about this is included in Step 6, contingency planning. Step 3 of our program. Review of software and hardware products. SJWC uses standard commercially available computer hardware and software packages. This means we do not have a significant development environment at the San Jose Water Co. All SJWC hardware and software suppliers perform significant Y2K testing of their products. In many cases, these software and hardware providers also engage independent testing organizations, such as ITAA or NSTL. To the best of our knowledge, all software and hardware products used in SJWC's water system are Y2K ready. Where practical, SJWC repeated aspects of these tests. For example, water distribution for most of Silicon Valley is controlled by SJWC's sophisticated SCADA System. SJWC performed a successful Y2K system test of the SCADA System's servers and remote telemetry unit's hardware and software. Step 4. Contacts with governments, other suppliers and business partners. All replies from these folks indicate a Y2K readiness program. Step 5 of the program. Employee awareness and education. SJWC's executive committee regularly discusses the Y2K readiness program. SJWC's chief financial officer, controller, and vice president of information systems--that's three different people--participated in a Y2K test of SJWC financial and materials systems. The company's technology committee meets quarterly or as needed to ensure that SJWC uses technology appropriately. The technology committee is also involved in Y2K readiness. For example, this committee has an ``embedded controller'' project. Committee members identified functions in their area that might be subject to control of a computerized clock and contacted the manufacturer to ensure Y2K readiness. Please note that SJWC's water-related computer systems typically manage water based on demand and not time. Step 6 of the program. Contingency planning. The chief contingency planning concerns for Silicon Valley's water supply include the import water and electrical power concerns identified in step 2 above. SJWC contingency plans are common for many possible situations in Silicon Valley, including earthquakes. Water resources in the valley are managed under an integrated plan by Government Agencies, by the Water District and by water suppliers such as SJWC. 50 percent of our water is imported from State and Federal water projects, and is treated at District treatment plants. Approximately 35 percent and 15 percent, respectively, of Silicon Valley's water is supplied by SJWC operated wells or through local surface water. Local surface water depends on local rainfall. In the event of a disaster or emergency that impacts ground water supplies--excuse me--import water supplies, significant additional ground water is available from SJWC operated wells. SJWC has excellent working relationships with Pacific Gas and Electric Co. and other power suppliers. In the event of power interruptions, SJWC's experience is that power is restored as quickly as possible. SJWC also has emergency generation facilities that operate the water system during power interruptions such as those experienced during the 1989 Loma Prieta earthquake. However, sustained regional power outages have serious impacts on water operations. The SJWC portion of Silicon Valley's water system is designed with local finished water storage reservoirs. This means that water is in the valley. In many cases, full local reservoirs and tanks will gravity feed water to customers. Power is needed to initially fill these reservoirs. On the morning of a typical January day, SJWC will have approximately 2 days of finished water in Silicon Valley in these reservoirs. If power is completely interrupted for more than 2 days, water would be supplied using SJWC emergency facilities alone. Operating the water system under emergency conditions during a sustained regional power outage is very different than typical water delivery, this is beyond that first couple days, and may result in some water supply outages. Disaster planning and generation facilities are coordinated with county and city agencies and the California Public Utilities Commission. SJWC customers and employees enjoy many benefits from participating in regional emergency preparedness and encourage everyone to take advantage of their city and county emergency planning services. San Jose Water Co. thanks Chairman Horn and House staff for the opportunity to present testimony. Additional information is available at sjwater.com or by phone at (408) 279-7900. Mr. Horn. Thank you. That's a very thorough presentation, and you're talking about a key ingredient for all of us. We don't last too long without water. Thank you for coming with that. [The prepared statement of Mr. Drysdale follows:] [GRAPHIC] [TIFF OMITTED] T0954.177 [GRAPHIC] [TIFF OMITTED] T0954.178 Mr. Horn. The next witness is Ronald E. Garratt, assistant city manager for the city of Santa Clara. Mr. Garratt. Mr. Garratt. Thank you, Mr. Chairman. I thank you for inviting me to speak today on the subject of Y2K readiness in the city of Santa Clara. I'm both the assistant city manager and year 2000 project manager for the city. Before I describe the city's Y2K readiness program, I would like to briefly acquaint you with the city of Santa Clara. Santa Clara is a full-service municipality providing police, fire and utility services to approximately 103,000 residents and over 10,000 businesses. Somewhat unique to Santa Clara, we are one of only four cities in the greater Bay Area that own and operate an electric utility. Later on this morning you will be hearing from Karen Lopez, Silicon Valley Power's Y2K program manager. The city of Santa Clara is either headquarters for or services a major campus site for a number of leading internationally known high-tech companies: Intel, Sun Microsystems, Hewlett Packard, 3Com, Applied Materials and National Semiconductor to name a few. Like other organizations, the city of Santa Clara knows the importance of year 2000 readiness, and is focused on our ability to store and manage data through the millennium change and into the next century. The city's formal year 2000 program began in 1997. However, the city's actual remediation efforts commenced approximately 5 years ago through the systematic replacement of major departmental computer systems. In point of fact, replacement of the city's then existing mainframe driven COBOL based operating programs were driven as much or more by the need for increased performance and enhanced user functionality as the need to eliminate the expression of a year in a two-digit field. Over the past 5 years, the city has spent nearly $22 million replacing critical computer systems. $7\1/2\ million in public safety systems, including the new 911 emergency dispatch system, the new 800 MHz trunked radio system, new police and fire records management systems and telephone system upgrades. $5\1/2\ million for utility systems including the electric substation telemetry control, power scheduling and water system pump control upgrades. $5 million for finance systems including a new utility building system and a finance system data warehouse. $2 million for computer network improvements including the upgrade to Y2K compatible personal computers for all system users, and the upgrade of all network hardware and software to Y2K compatible standards. $1 million for public works systems including the upgrade of the city's traffic control system. The city is working aggressively toward being a Y2K ready organization for all major systems no later than September 1999 with the exception of two departmental computer systems that will be fully operational by November 1999. The city's Y2K readiness focuses on two major strategies: Replace or repair. As I mentioned earlier, it has been the city's primary goal to replace non-Y2K compatible systems rather than repair them with one major exception. In 1997 it was determined that replacing the COBOL based core accounting system, comprised of the general ledger and payroll systems, with a Y2K compliant enterprise accounting system could not be accomplished in the time remaining. The city engaged a consultant to modify the program code to accept year 2000 day calculations. These core accounting systems were tested and verified as Y2K ready in 1998. The city has inventoried departmental computer systems, both hardware and software. Y2K readiness has been determined through a combination of vendor validation, system testing and third party consultant review. The city has employed verification and validation software to test all desktop user hardware and software for Y2K compliancy. Where appropriate, external computer interfaces have been validated. Examples include the city's 911 interface with the regional phone system and the city's financial interface with our primary bank. One primary goal of the city's Y2K strategy is to ensure residents and businesses that the city of Santa Clara is working diligently on their behalf to minimize disruptions caused by the potential year 2000 computer problems. We've communicated our progress through a number of channels: Face- to-face meetings with major businesses and the Chamber of Commerce, regular updates posted on the city's website, cable cast over the city's Government channel, and printed in the city newspaper which is distributed to all residents and businesses. Additionally, we're in the process of holding a series of Y2K meetings throughout the community to update and advise neighborhoods on individual and family emergency preparedness. Over the next 3 months, we will be mailing out materials on home and small business preparedness for possible Y2K caused disruptions. As we have moved in to the later portion of 1999, contingency planning has surpassed remediation as the primary Y2K focus for the city. We are both encouraged and assured by Y2K remediation efforts occurring in both the private and public sectors in the Silicon Valley, but we also understand our day-to-day reliance on complex, far-reaching interconnected computer systems. Given the millions of lines of programming code contained in these systems and the thousands of embedded chips that control these systems, we fully anticipate the possibility of Y2K disruptions in the community and the region as a whole. We are advising the community to prepare for possible Y2K disruptions much in the same manner as a household would prepare for an earthquake or flood threat. We are advising moderation in food and supply stockpiling and the amount of cash kept on hand. The Y2K preparedness checklist would contain certain unique characteristics such as advising households to keep hardcopy financial records for the later part of 1999. We do not believe Y2K preparedness needs to be dramatically different than typical household emergency preparedness. The city has been preparing for possible Y2K disruptions through a series of tabletop exercises and problem simulations that allow staff to practice and perfect the emergency response systems. By the completion of this series of emergency exercises we will have involved agencies such as the school district, our local hospital and the Red Cross to enhance the ability to coordinate our emergency response. Additionally, the city departments are reviewing manual work-around procedures that would allow at least a basic level of city services to be maintained in critical areas if computer systems were to fail. The city's emergency operation center will be open and fully staffed over the New Year's period. We will track Y2K related events over the Internet as they unfold through the dateline through Asia into Europe and across the Eastern United States. We will maintain a telephone bank to quickly respond to community concerns or rumors. In the event of a major regional disruption in electric power or communications, the city has fall-back alternatives available on a very localized basis. We are prepared for an extended Y2K response period if that becomes necessary. In closing, I want to thank the committee for the opportunity to speak this morning. On behalf of the City Council of the city of Santa Clara, I extend our appreciation to the committee for your diligence and efforts in determining year 2000 readiness throughout this nation. Thank you. Mr. Horn. Thank you. We appreciate your remarks. [The prepared statement of Mr. Garratt follows:] [GRAPHIC] [TIFF OMITTED] T0954.179 [GRAPHIC] [TIFF OMITTED] T0954.180 [GRAPHIC] [TIFF OMITTED] T0954.181 [GRAPHIC] [TIFF OMITTED] T0954.182 [GRAPHIC] [TIFF OMITTED] T0954.183 [GRAPHIC] [TIFF OMITTED] T0954.184 [GRAPHIC] [TIFF OMITTED] T0954.185 [GRAPHIC] [TIFF OMITTED] T0954.186 [GRAPHIC] [TIFF OMITTED] T0954.187 [GRAPHIC] [TIFF OMITTED] T0954.188 [GRAPHIC] [TIFF OMITTED] T0954.189 Mr. Horn. Christiane Hayashi is the year 2000 communications manager for the city of San Francisco. Thank you for coming. Ms. Hayashi. Thank you, Mr. Chairman, I want to thank the subcommittee for the opportunity to participate in the national dialog on this topic. I also want to take the opportunity to personally thank the General Accounting Office for all the invaluable information that they have passed along that has been of use to the State and local governments, and I'm sure even private businesses as well. I brought with me as written testimony a rather long report to the San Francisco Board of Supervisors. Unfortunately it was prepared as an internal document and it's hot off the presses. I didn't get a chance to repackage it for external viewing. So the only clue that it's from San Francisco is the CCSF acronym at the top corner of the page. I apologize for that. We'll take care of that when we get back to the office. Mr. Horn. When you say it's an internal document, you can be sure the press will want that one more than any. Ms. Hayashi. There are 75 copies on the table, so everyone's welcome to it. It's a document that we prepared. It's the most recent Y2K status for the San Francisco Board of Supervisors, and it contains detailed status reports for each of the 14 mission-critical departments in the city as designated for the focus of this Y2K preparation. But actually, I'd like to talk about something that's not in that report, and I'd be happy to take any specific questions on status as well. Everyone who's dealt with Y2K for any period of time can rattle off the improved procedures, inventory assessment, remediation, testing, contingency planning, supplier verification, and most recently identified some elements of due diligence as independent validation and verification, and the city is, of course, actively engaged in this process. But what has emerged as one of the most important elements of Y2K preparation is public awareness. It's become apparent to many jurisdictions as you've heard in prior testimony that whether Y2K has seriously harmful effects to society could depend on the individual citizen's level of preparation for it and how they react to it. And by public awareness, I mean, first of all, that we get accurate information to the public so that they can evaluate whether their government's efforts are addressing all of their needs in a due diligence process, and so that the public can share the Government's confidence when certain systems are certified as Y2K ready, and also so that each person and household can assess what their risks are based on their personal needs and priorities. For example, the person who requires medication might assess the risks to the pharmaceutical industry and decide how much medication to keep around the house in the event of need. And also by public awareness, I mean that we get information to the public about how they should prepare. At this point, enough agencies and businesses have accomplished enough work so that those following Y2K progress are breathing a little easier about the potential effects of New Year's Eve on the social and economic fabric of the United States, at least from a technical perspective, although we do recognize much work remains to be done. The banking and utility industries and their associated regulatory agencies have expressed pretty good levels of confidence that their services will continue uninterrupted. Consumer automobiles have been warranted by the manufacturers and most central systems of public and private organizations will have received at least some attention by the end of the year. Most governments have achieved substantial readiness and rapid progress continues. But the fact remains that we can expect some surprises from Y2K, and a significant danger remains that a public panic reaction could have severely detrimental effects. People need to understand that they can expect Y2K-related headaches in the first half of next year, so that they shouldn't run screaming into the streets the first time that the lights flicker. They also need to take advantage of this opportunity to prepare to be just a little bit self-reliant. Personal Y2K preparation is like buying fire insurance. Is it likely that your house will burn down? Not really, but there is a chance, and the value of your home and its contents are sufficiently important that you take the time and spend the money to protect it against that eventuality. Having purchased that fire insurance, you can feel secure that come the worst, you have some protection. Similarly in the Y2K context, it's looking very unlikely that there will be serious infrastructure breakdowns. However, because of the complex interdependencies of our high-tech society, what could fail and for how long remains a great uncertainty. Just as agencies have looked over their inventories assessing the compliance, fixed their non-compliant systems, tested their fixes and made back-up plans, so the citizens should identify their personal priorities for the mission-critical systems, like insulin to a diabetic. They should assess their risk of failure of those systems such as checking the websites of the manufacturers of the elements that you might have at home. They should fix what they can, such as downloading fixes for their personal computing systems from manufacturer's websites, and they should identify the alternatives to those things that could fail, but are beyond their individual capacity to fix, such as keeping a supply of essential and nonperishable groceries of the household needs. Above all, people should be prepared for Y2K by remaining rational and avoiding hysteria about the millennium. Panic could result in long-term economic problems, rioting, looting and other socially unproductive behavior. Now is the time for people to remember that we are low-tech human beings. There's nothing standing between us and the earth and the sunlight and the air we breathe. Our families and friends don't have computer chips. Our social network will remain intact. Since no one has ever suggested that Y2K will result in spontaneous combustion, we should have most of our personal possessions around us. With just a little bit of preparation, we can provide ourselves with Y2K insurance. In California where we've had at least three major earthquakes, raging fires, power outages and alternating drought and floods during this century, it's merely common sense to make your household self-reliant in a few fundamental respects: Nonperishable food, water, necessary medicine, flashlights, a little cash, security of important documents. But for ourselves and each other, we can use this fascinating Y2K historical event as an opportunity to strengthen our human bonds and improve our collective future. That's the message of optimism and personal empowerment that we feel is an important part of San Francisco's readiness effort. Thank you. Mr. Horn. Well, thank you. That's very well stated, and you are right on the mark, and as I listen to you, I think you probably get the last word when you see the mayor who is used to having the last word. So thanks for coming and sharing those insights with us. We appreciate it. [The prepared statement of Ms. Hayashi follows:] [GRAPHIC] [TIFF OMITTED] T0954.190 [GRAPHIC] [TIFF OMITTED] T0954.191 [GRAPHIC] [TIFF OMITTED] T0954.192 [GRAPHIC] [TIFF OMITTED] T0954.193 [GRAPHIC] [TIFF OMITTED] T0954.194 [GRAPHIC] [TIFF OMITTED] T0954.195 [GRAPHIC] [TIFF OMITTED] T0954.196 [GRAPHIC] [TIFF OMITTED] T0954.197 [GRAPHIC] [TIFF OMITTED] T0954.198 [GRAPHIC] [TIFF OMITTED] T0954.199 [GRAPHIC] [TIFF OMITTED] T0954.200 [GRAPHIC] [TIFF OMITTED] T0954.201 [GRAPHIC] [TIFF OMITTED] T0954.202 [GRAPHIC] [TIFF OMITTED] T0954.203 [GRAPHIC] [TIFF OMITTED] T0954.204 [GRAPHIC] [TIFF OMITTED] T0954.205 [GRAPHIC] [TIFF OMITTED] T0954.206 [GRAPHIC] [TIFF OMITTED] T0954.207 [GRAPHIC] [TIFF OMITTED] T0954.208 [GRAPHIC] [TIFF OMITTED] T0954.209 [GRAPHIC] [TIFF OMITTED] T0954.210 [GRAPHIC] [TIFF OMITTED] T0954.211 [GRAPHIC] [TIFF OMITTED] T0954.212 [GRAPHIC] [TIFF OMITTED] T0954.213 [GRAPHIC] [TIFF OMITTED] T0954.214 [GRAPHIC] [TIFF OMITTED] T0954.215 [GRAPHIC] [TIFF OMITTED] T0954.216 [GRAPHIC] [TIFF OMITTED] T0954.217 [GRAPHIC] [TIFF OMITTED] T0954.218 [GRAPHIC] [TIFF OMITTED] T0954.219 [GRAPHIC] [TIFF OMITTED] T0954.220 [GRAPHIC] [TIFF OMITTED] T0954.221 [GRAPHIC] [TIFF OMITTED] T0954.222 [GRAPHIC] [TIFF OMITTED] T0954.223 [GRAPHIC] [TIFF OMITTED] T0954.224 [GRAPHIC] [TIFF OMITTED] T0954.225 [GRAPHIC] [TIFF OMITTED] T0954.226 Mr. Horn. Let me ask some general questions for the panel as a whole. I've long felt since I got into this in 1996 that this is a management problem, not just a technological problem, and I'd sort of like to know from you now that you've been through this process, what are the management principles you followed that you think, for those that haven't really become involved in this, you could give them a little guidance? So let's just go right down the line. I think I'm going to let you pass, Mr. Willemssen. Let's have your colleague there, Mr. Burton, from the city of San Jose. What's the management approach you've taken and where responsibility is being placed and so forth? Mr. Burton. I think the No. 1 issue has been awareness, and that's for managers throughout the organization to be aware. Whether or not it's from a standpoint of the general issue of the year 2000 preparedness or the individual services and key equipment items, to ensure that they are year 2000 compliant. It's, I think, self-realization you have to begin with, and if you're in denial, you certainly wouldn't begin addressing the problem. Mr. Horn. Mr. Drysdale. Mr. Drysdale. Our management approach is based on communication, participation and involvement by really everybody. So when I mentioned that our executives participated in the test, that was true. We were all there on Saturday working on it, and the same thing is true of our staff. We work together as a team. So primarily involvement, participation, continued good communications, we try to practice every day at work. That's just a common approach. Mr. Horn. Mr. Garratt. Mr. Garratt. I think the fact that I have been assigned as the Y2K project coordinator from the city manager's office rather than a chief information officer is indicative of the visibility the council and the city management chose to give this issue. We have departments who have been working in very rigorous ways to solve their individual proprietary situations, but it does require a certain level of oversight and coordination and a constant message that enough is never quite enough. And that's the approach we've taken. Mr. Horn. Ms. Hayashi. Ms. Hayashi. In the city of San Francisco which is a fairly decentralized city, the multiple programs primarily take responsibility for all their own operations. It was an important step in the Y2K effort to create a central, city-wide organization that existed to help coordinate the efforts between the departments, coordinate the communications about the interdependencies between departments, because a lot of departments that rely on the phone services, for example, are dependent on another city department for providing those services. Also for centralizing some of the issues to avoid duplication of work, and directing resources also, because as we've seen departments that perhaps don't have enough resources in their own pockets, that we could direct some personnel and some expertise to them so that they can get the job accomplished quickly. So the central oversight has been critically important, and I think I agree with the message of motivation as well, that everybody needs to keep working as hard as they can. Mr. Horn. Since we have three cities on this panel, San Francisco, Santa Clara and San Jose, I'm curious if any of you have had the type of exercise that Rockville, MD and Lubbock, TX ran through where they advanced the date forward, in a department in the middle of the night and then see what happens to your emergency coordination operation. Has any of you done that at this point, or have we just dealt individually with adaptation of codes? Ms. Hayashi. That has been done in San Francisco, but again, many of these year 2000 readiness preparations were done on a department-by-department basis. So we haven't had a city- wide exercise, but there has been a lot of date simulation testing in individual departments. Mr. Horn. Because certainly when you have department responsibility, the question is do they have connection with other departments to get their job done? Ms. Hayashi. Exactly. And that's why the central program management office is the grease that keeps those wheels moving. Mr. Garratt. I have heard the Rockville staffers and the Lubbock staffers explain the exercise they went through. We have not attempted to perform something like that. We pushed certain systems beyond the millennium. We had the unique experience in one system where it went beyond and operated, but it was very difficult to pull it back. And there was a bug in the software from that perspective. But we've been fairly limited and judicious on pushing these systems as a unit. Mr. Burton. In the city of San Jose we have pushed the date forward on our network, our city-wide network, to the year 2000 and exercised the system. I believe that was back in March, and have a plan to do that again in September over the Labor Day weekend. In addition, for our computer clusters for applications we have tested systems with the system dates rolled forward, as well as the individual applications, flexing them with functionality in the next century. Our first test in that was in the month of May this year. We actually have a test underway today in our computer center with a date rolled forward to the year 2000. We also have one scheduled for August 28th and again on Labor Day, as I mentioned. Mr. Horn. Some have mentioned over the last few years that there are some additional dates we need to be concerned with, and your comment on September, I thought I'd use that, September 9, 1999 bothers some people as it might mess up some computers because that apparently was used as a symbol for a number of computer programs in the past, and the other being the fact that we have a little extra day in February 2000. Does any of that concern you one way or the other? Mr. Burton. We identified 19 key high-risk dates potentially. The high risk dates have been examined against the application to find out what dates that application would have at risk. Our testing plan includes flexing a minimum of two of those dates for applications: most assuredly the roll over as well as leap day, and then identification of some other date. For instance, not only do you face January 1st and leap day, but with remediated code, et cetera, we're concerned about month end closes, quarterly closes, fiscal year closes and calendar year closes in these remediated applications. So there are quit a few dates that we're looking at. Mr. Horn. Mr. Garratt, any thoughts on that? Mr. Garratt. As I mentioned in my presentation, we've replaced a good number of our systems with object-oriented programming languages, C++, that deal with the year as a four- digit equation. Our finance system has been remediated, and we are aware, and we will be watching very carefully certainly on September 9th. The programmers have looked into the system to make a determination if that could be a problem. They did not believe it will be a problem. Mr. Horn. That's very interesting, and I wonder how about San Francisco? Have you done that? Ms. Hayashi. Yes, yes. Leap year and other potentially sensitive dates are a part of what we have taken into consideration in examining the IT systems. Mr. Horn. Mr. Drysdale, you've given us very helpful information on the water, and as understand it, there are 200,000 public water systems regulated under the Safe Drinking Water Act that serve about 240 million people in our country. The remaining population obtains most of their drinking water from private wells. So I'm curious, is the San Jose Water Co. ready for January 1, 2000, to ensure that there are no violations associated with the Safe Drinking Water Act? Mr. Drysdale. Yes, Chairman Horn, our water quality staff is part of the group that would be available that evening. But typically, our staff that works around the clock monitors for different types of matter that can be in water that might indicate a violation of the Safe Drinking Water Act. Generally, when the water is tested here in the valley for all the required different types of chemicals and matter that can be in the water, typically we have non-detectable traces. It's not possible to detect anything that would be required by current regulations. So as far as wells, private wells, here in town are, the oversight for that is the Santa Clara Valley Water District. So we work with them as far as monitoring our own wells, but private wells, we don't have that responsibility. Mr. Horn. Does the Santa Clara Valley Water District include all of southern Santa Clara County? How does that work? Mr. Drysdale. Yes, it does. In general, that would be a fair description of their service area. Mr. Horn. That includes the Pajaro River, which is a river on the southern end of the county, marks the border. Mr. Drysdale. I believe it would. Mr. Horn. I'm just curious, because you've mentioned Federal and State water that you have access to, which I assume is coming through the San Luis Reservoir, isn't it? Mr. Drysdale. Yes, it is. There's San Luis Reservoir water, and there's also water that's directly piped into the valley to the two treatment plants that the district operates. One is on the east side of the valley, and one is on the west side of the valley. Mr. Horn. Is there projected, given the population growth in San Jose and Santa Clara County, is it projected that it will have a very tight situation on water whether it be the year 2000 or not? Mr. Drysdale. I'm not familiar with those projections, but I don't believe that there's a problem. I do attend some of the water retailer meetings with the district, and there's never been expressed any concern for that. Mr. Horn. Now for the agricultural use where they do have wells on a number of these farms. What's been the water level? Has it been going down substantially in the last 20, 30 years? Mr. Drysdale. No. On the contrary, with the use of import water, the primary supply for the valley ground water is at record levels. Mr. Horn. Where do you touch the water supply? What's the footage digging a typical well? Mr. Drysdale. Depends upon the usage, the nature of the soil, the nature of rock. There are different levels. But one very good example not far from here, we have a local highway that's about 15 or 18 feet below the surface level and water is percolating through that highway right now, and that's a problem that people are trying to deal with. So the water is typically quite high. Mr. Horn. That's interesting. In Los Angeles what many of us know as the Century Freeway named after my predecessor, Glen Anderson, who chaired the Transportation Committee of the House, turns out they have exactly that problem, that water's coming up there, and the water replenishment agencies are now billing the State Highway Department for taking their water. It's having its amusing aspects, but it becomes very difficult when your freeway starts moving around. So that's happening here. That's fascinating. Let me ask Mr. Willemssen who has gone through many panels, that raises good questions as his colleagues do in GAO. Mr. Willemssen. One issue that was briefly touched upon by one or two of the witnesses that I would encourage all the organizations here to keep in mind is the value of independent verification and validation efforts, especially to the extent that you can publicize those efforts and let citizens know that another set of eyes has indeed gone in and taken a look at your most important systems and made judgments about their compliance status. That can go a long ways in further assuring citizens' readiness. That's one thing to keep in mind. An additional item, and you touched on this in one of your questions, there are tremendous value in testing business continuity and contingency plans. There are things that come up during these test exercises that were never considered early on, so I would also encourage the organizations to consider that. In addition, I believe the city of San Francisco representative mentioned the importance of communicating to the citizens during the rollover period. I believe the States and localities will be hearing much more from FEMA regional offices and from the executive branch on the plans of John Koskinen's information coordination center in this regard with their purpose of trying to get out reliable, consistent information to the public during the rollover period. The individuals here should be playing a role in that and will be getting further information on it. Mr. Horn. Thank you. Any questions you'd like to ask of your colleagues now that you've heard all of this, and any questions we should have asked but didn't have the brains to ask, we'd like to take those questions too. So anybody have some additional thoughts after hearing the dialog? OK. Everybody's satisfied there. Driving home to San Francisco you're not going to say, ``Gee, I should have asked that''? Ms. Hayashi. I think we'll have other opportunities to talk to each other. Mr. Horn. At midnight, January 1st? Ms. Hayashi. No. I think the interagency dialog has been very valuable, and everybody is taking advantage of it. Mr. Horn. I should ask, where are you all going to be that night, January 1st? I assume you're in your command headquarters on water, electric and all the rest. Yeah. Well, I'll be flying on a plane. We'll see what happens there. I've told the FAA Administrator don't upset the controllers that day, will you. Leave them alone. Anyhow, thanks for coming. You've had very thorough things. There's some excellent work where people could be used either on bills or everything else to get the message over. I think we'll steal liberally from all of your ideas. Thank you. Ms. Hayashi. Please do. Mr. Horn. OK. We're moving to panel two. Panel two consists of some of the key corporations in Silicon Valley as well as Pacific Bell and the San Jose International Airport. We'll be glad to fly in and out of. It's a fine airport. We have Mr. Whitworth, Mr. Cavaney and Mr. Hall and Mr. Latino, Mr. Tonseth. I think that's it. OK. Gentleman, if you raise your right hands. [Witnesses affirmed.] Mr. Horn. The clerk will note that all five have been affirmed, and we will begin with Mr. Whitworth. And as I mentioned earlier, you might not have been here, automatically that full statement of yours goes in the record. We'd like you to summarize it so we'll have more time for questions and answers and dialog, but we appreciate all of your hard work and thank you for coming. Mr. Brad Whitworth is the Y2K marketing & communications manager for Hewlett Packard Co. We're glad to have you here, very distinguished name in computing. STATEMENTS OF BRAD WHITWORTH, Y2K MARKETING AND COMMUNICATIONS MANAGER, HEWLETT PACKARD CO.; PAT CAVANEY, YEAR 2000 PROGRAM MANAGER, CUSTOMER SERVICE AND SUPPORT GROUP, HEWLETT PACKARD CO.; RICHARD HALL, DIRECTOR, CALIFORNIA GOVERNMENTAL AFFAIRS, YEAR 2000 PROGRAM MANAGER, INTEL CORP.; TOM LATINO, PRODUCT MANAGER, PACIFIC BELL; AND RALPH TONSETH, DIRECTOR OF AVIATION, SAN JOSE INTERNATIONAL AIRPORT Mr. Whitworth. Good morning, Mr. Chairman. I am pleased to be with you today to talk about the year 2000 program at HP. The timing for my appearance really couldn't be better. We just passed an important internal milestone in HP's Y2K program that I'll tell you about in just a moment. HP is a worldwide electronics company, yet we're here in Silicon Valley. 