<DOC> [106th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:61119.wais] Y2K AND CONTINGENCY AND DAY 1 PLANS: IF COMPUTERS FAIL, WHAT WILL YOU DO? ======================================================================= JOINT HEARING before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM and the SUBCOMMITTEE ON TECHNOLOGY of the COMMITTEE ON SCIENCE HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS FIRST SESSION __________ OCTOBER 29, 1999 __________ Committee on Government Reform Serial No. 106-51 Committee on Science Serial No. 106-54 __________ Printed for the use of the Committee on Government Reform and the Committee on Science Available via the World Wide Web: http://www.house.gov/reform ______ U.S. GOVERNMENT PRINTING OFFICE 61-119 CC WASHINGTON : 1999 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida PATSY T. MINK, Hawaii THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio Carolina ROD R. BLAGOJEVICH, Illinois BOB BARR, Georgia DANNY K. DAVIS, Illinois DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts ASA HUTCHINSON, Arkansas JIM TURNER, Texas LEE TERRY, Nebraska THOMAS H. ALLEN, Maine JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont HELEN CHENOWETH-HAGE, Idaho (Independent) DAVID VITTER, Louisiana Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director David A. Kass, Deputy Counsel and Parliamentarian Carla J. Martin, Chief Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Matt Ryan, Senior Policy Director Chip Ahlswede, Clerk Trey Henderson, Minority Counsel COMMITTEE ON SCIENCE HON. F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman SHERWOOD L. BOEHLERT, New York RALPH M. HALL, Texas, RMM** LAMAR SMITH, Texas BART GORDON, Tennessee CONSTANCE A. MORELLA, Maryland JERRY F. COSTELLO, Illinois CURT WELDON, Pennsylvania JAMES A. BARCIA, Michigan DANA ROHRABACHER, California EDDIE BERNICE JOHNSON, Texas JOE BARTON, Texas LYNN C. WOOLSEY, California KEN CALVERT, California LYNN N. RIVERS, Michigan NICK SMITH, Michigan ZOE LOFGREN, California ROSCOE G. BARTLETT, Maryland MICHAEL F. DOYLE, Pennsylvania VERNON J. EHLERS, Michigan* SHEILA JACKSON-LEE, Texas DAVE WELDON, Florida DEBBIE STABENOW, Michigan GIL GUTKNECHT, Minnesota BOB ETHERIDGE, North Carolina THOMAS W. EWING, Illinois NICK LAMPSON, Texas CHRIS CANNON, Utah JOHN B. LARSON, Connecticut KEVIN BRADY, Texas MARK UDALL, Colorado MERRILL COOK, Utah DAVID WU, Oregon GEORGE R. NETHERCUTT, Jr., ANTHONY D. WEINER, New York Washington MICHAEL E. CAPUANO, Massachusetts FRANK D. LUCAS, Oklahoma BRIAN BAIRD, Washington MARK GREEN, Wisconsin JOSEPH M. HOEFFEL, Pennsylvania STEVEN T. KUYKENDALL, California DENNIS MOORE, Kansas GARY G. MILLER, California VACANCY JUDY BIGGERT, Illinois MARSHALL ``MARK'' SANFORD, South Carolina JACK METCALF, Washington Subcommittee on Technology CONSTANCE A. MORELLA, Maryland, Chairwoman CURT WELDON, Pennsylvania JAMES A. BARCIA, Michigan** ROSCOE G. BARTLETT, Maryland LYNN N. RIVERS, Michigan GIL GUTKNECHT, Minnesota* DEBBIE STABENOW, Michigan THOMAS W. EWING, Illinois MARK UDALL, Colorado CHRIS CANNON, Utah DAVID WU, Oregon KEVIN BRADY, Texas ANTHONY D. WEINER, New York MERRILL COOK, Utah MICHAEL E. CAPUANO, Massachusetts MARK GREEN, Wisconsin BART GORDON, Tennessee STEVEN T. KUYKENDALL, California BRIAN BAIRD, Washington GARY G. MILLER, California Ex Officio F. JAMES SENSENBRENNER, Jr., RALPH M. HALL, Texas+ Wisconsin+ C O N T E N T S ---------- Page Hearing held on October 29, 1999................................. 1 Statement of: Dyer, John, Principal Deputy, Social Security Administration; Marvin J. Langston, Deputy Assistant Secretary of Defense for C3I and year 2000, Department of Defense, accompanied by Rear Admiral Bob Willard and Bill Curtis, Department of Defense; John Gilligan, Chief Information Officer, Department of Energy; Paul Cosgrave, Chief Information Officer, Internal Revenue Service; and Norman E. Lorentz, senior vice president, Chief Technology Officer, U.S. Postal Service............................................. 47 Willemssen, Joel C., Director, Civil Agencies Information Systems, U.S. General Accounting Office; and John Spotila, Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget................... 12 Letters, statements, etc., submitted for the record by: Cosgrave, Paul, Chief Information Officer, Internal Revenue Service, prepared statement of............................. 86 Davis, Hon. Thomas M., a Representative in Congress from the State of Virginia, prepared statement of................... 11 Dyer, John, Principal Deputy, Social Security Administration, prepared statement of...................................... 50 Gilligan, John, Chief Information Officer, Department of Energy, prepared statement of.............................. 75 Horn, Hon. Stephen, a Representative in Congress from the State of California, prepared statement of................. 113 Langston, Marvin J., Deputy Assistant Secretary of Defense for C3I and year 2000, Department of Defense, prepared statement of............................................... 62 Lorentz, Norman E., senior vice president, Chief Technology Officer, U.S. Postal Service, prepared statement of........ 91 Morella, Hon. Constance A., a Representative in Congress from the State of Maryland: Letter dated October 15, 1999............................ 102 Prepared statement of.................................... 3 Spotila, John, Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget, prepared statement of...................................... 36 Turner, Hon. Jim, a Representative in Congress from the State of Texas, prepared statement of............................ 8 Willemssen, Joel C., Director, Civil Agencies Information Systems, U.S. General Accounting Office, prepared statement of......................................................... 14 Y2K AND CONTINGENCY AND DAY 1 PLANS: IF COMPUTERS FAIL, WHAT WILL YOU DO? ---------- FRIDAY, OCTOBER 29, 1999 House of Representatives, Subcommittee on Government Management, Information, and Technology of the Committee on Government Reform, joint with the Subcommittee on Technology of the Committee on Science, Washington, DC. The subcommittees met, pursuant to notice, at 10 a.m., in room 2154, Rayburn House Office Building, Hon. Connie Morella (chairwoman of the Subcommittee on Technology) presiding. Present: Representatives Morella, Davis, and Turner. Staff present from the Subcommittee on Government Management, Information, and Technology: J. Russell George, staff director and chief counsel; Matt Ryan, senior policy director; Bonnie Heald, communications director and professional staff member; Chip Ahlswede, clerk; Rob Singer, staff assistant; P.J. Caceres and Deborah Oppenheim, interns; Trey Henderson, minority counsel; and Jean Gosa, minority staff assistant. Mr. Davis. This hearing will come to order. I would ask unanimous consent that the cochair of the House Task Force on the Year 2000 Problem, the Honorable Connie Morella of Maryland, chairwoman of the House Science Subcommittee on Technology, chair today's meeting. Without objection, so ordered. Mrs. Morella. Thank you. Thank you, Mr. Davis. I want to welcome all of you on, the past 3\1/2\ years, my Science Committee Technology Subcommittee and the Government Reform Committee's Government Management, Information, and Technology Subcommittee, chaired by Steve Horn of California, who incidentally couldn't be here this morning. We have been engaged in the review of the year 2000 computer problem with a series of joint hearings and initiatives. Our two subcommittees, which comprise the House Y2K Working Group, have been pushing for greater Federal Y2K focus to correct the millennium bug. Since we first began our oversight hearings, we've seen vast and significant progress from our Federal agencies. And in most instances, Y2K was finally mandated as an agencywide priority. Management leadership was required where previously there was none, and we're very pleased with the results we've seen. We have been comforted by the actions of a greater majority of Federal agencies. But unfortunately, with only 63 days remaining before the January 1st, 2000, deadline, there still remains some concern about certain agencies, especially with regard to their contingency and day 1 plans. To be fully prepared for Y2K, every organization must ensure that their day 1 strategies are ready and that practical contingency plans are in place. Contingency plans provide assurance that a Federal agency has covered all predictable possibilities to ensure that its mission-critical operations can continue without disruption. Our day 1 strategy provides a comprehensive set of actions to be executed by a Federal agency during the last days of 1999 and the first days of 2000. For those who may have watched the recently concluded World Series on television, you may have seen an advertisement, teaser, for an upcoming network movie on Y2K. In an effort to hype the movie and to create interest in viewers, in the teaser an ominous voice boomed, Y2K, what if they're wrong? Despite its questionable entertainment value, I think the movie is the one that will actually have it all wrong. One of the most effective methods, however, to survive the movie's hype and to calm any fears that may result is for Federal agencies to have effective contingency plans and day 1 strategies that provide all Americans adequate assurances our Federal Government will not be adversely attacked and affected by Y2K. Recently, the Office of Management and Budget [OMB], provided guidance to assist Federal agencies in preparing day 1 plans. These plans are prepared for finite timeframes, like the end of December through early January, to help mitigate any problems that may arise. They should address the full scope of agency activity that will be underway during that period. For example, agencies must prepare to mitigate the impact of possible failures in internal systems, buildings and other infrastructures. Furthermore, the plan should include agency efforts to assess the Y2K impact on its business partners, such as State and local governments, in delivering the Federal programs. I'm pleased to welcome representatives of a number of Federal agencies to discuss and review the status of their contingency plans and day 1 strategies. And I look forward to the testimony from the Social Security Administration, the Department of Defense, the Department of Energy, the Internal Revenue Service and the Postal Service. And in our first panel, we will hear from the General Accounting Office and the Office of Management and Budget. [The prepared statement of Hon. Constance A. Morella follows:] [GRAPHIC] [TIFF OMITTED]61119.001 [GRAPHIC] [TIFF OMITTED]61119.002 [GRAPHIC] [TIFF OMITTED]61119.003 [GRAPHIC] [TIFF OMITTED]61119.004 Mrs. Morella. And it's now my pleasure to recognize the ranking member on the Subcommittee on Government Management, Information, and Technology, the gentleman from Texas Mr. Turner. Mr. Turner. Thank you, Madam Chairman. I want to commend you and Chairman Horn, the chairman of my subcommittee, for your diligence in trying to be sure that we are ready in the Federal Government for January 1, 2000. We all know that the public faces some risk that critical services provided by both the government and the private sector may be disrupted by the Y2K computer problem. And as we get closer to January 1st, we need to redouble our efforts to be sure that any disruption is reduced to a minimum. Because this is the first time we've ever dealt with a problem of this nature and magnitude, I'm sure that we should expect the unexpected. And for that reason, we've asked every Federal agency to have in place a business continuity and contingency plan, and a day 1 strategy to reduce the risk of failures occurring in their systems, programs, and services. Without such plans, when unpredicted failures occur, agencies would not be able to have a well-defined response, nor have adequate time to remedy whatever problem may arise. So I'm confident that the review of the agencies' efforts today will be productive. I think if the Federal Government reaches January 1st, 2000, without significant disruptions, a large part of that credit will be due to the work of these two subcommittees that for many months now have diligently worked to be sure that the Federal Government is prepared and ready. Thank you, Madam Chairman. I look forward to hearing the testimony today. Mrs. Morella. Thank you very much, Mr. Turner. And I appreciate your being here, too. [The prepared statement of Hon. Jim Turner follows:] [GRAPHIC] [TIFF OMITTED]61119.005 [GRAPHIC] [TIFF OMITTED]61119.006 Mrs. Morella. There's recognition that Congress on the House side is not in session today; therefore, a number of the members of the subcommittees will be reading the testimony and discussing it upon their return. It's now my pleasure to recognize for an opening statement Mr. Davis, who is the chairman of one of the subcommittees of Government Reform, the District of Columbia Subcommittee, and is a member of the Subcommittee on Government Management, Information, and Technology. Mr. Davis. Thank you very much. This is the 23rd hearing of the year on the year 2000 computer problem that this subcommittee has held during the first session of the 106th Congress. Over the last 3 years, the subcommittees have spent countless hours discussing mission- critical systems and embedded chips. Federal departments and agencies have spent far more hours attempting to fix these potential problems. Most recently we have looked at the Federal programs, such as Medicare and Medicaid, that affect millions of the Nation's most vulnerable citizens, the elderly, the impoverished and the sick. But now with only 63 days remaining until the January 1st deadline, it's time to talk about the contingencies, the what- ifs. What if, despite the best efforts, some computers fail? What if they continue working but spew out erroneous data? How prepared are Federal departments and agencies to cope with these possible situations? What are their plans? What are their plans for day 1, the critical days leading up to midnight January 1st and the days immediately afterwards? I'm concerned to hear that the Internal Revenue Service has found some unsolved problems with its inventory. Could other Federal agencies find similar discrepancies? Just, frankly, the IRS under their leadership at this point, I think, is one of the most progressive in terms of dealing with the computers and the like. The head of the IRS comes out of that industry. Clearly, we need to have a candid discussion on contingency plans today. We need to ensure that the Federal Government and the services it provides will not fail, whether the date is December 31st, 1999, or January 1st, 2000. Thank you. Mrs. Morella. Thank you, Mr. Davis. [The prepared statement of Hon. Thomas M. Davis follows:] [GRAPHIC] [TIFF OMITTED]61119.007 Mrs. Morella. And now as we usually do, we will swear in our witnesses, and on the first panel, Mr. Willemssen and Mr. Spotila. [Witnesses sworn.] Mrs. Morella. The record will show that the panelists have sworn to tell the truth. And now, as is, again, our tradition, we will give you each about 5 minutes, approximately, to give your testimony, knowing full