<DOC> [106th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:66711.wais] YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE LEARN? ======================================================================= JOINT HEARING before the SUBCOMMITTEE ON GOVERNMENT MANAGEMENT, INFORMATION, AND TECHNOLOGY of the COMMITTEE ON GOVERNMENT REFORM and the SUBCOMMITTEE ON TECHNOLOGY of the COMMITTEE ON SCIENCE HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS SECOND SESSION __________ JANUARY 27, 2000 __________ Committee on Government Reform Serial No. 106-149 Committee on Science Serial No. 106-84 __________ Printed for the use of the Committee on Government Reform and the Committee on Science Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform __________ U.S. GOVERNMENT PRINTING OFFICE 66-711 WASHINGTON : 2000 ______ COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania JOHN L. MICA, Florida PATSY T. MINK, Hawaii THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio Carolina ROD R. BLAGOJEVICH, Illinois BOB BARR, Georgia DANNY K. DAVIS, Illinois DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts ASA HUTCHINSON, Arkansas JIM TURNER, Texas LEE TERRY, Nebraska THOMAS H. ALLEN, Maine JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois DOUG OSE, California ------ PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont HELEN CHENOWETH-HAGE, Idaho (Independent) DAVID VITTER, Louisiana Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director David A. Kass, Deputy Counsel and Parliamentarian Lisa Smith Arafune, Chief Clerk Phil Schiliro, Minority Staff Director ------ Subcommittee on Government Management, Information, and Technology STEPHEN HORN, California, Chairman JUDY BIGGERT, Illinois JIM TURNER, Texas THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania GREG WALDEN, Oregon MAJOR R. OWENS, New York DOUG OSE, California PATSY T. MINK, Hawaii PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California J. Russell George, Staff Director and Chief Counsel Bonnie Heald, Director of Communications/Professional Staff Member Chip Ahlswede, Clerk Michelle Ash, Minority Counsel Trey Henderson, Minority Counsel COMMITTEE ON SCIENCE F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman SHERWOOD L. BOEHLERT, New York RALPH M. HALL, Texas, RMM ** LAMAR SMITH, Texas BART GORDON, Tennessee CONSTANCE A. MORELLA, Maryland JERRY F. COSTELLO, Illinois CURT WELDON, Pennsylvania JAMES A. BARCIA, Michigan DANA ROHRABACHER, California EDDIE BERNICE JOHNSON, Texas JOE BARTON, Texas LYNN C. WOOLSEY, California KEN CALVERT, California LYNN N. RIVERS, Michigan NICK SMITH, Michigan ZOE LOFGREN, California ROSCOE G. BARTLETT, Maryland MICHAEL F. DOYLE, Pennsylvania VERNON J. EHLERS, Michigan * SHEILA JACKSON LEE, Texas DAVE WELDON, Florida DEBBIE STABENOW, Michigan GIL GUTKNECHT, Minnesota BOB ETHERIDGE, North Carolina THOMAS W. EWING, Illinois NICK LAMPSON, Texas CHRIS CANNON, Utah JOHN B. LARSON, Connecticut KEVIN BRADY, Texas MARK UDALL, Colorado MERRILL COOK, Utah DAVID WU, Oregon GEORGE R. NETHERCUTT, Jr., ANTHONY D. WEINER, New York Washington MICHAEL E. CAPUANO, Massachusetts FRANK D. LUCAS, Oklahoma BRIAN BAIRD, Washington MARK GREEN, Wisconsin JOSEPH M. HOEFFEL, Pennsylvania STEVEN T. KUYKENDALL, California DENNIS MOORE, Kansas GARY G. MILLER, California JOE BACA, California JUDY BIGGERT, Illinois MARSHALL ``MARK'' SANFORD, South Carolina JACK METCALF, Washington C O N T E N T S ---------- Page Hearing held on January 27, 2000................................. 1 Statement of: Koskinen, John, Assistant to the President, chairman, President's Council on Year 2000 Conversion; Joel C. Willemssen, Director, Civil Agencies Information Systems, U.S. General Accounting Office; Charles Rossotti, Commissioner, Internal Revenue Service; and Fernando Burbano, Chief Information Officer, Department of State.... 13 Miller, Harris, president, Information Technology Association of America; Cathy Hotka, vice president for information technology, National Retail Federation; and Gary Beach, publisher, CIO Communications, Inc......................... 99 Letters, statements, et cetera, submitted for the record by: Barcia, Hon. James A., a Representative in Congress from the State of Michigan, prepared statement of................... 129 Beach, Gary, publisher, CIO Communications, Inc., prepared statement of............................................... 113 Biggert, Hon. Judy, a Representative in Congress from the State of Illinois, prepared statement of................... 11 Burbano, Fernando, Chief Information Officer, Department of State, prepared statement of............................... 75 Horn, Hon. Stephen, a Representative in Congress from the State of California, prepared statement of................. 4 Koskinen, John, Assistant to the President, chairman, President's Council on Year 2000 Conversion, prepared statement of............................................... 17 Miller, Harris, president, Information Technology Association of America, prepared statement of.......................... 102 Rossotti, Charles, Commissioner, Internal Revenue Service, prepared statement of...................................... 63 Willemssen, Joel C., Director, Civil Agencies Information Systems, U.S. General Accounting Office, prepared statement of......................................................... 26 YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE LEARN? ---------- THURSDAY, JANUARY 27, 2000 House of Representatives, Subcommittee on Government Management, Information, and Technology, Committee on Government Reform, joint with the Subcommittee on Technology, Committee on Science, Washington, DC. The subcommittees met, pursuant to notice, at 10 a.m., in room 2154, Rayburn House Office Building, Hon. Stephen Horn (chairman of the Subcommittee on Government Management, Information, and Technology) presiding. Present for the Subcommittee on Government Management, Information, and Technology: Representatives Horn, Biggert, Walden, and Turner. Staff present for the Subcommittee on Government Management, Information, and Technology: J. Russell George, staff director and chief counsel; Mathew Ryan, senior policy director; Bonnie Heald, director of communications and professional staff member; Chip Ahlswede, clerk; Deborah Oppenheim, intern; Michelle Ash and Trey Henderson, minority counsels; and Jean Gosa, minority clerk. Present for the Subcommittee on Technology: Representatives Morella, Green, Barcia, Wu, and Baird. Staff present for the Subcommittee on Technology: Jeff Grove, staff director; Ben Wu, counsel; Michael Quear, minority professional staff member; and Marty Ralston, minority staff assistant. Mr. Horn. This joint hearing of the House Subcommittee on Government Management, Information, and Technology, and the House Subcommittee on Technology will come to order. It is now 27 days into the new millennium. The lights are still on, telephones keep ringing, and the airplanes are still flying. So far, the biggest challenge, at least here on the east coast, is shoveling through the mountainous snowdrifts dumped by the first major storm of the year 2000. Thanks to the hard work of thousands of dedicated people at a cost in the billions of dollars, we have the luxury of meeting today to discuss the benefits that have been derived from the year 2000 computer challenge. Over the past 4 years, these subcommittees have spent countless hours examining the Federal Government's computer preparations for the year 2000, or Y2K. When we began this process in April 1996, two Cabinet Secretaries had never