1998 revenues over $48 billion. We employ about 120,000 people and conduct business in more than 120 countries around the world. We are the second largest computer company in the world, the 14th largest company in the Fortune 500. Probably best known for LaserJet and InkJet printers, PCs and our high performance computer systems. We're also the maker of hand-held calculators for students, patient monitoring systems for intensive care nurses, gas chromatographs for chemists. Y2K takes on three dimensions for us as an organization. First is that we had to make sure that the 36,000 products that we sell and ship today are all Y2K ready. Second, we want to make sure that customers who purchased products from HP in the past know the Y2K compliance status of their HP products and that they understand the need to check the readiness of HP gear in their own environment. And third, we're working hard to make sure that Y2K doesn't create any problems for our own operations. So we've been checking everything from orders processing systems in our Atlanta sales office to the electricity supplied to our Puerto Rican manufacturing facility to the phone system in our Beijing, China, operation. I'll spend some time talking about the first and third points in our Y2K program on products and our own operations, and then my colleague, Pat Cavaney, will tell you about the ways we've been working with our customers around the world and how we're helping them prepare for the move to the next century. Let me start with that third dimension to our Y2K program, our internal readiness. I mentioned we just passed an important milestone in our Y2K program. We had an internal readiness date of July 31st. We picked that date as the one by which we'd have all of our critical information technology systems and business processes ready for Y2K, and based on the reports from our managers around the world, we made it. In only a few instances do we still have some exceptions remaining, but we're confident that we'll be resolving those in the next few weeks. Meeting that target date of July 31st was not a trivial matter for a company of our size and complexity. For example, it meant checking the Y2K readiness of 150,000 personal computers, another 24,000 computer workstations, about 8,500 critical business software applications, 300 PBX systems, 13,000 servers, 2,700 routers, and all of these located in HP offices in more than 50 countries. That means we also had to check with more than 110,000 suppliers all over the world. We rely upon them for about 600,000 parts that we use to manufacture our products. They provide us everything from microprocessors to monitors. We're generally satisfied with their readiness programs. However, the complexity of that supply chain and that chain's reliance on a global network of transportation providers to move raw materials subassemblies and finished products does represent HP's largest Y2K vulnerability. This is particularly true outside the United States where we've discovered, as have Y2K experts like the Gartner Group, some countries have been late in addressing Y2K. So we're working closely with all these suppliers. But because many of these issues are beyond our direct control, we're spending a lot of time developing contingency and backup plans. I would certainly say that this is the area of focus for us for the rest of the year. Now let me tell you about the HP products that I mentioned. When we launched our Y2K program, we needed to make sure that all of today's products were Y2K compliant. We also needed to work back through thousands of products we've delivered in prior years to determine if they're Y2K ready, and also we needed to put in place a process to make sure that all of our future product offerings are also ready for Y2K. When we started a few years ago, there was no industrywide definition for year 2000 compliance, no testing standard. So we developed our own, based in part on GTE's Y2K test pattern that our IT organization had been using since 1996. We've been using it companywide ever since, and it's become a model in the industry to organizations like I-Triple E and NSTL, who developed their standards. Most important for us, it's now embedded as part of our ongoing test processes we use for every new product we introduce. So where do we stand today with our products? Well, all of the products that we've introduced since July 1, 1998 are Y2K compliant, and almost half of 115,000 products in our compliance data base are fine with Y2K simply because they don't process dates at all. There are large families of some of our largest and most popular products where there are no Y2K problems. For example, our DeskJet printers, our scanners and all but early versions of one model of our LaserJet printer are all Y2K compliant. We do have some older products that are not Y2K compliant. Most of these non-compliant products have been obsolete for some time. They are no longer supported by HP. However, we've made an important commitment to our customers on these older products. For every product that we've delivered since January 1, 1995, we will have a Y2K update or a replacement product available, and available at no additional charge if the product is covered under a support contract or warranty. One of the industry consultants who has studied our program calls this commitment to customers the most generous he's seen. But really, Y2K isn't about our policy or products or internal operations. Y2K is really about our customers and making sure that they have the information and the know how that they need to get their own computing environments ready for Y2K and continue their businesses. So I'd like to ask Pat Cavaney to share with you some more details about our customer Y2K programs, and what we've done so far, and what we'll be doing in the months ahead. [The prepared statement of Mr. Whitworth follows:] [GRAPHIC] [TIFF OMITTED] T0954.227 [GRAPHIC] [TIFF OMITTED] T0954.228 [GRAPHIC] [TIFF OMITTED] T0954.229 [GRAPHIC] [TIFF OMITTED] T0954.230 [GRAPHIC] [TIFF OMITTED] T0954.231 [GRAPHIC] [TIFF OMITTED] T0954.232 [GRAPHIC] [TIFF OMITTED] T0954.233 [GRAPHIC] [TIFF OMITTED] T0954.234 [GRAPHIC] [TIFF OMITTED] T0954.235 [GRAPHIC] [TIFF OMITTED] T0954.236 [GRAPHIC] [TIFF OMITTED] T0954.237 [GRAPHIC] [TIFF OMITTED] T0954.238 [GRAPHIC] [TIFF OMITTED] T0954.239 [GRAPHIC] [TIFF OMITTED] T0954.240 [GRAPHIC] [TIFF OMITTED] T0954.241 Mr. Cavaney. Good morning, Mr. Chairman. I appreciate the opportunity to speak with you today regarding Hewlett Packard and our approach to Y2K readiness in our role as a provider of customer support for our products. My name is Pat Cavaney, and I'm the year 2000 manager for Hewlett Packard's Customer Service and Support Group. HP has employees and authorized distributors in 120 countries providing service and support all the way from homes to small businesses to large Fortune 500 corporations. Our goal is to help our customers achieve their own Y2K readiness. In his statement, my colleague mentioned the extensive products evaluation HP has performed on our current and past products and what we're doing to offer Y2K updates for our previously shipped products. I'd now like to briefly address how HP has approached informing and supporting our customers through extensive proactive and communication efforts. This is the most far- reaching customer communication program that HP has ever undertaken. A key goal for HP is to reach as many customers as possible to make sure they check the status of their HP equipment as well as the readiness of their entire IT environment. Under the umbrella of the company-wide effort to inform customers, each of HP's major business segments has initiated a customer outreach program. Let me highlight a few of these for you. Our customer support organization has mailed Y2K information to all of its current customers under a support contract and informed them of the compliant status of every product covered under a support agreement. Today I've brought two such brochures that we've used in period mailings to our customers to inform them of the need to take action. Our Enterprise Computing sales organization has conducted Y2K meetings with several thousand of larger customers around the world. Hewlett Packard has also informed our customers of any computing and health care products purchased directly from HP since 1995 which is not compliant, whether it's under a support agreement or not. Last, we provided our channel partners who resell HP products with Y2K information which they can provide to their customers. In addition, these proactive communications programs HP's year 2K program offices around the world respond to customers' requests daily for information about the Y2K readiness of our products. These groups of HP employees answer questions, letters, faxes and surveys that customers may pose about Y2K. We've also made sure that all HP call centers and response centers worldwide and staff are trained to handle Y2K questions. HP's field organization is being equipped with the latest information on product compliance, services, upgrade programs for our customers and tools to assist customers with their Y2K readiness. HP's central Y2K website has been active since early 1997 and is now attracting more than 250,000 visitors a month. Our website contains our product compliance data base listing status of the more than 100,000 current and past HP products Brad mentioned. For customers who do not have access to the Internet or our website, our call centers and sales and support offices will respond to any Y2K inquiry we receive. We're working hard to inform the millions of customers who are not on a support contract with HP about our Y2K efforts. We're including a Y2K message in every press release the company issues in 1999, in the annual report, in select advertisements and direct mail campaigns in many countries and in key messages at trade shows and conventions such as at HP World next week in San Francisco. The other manner in which Hewlett Packard will assist its customers' transition successfully to the next millennium is through our enhanced customer support capacity and providing additional self-help tools directly to our customers. HP expects that the year 2000 issue will increase the number of phone calls for support into our call centers and response centers. While we can't precisely predict exactly how many calls we will receive for year 2000 support, we anticipate an increase in customer demand as we reach the latter stages of 1999 and 2000, particularly around the New Year's period for the rollover weekend. We believe that we'll see the greatest increase between the period of November 1st, 1999 and March 3rd, 2000. To address the needs for additional customer assistance during this period, we've taken specific action as part of our enhanced support capacity program. We have increased the staffing at our support call centers over this past year. We have developed specific employee work policies governing employee vacations and availability not only over the rollover weekend, but also in the surrounding months as well, not only for our call center and engineering personnel, but also the labs that are the escalation paths for those organizations. We have plans to redirect other HP resources on customer assistance activity should that be the case, and we've implemented new support tools and technology to more easily provide assistance to our customers including enhanced self- help tools that are available on our year 2K website. The year 2K rollover weekend and surrounding period is certainly not expected to be business as usual. Our customer support response centers will be open for the rollover weekend to provide Y2K assistance for our customers. In fact, for that weekend we will also expand our after-hours coverage staffing in our response centers to provide additional support. As another way additional information and assistance will be provided to our customers around the clock, HP will be implementing a fast track method to identify, analyze and report Y2K issues through our electronic support center website to customers worldwide later this year. This is an enhancement under an already existing feature that we have in our support response centers. In conclusion, the year 2K rollover and the surrounding period will be a time HP will ask all employees to focus on assisting our customers. HP is committed to making the transition to the next century a successful one for our customers and for our company, and certainly Hewlett Packard thanks you for the opportunity to share our year 2000 program with you today. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T0954.242 [GRAPHIC] [TIFF OMITTED] T0954.243 [GRAPHIC] [TIFF OMITTED] T0954.244 [GRAPHIC] [TIFF OMITTED] T0954.245 [GRAPHIC] [TIFF OMITTED] T0954.246 [GRAPHIC] [TIFF OMITTED] T0954.247 [GRAPHIC] [TIFF OMITTED] T0954.248 [GRAPHIC] [TIFF OMITTED] T0954.249 [GRAPHIC] [TIFF OMITTED] T0954.250 [GRAPHIC] [TIFF OMITTED] T0954.251 [GRAPHIC] [TIFF OMITTED] T0954.252 [GRAPHIC] [TIFF OMITTED] T0954.253 Mr. Horn. Well, thank both of you very much. If I had my checkbook here, I'd sign up right now. You two are real marketers. So I'm looking forward, Mr. Hall, to your marketing also. You're with one of the great firms of this valley, and that's the Intel Corp. Richard Hall is the director of California governmental affairs and the year 2000 program manager. Mr. Richard Hall. Thank you, Mr. Chairman. Actually, as I listened to Hewlett Packard's testimony, I could probably say ditto to about 99 percent of it, because our programs are very much in parallel with theirs as a similarly structured company in the same industry. But let me stick to my planned remarks with a few extra comments. First, I want to express our thanks as an industry and company to this subcommittee. I believe that in unison with Chairman Bennett's committee in the other house, that you have achieved a very high level of public attention for the year 2000 problem that otherwise would not have been achieved. In particular, the report card methodology that you've used on a quarterly basis has focused media and public attention to that, and to me it's really a case study in how to succeed in getting attention to something that's very difficult to get attention to on a good day. Mr. Horn. Well, thank you. It does have its impact. The State Department finally cleared up their small number of mission-critical systems, and somebody asked them from a computer journal, ``How did you finally do it, the move from the F to the A-minus stage?'' And they said, ``Well, I guess my boss was just tired of all those Fs.'' So it helped. Mr. Richard Hall. Precisely. In that context, it's not in my prepared testimony, but in listening to the public sector representatives this morning, I wanted to make this remark. For another presentation I did on the year 2000 recently on July 30th in a nice place up in South Lake Tahoe, I did an analysis of 1 day's news media coverage regarding the year 2000. I picked an interesting day. It was July 21st, 9 days before I was up there, and on that day there was a good news development on the year 2000 and a bad news development. The first was Mrs. Garvey's announcement that the FAA had achieved, and she said without qualification, full compliance on the year 2000, and the public should have no concerns. On that same day, Mrs. Williams-Bridgers of the U.S. Department of State testified before the Congress that one-half of the 161 countries that the U.S. Department of State had analyzed around the world for year 2000 capability had the potential for severe infrastructure disruptions which would in turn effect U.S. trade and commerce in significant ways. Now, the following day, July 22nd, in the 30 major U.S. daily newspapers there were seven stories about Mrs. Garvey's announcement and about Ms. Bridger's testimony. There were 130 stories about day six of the Kennedy/Bessette tragedy, a 16 to 1 ratio. I'm not drawing a value judgment there, but I'm pointing out where attention has been focused in the American public mind and conscience about this, and a concern that I would express is that as we get closer, today we have 139 days remaining until the date rollover, as we get closer, the public and media attention will shift from very low gear to extremely high gear. We'll go from an under reaction to an overreaction, and this parallels comments made by some of the representatives today of the municipalities who are struggling to develop and execute public information campaigns. Now after my editorial diversion, I will return to my text and a few comments, and I'll tell you about Intel. The other task that this subcommittee and Chairman Bennett's committee on the Senate side played such an important role in achieving was the final passage of H.R. 775, known as the Y2K Act, signed by the President on July 20th. I took note at the time that that bill was signed by the President Pro Tem of the Senate, Senator Thurmond, who will turn 97 years old on December 5th, still the oldest American political leader, electronically signed the bill and transmitted it by e-mail to the White House for the President's signature. I thought that was an historic development in and of itself. It creates a necessary legal framework for potential litigation over the year 2000 and over the next 3 years, and was a milestone development for this country. Let me offer you in my brief time four observations from Intel Corp.'s standpoint. First of all, 10 days ago we announced internally, and I'm delighted to announce the same externally today, that Intel Corp. had achieved 100 percent, and again, 100 percent, not 99.9 percent, compliance of all internal systems. Of all the applications and systems that run Intel's business systems worldwide, we are now complete. No. 2, as of today, by our own internal measurement methodology, 95 percent of our mission-critical and priority suppliers around the world are either year 2000 capable or have contingency plans in place that have satisfied us in terms of the capability of continued support of Intel's business. Third, on a less bright note, we continue to have concerns at Intel about the readiness of external infrastructure, power, telecommunications, water, transportation in certain critical foreign geographies. Our experience, my own experience as part of Intel's year 2000 team traveling to a number of foreign countries, I spent nearly 2 weeks in Japan in May as one example, parallels what the State Department has found. In fact, I coincidentally crossed paths twice with the State Department team in the month of May. We were on some of the same airplanes and going to some of the same places, meeting some of the same people. That experience also parallels what the GartnerGroup has publicly described for the U.S. Congress and the media about the concerns regarding foreign infrastructure and its readiness, particularly in Asia and the Pacific. Last, in brief summary I'd like to say, as Hewlett Packard remarked, our public website which is www.intel.com contains a vast wealth of information about our year 2000 readiness, our products, our strategies, our programs, far more than I could adequately summarize today. Under the guidance of Congress established in October 1998 under the first major Federal law that was passed, we have done as full a job of disclosure as I think we are able to do about all aspects of Intel's year 2000 readiness. So again, I'd like to thank you, Mr. Chairman, and your subcommittee for an excellent job of oversight and drawing public attention. We'd like to thank you for the legislation passed in July, and I hope that I've given you an adequate overview of Intel's position today at 139 days before the date rollover. Mr. Horn. Well, that's a very helpful statement, and we'll get into some of the foreign experiences in the question period here. They're very important. [The prepared statement of Mr. Richard Hall follows:] [GRAPHIC] [TIFF OMITTED] T0954.254 [GRAPHIC] [TIFF OMITTED] T0954.255 [GRAPHIC] [TIFF OMITTED] T0954.256 [GRAPHIC] [TIFF OMITTED] T0954.257 [GRAPHIC] [TIFF OMITTED] T0954.258 [GRAPHIC] [TIFF OMITTED] T0954.259 [GRAPHIC] [TIFF OMITTED] T0954.260 Mr. Horn. Next we have a 2-day involvement with this subcommittee. Tom Latino is the product manager for Pacific Bell. He was with us in our Sacramento hearing yesterday, and we're delighted to see you again. Mr. Latino. Good morning. My name's Tom Latino and I am the director of the public safety organization for Pacific Bell. I appreciate the opportunity to update to you on SPC's readiness for the year 2000, and I'm happy to say we have some great news to share. The bottom line is that when you pick up the phone on January 1st, our network will be ready to serve you just as it always has, and so will the wireless, data, Internet and other services we provide. We spent nearly 4 years preparing for the Y2K issue. As of June 30th, virtually all necessary Y2K upgrades have been completed. A very few upgrades are scheduled to be completed by September. As we wrap up these upgrades, we will continue to focus on testing and finalizing our business continuity plans. All of our services will be tested and retested in simulated year 2000 environments prior to January. Our testing efforts also go well beyond our own network as SPC is working with the Alliance for Telecommunications Industry Solutions, or ATIS, to test our services in conjunction with other communication companies and other industries. As a matter of fact, ATIS recently announced the successful completion of recent Y2K tests involving communication networks serving the credit card and financial industries. SPC and other communication carriers had no difficulty in transmitting financial data in the simulated environment. We have also worked closely for Telephone Year 2000 Forum which in December completed tests showing that local networks are prepared to provide uninterrupted service. This internal and third-party testing provides further evidence that Y2K will be a non-event for our customers, and while we strongly believe that will be the case, we also recognize that factors outside of our control could potentially impact our service. To further ensure continuous quality service, SPC is enhancing its business continuity plan to prepare for Y2K contingencies. The plans are an extension of Southwestern Bell's existing procedures for providing service in the event of an emergency or natural disaster. As part of these business continuity plans, SPC will increase staffing and customer support at business centers during peak periods leading up to and including the New Year's holiday. We are also establishing command centers throughout our service territory to ensure a smooth transition to the New Year. As you can tell, Y2K readiness has been a very big job. All told, SPC has spent nearly $200 million to prepare for Y2K. SPC's Y2K project management team is led by an officer of the company and each of our major business units have a dedicated Y2K coordinator responsible for managing our year 2000 issues within their organizations. To keep our customers up to date on our progress, SPC's Y2K team maintains a comprehensive website with the latest information available. Anyone looking for detailed information on our Y2K readiness can access the preparing for the millennium section on SPC's website at www.spc.com. This site includes a section that allows you to check on the readiness of the central office switch that serves your community. You can also register at the website to receive a copy of SPC's final readiness report. Thank you again for the opportunity to provide this update. Mr. Horn. Well, thanks very much, and we do want to list all your numbers so people can reach you. That's a very good service you all have on that. Mr. Ralph Tonseth is director of aviation for San Jose International Airport. I must say I always enjoy coming in and out of San Jose. You run a very good operation there. Where does that rank in the airports in California, just as a curiosity? Mr. Tonseth. Mr. Chairman, San Jose International Airport is currently the fourth largest airport in the State of California, currently handling more than 11 million passengers annually and 250 million pounds of air freight annually. At the current time, we also are the employment site for more than 5,300 individuals and are the only commercial airport in the Santa Clara County, and therefore the Silicon Valley for the provision of commercial air services, and so we therefore take the responsibility very seriously to support all of these great corporations and the transportation needs both for individuals' trips and for air cargo services. I'd like to thank you, Mr. Chairman, for the opportunity to present to this subcommittee the report of San Jose International Airport on our Y2K program. Like many others, we have long recognized the need to address what has been called the millennium bug problem, and we began our program in the summer of 1997, and since that time have expended internally more than 10,000 staff hours and expended more than $6 million to reduce the chance of service interruptions related to potential Y2K problems. I'd like to give you just a very brief overview of our program, since it really does integrate many sectors of our local economy. Under specific direction from the FAA, we have identified all mission-critical systems related to air transportation, both in hardware, software and embedded chips that may impact airport operations for the year 2000. We've also been working on an ongoing basis with suppliers both from the private and public sectors to ensure us that their systems that we use are compliant and therefore will not negatively impact passenger or freight customers. Early on we performed a set of risk analyses and set priorities for compliance, and we have, to the best of our ability, confirmed by means of testing that all airport critical systems and equipment do meet the year 2000 requirements. We expect to have all of our airport systems, with the exception of our parking and revenue control systems ready by September 30th, 1999. That system, the Parking Control System will be Y2K compliant by November. We've developed detailed contingency plans for all systems, and those plans have been antiquated with our existing emergency operations programs. The scope of our program at the airport has been extensive. We have identified 54 critical systems containing over 4,000 individual components. Each of these systems has been thoroughly reviewed and assessed to determine the level of risk, and in addition, each of these system's potential for health, safety and other impacts have been evaluated. We also have invested in hiring two independent consultants and have gained from them considerable insight into the year 2000 program. The first of these was a consultant that provided an embedded chip inventory, which we completed in May 1998. And the second firm provided us a project management and documentation expert. The current status as of today is that eight critical airport systems that were found to be deficient have been replaced totally or upgraded and tested. 26 systems were found not to have embedded time/date components within them. These, however, have been also tested and replaced or upgraded where feasible. Five systems are currently being replaced as we speak and are expected, as I mentioned earlier, to be completed by September 30th. And we are currently working with other city departments, tenants or others and FAA to complete the compliance process for the remaining 15 systems we've identified. We have made good progress, I believe, in dealing with this problem. We have allocated the appropriate time in staff and resources to deal with it. Our main concern as of today, really, is our dependence upon public utilities, fuel suppliers, telecommunication suppliers and others whose services are beyond our control. However, we will continue to work with these people to coordinate our efforts to make sure that we have everything up to date by the year 2000. We will have on staff on the evening of December 31st, 40 additional personnel that would not normally be on station. We will open our emergency response center to deal with any potential problems that may arise, and as you may know from the new requirements from the FAA, we will, between midnight and the time we open for first operation the next morning, test, verify and report to the FAA at headquarters verification that all of our systems are working. In conclusion, I'd like to thank the committee for coming to our nice city and holding this hearing, and I'd like to assure you that San Jose International Airport is up to date and really do aspire to make sure that if you do choose to land here on the morning of January 1st in your aircraft, I will be happy to meet you at the gate. Mr. Horn. Thank you. We might do that. I was born in Santa Clara County, so I'm pretty familiar with this county. [The prepared statement of Mr. Tonseth follows:] [GRAPHIC] [TIFF OMITTED] T0954.261 [GRAPHIC] [TIFF OMITTED] T0954.262 Mr. Horn. Now, let's go back, and if we can get Mr. Willemssen at the table, I think, my friend, that there's a chair right there. And I'd like to ask Mr. Willemssen, Joel, what have you heard from this panel that you'd like to bring to the floor, and we can talk about it. Mr. Willemssen. I thought of a couple things that might be interesting, especially with HP and Intel here, is if they can give us a general perspective on what they think about embedded chips and the Y2K issue. Because if you look back at Y2K and how it's rolled out over the last several years, in the early years, this was really viewed as a mainframe issue, COBOL, and then after that, the embedded chip issue got a lot of play, a lot of concern. I think that's leveled off to some degree. So to the extent that one can generalize on the embedded chip issue and on the extent of the IRTC problem, I think that would be useful. Mr. Horn. How about that, gentlemen? Mr. Whitworth. With embedded chips at Hewlett Packard, most of what we're looking at is as a user of these, whether it's a manufacturing production environment, or things that you read about, the elevators and escalators in office buildings and those sorts of things. In our testing, both in the facilities side of things and the manufacturing groups, as they've gone through testing, embedded chips have really not proven to be a significant issue at all. In very rare instances we found some things, usually in working with the manufacturer of that particular piece of equipment, we found that it's much lower expectation, or actual results than what we had expected to find. So it's been almost a non-issue for HP in terms of the embedded chip problem. Mr. Horn. How about it, Mr. Hall? What's the Intel view on this? Mr. Richard Hall. Two points: One is it's ironic in that about somewhere around 90, 99 percent of all of the chips or microprocessors that Intel has ever manufactured are the kind that go inside personal computers or servers, and by their very nature, they never have, now nor ever could have, any date dependent functionality. The software that runs on them may very well, but the hardware itself does not. Over the years as really more of a sideline, we have manufactured as a company embedded process control chips, and I would concur with HP's general view both in terms of our internal operations and in terms of those products which over the years Intel has sold for embedded process control, that the problem turned out to be defined down to a much smaller scope than what was originally feared. A much smaller percentage of embedded process controllers actually have date sensitive functions, and most of those in turn have proven easier to remediate than originally thought. However, there's a simple human fact here. It relates back to the observation, Mr. Chairman, that you made, which is one that we agree with. Year 2000 is a management and resource problem more than it is a technical problem, and even though the embedded process control issue in the United States with Intel or Hewlett Packard or worldwide is smaller than originally conceived as we've talked about, the fact is that if you don't go in and fix the thing, it will not operate correctly, and those organizations in any country's public or private sector that don't go in and fix and test directly are going to have significant failures, and that's an issue of management attention and resources. Those would be some observations I have. Mr. Horn. How many embedded chips does Intel put out in year? Mr. Richard Hall. I don't have that number today, Mr. Chairman. It's a relatively small number. If you look in terms of microprocessors we're probably manufacturing and selling somewhere around 10 million a month. Embedded process control would be a tiny fraction of that today. Very small. In the few 100,000, perhaps, if that. Mr. Horn. Would it be fair to say that half of your sale of those would be to foreign countries and industry in foreign countries? Mr. Richard Hall. About 55 or 60 percent of the corporation's sales today as a whole are outside of North America. So if the pattern parallels, for embedded process control parallels that, yes, sir, that would be correct, but I do not have full data for you today. Mr. Horn. Could you just run through off the top of your head what the average citizen might run, think about, in terms of embedded chips in things that are very close to them in their house or in driving to work or in traffic signals, this kind of thing? Mr. Richard Hall. All of those that you just mentioned, plus inside their VCR, their cellular telephone and several of the appliances they have around their home. All of us over the last few years have added more and more embedded process control in our lives. By some estimates, the average American has somewhere between 50 and 100 embedded process control devices surrounding him or her, and they have not ever seen a single one or actually know what they do. Again, the good news is the vast majority, for instance, those in vehicles, primarily to the extent that they have a measurement of time, they measure things like the cycles that the engine turns over, not time according to the Gregorian calendar established by Pope Gregory IV in 1563, which is what actually got us into this problem. If you want to trace it back historically. I have a humorous story about that, I won't burden you with today. Mr. Horn. Why not? Mr. Richard Hall. Well, I've said in a few other venues that if you wanted to bring the ultimate witness before a public body, particularly the U.S. Congress, it would have to be Julius Caesar, because he established the Julian calendar in the first century. That calendar was with 12 months and X number of days and weeks and all that which we take for granted. That calendar was then modified by Pope Gregory IV in the year 1563, and over the next four centuries, as Western Europe became economically and militarily and politically dominant, there is a period of European colonization, the rest of the world adopted the Gregorian calendar which originated in 1563. Then in the second half of the 20th century, we taught the Gregorian calendar to our machines, and that's the historical lead-up to why we have this problem. If we developed a different calendar using some different counting system tracing back to Julius Caesar we wouldn't have had this hearing today. That's the historical reason for the year 2000 problem. To try to answer your specific question, to complete my answer to your specific question, Mr. Chairman, in summary, the number of embedded process control chips that everyone relies on today is very large, but the vast majority of them, in fact, do not have date sensitive functionality that is going to cause them to fail at the millennium rollover. I hope that's a good summary answer. Mr. Horn. It's very helpful. In some of our hearings we've been curious in terms of reactors, let's say nuclear reactors, other types of equipment that might be related to a power supply of one sort or another, and could something happen in terms of the distribution system once that energy is generated. Because obviously, we'll get more into it in the next panel, it's one of toughest problems we face is will your suppliers, let's say, have sufficient power to keep their lines going, and if they don't, we ought to know about it, because that really would be a problem. So I don't know if any of you have any reaction to that. Mr. Latino. Certainly from SPC's perspective we have extensive power generation capabilities. We have reviewed all of our contracts with fuel suppliers to ensure that we will have a steady stream of fuel, and if you may remember, Mr. Chairman, approximately a little over a year ago a major municipality suffered or endured a power failure; the phone systems kept on working. Mr. Horn. That's good news. Good ol' Ma Bell still lives. Well, any other comments on Mr. Willemssen's point down there? How about it? You satisfied? Mr. Willemssen. If I could, Mr. Chairman, indulge you in one related issue, yesterday you heard from two witnesses from two major health care providers that they have elected to test on their own their biomedical equipment rather than rely on what the manufacturers say. Most manufacturers of biomedical equipment say not to do that for fear of disrupting the device or getting false readings. HP mentioned early on in their statement that among their products are patient monitoring systems and other biomedical equipment items. I was curious about what Hewlett Packard's view might be on major health care providers going out and testing biomedical equipment items on their own and what kind of impact it could have. Mr. Whitworth. We actually have been encouraging all of our customers, whether it is a health care provider or a major corporation or nonprofit organization to do the tests. But I think what happens in the industry is the HP equipment is used in an environment where it might be attached to another computer system, and you need to check those relays, the interface between the two. So while we can test our products in our labs, and we can come up with a company-wide testing process that we use for everything from our personal computers to our health care products, we then encourage people to take those products and test them in their own environment. So we are probably just the opposite of what you have heard, which is please do test and make sure that in your own environment, which is probably different from our own test labs, the thing behaves the same way that it does for us, and if it doesn't, tell us. We want to see if there is some sort of a problem that we haven't been able to discover, and fortunately that has not been the case in the health care side of things for HP. Mr. Horn. When we were in Cleveland last year, we had a witness from the Cleveland Clinic, which is a rather well-known hospital complex in America, that they were checking all of their equipment, obviously, in the emergency room, and that there was a website where hospitals around the country could put on, A, the manufacturer's name, the model number, all the rest, and they wouldn't have to reinvent the wheel every day around the Nation. Are you familiar with that, and are there other websites or other corporate websites you have where they can check your equipment and note what model they have and should they be concerned? Mr. Whitworth. One of the beautiful things about the web, I think, it's allowed that degree of specialization to exist within industry groups and special user groups. We cooperate fully, provide them with the information that we have, and I think the sharing within the industry is also very, very important. As I mentioned, a Hewlett Packard PC might have an Intel chip. It might be running a Microsoft piece of software and application, and we have established consortia where we will try to make sure the technical response is coordinated so that we don't end up pointing fingers at one another, and we come up with the adequate response that a customer might want. So somebody calls in to Microsoft and they determine it's HP, they know exactly where to go in HP to get the response, and the flip of that is true as well. Mr. Horn. How about Intel on that? Is there a way your customers can get back in in relation to the chip problem? Mr. Richard Hall. Yes. We have a large number of people, in fact, coincidentally most of them reside where my office is located near Sacramento in a town called Folsom. Several hundred people in our customer support division, just like HP, who are fully trained to deal with all of the year 2000 issues, and also have people in all of the Intel sales and marketing geographies around the world who are prepared to cover all these issues in detail as they come in on the 1-800 line system that our company has, just like HP's. Mr. Horn. Mr. Willemssen, any more comments on that? Anybody have any more questions you'd like to raise having heard all of your colleagues on the subject? Phone company we know is happy. But anyhow, I just have one more and that gets back to your suppliers yet. I take it you've all done an inventory of your suppliers to see if anything would slow up. I don't know if you're using a Japanese inventory system where it's flowing into your assembly line on a steady basis. Have you had any problems with suppliers being 2000 compliant? Mr. Whitworth. We have at HP. In fact, one of our departments, the corporate procurement department that manages the relationship for some of the key suppliers that are common to a number of HP organizations made it a priority to first set up a survey to find out what our suppliers were doing. If they didn't get the answers that they were looking for, we would go and spend time and do in-depth interviews with some of our key suppliers. We have in some instances moved from a single source supply to dual sourcing because we weren't comfortable with the conditions, and we also said some of the companies we were not comfortable with, we would eliminate from future possible business within HP. So we have made that sort of a condition for doing business with HP. But it hasn't been in a, let's call it a mean-spirited way. Part of our job is to get with that supplier and work with them to see if we can improve their own Y2K readiness following some of the patterns and some of the lessons that we've learned at HP. So we're trying the best we can to do that. It's being done all over the world, not just here in the United States, because our supply chain is everywhere. And I'd say the general response we've gotten has been very, very positive from the suppliers. But that probably is the biggest degree of uncertainty, because each of those suppliers then in turn relies upon someone else who relies upon someone else, and it's very difficult from a corporate standpoint at HP to follow that chain all the way up and down and really take total ownership for guaranteeing the answers are right. Mr. Horn. Mr. Hall, is that pretty much the way Intel has handled it? Mr. Richard Hall. Yes. We've cut off some suppliers, not a large number, but we've stopped doing business with some. Before the end of the calendar year, there are more that we'll have to stop doing business with, and I doubt we will resume doing business with them, because the failure to address and manage the year 2000 problem is a demonstration of incompetence which would disqualify them from doing business with us in the future. It's unfortunate, but I think you're going to find this phenomenon accelerating very rapidly as the calendar goes by toward December. Mr. Horn. It sort of surprises me when they've got major firms such as yours and HP