well that your entire testimony will be included verbatim in the record. And so we will start now, as usual, with Mr. Willemssen. I don't know how many hearings you've been at, sir, but you really have been stalwart. We feel that you're part of the committee. Thank you, Mr. Willemssen. STATEMENTS OF JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE; AND JOHN SPOTILA, ADMINISTRATOR, OFFICE OF INFORMATION AND REGULATORY AFFAIRS, OFFICE OF MANAGEMENT AND BUDGET Mr. Willemssen. Thank you, Chairwoman Morella, Ranking Member Turner, Congressman Davis. Thank you for inviting GAO to testify today on Y2K business continuity and contingency planning and day 1 planning. As requested, I will briefly summarize our statement. We've previously testified on the importance of Y2K business continuity and contingency planning. No one knows exactly for sure what the rollover period will bring, and, therefore, such planning is essential to helping ensure continued agency operations in the event that disruptions occur. Over time we've seen major improvements in the Federal agencies' efforts in business continuity and contingency planning. For example, in early 1998, we testified that several agencies reported that they plan to develop contingency plans only if they fell behind schedule in completing their Y2K work. By contrast, less than a year later, in January 1999, we testified that many agencies had reported that they had either completed or had drafted contingency plans. These improvements continue. For example, we reviewed agencies' most recent submissions to OMB of updated continuity and contingency plans and found that all agencies had identified key business processes as called for in our guidance. A key aspect of business continuity and contingency planning is validating or testing plans. It's one thing to develop a written plan, but quite another to see whether the plan will actually work as envisioned. That's why we've emphasized the need for testing of contingency plans. In reviewing the high-level plans submitted to OMB, we were able to identify 20 agencies that discussed their validation strategies. These strategies encompassed a range of activities, including desktop exercises and simulations. In addition to reviewing these high-level plans, we've previously reported on the business continuity and contingency planning of agencies and their components, and we found some uneven progress. For example, we found some agencies have instituted key processes, while other agencies still have a ways to go. Another important element of business continuity and contingency planning that has not yet been adequately addressed is the potential cost of implementing plans. Our guide calls on agencies to assess the costs and benefits of identified alternative contingency strategies. We also testified in June that OMB's assessment of agency plans should consider whether agencies provided estimated costs, and, if not, OMB should require that this information be submitted so that it is available on a governmentwide basis. However, OMB has not yet required agencies to provide these cost estimates, although we did identify five agencies which did so in their submissions. Regarding day 1 planning, earlier this month we did issue a guide to assist agencies in implementing their strategies. Briefly the objectives of a day 1 strategy are to, one, position the organization to readily identify year 2000 induced problems, take needed corrective actions, and minimize adverse impact on agency operations and key business processes. And second, it's very important that the organization be in a position to provide information on their Y2K condition to their top executives, other business partners and to the public. Our guidance provides a conceptual framework for helping agencies address those objectives. For the day 1 plans that were due on October 15th, OMB asked agencies to address seven key elements, elements such as a schedule of activities, contractor availability, communications with the work force, and communications with the public. A review of the submissions found that about 40 percent of the agencies addressed all required elements. Another important part of day 1 planning is ensuring that the day 1 strategy can actually be executed; therefore, day 1 plans and their key processes and timetables should be reviewed and, if feasible, rehearsed. Our review of day 1 plans found that 19 agencies discussed rehearsing their strategies, although some did not provide specific dates of their planned or completed rehearsals. That completes a summary of my statement. And I would be pleased to address any questions you may have. Thank you. Mrs. Morella. Thank you Mr. Willemssen. [The prepared statement of Mr. Willemssen follows:] [GRAPHIC] [TIFF OMITTED]61119.008 [GRAPHIC] [TIFF OMITTED]61119.009 [GRAPHIC] [TIFF OMITTED]61119.010 [GRAPHIC] [TIFF OMITTED]61119.011 [GRAPHIC] [TIFF OMITTED]61119.012 [GRAPHIC] [TIFF OMITTED]61119.013 [GRAPHIC] [TIFF OMITTED]61119.014 [GRAPHIC] [TIFF OMITTED]61119.015 [GRAPHIC] [TIFF OMITTED]61119.016 [GRAPHIC] [TIFF OMITTED]61119.017 [GRAPHIC] [TIFF OMITTED]61119.018 [GRAPHIC] [TIFF OMITTED]61119.019 [GRAPHIC] [TIFF OMITTED]61119.020 [GRAPHIC] [TIFF OMITTED]61119.021 [GRAPHIC] [TIFF OMITTED]61119.022 [GRAPHIC] [TIFF OMITTED]61119.023 [GRAPHIC] [TIFF OMITTED]61119.024 [GRAPHIC] [TIFF OMITTED]61119.025 [GRAPHIC] [TIFF OMITTED]61119.026 [GRAPHIC] [TIFF OMITTED]61119.027 Mrs. Morella. We now look forward to hearing from Mr. Spotila. Mr. Spotila. Good morning, Chairwoman Morella and Congressman Turner and Congressman Davis. Let me start by thanking you for your continuing interest in the Y2K problem. As I indicated to you in my testimony on October 6th, your early and continued involvement in this issue has made a dramatic difference in the Federal Government's preparedness. Before discussing our day 1 planning efforts, let me update you on the status of our other work. As of October, the agencies report that 99 percent of Federal mission-critical systems are compliant, an increase from the 98 percent that I reported earlier this month. This reflects notice from five more departments; Agriculture, Commerce, Energy, Health and Human Services and Transportation, that their critical systems are ready. Although a small number of critical systems are still not quite done, in all cases the agencies involved have assured us that they will complete their work before the end of the year. Moreover, they all have contingency plans in place for these systems. Compared to where we were just last year, this is a huge accomplishment. Even though we expect all of our mission-critical systems to be ready by January 1st, it is still important that every agency have a business continuity and contingency plan, or BCCP, in place, including a detailed day 1 plan. These plans describe the steps each agency will take to prepare for the 1st of January. They should address the full scope of agency activity with steps to mitigate the impact of any failures involving internal systems, buildings or other infrastructure. Agencies must be ready to assess the impact of any Y2K problem on their partners and constituencies and to provide them with appropriate assistance. They must also be ready to provide information about any Y2K problem to their management partners and the public. As GAO's day 1 guidance notes, effective day 1 planning will position an agency to identify year 2000 induced problems, take corrective action and minimize adverse impact on agency operations and key business processes. We are working closely with the agencies and GAO to share information about how best to develop effective plans. GAO and OMB have issued coordinated guidance to the agencies. My staff has reviewed agency plans and is working with agencies to improve those plans. We are all learning as we go. The work we are asking agencies to do has never been done before. In an organization as large and diversified as the Federal Government, there is no one-size-fits-all solution, and given this challenge, the agencies have responded well. Based on our initial review of agency plans, we believe most large agencies are on track. While they need to add more detail to the plans, most do address all of the critical elements of effective day 1 planning. A few of the larger agencies have had more difficulty. Here we have engaged them at a senior level to ensure that their efforts improve. I have already spoken personally with several agencies to see that their plans are revised to address our concerns. OMB staff are following up these discussions with each agency individually. While a few of the small and independent agencies have done excellent work, a number of them have provided incomplete plans or none at all. To help speed their work, we are meeting with them next week. We will have one or two of the agencies that provided excellent plans describe what the plans should entail. I note that GAO has agreed to participate in that meeting as well. Their work has been invaluable to agency progress in this area. After further work with the agencies, we will ask them to provide us with revised plans next month. From our review of the existing day 1 plans, we are beginning to see some patterns of best practices. The importance of good communications cannot be underestimated. If unforeseen problems arise, agencies must be able to communicate with their work force, their partners and the public. Assuring the ability to communicate is so important that a redundant communications capability should be put into place. The best plans provide a detailed schedule of activities that will take place during the rollover period. They anticipate the sequence and timing of such activities as shutting down computer systems and bringing them back up, checking their viability and contacting key business partners. The best plans ensure that the right personnel will be available at the right time, whether on duty or on call and whether on or offsite. Such personnel may be contractors or employees and may include building technicians, computer programmers, telecommunications experts, program staff, contracting officers, legal counsel, public affairs staff and senior management. Finally, we are aware that the Y2K transition is an opportunity for those who might want to disrupt agency activity, whether mischiefmakers or those with criminal intent. The best plans describe additional steps to guard against such security risks, whether to facilities, personnel or systems. We are all on a learning curve here. As we identify other best practices, we will share them across agencies. Such cooperation will continue to be essential to our success in preparing for Y2K. We are entering the home stretch of our year 2000 efforts. As in any race, it is time to begin sprinting toward the finish. Day 1 plans are the critical last piece of our preparations. There will be no letup in our efforts during the remaining 63 days. Thank you for the opportunity to continue to share information with you on the administration's progress. I would be pleased to answer any questions you may have. Mrs. Morella. Thank you, Mr. Spotila. [The prepared statement of Mr. Spotila follows:] [GRAPHIC] [TIFF OMITTED]61119.028 [GRAPHIC] [TIFF OMITTED]61119.029 [GRAPHIC] [TIFF OMITTED]61119.030 [GRAPHIC] [TIFF OMITTED]61119.031 Mrs. Morella. I am particularly pleased having both of you here, because you have been partners in trying to make sure that the Federal agencies, as well as the outreach and end-to- end testing, has been taking place. As we start our questioning, I will start off with Mr. Willemssen. In your statement you mention several agencies at risk of not having solid, well-tested contingency plans, including the IRS, that will be testifying today, Federal Bureau of Investigations, Drug Enforcement Agency, Agency of International Development. I would like to have you tell us what you see the real-life consequences of not having plans ready. Mr. Willemssen. To the extent that agencies do not have contingency plans and continuity plans ready, and to the extent that those plans haven't been well tested, those agencies run the risk that in the event that disruptions occur, their responses to those disruptions will be more ad hoc and chaotic in nature, rather than very well planned with a clear roadmap on who is to do what and when, and who to report to who on what is going on. That is the whole basis of having these plans in place and testing these plans. To the extent that that isn't there, we do run this risk of an untrained response that is a more ad hoc in nature, that may not be the right response, and, therefore, the response may not address the Y2K problem that may have occurred. Mrs. Morella. So the planning is critically necessary even though that may not be the end either, there may be some other implications and consequences resulting from it, but far better than to have what could happen without those contingency plans. You mentioned also in your statement the Y2K risk facing State-run programs--this concerns me greatly--like Medicaid and unemployment insurance. Again, what are the consequences of not having those plans ready? Mr. Willemssen. The likely consequences in those kinds of benefit-driven programs is that, in the event that there are Y2K disruptions and contingency plans aren't ready to be implemented, benefits could be delayed or benefit amounts could be inaccurate. And, therefore, it's critically important that the contingency plans be pursued and be tested. I'm more optimistic actually in this area now because of some of the fine efforts of the lead Federal agencies in understanding that this is a critical issue, and States are beginning--even those States that were lagging behind--are beginning to address this very forcefully. So I think there's reason for much more optimism, even compared to just a few weeks ago. Mrs. Morella. Agencies should not be advising the public, should they, of possible consequences in terms of enlightening them? Mr. Willemssen. I think agencies have to make a very reasoned decision on what they announce to the public and what they don't. As a side note, many of the business continuity and contingency plans and day 1 strategies do have some level of classification such as for official use only. One of the reasons for that relates to something you had mentioned early on. There's a possible security risk to the extent that agencies publish too much information about what they plan to do in the event of a Y2K disruption. So that's something that I think agencies have to make a reasoned decision on. I think the bottom line is making sure that plans are in place, that they have been tested, and that all the agencies are poised during the rollover period to address any disruptions that may result. Mrs. Morella. Thank you. Mr. Spotila, according to OMB--and I very much appreciate your coming out with the requirement that by October 15th, the agencies have their day 1 plans and contingency plans in effect. But according to OMB, day 1 plans should include specific data such as personnel that should be on call or on duty. And I wonder, what do you believe will be the number of Federal employees that will be on call or on duty, as the statement designates, on January 1st, 2000? I guess