heard of Y2K, much less begun preparing for it. That ultimately changed, but not without congressional prodding through 43 hearings and 10 report cards, grading agencies on their progress. In addition to fixing all of the government's 6,400 mission-critical computer systems, the subcommittees expected agencies to develop viable contingency plans in case those computer fixes did not work. We prodded, we questioned, and we hoped for the best, and the best happened. The Federal Government experienced a successful transition into the new millennium. Some glitches did occur, however, giving cause to wonder what might have happened if the work had not been completed. I am inserting in the hearing record a statement stressing that without the work of many in the executive and legislative branches, it would not have been as successful. Without objection, that will be in the record at this point. The Defense Department had problems with its surveillance satellites. Some retailers were unable to process customer credit card purchases. A Chicago area bank was unable to process Medicare payments. As far as we know, those isolated problems were quickly repaired. Some still question whether other incidents might have occurred, but were unexpected due to a fix first, report later mentality. Successfully meeting the year 2000 challenge has provided many lessons that must not be ignored or forgotten. The unextendable deadline forced government leaders to focus on information technology issues. Program and technology personnel worked intensely and closely to get the job done. In addition, government agencies and private sector organizations were forced to develop detailed inventories of their technology resources and computer systems, in many cases for the first time. Unnecessary and obsolete systems have hopefully been discarded. Finally, government agencies and their partners have tested and retested data flows at unprecedented levels. Strong teamwork and rugged determination solved the year 2000 problem. Some critics now question whether the high cost of this massive effort was necessary. The best estimates currently indicate that the executive branch will spend more than $8 billion on year 2000 fixes. The Secretary of Commerce has reported that the United States will have spent about $100 billion on the effort as a whole. Was that money well spent? Of course it was. The executive branch of the Federal Government has not always been known as a careful steward of the citizens' money, regardless of what party is in power. Large corporations have waste also, and those that are publicly traded could not afford to squander hundreds of millions of dollars on unnecessary computer problems and contingency plans. Boards of directors and stockholders would not permit it. Whether large or small, successful businesses rarely fritter away money. This was a massive problem that required a massive solution. We are grateful to everyone who contributed the many ideas, solutions, and hard work that led to the success of this effort, from government personnel to grassroots organizations and the private sector. Thank you all for a job well done. Today we welcome some of those dedicated leaders. The Honorable John Koskinen, Assistant to the President and Chair of the President's Council on Year 2000 Conversion; Mr. Joel Willemssen, Director of Civil Agencies Information Systems for the General Accounting Office; the Honorable Charles Rossotti, Commissioner of Internal Revenue; Mr. Fernando Burbano, Chief Information Officer of the Department of State and cochairman of the Security Privacy and Infrastructure Committee of the Chief Information Officer Council; Mr. Harris Miller, president of Information Technology Association of America; Ms. Kathy Hotka, vice president for Information Technology of the National Retail Federation; and, last, Mr. Gary Beach, publisher of the CIO Communications, Inc. I might say that is a very distinguished magazine, and I read it regularly. We welcome each of you, and look forward to your testimony. It is a pleasure to first introduce Mr. John Koskinen, special assistant to the President, Chairman, President's Council on Year 2000 Conversion. [The prepared statement of Hon. Stephen Horn follows:] [GRAPHIC] [TIFF OMITTED] T6711.001 [GRAPHIC] [TIFF OMITTED] T6711.002 Mr. Horn. I now yield for opening statement from the cochairman of the task force, Mrs. Morella, the gentlewoman from Maryland. Mrs. Morella. Thank you very much, Mr. Chairman. We will hear from Mr. Koskinen and the very prominent panel very shortly. I appreciate having this hearing. I think it is important that we look back at what has happened, and in particular, look ahead to the future. If I had told everyone in this room a month ago that in January 2000 the Federal Government would shut down for 2 days and virtually the entire southeast and northeast would be crippled, most likely everyone would have immediately blamed Y2K millennium bug and not mother nature. Yet it took a blizzard of snow and ice to accomplish what many doomsayers had predicted long ago for the millennium bug. So how is it that a winter storm caused more damage and inconveniences than the Y2K problem? In the ensuing weeks since the passage of January 1, 2000, similar questions have been posted. Was the Y2K problem real or was it overhyped? Was the $100 billion spent in the United States, roughly $365 for every American citizen overall? Did all of our efforts stave off an impending disaster, or was Y2K simply a nonevent waiting to happen? In my mind, there is no doubt the problem was real. From the very first hearing that my technology subcommittee conducted in the spring of 1996, to right up to the final month of December 1999, we witnessed systems failing Y2K tests and crashing completely. Our concern for the Y2K issue was initially so great and disturbing that we have held almost 100 hearings in both the House and the Senate on the issue, which I understand makes Y2K the single most thoroughly investigated issue ever in the history of congressional oversight. Ultimately, I believe two factors tipped the balance from the grave uncertainty many of us harbored in the beginning. The first was that we all knew the Y2K problem would strike on a certain date, January 1, 2000, thereby allowing us to collectively plan, coordinate and collaborate toward that deadline. The other and more significant factor was that after over a year and a half of persistent cajoling by Congress, after we realized this, our Nation required executive action to effectively combat the Y2K problem, the President finally exercised his authority in the spring of 1998. Y2K was suddenly catapulted to become a top administration management priority, and John Koskinen was appointed to oversee our Federal Government's efforts and to partner with our Nation's private sector and with other countries internationally. John certainly deserves a great deal of accolades for his stewardship. The well-deserved cheers I wanted to point out to for our victory in vanquishing the millennium bug should also go to those who ably served in the front lines of this epic battle, all the dedicated Federal employees, public servants and professionals who were the technicians, and those who gave countless hours on their holidays to provide assurance to the American people that our Nation would be prepared for Y2K. I think the fact that nothing of disastrous proportions happened does not mean that nothing would have happened. For example, the American Banking Association reported that, but for the $10 billion in Y2K fixes, mortgage