that they wouldn't conform to assure you the supply source that they are. I would think what's doing? Have they got other customers that just don't care about it, or what would they do? Mr. Richard Hall. I don't know the answer. I have the same question, and I don't know the answer. Mr. Horn. Well, if we have any, I'd be fascinated by that, because I think it's a major problem down the line for all of you, and I'm glad you're on top of it. That's all the questions I have on this subject. We might send a few to you afterwards, if you wouldn't mind just replying to us. We'll put in that objection at this point in the record. I wish a good part of America tuned in and listened to this panel and the last panel, because I think they would have learned a lot. So I thank you all for coming out on a Saturday and not sailing or whatever you do on Saturdays, and thanks for coming. We're down to panel three now. Garth Hall, the manager of project 2000 is with the Pacific Gas & Electric Co.; Karen Lopez, division manager, administrative services, Silicon Valley Power; Dr. Frances E. Winslow, director, Office of Emergency Services, city of San Jose; William Lansdowne, chief of police, city of San Jose; John McMillan, deputy fire chief, city of San Jose. Please come forward. I think you can see those signs. OK. We've got everyone behind the right sign. I see. If you don't mind, please stand up; raise your right hands. [Witnesses affirmed.] Mr. Horn. The clerk will note that all five witnesses affirmed. And we will start with Mr. Hall. We're delighted to see him again. He was with us in our statewide hearing in Sacramento yesterday, and I notice your statement is even larger today. What did you do? Work all night? We didn't get the full version yesterday. STATEMENTS OF GARTH HALL, MANAGER OF PROJECT 2000, PACIFIC GAS & ELECTRIC CO.; KAREN LOPEZ, DIVISION MANAGER, ADMINISTRATIVE SERVICES, SILICON VALLEY POWER; FRANCES E. WINSLOW, DIRECTOR, OFFICE OF EMERGENCY SERVICES, CITY OF SAN JOSE; WILLIAM LANSDOWNE, CHIEF OF POLICE, CITY OF SAN JOSE; AND JOHN McMILLAN, DEPUTY FIRE CHIEF, CITY OF SAN JOSE Mr. Hall. Mr. Chairman, it is indeed a pleasure to be here again today on behalf of PG&E Corp. I oversee all of the companies within our nation-wide energy business, including the utility, which of course is a major area of interest today, and I can assure you again, as I did yesterday, that the standards for our Y2K readiness across all lines of business has been equally as high as it has been in the utility. Our program, of course, had all the elements that have been discussed from the beginning of inventory all the way through contingency planning that I mentioned yesterday. We have been through all that process with all of our affiliates including the utility, and in July we were very pleased in the utility, PG&E, to inform the North American Electric Reliability Council which received a request from the Department of Energy to oversee the utilities nation wide in terms of their electrical reliability, in July we were pleased to report that all of our electric delivery systems are Y2K ready. That includes our hydro and our fossil power plants that we still own. And in addition to that, we have a handful of items left to test across our gas and nuclear energy arenas, and expect to achieve full compliance with those very soon, by September. Even though we are very confident in our internal systems that I've just summarized, we're still taking our external dependencies very seriously. We have up to 2000 mission- critical business partners, suppliers and government agencies that we have identified, and have developed for each of those a contingency plan in case they fail to supply the service to us. Even though in almost all cases we have received very satisfactory responses back from them, and we have a fairly high degree of confidence based on that, and have had dialogue with them that they will be ready as well, we have still taken that precaution, because of social responsibility to provide high quality electric power and gas supply, to make sure that we have contingency plans in place to assure the public we will be ready. At a higher level, as mentioned yesterday, we have performed two rounds of high-level business recovery drills, which is our customary practice to deal with storms, earthquakes and similar disasters, focussing now to make sure that the teams that would respond to those kinds of disasters, including the IT teams, are very well prepared to deal with any Y2K events, which, of course, we do not expect. We also recognize, again, the importance of communicating to our customers and others our readiness, and we have met with over 100 external customer groups and have assured them and demonstrated our program, answered their questions about how they should interact with us, and have prepared everyone to be ready. In fact, we will have, over the New Year's weekend, the transition period, we'll be elevated to the highest state of readiness we have within our capability, which is the level at which we deal with any major outage or any storm-related or earthquake outage. We will be at that level of deployment, ready for any emergency over the New Year weekend. That includes all of our distribution emergency centers, including those here in Santa Clara County. That's where we have our closest connection with emergency services of fire departments, police departments, and Offices of Emergency Services. Those connections will be well established. We have also met with many customer groups, as I mentioned, Hewlett Packard, Wells Fargo, Catholic Healthcare West for example, Shell Oil, government agencies, city of Milpitas for example, Santa Clara County, also trade groups, for example the California League of Food Processing. All of these groups we have shared information with. They have, to our best knowledge, been very satisfied with that information, and we have opened opportunities for them to hear more if they need to. We have a website available at www.pge.com, which has a Y2K section with current status information and other information as well. With that, I conclude my remarks. Thank you again. Mr. Horn. Thank you. [The prepared statement of Mr. Garth Hall follows:] [GRAPHIC] [TIFF OMITTED] T0954.263 [GRAPHIC] [TIFF OMITTED] T0954.264 [GRAPHIC] [TIFF OMITTED] T0954.265 [GRAPHIC] [TIFF OMITTED] T0954.266 [GRAPHIC] [TIFF OMITTED] T0954.267 [GRAPHIC] [TIFF OMITTED] T0954.268 Mr. Horn. We now have Karen Lopez the division manager, administrative services for Silicon Valley Power. Ms. Lopez. Mr. Chairman, thank you for inviting the city of Santa Clara's Electric Utility, Silicon Valley Power, to address you today on the year 2000 readiness. Mr. Horn. Do you want to move that right in front of you. Mics are difficult nationwide. Ms. Lopez. I usually don't have a problem with speaking too loudly, so we'll try that. My name is Karen Lopez. I am the division manager for the administrative services for Silicon Valley Power, and I'm also our year 2000 project team leader. I would first like to tell you a little bit about Silicon Valley Power. Silicon Valley Power is the municipal electric utility for the city of Santa Clara. As you heard earlier from Mr. Ron Garratt, our assistant city manager, Santa Clara is a charter city located in the heart of Silicon Valley. The city offers electricity and energy services through the trademarked name of Silicon Valley Power. Since 1896, the city has provided electric service to the businesses and citizens within its boundaries. Santa Clara has an estimated population of 103,000 people. At the end of December 1998, Silicon Valley Power served approximately 46,500 customers, and had a total sales of 2,506 GWh with a peak demand of 443.8 MW. Almost 87 percent of Silicon Valley Power's energy sales are made to industrial customers such as Intel, 3COM, Sun Microsystems and other internationally known corporations. To provide electric services within its service area, Silicon Valley Power owns and operates generation, transmission and distribution facilities. Silicon Valley Power also purchases power and transmission services from others, and participates in several joint power agencies with other municipalities. Silicon Valley Power has a year 2000 readiness project plan that articulates the steps that we have taken over the past several years to be ready to maintain a reliable supply of power to our customers into the next millennium. As a part of this plan, Silicon Valley Power formed a project team consisting of representatives from each of our divisions to coordinate our activities. The project team has established milestones, assigned responsibilities and monitors our progress toward minimizing the year 2000 risks to our customers and to our continued reliable supply of services to those customers. Silicon Valley Power internally inventoried and assessed all computing systems, equipment and software, for year 2000 readiness. We also contracted with an external vendor for the inventory and assessment of all other Silicon Valley Power equipment for potential year 2000 risks from embedded systems. That inventory and assessment were both completed in 1998 and continue to be updated as changes occur. Silicon Valley Power has not identified any internal system critical to our supply of electrical service to our customers that is not year 2000 ready. All of our business critical and non-critical systems and equipment either have been remediated or are in the process of being remediated. This process is expected to be completed before September 1st. The testing of all systems capable of being tested without impact to our customers will also be completed by September 1st. Due to the constant demand of supply of electricity to our customers, it is not fully possible to test all of our equipment without disruption of that supply. However, let me say again, that Silicon Valley Power has not identified any non-year 2000 ready system or equipment that is critical to our ability to supply electricity to our customers. The amount of dollars that Silicon Valley Power has and plans to expend in total on our year 2000 readiness efforts has not been formally developed, since year 2000 concerns have been incorporated into our technology projects over the past several years. However, since those concerns, or those technology projects and concerns were not exclusive drivers to these projects, a breakdown of costs that relate directly to the year 2000 would be extremely difficult to perform. Our staff has met with all of our business partners regarding their and our year 2000 readiness efforts. We send representatives to and participate in the year 2000 readiness meetings of various agencies including the Western Area Power Agency, the Northern California Power Agency, the North American Electric Reliability Council, the California Municipal Utilities Agency, and the Independent Systems Operators. Although there are no plans at this time for Silicon Valley Power to be a formal participant in interagency testing, Silicon Valley Power has, and will continue, to monitor the year 2000 readiness activities of our partners, suppliers, vendors and customers for any potential impact on our ability to continue to supply those services to our customers. Silicon Valley Power will remain vigilant in this area. For over 100 years Silicon Valley Power has provided a reliable supply of electrical services to our customers. During this time, the city of Santa Clara has experienced several major natural disasters such as floods and earthquakes. From these experiences we have developed contingency plans and emergency plans to minimize any external impact on our ability to continue to provide electrical services. In addition, we are in the process of developing year 2000 specific contingency plans. On April 9th, in conjunction with the North American Electric Reliability Council's drill, Silicon Valley Power conducted an internal year 2000 readiness contingency planning drill with representatives from all Silicon Valley divisions, power divisions, and several other city departments such as our Fire and Police. We will also hold a year 2000 rollover staffing simulation and readiness preparation exercise on September 9th, concurrent with the planned North American Electric Reliability Council drill. Silicon Valley Power has been extremely active in its efforts to educate and to communicate regarding our concerns and efforts for year 2000 readiness. We have held educational meetings with all Silicon Valley Power staff, with our major industrial customers, both individually and in groups, with our commercial or small business customers, our residential customers and through our City Council. Future meetings are scheduled with each of these groups to not only continue our educational efforts, but to provide informational updates on our year 2000 readiness status. In closing, I want to thank the committee for the opportunity to be here today, and on behalf of the city of Santa Clara's City Council, I want to extend our appreciation to this committee for its efforts in trying to look at this throughout the Nation. Mr. Horn. Well, thank you very much, Ms. Lopez. [The prepared statement of Ms. Lopez follows:] [GRAPHIC] [TIFF OMITTED] T0954.269 [GRAPHIC] [TIFF OMITTED] T0954.270 [GRAPHIC] [TIFF OMITTED] T0954.271 [GRAPHIC] [TIFF OMITTED] T0954.272 [GRAPHIC] [TIFF OMITTED] T0954.273 [GRAPHIC] [TIFF OMITTED] T0954.274 [GRAPHIC] [TIFF OMITTED] T0954.275 [GRAPHIC] [TIFF OMITTED] T0954.276 [GRAPHIC] [TIFF OMITTED] T0954.277 [GRAPHIC] [TIFF OMITTED] T0954.278 [GRAPHIC] [TIFF OMITTED] T0954.279 [GRAPHIC] [TIFF OMITTED] T0954.280 [GRAPHIC] [TIFF OMITTED] T0954.281 [GRAPHIC] [TIFF OMITTED] T0954.282 [GRAPHIC] [TIFF OMITTED] T0954.283 [GRAPHIC] [TIFF OMITTED] T0954.284 [GRAPHIC] [TIFF OMITTED] T0954.285 [GRAPHIC] [TIFF OMITTED] T0954.286 [GRAPHIC] [TIFF OMITTED] T0954.287 [GRAPHIC] [TIFF OMITTED] T0954.288 [GRAPHIC] [TIFF OMITTED] T0954.289 [GRAPHIC] [TIFF OMITTED] T0954.290 [GRAPHIC] [TIFF OMITTED] T0954.291 [GRAPHIC] [TIFF OMITTED] T0954.292 [GRAPHIC] [TIFF OMITTED] T0954.293 [GRAPHIC] [TIFF OMITTED] T0954.294 [GRAPHIC] [TIFF OMITTED] T0954.295 [GRAPHIC] [TIFF OMITTED] T0954.296 [GRAPHIC] [TIFF OMITTED] T0954.297 [GRAPHIC] [TIFF OMITTED] T0954.298 [GRAPHIC] [TIFF OMITTED] T0954.299 [GRAPHIC] [TIFF OMITTED] T0954.300 [GRAPHIC] [TIFF OMITTED] T0954.301 [GRAPHIC] [TIFF OMITTED] T0954.302 [GRAPHIC] [TIFF OMITTED] T0954.303 [GRAPHIC] [TIFF OMITTED] T0954.304 [GRAPHIC] [TIFF OMITTED] T0954.305 [GRAPHIC] [TIFF OMITTED] T0954.306 [GRAPHIC] [TIFF OMITTED] T0954.307 [GRAPHIC] [TIFF OMITTED] T0954.308 [GRAPHIC] [TIFF OMITTED] T0954.309 [GRAPHIC] [TIFF OMITTED] T0954.310 [GRAPHIC] [TIFF OMITTED] T0954.311 [GRAPHIC] [TIFF OMITTED] T0954.312 [GRAPHIC] [TIFF OMITTED] T0954.313 [GRAPHIC] [TIFF OMITTED] T0954.314 [GRAPHIC] [TIFF OMITTED] T0954.315 [GRAPHIC] [TIFF OMITTED] T0954.316 [GRAPHIC] [TIFF OMITTED] T0954.317 [GRAPHIC] [TIFF OMITTED] T0954.318 [GRAPHIC] [TIFF OMITTED] T0954.319 [GRAPHIC] [TIFF OMITTED] T0954.320 Mr. Horn. Our next witness is Dr. Frances Winslow, the director of the Office of Emergency Services, city of San Jose. Nice to have you here. Ms. Winslow. I guess it's still good morning. We appreciate your coming to visit us. Mr. Horn. Not by my watch. It's afternoon now. One of us is wrong. This has been on my wrist for 50 years, so who knows. Ms. Winslow. We appreciate the opportunity to have you come to us here in Silicon Valley to discuss the topic that perhaps is of greater interest here than in other parts of the country, because not only are we consumers, but as you heard from our previous panel, our economic base is greatly involved with the high-tech community. I brought a formal testimony which I know that you received, so I'd like to make a few informal remarks to you here instead. Earlier one of the panel members mentioned the impact the media has had and how unfortunately the coverage is perhaps not what we might have hoped. But I've been encouraged to see in the last couple of weeks an increasing amount of interest in the media. I brought a couple of examples today. I'm a member of the American Planning Association. They have a whole article on what planners can do to prepare. I'm sorry I didn't have it last July instead of this July, but I guess better late than never. Also there's a publication called Emergency Preparedness News that covers hurricanes and FEMA and terrorism, and now also Y2K readiness, and then here is the Kiwanis Club's most recent magazine, and one of their cover stories is Y2K. Why do I mention this? Because one of the biggest parts of my job is dealing with the community here and answering questions that citizens have about emergency preparedness. Five years ago most of the questions were: What do I do if there's an earthquake? But in the last 12 months most of the questions have been: What do I do on December 31st? But it's been an opportunity for my office to benefit, because it was very hard to get people interested in things they think would never happen like big earthquakes. But they see a date, and they have something to focus on. I think for us in the emergency management community, Y2K has actually been a benefit because it helped us to get our community aware of the need to be prepared, not only for Y2K, but for the earthquakes that we know are inevitable in the area. We have three faults. And also for the winter storms that we have unfortunately on a repeated basis, and other kinds of natural, technological and man-made disasters that could potentially occur in our community. And so the message that we're trying to send is that if you're prepared for a major earthquake, you're prepared for Y2K, because our estimate is that the most direct impact Y2K may have on the average community could be some temporary infrastructure blips that will be rather quickly remedied, but if people are unaware of what they might be, they could become frightened. Whereas by trying ahead of time to make them aware of some of the potential issues and also the things they can do to deal with those issues, we hope to lower the stress level, prevent anyone from feeling a sense of panic, and help them to be reassured that we are all living in a technological society, and sometimes things don't work. We are fortunate in our community to have a group of very dedicated volunteers. We call them ``San Jose Prepared!'' They're a community emergency response team. We're part of FEMA's nationwide effort in this field, and our team is growing every quarter as we add new trained folks. But right now we have over 500 members who are scattered throughout the community of over 900,000 community members. They have received 16 hours of training and gone through a 2-hour exercise. It's usually an earthquake scenario, but it gives them some confidence that they can deal with unexpected disasters. We also equipped them with some skills, so that if our normal public safety systems are temporarily overwhelmed they can begin to provide some of those services to their own neighbors in their own communities until professionals are able to triage them into the system. That group began preparing actively in January of this year for Y2K, and in the packet that I gave you, you have a copy of the Y2K newsletter that we distributed to those folks. They're our ambassadors throughout the community. They contact their own neighbors and friends and pass this word along. In addition, we have a website for our group, and one of the elements on our website is the Y2K page so that they can refer neighbors and friends who are computer oriented to get this information for themselves. The American Red Cross also followed this spring with the creation of a brochure, and I've given that to you as well, and that's available on the American Red Cross website. That's another place where people can go to get basic personal preparedness information which is good not only to get through January, but also for the potential of earthquakes and floods in the future. The other part of my office's responsibility, however, is to the internal organization of the city of San Jose to assist departments in developing contingency plans and to maintain the emergency operation center for the city. In order to help those who might be working in the EOC, we have worked with Mark Burton and others to develop some exercises and testing opportunities for the city staff. We began with what we call a facilitated discussion where the leaders of the various departments came together to say what they thought their plans were, and we thought it was very important for them to hear each other, because some plans interacted with other plans, and if everybody plans to use the same generator at the same time, that was going to be a problem. So the facilitated discussion allowed us to begin to review what kind of plans each department had and how they might interact with other departments with the goal of being able to support each other through this time period. In addition, we have a tabletop exercise scheduled for just a couple of weeks which, now building on the facilitated discussion, we hope will allow us to have a much smoother plan, one that will be fully integrated and where all of the support pieces are in place. However, we have also scheduled a third one for October to make sure as a kind of second test that the plans are working, that the expectations have been fulfilled, and we are scheduling this in the middle of the month of October so that if there are still last minute things that need to be cared for, there's an adequate timeframe available for the departments to do any last minute procurement or planning for personnel staffing before the time comes when they need to be activated. In most communities, New Year's Eve is a busy time for the public safety community just because people like to go out and party; they drive around sometimes when they shouldn't be driving, and they create a certain level of demand for medical services, police services and other kinds of response services under very ordinary New Year's conditions. This year isn't an ordinary New Year. Most people unaware of history really do think that this is some sort of a turn of the millennium or some sort of cataclysmic date, and so there are plans for big parties, big religious celebrations and other kinds of big community gatherings. So in the downtown, we have the potential to have more people than usual present in one area at one time. In addition it's winter, and as part of California that can mean rain and sometimes very heavy rain. And then finally, of course, everything that we do on New Year's Eve depends on infrastructure. We expect the roads to get us there and get us home. We expect the food suppliers to have the food and the water suppliers to have the water and the electricity to stay on so the band can play. And if all those things continue as we hope they will, it will just be a bigger than usual New Year's Eve party, and the community will wake up on the 1st with a happy feeling, and we will all have enjoyed being together on New Year's Eve. But because we have to be prepared for things to go less than optimally, we have a plan to open our emergency operation center at 3:30 p.m. Initially it will be staffed by our amateur radio operators who will be communicating with their colleagues in Australia, New Zealand, Japan, other parts of Asia and Europe, places where Y2K will have already been experienced or will be in the process of being experienced. We hope to be able to learn something from that surveillance that may assist us in last minute preparations. In addition, we will have our emergency public information officers present to survey the media to see what kind of information is being given out to the public by the media, and to see how the East Coast cities will experience the event first and are discussing their issues. At 8:30 we will have the members of the senior staff of the city of San Jose join the city manager in the Emergency Operation Center, and we will be there for as long as we are needed or until 8:30 the following morning, whichever comes first. If it turns out that issues occur that do require continued monitoring and presence, we will then be replaced for the next 12 hours by our executive staff of the city. I think this is important, for the Congress to be aware of the high level of importance that's placed on this event by the leadership of the city of San Jose. It's not the most junior person who gave up their New Year's Eve party with the family, but the most senior. And I think that that level of commitment is indicative of the level of commitment that exists throughout this organization, not only for Y2K, but for all events that can impact our community. We have a help line that's always in place, 277-HELP. We've used it for many years during flood events in the winters. The public is familiar with it. This will be staffed to allow people who may have concerns or questions to easily reach us without impacting our 911 or 311 systems. We hope that we're prepared, and we hope that our preparations turn out to have been an appropriate level of caution rather than a needed event. Thank you very much for coming to visit us, and we hope you'll come back sometime when you can just have fun. Mr. Horn. Thank you very much, Dr. Winslow. [The prepared statement of Ms. Winslow follows:] [GRAPHIC] [TIFF OMITTED] T0954.321 [GRAPHIC] [TIFF OMITTED] T0954.322 [GRAPHIC] [TIFF OMITTED] T0954.323 [GRAPHIC] [TIFF OMITTED] T0954.324 [GRAPHIC] [TIFF OMITTED] T0954.325 [GRAPHIC] [TIFF OMITTED] T0954.326 Mr. Horn. Pardon my ignorance, but what's a 311? Ms. Winslow. I should probably let the chief answer that question. Mr. Horn. How about it, Chief? You're next anyhow. We're delighted to have you. Mr. Lansdowne. Thank you very much, Mr. Chairman. I'm Bill Lansdowne, and I'm very honored to be the police chief of this great city of San Jose. I intend to respect everybody's time and your time here in this meeting and follow the three ``Bs'' of testimony: Be right, be brief, and be quiet. As it applies to our systems and our preparedness for the San Jose Police Department, community of San Jose, there are three major systems within police communications which handle police and fire calls. They are the telephones, the radio and the CAD system, and the telephones are two separate systems. One is the 911 emergency dispatch CAD system, and the other is 311, which is the non-emergency line. That is being monitored on a 24-hour basis, and takes some of the pressure off 911. There are three existing systems like that in the country. We were one of the pilot programs, and it's been very effective for us to really provide the best possible service. Mr. Horn. What type of calls would you get on that 311 line? Do people really differentiate it? Mr. Lansdowne. Very much so, Mr. Chairman. On the 911 line we get the emergency calls where there's a possibility of violence or a need for a emergency dispatch. Under 311 calls, we get the information for reports that can be taken at later dates, and many cases just information that the public wants to call in to the police department to determine or get an answer for. Mr. Horn. Go ahead. I just wanted to learn what this was. Mr. Lansdowne. Yes, sir. I would be delighted to give you a tour of our system. It's been very effective, and I think you'll see it's copied throughout the country. Mr. Horn. Yes. Mr. Lansdowne. The telephone and radio systems have been tested and are Y2K compliant, and the CAD system which is the backbone of the entire process, will be certified prior to January 1st, and we expect it to be certified very shortly. However, in the event of a partial or complete failure of any of the three systems and the expected calls for service, the following contingency plans have been developed and will be put into place for police services. To provide for our ability to handle the expected increased calls for services, the communications personnel will be on 12- hour shifts for a 48-hour period to help us make a determination of what level of service that we need to continue to provide the community of San Jose. The telephone system has a backup failsafe system that allows the telephone calls to be rerouted to lines that will accommodate both emergency and non- emergency calls from the public. Our dispatching of officers in the field can be converted to manual operation if the computer aided dispatch service loses power and begins to go down. In the event of a partial loss of radio power, our system has the ability to transfer units to other radio channels. In the event of a complete loss of radio power, we are prepared to use the portable radio systems referred to as the dispatcher-in-a-box system. This system is designed to be placed out at a remote location in the city, and will provide our communication link throughout the city of San Jose. The contingency plans to use five Fire Battalion stations also in place as remote transmitting locations. As it applies to our police patrol staff, selected patrol division watches are scheduled to work 12-hour shifts for a 48- hour period. The Special Operations Division which is a very large section within our organization of the San Jose Police Department is being called back, and the officers are scheduled also to work 12-hour shifts, which will give us approximately 100 additional officers for that particular night to be available for calls for services. Patrol staffing following New Year's Eve will be based on evaluation of the previous night's events. Similar to the other major events, the Police Department has a contingency plan to put in place 12-hour shifts. We have extensive experience for natural disasters here in the city of San Jose, and we can immediately go to emergency operation. I'd like the assure this subcommittee and the community of San Jose that we have planned for the new millennium for the Y2K problem very well, and there is nothing that's going to happen that this city and this police department is not fully prepared to handle quickly and efficiently, providing that same level of service to this community that they have learned to expect, appreciate and demand. And with that is my short comment. Mr. Horn. Well, I appreciate it. Those were very succinct and to the point. [The prepared statement of Mr. Lansdowne follows:] [GRAPHIC] [TIFF OMITTED] T0954.327 [GRAPHIC] [TIFF OMITTED] T0954.328 Mr. Horn. And your colleague from the fire department, John McMillan, deputy fire chief, city of San Jose, we're glad to hear from you. Mr. McMillan. Thank you, Mr. Chairman. Good afternoon and welcome, also your staff. We appreciate having you today, and I'm honored to have the opportunity to be a witness and speak for today. San Jose Fire Department has evaluated mission-critical and mission-essential core services for our Y2K readiness in the city of San Jose. As of this submission, the department is confident that we will be able to fulfill our mission serving the citizens of San Jose. Fire department staff continues to evaluate these mission-related systems and processes and is developing a contingency method of service delivery in the event that any unforeseen Y2K problems should occur. We are specifically focusing on and making decisions in the following areas: One of the very interesting topics for us over the last 4 or 5 months is our defibrillators that we have on all of our advanced life support fire engines. It's a very good moment for me at this point in time, and Mark Burton mentioned it earlier, all 50 of our emergency medical defibrillators are now Y2K compliant. They all received two new embedded chips that will now allow those to be fully serviceable through the Y2K process. We placed a hold on releasing all of our surplus fire apparatus. We are in good times. Over the last 5 years we purchased practically an entire fleet of new fire engines and aerial ladder trucks, but by buying these types of apparatus, we also were buying apparatus that's state-of-the-art and have a lot of embedded systems. To prepare for any unforeseen problems, we have not released any of our old apparatus we had. We are very proud to say today that we have 15 fire engines in reserve we're holding until well into the next year to see how we survive going through Y2K. Mr. Horn. Just out of curiosity, were your old ones 2000 compliant? Mr. McMillan. Very good question, sir. What we can say is many of those apparatus were 1970's, early 1980's, that did not have the complex computer systems on them. They were the kind of apparatus that you or I might be able to open the hood of our car and change a spark plug or know where the distributor is. They're very basic, not really complicated, and they were apparatus we had around between 15 and 30 years, so we can't guarantee anything, but one thing we do know, that if anything goes down, we have a lot of equipment to back it up, and that's, at this point, what is most critical to us, that we would have a fleet that's in good service and ready to go with back-up. Mr. Horn. The reason the subcommittee's interested in fire equipment is one of our first hearings was in New Orleans with the Baton Rouge chief there also, and one said to the other, ``Well, gee, we haven't even thought of the fire trucks yet.'' And one had a pumper that was compliant and a ladder that wasn't, or vice versa, as the case may be, and I just wondered if you have that kind of relationship. Sometimes where one wasn't working at all, you could squirt the water up there, but you couldn't get up on the ladder, but you could get the ladder up, but you couldn't get the water out and so forth. So I was just curious what you found out in your equipment. Mr. McMillan. We're confident that our equipment is going to work, but like any other organization that provides services to citizens, we're doing everything we can to have back-ups. We feel good that we do have this reserve fleet right now that can support us. What we understand about embedded systems is that maybe just a specific engine or truck out there might fail that night. If that's the case, we're ready to back it up with other equipment that's going to pump just as well. We have sent a memorandum to our city Y2K coordinator, Mark Burton, identifying resources that the fire department will need around the Y2K millennium period, and this memorandum includes additional food, water, sanitation electrical pumps and dispatching equipment that we feel will help support us through the period. We've also, over the past year, upgraded all of our computers. We were all MAC based, and we are now all PC based that are all Y2K compliant. All of our embedded systems, this includes over 420 pieces of equipment, are now compliant. This has been accomplished by either a letter of compliancy from the manufacturer or actual chip upgrades installed by the manufacturers. We are working currently with the city General Services Department to identify fuel and power needs for our fire stations and apparatus. And just giving you an example of one of the issues we wanted to deal with right up front, we go through about $50,000 worth of latex medical gloves every year. We are required when our fire fighters go out on any type of medical call to don latex gloves, and we found out earlier this year that they come from Asia. And because we don't know what the Asian nations are doing as far as Y2K preparedness, we have placed an order through an open P.O. We have annually with the vendor to buy practically $50,000, our full allotment, all at one time. We haven't figured out where we're going to warehouse it, but we're going to have all the gloves here early and not later so we don't have a problem in the next 6 months. At this point in time, we have no information that would lead us to believe that our ability to deliver critical and essential services will be impaired by Y2K problems. There are two core service areas in the fire department in San Jose that we have identified that we are working, when we talk about our fire department contingency plan for the city of San Jose, these are the areas that we're working closely with. One's our Bureau of Field Operations. This is our first core service, and its responsibility is to mitigate emergency incidents in the community including fires, medical emergencies, hazardous material events, rescue situations and natural or terrorist caused disasters. The emergency response system is effective when all components necessary for service delivery are readily available and functioning harmoniously. Just to give you an example, we have, in the city of San Jose, we will have 31 fire stations open during Y2K, and we will have everybody around the clock, 194 positions, assigned to those 31 fire stations. We also have an effective way of implementing call-backs systems to notify people if we need additional staff to support us during periods of need. Our second core service is providing emergency dispatch and communication services for all our emergency response operations for the San Jose Fire Department, and the responsibility for all emergency communications systems is shared among the police department, fire department and our information technology department. The key elements for Y2K readiness that we will be working on in the immediate future include establishing a final staffing plan and making necessary notifications to personnel impacted. We will be working closely with the police and information technology departments on the final Y2K upgrades on the city's CAD system. We will be working with our own Bureau of Field Operations staff and our Bureau of Fire Prevention staff, our fire inspectors. What we hope to do is get our fire prevention inspectors, our Haz. Mat. inspectors, our engineers on board where they can be in service and enabling during any field operations emergencies during Y2K. Finalizing contingencies in case private utilities such as water supplies, sanitary sewer systems and power supplies fail. And one thing that we've just decided to do over the last week is we want to put together a package for all of our fire department employees on how they can be more Y2K compliant in their own residences. What we're feeling is if we could get them to be a little less apprehensive during any kind of emergency over Y2K, they might be more apt to be available to come down to the city of San Jose and help us in need. In summary, the San Jose Fire Department has prepared this plan assuming a worst-case scenario, similar to how we may have to operate in a major disaster. If all or some technology systems fail, we will be prepared to operate in a manual mode. As in any situation where a high demand is placed on our resources, and our capabilities and effectiveness may be limited by a number of external forces, our goal is to provide the highest level of emergency services possible. To do this will likely result in prioritization of emergency calls in order to mitigate the most serious incidents. Thank you, sir. [The prepared statement of Mr. McMillan follows:] [GRAPHIC] [TIFF OMITTED] T0954.329 [GRAPHIC] [TIFF OMITTED] T0954.330 [GRAPHIC] [TIFF OMITTED] T0954.331 Mr. Horn. Thank you. That's most useful, and I look forward to the details on that. Let me ask our power suppliers, Pacific Gas and Electric, Silicon Valley Power. There are about 3,200 independent electric utilities, I think, in the United States, and there's about 80 percent of the Nation's power generation comes from 250 investor owned public utilities. We all know it takes a high degree of automation, and you've mentioned that, to operate our country's national power grid. But just to get it in the record at this point in terms of the lights being able to stay on, the assembly lines being able to run, I guess I would ask what is being done to keep home owners and businesses informed about potential failures in their energy management system, or are you just assuming with the general education, which has been very good, that you've let out to your customers, either in bill or special sessions or whatever, I'm just curious, are people, are some of your customers worried that there might be an interruption, and if so, what? Is there a back-up to that, either within the grid or if we talk about hospitals and emergency rooms, some of them say we've got 72 hours of power based on diesel generators and all that. I don't know. Is that really useful? I mean, it will work for awhile, but suppose we have 3 or 4 days out, and they can't get the fuel and they're sort of just behind the eight ball? So I'd just be curious what your thoughts are on this. Mr. Garth Hall. From PG&E's point of view, I would say that our customer base has an uneven, on average a modest level of interest and concern about it. Our website, which I mentioned earlier, receives about 9,000 hits a year in the section that deals with Y2K--sorry, 9,000 a month. That's the current rate of hits, which given our service territory is not very large. We have, of course, bill inserts that have gone out to inform the public, the customers, as to our readiness and direct them to normal preparedness, that I think Dr. Winslow suggested, will be appropriate for this time of the year as we're going into the winter storms, and for earthquakes. That's a good opportunity to brush up on the type of items that you would typically want to have in store for these types of emergencies. Y2K is an opportunity for folks to think about preparedness for general emergencies like these. But in addition to that, I did mention that we have had, for all the customer groups that have expressed an interest, we've had face-to-face meetings with them and presentations to point where I think we've seen them tail off in that type of demand for a meeting, although we're ready at any time to meet with folks who are interested. We plan additional inserts into the bills that go out to our customers to just keep them updated. We think that there is going to probably be some level of increased interest as we approach the end of the year, and we will definitely be updating our website to provide any current status information. We think that our call centers which people, customers, well know, which has a 1-800 number, will be very, very capable and well prepared to answer any questions that people have if they want to call in with any need for information. During the New Year transition timeframe we expect that the press will be very interested in what's going on, and we're preparing ways in which we can keep them informed in real time as to what's going on. Those are some of the steps we've taken. We'll probably do additional things as we go through. Mr. Horn. Ms. Lopez, do you want to add anything to that? Ms. Lopez. Actually, it's pretty much the same thing as we are doing. I think we have one advantage in being a small, local municipal service. We have many of our citizens that are concerned actually drop in and talk to us. But we do have, which we have sponsored and we have two more scheduled to be sponsored, meetings within the communities themselves, at the library, one at a local park. Plus, as I said, we have done with all the commercial and industrial customers, had several meetings, and we will have more. I think it's not a matter of awareness. I am, I guess, amazed somewhat at the level of concern and that the number of individuals seems to be very small that have concerns, but of those that are concerned or even partially aware, electricity does seem to be their No. 1 priority. As to your question regarding generation, we are encouraging all of our households, have back-up fuel as a concern. We have allocated within the city areas where we can have extra fuel that could be delivered if it were needed. We don't believe it will be, but we have made preparations for that. We also have--we don't have within our city the ability to completely supply generation for all of our needs. We must rely on ol' PG&E for that. We do have some measures available, particularly for emergency type facilities and situations that we think will be adequate if anyone would need them. Mr. Horn. I was going to ask you on the point you just raised, which was, PG&E is the source for what percentage of your power? You buy it from them at a good deal, is that it? Ms. Lopez. Yes, sir. Probably, not probably, definitely the majority of our power, we would be unable to sustain service, other than very minimally with our in-city generation. Mr. Horn. What percent of your total power is provided by PG&E? Ms. Lopez. I think it's somewhere around 95 percent. Mr. Horn. 95? Ms. Lopez. 