what I'm asking you is, how does this compare, January 1st, 2000, with a regular day for the Federal Government? Mr. Spotila. We don't yet have a specific number of people that we anticipate will be on duty in this effort. One of the general comments that I made in my testimony concerning the day 1 plans was that a number of the agencies need to supply more detail than they have. To some degree this is a process where we think we will get more specific information very quickly in the weeks to come. Certainly not everyone will be working. We anticipate in each case that core staffs will be available, targeted much more at the specific needs of agencies on an individual basis. Some of those needs relate to verifying that the systems are going to work, bringing them down, bringing them back up again. Some of them involve response capability. In some cases, there will be people on call who will not physically be onsite as the rollover occurs. We will have better information as we get closer to the end of the year in this regard, but we don't quite have it yet. Mrs. Morella. But obviously there will be a tremendous number of people who will be ready who will be on call, as you say--. Mr. Spotila. That's true. Mrs. Morella [continuing]. Ready to respond? It would be interesting as you continue on in the remaining couple of months to keep us apprised of that, too. And one final question, before I turn to Mr. Turner for his line of questioning, is that Mr. Willemssen mentioned something that I think you would agree with, and that is that we don't really have the cost estimates of what implementation is going to cost. And I'm curious about what you're going to do to require it. I don't think you've required it at this point, cost estimates. And I think they should be something that we should be able to scrutinize. Mr. Spotila. We have had discussions with the agencies on this subject. Our sense has been that the most important focus for the agencies right now should be getting their plans, their detailed plans, ready so that we know what it is they're going to do or what they feel they will need to do. From a costs standpoint, the agencies understand at the moment that they are expected to absorb these costs initially; they all have resources, we think, to do that. We made sure to tell them that if any feel that budget considerations are interfering with their plans, they need to let us know, and we will make sure that resources are available. We certainly will come back to the question of cost estimating, but we need to do it after the plans are ready in more detail so we know what it is that we are actually dealing with. It's not something we're insensitive to, but it is true we have not made this a priority equal to getting ready for the event itself. Mrs. Morella. You might consider having at least some estimates submitted to scrutinize, because it was my understanding that it was in August 1999 when I think it was Department of Health and Human Services estimated that it would cost about $99 to implement contingency and day 1 plan. Mr. Spotila. I think that we will, in fact, ask for estimates. We've actually gotten some of them in already. We've encouraged agencies to give us estimates as they are ready to do so, and I think as we proceed closer to the end of the year, that is something we will be asking of them. Mrs. Morella. Thank you. I am now pleased to recognize Mr. Turner for his line of questioning. Mr. Turner. Thank you, Ms. Morella. In my opening comments I made reference to the fact that we probably should all put ourself in the state of mind where we are ready to expect the unexpected. And one of the things that has concerned me, even after all of our efforts to prepare for Y2K it still seems to be very possible whether it's through efforts by those who would do harm to our country or simply from those who are on some college campus disseminating information over the Internet, that perhaps we could have on January 1st a lot of misinformation designed with ill intent or simply out of a spirit of being a prankster to try to mislead people and to cause people to take certain actions they might not otherwise take based on the information that that is disseminated. I was wondering whether or not we have considered, or perhaps Mr. Koskinen in his efforts has considered creating some type of rapid response team that would act as a clearinghouse as we enter the new year to provide a source of credibility regarding misinformation or information that may circulate, whether it be over the Internet or through some other medium, about the existence or nonexistence of Y2K problems. It seems to me that that type of panel would need to be people of some renown who bear credibility, perhaps a three- member panel of members who would be the spokespersons regarding Y2K problems. Madam Chairman, I know you get the same kind of e-mail I do. There's always some kind of rumor circulating on the Internet about something the government is about to pass or put a tax on the Internet or something like that, and we all end up writing these letters back saying that's just a rumor, there's no basis, there's no legislation pending on that subject. It just strikes me that on January 1st, there's a possibility that some may try to circulate misinformation that might cause people to take actions that otherwise they would not take. If we had a panel in place of credible individuals through which all of that information could clear, then they could turn to the agencies and turn to the private sector to get the truth, and then be in a position to respond through the media regarding what are the facts. Perhaps, we could avoid some problems that might otherwise occur. Have we given any thought to that, or have any of the efforts of Mr. Koskinen directed in that way? Mr. Spotila. Actually, Congressman, we've been giving quite a bit of thought to that. Let me address it in two respects. First of all, as I mentioned in my testimony, from a security standpoint we're asking each agency in its day 1 plan to address the question of protecting systems from anyone who would cause mischief. That's an element here. With respect to misinformation that might be put out, here, too, agencies will be focused on how that information might relate to them individually. In a coordinated way, the Information Coordination Center will help, John Koskinen and the President's Council on Year 2000 Conversion have a plan for collecting and exchanging information in this area, working closely with their private sector coordinators and others throughout State and local government to be in a position to verify what information is true and to be able to disseminate it. The Coordination Center will play a key role in terms of overall coordination, even though we are also looking at individual agencies to be prepared to address agency specific concerns. Mr. Turner. Well, I would urge you to maybe pursue it a little bit further, because I think if we could enlist the assistance of some high-profile personalities who have credibility, a Walter Cronkite type who would be a spokesperson, along perhaps with one or two others. I don't think it's going to help if there's some rumor or misinformation floating, say, on the Internet, and it's reported that the government denies the report. Unfortunately, we all know the government oftentimes does not have the credibility that we might need. So it would seem to me if we could attach a personality to that effort that would be known to be trustworthy by the American public, perhaps we could avoid some problems that otherwise might occur. Mr. Spotila. I think that's a very constructive suggestion. We certainly will bring that up with John Koskinen and see what can be done in that area. Mr. Turner. Thank you. I don't have any other further questions. Mrs. Morella. What are you going to be doing, Mr. Spotila, on that day? Where are you going to be? Mr. Spotila. I think I will--actually, I asked my staff to tell me where they think I should be. Mrs. Morella. Never leave yourself so wide open. Mr. Spotila. I'm certainly making myself available to be right on duty here. But we're trying to determine whether that would be positive or negative in the view of the people that are actually going to be dealing with our problems. Mrs. Morella. But I appreciate Mr. Turner asking that question because as we go on, I would like to find out, you know, specifically how that ICC is going to operate. Mr. Spotila. Yes. Mrs. Morella. I have a question, the same question actually for both of you. IRS is going to be a witness on our next panel, and recently IRS reported that the poor quality of its computer inventory poses a high risk to its Y2K effort. I quote that exactly. That was quoted in a letter to Mr. Archer, the chairman of the Ways and Means Committee. And it says the quality of the IRS's inventory currently poses a high risk to the Y2K effort. Therefore, my question to both of you is, in your opinion, what can be done to--or what can the IRS do to mitigate that potential Y2K problem, those failures, and does the IRS have a practical contingency plan in place? They will have an opportunity to respond, but I wanted to hear from you before we dismiss this first panel. Mr. Willemssen. Well, one, Chairwoman Morella, I think it is of concern to hear a major Federal agency still talking about the term ``inventory'' at this late date. In testifying on the IRS, which I did as far back as February 1997, I know the IRS has a far-flung information systems structure, many of their systems out in the field, many of the systems homegrown, so it is a difficult endeavor to get a handle on all of those. In terms of your direct question on what should they do, I think it's just ensuring that their key business processes, whether they're tax refunds or tax processing, however IRS has defined them, that they have thoroughly decomposed those processes and identified their key systems that they need to be ready in order to do business as usual come the turn of the year. Mrs. Morella. Do they have time to do that? Mr. Willemssen. I think one thing in their favor is given the background of the Commissioner of the Internal Revenue Service, he's made it very clear this has been a top priority for him for some time, and he also made it clear, I think, in hearings I've been at with him that this was a massive undertaking, that it had risks associated with it. And I think there is time to focus again on those most important business processes and decompose them and focus on the supporting systems. Mrs. Morella. Mr. Spotila. Mr. Spotila. From our perspective, I agree completely with Mr. Willemssen in all of those respects. We're concerned. We have not had quite as much information of IRS as we would like to see. We recognize the importance of this, and we certainly are going to do what we can do to help the situation. Mrs. Morella. Well, we will be interested to also hear from IRS about, you know, what they are doing, particularly in light of that rather frightening statement. Let me ask you about GAO, you recently reported that only 40 percent of Federal agencies submitted complete contingency plans with information on the seven criteria that you have established. What are you going to do to make sure that agencies complete these plans? Mr. Willemssen. Well, in terms of their day 1 strategy and the required seven elements of OMB, I would concur with Mr. Spotila's comments that OMB is working with these agencies to followup where there are holes and where more information is needed. I think we also have to keep in mind that many agencies were out front and had a lot of this detail all pulled together; many did not. The requirement for day 1 strategies was initially contained in OMB's September 13th quarterly report summary. So that was the first time a requirement was sent out. OMB's guidance on what to include, I believe, came out on October 13th, and then the strategies were due 2 days later. So we're talking about a very compressed time. I think we have to give the agencies that did get a late start some recognition that they have time to improve, but this has to be a top priority at this point in time. I think OMB shares that view, and through our reviews and evaluations, we have not seen evidence of agencies resisting day 1 concept. What they don't have in many cases are all the details worked out yet, and that's what they have to focus on now. Mrs. Morella. I know that GAO is the one who has suggested that OMB come up with the criteria, which they did so well, established the October 15th deadline. Now, in light of the question that I asked Mr. Willemssen, which is directed to you now, do you have another deadline that you have established where you say you now must get the responses, your contingency plans in effect by another deadline? Mr. Spotila. We're proceeding on two levels: one, individually with agencies, based on what they have submitted to us, or in a couple of instances where they have not submitted to us, to work with them to get this fixed. We've also told them informally that we will be asking them for a new updated report next month, so there is going to be a new November deadline for them. That has not formally gone out yet, but they have all been advised that it is coming. Our priority has been working with GAO and working with the agencies to get these plans in their proper shape. Mrs. Morella. It appears as though they may be working very long days in order to do it, and I think you should set an early November deadline for that, too. Mr. Spotila. We intend to. Mrs. Morella. I guess I just have one more question so we can get on to our next panel. And I know that you have always been available to respond to other questions that we may submit. Another day 1 strategy requirement is to include data on contractor availability. Do you believe that this requirement is being followed, being overlooked? Because I think it's exceedingly important, and we've discussed this in a number of our other hearings, exceedingly important for interoperability and for the successful operation of many of the Federal mission-critical systems. What have your investigations revealed thus far with respect to Federal contractors? Mr. Willemssen. In taking a look at the strategies that have been submitted thus far, it's a bit of a mix. Some of the agencies haven't addressed the issue, and don't know the availability. Other agencies are still working on this. I think this is a fairly critical issue, and it's critical from a couple respects. One is making sure from a governmentwide basis that not everyone thinks they have a relationship with the same vendor, and making sure that that vendor isn't overextended. And then second is laying out in specified detail exactly who to contact with that contractor or vendor should disruptions occur. Mrs. Morella. Mr. Spotila, would you like to comment on that? Mr. Spotila. Yes. Once again I would agree. I think in general, with most of the agencies, we need more detailed information on this subject. One of our observations is that a number of the agencies need to do more in this area. Some have done real well. Social Security whom you will be hearing from, has done an excellent job. NASA and the Department of Transportation have done very well. But there are a number of agencies that need to add considerable detail here, and that's one of the areas we're pressing. Mrs. Morella. This is going to be one of the questions we're going to ask to our second panel what they're doing, and I'm glad that you're both very aware of it and continue to ask for that response. Just finally the issue of computer security, this is one, as you know, I think is critically important as it relates to Y2K and even beyond that. How certain are you that the remediation efforts of the Federal systems have been conducted by firms that are U.S.