calculations would have been incorrect, direct deposit of pay and government benefits would have been problematic, and credit cards could not be read due to problems with expiration dates. Similarly, the telecommunications industry reported that the $3.6 billion that they spent over the past 3 to 4 years prevented the potential gradual deterioration of public switch telephone network performance, including slow response times for dial tone access as well as interruptions of service. The result of our Y2K experience is a testament to the fact that we prepared well and we invested properly. I believe, however, the investments were not just about Y2K, but also about improving our Nation's information technology systems and gaining knowledge about those systems. That is the focus of our hearing today. This hearing is not designed to simply pat each other on the back or to allow our panelists to take a figurative victory lap around the witness table, but to ascertain the lessons that we learned from our Y2K experience. Will Y2K inspire a conscious effort for greater long-term planning and more reliable and secure technology, or will it just prolong the shortsighted thinking that made Y2K so costly? While many systems have relays replaced, some programs were fixed by applying a Y2K patch that will require another round of fixes within the next two decades. I look forward to addressing these and many other issues with our distinguished panel of witnesses, most of whom have appeared before us on many occasions. It is only appropriate that since this is the absolutely positively final last and ultimate hearing of the House Y2K Task Force, we close with those who have been involved with this issue since the very beginning. Perhaps this hearing can provide the foundation for initiatives as we address the 5-digit computer date problem, Y10K as it may come to be known. If so at that time, maybe Steve Horn and I can chair that task force, along with Strom Thurmond in the Senate. I would like to extend my deep appreciation to all the members of my technology subcommittee and Congressman Horn's government management subcommittee and his leadership for the 4 years of vigilant and cooperative bipartisan initiatives, and I especially want to acknowledge the hard work of my ranking member, Jim Barcia, and certainly Chairman Horn, the distinguished cochair of the task force, and Jim Turner of the government management subcommittee, ranking member, and the members of both subcommittees who have been very dedicated, and I yield back. Thank you. Mr. Horn. We thank you so much for your nice words for all the Members, and all of our witnesses. We agree with you, and I am delighted to now yield to the gentleman who has been here right from the beginning of his duties as the ranking member on the side of the subcommittee on government management, Mr. Turner from Texas. We are delighted you could make it out of the snow, if you have any down there, and into Washington for this meeting. So thank you very much for all you have done to help us in the field hearings and everywhere else. Mr. Turner. Thank you, Mr. Chairman. When I left Texas the other day, it was 80 degrees. I want to commend you, Mr. Chairman, and Chairwoman Morella, for the good work you have done. This task force and these two committees were about a 3\1/2\-year project. As I recall, my staff advised me we had 24 different hearings of this subcommittee alone on this subject. Many observers say that the Y2K problem was the greatest management challenge the Federal Government has faced, and perhaps that is true. I think most of us had a high degree of confidence after the many hearings that we had that we would make it through January 1st without great problems, but nobody really knew for sure. The fact we did make it I am sure is due, in large part, to the hard work you, Mr. Chairman, and Chairwoman Morella, have made in an effort to make sure the Federal Government is ready. I also want to commend the ranking member of the science subcommittee, Mr. Barcia, and I want to thank Mr. Williamson. He worked very diligently, met with this committee time and time again, and I think, in large part, usual efforts helped us get to where we needed to go. Of course, Mr. Koskinen and the President's Y2K council, I think, did an outstanding job. I really felt sorry for you when I was watching you on television on New Year's Day and you kept holding these press conferences with nothing to say. That is the worst nightmare of any politician, that somehow we would have a press conference and there is nothing to say. But you seemed to have survived it well, and you and your council did an outstanding job working not only with the public sector and Federal agencies, but reaching out to the private sector to ensure that we got to where we needed to go. That is not to say there weren't significant potential problems. As I recall from many of our hearings, we tried to ask witnesses that came before us to tell us what they fixed, what would happen if they had not been diligent about remediation of their Y2K problems, and some of the stories we heard clearly convinced me that all of the effort and all of the work that took place was needed, did accomplish the desired result, and the fact that we had no great crisis on January 1 was to the credit of all of those many thousands of people who spent countless hours and millions of dollars to remediate the problem. We are here today not to congratulate ourselves, but to look back and to review the results of our efforts, to see what lessons we have learned. I feel confident we are better prepared as a Nation to meet a future national emergency than we have ever been in terms of keeping our computer systems working, which, of course, every facet of our life now depends upon our computers working well. So I think we are going to have a good hearing today, and I appreciate all the witnesses being here. Again, I would like to thank Chairman Horn and Chairwoman Morella for the good work that you did. Mr. Horn. Well, thank you very much. You have sure been with us since the ground floor, and we have another person who has been with us ever since she has been elected to Congress, and the gentlewoman from Illinois, Mrs. Biggert, we have held hearings in her area, which is a wonderful suburb outside of Chicago, and we appreciate your regular attendance at these meetings and the contributions you have made in staff meetings and Member meetings. So thank you very much for coming to this hearing. The gentlewoman from Illinois, Mrs. Biggert. Mrs. Biggert. Thank you, Chairman Horn and Chairwoman Morella. Let me thank you for calling this hearing on the impact of the Y2K date change. Contrary to what some people felt might happen, the planes didn't fall from the sky when the clock struck midnight, telephones retained their dial tones, water still ran from the faucets and America's New Year's celebrations were not left in the dark. So I think we had a good new year. But remarkably, and a little bit surprisingly, substantial Y2K problems were not experienced out of this country either, despite the lack of preparation on the part of some of the nations' computers and other essential services across the globe. We really saw no major disruptions. But as this committee heard numerous times during its hearings, Y2K-related glitches could have had a substantial and extremely negative impact on the variety of services, the smooth turnover from 1999 into 2000 is directly related, I think, to the billions of dollars and hundreds of man-hours directed toward preventing and