95 percent. Mr. Horn. And you generate the last 5 percent how? Ms. Lopez. Yes, sir. Well, we don't normally generate it. We normally use 100 percent from without, but we do have abilities within our city for some generation. Mr. Horn. What is that? Your own generators? Ms. Lopez. Yes, sir. Our own power. Mr. Horn. Fuel operated? Ms. Lopez. Yes, sir. Mr. Horn. Now, if PG&E is in a caught, how many of those contracts do you have out that you supply from PG&E, and if you were in a squeeze, do you cancel those contracts or can they count on it? Ms. Lopez. Would they cancel? We wouldn't cancel those contracts. Mr. Horn. Well, would PG&E cancel them, I guess what I'm asking Mr. Hall is, in other words, if you're put with a major disaster on your hands, do you just cancel the contracts for small power companies and feed your more prominent customers or areas that might not have small companies? Mr. Garth Hall. That's not the approach at all. Let me just mention in a sound byte that the electric restructuring that has been initiated across the Federal terrain has had a very, very big impact over the last 2, 3 years in California. Right now, the power that is delivered to Santa Clara and many other very language cities and customers, often they have very, very little now comes from PG&E. They contract for supply from independent providers. I think you mentioned that in your prior question, of which there are many thousands of individual generators now. That is the bulk source of most of the power. Our primary responsibility in the electric side is in the delivery, and that is the area where, in fact, cities like Santa Clara and many others do depend on us very much for our reliability, we've focussed very much on that. Let me just mention one additional thing that might be reassuring, that the Western Systems Coordinating Council, which is a part of the North American Reliability Council in dealing with the western systems reliability, have announced plans over the New Year transition, which would be several hours before midnight hour and several hours afterwards, whereby all of the power plants within that jurisdiction will have additional reserves. The way they will do that is bring additional power plants online and back all of those that are online down a bit. So that if there are, heaven forbid, some power plant failures due to microchip problems or whatever, that they will have additional reserves to instantly step up and provide additional power. In addition to that, the demands, I think, even Santa Clara would receive from the Pacific Northwest, by the entire Northwest, those vulnerabilities, if there are any, will be reduced by reduced schedules across the entire so that we are more self-sufficient for that vulnerable period, just with the normal state. So I think very prudent measures have been made to avoid the types of failures that we have contemplated nationally amongst power plants. Finally, I will say that since we're an owner of a very large independent power producer with more than 25 power plants across the United States, I have personally overseen their Y2K compliance efforts they have been through, and I believe this is fairly typical, as stringent a Y2K program as anything that the utility has done. So I think their readiness is equally as strong as I'm representing for the utility. Mr. Horn. Mr. Willemssen has joined us at the table. Let me ask you what we didn't ask you yesterday just for this record. Santa Clara is a very urbanized county and very complex, and great demands on power. Get across the Pajaro River into San Benito County, you have people, farms stretched out over, maybe a mile apart, half mile apart, 10 miles apart. What do you find in terms of the rural part of the PG&E jurisdiction as you go up, let's say, Sierra County and Plumas and all the way to the Oregon border. Are you finding different reactions to the year 2000 in the rural areas where they don't have the money to sort of adapt to whatever systems they're using? What's been the experience? Mr. Garth Hall. We have found it to be fairly uneven. Yesterday we had a representative from, I believe, Siskiyou County, and I think that was interesting, because they demonstrated a very high level of awareness for a county with a relatively small population. That is uneven in our experience. Wherever there is a need or interest, we have been responsive and tried to provide the information. As I mentioned, most of them, in fact, all of the them, in their emergency services at the police level and at the Office of Emergency Services level, are very aware of the distribution emergency centers that we have uniformly positioned across our service territory, and are well versed in interacting with those centers at times of emergencies. So from the staff who deal with emergency, from their point of view, we think we have excellent contact. From the general public point of view, again, fairly uneven. Mr. Horn. Interesting. Do you want to add anything, Ms. Lopez, based on your experience? Ms. Lopez. No, sir. Mr. Horn. Let me ask the chief and Dr. Winslow and Mr. McMillan, the deputy fire chief, how ready are we on the 911 systems that typically rely on older telecommunications and computer equipment? Do you feel that if there's a flood of these calls because people are just upset or whatever; they don't know; it's like having an eclipse nobody told us about; it's awful dark outside. We'll phone you. So what's your reaction to that system? Mr. Lansdowne. Mr. Chairman, Bill Lansdowne from the police department. We have planned for this. We will have additional persons who will be on standby and actively working the phones. So we will easily be able to handle any anticipated increase in the number of calls. We just recently upgraded our 911 system. It's state-of- the-art. It's compliant. I don't think that we're going to have any trouble at all handling the 911 increase in calls. I'm very proud to state that we currently handle our pickup of 911 calls within 2.2 seconds, which is one of the fastest in the Nation of any city this size. Of course we handle 900,000 people here. Mr. Horn. On the frequencies that different police forces have within Santa Clara County, I'm curious, is there a united frequency here? I went through this in L.A. County several years ago, and we have 81 cities in that county and 10 million people. We've got the Sheriff. We've got the University of California, California State University, State Police, all different little jurisdictions, if you will. Is there any problem here that you lack the frequencies that you need to communicate to smaller groups within various cities and police forces? Mr. Lansdowne. None of our systems are compatible right now with the State agencies, Highway Patrol and the local jurisdictions, Santa Clara and San Jose, and the county jurisdiction. But the communication systems are linked, and that will be the way that we will have to communicate from department to department, if we are required to do a Mutual Aid System. I think we are very fortunate in the State of California that we have a very comprehensive Mutual Aid System, and all of the agencies, the sheriff, the local agencies in the Bay Area regions are prepared to provide whatever mutual aid which will be requested from us, and we have that system in place. Mr. Horn. You could provide that in terms of triggering it by what? Telephone? Radio frequency? Mr. Lansdowne. The system triggering is calling the sheriff who is the natural disaster person within the county, and then they would trigger at the level they need. My understanding and maybe the panel can add to that, is that the State will be up and ready to put that system in place and operate it during the New Year's. Mr. Horn. Now, will that be a permanent system or is that just for potential emergencies? Mr. Lansdowne. It's for potential emergencies, natural disasters of which this State has a lot of experience. Mr. Horn. That's for sure. We have the biggest number of disasters in the Nation. When you look at it from the Mississippi, they have floods. We outdo them with earthquakes. I think the Loma Prieta is still the most expensive Federal investment isn't it? Ms. Winslow. Northridge. Mr. Horn. Northridge is still? I know there's a few things not settled yet on hospitals and whatnot, but so what's that? About 16 billion? Ms. Winslow. That's the FEMA cost. If you look at the insurance loss on top of that, it's a much bigger number. I'd just like to clarify on the Mutual Aid System. The Mutual Aid System has been in place since the 1950's, and it's maintained at all levels of law enforcement on one chain and fire on the other chain. At the top of the chain is the State Office of Emergency Services. They will be opening the State Operations Center and the Regional Operations Centers in each regional office, which is Sacramento, Oakland and in your area it's at the Los Alamitos former reserve center. Those will be open December 30th, and they will open through the 2nd. Mr. Horn. Now, are the National Guard and the Army Reserve also tied into these? What sort of relationship would you have there? Let's say you had a riot. Ms. Winslow. The National Guard is called out by the Governor on a request from the local chief of police, and the military is only activated under very unique circumstances where the Governor and the President concur. Mr. Horn. All right. Mr. Lansdowne. I would like to say, Mr. Chairman, that they are on standby, and they will have people in the operation of Emergency Services Centers during a 72-hour period. They could be activated at a moment's notice with a call to the Governor of the State of California. Mr. Horn. And those frequencies exist with the Federal portion like the Reserve and the National Guard, so there is rapid communication there other than telephone? Let's say with all due respect to Pacific Bell, but. Mr. Lansdowne. Yes, sir. Those systems are in place. We can have Federal assistance very quickly. Mr. Horn. Mr. Willemssen, what do you have to add to this panel? I saw you taking a lot of notes. Mr. Willemssen. I just thought that you, Mr. Chairman, might also get some value out of hearing in the Y2K emergency services area what kind of assistance and interaction that the individuals here received from FEMA and any kind of communications they received recently from the newly formed Information Coordination Center headed by General Kind. There are a lot of activities under way that will involve not only the FEMA regional offices, but all the States and localities, and I think it would be of interest to hear what kind of communications have occurred at this point. Mr. Horn. Yeah. Well, don't all rush to the microphone now. Ms. Winslow. I guess I'll just have to deal with this one because my office deals with people the most. I don't think there's really a politically correct way to say this. We haven't heard anything from anybody. Mr. Horn. In other words, there's a lot of work to be done between now and December. Ms. Winslow. I only know what I read in the newspaper. Mr. Horn. I see. So how's the system supposed to work? Is it supposed to work through the FEMA regional office or directly out of Washington or what? Ms. Winslow. No. In California we have a structure called the Standardized Emergency Management System, which establishes the way that we relate to each other. So the cities together with the county are called an Operational Area, and we're the Santa Clara County Operational Area. We're part of the Coastal Region which goes from the Oregon border to the southern border of Monterey County, and from the ocean to the coastal foothills, and along that strip, we are joined through that office in Oakland, which serves as a head of that. We have periodic meetings, four times a year, with the Coastal Region Leadership. Generally information that we get from FEMA comes through the State through the Coastal Region to us at those meetings. Mr. Horn. And you're meeting twice a year? Ms. Winslow. No. Four times. Mr. Horn. Four times a year. Ms. Winslow. In fact, there's a meeting at the end of this month. So perhaps that's the time. This is a relatively new effort on FEMA's part. It may be that at the August meeting they'll present the information, but to date we haven't received anything that I'm aware of. Mr. Horn. OK. Mr. Willemssen. Mr. Willemssen. I would just add that the newly formed ICC and FEMA are planning a major exercise September 9th. It's supposed to involve the unifying State contacts. The plan is that each of the unified State contacts is supposed to supply information upwards to individual FEMA Regional Offices, which will then be supplied upwards to the national level. You may be hearing more about that shortly. Mr. Horn. September, 9th, 1999, is also the nationwide power grid drill; is that correct? Is that tied in with the same thing by FEMA? Mr. Willemssen. No. Those are predominantly separate efforts, although John Koskinen will obviously be monitoring both simultaneously. Mr. Horn. That's the representative to the President, the executive branch. Any other questions we have? Any other thoughts any of you have after having listened to three panels including yourself? Well, if you have them, we'll be glad to put them in. We keep the record open for a week or so, and we'll put them in at this point. And we have several questions from the audience, and we will be writing to the relevant panel members, and we'll put them in at the appropriate place in the record. So without objection that will be done. I just want to say as one that was brought up in this area, I appreciate very much all of the fine work that these three panels have done. I think that's been very helpful that you sort of restore our confidence in the degree to which local government, the county, the particular groups whether it be hospitals that we had on the panel of yesterday, police today, and all the rest of it, that people are cooperating and are working together, and that is, I think, impressive. Let me just thank the staff that have worked on this particular hearing. J. Russell George, staff director. There we are, down, front row seat. Did you pay a high ticket price for that? He's our chief counsel also. To my left and your right is Patricia Jones. Patricia is with us as a fellow, congressional fellow of the American Political Science Association. And Bonnie Heald, our communications director, is also in the front row, a professional staff member. And Mr. Ahlswede is not here. He's already ahead of us in Portland, and he is the clerk. And then Seann Kalagher, an intern, is around here somewhere. There you are. Good to see you. And then from Mr. Campbell's staff, Casey Beyer is the chief of staff, and we thank him for his help. And Sally Wilson is our court reporter, and we thank you very much for going through 3 hours of this yourself. And with that we wish you well, and we recess this meeting. [Whereupon, at 12:50 p.m., the subcommittee was recessed, subject to the call of the Chair.] THE YEAR 2000 COMPUTER PROBLEM: LESSONS LEARNED FROM STATE AND LOCAL EXPERIENCES ---------- TUESDAY, AUGUST 17, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology, Committee on Government Reform, Seattle, WA. The subcommittee met, pursuant to notice, at 9 a.m., at the Henry M. Jackson Federal Building, 915 Second Avenue, Seattle, WA, Hon. Stephen Horn (chairman of the subcommittee) presiding. Present: Representative Horn. Also present: Representatives McDermott and Dunn. Staff present: J. Russell George, staff director and chief counsel; Matthew Ryan, senior policy director; Patricia Jones, congressional fellow; Chip Ahlswede, staff assistant; and Grant Newman, clerk. Mr. Horn. Good morning. I'm Steve Horn, chairman of the House Subcommittee on Government Management, Information, and Technology. This hearing, which recessed in California on these issues, will now come to order. I particularly welcome and thank my two colleagues from the Seattle area, Congresswoman Jennifer Dunn and Congressman Jim McDermott. We're delighted to have them with us, and they will participate as full members in terms of asking questions, opening statements, whatever. We will treat them with great courtesy because they are major leaders within the House of Representatives and their respective parties. And we are here to discuss a topic of worldwide interest, the so-called year 2000 computer problem, also known as Y2K, and commonly referred to as the millennium bug. The year 2000 technology challenge affects just about every aspect of Federal, State and local government operations. Furthermore, it affects private sector organizations and could impact the lives of most individuals. From Social Security to utilities to local emergency management, the year 2000 computer bug has certainly been a huge and large management and technological challenge for all of us. No single organization, city, State, or even country, can solve the year 2000 problem alone. We have 136 days before January 1, 2000. There is only one certainty with the year 2000 problem: that date is certain, and no one is certain as to what will exactly happen on that day. Our goal is to ensure that citizens' vital services are maintained. There are many unknowns, including international readiness. The problem, of course, dates back to the mid-1960's, when programmers, seeking to conserve limited computer storage capacity and memory, began designating the year in two digits rather than four. In other words, the year 1967 became '67 in the computer. And they knew at that time that when you got to the year 2000, it would come up 1900, and the computer wouldn't know if it was 2000 or 1900. The computer would be confused. And that's what we have been working on for the last 4 or 5 years. And they said at the time, ``Well, we won't have to worry. After all, we're Americans, and technology will solve this.'' Well, it won't. It hasn't. And just hard work and going through those codes and everything else is what it has taken to prepare for the January 1, 2000 situation. Our subcommittee has the jurisdiction over the executive branch agency and Cabinet departments on matters of economy, efficiency, and effectiveness. We held our first hearing on the problem in the spring of 1996. Since that time, we've held over 30 hearings and issued eight report cards to monitor the status of the Federal Government's year 2000 computer solution. You will hear today from the State of Washington that they have 423 mission-critical, or essential, computer systems. The Federal Aviation Administration, one Federal agency, has roughly the exact same number. This is a situation that relates to interoperability between the Federal Government, the State government, the county governments and the local and city governments. Current estimates show that the Federal Government will spend nearly $9 billion to fix its computer systems. I've often said the figure will probably reach about $10 billion by the end of the December 31st calendar year. And we have also worked on looking at business continuity and contingency plans as well as Federal. We work with Mrs. Morella's Committee on Technology of the House Science Committee that relates to Mr. Bennett's Senate committee. The Senate didn't start on this until 2 or 3 years after we did, and they started in roughly February 1998. The administration started with putting a full-time person on the job in April 1998. These plans that we have looked at on a quarterly basis provide critical insurance in the event of unforeseen problems. Recently, the President's Office of Management and Budget identified 43 essential Federal programs, such as Social Security, Medicare, the Nation's air traffic control system, the weather system. Each day, these programs provide critical services to millions of Americans. Of these 43 programs, 10 are federally funded, State-run programs, such as Medicaid, food stamps, unemployment insurance, and child support enforcement. Several of these State-run programs are not scheduled to be ready for the year 2000 until December, leaving little, if any, time to fix unforeseen problems. Data exchanges and interdependencies exist at all levels of government and throughout the private sector. A single failure in the chain of information could have severe repercussions. For example, the U.S.' Social Security program has been ahead of everybody else on its own initiative. No President ever had to tell them what to do. They decided in 1989 to do it, and they were the first Federal agency to have 100 percent compliance. The Social Security Administration maintains data containing pertinent Social Security payment information for eligible citizens. When payments are made, the Social Security Administration sends payment data to the Department of the Treasury's Financial Management Service. Now, that was way behind this year. They are now coming up to snuff. This service cuts the Federal checks, which are generally electronically deposited directly into the person's bank account at a local financial institution. Three organizations move and manipulate data to make these payments happen; each uses a network of computers. If a payment is mailed to the individual's home, the U.S. Postal Service plays a key role. And most of the Federal agencies told us that their contingency was the U.S. Postal Service. We then held a hearing with the Postal Service, and it turns out they had no contingency plan. So there are problems there. The bottom line is, if any one of these entities fails, from the Federal Government to the local bank or with the Postal Service, the checks going to the home of a deserving individual simply might not ever get there. Now, multiply this situation by the 43 to 50 million different checks Social Security makes out in 1 month and you can appreciate the magnitude of just one aspect of the year 2000 issue. Fortunately, the Social Security Administration has been working on the problem, as I said, since 1989, and it's 100 percent compliant. But for computers to work, we need energy, electric power, whether it be hydro, nuclear, wind, whatever, and that is essential. And we will hear today from the local utilities. We've done that in every city we've been in, which are roughly about 20 city and State visits. One of the most essential questions concerning the year 2000 challenge is, ``Will the lights stay on?'' Without electricity, the assembly lines of one sort or another simply stop, and people would be let off after a certain period if there was a drastic blackout that went beyond just a few days, and our modern society might seem to be in the Stone Age when there is no power. We look forward to hearing today from the Bonneville Power Administration, Seattle City Light, and Puget Sound Energy to answer that question. From a personal standpoint, I realize that when confronted with a personal emergency--and you do, too--I can call 911 for assistance, and we should feel confident that that phone will be answered promptly and that a competent authority will respond rapidly. So we will be hearing from public safety individuals, as we do at every city hearing. Year 2000 computer problems present other potentially serious threats at local levels, from the potential interruption of a city's call for fire or police assistance to delays in a State's ability to request emergency or disaster assistance from the Federal Government. One thing is certain: there are only 136 days until January 1st, and the clock is ticking. Accordingly, the testimony we receive today will help our understanding and the community's understanding of the full extent of the year 2000 problems in the State of Washington. Today, we have three knowledgeable panels to provide a picture of year 2000 readiness in both the public and private sectors, and I welcome all of our witnesses. But first, I'd like to call, in terms of seniority, which is the way we resolve these conflicts in the House of Representatives, the gentleman from Seattle and State of Washington, Mr. McDermott, for any opening statement he might wish to make. [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED] T0954.332 [GRAPHIC] [TIFF OMITTED] T0954.333 Mr. McDermott. Thank you very much. Welcome to Mr. Horn, the good representative from Long Beach, where I spent a couple of years back in 1968 to 1970 during the Vietnam War. So I know a little about your district, and it's good to have you here. I really do not have an opening statement because I really came to hear what's going on. We've had lots of hoopla and we've passed bills to get rid of liability for Y2K and all these sorts of things in Congress, but I've not yet heard in my own community, in an organized way, where we stand. So I'm very eager to hear what we have today, and I thank you for coming to Seattle to have this hearing. Mr. Horn. I'm delighted to have my classmate from the elections of 1992, Jennifer Dunn, who has been a real leader in her party and an excellent representative from her area, here. And as you know, Washington is one of the most progressive States in the country. And with your great port, The Boeing Aircraft Co., which I also have a part of--in other words, Douglas Aircraft, which is now Boeing, is in my district--so we have a lot in common. And Norm Dicks and I won't have to argue with each other. Ms. Dunn. That's a relief. Steve, we're so happy you're here with us today. And it's certainly the pleasure of all of us, those joining us in the audience, to welcome you on what's something like the 20th hearing on Y2K problems that may be in existence, and success stories that we know certainly do exist around this Nation. I want to thank, too, Bruce Chapman of the Discovery Institute. Bruce, perhaps you could stand at the back of the audience. Bruce has been a great facilitator of this meeting today, as we invited Congressman Horn to join us in Seattle. And Bruce Chapman will host him at lunch today so that we can hear a little bit more about what's happening behind the scenes on Y2K. I also want to mention a couple of the folks in the audience that are particularly important to me. We have three members of my Youth Advisory Council sitting in the audience today, and they came because they are interested in what's going on in this Nation. And they are 3 among 30 young people who advise me on issues across the board and give us a point of view that we often do not receive, which is that of young people who are operating in the real world out there. So I'd like to ask Mary Basinger and Nicole Leonce and Omar Hakim to stand. Mary is from Green River Community College, and Nicole goes to Kentwood High School, and Omar is a student at Newport High School. And we're delighted that you could be here today with us. As most of us would agree, the importance of preparation and readiness for year 2000 simply cannot be understated. So much of Americans' daily lives revolve around computer transactions and digital events that most people probably are not even aware of. Now, I'm an old systems engineer with the IBM Co. during the 1960's, and that was my job out of Stanford University. And I see you're a graduate, too. But I came home to Seattle and did a lot of work, and I remember the long hours of turning people's accounting systems into computer programs, and then the even longer hours of debugging those programs. And so my particular concern is how the testing of the programs that have been started and that we'll hear about today, how the testing is going and whether we will be reliably sure that by the time we have that turnover, those tests will result in successful systems. It's up to all of us to be sure that when the clock turns to midnight on December 31st of this year, water, power, and emergency services are on line and are working for the residents of our State. So I, too, look forward to hearing the testimony of the folks who have joined us here today. We also need to know about the interactions among the companies and the agencies we'll hear from today, and the Federal agencies that Jim McDermott and I actually oversee, since we're members of the Oversight Subcommittee of the Ways and Means Committee in the U.S. Congress. Now, we have participated in a large number of oversight hearings on the readiness of Federal agencies under the jurisdiction of the Ways and Means Committee, like the Social Security Administration. And as Congressman Horn says, fortunately that administration is well ready to get those checks in the mail, and that's something we're very concerned with. The IRS is another agency under our jurisdiction, not in quite such good shape, unfortunately, but doing better under a great manager who has taken over the IRS. Medicare and the U.S. Customs Service are also under our jurisdiction, so we have heard hearings from those agencies. Now, they are all in different stages of readiness for Y2K, and they all have comprehensive plans to fix the problem ahead of time and to deal with emergencies should those arise. As the clock winds down on the millennium, it's our job to continue to oversee these efforts. And the fact that Congressman Horn has seen fit to come into the Seattle area and offer an opportunity for us to hear from the different agencies should be certainly congratulated, and I think it will do us all a lot of good to hear what's going on in the Seattle community and the State of Washington today. I want to thank you particularly, Congressman Horn, for coming here and doing this for us. Mr. Horn. Thank you very much, Representative Dunn. Let me just explain how this subcommittee functions. We'll have three panels. Each one will probably take about an hour. The individuals in each panel will be as they are shown in the agenda. We simply go down the line. We have their written papers. They automatically become part of the record when we introduce them. We'd like them to summarize those remarks and presentation in about 5 minutes. And counsel here will sort of keep track. And the reason for that is we'd like a dialog within the panel and between the subcommittee and my two colleagues from Washington and the individuals here who think we get at the questions and the understanding best that way. And we thank you very much for the very fine papers you've filed with us. We will also, as an investigating committee of the House, swear in all panels. If you have staff back of you that supports you, please, we'll have them stand with you--the clerk will note who has affirmed the oath--and that permits the testimony to be taken. So if the first panel would stand and raise your right hands. And anybody in your support staff, please have them stand. I only do one baptism. We have five at the witness table, two behind. [Witnesses sworn.] Mr. Horn. I take it the two back there look like they also affirm. So the clerk will note that, and we'll proceed. Now, our lead witness in every panel we have across the Nation is a representative of the General Accounting Office. The General Accounting Office was established by law in 1921, when the President was also given a Bureau of the Budget, and the Congress, which is the legislative branch. And it's the GAO, the General Accounting Office, that works for us, and they work on both fiscal matters and programmatic matters. And Joel Willemssen, who will be the first witness here, the Director of Civil Agencies Information Systems, has been in every one of our panels. Now, we had several going last week. He happened to fly to Washington on Saturday and come back Sunday so he could be here in Seattle. And we also ask Mr. Willemssen to join us at each panel in the dialog, because he can pull it together on a national experience and relate it for us in what he has heard in this particular series of experiences. So Mr. Willemssen, Director of Civil Agencies Information Systems, General Accounting Office, we're delighted to have you start the panel. STATEMENTS OF JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, GENERAL ACCOUNTING OFFICE; CHRIS HEDRICK, DIRECTOR, WASHINGTON STATE YEAR 2000 OFFICE; CLIF BURWELL, Y2K PROGRAM MANAGER, KING COUNTY, WA; MARTY CHAKOIAN, PROJECT MANAGER, CITY OF SEATTLE YEAR 2000 OFFICE; AND BARBARA GRAFF, EMERGENCY PREPAREDNESS MANAGER, CITY OF BELLEVUE, WA Mr. Willemssen. Thank you. Mr. Chairman, Congresswoman, Congressman, thank you for inviting GAO to testify today. As requested, I'll briefly summarize our statement on the readiness of the Federal Government, State and local governments, and key economic sectors. Regarding the Federal Government, reports indicate continued progress in fixing, testing, and implementing mission-critical systems. Nevertheless, numerous critical systems must still be made compliant, and must undergo independent verification and validation. The most recent agency quarterly reports, which were due to OMB last Friday, should provide us more updated information on where the Federal Government stands. Our own reviews of selected agencies have shown uneven progress and remaining risks in addressing Y2K, and therefore point to the importance of business continuity and contingency planning. Even for those agencies that have clearly been Federal leaders, such as the Social Security Administration, some work remains to ensure full readiness. If we look beyond individual agencies and individual systems, the Federal Government's future actions in the months remaining will need to be increasingly focused on making sure that its highest priority programs are year 2000 compliant. In line with this, OMB has identified 43 high-impact priorities, such as Medicare and food safety. Available information on the Y2K readiness of State and local governments indicates that much work remains. For example, according to recently reported information on States, about eight States had completed implementing less than 75 percent of their mission-critical systems. Further, while all States responding said that they were engaged in contingency planning, 14 reported their deadlines for this as October or later. Another area of risk is represented by Federal human services programs administered by States, programs such as Medicaid, food stamps, child support enforcement, unemployment insurance. OMB-reported data on the systems supporting those programs show that numerous States are not planning to be ready until later this calendar year. Further, this is based on data that has not been independently verified. Recent reports have also highlighted Y2K concerns at the local government level. For example, last month we reported on the Y2K status of the 21 largest U.S. cities. On average, these cities reported completing work for 45 percent of their key services. Y2K is also a challenge for the public infrastructure and key economic sectors. Among the areas most at risk are health care and education. For health care, we've testified on numerous occasions on the risks facing Medicare, Medicaid, and biomedical equipment. In addition, last month we reported that while many surveys had been completed on the Y2K readiness of health care providers, none of the eleven surveys we reviewed provided sufficient information to assess the true status of providers nationwide. For education, this month's report of the President's Council on Y2K Conversion indicates that this continues to be an area of concern. For example, according to the Council report, many school districts could have dysfunctional information systems because less than one-third of institutions were reporting that their systems were compliant. Mr. Chairman, that completes the summary of my statement. Thank you again for the opportunity. And after the panel is done, I'll be pleased to answer any questions. [The prepared statement of Mr. Willemssen follows:] [GRAPHIC] [TIFF OMITTED] T0954.334 [GRAPHIC] [TIFF OMITTED] T0954.335 [GRAPHIC] [TIFF OMITTED] T0954.336 [GRAPHIC] [TIFF OMITTED] T0954.337 [GRAPHIC] [TIFF OMITTED] T0954.338 [GRAPHIC] [TIFF OMITTED] T0954.339 [GRAPHIC] [TIFF OMITTED] T0954.340 [GRAPHIC] [TIFF OMITTED] T0954.341 [GRAPHIC] [TIFF OMITTED] T0954.342 [GRAPHIC] [TIFF OMITTED] T0954.343 [GRAPHIC] [TIFF OMITTED] T0954.344 [GRAPHIC] [TIFF OMITTED] T0954.345 [GRAPHIC] [TIFF OMITTED] T0954.346 [GRAPHIC] [TIFF OMITTED] T0954.347 [GRAPHIC] [TIFF OMITTED] T0954.348 [GRAPHIC] [TIFF OMITTED] T0954.349 [GRAPHIC] [TIFF OMITTED] T0954.350 [GRAPHIC] [TIFF OMITTED] T0954.351 [GRAPHIC] [TIFF OMITTED] T0954.352 [GRAPHIC] [TIFF OMITTED] T0954.353 [GRAPHIC] [TIFF OMITTED] T0954.354 [GRAPHIC] [TIFF OMITTED] T0954.355 [GRAPHIC] [TIFF OMITTED] T0954.356 [GRAPHIC] [TIFF OMITTED] T0954.357 [GRAPHIC] [TIFF OMITTED] T0954.358 [GRAPHIC] [TIFF OMITTED] T0954.359 [GRAPHIC] [TIFF OMITTED] T0954.360 [GRAPHIC] [TIFF OMITTED] T0954.361 [GRAPHIC] [TIFF OMITTED] T0954.362 [GRAPHIC] [TIFF OMITTED] T0954.363 [GRAPHIC] [TIFF OMITTED] T0954.364 [GRAPHIC] [TIFF OMITTED] T0954.365 [GRAPHIC] [TIFF OMITTED] T0954.366 [GRAPHIC] [TIFF OMITTED] T0954.367 [GRAPHIC] [TIFF OMITTED] T0954.368 [GRAPHIC] [TIFF OMITTED] T0954.369 [GRAPHIC] [TIFF OMITTED] T0954.370 [GRAPHIC] [TIFF OMITTED] T0954.371 [GRAPHIC] [TIFF OMITTED] T0954.372 [GRAPHIC] [TIFF OMITTED] T0954.373 [GRAPHIC] [TIFF OMITTED] T0954.374 [GRAPHIC] [TIFF OMITTED] T0954.375 Mr. Horn. Thank you very much. Our next witness is Chris Hedrick. He is the director for the State Year 2000 Office for the State of Washington. Mr. Hedrick. Mr. Hedrick. Thank you very much, Mr. Chairman, Congressman McDermott, Congresswoman Dunn. I appreciate the invitation to testify before the committee. Washington State government is a complex organization. We've got 39 major agencies with over 400 mission-critical computer systems and 43 agencies with embedded chips in systems that support vital public services and a higher education system that's very broad. As long ago as 1993, State agencies recognized the challenge and began working on this issue. In 1995, the State Department of Information Services established a central program to get computer data systems for State agencies and higher educational institutions ready for the date transition. We've adopted a phased approach: conducted inventories, identified the resources needed to correct the problems, and, in cases, asked the State legislature for those resources, conducted pilot projects, and actually converted the systems. All along, we've had independent assessments of our progress, outside auditing, and rigorous testing. All State agencies have also established and completed contingency plans in case vital public services are interrupted by other factors. In 1997, Governor Locke established two goals for State government's Y2K efforts: no interruption of vital public services, and no loss of accountability for public resources. We've spent over $80 million trying to achieve those goals, and we've made some progress. Risk assessment and independent auditing have been really key to our efforts. Here's how the process works. The State agencies have contracted with independent risk assessors who evaluate all the mission-critical computer systems and embedded systems. Then another contractor compiles this assessment data, analyzes it through a standardized process, and issues regular progress reports, such as this one. This contractor gives us a report card based on our progress. We get either red, yellow, or green ratings, or blue if the system is certified. As you can see from this page, our most recent report is all blue and green. Over 98 percent of State government computer systems are now fully compliant. The important part about this independent risk assessment is that the information is released to the cabinet with the governor in his regular cabinet meetings and to the press on the same day, and we've found that to be a powerful management tool. As I said, over 98 percent of our mission-critical data systems have satisfactorily completed the test for Y2K compliance. Those few programs that are not done will be completed over the next several weeks. And all computer systems in State agencies and higher educational institutions have established contingency plans. We have adopted the General Accounting Office standards for contingency planning, and those have been very useful in our efforts. We've had some initial successes. In January of this year, our unemployment claims system made a successful transition. That system looks forward a year for eligibility benefits. Last month, our State financial systems had a successful transition to fiscal year 2000. And these successful efforts give us increasing confidence in our ability to deal with the calendar year change next January. But in addition to our efforts to take care of our own computer systems and ensure that they'll make the transition successfully, we've taken on the responsibility of providing the public with information and an array of tools to ensure their own preparedness. We've conducted a series of workshops across the State, both for the public, for small businesses, and for local governments. We've been very aggressive about our use of the Internet in providing public information. In fact, we're building a system where every individual citizen can go to our website and pull down their own personalized profile with information about the readiness status of each local government, electricity, natural gas providers---- Mr. Horn. Let me suggest--I'm an expert now on microphones--you need to get that pointed very close to you, otherwise they won't hear you in the back of the room. Mr. Hedrick. Thank you. Readiness status of local governments, electricity, natural gas providers, financial institutions and government benefit programs. Underlying all of our work in public information is our belief that people make good choices if they have good information. And we think it is our responsibility not to sugar coat that information, but to provide the public with the best information available. In assembling that information, we have also provided, both in print and on the web, two volumes of the Washington State Year 2000 Readiness Report. The third volume will come out in November. These reports are written with the help of staff from various State agencies, from local governments, and from our private sector advisory group, which includes representatives of all the major industries. They include information about the Y2K preparedness in Washington State of a variety of sectors, including local and State government, electricity, telecommunications, financial services, natural gas and petroleum, water supply and treatment, emergency management, health care, environmental quality programs, insurance, food supply, public safety, and transportation. We believe that we've been pretty responsible about making our house in order, but we also believe it's our responsibility to ensure that the citizens of Washington State have a pretty good idea of how messy or clean the Y2K house is for the rest of the State. In that effort, Mr. Chairman, at the State level, we share your national goal, and we appreciate what you've been doing on the Federal level. Thank you for the opportunity to testify. I'll be happy to take questions at the conclusion. Mr. Horn. We'll do it when all the panel has participated. Let me say that we will take questions from the audience written out on a card. And staff will be going up and down each side, and if you have paper--I think staff have the paper and the index cards--please feel free to write them out, and then we will put those questions that you have into the dialog at the end of this panel. And so let us now go to Mr. Clif Burwell, the Y2K program manager for King County. Thank you for coming, Mr. Burwell. [The prepared statement of Mr. Hedrick follows:] [GRAPHIC] [TIFF OMITTED] T0954.376 [GRAPHIC] [TIFF OMITTED] T0954.377 [GRAPHIC] [TIFF OMITTED] T0954.378 Mr. Burwell. Thank you very much, Chairman Horn, Congresswoman Dunn, Congressman McDermott. Can you hear me? Mr. Horn. You'll have to talk into that microphone or you won't be heard past your colleague to the left. Mr. Burwell. OK. I'm very happy to be here on behalf of King County. I'm wondering if I would be in trouble if I admitted that I was one of those programmers in 1967 that you mentioned that was compressing those dates. I think now I'm having payback now by being---- Mr. Horn. Were you using COBOL? Mr. Burwell. We were using COBOL. Mr. Horn. Well, I actually made a little program in COBOL, not as many as the two of you. But I must say, they are suddenly gaining justice. The Federal Government has permitted anybody that knows anything about COBOL--they'll still get their Federal pension check, and they can sign a $100,000 contract to solve the problem. Ms. Dunn. Now we'll get a little credit there. We get to earn a few paychecks by restoring the problem that we created. Mr. Horn. Right. Mr. Burwell. King County took this problem very serious in 1996, and the Council initiated a proviso. The executive supported that proviso in establishing the Y2K Program Office. And we started our work in three phases. Phase I was the mainframe/centralized system, which King County, at that time, had a lot of systems. Then we moved to the agency systems. And then the third phase is the independent audit and certification. Our project overall is--King County now is 88 percent complete at this time, with most mission-critical systems being done. The systems that aren't done are primarily vendor systems that had to be replaced because they were not compliant. Our project was organized by business area, and I'd like to quickly go through that. The four business areas that we're addressing are law, safety, and justice, general government, transportation and land use, and health and human services. In the area of law, safety, and justice, basic police services in King County are Y2K-ready. The E-911 system within King County is Y2K-ready. Criminal investigation, fingerprint identification, special operations, et cetera, all within the public safety area, are ready. Our fingerprint system is being replaced, and that will be implemented in October. Prosecuting attorney systems are ready. Superior court systems, ready. Adult detention and youth detention systems are ready. In the youth services area, we had one system that had to be replaced, a major system, and that is scheduled for October. All of our infrastructure systems, wide-area network, those kind of systems, have been tested and audited and are ready. Our 800-MHz communication system which interfaces throughout the region is ready. I mentioned the E-911 system for King County is ready. We're monitoring several public safety answering points in the region as far as their progress, and all 911 systems supported by our system with U.S. West will be ready in September. Our elections management systems, animal regulation systems, finance systems, construction systems, ready. One of our challenges has been in the transportation area with transit. The transit division is heavily laden with computer systems, and we've made excellent progress in that area, and expect to have everything ready by September. An important part of our program is working with the community, and we've done that through what we've called a stakeholders committee, involving both the private sector and the public sector. And we operate this committee through our Emergency Operations Center. Members of that committee include the State, Boeing, Banking Association, city of Seattle, Weyerhaeuser, and several other agencies. The objective of that committee is to really do the outreach program so that we can communicate and educate not only the other jurisdictions, but the citizens and our employees. So overall, King County is 88 percent ready with mission- critical systems, and we expect to be ready no later than October. And again, I would be happy to answer any questions at the appropriate time. Thank you. [The prepared statement of Mr. Burwell follows:] [GRAPHIC] [TIFF OMITTED] T0954.379 [GRAPHIC] [TIFF OMITTED] T0954.380 [GRAPHIC] [TIFF OMITTED] T0954.381 [GRAPHIC] [TIFF OMITTED] T0954.382 [GRAPHIC] [TIFF OMITTED] T0954.383 [GRAPHIC] [TIFF OMITTED] T0954.384 [GRAPHIC] [TIFF OMITTED] T0954.385 [GRAPHIC] [TIFF OMITTED] T0954.386 [GRAPHIC] [TIFF OMITTED] T0954.387 [GRAPHIC] [TIFF OMITTED] T0954.388 [GRAPHIC] [TIFF OMITTED] T0954.389 [GRAPHIC] [TIFF OMITTED] T0954.390 [GRAPHIC] [TIFF OMITTED] T0954.391 Mr. Horn. Thank you very mucn. Mr. Marty Chakoian is the year 2000 project manager for the city of Seattle. Thank you for coming. Mr. Chakoian. Thank you. And on behalf of Mayor Paul Schell, I'd like to welcome you to Seattle. The city of Seattle, of course, provides essential life and safety services--police, fire protection, emergency medical services, traffic control--to our half-million residents. We also are directly responsible for many local utilities: electricity, drinking water, sewer and drainage services, solid waste removal. Those are services provided by city departments, and you'll be hearing from them on the next panel. Many of these services depend to one degree or another on computer systems, and they will not be disrupted by the year 2000 problem. I was asked last February to establish a central project office to coordinate this effort, city-wide. Since then, we've adopted a date standard, promulgated a formal methodology. We've trained departments on how to use tools and techniques to be successful. We've prioritized the work of the city. We have an overall project plan with activities and milestones. And we're assisting departments directly with their embedded systems, the evaluation of products and services, testing, and contingency planning. We're not finished yet, but we will finish, and we'll finish on time, and we've laid the foundation to ensure success. Let me tell you where we are at this point. Over 93 percent of our physical computer systems are now Y2K compliant. The city's fiber backbone data network has been upgraded and is compliant. A new police 911 center has been installed, and we're doing an end-to-end test with U.S. West this week. Likewise, we've evaluated our radios, mobile data terminals, other essential equipment, and determined it to be Y2K compliant. Of our 90 mission-critical applications, over 80 percent of those have now been remediated. And that includes the most critical things, like police and fire dispatch, electrical energy management system, water laboratory information system, our library system, our municipal court system, our core financial and payroll systems. The ones that we're still working on, things like a system in our parks department that schedules ball fields, a receipt payment system for building permits, and the system that assigns staff to events at the Seattle Center, those systems, as well as our minor systems, will also be remediated. But we're not stopping there. We have, in addition, a formalized testing program that we require our applications to go through under the direction of the project office, using a test plan template that we've adopted from the State. We've also gone through our embedded systems to ensure that our water and electrical systems, our wastewater system, solid waste systems, communications equipment, fire boats, police stations, emergency medical equipment, even the equipment at our zoo and our aquarium is Y2K compliant. We're working with our vendors, with other government agencies to ensure that they likewise will be able to continue to work with us. And each city department is developing contingency plans. Some of those have already been exercised. We're going to have a city-wide exercise in October. And, like other government agencies, we're working closely with the public. We have materials now at our libraries and community centers. We've produced a video that we're sharing with the public on how neighborhoods can work together. And we're doing more and more direct personal contact with our senior citizens and community groups. One thing, however, does concern us about the year 2000. Seattle, as you know, is an international city. We're going to be hosting the World Trade Organization this November. Port of Seattle is the fifth largest port in dollar volume in the Nation, and the Port of Tacoma not too far behind. It's been estimated that, per capita, Washington State is the most trade- dependent State in the country, with one of every four jobs related to international trade. And so I was concerned when I read the testimony of Jacquelyn Williams-Bridgers, who is the Inspector General for the Department of State, talking to the U.S. Senate, reporting that the global picture is cause for concern. She says that the global community is likely to experience Y2K-related failures in every sector, every region, and at every economic level. She says that this may result in creating economic havoc and social unrest in some countries, and in addition to the impact on the families living in those countries, she says that it could extend to the international trade arena, where a breakdown in any part of the supply chain would have a serious impact on the United States and world economies. So we in Seattle are very grateful for the work that your committee has done to ensure that the Federal Government will be Y2K compliant, and we would appreciate your continued support of those efforts, as well as working with the Federal agencies. We're trying to ensure that our international trading partners can also be Y2K compliant and continue to work with us in the future. In conclusion, I'd like to simply invite you to come back to Seattle to spend New Year's Eve with us at the Seattle Center if you happen to be in the neighborhood. We're going to have over 100,000 people there, and I think it's going to be a great place to ring in the new year. Thank you. [The prepared statement of Mr. Chakoian follows:] [GRAPHIC] [TIFF OMITTED] T0954.392 [GRAPHIC] [TIFF OMITTED] T0954.393 [GRAPHIC] [TIFF OMITTED] T0954.394 [GRAPHIC] [TIFF OMITTED] T0954.395 [GRAPHIC] [TIFF OMITTED] T0954.396 Mr. Horn. Well, I appreciate the offer. Ms. Dunn says be sure the elevator works. And we'll get into microdots and microchips later. But I have already committed myself, in almost every hearing, to do my usual trip to California from Dulles International to Los Angeles International. And I've got the FAA Administrator, who is a very able person, to also go on a trip. I've offered the east-west stuff, but last time she was going from National in Washington to La Guardia in New York. And I told her, ``Hey, just don't upset the controllers before I get on board, if you don't mind.'' So I might take you up on that. OK. Last member of this panel is Barbara Graff, the emergency preparedness manager for the city of Bellevue. Thank you for coming. Ms. Graff. Thank you. Good morning, Congressmen Horn and McDermott. Congresswoman Dunn, welcome home. In decades past, Bellevue has been referred to as the bedroom community of Seattle. These days, we refer to Seattle as the dining-room community of Bellevue. I am the emergency preparedness manager for the city of Bellevue, and though my costume implies that I am a single department representative, our division is in charge of an all- hazard program for all city services and departments. Our city has been dealing with the problems posed by the year 2000 using a team effort. The technological problems associated with Y2K have been mitigated under the leadership of our Information Services Department. An interdepartmental preparedness plan to deal with any consequences has been developed by our emergency preparedness organization. My division has been responsible for educating the public. And our city council and senior staff team have been responsible for providing support, leadership and resources to prepare the community. The city of Bellevue has been actively addressing year 2000 issues for several years. A strategic plan was developed in 1997. 24 major computer systems were evaluated to determine the cost benefit of replacement versus modification. Programming updates have been completed, tested and implemented for all systems for which modification was determined appropriate. The remaining seven systems are in various stages of replacement, and will be completed and operational by the end of September. As a precautionary measure, however, contingency plans have also been developed for remediating or running parallel modified systems through the new year. Research has been conducted on the more than 500 products which contain process controllers or microchips, and an independent consultant has recently studied, tested and validated the city's Y2K remediation work. Early this year, the city's Emergency Operations Board developed a Y2K readiness plan outlining contingency measures to ensure no disruption of critical services for our customers, similar to the State of Washington's goal. This augments a comprehensive all-hazard emergency operations plan that had already been in place for 8 years. This includes: one, an aggressive public outreach self-preparedness campaign; two, working closely with our partners in service delivery, such as Puget Sound Energy, Overlake Hospital, and the Seattle Public Works Department; and three, preparing our own employees so they'll be ready to assist the community in any circumstance. Our Emergency Preparedness Division has applied the same philosophy to Y2K preparedness that we have given to the 50,000 people in our community over the last 8 years about earthquake preparedness. The better informed our community is about potential problems, the more likely that they will take appropriate self-preparedness steps and the less likely that emergency services will be overwhelmed. We're making use of all possible public education formats, including videos on local governmental and community college channels, newsletter and newspaper articles, classes and workshops. Our ``Stomp on the Millennium Bug'' brochure is available at all city facilities, it's on our city webpage, and we display it throughout the community. We also make sure it's in the hand of every fifth grader at all public and private schools. They're the ones who get their parents to take action. We've met with the Chamber of Commerce and Bellevue Downtown Association regarding specific concerns for small to medium-sized businesses who may not have the resources or inclination to engage in general disaster preparedness, let alone prepare for this specific threat. We've directly mailed a letter to all city B & O taxpayers and the chamber of commerce mailing list providing resources and information to prepare their businesses. We're encouraging neighborhoods to organize themselves according to the Strengthening Preparedness Among Neighbors program that recognizes that many times your best source of help in region-wide disasters is your neighbor. Emergency generator power is available at parks department community centers, which could be used as mass care shelters. Protocols are already in place to fuel our vehicles, top off our water tanks, utilize manual procedures where appropriate, and assign appropriate staff to work through critical time periods. Our emergency management organization has already conducted two tabletop exercises this year to identify any weakness in our contingency plans and improve our operational readiness. Bellevue, like many jurisdictions, will be activating our Emergency Operations Center on December 31st, and we will be appropriately staffed and ready to respond to any circumstance. Arrangements are already in place with other important partners, such as our ham radio operator group, churches, the Red Cross, service clubs, and city volunteers. A great deal of progress has been made. Many people are preparing themselves for the same harsh conditions that a winter storm would bring: cold weather, scattered power outages, difficulties with communications and transportation. A lot of work has been done to fix the technological problems. Still, we believe there is reason for concern. Triaged, or sorted, fixes for many organizations means that a lot of work remains undone, opportunists with malicious intent, just-in-time delivery of goods and services, and the ripple effect of inadequate fixes for basic problems. Although no organization, public or private, can realistically offer a guarantee that Y2K will have no effect on their service, we can offer the assurance that we're ready to meet any consequence of the date change. Bellevue is treating Y2K as an opportunity to practice consequence management. First, we're aggressively mitigating our own technological problems before they can occur. Second, we're strengthening the partnership we had already created with our community in disaster preparation. Third, we're preparing to deal with whatever consequence may come our way in the new year. In any event, at the end of this year, we'll be better prepared to have our community and governmental services ready for the next earthquake or real disaster. Bellevue, however, is only one part of the picture. There are countless agencies related to each other through the common use of products and services. The year 2000 will be, among other things, a great revelation of just how dependent we are on one another. It's also an extraordinary opportunity to strengthen our ability to count on one another. Thank you very much. [The prepared statement of Ms. Graff follows:] [GRAPHIC] [TIFF OMITTED] T0954.397 [GRAPHIC] [TIFF OMITTED] T0954.398 [GRAPHIC] [TIFF OMITTED] T0954.399 [GRAPHIC] [TIFF OMITTED] T0954.400 [GRAPHIC] [TIFF OMITTED] T0954.401 Mr. Horn. That's a fascinating presentation. This is the first time I've heard of fifth graders involved, and I think it's a terrific idea. And a number of cities are trying to use their billing method and everything else to get messages, but if you hit all the citizenry, that, too, is amazing. Now, what I'd like to ask is one or two questions, then I'm going to ask my colleagues to do it. And staff will go around and get your written questions, and we'll work those into the dialog. And then Mr. Willemssen will close out the dialog based on what he's heard this morning. So let me begin. And we'll start with Mr. Hedrick and all of you. I'd like to go down the line. You've been immersed in this for a number of years, each of you. I've said from the very beginning this is a management problem, not a technological problem. Sure, we use this or that, experts in computers and whatnot. But now that you've been through this, if you could do it over, what would you do that you didn't do? And you sort of might have stumbled into it like everybody else has stumbled into it. So what would you contribute to us, Mr. Hedrick, on what relates to you, that you wish you had done 2 or 3 years ago? Mr. Hedrick. Well, I agree with you that this, at the very beginning, was a technology issue and rapidly evolved into a management issue. And we've actually learned some very good lessons in State government about how to manage complex problems that we're adapting for some future use. For example, our group of deputy directors at State agencies has met twice a month to assess our progress on Y2K, and is now continuing to meet twice a month to map our progress on building more digital government and electronic commerce. If we had to change something, I think we would have looked at the problems of embedded systems earlier than we did. As I mentioned in my testimony, we've been looking at our IT systems for 6 years now, and those are complete, essentially. Our embedded systems, though we've found fewer problems than perhaps we expected, we had to address more rapidly than we probably should have. Mr. Horn. Mr. Burwell, any suggestions, now that you've gone through this exercise? What would you like to have done over, earlier? Mr. Burwell. Well, I think one of the things would be, again, the embedded systems. We didn't really understand the impact and how to test those. I think one of the things we found early on, we were treating it like just a technology problem, and clearly it wasn't. And I think we would get agency involvement from the business side involved earlier. When we started our process, we were really working technology with LAN administrators, et cetera, not the people that knew the business and what were really the essential services. I think early on, also, we would have shifted the emphasis from resolving and fixing PCs and desktop equipment. That was our easiest job. That was absolutely the most easy job. It was dealing with applications and vendors and that sort of thing. And so we would have addressed that sooner on in the project. And finally, we weren't prepared to deal with and archive and index the volumes and volumes of information that my office was getting from the agencies. And that can be a real benefit in getting that information from all of the agencies and it becoming the base for a business and a technology inventory. Mr. Horn. Mr. Chakoian. Mr. Chakoian. I certainly agree with what my colleagues have said. I guess I would answer the question a little bit differently in terms of what have we learned that we can now institutionalize? What are the lessons we have learned that can become part of our way of doing business? And certainly having a better understanding of the relationships between our applications and the business functions that they serve; keeping business people more closely involved in decisions about the computer systems; standardization has been a big boon for us; really learning how to do good testing, we need to make that part of our way of doing business; and contingency planning. I think we have made huge strides in having good contingency plans in place that will not only serve us for Y2K, but for any kind of problem or emergency that we face. So all of those things need to become part of our way of doing business. Mr. Horn. Ms. Graff, if you had to do a few things over, what would they be? Ms. Graff. One of the easiest things about preparing for Y2K was the fact that we already had an all-hazard emergency operations plan for the city in place. Therefore, what we did for this specific threat was simply take a close look at our planning assumptions to figure out what's different about this event than any other regional disaster, such as an earthquake. I think what we would have done differently, had we had the opportunity, was lobby for exactly the actions that Congress took, which actually led the way to more businesses and entities sharing information with each other, rather than under the incentive of watching out for a lawsuit, trying to keep themselves in business. And those are the kind of partnerships that prepare any type of region or single entity for a disaster. Hopefully, like Marty mentioned, we'll learn and carry into the future some of the benefits of how we prepared for Y2K. Mr. Horn. Let me now yield to my colleagues here, and start with Ms. Dunn, on any questions she might have of the panel. Ms. Dunn. Let me just ask Mr. Willemssen a question off the top, because you caught my attention, Mr. Willemssen, when you talked about the Social Security Administration and you said that there is some work, minimal work, that remains to make sure that the Social Security Administration is fully ready. Can you tell us what that work would be? Mr. Willemssen. I testified approximately 2\1/2\ weeks ago on Social Security, and the testimony touched on Y2K. Among the areas that SSA still had to work on is one of their mission-critical systems had not yet been certified as compliant. Second at that time, they had approximately six data exchanges with outside entities that had not been fully tested and certified. Third, SSA was using a quality assurance tool, after everything had been remediated and tested and implemented, as a double-check to see if there were any problems that could be identified with this independent quality assurance tool, and they did find some problems that they are now following up on. And finally, another key area was that SSA had still remaining testing of their key contingency plans that they had to do. So there were a number of remaining tasks, but I'm confident that they'll get them done, because one thing that has been very evident among the Federal agencies is that Social Security is the leader. They've been very responsive to us whenever we've raised issues, and they immediately take action to address those issues. Ms. Dunn. Thank you very much. That's good to know. Let me ask a question of Mr. Hedrick. We recently read that three States are now Y2K compliant. You say that 98 percent of our State computer systems are fully compliant. How long will it be until we become a member of that wonderful list of only three now? Mr. Hedrick. There are six State agency computer systems that have some testing remaining to do that will be completed over the next 6 weeks. We also, as part of the auditing and assessment process, have looked at the status of higher educational institutions in the State, and there are a couple of those that have systems that will be completed over the next 6 to 8 weeks, also. Ms. Dunn. Thank you very much. I wanted just to mention to Ms. Graff, because your city is part of my district, and I'm very proud to represent more than half of Bellevue, I liked your comment about Seattle being the restaurant community for Bellevue. That's pretty appropriate these days. In the work that you are doing on behalf of the city, have you run into problems of fear of liability from companies that you've been dealing with? Is this what you were saying to us earlier? Ms. Graff. Not as much fear of liability as generic apathy to get ready for any type of disaster. In other words, they're in about that third phase of denial, that this really won't be that bad. And we'd just as soon that they would treat it in such a way that this might not be that bad, but the earthquake will be. Get ready once and you're ready for everything. So I wouldn't say that there's too much of that negative kind of energy on the local level from the businesses that we've talked with or the Chamber or the Bellevue Downtown Association, but it's a matter of getting their interest level up to do something. Ms. Dunn. Good. Mr. Chakoian and Mr. Burwell, I wanted to just ask you, as you have been so involved in organizing this for King County and Seattle, what are you most fearful of? Is there some area that comes to the top of your mind if you were asked what are you worried about? What are you worried about maybe for your families or your community as we move toward Y2K? Mr. Burwell. That's a good question. And I get that question an awful lot from friends and family and colleagues. My biggest fear is really the public hype and what's going to happen if you see your neighbor buying extra loaves of bread or filling up every vehicle and going to the bank and that sort of thing, and that we have to deal with with education. But that's my fear, more than the technology or power outage or that sort of thing, is having to deal with citizens overdoing it and not being educated. That really, this is just like--treat it like a storm, a three to 5-day storm, not a Seattle storm of one flake of snow, but a Chicago storm where you might be without transportation for 3 or 4 days. But to me, it's what I'm calling the public hype that I'm worried about, that things might get exaggerated. We've heard rumors of possibly a couple of movies coming out the last quarter of this year, and what is that going to do to the public minds? So that's my concern. Mr. Chakoian. Other than the long-term economic factors, which I've already mentioned I'm concerned about, I think in the short term, I have to agree with Clif. We will be ready to operate as normal. It will be a normal time for us because we'll be prepared. And if the public behaves normally, then we'll all get through this fine. If everybody picks up the phone at the stroke of midnight and calls 911 to see if it works, it won't work because the lines will be jammed. But if everybody acts in a normal, responsible way, I think we'll be fine. Ms. Dunn. Thank you. So as one of the members of our audience, Mr. Lloyd Robbins, has said in a question that I would submit to be asked later, he has said that we must be able to provide the public with adequate assurance that any possible problems after January 1, 2000, will be minimal, and that this will be quickly corrected. Thank you. Mr. Horn. The gentleman from Washington, Mr. McDermott. Mr. McDermott. Thank you, Mr. Chairman. It's always heartening to hear that everything is perfect and it's going to work well. And I've been around long enough to always wonder if that's exactly true. Are there any systems at either the State or city or county level that you think are liable to fail in this period? Important systems, let me make that clear, because one of the systems you said you were still working on was the distribution of ball fields. And I'm not sure, on January 1st, how important whether or not you can get the lights on at the Queen Anne Community Center to play soccer is. So I'm talking about important systems. Mr. Chakoian. Well, the parks department considers that an important system. It is on their mission-critical list, and it will be ready by January. But other systems also will be ready. There is no system on our mission-critical list that I can think of that I'm particularly worried about. On the other hand, we'll have contingency plans in place in case any of our external interfaces don't work. So if there's a problem with any of our vendors or suppliers, we'll have work- arounds for that. So I'm not saying today that everything will be perfect, but I am saying we'll be ready for whatever happens. And the mayor has given us the charge of ensuring that there is no disruption in basic service to the public, and we will honor that and we'll achieve it. Mr. McDermott. King County? Mr. Burwell. Well, I am worried. I'm confident, and I feel that we are ready, but I am worried because there are so many variables involved in this project, from the outside, from vendors, from power sources, from interfaces with other systems, our systems with the State of Washington, et cetera, and anything can cause a problem. But I'm confident in that we can fix the problems. We have contingencies. We have backups. We have test plans for the actual rollover weekend. And I've been in this business a long time, and we're good at solving problems quickly, if there are problems. And like Marty from the city, we don't expect problems. We think we're prepared. But there's probably going to be some problems, but we're prepared to fix them quickly. Mr. McDermott. The State? Mr. Hedrick. We've identified over 400 mission-critical systems. Every single one of them is going to be fixed and tested. But we live in a very interdependent environment where it is impossible to test every conceivable interface with other data, for example, from the Federal Government, but we will ensure that we meet the government's goals of no interruptions in service or loss of accountability. But we've established very detailed contingency plans. As other panelists have mentioned, this has been a great opportunity to do contingency planning that we should have been doing in any case and have been doing in any case, but have improved a number of those contingency plans that will be useful in the case of any disruptions. Mr. McDermott. One of the things that troubles me about this whole business is you all mention vendors, the interface between government and the vendors. And what's a little bit troublesome to me was Congress passing a bill giving blanket freedom from liability to vendors. And because that takes the pressure off, it seems to me, to get up and get running, exactly what was suggested by Ms. Graff, that some people say, ``Well, it's not going to be much of a problem. No problem, we'll fix it by and by.'' I wonder to the extent of what vendor areas do you see as the most difficult ones where you interface with the vendors from the outside? What are the most difficult ones? Mr. Chakoian. I guess I'll take a crack at that. We've identified 396 key vendors and suppliers that