-owned, and then if you would like to comment on what the risks might be that foreign agents or those with antigovernment views might have access to sensitive computer data. If I could ask both of you if you can answer that. Mr. Willemssen. I will answer that in two ways. One is to give you my nonscientific answer that I think overall if you compare what has happened on remediation to what we thought would happen in the 1996 or 1997 timeframe, we've been a little surprised that more of the remediation work was actually done in-house and by existing contractors as it pertains to Federal agencies than we would have thought. There really wasn't as much work that went outside of the existing agency-contractor relationships as we would have envisioned. Point two, we share your concern about Y2K security risks. Frankly, we haven't at this point done a lot of work on this. We do have some ongoing work looking at that right now with some high-profile agencies, such as the Federal Aviation Administration and Department of Energy. At these agencies we are pursuing the issue to see what kind of controls and processes the agencies have in place. Overall, I think that the executive branch is very, very aware of this particular issue, and it's brought up in almost every meeting I'm in on Y2K over the last couple of months. Mr. Spotila. I would echo those comments. In general, OMB does not have individual agency information in this regard. We've relied on the agencies and their decisionmaking process. We have worked in coordination with the National Security Council, with the President's advisor on counterterrorism Mr. Clark, and the CIAO office. This is something we are sensitive to. We have looked at security concerns here, and we think that the right steps are being taken, but it certainly is not something that we are taking for granted. Mrs. Morella. Well, I'm glad to hear that because I think it's critically important. We focus on it because this whole concept of the potential for the computer security could dwarf the problems of Y2K. Mr. Turner, do you have any final comments? Mr. Turner. No final questions, thank you. Mrs. Morella. I want to thank panel one for the work you've done not only in your presentations and responses today, but continuously that you've done. Thank you very much. Mr. Willemssen. Thank you. Mr. Spotila. Thank you. Mrs. Morella. Now we will ask the second panel to come forward. Mr. Dyer, Mr. Langston, Mr. Gilligan, Mr. Cosgrave, Mr. Lorentz. Gentlemen, before you get comfortable, as we did with the first panel, I would ask you kindly to stand and raise your right hand. [Witnesses sworn.] Mrs. Morella. Again, the record will demonstrate affirmative response to that. So we're pleased to have on our second panel John Dyer, Principal Deputy of the Social Security Administration; Dr. Marvin J. Langston, Deputy Assistant Secretary of Defense for C31 and the Year 2000, Department of Defense; John Gilligan, Chief Information Officer of the Department of Energy; Mr. Paul Cosgrave, who is the Chief Information Officer of the Internal Revenue Service; Mr. Norman E. Lorentz, Senior Vice President, Chief Technology Officer of the United States Postal Service. Gentlemen, I'm glad you're here, it's very important that we hear from you. And I think it was appropriate that you also heard the testimony of GAO and OMB preceding you. And again, following sort of a 5-minute rule, we're very flexible about it. We will start off, and I will let you know that we will hope to have time for questioning and that your entire statement will be in the record, so you can give us a synopsis, if you desire. So we will start off with you then. Mr. Dyer, thank you for being here. STATEMENTS OF JOHN DYER, PRINCIPAL DEPUTY, SOCIAL SECURITY ADMINISTRATION; MARVIN J. LANGSTON, DEPUTY ASSISTANT SECRETARY OF DEFENSE FOR C3I AND YEAR 2000, DEPARTMENT OF DEFENSE, ACCOMPANIED BY REAR ADMIRAL BOB WILLARD AND BILL CURTIS, DEPARTMENT OF DEFENSE; JOHN GILLIGAN, CHIEF INFORMATION OFFICER, DEPARTMENT OF ENERGY; PAUL COSGRAVE, CHIEF INFORMATION OFFICER, INTERNAL REVENUE SERVICE; AND NORMAN E. LORENTZ, SENIOR VICE PRESIDENT, CHIEF TECHNOLOGY OFFICER, U.S. POSTAL SERVICE Mr. Dyer. Madam Chairwoman and Representative Turner, I appreciate the opportunity to discuss the Social Security Administration's day 1 and business continuity and contingency plans for the year 2000 changeover. As a recognized leader in Y2K readiness, we are confident that our monthly payments to 50 million people and the earnings records of 145 million workers will not be affected; however, in the case of the unexpected, we are prepared. To begin with, all of our mission-critical systems are certified as year 2000 compliant, along with all of the State disability determination services referred to as DDSs. Additionally, joint testing of payment files and direct deposit procedures have been successfully completed, as is the Federal Reserve Board testing with financial institutions, including Social Security transactions. Last, as for trading partners, Treasury and the Postal Service are also on board to handle ongoing and incoming exchanges. At this point I would like to review step by step our plans for the last days of 1999 and the first days of 2000. For December 30th to January 3rd, designated personnel will inspect, evaluate and report on virtually every office. Social Security headquarters will stop receiving on-line transactions from field offices at 5 p.m. Eastern Standard Time on December 30th, allowing all officials to collect all of our 1999 computer transactions. On December 31st, our computer systems will finish updating SSA's master files. Just before midnight, the Social Security's main data center in Baltimore will switch to jet fuel generators until the power company notifies the agency that everything is fine. Immediately after midnight, December 31st, 1999, teams will begin assessing our systems' capability to process transactions for the year 2000. Later that day, staff at selected offices across the country will enter data. We will also test the 800 number. Throughout New Year's Day, a group of programmers will run checks on the computer systems for our 1,400 facilities. Social Security managers will report to their offices, checking all equipment and reporting their findings to regional offices, which will then forward the data to the command center in Baltimore. Approximately 100 sites will serve as barometer offices, including the 55 that do the disability determinations. Agency technical staff will test software systems by conducting a series of typical transactions. The Baltimore command center will monitor the processing. If problems are found, teams will be dispatched to make the necessary repairs. Besides assessing Social Security's infrastructure, our command center will communicate with several non-SSA sites, such as the Treasury command center, to be alerted to any problems that banks may have in posting electronic fund transfers. Moreover, we will advise the White House Information Coordination Center, the media and the Congress of SSA's status. Then on January 3rd, Social Security will open for business as usual. SSA's day 1 strategy is part of our overall business continuity and contingency plan. The plan prepares the agency to avoid a possible crisis if its automated systems are unable to recognize the year 2000. Within this larger plan, we have local plans for each field office, teleservice centers, processing centers, hearing offices and the State DDSs. We have developed contingencies for benefit payment delivery, building operations, human resources and communications. For over a year both Social Security and SSI payments have been made with year 2000 compliant systems. Furthermore, we have developed a benefit payment delivery plan with the Treasury Department and the Federal Reserve. In November 1999, next month, field office employees will receive training as to the actions and procedures they are to follow if such an unanticipated problem occurs. SSA also has contingency plans that deal with unforeseen emergencies, such as inclement weather, natural disasters, accidents or equipment failure. We want the public to understand that we're prepared for the year 2000 conversion. We want the public to have accurate information. Misinformation and confusion could generate overwhelming workloads and cause disruptions. Therefore we appreciate the Congress and others updating the American public about the actions Social Security and other Federal agencies have taken to prepare for the year 2000. For our part we're committed to informing Members of Congress if serious problems develop. If a service to any of our local offices is interrupted, and contingency plans are implemented, the manager of the affected office will call the congressional office with specific information on how it will provide service to the congressional representative, congressional offices and to the constituents normally served by that office. In fact, on September 23rd, we sent a letter to the Congress outlining these steps and listed the names and phone numbers of the managers of each local office in each State responsible for calling you. Because of our early planning and testing, Social Security fully expects that all of our processes will function properly in the new millennium, and that we will continue to provide world-class service to the American people. I'm happy to answer any questions you might have. Thank you. Mrs. Morella. Thank you, Mr. Dyer. I know that Social Security Administration started in 1989 in their preparation. [The prepared statement of Mr. Dyer follows:] [GRAPHIC] [TIFF OMITTED]61119.032 [GRAPHIC] [TIFF OMITTED]61119.033 [GRAPHIC] [TIFF OMITTED]61119.034 [GRAPHIC] [TIFF OMITTED]61119.035 [GRAPHIC] [TIFF OMITTED]61119.036 [GRAPHIC] [TIFF OMITTED]61119.037 [GRAPHIC] [TIFF OMITTED]61119.038 [GRAPHIC] [TIFF OMITTED]61119.039 [GRAPHIC] [TIFF OMITTED]61119.040 Mrs. Morella. Mr. Langston, Dr. Langston. Mr. Langston. Chairwoman Morella, Mr. Turner, thank you very much for your continued interest in this subject. The Department of Defense is very proud of the progress that we have made over the past 15 months of this ongoing year 2000 preparation effort. I'm joined this morning by Rear Admiral Bob Willard, who has been spearheading this effort in our unified forces and services, and also Mr. Bill Curtis, who has been our full-time person leading and directing the year 2000 event for the past period of time. We have addressed this issue in four major activities. Those activities comprise systems compliance, operational evaluation and testing, contingency planning, leadership preparation and a transition period which has begun. I will just spend a few minutes outlining the activity in these areas for you. In the systems compliance area we are tracking and repairing over 7,500 systems. Over 2,000 of those are mission- critical systems. The rest are non-mission-critical systems. And in addition, we have 600 installations and 350 domains among our main megacenter mainframe computers that we have worked to repair. Of those systems we are confident that all of them will be repaired and ready to go for this event, and currently we are over 98 percent of our mission-critical systems. In the operational evaluation and testing area, this is the largest effort in DOD's history. We have never conducted such an integrated and large operational evaluation of our systems. We have done it in two major ways. We have enlisted the uniformed services through the support from the chairman of the Joint Chiefs of Staff to conduct operational evaluations, which are threaded evaluations of systems operations that support our primary military functions. And we've also conducted functional evaluations of all of the support operations that foundation the Department; for example, financial systems, logistics systems, and personnel systems. We have also conducted a whole series of service integration tests which are specific to each of our military services and verify that those systems of systems among the services are capable of supporting our needs. In the contingency planning and leadership preparation area, the chairman of the Joint Chiefs of Staff has conducted a series of chairman contingency assessments personally led by the chairman and supported by our four-star uniformed commanders. They address mobilization, deployment operations and sustainment. And these evaluations were 2 week-long periods of removing tens of major systems from each of those areas to evaluate the impact of the loss of those systems and the support of the contingency plans that would be put in place should those systems be removed on military operations. In each of those cases we determined that our contingency plans were an important element of what was needed, and that we, in fact, could conduct military operations should we lose those large number of systems. We also conducted business continuity planning in terms of both systems continuity plans and operational continuity plans, meaning that we have a continuity plan for every system, and we have a continuity plan for every operational functional area that is a combination of systems or a larger function, and therefore we have a way to support loss of capability in any one of these events. We've also enlisted the support of all of our inspector generals, both the service inspector generals and the DOD inspector generals, on all of our assessment agencies to make sure that we have prepared good contingency plans and they are in good shape for these operations. And finally, in preparation for our leadership, we have conducted a series of table top exercises which were literally day-long workshops that prepared the senior leaders to explore an enormous amount of unknown, what-if types of questions to determine how we would operate the Department through any kind of unknown surprise events. Finally, the fourth area is a transition day 1 operations period which we did begin in September, the 1st of September, and we will operate through the 1st of March or the end of March of this coming year. A major part of this activity has been the preparation of a consequence management plan to help all of our warfighting commanders and base commanders understand how they can respond to situations and external requests from the Department for aid and support throughout the United States or other nations in the world. And in that process, we have also established a posture-level instruction which allows across five posture levels each of our commanders to understand how we are postured and how they are to respond specifically to those posture levels. For example, in