correcting potential Y2K problems. I think it goes without saying that from what we have seen, or seen thus far relating to Y2K disruptions, that these efforts paid off handsomely. Y2K preparations paid off in other ways as well as a result of the Y2K concerns; there are now thousands more American families that own the equipment, such as generators needed to prepare for other types of emergencies, namely snowstorms, floods and hurricanes. All of my family, even my 7-month-old grandson, now have new flashlights and fresh new batteries. Government leaders on every level now have a better understanding of technology, management issues and are aware of the importance of cooperation between local, State and Federal officials. What is more, the millennium bug provided a reason to upgrade government technology systems and to inventory resources. So just being able to say some 3 weeks after the year 2000 rollover, it turned out to be a positive experience, that is a testament to the hard work of the House Y2K task force and to the leadership of Chairman Horn and Chairman Morella, and it is also a testament to the efforts of today's witnesses, particularly Mr. Koskinen and Mr. Willemssen and the others at the General Accounting Office. Your work over the last--at least 3 years in raising awareness and highlighting the potential problems related to the Y2K date change is to be recognized and commended. I don't want to leave you with the impression that Y2K glitches didn't occur. In fact, at least one bank in my home State of Illinois did experience some Y2K problems when it was temporarily unable to make some Medicare transactions. The Federal Government, I don't think, was immune either. Three of the Federal Housing Administration mission-critical systems experienced problems shortly after January 1st. So we are here today really, I think, to see if there are any outstanding Y2K issues and to sort out what went right and what went wrong, and to help the American people understand what transpired on January 1, 2000, and let them know about the significant long-term benefits this situation provided to our government and to private industry. So, again, I commend the men for calling the hearing today and for all the work you have both done on this important issue and look forward to hearing from the witnesses. Thank you. [The prepared statement of Hon. Judy Biggert follows:] [GRAPHIC] [TIFF OMITTED] T6711.003 [GRAPHIC] [TIFF OMITTED] T6711.004 Mr. Horn. Well, thank you very much. I now yield to the gentleman from Oregon, Mr. Walden, who has been with us in field hearings and a faithful worker in the very active work of these subcommittees. Mr. Walden, the gentleman from Oregon. Mr. Walden. Thank you very much, Mr. Chairman. I want to extend my appreciation to the work you have done and others on this committee certainly for bird-dogging this issue throughout the last year or more. I think in large measure, the report cards that you issued were a very positive step in not only notifying our own agencies, but the world, where we stood and proved to be a very effective technique for spurring on the changes that needed to be made to cope with the Y2K issue. In my other life, I was a small business owner, and I can tell you Y2K was not a cheap thing to go through. Our own little company spent well over $40,000 in upgrading software. I know that I am not alone in the small business community in that respect. So there was an enormous amount of capital spent to deal with this issue, and hopefully the programmers who will deal with the 10K issue, I won't have to help pay for them down the road. But I think it was an excellent exercise. I think it forced both of us in both the government and private industry to do an incredible amount of improvement to our software and to our hardware. That should help us down the road in a competitive status as well. So, Mr. Chairman, I again want to thank you for your tireless efforts to make that the country was ready, and I look forward to hearing from our panelists as well. Thank you. Mr. Horn. I thank the gentleman for your kindness. The next gentleman has also been very active since he has come here in the last election, Mr. Green of Wisconsin, Mark Green. He has been faithfully working on some of these problems and has a whole series of other things he wants us to consider too, and we will. Mr. Green. Thank you, Mr. Chairman. I have no comments at this time, but will look forward to the testimony. Mr. Horn. Thank you very much. Now it is a great pleasure to present the person that put the executive branch together, where it was no question it wasn't going anywhere until the President picked Mr. Koskinen out of retirement, who delayed his trip to France to have time for retirement after his position as Deputy Director for Management of the Office of Management and Budget. You did a great job, John, and we are delighted to have you here with your thoughts as to what happened and what did we learn from it, and what can we use from it. STATEMENTS OF JOHN KOSKINEN, ASSISTANT TO THE PRESIDENT, CHAIRMAN, PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION; JOEL C. WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S. GENERAL ACCOUNTING OFFICE; CHARLES ROSSOTTI, COMMISSIONER, INTERNAL REVENUE SERVICE; AND FERNANDO BURBANO, CHIEF INFORMATION OFFICER, DEPARTMENT OF STATE Mr. Koskinen. Thank you, Mr. Chairman. Good morning. I am pleased to appear once again before this joint session of the subcommittees to discuss the activities of the President's Council on Year 2000 Conversion and the Nation's successful transition to the year 2000. With your permission, I will submit my full statement to the record and summarize it here. I appreciate everyone's kind comments and would like to acknowledge as well the work of your subcommittees in helping to prepare the Federal Government and the country for the century date change. I appreciate your work and I think it deserves recognition as we look back on what has been truly a remarkable effort. I continued to believe that Y2K was the greatest management challenge the world has faced in the last 50 years. Given the size of the task, it is easy to understand why just 2 or 3 years ago many serious people who had looked at the situation maintained there was no way the work could be finished in time. When I returned to the government in March 1998 to work on Y2K, things were fairly grim. The consensus was the government wouldn't make it. In the private sector, information bottlenecks were widespread and companies weren't saying much about their own readiness for Y2K. On top of all that, the World Bank released a study showing that three-quarters of the world's countries had no Y2K plans at all. In short, Y2K looked too mammoth, too complicated and too interconnected to be solvable. Now, almost 2 years later, the United States and much of the world have made the transition into the year 2000 with few problems that have had a noticeable impact on the general public. How did it hatch? It wasn't by accident. There was a tremendous mobilization of people and resources to make sure that systems would operate effectively into the year 2000. Domestically, participants in key infrastructure sectors, such as electric power, telecommunications finance and transportation devoted great attention and resources to the problem, and as we moved to the ends of the year, operators of systems in those areas stated they were basically done with their Y2K work. We reported this information in our last quarterly assessment, and, as we expected, there were no major infrastructure