the city of Seattle depends on, and we're contacting those one by one and going through with them, trying to ascertain what is their year 2000 program, how are they doing, what level of confidence do we have of them. And so far, those discussions are going very well. Most of the companies that we deal with are larger companies that have the resources, and so on, to do the same kinds of things that we're doing. What does concern me is not that somebody won't be in business the first couple of weeks in January, but that overall, the worldwide connectivity of suppliers and products that these vendors depend on in the long term could have an impact. So I don't expect to see anything in January or February where a company that we depend on can't do business with us. I'm concerned about, over the first 6 months, seeing some of our key business partners perhaps have some difficulties based on their international dependencies. Mr. Burwell. Without getting specific on a specific vendor, vendors and ourselves are reluctant to use the word ``compliant.'' We've been advised by our prosecuting attorney not to use that word; ``We're Y2K-ready,'' or, ``We will be Y2K-ready,'' again, because there are so many variables. And so that's kind of how we answer questions about our state of readiness, that we're trying to avoid the word ``compliant.'' But I've found with some vendors, one in particular that I would rather not mention, that is so reluctant that they won't give us a status, and we have to go to sources like the web and those kind of things to get information, but is one pretty critical vendor who we believe is ready but will not give us any statement of readiness. Mr. McDermott. Is that a liability question, a legal question? They don't want to set themselves up having said, ``I'm compliant,'' and then it turns out that---- Mr. Burwell. I think it is. I think it is. And just recently I got a phone call, and it was a recorded message from a vendor, and it went on for minutes, what they will and what they won't do, and if you do this and if you don't do this, and blah, blah, blah, our product is not ready. And it was a very disappointing statement to me that a vendor would announce their readiness, or lack of it, via a recorded phone message. That's just kind of two examples of what I've faced, but there's a reluctance by many to say ``we're compliant'' because of the variables and outside influences on their ability to be compliant. So they're reluctant to communicate that. Mr. McDermott. At the State level? Mr. Hedrick. We have tested every vendor-related information technology issue. But State government is dependent upon a wide variety of vendors, from the buildings that we lease--and we've asked for Y2K assurances on all of those--to, for example, foster care and health care that State government contracts for. We do not have the capacity, for example, to independently audit every single one of the Y2K statuses of all health care providers in this State which we regulate and, in many cases, are vendors because we pay bills. Our Department of Health has sent letters to every single health care provider that we regulate and demanded assurances that they're dealing with the Y2K problem, and let them know that they're going to be responsible for carrying out their responsibilities come the beginning of the year, and demanding a response back. And one of the interesting things that we've done is, last week, we released on the World Wide Web and to the press the names of every hospital, for example, in the State that sent us back the letter, and every one that didn't. And that got their attention pretty quickly once that was released. So again, it goes back to our fundamental belief that we need to provide the public with as much information as possible, and that people will make good decisions based upon that good information. But we live in a world of uncertainties. Mr. McDermott. I didn't mean to exclude Bellevue. Have you had problems with vendors? Ms. Graff. We're pretty much in the same boat as Seattle is, that it's very difficult to get a clear compliancy statement from absolutely all of our vendors. A lot of us are in this form-letter chain system right now where they send us a form letter, we send one back, we send a more complicated one, they send a more complicated form letter back. I think that one of our biggest concerns, quite frankly, are the testing procedures that still need to be done throughout the remainder of the year. I think we're all aware of the fact that unless you have the folks from the vendors or the manufacturers available to help in the testing procedures for equipment that has microprocessors or microchips, you may well invalidate the warranty associated with that equipment. And I think that more and more people who are just now getting to the testing phase, and if their schedule is perfect and nothing interrupts them and there's enough technicians to go around, they'll say, ``Yes, we will be done by such and such a day later this year,'' whether or not there's actually enough folks to go around to do that. So I still have a little caution about the testing procedures. Mr. McDermott. Thank you, Mr. Chairman. I think it's an issue that we need to look at carefully in terms of what kind of liability exclusion we give people. Mr. Horn. Let me just ask a brief question, just because it comes up in different cities and counties and States. In the case of State prisons and in the case of county jails, those systems, in terms of releasing people, we've found in a couple of cases that they had real problems with that regard. And I'm just curious what the jail and prison situation is? Mr. Hedrick. All of our correctional institutions are fully compliant. Mr. Horn. So you won't be letting people out that shouldn't be out? Mr. Hedrick. The default is to close the doors, not to open them. Mr. Horn. How about King County? Mr. Burwell. I heard the default was to open the doors. But in King County, our adult detention facilities, including the Regional Justice Center in Kent, are all Y2K compliant. And we have very strong contingency plans for recovering if there are any problems. But they've all been tested and are Y2K-ready. Mr. Horn. I want to get in the audience questions very rapidly. So one of them here is: would the Y2K problem affect the stock market? The answer is: they're OK. Back in our first hearing in 1996, they were working on this. They have done extensive testing in terms of the stock exchanges, and there's no problem there. There's no problem with the clearinghouse. There's no problem with the banks. I talked to Chairman Greenspan 4 years ago on this, and he delegated it to Mr. Kelley, one of the governors, and the banks are in great shape, basically. So we don't have to worry about that one. And then: what's the status of the Health Care Financing Administration? And my colleagues have an interest in that because that relates to Medicare and Medicaid. And we do have a problem with some of the fiscal intermediaries, and we will be holding another hearing on that. But they have a very able administrator, and I think she's going to be on top of it. But it is a major problem without a question there. Mr. Willemssen, do you want to add something to that? Mr. Willemssen. Just to concur with your statement. The Health Care Financing Administration and Medicare remain one of the highest-risk Federal agencies. HCFA is busily working at Y2K, and also busily working at the contingency plans in the event that there are disruptions. Mr. Horn. Now, here's a question for Mr. Burwell, that organizations such as the city of Seattle have been working since 1993 to 1996, and have reached 80 to 88 percent compliance, says this individual in the audience. How can they fix the remaining 12 to 20 percent in 90 days, at least by the end of September? Mr. Burwell. I guess that was addressed to me, even though they were mentioning the city. For King County, we're at about 88 percent right now of our mission-critical systems. Where we're waiting is basically for vendor systems that are replacing noncompliant systems. Those systems are installed and being tested. So we really don't feel there's a problem with reaching that. Mr. Horn. But that was the question the person had. You've said 88 percent, and they were wondering how you get the remainder, and would you be able to do it in a timely way, either in the city or the county? Mr. Burwell. And we would, because it's just a matter of installation. Mr. Chakoian. It's the same with the city of Seattle. It's not like we're now starting on those remaining 20 percent of the systems. In fact, much like King County, we've already purchased the software. It's been installed. It just hasn't been put into production yet. Mr. Horn. Does either the county or the city have a hospital that's a public hospital? Mr. Burwell. Yes. We support, at least in part, Harborview. Mr. Horn. Now, the emergency rooms have been one that we've had a lot of testimony on. And when we were in Cleveland with the Cleveland Clinic, which is one of the top hospital facilities in America, they talked about the World Wide Web system that all hospitals can access in terms of manufacturer, manufacturer's model, date of this equipment, and so forth. So they don't have to reinvent the wheel, nationwide. The information is there from the contractor and manufacturer, as well as the hospitals. So I just wondered if you were making use of that? Mr. Burwell. I'm not personally--the University of Washington is overseeing the medical programs there and at Harborview. And I apologize. The only thing I can respond to is that I've heard them say at our stakeholder meetings that they are Y2K-ready. Mr. Hedrick. Those are actually state-funded institutions. The University of Washington Medical Center, as part of our assessment process, have gone through our outside auditing process and they are ready. They had some problems early on, but they've resolved those. Mr. Horn. Here's a question, and Mr. Willemssen, I'll let you answer that one. Please define ``Y2K-ready'' and ``Y2K compliant.'' Are they the same? Mr. Willemssen. No two people will give you the same answer on that. I think it was touched on, I believe, by Mr. Burwell a little bit earlier, about, that generally speaking, the term ``Y2K-ready'' is held in a bit lower level of stature, and ``Y2K compliance'' is considered a more difficult standard to achieve. But in order to really understand those terms, you've got to get to the actual definitions and exactly what the vendor, in this case, is referring to by that particular term. Mr. Horn. Here is one really for all. Are there score cards or report cards for other municipalities and internationally? Are there these cards? The answer is no. It's simply been our subcommittee's view that, working with the General Accounting Office, we could translate all the gobbledygook of the quarterly reports and sort of give a view to the Nation, because we're all familiar with grading. And this is not a pass/fail thing. We actually have worked out between the ``Fs'' and the ``Ds'', and the administration as a whole has gone through ``Ds'', ``C-minuses'', ``C- pluses''. They're now at ``B-minus''. We're confident they'll get to the ``A'' in a bit. And the State Department, which was mentioned a little while ago, the State Department is particularly interesting. We've given them ``Fs'' consistently for several years. And then finally, they moved from ``F'' to ``A minus''. And one of the computer newspapers said to one of the supervisors there, ``How did that happen?'' And the supervisor said, ``I guess my boss just got tired of having them give me `Fs.' '' And so it's the last-minute student that's very bright and works all night and finally gets it. So the State Department has been in that situation. And, of course, the problem there is a lot of interconnections. Not as many as we think abroad, because they are pretty much self- contained in a lot of their computer systems. But we have a major problem in terms of developing nations. And the World Bank, I had asked 3 years ago for the Secretary General of the U.N. to put an international conference together. They finally did a year ago, and 120 nations showed up. And Mr. Koskinen and I both went up for that one, and it was really an excellent dialog. And just recently, the U.N. again held a meeting, and as I remember, 173 nations showed up. The World Bank picked up the tab for a lot of this. So it's a last-minute bit, but we have real problems in some of the developing nations in this regard. And a lot of that relates to our trade, to businesses. And if businesses in certain countries can't connect--especially with your great port here--with their subsidiaries in the United States or in Europe, we have problems. And so that's still an open matter. Then one question was: how do we safeguard ourselves against opportunistic groups that want to take advantage of Y2K failures? That's a very good question. There will be a lot of nuts that come out of the woodwork, and they'll want to scare you out of the whole building, and you need to not bite. And this was said very well by Ms. Graff. You look at it as just a regular emergency. In the case of California, I think about earthquakes, think about fires, think about floods. We have all of them. And so do you in many ways. And we just have to systematically be prudent and say, ``Keep a little bit of food around.'' When I tell my Mormon friends, ``Gee, we ought to have at least a couple weeks or couple months,'' they say, ``Look, we've been doing a couple of years forever. So don't worry about us.'' But that said, just be prudent and get a battery supply and all the rest of it. So I wouldn't worry on that if we, as was said, use common sense. And that's important. And then Mr. Willemssen; could computers that read 2000 as 1900 cause problems? How severe? That's the problem. I don't know what else we can say to it. Mr. Willemssen. That's the subject of today's hearing. Mr. Horn. Exactly. In your written statement, they said to Mr. Willemssen, that the Federal Office of Management and Budget established target dates for agencies to complete business continuity and contingency plans. Has OMB implemented your suggestions? Why or why not? Mr. Willemssen. They have not implemented our suggestion of establishing specific dates on when the business continuity plans need to be tested, which we recommended those plans be tested no later than September 30th. It's one thing to have a plan on a piece of paper and put on a shelf, but you have to test the plan to make sure that it's actually going to work should some of these risks realize themselves. We're not aware, as of right now, that OMBL, established that date. We know they are putting a lot of emphasis in the area of contingency plans, but essentially leaving it up to the agencies to determine when they're going to test. Mr. Horn. I might add that with OMB, when Dr. Raines was director--that's one or two directors ago--he did a first-rate job in taking over on an attempt at the reporting. And the key there is what some of you mentioned. We've had outside verification. Well, in the case of the executive branch, we asked the inspectors general, which have been created by Congress in all the major agencies, to be that verifier, because when we ask the agencies to produce what are their mission-critical systems, that's strictly an agency determination, and it's the right way to go at it because they should know what is most important for them. And I suspect the State looked at it the same way. Ms. Dunn says Dr. Raines is from Seattle. Obviously, a good person, right? He's now with Fannie Mae. You can tell he's a bright person and got out of the executive branch. That's not said about any administration. It's just that you can't beat being at Fannie Mae, and he went there. The letter of Mr. Robbins and Mr. Bevan of JHB Consulting wanted us to ask this question: who did the independent verification and validation on your systems? And I guess we just go right down the line. And Mr. Hedrick, who did it in the case of the State? Mr. Hedrick. Well, as I mentioned before, we have a two- level system of assessment and auditing. There are a number of different computer consultants that have done assessments at different State agencies and higher educational institutions. A company called Sterling & Associates did the overall risk assessment and this rating. Mr. Horn. Let me state the rest of the question: if you did your own internal remediation and testing, why didn't you have your software systems validated and verified by an independent, outside organization? So that's the whole question. Mr. Burwell. Mr. Burwell. And that's a very valid point. And we did do that with an outside consultant, and I hired outside contractors to conduct that IV&V. Mr. Horn. Mr. Chakoian. Mr. Chakoian. Yes, we've worked with Data Dimensions to do our assessment, and they're continuing to work with us to do this ongoing audit of our systems and processes. Mr. Horn. Ms. Graff. Ms. Graff. The city of Bellevue used Coda Consulting, Inc. Mr. Horn. Well, as they say here, ``We hope that your hearings will be able to provide the public with adequate assurances that any possible problems after January 1st, 2000 will be minimal and quickly remedied.'' And we thank you all. We're going to have to move to the next two panels, but we really appreciate the dialog here. Mr. Willemssen, do you have any point in particular before they get up? I'm sorry I didn't call on you sooner, but I wanted to get those questions in. Mr. Willemssen. Just one quick point that was mentioned earlier about concern of public overreaction. In my experience, the best way to counter that is by providing, transparently, data on readiness that has been independently verified. I think you've heard from the witnesses on this panel that they are doing that or plan to do that. And again, our experience shows that's the best way to counter public overreaction. Mr. Horn. I think you've got it absolutely. Put all the cards on the table. Thank you, each of you, for coming. A very helpful dialog and very helpful statements. Thanks for coming. We now will call forward the second panel. And members of the second panel are Mr. O'Rourke, chief information officer, Bonneville Power Administration; Jerry Walls, the project manager for embedded systems, Y2K, at Puget Sound Energy; James Ritch, deputy superintendent, finance and administration, Seattle City Light; Marilyn Hoggarth, manager, Washington State public affairs, General Telephone; Dave Hilmoe, division director, water quality and supply, Seattle Public Utilities; and Brad Cummings, Y2K program manager, University of Washington Academic Medical Center. Ladies and gentlemen, if you'd stand and take the oath. And anybody who is going to talk behind you stand, too. So I think we've got eleven covered. [Witnesses sworn.] Mr. Horn. The clerk will note all the witnesses and their supporters and assistants behind them have taken the oath. So we will begin, Mr. O'Rourke, with you. And I enjoyed seeing the Bonneville Dam recently. And you are the chief information officer of the Bonneville Power Administration, so we look forward to hearing you. Mr. O'Rourke. Thank you, Mr. Chairman. Mr. Horn. And again, we're talking about summarizing the statement. Don't read it. We've got it. That's automatically in the record right now. Mr. O'Rourke. I understand. STATEMENTS OF JOE O'ROURKE, CHIEF INFORMATION OFFICER, BONNEVILLE POWER ADMINISTRATION; JERRY WALLS, PROJECT MANAGER, EMBEDDED SYSTEMS, PUGET SOUND ENERGY; JAMES RITCH, DEPUTY SUPERINTENDENT, FINANCE AND ADMINISTRATION, SEATTLE CITY LIGHT; MARILYN HOGGARTH, WASHINGTON STATE PUBLIC AFFAIRS MANAGER, GENERAL TELEPHONE CO.; DAVE HILMOE, DIVISION DIRECTOR, WATER QUALITY AND SUPPLY, SEATTLE PUBLIC UTILITIES; AND BRAD CUMMINGS, Y2K PROGRAM MANAGER, UNIVERSITY OF WASHINGTON ACADEMIC MEDICAL CENTERS Mr. O'Rourke. Thank you, Mr. Chairman, distinguished members of the House subcommittee. In the role of chief information officer, I am responsible to the administrator for BPA's Y2K readiness. We appreciate the opportunity to appear today, and I appreciate your continued support for this important issue. Let me get right to the bottom line. Bonneville is confident that our system will operate safely and reliably on New Year's Day, 2000. We are Y2K-ready, and we're confident the lights will stay on. I don't say that lightly. BPA has taken Y2K very seriously. We're keenly aware of the importance of the power system to the safety and welfare of the Pacific Northwest. We have a long history of exemplary customer service of providing safe, low cost, reliable electricity, and we don't intend allowing Y2K to affect that. I'd briefly like to talk today about three major reasons why we are so confident BPA will meet the Y2K challenge. First, we've had a methodical program in place since 1995. Second, we have worked closely with our business partners to coordinate Y2K preparations. And third, we're not resting on our laurels. We continue to monitor our systems and redefine and refine our contingency plans right up to and beyond January 1st, 2000. BPA is a Federal power marketing agency. We sell about 40 percent of the electrical power and about 75 percent of the transmission service in Oregon, Washington, Idaho and western Montana. We do not own or operate generating facilities. The wholesale power we sell is generated by 29 Federal dams on the Columbia and Snake Rivers that are owned and operated by the Army Corps of Engineers and the Department of Interior's Bureau of Reclamation, and one nuclear plant owned and operated by Energy Northwest. We saw early that Y2K was critical. We started an inventory of our systems in 1995, and eventually we inventoried over 700 systems, hardware, software and embedded systems and chips. We made testing mandatory for mission-critical and mission- essential systems and equipment. Where needed, we remediated, then we retested. Then we subjected the program process and test results to an independent review and verification of findings. Our Y2K-ready systems are on line now, operating the transmission system. We've already passed two critical Y2K dates, December 31st, 1998, and April 9, 1999. By the time January 1, 2000 rolls around, we will have dealt with a third critical date, September 9, 1999. Secretary Richardson has called our BPA program an example of just plain hard work. And certainly working with the Department of Energy CIO office and their Y2K management team has helped us achieve BPA's objective and the Department's objective: as of March 31st, 1999, BPA is Y2K-ready. In our efforts, we've worked closely with our generation partners and Federal dams, the nuclear plant and the Western Systems Coordinating Council, or WSCC, and with our utility customers. The Corps of Engineers and Bureau of Reclamation both announced they were Y2K-ready March 31, 1999. Energy Northwest announced its Y2K readiness June 30, 1999. The 107 power systems in the WSCC plan to operate their transmission grids interconnected over the New Year's weekend. The WSCC grid is designed to operate more reliably when interconnected. If load and generation is lost, the generators in the WSCC can help each other stabilize their system. WSCC's Y2K task force is planning operations for critical Y2K dates, and conducting Y2K drills and training. Since our customers' transmission and distribution systems interconnect with ours, they can impact our reliability. We have inventoried the places where our transmission grid interconnects with theirs and collaborated on Y2K readiness, and, as well, we have emergency communications systems set up with all of our wholesale customers. Finding, testing and remediating, while important, is only one piece of our program. Contingency planning and clean management is where we're focusing our program at this time. No one can predict the future on January 1, 2000, or even tomorrow. That's why we do contingency planning, because there are no guarantees. BPA has, for years, been bringing the system back on line quickly, seamlessly, following winter storms and lightning strikes, often when end users don't even know it. The foundation of BPA's Y2K contingency plan is to operate our system so that we have more cushion over the New Year's weekend. BPA's hydro system actually provides more cushion than a system that uses mostly thermal plants. Hydro power can be brought on and off line quickly in response to changes. Our partners at the Federal dams will also be prepared to operate on manual controls. So dispatchers, and BPA's system as well, predates automation. Thereby, our substations can be operated manually. We've got the components in place. BPA is ready. Our Y2K- ready systems are up and running. Our generation partners are Y2K-ready, and we continue to be vigilant. That's why I can say that we're confident that BPA's power system will continue to operate safely and reliably at all key Y2K dates. Mr. Chairman, that concludes my testimony, and we'll certainly be happy to respond to any questions or recommendations from the panel on our Y2K readiness program. [The prepared statement of Mr. O'Rourke follows:] [GRAPHIC] [TIFF OMITTED] T0954.402 [GRAPHIC] [TIFF OMITTED] T0954.403 [GRAPHIC] [TIFF OMITTED] T0954.404 [GRAPHIC] [TIFF OMITTED] T0954.405 [GRAPHIC] [TIFF OMITTED] T0954.406 [GRAPHIC] [TIFF OMITTED] T0954.407 [GRAPHIC] [TIFF OMITTED] T0954.408 [GRAPHIC] [TIFF OMITTED] T0954.409 [GRAPHIC] [TIFF OMITTED] T0954.410 Mr. Horn. That's very helpful information. And we'll wait until we're all done, and then we'll have the dialog and questions. Jerry Walls is the project manager for embedded systems on the Y2K project for Puget Sound Energy. Mr. Walls. Mr. Walls. Good morning, Mr. Chairman, members of the committee. I want to thank you for inviting Puget Sound Energy here today to discuss our Y2K efforts. Based in Bellevue, WA, Puget Sound Energy is an investor- owned utility that has served the Puget Sound region for about 100 years. We have approximately 550,000 natural gas customers and 900,000 electric customers. We began working on Y2K issues approximately 3 years ago. On June 30th of this year, we filed a report with the North American Electric Reliability Council stating that we believe all of our mission-critical systems are Y2K-ready. This conclusion results from both our own internal seven-step approach to Y2K readiness, but also as well as working with our service providers to ensure that they are also Y2K-ready. In addition to our electricity operations, our gas operations also were Y2K-ready by our June 30th deadline. And we believe that on December 31st, 1999, that we will be conducting business as usual in both our electric and gas operation. Puget Sound Energy conducted a very extensive program to identify and check every component and system. If they found a problem, that problem was remediated and fixed. As part of that assessment and remediation, we did an extensive amount of testing to ensure that our systems were Y2K-ready. This included, in many of our systems, what we would call an integrated end-to-end test of all of the integrated systems. This is both internal and external to our company. Our objective, overall, was to learn that our gas operations, our electric generation, transmission and distribution, and telecommunication systems were all Y2K-ready. Through this $14 million process that we've been going through for the past 3 years, we physically surveyed more than 1,500 sites in 11 counties in the State of Washington. And through that process, we evaluated more than 25,000 separate items for date sensitivity that could have caused Y2K problems. However, interestingly enough, throughout this process, our Y2K team did not find a single item that we felt would have caused a severe disruption of either our gas or electric systems. However, working with those systems that either control or monitor our energy systems or telecommunications, we did find Y2K issues, and these would have hampered our operations and caused us to use manual backup systems that we've used in past times. But again, by June 30th, all the problems I just mentioned were Y2K-ready and they've been tested. In addition to those items I discussed, in our field areas, in the sites we visited, we replaced more than 500 separate devices that were not Y2K-ready. And probably close to two dozen separate computer systems were remediated, to some extent, for those systems that monitor or control our energy systems or our telecommunications systems. Again, in total, of all of the items that we looked at, less than 2 percent of these required remediation. Beyond the assessment and remediation of our own embedded systems, another important part of our work was contact with our critical service providers of energy and other critical services such as telecommunications. They have reported to us that they are Y2K-ready, and we have confidence in what they tell us. While we are pleased with our own Y2K initiative, it's important to have backup plans in place. And as we reported to NERC on June 30th, we cannot make absolute guarantees, of course, because Y2K is very complex. However, we have, as part of our readiness effort, a comprehensive contingency plan. Contingency planning is not new to Puget Sound Energy. We have had emergency plans in place for the 33 years that I've worked at this company, and before. Our comprehensive plan defines what we would think as unlikely Y2K scenarios that could occur on any part of our system. And part of the plan also includes detailed procedures and plans, how we would address any misadventure that could occur during the Y2K period. The plan includes staffing plans. We have more than 250 people onsite throughout our company, in mission-critical areas in our company, as well as, well before the rollover period, we'll have our Emergency Operations Center open, as we do during any company emergency. Our contingency planning has also included participation in the nationwide NERC drill on April 9th, which was a telecommunication drill. And we will also participate in the NERC drill on September 8th and 9th. We will be participating in that. Also, we have internal drills that we will conduct from now throughout the year, as we do every year when we prepare for wintertime. And with that, Mr. Chairman, that concludes my remarks. [The prepared statement of Mr. Walls follows:] [GRAPHIC] [TIFF OMITTED] T0954.411 [GRAPHIC] [TIFF OMITTED] T0954.412 [GRAPHIC] [TIFF OMITTED] T0954.413 Mr. Horn. Thank you very much. Mr. Ritch. Mr. Ritch is the deputy superintendent, finance and administration branch for Seattle City Light. Mr. Ritch. Thank you, Mr. Chairman and honorable members. Thank you for inviting Seattle City Light to testify regarding our utility's year 2000 readiness. I'm especially pleased to be here, since it's another opportunity to let our customers know that we are highly confident that our power will not be interrupted by the transition into the year 2000. In the way of background, Seattle City Light serves over 350,000 customers. In a typical year, we supply approximately 75 percent of our load from our own hydroelectric plants in the northwest. Seattle City Light is the seventh largest municipally owned utility. We are very proud that Seattle City Light offers the lowest cost, most reliable electricity in urban America. It is our mission to give our customers safe, economical, reliable electric service. We take this mission very seriously. We have taken the Y2K rollover challenge very seriously as well. Seattle City Light has been working to solve our Y2K problems since 1995. In February, Seattle City Light created a central Y2K project office to facilitate Y2K legal review, maintain project records, and coordinate the assessment and remediation testing and contingency planning for critical business functions. In order to keep track of what's critical, we broke our business into essentially eight critical functions, half of which involved the generation and delivery of power, the other half involved things like billing, payroll, paying vendors, getting materials, et cetera. On the business application side, we have most of our work force devoted to field operations. These are the people that make sure that the electricity is generated, transmitted, distributed to our customers. To keep things running smoothly, we use many computers to keep track of materials, schedule field crews, even enter time sheets. Every day, over 100 different field crews head out for work. When we went through our systems, we found that many of these business applications could not successfully process the year 2000 date. We also need to provide accurate billing and account information services to our customers. Our computer systems generate over 10,000 bills and process over $1 million worth of receipts every day. Early on, we determined that many of these systems also could not get you from 1999 to 2000. These are just two examples of how software works in basically the back office of Seattle City Light. I'm pleased to report that we have now completely remediated all 16 of our mission-critical business applications. We're now stepping through the city of Seattle's Y2K certification process for these critical systems. And it's important to remember that these systems do not affect our ability to deliver power to our end customers. On the operations side--and the BPA mentioned how important this is--the system is very interconnected. Seattle City Light has been working with the Western States Coordinating Council and North American Electric Reliability Council in coordinating our Y2K efforts. In early May, the U.S. Department of Energy asked NERC to assume leadership in preparing electrical utilities for the transition to the year 2000. That was in 1998. June 30th was the date for utilities to have remediation and testing completed for mission-critical systems. And these systems are things like relays, et cetera, that make sure that electricity is delivered. Only about 5 percent of our electric system's equipment contain embedded systems. For example, of the 5,000 protected relays that are used in our system, only 80 contain embedded systems. The vast majority of our field equipment is made up of electro-mechanical devices that pose no Y2K failure risk. Since a lot of the work is, and I think the embedded systems, at least for us, is one of the more difficult ones, we also hired a consulting firm, TAVA/Beck, to go through some of the inventorying that we did to make sure that we captured all of the potential areas of exposure in the embedded systems side. This would include systems at our powerhouses, substations, communications facilities, and our system control center. Based on their work, we are very confident that we have found and remediated those systems that had embedded chip issues. As of June 30th, all mission-critical generation, transmission and distribution equipment used in the production and delivery of power has been tested, remediated and declared ready for operation in the year 2000 and beyond. In the earlier panel, you talked a little bit about supplier readiness. We did contact over 400 of our vendors, and we got responses back from 90 percent. About half of them said they were Y2K compliant. Another 25 percent said they would be by the end of the year. And the other 25 percent are still trying to figure out how to respond to us. So I think that we are experiencing similar issues. Just one thing about contingency planning. The nature of the electricity business is that you have to be ready for any kind of emergency, whether it's lightning storms, earthquakes or fires, or what have you. We have well-established procedures in place to make sure that the power, if it goes out, comes back on as soon as possible. Over the rollover period, we will have staff at our powerhouses and system control centers and elsewhere to make sure that things flow as smoothly as possible. I guess, finally, we have had our program checked over by an independent quality assurance consultant. We have had very successful results in that, and that reinforces our confidence that Seattle City Light's power will not be interrupted by the transition to the next millennium. Thank you very much. [The prepared statement of Mr. Ritch follows:] [GRAPHIC] [TIFF OMITTED] T0954.414 [GRAPHIC] [TIFF OMITTED] T0954.415 [GRAPHIC] [TIFF OMITTED] T0954.416 [GRAPHIC] [TIFF OMITTED] T0954.417 [GRAPHIC] [TIFF OMITTED] T0954.418 [GRAPHIC] [TIFF OMITTED] T0954.419 [GRAPHIC] [TIFF OMITTED] T0954.420 Mr. Horn. Thank you. The gentleman from Washington, Mr. McDermott. Mr. McDermott. I just want to ask this question, because everybody uses this term, an ``embedded system,'' as opposed to what? What's the alternative to an embedded system? Mr. Ritch. I guess it would be one that could be attached to the side. No. The term is something that at least I kind of attribute to my technology people, and it's a chip that's embedded, if you will, into a device that you wouldn't think of as data processing. So I think one of the first examples were elevators and building control equipment. They have chips, clocks, if you will, that regulate when things go on and off, and they get called embedded because the device is embedded in the rest of the equipment. Mr. McDermott. As opposed to a computer system sitting at somebody's desk that doesn't have a piece of software in it? Is it software versus chip? Mr. Ritch. You guys want to take a crack at this one? Mr. O'Rourke. An embedded chip is a device, at BPA, for example, that is embedded in our transmission system and sends signals back to our control center that indicate to us the health of that transmission line. Mr. McDermott. Those are the problems? The embedded ones? You don't see them, you don't have access to them, they're just out there. Like in my car, where there's embedded systems all through the car. Mr. O'Rourke. They certainly are installed by design in our transmission system. And again, that's what gives us control information of the frequency the transmission system is operated at, the quantity of power that's currently being transmitted over the transmission system. And for additional information, this is Brian Furumasu, our technical expert at Bonneville. I'm sure he can answer the question much more eloquently. Mr. Furumasu. Yes, Representative McDermott. I'll give you an example. We use relays to protect our transmission lines. Prior to microprocessors, they were electromechanical devices, so they had no computers at all. Coils, and it was a mechanical device. So more recently, within the last 10 years, we've had microprocessors now that perform all of those same functions. And those relays are called embedded systems. Mr. McDermott. Thank you. Thank you, Mr. Chairman. Mr. Horn. You're quite welcome. It's a good question. And the Pentagon has millions of them, and that's why they're a little delayed. And as was noted, you have it in your car, you have it in your traffic lights, in most cases you have it in your microwave stove that does your sandwich, and so forth. So they're around, and they are difficult to deal with. We now have Ms. Hoggarth. Marilyn Hoggarth is the manager of the Washington State public affairs for the General Telephone Co. Ms. Hoggarth. Thank you. Well, we, as the other organizations, have already tested our systems for Y2K compliance as of June 30th, and our entire network is ready to go. We take the opportunity in what we call the maintenance window--after midnight and before 6 a.m.