this consequence management activity our first priority is, as Dr. Hamre, the Deputy Secretary, has reiterated several times, is to support national command authority or military operations in any form. Our second priority is to support standing operations. Our third priority is to support civil authorities and public health and safety. And our fourth priority is to support civil authorities in support of economic or national quality of life. These are all well laid out and detailed plans which we continue to refine wherever we find the need for such. Finally, I would point out that we have had an ongoing operation with foreign nations and our NATO allies with a large amount of effort concentrated on the Russians and their interaction with us for early warning events and for mitigating any nuclear mishaps or missteps related to nuclear weapons. We are currently planning to put in place our Center for Year 2000 Strategic Stability in Colorado Springs. We have conducted successful negotiations with the Russians for them to participate in this event. They will be arriving in Colorado Springs on the 22nd of December and working with us through the 15th of January for that particular operation. So in conclusion, I would suggest that we have conducted a very extensive activity over this past year. The activity actually transformed when Secretary Cohen and Dr. Hamre tasked the uniform commanders and the under secretaries of the functional support areas to be personally responsible for the operations and mission continuity through this period of time. I believe that it's fair to say that the Department literally does contingency planning all the time because of the nature of our business. We do continuously report activities on a 24 by 7 basis throughout the normal year, and the year 2000 event for us is a significant event that we do not take lightly, but it does fit directly into our normal operations, and we feel that we will be ready and prepared to support any national security situation throughout this period. Thank you. Mrs. Morella. Thank you, Dr. Langston. [The prepared statement of Mr. Langston follows:] [GRAPHIC] [TIFF OMITTED]61119.041 [GRAPHIC] [TIFF OMITTED]61119.042 [GRAPHIC] [TIFF OMITTED]61119.043 [GRAPHIC] [TIFF OMITTED]61119.044 [GRAPHIC] [TIFF OMITTED]61119.045 [GRAPHIC] [TIFF OMITTED]61119.046 [GRAPHIC] [TIFF OMITTED]61119.047 [GRAPHIC] [TIFF OMITTED]61119.048 [GRAPHIC] [TIFF OMITTED]61119.049 [GRAPHIC] [TIFF OMITTED]61119.050 Mrs. Morella. Mr. Gilligan, pleasure to hear from you sir. Mr. Gilligan. Thank you, Madam Chairwoman Morella and Congressman Turner. I welcome this opportunity this morning to discuss the Department of Energy's contingency, business continuity and zero day plans. As Chief Information Officer for the Department of Energy, I am responsible for the oversight, coordination and facilitation of the Department's ongoing efforts to address year 2000 issues. The Department has made great progress since the last time we testified before this subcommittee in June 1998, and I am pleased to be here to discuss our progress with you. Achieving 100 percent year 2000 compliance has been one of Secretary Richardson's top goals for the Department. When I joined the Department in October 1998, the Department was the recipient of a failing grade on its year 2000 progress from this committee, and turning around the year 2000 program was my highest priority. As you are aware, we were able to rapidly improve our progress to a B grade in early 1999. I am pleased to report to you today that 100 percent of the Department's 420 mission- critical systems are year 2000 compliant and have approved contingency plans, and that the Department is more than 99.8 percent complete in remediating over 200,000 non-mission- critical systems, embedded chips, telecommunications systems, data exchanges and work stations. The Department has taken a phased approach similar to other large government agencies to its year 2000 preparation activities. Phase I of our program focused on remediating the Department's 420 mission-critical systems and approximately 200,000 non-mission-critical systems. Phase II focused on implementation of additional risk reduction and mitigation measures to help ensure that no Department mission is compromised due to year 2000 transition, and development of business continuity and zero day plans to ensure the continuation of the Department's core business processes in the event of a year 2000 related failure. Phase III of our program is now focusing on refining our business continuity and zero day plans that we have developed. This will ensure that we have clear processes to deal with potential year 2000 induced problems and that we have identified individual roles and responsibilities for monitoring, evaluating and responding to year 2000 related events across the Department. As I mentioned earlier, phase I of our year 2000 program is nearly 100 percent complete. During the course of our phase I year 2000 activities, the Department has also focused particular attention on the systems that protect the health and safety of the public, our workers and the environment. As of the 1st of October, all of our more than 540 health and safety- related systems are either year 2000 compliant or year 2000 ready, and we will continue to focus close attention on these systems. Furthermore, positive validation of the functionality of all operational health and safety systems will be required within 12 hours of the year 2000 transition to ensure the continued safety of the public, our workers and the environment. Phase II of our year 2000 program is almost fully complete as well. During phase II we focused on implementation of additional risk reduction and mitigation measures to help ensure that no departmental mission is compromised due to the year 2000 transition. We have conducted external independent verification and validation of the year 2000 remediation efforts as well as end-to-end testing for all mission-critical systems and health and safety-related systems with year 2000 date-related issues. I am pleased to report that external IV&V and end-to-end testing activities are complete for more than 99 percent of these systems. Phase II of our program also focused on developing business continuity and zero day plans to ensure the continuation of our core business processes in the event that year 2000 failures occur. Due to the complexity and diversity of the Department's missions and activities and the recognition that the year 2000 transition poses a unique risk for each site, the Department required business continuity plans for each of our 42 sites. Sites have exercised their contingency and continuity plans during phase II of our program. Our first formal readiness exercise was conducted on April 9th and resulted in lessons learned and best practices on contingency plans. On September 8th and 9th, 42 sites participated in our second year 2000 exercise. Sites tested failure scenarios and their planned response to year 2000 related events, rehearsed their zero day procedures and tested the Department's procedures for reporting year 2000 events to our headquarters. Sites reported that the exercise was very helpful in evaluating contingency and business continuity plans and shared with my office a significant number of lessons learned. We also sponsored two Department-wide workshops on business and continuity planning in May and October to share our year 2000 lessons learned and best practices. We are now implementing phase III of our program, which involves refining our business continuity and zero day plans. In our review of site and business continuity plans, we have found that they have addressed many of the elements contained in the General Accounting Office's day 1 planning guidance. However, we recently received comments from the Office of Management and Budget that our headquarters business continuity plan had some weaknesses, in particular with respect to lack of prioritization of key processes, inadequate discussion of our cybersecurity efforts and insufficient detail on our procedures and responsibilities during the rollover period. I have reviewed the plan and concur with OMB's assessment. Fortunately, with the solid foundation of contingency planning already completed, these weaknesses can be corrected quickly. I have directed actions to revise our headquarters business continuity plan by November 12th and resubmit it to OMB. However, even after November 12th, we will continue to fine-tune our plans to reflect final staffing decisions and the results of year 2000 preparation drills within the Department and with the President's Information Coordination Center. At the Department's headquarters our zero day procedures include the coordination of the Department of Energy as well as national and international energy sector year 2000 monitoring and reporting activities. We have developed plans with the electricity, oil and natural gas industries to receive reports of year 2000 related events as well as to analyze potential impacts of any disruptions, including potential cybersecurity incidents. Our Emergency Operations Center at the Forrestal Building will operate as the year 2000 command center for the collection, compilation and analysis and reporting of departmental site and energy sector year 2000 status information to the President's Information Coordination Center. Since March 1999, my staff and I have visited more than 30 departmental sites to assess their progress toward implementing OMB and departmental guidance, to assess the compliance of the status of their systems and to share year 2000 best practices and lessons learned. I can say firsthand that all of the Department's employees are focused on year 2000 and continue to work aggressively that we will have a successful and smooth transition. In my opinion, each site is well-positioned to manage the risk potential of year 2000 related failures. Final efforts over the next 63 days will ensure that we will effectively handle any year 2000 events regardless of source. Secretary Richardson and I are proud of the Department's efforts to ensure that 100 percent of our systems are year 2000 compliant, and we are confident in our planning efforts for the year 2000 transition. Our focus and commitment will continue as we complete our preparation efforts. I look forward to your questions. Thank you. Mrs. Morella. Thank you, Mr. Gilligan. [The prepared statement of Mr. Gilligan follows:] [GRAPHIC] [TIFF OMITTED]61119.051 [GRAPHIC] [TIFF OMITTED]61119.052 [GRAPHIC] [TIFF OMITTED]61119.053 [GRAPHIC] [TIFF OMITTED]61119.054 [GRAPHIC] [TIFF OMITTED]61119.055 [GRAPHIC] [TIFF OMITTED]61119.056 [GRAPHIC] [TIFF OMITTED]61119.057 [GRAPHIC] [TIFF OMITTED]61119.058 [GRAPHIC] [TIFF OMITTED]61119.059 Mrs. Morella. Now pleased to recognize Mr. Cosgrave. Mr. Cosgrave. Thank you, Madam Chairwoman, and thank you, Representative Turner. I'm very happy to be here today to discuss the status of the Internal Revenue Service's Y2K business continuity and contingency plans and day 1, or as we refer to it, our end game plans. I'm joined to as well by Bob Albicker, my deputy. Mr. Albicker along with myself and our Commissioner Mr. Rossotti have all personally made this our No. 1 priority. I am also joined today by Mr. John Yost, who is our full-time executive managing this program. This is a program that he oversees consisting of approximately 100 people that are directly in his program office, plus he directly oversees the thousands of people in the Internal Revenue Service who engage in Y2K activities on a daily basis. In order to save time, I'll refer you to our general update on the overall status of our program which is in my written testimony, and I'll focus just on contingency planning and day 1 planning. The IRS is taking every step it can to mitigate the risks that are involved with the Y2K challenge. Two ways that the IRS is a prepared to address risks are through business continuity and contingency plans as well as day 1 plans. With respect to contingency plans, the IRS has developed 40 individual contingency plans that are aligned with the 40 most critical business processes that outline the necessary procedures to follow in the event any of our mission-critical tax-processing systems suffers a major failure. We followed the planning format suggested to us last year by the General Accounting Office. We've completed testing all but two of those plans and have addressed GAO's suggestions from a recent review of those plans. These contingency plans concentrate on those areas that have the greatest impact on tax-processing activities in addition to areas that could be particularly affected by the Y2K problem. Because of the extensive renovation and testing work that we have performed, we do not anticipate a major failure; however, we have developed the necessary contingency plans, and we are ready in the event they are needed. These plans address such issues as preserving files and data, how to handle personnel, and procedural issues and delivery of service until computer systems are restored. I must emphasize, however, that these plans do not provide replacement computer systems for our existing computer systems, and instead they rely on alternative manual processes. Because we have performed extensive end-to-end testing, we believe that it is highly unlikely that we will need to invoke such plans; nevertheless, we have tested them and are prepared to implement them if necessary. As for day 1 or end game planning, the IRS has devised an end game strategy that will guide our activities during the critical rollover weekend of December 31st, 1999, through January 2, 2000. The end game strategy builds on our current information system problem reporting resolution process and identifies specific validation checklists to be used during the rollover weekend. The plan also recognizes a unique problem facing the IRS. This problem is a result of the annual startup of the filing season, which this year occurs simultaneous with the millennium rollover weekend. To ensure maximum risk reduction, therefore, the IRS is taking the following actions. No. 1, we are backing up and then quiescing the systems beginning at 10 p.m. On December 29th, 1999. This means the systems will be turned on, but will not be running business applications. On January 1, 2000, the systems will be brought back up to their normal operating status, this time updated with our filing season 2000 programs and validated against quality control checklists prior to the first day of business on January 3rd, 2000. Second, we are ensuring that sites and systems are operational before the first business day of the new year by conducting a validation check of all systems end facilities at over 500 different posts of duty. Third, we are reporting any problems that are encountered throughout the weekend through our existing problem reporting channels. All our organizations will be required to affirm that they have checked critical facilities and systems at their sites to our year 2000 command center, which will serve as the IRS nerve center during the rollover weekend. Reports will be provided to the Commissioner, myself, Mr. Albicker, et cetera, on a regular basis as well as to the Department of Treasury