failures, nationally or regionally in the United States. The Federal Government was also ready for the year 2000. Two weeks before the new year, 99.9 percent of the government's more than 6,000 mission-critical systems were Y2K ready. The result was that while it has been noted there have been some glitches, thus far Y2K issues have not affected the major government services and benefits provided to the American people. Internationally, after a slow start, countries made a concerted effort to ensure that critical issues would be ready for the date change and, as a general matter, major infrastructure systems abroad functioned smoothly during the rollover. There is general agreement that the Y2K transition went more smoothly than any of us would have imagined. In fact, as noted in the week since the rollover, some people have suggested that Y2K was an insignificant problem, hyped by the media, computer consultants and those with other reasons for hoping the world as we know it was about to end. The short answer is that I don't know of a single person working on Y2K who thinks that they did not confront and avoid a major risk of systemic failure. Indeed, some of the noteworthy problems we have seen from difficulties at State motor vehicle offices to credit card processing problems to its Defense Department satellite system failure, proved that Y2K was a very real threat indeed. While I do not think that the significance of the Y2K problems was exaggerated, there were those who disagreed with our reports indicating that the problem was being successfully addressed. This form of hype can be traced to the skepticism and disbelief in some quarters that companies or governments reporting on their own progress could be telling the truth. In the United States, I kept reminding my doomsayer friends that it made no sense to discount these reports, since everyone who was in a position of responsibility would be easily found after January 1. Many continued to assume the worst would materialize, some now discounting the significance of the Y2K threat point to the relative lack of major disruptions abroad. How did countries that appeared to have spent so little and were thought to be relatively unprepared emerge unscathed? Here, I think, there were a number of factors at work. Chief among them was the difficulty of getting accurate status reports, especially internationally on a fast-moving issue such as Y2K. Information 3 months old was out-of-date. But in the absence of additional details, people often relied on that older information, and then were surprised when it turned out to have been overtaken by subsequent progress. Additionally, once you get beyond the world's largest users of information technology, countries like the United States, Canada, Japan and the United Kingdom, the reliance upon information technology drops off quickly. Furthermore, the technology being used in other countries is more likely to be off the shelf and not customized applications that are more difficult to fix. Finally, countries starting later had the benefits of the lessons learned by those working on Y2K for several years. We spent a lot of time in the last 12 months encouraging the sharing of technical information about problems, products, fixes and testing techniques, and I think it is obvious that worked paid off. So what lessons can we draw from the Y2K experience? First, Y2K has taught us that top management needs to be more involved in information technology on an ongoing basis, since information technology cuts to the very heart of how organizations conduct their business. In many companies, it was only when the board of directors or the chief executive officer took ownership of the problem that we could see the first signs of any real progress. Y2K has also shown us that we need to do a better job of configuration management, in other words, keeping track of the technology we use and the functions it performs. Y2K provided many large firms a reason to conduct, for the first time ever, a comprehensive inventory of their information technology infrastructure and processes. Not surprisingly, organizations found that some systems could be discarded without any loss in productivity. Other systems were replaced by newer, more efficient models. Third, Y2K has demonstrated the value of forming partnerships across traditional boundaries to achieve a common goal. In addition to showing us the increasing interconnectedness of organizations through technology, Y2K highlighted the fact that private industry and government can work together to address major national issues. I think that spirit of partnership obviously extended to the political arena as well. Most people realized early on there was not a Democratic or Republican solution to this problem, and we really have worked well together, particularly in the partnership that led to the passage of the Year 2000 Information Readiness and Disclosure Act in 1998. Finally, I think that Y2K has demonstrated that we need to include the American public in the discussions about any future large-scale challenges. Given the facts, whatever they are, people generally responded appropriately. Even when industry and government information provided to the public revealed that there was still substantial work left to do, people were reassured rather than alarmed. They seemed comforted to know their organizations were treating the problem seriously, were working together to solve it, and would keep them informed with the status of the situation. The President's Council will soon cease its operations. Before we post the going-out-of-business sign, we will focus on monitoring activities during the leap year rollover. We do not expect any major national problems and we anticipate the Council will shut down for good by the end of March. In closing, I would like to echo the comments made that the Federal Government and the country's successful resolution of the Y2K problem attributes to the skill, dedication and hard work of thousands of professionals that have focused on this issue. It has been my pleasure to assist them as part of this vital national effort, and I look forward to answering any questions you may have at the conclusion of the other statements. Mr. Horn. Thank you very much. [The prepared statement of Mr. Koskinen follows:] [GRAPHIC] [TIFF OMITTED] T6711.005 [GRAPHIC] [TIFF OMITTED] T6711.006 [GRAPHIC] [TIFF OMITTED] T6711.007 [GRAPHIC] [TIFF OMITTED] T6711.008 [GRAPHIC] [TIFF OMITTED] T6711.009 [GRAPHIC] [TIFF OMITTED] T6711.010 [GRAPHIC] [TIFF OMITTED] T6711.011 Mr. Horn. We will go down, as you know, with this panel and then open it up to questions, because I think some of the information will jibe and some won't. The gentleman from the General Accounting Office, Mr. Joel Willemssen, the Director of Civil Agencies Information Systems, Accounting and Information Management Division. Mr. Willemssen has gone all over the United States with the subcommittee on government management and has been an active participant in the various panels we have had of government officials, private sector and so on. So it is a pleasure to have you here. I know you were working right up to midnight there, as I saw you in John's command center. So we appreciate all you have done and your team at the General Accounting Office. Mr. Willemssen. Thank you, Mr. Chairman, Chairwoman Morella, Ranking Member Turner, members of the subcommittees, thank you for inviting us to testify today. As requested, I will summarize our statement. Overall, during the rollover period, our country had relatively few Y2K-related