--to repair and test our systems, anyway. And during that timeframe, we've been able to make sure that everything is Y2K compliant. Regarding our vendors, if a vendor was not able to come up to the bar by the time we needed to be pretested, they simply were not our vendors anymore. We either were able to perform a work-around, have the vendor upgrade the system, or we changed to something else. A good example of this, although a small and I wouldn't say critical one, but one that's probably easy to visualize, is in Blaine, Washington, an area that we acquired in the ConTel merger several years ago, we had a message manager system, which is a voice-messaging system, that simply was not fixable. That was replaced with the GTE voice mail system. So those kinds of decisions were made down the line on all scales of the switching network. We, too, will be participating in basically a dry run, shall we say, on September 9th of this year, fully staffing our Emergency Operations Center. That will also be fully staffed on December 31st and into January 1st of next year. Our Y2K efforts will not end with January 1st. We'll continue operating that office for several weeks after that, and we'll just have to see how it goes. We're confident that the system will work correctly. Our biggest challenge is to continue to communicate to the public the difference or the demarcation between the public switch network and telephone terminal equipment that sits on someone's desk or in their home. Any telephone that has date and time sensitivity could be susceptible to Y2K problems. We have set up 800 number hot lines, websites, those types of things, lots of ways for customers to contact us regarding their specific situation. In the case of our major accounts, and this includes the 911 centers that we serve, those will receive individual attention from account managers. On a broader basis, we're, of course, doing press releases, issuing public information, doing bill inserts--it's questionable how many people read their bill inserts, but we try; it's one way to get ahold of everyone--to let them know that they have responsibility for the telephone equipment that's sitting in their home and business. Now, some customers are savvy to the fact that there is a difference between the public switch network and many are not. They still think of the telephone system as being one contiguous, end-to-end system, not understanding the whole concept of deregulation there. The public switched network, being our responsibility, is ready. We do tell people to check with whoever the vendor is for their telephone equipment, and that may not be GTE in many cases. So there is the potential there for a breakdown of the system. If someone has an older PBX, for instance, one of the big switchboards, that type of thing, that we don't maintain, we don't have responsibility for that specifically, and we have been communicating to our customers that they then must check with their vendor for that piece of equipment. As far as compliance on an international basis, GTE had a role in the Year 2000 Forum in late 1998. We cosponsored the first major Y2K international government and business meeting in London. It was called the Global Year 2000 Summit. And in connection with the Summit, GTE also hosted a half- day working session dedicated to interoperability testing for other participants. That's for telecommunications networks and systems that will work into the year 2000. Being an international company, we, of course, have concerns about how everyone will interoperate with telecommunication systems and other companies. I can't speak for their preparedness. We feel, domestically, that the telephone networks are in good shape, that there should not be a problem there. We certainly expect to have commercial power, but in the instance of not having commercial power, just as we would in any storm situation, we have backup generators in all of our switching offices that have a fuel supply that can keep them going for several days, and, as you'd mentioned before, treat this like it's a bad storm scenario. That is the preparation we're making on that level. As the manager of our emergency operation center pointed out as he was preparing to staff the center for New Year's Eve, we will have the opportunity to watch the news from across the world and the Nation. And being on the West Coast, should there be anything serious happening on the East Coast, we at least have a few hours to do something about it. Not that we anticipate having to do that, but that is perhaps the luck of the draw for us out here on the West Coast. We feel we've anticipated everything, but should there be a gremlin out there that we have not anticipated, we're able to watch what happens to the East Coast first. [The prepared statement of Ms. Hoggarth follows:] [GRAPHIC] [TIFF OMITTED] T0954.421 [GRAPHIC] [TIFF OMITTED] T0954.422 [GRAPHIC] [TIFF OMITTED] T0954.423 [GRAPHIC] [TIFF OMITTED] T0954.424 [GRAPHIC] [TIFF OMITTED] T0954.425 Mr. Horn. Thank you very much. And next is Dave Hilmoe, the division director of a very important resource that we all need. Maybe we can do without electricity for a while, but you can't do without water. And he's in the Water Quality Supply Division of the Seattle Public Utilities. Mr. Hilmoe. Mr. Hilmoe. Thank you, Mr. Chairman. Marty Chakoian, who was on the previous panel, is actually originally the Seattle Public Utilities Y2K director. He was doing such a good job for us in Y2K preparedness that he was asked to lead the city effort. We hope he's going to come back to us here in another year or so. He's covered a lot of the technology issues and city-wide issues, and so I've got a bit more of an operational focus. I'm pleased to be here today to tell this committee and our customers that all of our core services--water supply, drainage, wastewater conveyance and solid waste removal--will be ready for the next millennium. SPU began work on Y2K in 1996. Our Information Technology Division initiated organizational awareness, inventory, assessment and remediation projects. We realize Y2K could have been a serious business continuity issue, but through hard work and intense investigation, we can now say that Y2K is little direct threat to our ability to deliver core services that are essential to our customers. SPU serves 1.3 million customers, about half directly in the city of Seattle and half through wholesale districts. Geography and simple technology are the reasons why SPU has low inherent risk from Y2K disruptions. The Seattle water system, although large, is a very simple, redundant, and primarily gravity-fed system. Our main water supplies come from the western slopes of the Cascade Mountains. On average, over 80 percent of the water we supply reaches our direct service customers without any pumping. We have minimal use of Y2K-vulnerable technology. Our water system monitoring and control consists of mostly older technology, with a heavy reliance on human decisionmaking. That said, let me give you a few specific examples of what we've done to get ready. We upgraded our current water supply monitoring and control system to a Y2K-compliant version earlier this year. We reviewed all of our supply and treatment- related embedded systems, and replaced those that were not compliant. And we remediated all critical business applications. We needed to hire an outside contractor to complete and test the one water Y2K-related project that we could not complete on time and with our own staff. We are contacting all of our critical suppliers to reduce risk of service disruption. For example, an adequate stock of disinfection chemicals is going to be on hand, so we have no concerns about transportation or production disruptions. Our experience with multiple-day power outages at our main treatment plants during the 1993 inaugural day storm, and our experience with other emergencies have supported the creation of detailed, Y2K-specific contingency plans. And the keys to those plans are reliable backup communications, trained staff that are either on duty or on standby during the Y2K boundary period, and the availability of backup equipment. We are purchasing additional equipment to remove dependency on electricity for water service areas that cannot be gravity fed. We have very high confidence in City Light and Puget Power. This is part of our plan. Our water supply contingency plans have been tested and refined with two tabletop exercises, and those plans will be integrated now with an additional department-wide testing exercise in September, and a city-wide contingency plan test in October. The story for drainage and wastewater is similar. Our system is relatively simple. Runoff and sewage primarily flows by gravity from customers to intake points on King County Metro's trunk sewer line and the treatment plant. Where gravity doesn't do the work, we use lift stations. Critical stations already have backup power. The monitoring system for the 72 lift stations was determined to have a Y2K issue, and is being replaced with a new central system. Solid waste services have been reviewed for issues related to heavy equipment, contracts for collection and long-haul trucking. Scale house software systems have been upgraded. Readiness of the industrial trash compactors has been assured, and landfill management systems have been addressed. Again, prior experience and existing emergency operations plans have supported development of specific Y2K contingency plans. We have provided our customers with information on Y2K readiness directly in bill inserts, a webpage, and presentations to community groups--those are going to accelerate here toward the end of the year--and indirectly via reporting to the city of Seattle, State of Washington, and utility associations. And we've been responding to local media requests also in a full and timely fashion. In short, Seattle Public Utilities is ready for Y2K. We have made our very best efforts to ensure that quality drinking water will continue to flow, and drainage, sewer and solid waste services will all continue to work as usual. Thank you, again, for the opportunity to testify. [The prepared statement of Mr. Hilmoe follows:] [GRAPHIC] [TIFF OMITTED] T0954.426 [GRAPHIC] [TIFF OMITTED] T0954.427 [GRAPHIC] [TIFF OMITTED] T0954.428 [GRAPHIC] [TIFF OMITTED] T0954.429 Mr. Horn. Well, thank you. Water is key. Brad Cummings, Y2K program manager with the University of Washington Academic Medical Centers. Mr. Cummings. Mr. Cummings. Chairman Horn, thank you for this opportunity to give you the latest information on our year 2000 preparation activities. Again, I'm Brad Cummings. I represent the University of Washington Academic Medical Centers, which includes the University of Washington Medical Center and Harborview Medical Center. I'm also accompanied today by Tom Martin, who is the Medical Centers' Director of Information Systems and Chief Information Officer, and Chris Martin, who is Harborview's Administrative Director for Emergency Services. The objective of the Medical Centers' year 2000 effort is to continue to provide vital services to our patients throughout the Y2K rollover period. As two of the largest hospitals in the Puget Sound area, we recognize the vital role we play in the lives of area citizens, and we have committed significant resources to reduce our exposure to the risk and disruption due to year 2000 issues. We recognize Y2K as not purely a technical problem, but also a risk mitigation and business issue, with an approach to match. As referenced earlier, our efforts have been regularly monitored by the State of Washington risk assessment review process, which have helped us to further improve our Y2K procedures. I've been in this role for 2 years. I am pleased to report on the progress and share information about our overall preparedness. At this point, 90 percent of our computer systems are now determined to be Y2K compliant, and 100 percent of all systems with the highest priority are Y2K compliant. The remaining computer systems work consists of lower priority items, and we expect to complete that work by September 30th. Our clinical engineering directors are in the process of completing a major and successful effort to inventory and assess the over 6,000 medical devices on hand at each medical center. Currently, less than 1 percent of those devices are not yet classified as Y2K compliant, and we are upgrading or replacing those devices as soon as they become available from their respective vendors. Any device that is still not considered Y2K compliant by December will be removed from service at the hospital and alternative procedures will be followed. Our hospital facilities' systems are all determined to be Y2K compliant at this point. Those include heating, ventilation, air conditioning, security systems, fire alarm systems, and the system to deliver water, steam, and medical gases to where they are needed. As hospitals, we are also required for our accreditation and licensing to be capable of functioning independently of electrical utility power. So in the unlikely event that power is disrupted, we will have emergency power generators and we will continue to be able to operate vital services at each hospital. We have recently completed tests at both hospitals in which the regular utility power was shut off. Emergency generator power successfully took over within seconds, allowing the staff to provide vital services and to experience just how the hospital would function under such circumstances. The Y2K contingency planning we have done has also proved worthwhile in assessing our preparation for other potential emergencies, such as an earthquake. Although we feel confident in our overall preparedness for Y2K, the reality is that nobody knows for certain what exactly will take place on New Year's Eve, and, as is everyone, we are somewhat dependent on events outside of our direct control. So we have taken a significant contingency planning effort, using our existing emergency preparedness procedures as the foundation. This includes not only identifying work-arounds in the event that systems or devices are not operating correctly, but we are arranging to have increased staffing on hand over the Y2K rollover period. Our intent is to have both hospitals' Administrative Command Centers operational on New Year's Eve, and to also closely coordinate with the State and county Emergency Operation Centers to monitor and assess the Y2K situation as it develops. We are emphasizing to all medical center employees the important relationship between their preparedness at home and their ability to report to work and help maintain full operation of our hospitals. We are also confident in the area of regional collaboration toward Y2K, particularly among hospitals. Traditionally, regional hospitals have worked together in time of emergency to share needed supplies, take patients if necessary, and perform other steps as required to ensure the continuation of patient care. We have been working closely with the Washington State Hospital Association on Y2K as part of their existing emergency preparation activities. The year 2000 issue lends itself well to collaboration among hospitals, and we see that as another risk mitigation step available to us as necessary. Finally, it is important to remember that health care services can be provided in a low-tech environment if absolutely necessary. The service may not be as efficient as far as the utilization of hospital staff, and it may complicate billing and collection of payment, but health care is still ultimately provided by skilled professionals who are trained to provide that care even in the absence of high-tech equipment. The concept of triage is also fundamental, and the medical centers are staffed with professionals who are trained and prepared to allocate potentially scarce hospital resources to the patients who are most in need. In the event that Y2K events disrupt the hospitals, patients will be triaged appropriately to provide the best overall allocation of service the medical centers can provide. In conclusion, I continue to be impressed with the degree of commitment shown by all levels of the medical centers' personnel, supported by the highest level of administration, for addressing the Y2K issue head-on. And I believe that the University of Washington Academic Medical Center is providing leadership in this area. If citizens need to be in the hospital over the New Year's period, they can feel fully confident that Harborview and UW Medical Center will, as always, be able to serve whatever vital needs they have. That concludes our remarks. Mr. Horn. Well, thank you very much, Mr. Cummings. Let's start with the question I asked the last panel on the management side. If you had to do it over, what have you learned from the management side and when would you have done something else? Mr. Cummings. I think that the earlier you start Y2K, the better. However, it's important to keep focused on Y2K. I think the contingency planning effort has been vital in this step, looking at how we would operate things if they're not available. And that's been extremely valuable. I don't think that I would change significantly what we've done as a result of going through this the first time, but I think that, overall, our approach has been good. Mr. Horn. Mr. Hilmoe. Mr. Hilmoe. Marty Chakoian covered some of that on the last panel. I'd say that starting contingency planning a little bit earlier would have been of some benefit to us for Y2K. We've got an active plan right now, which allowed us to refine that not only for Y2K, but also for other emergencies that we may see here in the Northwest. Mr. Horn. Ms. Hoggarth. Ms. Hoggarth. I would say, from preparation of the network perspective, there wouldn't be anything that we would do differently. However, you can never have too much public information. As I mentioned before, there will, of course, be people who overreact to the whole Y2K concept, or some that simply choose not to read the information that we've sent them. Of course, we're prepared for those contingencies, but that would be the one thing that I would suppose you could do more of, but at some point you're at the point of no return. Mr. Horn. Mr. Ritch. Mr. Ritch. I think that we would try to get ownership of the problem from the operations people a little bit sooner to get at these embedded systems. It's easy to see where the PCs are. It's a little bit harder to see where some of these other chips might be. So that's one thing. The other thing, I think, would be to think of this more as an opportunity to talk to your customers and come up with a little better communication strategy for public information. Mr. Horn. Mr. Walls, anything you'd do differently? Mr. Walls. I don't think we would. We started off using a consulting firm that had been through this once or twice before. Along the way, we continued to talk with other utilities up and down the west coast on what worked for them and what didn't. However, it did seem like it would have been nice to inject somewhat more time in the process. Even though we think we started in time, it's an enormous project. And I don't think we would change much, if anything. Mr. Horn. Mr. O'Rourke. Mr. O'Rourke. I'd echo my colleagues. I don't think we would change our program significantly, but given Bonneville Power Administration's public responsibility, I think we probably could have executed a public information campaign much earlier to give the status of what we have accomplished and get the facts out in the public arena. Mr. Horn. Since Bonneville is statewide, I'd like to know from each of you the degree, if you have any, of rural customers as opposed to urban. And is there a special problem there in terms of reaching the needs of rural customers as opposed to simply urban, narrow-density, high-density living and this kind of thing? What about it, Mr. O'Rourke. Mr. O'Rourke. Our wholesale customers are comprised of metropolitan areas, rural co-ops. And what we have found is, in the rural environments of the Pacific Northwest, there's far less technology that would compromise distribution of electricity. Mr. Horn. Mr. Walls? Any rural customers to worry about? Is there a difference in readiness between the rural and the urban customer? Mr. Walls. Not at all. The process we use in downtown Bellevue is the same process used in rural Yelm. Same seven- step process of checking every device to ensure that it's ready. There was no difference in the way that we looked at our customers. Mr. Horn. Mr. Ritch. Mr. Ritch. All of our customers are in the greater Seattle area. Mr. Horn. Ms. Hoggarth. Ms. Hoggarth. We do have a large number of rural customers. However, our network has been 100 percent digital since September of last year, so there's no difference for the rural customer and the urban one. Mr. Horn. Mr. Hilmoe. Mr. Hilmoe. We service 26 wholesale districts, primarily in the urban area. Some of them are a bit more rural, some of them are relatively small, and we've got active communication with all of those customers just to make sure that any interdependencies are covered. Mr. Horn. Mr. Cummings. Mr. Cummings. Although our patients come from a multistate area, all of our services are provided here in the greater Seattle area. Mr. Horn. Let me ask my colleague from the State of Washington, Mr. McDermott, if he has some questions. Mr. McDermott. Just one sort of personal question after listening to all of this. You say, Ms. Hoggarth, that what sits on my table at home is mine, that you have no responsibility for it. So that means that that AT&T answering machine that I bought 10 years ago is compliant or not compliant? What's going to happen to me? Ms. Hoggarth. Well, you need to check with your vendor. And that is our big message. And we do have a GTE Phone Mart at Alderwood. Mr. McDermott. But if it simply says to me that on January 2, 1900, Charlie Johnson called me and left the following message, I'm going to get the message, or I'm not going to get the message, or will the phone ring? Ms. Hoggarth. Well, that depends. The different types of equipment that are out there are so varied that that is why we're taking the position that you do need to check with whoever provided that to you. If it's an AT&T system, then they, I assume, have an 800 number, as we do. We've also provided some 800 numbers, fax numbers, websites here, where you can contact us with specific questions about your equipment that we will try to answer from our Y2K office in Dallas. If it is, though, something that was provided directly from AT&T, for instance, we would refer you back to them. Time and date sensitivity, it's so varied from one telephone to the next. If you're simply looking at the basic phone with no caller ID, no date of any kind on it, nothing like that, you don't have to worry. But if you're looking at something that has the built-in features, like the caller ID phones and answering machine, those kinds of things, there is cause for concern, but I couldn't answer for the other vendors. Mr. McDermott. So what you're really saying is that everybody should open their bill and read everything in there, including how much they had to pay this month? Ms. Hoggarth. At least for the rest of the year. Mr. McDermott. At least for the rest of the year. OK. Thank you. Thank you, Mr. Chairman. Mr. Horn. Here's an interesting one. And I ask all of you this, because it's been a major worry, nationally. Have you tested compliant systems with noncompliant systems? And if so, will the old data corrupt the year 2000 remediated data? What degree has that test gone on? Mr. Cummings. In some sense, it doesn't make sense to test compliant systems with noncompliant systems. The assumption is they're going to be compliant. The answer is: it is possible to have corrupt data from noncompliant systems interface with compliant systems and cause problems. What you're doing is looking to isolate yourself from the noncompliant data. Again, nobody is completely independent. We all interface with different people. That's why it's so important to stay in contact with all of your interface partners to make sure that the data that you are getting is going to be compliant. Mr. Horn. How about it, Mr. Hilmoe. Mr. Hilmoe. You're asking a civil engineer here, so I need to get our technology person up here to answer that one. Mr. Horn. As a verification or testing system, did you try noncompliant data? Because that's what we've been told from day one in 1996 when we got into this, is that even if we remediated the code, and that with people abroad, especially in developing nations, that that might pollute our work. And I don't know. If you've got somebody, great. Let them identify themselves and title of their job. Mr. Deane. My name is Thatcher Deane. I'm the Y2K coordinator for Seattle Public Utilities. Mr. Horn. Just so we've got the name straight--we've got a reporter here that's going to have to translate all this--so spell it out for me. Mr. Deane. It's Thatcher, T-H-A-T-C-H-E-R, last name is Deane, D-E-A-N-E. Mr. Horn. Very good. Mr. Deane. And I would actually answer the question this way and say that Y2K is not a computer virus. We're not talking about infection of a compliant system by a noncompliant system. We're talking about the interfaces. And yes, we are looking at all of our interfaces related to our systems. Mr. Horn. That's very helpful. Ms. Hoggarth. Ms. Hoggarth. I'll call on Dennis Smith, one of our local managers. Mr. Horn. Mr. Dennis Smith. And what is your title with GTE? Mr. Smith. I'm the area manager for network operations. As far as testing compliant and noncompliant systems, I would agree with the gentleman on the end there that we really don't--it is kind of a non-issue, testing compliant with noncompliant. Mr. Horn. Well, will noncompliant data lead to difficulties with those codes that you've already remediated? Does that cause you to go backward or what? Mr. Smith. I suppose that--and I can't accurately answer that question. Mr. Horn. In other words, you haven't tried to add corrupt data that hasn't been remediated into your system that has been? Mr. Smith. We would try to isolate one from the other. Mr. Horn. OK. Well, that's wonderful if you can know it, but a lot of people are going to connect somehow that don't know it. So I just wondered what type of defenses do you put up in a system like that? Mr. Smith. I just don't know that I can accurately answer that question. Ms. Hoggarth. I would say from our perspective that once someone tries to hit the public switch network, say, with a telephone that's not compliant, the phone itself isn't going to work, so they're never going to get access going back inbound into the switching network. As far as our old data on customer records, those types of things, those have all been updated to new systems over the last 4 years. So on an outbound calling basis--we're on a network provisioning basis--we don't have the corrupted data in the network. So to that degree, we're isolated from it. Mr. Horn. Thank you. Mr. Ritch. Mr. Ritch. I guess I don't think that I can add much to what Thatcher Deane said about going through all of our interfaces, hand systems, and how they talk to each other to make sure that all of those things are compliant. And in our case, we could make a decision to leave something noncompliant, but that would mean, at least in my view, that we'd stop using it and we would take that system and toss it. So I don't think it's much of an issue, either. Mr. Horn. Mr. Walls. Mr. Walls. During our remediation, for example, on our energy management systems, those systems that manage our transmission and generation system, anything that that connects to, any system that that's integrated with they would test as an overall system. Literally, Congressman, there are hundreds of tests one will do on each one of these systems to ensure. And like the others, I've looked at the tests, but I don't recall us transporting corrupted data into those systems, because everything we integrate with is compliant or Y2K-ready at this time. Mr. Horn. Mr. O'Rourke. Mr. O'Rourke. Congressman, a key component of our Y2K program was to migrate all of the information that was maintained in our older systems to Y2K-ready systems. So again, to echo some of my colleagues here, it became a nonissue. Mr. Horn. Mr. Walls, a person in the audience has a question for you, and it says: did you check the embedded chips in each device, or did you just check one of the devices and assume the others with some model number, et cetera, were OK, or did you just ask the vendor? Mr. Walls. We did a number of things. Obviously, in a power system where we have 800,000 electric customers with their electronic meters, we did not test all 800,000 meters. What we did in all areas, whether they're protective relays, metering devices, fault recorders, whatever that device might be, we took a representative example of those devices and then conducted the test. In some situations, we isolated whole sections of our transmission or generation system and tested a community of devices in an integrated test. So we did not test every device, but we tested enough in each one of the releases and revisions to ensure that we were confident we were Y2K-ready. Mr. Horn. Mr. Cummings, this is directed to you by a member of the audience, and it's an interesting problem that we face nationwide, and that's prescription drugs. Many are imported. What is being done to stockpile imported medications if our foreign suppliers cannot provide them because of their own Y2K problems? An example is Denmark, which provides one-half of the insulin used by diabetics in the United States. Mr. Cummings. That's a very good question. We are looking at all of our supplies, including pharmaceuticals, really on an item-by-item basis, to identify the risk associated with each one, and looking at it on a vendor-by-vendor basis as well. As I mentioned before, traditionally, hospitals have been very collaborative as far as sharing scarce supplies. We are in close contact with the pharmaceutical community, with the vendors and with manufacturers, and we are relying on the information they're providing us. The reality is that there is definitely some risk, especially as we get outside of the United States. I think I would agree with some of the earlier comments that the United States is better prepared than any other country. Again, we're looking at that as, what are alternatives to different drugs. And that's a challenging question. Mr. Horn. Thank you. Mr. Willemssen, do you have any sum-up based on this panel? Give the gentleman a live microphone. It's taped with cement to the carpet. Mr. Willemssen. One comment. On the question that was raised about data exchanges, and one system being compliant and one system not, let me throw out a different scenario. Two systems are compliant, according to the organizations. One was compliant due to expanding the date field. The other one was compliant due to a windowing technique that was used. Even though each of those organizations view their systems as compliant, when the data exchange occurs, if it hasn't been adequately tested and addressed for those differing data streams, it won't work properly, and there is the risk of corrupted data. So going beyond the example that was posed in the question, we even have a problem where one organization says it's compliant and another one does, but unless they've tested that data exchange, you don't know from one end to the other whether it will work as intended. Mr. Horn. Thank you. That's very helpful. Well, we're going to move on now. We thank each of you. And we're going to have panel 3: Willie Aikens, the director of companywide process and strategy, the Boeing Co.; Don Jones, director of year 2000 readiness at Microsoft; Joan Enticknap, executive vice president, Seafirst Bank, a Bank of America company; William Jordan, deputy superintendent of public instruction, State of Washington; Rich Bergeon, consultant, NueVue International, Audit 2000. If you and your staff that might make a written or oral statement would stand up and raise your right hands. And we have three staff members and five witnesses. [Witnesses sworn.] Mr. Horn. The clerk will note all of them affirmed. And we'll start with Mr. Aikens, the director of companywide process and strategy for the Boeing Co. STATEMENTS OF WILLIE AIKENS, DIRECTOR, COMPANYWIDE PROCESS AND STRATEGY, THE BOEING CO.; DON JONES, DIRECTOR OF YEAR 2000 READINESS, MICROSOFT CORP.; JOAN ENTICKNAP, EXECUTIVE VICE PRESIDENT, SEAFIRST BANK; WILLIAM JORDAN, DEPUTY SUPERINTENDENT OF PUBLIC INSTRUCTION, STATE OF WASHINGTON; AND RICH BERGEON, CONSULTANT, NUEVUE INTERNATIONAL, LLC, AUDIT 2000 Mr. Aikens. Mr. Chairman, the Boeing Co. is excited that you are holding this conference. We are very, very pleased to share the status of where the Boeing Co. is, and to provide any information to the public that would make this challenge less. As you'll notice to your right, the Boeing Co. is not an island. This is a world challenge. We have customers in 145 countries, and we operate in 27 States in this country. So my challenge is very easy: all I have to do is keep those 27 States ready for Y2K. And I relish this challenge. Now, we started, at the Boeing Co., in 1993. We recognized this problem early. Our CEO, Phil Condit, and his staff, were involved. We report to our board every 2 months. And this has been going on for the last 2\1/2\ years. My boss, the CIO, the chief information officer, is responsible for this whole challenge. And I look at this on a daily basis with all of our operating groups. Now, this is not a new problem, and this is not a separate problem. This is a sustaining, day-to-day situation, and you don't need a brand-new organization to conquer this challenge. And as you will see in some of my charts, this is the way we treated it. Each operating group must conquer this challenge. It's not something where you can put up a Taj Mahal and say, ``All right, you will pull the strings.'' I just happen to be the program manager, with some program managers in each of our operating groups. This is the situation. In 1998, we remediated all of our systems. And in 1999--this is what we're all about--they were ready in 1998, and the 1999 challenge was to put them back in production. That's what the problem is here. 98 percent of those are back in production, and the 2 percent are not material; they're being replaced before September 30th. Now, the key is that we have done, from a business standpoint, scenario testing; i.e., in the Boeing Co., we need to follow the money. So we start with our customers, and we reversed the sequence on processes and systems. And we'll be talking that on my presentation. We're not counting critical computing systems. They are only tools in our process. And once you look at the scenario testing with the partners and suppliers, then you'll know if you need to have a critical system with a contingency plan. Every system doesn't need a contingency plan. The critical system that might break does. As you can see, we've followed the normal process of looking at everything, finding it, fixing it, putting it back into production. When you talk Y2K, if you look at the applications, well, we have many applications. They are all back in production. But you don't just concentrate--I need a dial tone--on computers, but I also have to look at things that are outside of my control, and those are the suppliers. And more importantly--and I won't go through all of these-- here is the embedded we've been talking about. These are the product embedded. They're not all equal, but in order to do the Y2K challenge, you need to look at all of these activities, with desktops being the lowest priority. We can always do those. But those are the things that are in my company. So it boils down to contingency planning. And we talk contingency planning not as an item, but you're looking at rollover and what happens after we cover it. We profusely took GAO's information and we made sure that we used that guideline. Now we're into making sure that the other people are doing what they should do at our sites. And as outreach, we've been working at this for the last 4 years. We've been to London, New York, Washington. We've had every meeting with the FAA, and we've had the industries, and also we put the biggest armada of customers, 330, in Seattle. Now, I could give you more, but you've only given me 5 minutes. For the last 20 seconds, Mr. Chairman and Congresswoman Dunn and counsel, I'd like to take you on a 20- second ride with our chairman, Alan Mulally, who sat in our 737 and looked at whether or not we were ready. We set the clock back to 11:30 on December 31st. And I'd like for you to put on your safety belts, and let's roll. [Videotape is played.] Mr. Aikens. There are no safety-of-flight issues with our airplane. And I invite you to look at our website, because John Koskinen asked us to put up a website so the small to medium- sized businesses could profit. And if you look at our website, that's exactly what we have done. [The prepared statement of Mr. Aikens follows:] [GRAPHIC] [TIFF OMITTED] T0954.430 [GRAPHIC] [TIFF OMITTED] T0954.431 [GRAPHIC] [TIFF OMITTED] T0954.432 Mr. Horn. That's very helpful. I agree with the Minister of China, that when Mr. Shuster, chairman of our Transportation Committee on which I serve, went over there, and he said, ``No Boeing, no going.'' Now, why some of their cousins are getting an Airbus, I'm wound up on that subject this week. So we'll see what happens. Anyhow, let us go on now to Mr. Jones, who is the director of the year 2000 readiness at Microsoft. Glad to have you here. Mr. Jones. Mr. Chairman, on behalf of Microsoft, Bill Gates, and Steve Ballmer, thank you for inviting us to testify. In addition, we'd like to thank you for your passage and support of the Information Readiness and Disclosure Act, as well as the recently passed Y2K Act. My remarks today center around four key areas. The first is Y2K and the personal computer, followed by Microsoft's efforts in three areas, internal readiness, product readiness, and customer readiness. As the year 2000 relates to the personal computer, there is some good news. The PC was always designed to support four- digit dates. There is no two-digit date usage within the PC in Microsoft software. There's been a lot of discussion today about compliance definitions. What we've determined is the compliance definitions globally have many different meanings, and they vary within the United States, even by agency. This makes it very hard for an organization to declare compliance. We've applied a set of compliance criteria to our products, and I'll discuss that later. What we're seeing as far as customers and government and where they're at now with the year 2000 programs: most have moved on from requesting product information from Microsoft to really focusing on contingency planning with Microsoft as a vendor. We'll be there for them should they have any issues come January 1, 2000. We've seen inadequate work to date in contingency planning, both within the government sector as well as in small and medium businesses, and finally enterprises. One concern that we do have is some economic data that's beginning to become apparent, and that's that about three- tenths of 1 percent of the GDP will move into 1999 from the year 2000. That means companies are going to stockpile at least a percentage of their raw materials preparing for the year 2000. This could cause a downturn in earnings across corporate America in the first quarter of the calendar year 2000. Microsoft's year 2000 program has three facets: customer preparedness, product readiness, and internal preparedness. On the customer preparedness front, there was discussion earlier today about quelling the masses as it relates to hysteria with respect to Y2K. We've launched a consumer campaign which will contact 60 million users of Microsoft products across the globe. According to the Postal Service, this could be the largest mailing, ever, beyond tax forms. We've developed a program which encompasses what the year 2000 challenge is and made it very simple for our end users, our customers, essentially being hardware, software and data. With respect to hardware, contact your PC manufacturer; with software, we've got a great website, as do the other software manufacturers; and finally, data, and that's converting your two-digit date data to four-digit date data. Of note in the customer preparedness area, all Microsoft information, resources and tools are free as it relates to the year 2000, as is our customer support or dial-in lines. To quantify that for the committee, we expect to ship approximately 18 million resource CDs globally, which