every 4 hours during the rollover weekend. Please keep in mind the successful rollover weekend is just a small part, however, of meeting the Y2K challenge. Problems for us may arise well into the new year impacting the filing season. For example, our computers may generate erroneous notices to taxpayers as late as March or April. However, we have procedures in place to resolve any problems that arise, including scanning for large erroneous dollar amounts and dates specifying 1900. Additionally, the command center will continue to operate through April 15th, 2000, or longer if necessary, depending on the status of the filing season. We will rehearse our rollover weekend plan on November 20th, 1999, to prepare participants for this event and to fine-tune our end game strategy. In conclusion, we're confident the IRS will be capable of fulfilling its mission in the year 2000 and beyond. While we recognize that risks still exist, we believe we are taking the necessary steps to address them. Thank you. Mrs. Morella. Thank you, Mr. Cosgrave. [The prepared statement of Mr. Cosgrave follows:] [GRAPHIC] [TIFF OMITTED]61119.060 [GRAPHIC] [TIFF OMITTED]61119.061 [GRAPHIC] [TIFF OMITTED]61119.062 Mrs. Morella. I'm now pleased to recognize Mr. Lorentz of the Postal Service. Mr. Lorentz. Good morning, Chairwoman Morella and Representative Turner. With me this morning are Nick Barranca, who is the Vice President of Operations Planning, and Rick Weirich, who is our Vice President of Information Systems and our Chief Information Officer. I'm pleased to report this morning that we have completed all the technical work on our mission-critical systems, including independent verification, testing, and implementation of a system freeze. We began testing our mail processing equipment in 1998 and extended to other sites last year. In August, at our Merrifield northern Virginia site, we started a 6-week test of critical mail processing equipment. This equipment ran continuously in a year 2000 calendar mode, in a live processing environment, testing all equipment types and all mail types. This facility handles 5 million pieces of mail a day, and we have experienced no problems. We have also created plans to protect against potential disruptions of other systems and processes. We respond to disruptions every day. In the last 2 weeks we've dealt with Hurricane Irene in Florida and the Hector Mines earthquake in Los Angeles. Locally, last year's storm in Montgomery County left 48 of 60 Montgomery County delivery units that were without power, and we delivered mail. I know in my home in Bethesda, all 3 days that we were without power, I got normal mail delivery even though I had to walk outside to read it. Our business continuity plans and contingency plans are building on our experience and formalizing our response to disruption, both internal and external. Our continuity plans deal with the external infrastructure. Our internal contingency component plans deal with the infrastructure all the way from timekeeping to mail processing. Our plans includes working with customers, with other Federal agencies, and particularly with agencies that deliver benefit payments to the American people. We anticipate that some of the mailers may divert electronic communications to hard copy mail. With that in mind, we're holding the enlarged infrastructure that we normally put in place for the holiday season, including staff, transportation, and sorting capability, through January. So what is day 1 going to look like for us? First of all, it's going to be business as usual, but prepared for whatever might occur. Robust day 1 plans are developed to preempt any kind of problems. Systems are in place to identify, report, track, resolve any Y2K issues. To communicate internally, with customers, with employees and with all stakeholders, we have emergency communication capability. Our network operations center has been converted into an internal ICC. Our national and field operations centers will operate 24 by 7 to assess USPS status and provide resource and decision support. Our day 1 activities will also involve onsite participation at the President's Council's Information Coordination Center and Joint Public Information Center. At a recent meeting of the President's Council on Year 2000, Chairman John Koskinen recognized us as the early warning beacon. We are the only organization that goes everywhere, every day, and we'll be very happy to perform in that role. Our plans have focused on Y2K as a business problem. And we have three very simple goals: To protect our customers by delivering the mail, to protect our employees' safety and pay; and to protect our business by collecting the money due and paying what we owe. We also have a heightened awareness to security problems. We have engaged reputable contractors with full security background checks and clearances, and we are providing instructions to the field to protect against any viruses. In a forward-looking mode, we're also working with the President's Council on cyber assurance issues. Protecting our work protects America's mail. We believe that the United States Postal Service is ready, and I look forward to answering your questions. Mrs. Morella. Thank you, Mr. Lorentz. [The prepared statement of Mr. Lorentz follows:] [GRAPHIC] [TIFF OMITTED]61119.063 [GRAPHIC] [TIFF OMITTED]61119.064 [GRAPHIC] [TIFF OMITTED]61119.065 [GRAPHIC] [TIFF OMITTED]61119.066 [GRAPHIC] [TIFF OMITTED]61119.067 Mrs. Morella. I won't ask you about whether those ponies are ready. But it's interesting, as I scrutinized the panel, that it was planned that we picked those five agencies that--I don't mean to prioritize as the most important, but have the greatest influence or effect on our American economy and our Nation: Social Security, Department of Defense, Department of Energy, Internal Revenue Service and the Postal Service. And I appreciate your being here. I think I'll try to ask each of you maybe one question and then see if it evolves into others. First of all, as I mentioned, Mr. Dyer, I commend you on having started looking to Y2K and what needed to be done back in 1989. We have recognized your leadership in this regard. And yet what if the computers fail; what specific plans does Social Security Administration have to ensure that its millions of recipients receive their Social Security checks? I mean, you are very close to the people. Mr. Dyer. We are, of course, concerned, and we are committed to delivering those checks. The Supplemental Security Income checks go out before the end of the year. They'll be issued on Thursday. So they're before we turn over. The regular Title II or Social Security checks, they go out on Monday. We have worked very closely with the Federal Reserve, the Department of Treasury and the Postal Service to assure that we can get the direct deposit or the checks that go through mail there on time. We're positioning the checks and the tapes in advance. We worked through and tested it from beginning to end. So we're very confident that the payments are going to go. If, however, some areas, checks do not reach it, we have fall- back plans. If it's with a financial institution with a direct deposit, where the bank fails to be able to push through the direct deposit, we would find another bank that could do the direct deposit, and if not, we would work out how to get a paper check to the individual. If it's in terms of the paper checks, we're very confident because we've worked out contingency plans with the Postal Service, and, as you know, in hurricanes and other disasters, we've always been able with the Postal Service to be right there onsite and get the checks to the people. Mrs. Morella. So we can tell the viewers, listeners, our constituents, do not worry, the check is in the mail or you will get the check. Mr. Dyer. You will get your check, or you will get your direct deposit in your bank. Mrs. Morella. Exactly. And we will be continuing to watch to make sure that that you can continue that way, and feel confident that you will. With regard to, Dr. Langston, the Department of Defense, it really is--you're really the largest Federal entity in terms of personnel and Y2K mission-critical systems. I think you have like 37 percent of all the mission-critical systems are within the Department of Defense. Consequently your mission-critical contingency plans or your contingency plans for all of your missions have got to be very detailed. I wonder how many personnel that you're planning to have ready on December 31st to implement the day 1 plan? And do you have any idea what the cost might be to implement your day 1 plan? Have you estimated? Mr. Langston. I thought about both of those questions when you asked them earlier. In terms of our contingency planning personnel operations, as I mentioned earlier, we are, of course, on duty 24 hours a day, 7 days a week, around the world. That operation is actually just being augmented by folks that support the year 2000 systems. So in other words, we have compiled detailed lists of technical experts or operational experts that support any of the contingency plans; those names, telephone numbers, all the contact points have been established. We are establishing augmentation cells for the year 2000 to support any of our normal watch stations or command centers, if you will, in major command areas like our unified commanders, and like our Pentagon command center, and for the service command centers as well as the Joint Chiefs. In terms of my--I do not have an actual number for you. My estimate is that we're operating--we will be operating 5 to 10 percent more personnel in a duty--nonduty status than we normally operate. In terms of how many--how much money we have spent to support contingency planning, we, of course, continue to report to OMB the expenditures for Y2K. Our most recent report, I believe, specified that we will spend by the time we're through with this transition phase about $3.6 billion on the year 2000. My estimate, although I do not have this broken out exactly in the reports, is that approximately 25 percent of our effort has been toward consequence management, contingency planning or preparation other than the remediation and testing events that we have conducted. Mrs. Morella. Do you think that money, that you could find that within your budget? Mr. Langston. Could we have found that money? Mrs. Morella. Have you thought about finding that money within the budget that's already been allocated? Mr. Langston. Well, of that $3.6 billion, all of it was DOD money with the exception of the $1.1 billion augmentation budget that we were provided. We have been committed all along to doing whatever we had to do to find the money to support this. This has been Dr. Hamre and Secretary Cohen's No. 1 priority for the Department other than national security. Mrs. Morella. So your financial planning has been done satisfactorily up to this point. Mr. Langston. Yes, ma'am. Mrs. Morella. All right. I'm interested in how we connect with Russia and what we are doing to help Russia. I know you've got the command station that you mentioned in Colorado and in the Denver area. When will that U.S.-Russia strategic command be ready? Mr. Langston. It's actually ready now. And as I mentioned, we will have Russian people arriving on the 22nd of December and staying in this operational sense through the 15th. We have been conducting a series of meetings with Russia, both in Russia and in the United States. The most recent meeting was on the 18th through the 21st of October in Russia. And we will continue to interact with them as much as possible to do everything we can to prepare for this event. Mrs. Morella. Have they been cooperating? Mr. Langston. Yes, ma'am. They have been very cooperative with the exception of the period of time through the Kosovo operations when we were, for political reasons, stopped for this activity. Mrs. Morella. Do you have any interface with the other--as they call them, the NIS, the newly emerging States? That would be like Georgia, Armenia, Azerbaijan. Mr. Langston. We have not had extra activity associated with those folks. We have had a large host nation support interaction ongoing. We cooperate and work with the State Department on that, and we have also been working with all of our NATO allies in support of their preparations for these events. And our local base commanders, wherever they reside in foreign countries, are working with those local organizations to ensure the support or verify as much as possible how much support we will get through this period of time. That has been part of our host Nation support activity. Mrs. Morella. You have a tremendous task, and I commend you and want you to know that we really want to help whenever we can and stay with it. With regard to Mr. Gilligan and Energy, I'm curious. This afternoon I'm going to be going to the Nuclear Regulatory Commission for the swearing in of the new Director. And I'm just wondering how do you, Department of Energy, coordinate with the Nuclear Regulatory Commission to ensure that our nuclear power plants will be ready for the year 2000? I know that it's not within your jurisdiction, NRC specifically, but your interconnection? Mr. Gilligan. The Nuclear Regulatory Commission, as you know, has the regulatory legal authority over the domestic nuclear power plants, and so they have been issuing guidance, and that guidance has been implemented within the plants. We have been monitoring those activities through two means: One, we have a relationship with the North American Electric Reliability Council, NERC, which has been assigned domestically for electricity and to coordinate the Y2K activities. As the nuclear plants are part of our electricity generators, they are being monitored through the reporting activities, and those activities are then reported to us. Second, we have established a relationship, we actually have an ongoing relationship, with the Nuclear Regulatory Commission. We have participation in their emergency operations facilities, and we are continuing to track their progress, and we expect that one of the key partnerships that we will have during the rollover will be with their command centers, as well as, we will have Nuclear Regulatory Commission participation at our energy sector desk in the Information Coordination Center. Mrs. Morella. I think you also said in your statement that you have found that you are all 100 percent compliant? Mr. Gilligan. For our mission-critical and health and safety systems, that's correct. Mrs. Morella. That's great. How about your liaison with contractors, would you like to comment on that? Mr. Gilligan. Sure. As you may know, the Department of Energy is structured where we have very heavy reliance on contractors. So of our roughly 120,000 employees, about 110,000 are contractors. And so we have an in-house, if you will, body of contractors, and it has been those contractors that we rely on day in and day out who have done the vast majority of our Y2K remediation activities. We have brought in external independent verification and validation contractors to help oversee the process to ensure that we were getting objectivity, and that's worked very well. We only have isolated incidents where we have brought in new