errors that affected the delivery of key services. While the Y2K challenge is not yet over, because some key business processes have not yet been fully executed and some risky dates remain, the Nation's success thus far is a very positive indicator that these hurdles will also be overcome. The leadership exhibited by the legislative and the executive branches and the partnerships formed by numerous organizations were pivotal factors behind the success. The Y2K-related errors that were experienced during the rollover generally did not affect the delivery of key services because they were either corrected quickly or contingency plans were implemented. A key reason that Y2K errors had little effect on the delivery of services is that Federal agencies and other organizations used the rollover weekend to identify and correct errors before the problems resulted in operational consequences. In the Federal Government, the few Y2K disruptions that were significant were mitigated by quick action. For example, the Department of Defense, Health Care Financing Administration and Federal Aviation Administration each experienced significant Y2K events that they were able to address quickly. For high impact State-administered problems such as Medicaid, food stamps and unemployment insurance, actions by States and the Federal Departments of Agriculture, Health and Human Services and Labor have paid off. Errors reported were often cosmetic printing or display problems with few failures resulting in disruptions to service. The threat posed by Y2K was a much needed wake-up call for organizations to improve their management of information technology. Y2K has laid a foundation for longer term improvements in the way that Federal Government manages information technology. I would like to quickly summarize some of the key lessons that we have learned out of the Y2K experience. First, as mentioned, one of the most important factors underpinning the success of Y2K was leadership at the highest levels of government. In particular, congressional oversight played a central role in pushing agencies forward on Y2K. Mr. Koskinen and the President's Y2K Council provided strong effective leadership. Second, Y2K served as a notice to many on how much we rely on information technology to deliver key services. Third, there was standard guidance that was put together that was universally accepted, adopted and implemented, which facilitated Y2K efforts and oversight. Such guidance provided consistency, imposed structure and discipline and enhanced the rigor of testing and assessment efforts. Fourth, as Mr. Koskinen mentioned, the establishment of partnerships among various organizations was especially important. In particular, the partnerships formed by Mr. Koskinen, Federal agencies and private sector organizations were instrumental to the Nation's Y2K efforts. Fifth, we found that using standard techniques and metrics to monitor performance was especially helpful in measuring progress and remaining challenges. Finally, Y2K saw many agencies take charge of their information technology resources in much more active ways. In many instances, it forced agencies to inventory their systems and to link those systems to agencies' core business processes. Also the development and testing of contingency plans should have benefits way beyond Y2K. Further, Y2K prompted agencies to establish needed policies in areas such as configuration management, risk management and software testing. In summary, the Y2K rollover was clearly a success for our Nation. A key challenge now for the Federal Government is ensuring that the lessons learned in addressing Y2K can be effectively used to improve overall information technology management. That concludes the summary of my statement. Thank you very much. Mr. Horn. I thank you very much. We have a lot to pursue in your very fine document here as to what did go wrong. [The prepared statement of Mr. Willemssen follows:] [GRAPHIC] [TIFF OMITTED] T6711.012 [GRAPHIC] [TIFF OMITTED] T6711.013 [GRAPHIC] [TIFF OMITTED] T6711.014 [GRAPHIC] [TIFF OMITTED] T6711.015 [GRAPHIC] [TIFF OMITTED] T6711.016 [GRAPHIC] [TIFF OMITTED] T6711.017 [GRAPHIC] [TIFF OMITTED] T6711.018 [GRAPHIC] [TIFF OMITTED] T6711.019 [GRAPHIC] [TIFF OMITTED] T6711.020 [GRAPHIC] [TIFF OMITTED] T6711.021 [GRAPHIC] [TIFF OMITTED] T6711.022 [GRAPHIC] [TIFF OMITTED] T6711.023 [GRAPHIC] [TIFF OMITTED] T6711.024 [GRAPHIC] [TIFF OMITTED] T6711.025 [GRAPHIC] [TIFF OMITTED] T6711.026 [GRAPHIC] [TIFF OMITTED] T6711.027 [GRAPHIC] [TIFF OMITTED] T6711.028 [GRAPHIC] [TIFF OMITTED] T6711.029 [GRAPHIC] [TIFF OMITTED] T6711.030 [GRAPHIC] [TIFF OMITTED] T6711.031 [GRAPHIC] [TIFF OMITTED] T6711.032 [GRAPHIC] [TIFF OMITTED] T6711.033 [GRAPHIC] [TIFF OMITTED] T6711.034 [GRAPHIC] [TIFF OMITTED] T6711.035 [GRAPHIC] [TIFF OMITTED] T6711.036 [GRAPHIC] [TIFF OMITTED] T6711.037 [GRAPHIC] [TIFF OMITTED] T6711.038 [GRAPHIC] [TIFF OMITTED] T6711.039 [GRAPHIC] [TIFF OMITTED] T6711.040 [GRAPHIC] [TIFF OMITTED] T6711.041 [GRAPHIC] [TIFF OMITTED] T6711.042 [GRAPHIC] [TIFF OMITTED] T6711.043 [GRAPHIC] [TIFF OMITTED] T6711.044 [GRAPHIC] [TIFF OMITTED] T6711.045 Mr. Horn. It is always a pleasure to have the Commissioner of Internal Revenue here. We will see you again on April 15th. We would love to hear your statement, because you had a lot of burdens counting on it, people that wanted refunds and all the rest of it. So thank you, Commissioner, for being here. Mr. Rossotti. Thank you, Mr. Chairman. It is good to be here. Madam Chairman and distinguished Members, I am very pleased to report that the IRS experienced a smooth Y2K rollover starting on December 29th and continuing up to the present with fewer problems this January than we normally experience in a normal January. To date, we have had good success. It was hard work and our success can be attributed to the comprehensive planning and preparations we have conducted over the last 3\1/2\ years. We also are very grateful for the guidance and assistance you provided, your committee, as well as Mr. Koskinen and GAO. I do want to note we cannot yet declare total victory on Y2K at the IRS. Some risks do remain, and in particular, we have to be very vigilant about Y2K problems that could still crop up during our high volume tax filing season, which really starts in February and continues through April. As I discussed in previous hearings, the scope of the Y2K problem at the IRS was enormous and required a significant investment, about $1.3 billion, to plan and prepare. But fortunately, that investment was made. Had we not adequately prepared for Y2K, I think it is fair to say the tax system of the United States would simply have ground to a halt. In my written testimony, I described several scenarios for today, I picked out a few of the events that would have occurred. For example, our 14-year-old system for entering data from paper tax returns would have stopped working if we had simply allowed it to roll over without modification. This particular combination of hardware, software and third-party products could not be renovated, and therefore, was totally redesigned and replaced during 1998 and 1999. Without this system, about 90 million individual income tax returns that come in on paper would have just been piling up right now. Second, interest and penalty calculations would have been incorrect and would have generated wrong notices to taxpayers. For example, if we had not replaced the system, we would have sent about 67 million wrong notices to taxpayers telling them that they owe money to the IRS. Those numbers would have been wrong. Third, our