equates to about the same number of CDs we shipped of Windows '95. Our internal effort consists of about 300 or so people in development, and about 3,000 overall in supporting our customers. On the product preparedness front, we've tested 3,200 products to date. Of those, 98 percent are compliant. Of note, the panel members who presented to you earlier today have all been testing Microsoft products as well. We feel this is the largest industry testing effort, ever. And to date, we've had exactly one customer-reported bug as it relates to Microsoft products. On our website utilization, we have three: a consumer website designed for the average home user or small business; an IT pro website designed for enterprise customers and large businesses; and finally, a developer website, designed for people using Microsoft development tools to build applications. We've experienced approximately 10 million unique users to these three websites in the last year. We've delivered 45 million page views of information. Of note, we're seeing dramatic increases in the last three months of small businesses and consumers returning to us for information resources. That increase has been on the order of about 107 percent per month, month over month, for the last three months. We think this is excellent news, and it goes to demonstrate the great work being done by the SDA and the industry in rallying consumer awareness for the year 2000. As it relates to internal preparedness, our definition of being prepared internally is: no impact on operations. We have the ability to develop and distribute patches and resolve customer issues with or without power. We have battery backup and generator backup to our product support services locations globally. One thing I do want to close with--I understand I've got 30 seconds left or so--one issue that keeps us awake at night is the concept of malicious viruses being launched on or about the year 2000. To date, we've had seven that have been instigated that looked like they were launched from Microsoft, which, in fact, weren't. We're working with the Federal Bureau of Investigation to find the perpetrators of those and to bring them to justice. But clearly, we think the year 2000 is an opportunity for hackers to develop viruses and launch them either at the turn of the millennium or in the new millennium. And that concludes my comments. Thank you. Mr. Horn. Thank you very much. That's helpful. And I'm glad to say the perpetrators have been nailed. Joan Enticknap is the executive vice president, Seafirst Bank, and you're now a Bank of America company. Welcome. It's a great bank. Ms. Enticknap. Thank you. Thank you, Chairman Horn and Congresswoman Dunn, for this opportunity to testify on the important issue of year 2000 preparedness. My name is Joan Enticknap, and I am the manager of Commercial Banking for Washington and Idaho for Seafirst Bank, a Bank of America company. I am also responsible for year 2000 preparedness for the Northwest region. Seafirst has been serving customers in Washington State for 129 years, and is Washington State's largest commercial bank. Bank of America, with $614 billion in assets, is the largest bank in the United States. And the company serves more than 30 million households and over 2 million businesses, offering customers the largest and most convenient delivery network. I am pleased to be here today and to share with you the plans our company has put in place to make the year 2000 date change a non-event for our customers. The banking industry is squarely in the center of attention because of its critical role in our national infrastructure and the role it plays in how our communities perceive and ultimately react to the date change. I am proud to say that the financial services industry has been recognized as a leader in year 2000 preparedness. As one example, the GartnerGroup, a technology research and consulting group, has stated that the financial services industry leads all other industries in preparedness. Our various regulators are closely monitoring the banking industry's relative strength and readiness in its preparations. Our industry is being monitored by the President's Council on Year 2000 Conversion, and our industry's state of readiness is a matter of public record and can be found at any number of regulatory websites. As a federally chartered and federally insured bank, we are held to rigorous oversight by the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the Board of Governors of the Federal Reserve. At Bank of America, our goal is to thoroughly prepare our company and its subsidiaries for year 2000, and make the date change a non-event for our customers. As part of the Bank of America organization, Seafirst Bank has been an active participant in these efforts. Through its predecessor organizations, NationsBank Corp. and BankAmerica Corporation, Bank of America began addressing the year 2000 in 1995. Through the second quarter of 1999, we have spent approximately $477 million on year 2000 preparations, and more than 3,000 people have worked on the project. Our approach included four phases. The first phase, analysis, required us to inventory our software and systems, including over 4,400 systems and projects that needed analysis and possible modification. The second phase, remediation, involved replacing, modifying, or retiring appropriate components as identified during the analysis phase. We were substantially complete at the end of 1998 with that process. The third phase is testing, which assesses whether our systems identify and process dates accurately. This involves testing the links between our internal systems as well as testing interconnections between our systems and systems outside the bank. By itself, testing has made up over half of our year 2000 efforts. The fourth phase is compliance. In the compliance phase, we internally certify that systems, projects and infrastructure are ready for year 2000, and we implement processes to ensure that these systems, projects and infrastructure will continue to identify and process dates accurately through the year 2000 and thereafter. We have successfully met our year 2000 deadline of June 30, 1999, for testing key processes and technology, and have met all Federal regulatory requirements. With this major achievement, we are ready for January 1, 2000. Now that we are ready for 2000, we are devoting considerable effort to maintaining that status. We are also devoting considerable effort to addressing and monitoring the status of our 13,000 vendors. Another important part of our process, which you've heard a lot about today, is business continuity planning. We have built on our experience of continuity planning, and we've dealt with continuity plans routinely in a company of this size. We're refining and testing our existing continuity plans to ensure that we will continue to serve customers in case of any incidents related to the date change. Beyond that, we think communication will play a key role in how our customers and associates and our communities respond to change. Therefore, we're regularly communicating with our consumers, corporate and commercial customers, and that includes suggested steps to our consumers on how they can prepare for year 2000. As I stated earlier, our goal is to make the date change a non-event for our customers. Just as we do today, we will maintain the safety, security, and accuracy of customer accounts and account records through the millennium and beyond. We are aware, however, that a number of organizations and individuals are recommending that consumers take some or all of their money out of the bank. We encourage customers to seriously consider the security implications of doing this. In conclusion, I want to summarize our industry's and my company's state of readiness for year 2000. Our industry is a leader in year 2000 preparedness, and Bank of America has been addressing the date change issue since 1995, and we are ready for the year 2000. Thank you for the opportunity to update the committee on our industry and our company's preparedness. [The prepared statement of Ms. Enticknap follows:] [GRAPHIC] [TIFF OMITTED] T0954.433 [GRAPHIC] [TIFF OMITTED] T0954.434 [GRAPHIC] [TIFF OMITTED] T0954.435 [GRAPHIC] [TIFF OMITTED] T0954.436 [GRAPHIC] [TIFF OMITTED] T0954.437 [GRAPHIC] [TIFF OMITTED] T0954.438 Mr. Horn. Well, thank you very much. That's most helpful. Mr. Jordan is the deputy superintendent of public instruction for the State of Washington. Mr. Jordan. Thank you, Chairman Horn, Representative Dunn. I'm Bill Jordan, deputy superintendent of public instruction for the State of Washington. The K-12 education system for Washington's 1 million K-12 students includes 296 school districts and 2,071 school sites. I'm happy to have this opportunity to discuss Y2K concerns with you, because this is an important opportunity for Federal, State, and local governments to work together in ensuring Y2K compliance and assisting community efforts to be prepared for any related problems that may arise. Most of the Y2K work at the State level in the educational organization has taken the form of checking internal electronic data systems and mechanical support systems to guard against potential blowouts and loss of important electronic data, basic heat and light systems, and vendor services. As an agency, the Office of Superintendent of Public Instruction has contacted the nine educational service districts, ESDs, throughout this State to verify activities of local districts and schools. Our educational service districts have provided workshops, information, and, in some instances, considerable technical assistance to help school districts and schools prepare for avoiding potential Y2K problems. Generally, midsize and larger districts have worked on checking electronic equipment and developing Y2K plans. At educational Service District 112 at Vancouver, they have been very active in helping the 30 districts in their region qualify for risk management insurance. They've developed a Y2K planning manual and helped districts make plans for a variety of contingencies and scenarios that could result from Y2K problems. Other ESDs and districts---- Mr. Horn. Excuse me. Do you have a copy of that document? Mr. Jordan. I do. Mr. Horn. Great. I'd like it inserted in the record at this point without objection. Thank you. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED] T0954.439 [GRAPHIC] [TIFF OMITTED] T0954.440 [GRAPHIC] [TIFF OMITTED] T0954.441 [GRAPHIC] [TIFF OMITTED] T0954.442 Mr. Jordan. Other service districts have worked in similar ways. Potential problem areas are likely to be in smaller districts, with limited numbers of staff and resources to deal with in-depth planning and preparation. These districts and communities need expertise and resources. Community planning has often taken the form of planning for a 3-day event. We now realize that there is potential for a longer period of disruption and the need for a larger coordinated effort to move toward full community preparedness. Controlled tests of community systems reveal two things. First, there is a broad interdependence of community electronic systems. A water system may be compliant and functioning, but its interactions with other systems may place a strain on both systems and lead to failure and resulting problems. Tests need to involve the range of community systems-- electronic systems, utilities, transportation, distribution systems, and all type of electronic tools and appliances. Critical needs, such as heat, water, food distribution, transportation, communications, health care and other interconnected services could be affected. Second, many have focused on the prevention of problems but less on contingency plans and broader community preparedness. All of us hope that the efforts taken to date will be sufficient to avert any disruption. Given the pervasiveness of automated electronic systems and the widespread use of embedded chips, it's difficult to guarantee that all systems will function. It's imperative that communities are prepared to meet any problems that may arise. Preparation for Y2K should be no different from any other form of emergency. Community preparedness for any disruption or emergency is the right thing to do. Schools frequently play an important role in providing shelter, food and support for other needed community services. I'm recommending that Federal, State and local governments and community agencies join together actively and visibly in a careful evaluation and promotion of community preparedness. This preparedness must extend beyond the checking of electronic systems and include preparedness for related Y2K disruptions as well as other possible disasters or emergencies that would call on community schools as a resource. We recommend the following: citizen education programs that provide guidance to citizens about the potential problems that might be experienced; local contingency planning and preparedness efforts that can give citizens a sense of confidence that they will not be left alone to cope with problems or emergencies; controlled community preparedness tests that build coordinated community interagency capacity to deal with emergencies--local emergency management offices can provide valuable leadership in this area; the coordination of Federal, State and local actions can provide early responses to possible needs for water, food supplies, fuel, shelter and emergency services. I want to thank you again for this opportunity to talk about Y2K preparedness in our schools in Washington State. [The prepared statement of Mr. Jordan follows:] [GRAPHIC] [TIFF OMITTED] T0954.443 [GRAPHIC] [TIFF OMITTED] T0954.444 [GRAPHIC] [TIFF OMITTED] T0954.445 [GRAPHIC] [TIFF OMITTED] T0954.446 [GRAPHIC] [TIFF OMITTED] T0954.447 Mr. Horn. Well, we appreciate that. We haven't really had much testimony from the K-12 sector, so I'm delighted to have your statement. Mr. Bergeon, consultant with NueVue International Audit 2000. Mr. Bergeon. Chairman Horn, Representative Dunn, it's a great pleasure for me to be here today. I think I have the unenviable task of addressing the small to medium business environment, which I've been consulting with for quite some time. I'd like to say that given my experience here in Seattle, there's probably no city in the country I'd rather be in when the clock turns over. In the last few years, my work has been going on with various commercial banks, and I've been very pleased with the kinds of things I've seen coming through the Federal Reserve and all of the other agencies as part of that movement. I think that we are about to see probably the proof of the pudding here in the next few months when the banks are going to be asked to really evaluate their credit customers and to actually do something about it. It's already been a very active movement by the banks, and that has made a world of difference in the small and medium business area being aware and making the move, but there's still a long ways to go in the small business area. Just a few months ago I had an opportunity to talk with a number of ports. And I've worked with the Port of Tacoma and Port of Seattle and know they're moving along extremely well, and they should be ready well before the year 2000 arrives. But in talking with many of the ports around the area, I found that most of them have started relatively recently, and they have a certain amount of work that they have to get done and to finish that up before the end of the year. So we still have, in our port areas, both with the smaller airports and the marine facilities in and around the northwest, still have a lot of work to do. I have had an opportunity to work with a number of different business areas. I will give you an example of a trucking firm that is in the Seattle area. I found that they were aggressive. They had moved on their problem. They had two things to worry about: APC and their accounting software. They replaced both of those. But in going over with them what their exposures were to the Y2K, we found something like 19 systems over which they were dependent but had absolutely no control. What was even more disconcerting is they had no idea about how to approach them and had no idea of how to perform or build a contingency plan. So we still have that kind of an issue that we have to deal with in the small business arena. I also reviewed a small manufacturing company that was Y2K compliant, and in doing the review, found that they had missed seven embedded systems, which reinforces the fact that most of these companies that are doing the work by themselves because they can't afford outside consultants are potentially going to miss some things that maybe a ``professional''--and I want to put that in quotes--would capture. I've also worked with the fishing boat industry and had an opportunity to tour a number of fishing boats and look at the computers and equipment on board the fishing boats. I'd like to tell you that the navigation systems are, for the most part, redundant for the larger ships, and even for some of the smaller ones. So that's not going to be an issue unless they all give different readings. But for the most part, the fishing boats are heavily dependent upon equipment with embedded systems, and there has not been a lot of communication from vendors to the fishing boat operators within the last year. I've also had an opportunity to talk with one of those fishing boat operators and have reviewed their home system, their at-base system, and found that while their programmer had gone through and said that they were compliant, he was, in fact, unaware of the scope of testing that needed to be done in order to achieve compliance. So again, there is a difference when you get into the small business area about the depth of knowledge and the amount of work that has to be done. I think that I would like to reinforce the concerns about the December timeframe and potential reaction by the public, both in the food area and in the petroleum area. There are strong concerns amongst the business people about potentially not having enough supply to meet demand, that they could get out of hand. Education is important and essential, and we do have to get out there and do more for them on that particular problem. I am also concerned, as my co-speaker from Microsoft said, about the amount of business that's moving from the first quarter of 2000 into the last quarter of 1999. For many small businesses, this could have an impact, because their cash-flow issues are stronger than most of the larger companies'. With that, I'd like to conclude my comments. [The prepared statement of Mr. Bergeon follows:] [GRAPHIC] [TIFF OMITTED] T0954.448 [GRAPHIC] [TIFF OMITTED] T0954.449 [GRAPHIC] [TIFF OMITTED] T0954.450 [GRAPHIC] [TIFF OMITTED] T0954.451 Mr. Horn. Well, thank you, Mr. Bergeon. Are you familiar with the pamphlet that the Small Business Administration put out on this? Mr. Bergeon. Yes, I am. I'm very glad to have seen it. I wish it had come out about a year ago. Mr. Horn. Well, it came out last July, actually, is when they first showed it to me. Mr. Bergeon. I'm thinking the year earlier. Mr. Horn. Did you find it useful? Mr. Bergeon. Yes. I think most of the companies that have seen it were awakened to things that they hadn't realized. And as I said, I just wish it had come out probably a year ahead of when it did. Mr. Horn. Did it tell them enough to deal with the remediation, or was something else needed? Mr. Bergeon. There again, most of them are trying to do the work on their own, with the resources that they have available or can bring to bear. Not all of these resources are knowledgeable or skilled. The SBA pamphlet has done a great deal to remediate that problem, but there are still issues that come up that they don't know how to address. Mr. Horn. Let me ask the question I've asked the two previous panels. If you could rethink where you've been on this, what from the management side would you now change and go at it in another way if you had to do it over? Mr. Bergeon. Well, I started in the Y2K business in 1992, and I started with big businesses, because consulting companies, for the most part, get the attention of big businesses and make most of their money with big businesses. I would like to have started with the small business arena probably about 4 years ago, and I would think that if we had this to do over again, I would do that. Mr. Horn. Mr. Jordan, what would you do if you had to roll back the clock and say, ``Gee, we should have done this at this point in time''? Mr. Jordan. We should have spent more time on better communication and contingency planning. Mr. Horn. Now, when you say ``contingency planning,'' what are you thinking of? Mr. Jordan. Well, school districts and schools are very dependent on vendors, outside sources, to keep us working. And we should have started earlier on making plans for the checking of integrated systems and vendor sources and contingencies if our food supply doesn't come in for food service or fuel supply doesn't come in to transport our buses. Mr. Horn. With your overview of education in the State, did the major cities, such as Seattle, Tacoma, others, have a plan in the city school systems? And how would you relate what was happening in the rural school systems? And I'm just curious, from your perspective, what do you see there and what should they have done earlier? Mr. Jordan. Probably the best answer--I can defer to one of our previous speakers regarding perhaps what's happened with the city of Seattle or King County in their relationship with the school district. My feelings regarding rural school districts are that they are in need of resources to find people to check out systems or relying on the educational service district to provide expertise or support. So they are probably in a position of less preparedness than the larger districts. Mr. Horn. Well, I'm thinking of when they were wiring classrooms. A lot of this was volunteer effort by people that were familiar with computers and wanted to help out and provide those opportunities. And I guess Mr. Jones--we might ask him. Microsoft is, without question, probably the largest computer firm in America in terms of software? Mr. Jones. Second largest. Mr. Horn. Second largest. Who is the No. 1? Mr. Jones. IBM. Mr. Horn. Big Blue is still No. 1. Anyhow, I just was curious. You probably remember that volunteer effort to wire different rooms in schools. Was there anything like that applied to the remediation situation on the year 2000? Mr. Jones. Well, there have been several things done in that area. I mean, we've worked with a number of school districts to wire them, the first thing. Second, there have been nonprofit organizations in Seattle, such as Empower, and what they've done is they've worked with all the other nonprofits to prepare them for the year 2000. Y2K for nonprofits is a huge challenge. They don't have the technical expertise nor the financial means to do a great job of preparedness, so they're relying on industry or other nonprofits that specialize in supporting them in those areas. Mr. Horn. Ms. Enticknap, what's your feeling on it? If you could roll back the clock and say, ``Gee, we should have done it this way,'' what would you have done differently? Ms. Enticknap. Financial institutions benefited from a very active regulatory support, and so the Federal Financial Institutions Examination Council [FFIEC], came out very early with recommendations. We had already started work. So we, as I say, benefit from a very active regulatory environment, shall we say, so we've been ready. Mr. Horn. Well, you're in the corporate culture now of two major banks. Was there a difference between how Seattle versus Bank of America had approached this from? Ms. Enticknap. No. Actually, we've been part of Bank of America since 1983, and we just didn't change our name. So we've been part of Bank of America and have played an active role in the overall corporate planning process and remediation process. Mr. Horn. Mr. Aikens, how about Boeing? Does Boeing ever make a mistake? Would you ever go back? Mr. Aikens. I think we've made a mistake. Since we started early, the one thing that I think would have helped is if we could have resolved the fear that the suppliers had. Somehow we needed to resolve that, because it limited the communication. Although we started in 1993, working with our suppliers in 1994, they were still very reluctant to share. And if we could have worked to eliminate that fear, I think that would have been better. Mr. Horn. Well, that's a good point. Allow me just to go through some of these cards that the audience has provided. I guess, Mr. Jones, here's one for you: please explain the Y2K brochure Microsoft plans to mail out and who will receive it. Mr. Jones. The brochure is essentially called ``Action for Small and Medium Businesses and Consumers.'' Basically, the criteria for who will receive that mailing is anyone who has registered a product since 1995. For businesses, enterprise businesses, we then reduce the duplication in names and only send one mailing to the Y2K program manager of a specific enterprise. Mr. Horn. Are there any Microsoft products that are not Y2K compliant? Mr. Jones. Of the 3,200 we've tested, about 2 percent, or roughly 80. And for those products, we have either an upgrade path or a work-around available. Mr. Horn. Recent reports illustrate that small to medium- sized businesses are not doing enough to prepare. What is your confidence level--I think it's really directed at you, Mr. Bergeon--as to is it a low confidence or high confidence in terms of the supply chain? Mr. Bergeon. Again, in dealing with the small and medium businesses, we're going to cover a lot of territory. And let me break it down into two groups first. The medium-sized businesses, I think, are coming along extremely well. I have a high degree of confidence that most of them will be in pretty good shape by the end of this year. They will be working heavily into the last quarter. Small businesses, it's about 50 percent right now. I'm seeing more and more interest, but still a reluctance to do anything at this point, because they've got other issues they're dealing with and they still have cash-flow issues. Many of them still are not aware of things like contingency plans. And they have expressed a great deal of fear about why should they do something when they still expect some of the other systems to fail around them. So there's still a lot of hesitancy or a lot of disbelief in government, et cetera. I've heard it said the ``close enough for government work'' phrase all too often. And so my confidence, I think, with the small businesses is not as high. It's only about 50 percent right now. Mr. Horn. How about the supplier confidence you have, Mr. Jordan? Mr. Jordan. With the State of Washington, which probably most of our school districts rely on for information services and data services, we have a high level of confidence. With some local vendors, they are also expressing reluctance to give us assurance that they will be able to supply us with our needed services because they are not sure that they will be supplied with the materials and the backup that they have. So in some of our larger systems, we feel very confident; in others--and depending on the size of the business--not very confident. Mr. Horn. Ms. Enticknap. Ms. Enticknap. We are confident that the small businesses that we are working with, we've tried to provide as much information as possible, including guides, checklists and seminars, both for our small and medium-sized businesses. So we've tried to outreach to those businesses to provide as much information as we could. Mr. Horn. Since we've got you here, what impacts could noncompliant international banks have on your operations? Ms. Enticknap. We've been working very closely with the partners internationally that we use, including testing, and are confident that we will be able to manage any risks as they come up. Mr. Horn. What about the confidence you have in your suppliers becoming compliant? Mr. Aikens. We have something like 33,000 suppliers, and we've been working to get that down. We have less than 100 that have not responded exactly like we want, and we're dealing face to face with those. We are confident that we will resolve that issue. Mr. Horn. And we have a number here for Mr. Jones. Do you want to comment on the suppliers? Mr. Jones. I do, actually. An inverse view of that is Microsoft is a supplier to many of the people who have testified here today. And to quantify that for you, we have received approximately 9,000 requests for information from Microsoft per week. And we expect by the time the year ends, we will have processed well over 1.4 million requests for information. And that's above and beyond the website utilization that we have. Mr. Horn. Someone wanted us to be more specific, and the request is this: are Windows 95 and Windows 98 compliant? Mr. Jones. Windows 95 and Windows 98 are both compliant. There is a software update available. Mr. Horn. Is Office 97 compliant? Mr. Jones. Office 97 is compliant with software updates. Mr. Horn. And here is a nonprofit volunteer in the community: please explain the Empower program to help nonprofits meet Y2K compliance. Mr. Jones. Certainly. Empower is a local nonprofit organization designed to support other nonprofits through technology. They have database analysts, programmers and developers on staff. They launched a program called the Y2K Data Service here in Seattle, and that ran about 6 weeks ago, and they went and touched about 200 nonprofit organizations, and they verified the readiness of their PCs and installed the software updates or any patches that were necessary. They had volunteers from Microsoft, from Boeing, from many of the large organizations within the Seattle area. They're going to do another one of those later in the year. And ``www.Empower.org'' is their website. Mr. Horn. The final two questions are for Mr. Aikens, and they're along the line of the ones for the banks, and that to you is: what contingency plans are being made for employees in high-risk areas, like Russia, in terms of Boeing personnel, Boeing customers, whatever, in terms of the year 2000 and working with Russia? Mr. Aikens. Well, we have a normal contingency plan for all of our people, and Y2K is no different. We have emergency operation centers in 12 States, and also abroad. So we work with each one of those countries, and our people will be protected. Mr. Horn. I just happened to visit your Sea Launch facility in my hometown of Long Beach this last week, and it was really impressive, with Russian, Ukrainian, Norwegian, United States, and United Kingdom cooperation. That's really a great endeavour. Mr. Aikens. It is a very interesting site. Mr. Horn. We'd be glad to have you send some 737 production down there, too, before I leave town, please. ``What can you tell us about the Global Positioning System readiness on August 21st and 22nd, 1999?'' says one member of our audience. Mr. Aikens. We're completely ready. And what we have done is we've contacted the vendors that have the information, at least have the satellites, and we have demanded--it sounds pretty strong--that all of those systems be ready. Boeing has run through its tests, and we are completely satisfied that there will be no problem with the Global Positioning System. Mr. Horn. I thank you. And I now yield to Representative Dunn for the questions she has, and we're delighted she is with us here. Ms. Dunn. Thanks very much, Mr. Chairman. Mr. Jones, you mentioned a couple of times, or it was mentioned on your behalf, that you've worked a lot with nonprofits. And we haven't heard anybody testify from the nonprofit sector. And I am most curious myself, having been very involved with this sector in most of my background, what kind of progress are the nonprofits making toward compliance for Y2K? Mr. Jones. I would rank them at the bottom of the list, with enterprises being most compliant and nonprofits being the least. That's singularly the area that concerns us the most. They typically have outdated technology, which, of course, induces more areas for Y2K liability. And while they are turning their attention to Y2K now, it is relatively late for those organizations. Ms. Dunn. So we should pay some attention there. Mr. Jones. Absolutely. Ms. Dunn. I think that's important, Mr. Chairman. Let me ask you, in general, a question I know Mr. McDermott had asked earlier as I was outside for another meeting on the impact on somebody's home. And I think he phrased it in terms of whether his answering machine would work or not. What else do you see is going to be a problem for the ordinary person going through his life on the 1st day of the new millennium? What will they notice? And then I have another followup question I want to ask a couple of you on that. Anything that occurs to any of you in any order. Mr. Jones. From the PC standpoint, I'll address that component. Depending on how you use your PC--say you use your PC primarily to surf the web or play games--by and large, you could do nothing, turn your PC on on January 1st, and you'd be just fine. If you use your PC for complex calculations or checkbook management, budget management, then certainly you need to take some preparedness steps. On average, we're seeing those steps take about an hour to do in the home. Ms. Dunn. Is there someplace where people can get information on how to do that? Mr. Jones. Microsoft has a great website, of course. Ms. Dunn. Anything else? Anything you're worried about, your wife is worried about, your husband is worried about, your children are worried about? Mr. Bergeon. Having moved into a condo in downtown Seattle, I had a lot of things to worry about, including elevators and environmental control systems, so we did do some checking. We've found that if you have an environmental control system that was purchased within the last few years, you're pretty safe. But most of the houses have had environmental control systems that were installed some time ago, and some, some small percentage, do have some computer embedded chips in them. It's not clear whether or not those are going to be prepared or not. And I haven't done a study of them, but that is a concern that some homes might have. Ms. Dunn. Anybody else? Mr. Aikens. Well, we have a very extensive program within Boeing for all of our employees that have PCs. And we have a PC assistant that will allow them to take a look to see if their computer is Y2K-ready. They can take this kind of information to the home as well. And in addition to that, the Boeing Employees Credit Union, which is not a part of Boeing, has sent out a list of things that they need to do. And in that way, they will check with Microsoft or any of the other vendors as to what needs to be done. By and large, we think that it really won't be that much of an impact on the homes. Ms. Dunn. Good. Thank you. I have just one last question. There was something that alarmed me that I heard earlier in this hearing, and that was when one of the folks who was testifying said he'd heard there were going to be a couple of movies coming out on the Y2K. And you can translate that very quickly, having been through that era of every possible disaster in the world becoming part of a movie. And it's our responsibility here, all of us who have taken part in this hearing today, to make sure that the institutions we're affiliated with are compliant. What happens, though--because we know the psychology of this is going to be very important, especially in the possibility that you run into all the time, Mrs. Enticknap, of people taking their money out of banks, or you run into, Mr. Aikens, of people not flying on airplanes--what happens and what is the response? And are you prepared with a contingency plan if something like this happens toward the end of the year? We've got a November release for some big movie. How are we going to calm people down and help them understand, especially seniors, who worry a lot about things like this? Mr. Aikens. I'll take it. Naturally, Boeing is a primary target to have a 747 crashing into the Empire State Building. These kinds of things come up all the time. And what we think is the best way to combat that is with education, and that's where we think that our outreach program is very effective. The contingency plan is that there is not much we can do about Hollywood doing things like this, but we think education is the answer. And that's what we want to be sure that we tell the public--here's what we're doing--and let's leave it at that. Ms. Enticknap. From the bank's standpoint, we have an active communication program under way. We will be sending out and continue to send out statement stuffers. Again, people tend to not read their statements, so we also have information on our websites and also in our banking centers. And we also are working with the Federal Reserve. The Federal Reserve is printing an additional $50 billion of currency for the end of the year, and all banks are working together to make sure that we're monitoring cash usage. But more importantly, we're working with senior citizens and others to really understand the implications of taking their money out, and urging people to recognize that the safest place for their money is a bank. Ms. Dunn. Anybody else have any comments? Mr. Jordan. We agree that education is critical to making sense of this. And one of the things we'd like to stress is that this is an opportunity for community agencies--profit, nonprofit, big and small business--to come together and clearly state for the community what is and what isn't. That will belay a lot of fear and cut through any media marketing that might go along with the production that you scenario. But we believe that if a community gets together, and each agency says we've done this, this, this, and this, and get that out to their local people that trust them and rely on them every day, that would have a big impact. Ms. Dunn. Thank you. Mr. Horn. Thank you very much for coming, Ms. Dunn. She does a great job for you in Washington. Let me thank a lot of people that have been involved in this hearing. We'll start with the two Members of Congress and their staff. Congressman McDermott and his Seattle district office staff has been helpful--Damian Cordova, legislative assistant, Jane Sanders, the scheduler. And Congresswoman Dunn's Washington and Mercer Island district office staff, Susan McColley, district director, Kara Kennedy, the press, Doug Badger, legislative director. And for the Discovery Institute, which is also our host in Seattle, obviously president Bruce Chapman, who has been a great public servant, both nationally and in this State and in this city, I've known him for 40 years as a person of honor and integrity; Nancy Sclater, the vice president; Rob Crowther, the public and media relations; Steve Jost, events coordinator. And our faithful court reporter, Jeff Wilson. And then the staff of the Subcommittee on Government Management, Information, and Technology which has done a great job for the last 6 years. J. Russell George, staff director and chief counsel, is seated practically outside of the room there in back; Matthew Ryan is to my left and your right, he's the senior policy director that worked on the hearing. And then we have a very fine young lady who is an American Political Science Association congressional fellow with Congress for a year, and her full-time employment is career servant for the National Security Agency, and that's Patricia Jones. Patricia, are you here? Well, she had to leave. Chip Ahlswede, I believe, is here, staff assistant; and Grant Newman, the committee clerk. Grant, there they are. They're all in the back row. So I want to thank you all. I want to thank the people of Seattle and your experts that we had as a sounding board, shall we say, for our various aspects of the Y2K problem. You've put a lot of good information in the record today, and we will make use of it and share it with other communities. Thanks for coming. With that, we are adjourned. [Whereupon, at 12:20 p.m., the subcommittee was adjourned.]