contractors for the purpose of doing Y2K remediation at our sites. Mrs. Morella. So you feel the selection of your validation crew is adequate for total assurance that the contractors are following through? Mr. Gilligan. We believe that this was critical to our process, because of the potential danger of a contractor who does this work day in and day out potentially missing something, that we require the external and independent verification and validation. We defined a process for conducting that. We defined a reporting process that went through line management at each of our sites for each of our mission-critical and health and safety systems. So this became a very important part of our confidence building through the line management chain that our remediation activities had been done properly. And I'm pleased to report that we found very few discrepancies or items of concern in our independent verification and validation. Mrs. Morella. I'm glad to hear that. Mr. Turner's been very kind to let me continue to ask each of you a question, then I'll turn to him. And, Mr. Cosgrave, you knew--you knew we were coming to you with regard to what I had posed to the first panel and that letter that was written to Bill Archer on October 15th that you reported that the quality of your computer systems' inventory currently poses a high risk to the Y2K effort. You addressed it a little bit in your statement, your oral statement. I just wondered if you would give us an update of the status to complete the inventory process. I wonder when it will be completed, why did it take so long. I mean, were there some glitches here that if could you go back you would have changed? And how would you adequately plan contingencies in the event of--given the fact that you're still determining the systems that you now have, how would you adequately plan contingencies in the event of a Y2K problem or failure? Mr. Cosgrave. Thank you for asking the question. Let me try to answer the questions. Let me try to hit them all. I need to first explain some background on this. Tracking inventory in a large enterprise such as the Internal Revenue Service is a major problem for any large enterprise. It's significantly more difficult for us because of the highly decentralized nature of the way the Internal Revenue Service has historically operated and, frankly, because of the level of detail at which we are now trying to track this data. Based on my 25 years of working in private industry, I don't think the problem is different for anybody else on the panel or anybody else in private industry. It is just made more difficult at the IRS by the highly decentralized nature of our operations. To give you an example of how complicated this is, we have recognized this problem as a material weakness in the Internal Revenue Service dating back to 1984. So it has been recognized as a 15-year-old problem we still haven't been able to solve. Specifically for Y2K purposes we are tracking about 800,000 items in our inventory, 800,000. To give you an example, we would track every PC, every piece of equipment, every piece of software that is on that equipment, and for Y2K purposes we have to track every release version of every piece of software that's on every computer. So it gets extremely detailed when you're up to 800,000 individual items. However, maybe this is a good example of where Y2K has finally given us the push to solve a long-standing problem. In fact, prior to starting our Y2K program, we were probably in many cases at best 50 percent accurate in our inventories. I can report to you today that based on some of our most recent tests, we're now over the 90 percent level. However, there still are issues. We have a three-step process in place right now to bring this together and make sure it's in place not only for January 1st, but also for October 1st, which was a critical date for establishing a year-end evaluation for the fiscal year for financial purposes. So we're working both those problems simultaneously for the financial records as well as for the Y2K inventory. We are addressing the problem now with three specific actions. We're doing on-the-ground, wall-to-wall inventories in all our computing centers, all our service centers and 11 of our 33 districts. We, furthermore, are doing independent verification and validation of those results here at the national office for all our largest computers, our tier 1, tier 2 computers, and doing detailed comparisons between what's recorded from the inventory and what we have actually on the floor. And then third, we have started the independent audit and readiness verification, which is also going out to all our computer centers, all our service centers, and, again, 13 of the 33 districts, different ones this time, to essentially make sure that we, in fact, can validate, get as close as 100 percent. What's different now most importantly is that the CIO is now 100 percent responsible for the inventory. That was not the case prior to my arrival last July. The inventory responsibility was a decentralized responsibility, and as a result we were not able to adequately get our hands around this. Longer term the solution to this problem will clearly be automatic tracking, which we're in the process of implementing so that, in fact, we can automatically record everything that's on our network. Mrs. Morella. Could--I know the people who are listening and watching would like to know could IRS computer problems result in more citizens being audited? Mr. Cosgrave. I'm not sure that that would be a concern. I think from the perspective of the individual person looking at this testimony, I would think their major concern would be probably around whether they're going to get their refund on time. So we're implementing special processes, much like the ones that Social Security described, to make sure that refund checks are processed on a timely basis. Of course, our process for sending out refunds would start toward the end of January rather than the beginning of January. So we have a little more ample time to make sure that everything is working properly. But we go through exactly the same processes that SSA described in working with FMS and the Postal Office to make sure that those checks get distributed. So I think probably that is the thing that your viewers would be most concerned about. Mrs. Morella. Is there anything that the public should do to protect themselves against possible IRS computer failure? Mr. Cosgrave. What the public needs to do is what the tax preparers would recommend they do every year, and that is keep tax records at home. I mean, they will need tax records if, in fact, they are summoned in for an examination, and therefore they need to keep good, accurate records like they would any other year. Mrs. Morella. Thank you. I'm going to ask unanimous consent that the letter from IRS sent to Chairman Archer be included in the record. Without objection, it will be so ordered. Thank you. [The information referred to follows:] [GRAPHIC] [TIFF OMITTED]61119.068 [GRAPHIC] [TIFF OMITTED]61119.069 [GRAPHIC] [TIFF OMITTED]61119.070 [GRAPHIC] [TIFF OMITTED]61119.071 Mrs. Morella. Now for our Postal Service. At the hearing we had back in February of this year, Mr. Lorentz, you stated that the Postal Service's contingency plan was itself. And you kind of implied that today, too; that is, there is no other organization that can deliver mail in the event of unforeseen computer failures. And you say that mail will be delivered. I wonder who can deliver the mail in the event of unforeseen computer problems? And what are your main contingency plan risks, and what have you done then to mitigate your risks? Mr. Lorentz. The answer to the first issue is that for our own computer systems, we have focused on the severe and critical systems. For severe and critical systems, 33 percent of the functionality has already been tested with the fiscal year turn. We have experienced no operational failures at all. We've had 17 anomalies where the wrong data appeared on a screen or perhaps printed on a piece of paper, but no operational failures whatsoever in the system so far. And as I mentioned previously, we have tested our mail processing equipment in many locations under full volume, so we're very confident that those systems have been mitigated. We are the ultimate contingency. So how will the mail be delivered? It wasn't too many years ago that our sortation and delivery was done manually with little mechanization. We have not forgotten those tool sets. I think the major risk that we have that we've also addressed in our continuity plans is loss of major infrastructure capabilities, power, telecommunications, et cetera. We have detailed plans in place to mitigate that. We do that as a normal manner of course. We just did it in Florida. We just did it in North Carolina. We had to do it in L.A. We're used to working with without those capabilities. So we can do that just like anyone else. If it was a more of a general failure, that would be the highest risk. Mrs. Morella. And you would probably take care of that by manually making sure the mail is--. Mr. Lorentz. Absolutely. Mrs. Morella [continuing]. Delivered. I thank you. I now would like to turn to the distinguished ranking member, Mr. Turner, for his turn at any questioning or statements. Mr. Turner. Thank you, Madam Chairman. You know, I've often wondered when we go through January 1st if we go through it with relatively minor disruption, if we want to look back and wonder if we avoided one of the greatest threats to our domestic tranquility and threats to national security that we've ever experienced in this country, or whether we'll look back and think, well, we dealt with one of the most overstated, overstudied, overdiscussed problems that cost us literally billions of dollars in both the public and private sector. I thought it would be helpful in terms of trying to allow the general public to understand what all of this study, all these contingency plans, all these validation efforts have been about if I could ask each of you to give us an example of one specific problem that you did discover, that you did fix, and if you haven't fixed it, what would have been the significant consequence of the failure to have discovered it and fixed it? And I'll give you a little time to think about that. I have a few other questions I want to address. I'll leave that for my last question for each of you, because I think if we could come up with a good example from each of you, it might help the public understand what all this effort and expenditure was really all about. You know, it's all well and good to hear we're checking our systems, we validate, we know there's not going to be a problem, but I think it's also helpful to know what problem was really found and fixed. One long-term consequence, I think, of the effort that you've made that will have lasting value is in terms of our national security. We all know that we talk a lot about the threat of nuclear warfare, the threat of chemical warfare, the threat of biological warfare. But we also know that at the end of this century we also face the threat of cyber warfare. And I want to address this question to Dr. Langston because I think that it is important for us, having gone through the effort to address the Y2K problem, that once we hopefully successfully move through it, that we not take all of our contingency plans and throw them in the wastebasket. But recognize that they do perhaps have some long-term benefit in terms of being prepared for the threat of cyber warfare. Dr. Langston, if you would, just address the implications of what you have done in the Department of Defense which would obviously be directly related to the issue I raised as well as what you might see as the benefits of the efforts that have been made all across the public and private sector with regard to preparation for cyber warfare. Mr. Langston. Thank you sir for that question. We currently operate, as I mentioned, with year 2000 as our highest priority in the Department short of military operations, and we also operate with cyber threat as our second highest priority for everything that relates to the movement of information within the Department. We have in this past year stood up what we call a Joint Task Force for Computer Network Defense, which has now been moved under the Unified Commander for CINC Space, signifying the importance of this operation. In other words, we believe that it is an operational four-star commander's importance level, level of importance for supporting and monitoring and preparing for computer network defense. That's an indication that our operational forces have realized that these computer networks are critical and integral part of all our war-fighting operations, and they include, of course, support operations, logistics, finance, personnel, as well as direct military mission operations. So therefore, we plan to continue on through the preparation and development of cyber warfare defensive measures. We posture and are working right now on what we call an information assurance architecture, which is literally a defense in-depth architecture that will allow us to specify for all of our operational forces and systems how we want them to use the technologies of today and the technologies that emerge for information assurance. In addition, we have already put policy in place--I'm talking about policy signed out by Dr. Hamre, the Deputy Secretary, to install key infrastructure. These are encrypted certificates that will allow us to understand who it is that is at the end of every computer transaction, both internal to our Department and external to the Department, and to put these in place in the next 3 years. And in addition, we have taken a step to move toward using the new smart card technology, which are literally credit cards with a chip in them, as a part of this security network defense operation to allow these smart card chips to become hardware stanchions of these encrypted certificates to represent who we are. So we take it all very seriously. We believe that the pressure that has been applied through both the executive branch and the congressional legislative branch for critical infrastructure protection is vitally important to all of us. And we work very hard with judicial department and State Department and others to help put in place these efforts and make them a major part of what we do. Mr. Turner. It seems obvious to me that our technological superiority which has caused us to be the world's greatest military force perhaps is also our greatest vulnerability. What about my suggestion that the other agencies of government and perhaps the private sector are not simply putting all of their plans in the wastebasket, but remember that there is an ongoing national security threat to all of us that perhaps those plans would be useful in preparing for? Mr. Langston. Thank you for reminding me of that question. I meant to suggest as we went through our--what I call our chairman's contingency assessment where we took major systems off line from our operational forces, in every one of those events, the unified commanders came back and said to the chairman, this was a very useful exercise, it was money and