data transfers with important external organizations such as the financial management service and the Federal Reserve Bank would have failed because of incompatible dates. This would have impaired or eliminated the ability to issue about 80 million refunds. Just a final example, I think this is particularly interesting, and certainly not unexpected, but after years of fixing and testing these systems, we did one final end-to-end test that was completed about the middle of December. This particular final end-to-end test identified 175 problems. Some of those would have been very serious had we not fixed them at the end. For example, a system that generates new balance notices to taxpayers for certain tax periods was displaying the date as 2099 instead of 1999 for some of those notices. So if this problem had not been fixed, we would have been sending out hundreds of thousands of notices to taxpayers with incorrect tax periods and wrong payment dates that would have generated mass confusion among those taxpayers, and this was just only one example. There are many more scenarios in my written testimony. Of course, none of these things actually did happen, and that was simply because we acted in time to solve the problems. Now, the question is sometimes asked in the form of was Y2K a blessing in disguise? I would have to say that I would not consider it to have been a blessing, whether it was disguised or not disguised, but there are some important residual benefits in the IRS that we will realize from the investment. I will mention the four most important. The first is we did replace a lot of obsolete hardware and system software products. As a result of the Y2K program, most of our hardware in the IRS has been replaced, since most of it was really obsolete, and software releases have been brought up-to-date. This bringing up-to-date of this infrastructure is essential for supporting what we are now embarked on, our technology modernization program, and, of course, it is imperative that we have adequate annual replacements of hardware and regular routine upgrades of software releases in order to keep this vast installed base up-to-date. Second, we did implement some very important improvements in our program management practices. Our Y2K program was successful largely because effective program management practices were implemented over the last 3 years. These practices will be extremely valuable as we now move forward with our technology modernization program. I do want to note as challenging as Y2K was, our modernization program imposes even more and different challenges because it involves major business changes as well as technology. Third, we were able to standardize many products. The IRS- installed base of hardware and software was not only obsolete, it was heterogeneous in the extreme. The Y2K program has allowed us to set up and largely implement standard products. Because of our reorganization under the leadership of our CIO, Paul Cosgrave, we now have the management structure and delegated authority in place to make design and procurement decisions to maintain standardization of technology. Finally, we implemented improved inventory management. GAO has justly criticized the IRS for years for the poor condition of our IT inventory. Because of Y2K, we were forced to examine our inventory and bring it up-to-date as never before. So the condition of our inventory records is greatly improved, although I have to note it is still not fully where it needs to be, and there is much that needs to be done in the future on that problem. In conclusion, Mr. Chairman, we are gratified with our results. I stress there are still some risks that remain. Clearly, we gained some residual benefits which will be of great value as we proceed to our even more challenging business system modernization programs. These benefits will only be realized if we actively continue the practices established during Y2K, including regular replacement and upgrades of hardware and software. We will keep the subcommittees apprised of any remaining problems and our actions to correct them. I thank you for the opportunity to discuss our efforts, and certainly thank you for your interest and support over the last 3 years. Mr. Horn. Well, we thank you very much. [The prepared statement of Mr. Rossotti follows:] [GRAPHIC] [TIFF OMITTED] T6711.046 [GRAPHIC] [TIFF OMITTED] T6711.047 [GRAPHIC] [TIFF OMITTED] T6711.048 [GRAPHIC] [TIFF OMITTED] T6711.049 [GRAPHIC] [TIFF OMITTED] T6711.050 [GRAPHIC] [TIFF OMITTED] T6711.051 [GRAPHIC] [TIFF OMITTED] T6711.052 [GRAPHIC] [TIFF OMITTED] T6711.053 [GRAPHIC] [TIFF OMITTED] T6711.054 Mr. Horn. As Mr. Koskinen leaves the scene, there is no question in my mind the toughest job in the executive branch is the Commissioner of Internal Revenue. If anybody is going to turn that agency around, you are. So, thank you. The last witness on this panel is Mr. Fernando Burbano, the Chief Information Officer of the Department of State. We are glad to have you here. Mr. Burbano. Thank you, Mr. Chairman, Madam Chairwoman and distinguished members of both committees. Since my oral testimony is limited to 5 minutes, my written testimony includes more detail. As chairman of the CIO Council Subcommittee on Critical Infrastructure Protection, I am pleased to have this opportunity to discuss how lessons learned, products and processes developed in support of Y2K, can be leveraged into our ongoing critical infrastructure security efforts and challenges facing Federal agencies in implementing security pleasures. As well, in my role as CIO of the State Department, I would like to thank you for providing me this opportunity to talk about the results and continuing impacts of the Department's successful Y2K preparation efforts. The Department of State, along with rest of the Federal Government, showed just how powerful and effective we can be when we are singularly focused and committed to solving a problem and are provided the necessary resources to get the job done. First, let me quickly address the cost of preparing for Y2K. The question is, did we spend too much? The answer is very simple: Absolutely not. We should be careful not to confuse the lack of catastrophic disruptions with unnecessary preparations by the Federal Government. Now, moving on to the actual results of the Y2K rollover and its impacts to the global community. In general, there are few and only minor Y2K failures reported internationally, and none that impacted the safety of American citizens worldwide. I believe this global success is a direct result of the U.S. Government's international outreach and awareness campaign led by the Department of State, the Department of Defense and the President's Council on the Y2K Conversion, in coordination with the United Nations and World Bank. Embassies representing the U.S. presence in over 160 countries around the world played a key role in monitoring and reporting events in their host countries and post facilities through a Y2K task force convened in State's operations center. Additionally, internal State Department systems fared exceptionally well throughout the rollover, experiencing no significant failures among our mission critical, critical and routine systems. As you are well aware, many of the products and processes developed to address Y2K problems can be applied to future challenges and serve as the foundation for managing issues with cross-agency and public-private boundaries, including critical infrastructure protection. In fact, much of the work already done is a prerequisite for PDD 63, critical