energy well spent. It allowed us to update our contingency plans, and it reminded us that we need to refine and continue to exercise those plans. We, of course, in the military have always had contingency plans and always had back-up plans for everything we do. But like any organization, it's easy to not exercise them as often as you might need to given the press of ongoing business. So we plan to continue to use the contingency plans as an operation. And, in fact, working with the GAO and recent legislation in the appropriations bill, we plan to follow on with our year 2000 data base to support the tracking of these information systems and the evolution of this entire information assurance architecture that I suggested. Mr. Turner. Let me ask the question that I posed at the outset, and starting with Mr. Dyer, could you cite for us one problem that was discovered that you fixed and share with us the consequence that may have resulted had you failed to fix it? When we started out this effort many months, years ago, we all heard there wasn't enough computer programmers available to fix all these problems. Some months ago we asked at one hearing whether or not that was still the case, and we learned that really wasn't a real problem. So, obviously we've been able to cope thus far with the available personnel. I still assume that it took many man-hours of computer programmers to check out these systems, and in the process they found some things that they fixed. If you would, Mr. Dyer, give us a good example from your agency of something you found and fixed. Mr. Dyer. As Madam Chairwoman said, we started back in 1989, so we've had a long time to do it. As we've been updating software over the years, we've been continuously doing it. I'll give you the major problems that would have happened. If the software was not adjusted, when the software ran, the computers would get the dates and everything confused; which would have meant that the calculations for what our beneficiaries would have been paid for the month would be all wrong and, on top of that, would probably stop the messages from going through to actually print out the checks and send the direct deposits. In terms of very small kinds of things, as we went through telecommunications systems and looked at them, what would have happened is that certain data that we would have been transmitting over satellites to move various things around the country would just not have happened. Mr. Turner. Dr. Langston, without breaching national security or revealing anything that might be top secret, could you give us an example of something that was found and fixed and the consequence of failure to do so? Mr. Langston. Yes, sir. An indication of how critical this has become for us is that many people in the early days of the year 2000 problem dismissed it as not a very significant or real problem. And as each of our folks, including our very senior managers and leaders, have gotten involved with it, they have all been very--become very serious about the importance of it as they've discovered what kinds of examples have come forward. Let me just give you a couple of examples. In our finance and accounting systems, we have found that we would not have been able to move money between ourselves and our vendors our through the financial system, and we would not have been able to make payment to our retirees without fixing those systems. In our medical equipment systems, we have found many examples of where we would have not been able to support the medical records or even the medical processes that distributed medical activity to the medical recipients. In a very vivid example, our communications switches, which are commercial switches, but which we purchase over long periods of time, often don't keep them up to date with the latest changes in the commercial switch market. We found over 120 switches that would have gone down during the Y2K period of time and literally taken down all of our telephones within the Department and therefore rendered us virtually without communications to support anything we've done. And even in the weapons systems area, we have weapons planning systems that support the distribution of plans out to our weapons platforms, and there were Y2K problems in those systems that would have created a need for contingency backups. Mr. Turner. Thank you. Mr. Gilligan. Mr. Gilligan. As you know, the Department of Energy has a range of missions, from nuclear missions to academic oriented research. The example that I would like to discuss is at one of our nuclear waste processing plants at our Savannah River site in Aiken, SC. We have a series of systems that are interconnected that provide for processing and treatment of nuclear waste, high level nuclear waste products, containerizing them and shipping them. In the course of the analysis and the inventorying of those systems, we found that many of the embedded processor chips that were involved with the process control of moving the waste from one station to another, as well as those computers that monitored the exhaust stacks for possible increased levels of radiation, had Y2K related problems. Those were, in many cases, easily fixed. In some cases, they redesigned new special-purpose computers in order to be able to fix the problems. And so--and those systems then were installed. They had to be installed during downtimes of the process so they would not disrupt operations. Now, many would fear that a possible Y2K failure would result in a nuclear accident. That is not, in fact, the case. In all of those circumstances, what would have happened if we had not repaired those systems is that the processor would have failed, would have triggered automatic shut-down procedures. But the automatic shut-down procedures, while they protect against any nuclear release of contamination, they do cost money because we would have an approximately $3 million a day impact in cost of lost opportunity if, in fact, those systems had not been prepared. That is an example where obviously there is high visibility because of the nuclear processing. We felt confident, even though these problems existed, they would not have caused a health and safety consequence; but they would have had a fairly significant financial impact if we had not repaired them prior to January 1st. Mr. Turner. Thank you. Mr. Cosgrave. Mr. Cosgrave. Mr. Turner, if I may, I would like to give you three quick examples, all stemming, frankly, from the neglect that allowed us to have an antiquated infrastructure that hadn't been addressed in a long time. The first example, probably the most important, is we have replaced the entire submissions and remittent processing system that operates in our service centers for processing the tax returns when they come in. The system was, in many cases, 15- and 20-year-old hardware that, frankly, we couldn't even get replacement parts that were Y2K compliant to meet the needs. So we had no choice but to replace that entire system with modern technology. So we literally would not have been able to process tax returns. The second example is with respect to security. We have been running a fairly old security environment that was decentralized like many things at the IRS, and it was very clear that we needed to bring that up to speed and up to date. So we have made a major improvement in our security environment as a result of the Y2K effort. The third example, and probably the most dramatic to people listening in, is that when our revenue agents went out and visited taxpayers, they were often embarrassed because they were carrying with them either a PC that was of 286- or 386- type vintage. If you don't follow the Intel market, they were issued back in the early 1980's. Quite honestly, that is not adequate given what they are facing when they deal with the taxpayers today who quite often have much more sophisticated technology. So we have replaced all of those PCs with modern Pentium computers and now at least are on an even par with the taxpayers. Mr. Turner. Thank you. Dr. Lorentz. Mr. Lorentz. I guess I would answer the question two ways. The two specific examples I would give are: First of all, we identified an accounts payable problem, one that if it hadn't been identified, if the process hadn't pointed it out to us, would have resulted in late or no payments at all going to some of our suppliers. The second example is our air dispatch system. In that case, we have an automated system that literally takes the mail once it has been sorted and prepared and dispatches it to aircraft. A substantial portion of the mail is airborne now. So it would have given us an inability to do that in a mechanized way. Those were two significant areas that were very constructive. The second answer to the question is that this has caused us to put process discipline in our business and we now have business owners of these issues, not just technology owners. So we literally have--we are going to leverage this in how we look at security. Security is not a chief technology officer issue. It is a business issue. To give you an example in a more pedestrian way, we had the best close of our financial books that we have had in recent memory because we had significant configuration management in place. So the discipline that has been caused by going through Y2K preparation, as well as the retirement of unneeded systems, has given us a positive outcome. Mr. Turner. Thank you. I must say that listening to all of you, the direct and secondary benefits of the efforts seem to be very apparent. Thank you, Mr. Chairman. Mrs. Morella. Thank you, Mr. Turner. Following up on the questions that you asked, I thought that was excellent, did any of you have any trouble with 9-9-99? Can we just very quickly, did you have any trouble? Mr. Langston. No, ma'am; but I would point out that in our testing efforts, we have found as many problems in the leap year rollover period which will occur the end of February as we have in the Y2K period, the rollover date. Mrs. Morella. So you are preparing for that. I think that we all should--. Mr. Langston. That is why our transition period includes that. Mrs. Morella. Mr. Gilligan. Mr. Gilligan. We had no problems on the 9th of September. We did, in fact though, have one system at the beginning of our fiscal year of October 1st that experienced a failure. This was a failure of a subportion of our procurement data tracking system. It was fixed within about a half hour, and the transactions were rerun and the permanent fix was done within about 24 hours. But it did give us clear indication that we need to have processes in place to be able to respond. Mrs. Morella. OK. Mr. Cosgrave. Mr. Cosgrave. Our experience was very similar to what the Department of Defense is experiencing. I would reiterate the leap-year problem because we are focused on that as part of our testing as well. Mr. Lorentz. Not to our knowledge we didn't have any 9-9-99 problems. We did have a couple of cases where we printed the wrong dates, but it didn't do anything to the internal code. Mrs. Morella. Several of you have already commented on the information computer security problem. Not only is it enormous with DOD, but obviously very important with all of you. I just wondered if you are taking precautions. Now, I heard what you said that is being done, Dr. Lorentz. You talked a little bit about it, Mr. Cosgrave. I wondered if the others might want to comment. Are you taking any precautions for this day 1 plan in terms of the information technology security? Mr. Dyer. We are quite concerned about security. We are going to be doing extra monitoring of all of our systems. We have a special team in place to concentrate totally on all of the security issues. Mrs. Morella. Mr. Gilligan. Mr. Gilligan. We have an organization called the Computer Incident Advisory Capability that is co-located at Lawrence Livermore Laboratory. They are our cyber-security investigation and response cell. They will be active as will their points of contact at all of our sites. We have established reporting procedures. They will be part of our emergency operations center contingent active through this rollover period. Mr. Lorentz. We have put in place all of the industry standard firewalls and virus protection on our case-hardened side. We have given specific special instructions to the field on what to look for in the intervention of viruses. The additional area that we are looking at both as far as the day 1 as well as the future, is more e-commerce exposure. We have, so far, issued 150,000 digital certificates for the online stamp capability. We see potential exposure certainly in e-commerce along with everybody else. We are especially monitoring those aspects of the business. We are also participating in the cyber assurance effort as part of the Y2K council in partnership with other agencies. Mrs. Morella. Thank you. I think you have all done a great job of sharing the experiences looking back, looking ahead, but more needs to be done of your agencies. I want to announce that--do you have any other questions or comments? Mr. Turner. No. Mrs. Morella. It has been an excellent hearing. Please note that all of the members of the subcommittee again will get the full testimony. We would like your permission to be able to submit any further questioning to you from ourselves and other members of the subcommittee. I am going to ask unanimous consent that Chairman Horn's opening statement be included in the record. If no objection, it will be so ordered. [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED]61119.072 [GRAPHIC] [TIFF OMITTED]61119.073 Mrs. Morella. The next hearing of the House Y2K working group is going to be held next Thursday, November 4. It will be at 2 o'clock in the afternoon, room 2318 of this building. The hearing is going to be entitled ``Y2K Myths and Realties; What Every American Needs to Know in the Remaining 50 days.'' it is now count down 63 today, but it will be 50 at that time. The hearing is designated to be the culmination of our over 3\1/2\ years and over 100 congressional hearings on the Y2K computer glitch. I just want to thank the following people who have been involved in some way in putting this hearing together: The majority staff of the Government Reform Committee: J. Russell George, staff director and chief counsel; Matt Ryan, senior policy advisor; Bonnie Heald, the communications director and professional staff member; Chip Ahlswede, clerk; Rob Singer staff assistant; P.J. Caceres, an intern; Deborah Oppenheim, an intern; the Technology Subcommittee: Jeff Grove, staff director; Ben Wu, professional staff member; Joe Sullivan, staff assistant; minority staff of Government Reform: Trey Henderson, minority counsel; Jean Gosa, staff assistant; of the Technology Subcommittee minority staff: Michael Quear, professional staff assistant; Marty Ralston, staff assistant; the court reporters: Cindy Sebo and Randy Sandefer who has come on the scene here, too. And so I thank all of them. I want to thank Congressman Turner for being with us for the entire hearing. I want very much to thank both of our panels. We appreciate it very much. Thank you very much. The subcommittee is now adjourned. [Whereupon, at 12:12 p.m., the subcommittee was adjourned.] -