infrastructure protection, Clinger-Cohen, and other government performance results act initiatives. Specifically, Y2K preparation forced government agencies to take a close look at its IT applications and produce a complete prioritized inventory. This is a critical first step to identifying and refining the mission essential infrastructure as required by PDD 63. The Y2K effort produced program management methodologies which were applied across all government agencies and included executive and congressional oversight, Assistant Secretary level management and repeatable standardized measures and processes. This management structure can also be applied to critical infrastructure protection. All elements of the Federal Government reviewed and developed contingency plans for critical business processes. The development of these contingency plans resulted in a greater understanding by senior policy managers of the dependency of business processes on IT systems. Additionally, these plans are durable beyond Y2K established a foundation for all future contingency operations planning. For the Y2K rollover period, the government developed a robust global reporting structural which can be leveraged into a mechanism for monitoring threats against critical infrastructure elements. For example, within the Department of State, we have developed a web-based geographic information system to collect cyber-threat information from all overseas posts. This tool can serve as a pilot system for other agencies to collect and analyze cyber-threat data. Finally, Y2K preparation efforts increased the level of interagency cooperation and coordination between the public and private sectors. The same working level teamwork will be required to effectively implement critical infrastructure protection plans. There are two areas which I believe allow the Federal Government to successfully overcome widespread Y2K problems in the face of an unmovable tight deadline. First, continued participation by key congressional oversight organizations provided Federal Y2K programs the authority needed to push agency resources to their limits. Second, the ability of Federal Y2K programs to rapidly obtain and more importantly retain adequate separate supplemental funding, specifically designated for Y2K, allowed each agency to acquire the resources necessary to achieve the time sensitive objectives. This ability of Federal agencies to have access to a congressionally managed yet continuous separate supplemental funding stream designated specifically for the Y2K effort allowed Federal CIOs and Y2K program managers the ability to acquire and retain qualified resources in the needed quantity. Critical infrastructure protection requires the same approach. Involvement by Congress and other oversight organizations to raise the level of awareness and visibility throughout the Federal community and overseas CIP implementation in support of national security goals is vital, and this activity is already underway. But just as important to me and my colleagues through our government is access to funding which allows each of us to begin developing and implementing our plans in accordance with PDD 63 and other critical infrastructure protection guidance and statutes. One of the key obstacles preventing agencies from immediately pursuing CIP initiatives is the lack of current funding for these projects. Due to the Federal Government's budget cycle, forecasting the future work is done 2 years prior to the budget year. Therefore, as new requirements are levied, current agency budgets do not reflect changing priorities and requirements, such as the need for critical infrastructure protection implementation initiative. In light of this, there are numerous events that have prevented agencies from adequately addressing current CIP implementation requirements in their fiscal year 2000 and fiscal year 2001 budgets. First, the unprecedented and unpredictable growth of Internet use and technologies over the last 2 years; second, the corresponding collateral growth of the cyber underworld during this same period; third, the extent to which our daily business relies on Internet-based systems and the fundamental shift of business tools to be used in a web-based environment; finally, expanding CIP requirements on Federal agencies, including the recent critical infrastructure plan released and its 10 programs, some of which require immediate implementation. These are just some of the reasons why Federal agencies are poorly positioned to successfully implement critical infrastructure to address the challenge posed by the ever- growing cyber underworld, not to mention to be in compliance with executive guidance. Although we of the CIO council fully understand fiscal constraints, reallocation of such a fraction of the current surplus would be a solid investment for the protection of the Federal Government's critical infrastructure. In closing, it is my belief and the belief of members of my subcommittee and CIO's across the Federal Government that in order for the national CIP initiatives to be fully successful, continued congressional support as well as the ability to get access to specific CIP and security-related funding is vital. I cannot emphasize that without congressional-backed support, including adequate funding, we on the subcommittee of the critical infrastructure committee believe that the government will significantly fall short of national critical infrastructure protection goals. Thank you. Mr. Horn. We thank you very much for that statement. [The prepared statement of Mr. Burbano follows:] [GRAPHIC] [TIFF OMITTED] T6711.055 [GRAPHIC] [TIFF OMITTED] T6711.056 [GRAPHIC] [TIFF OMITTED] T6711.057 [GRAPHIC] [TIFF OMITTED] T6711.058 [GRAPHIC] [TIFF OMITTED] T6711.059 [GRAPHIC] [TIFF OMITTED] T6711.060 [GRAPHIC] [TIFF OMITTED] T6711.061 [GRAPHIC] [TIFF OMITTED] T6711.062 [GRAPHIC] [TIFF OMITTED] T6711.063 Mr. Horn. We are sure there will be questions for every witness. I am going to start with the cochairman of the task force, the gentlewoman from Maryland, to begin the questioning. It will be limited to 5 minutes by each Member, and it will alternate between those who have not had a chance, starting with Mr. Turner after the gentlewoman from Maryland. Mrs. Morella. Thank you, Mr. Chairman. You know, I hear from all of you some of the same results assessments. First of all, you became more familiar in your various agencies, departments, groups with whom you work, with information technology and its role in the future. Second, there was an assessment of the systems that you have, so you are ready to move ahead with information technology. Also, I think, rising to the forefront is the concept of the partnerships, partnerships within the Federal Government, the executive branch, legislative branch, but also partnerships with the private sector, partnerships with local governments. I think that is something that we could all learn from and hope to continue to preserve. We also--I think you all said you felt this was very important and that it did prevent some big problems. My two questions I am going to meld into one because of the time constraints. First of all, I am surprised myself that there weren't some problems with the Pakistans of this world, Russia. They didn't seem to have any major problems. These are places with older computer systems. I just wondered if you all were surprised at the lack of the problems we have heard about emanating from those countries and other countries that would be in the same category? Second part, as we look to leap year, February 29th, do you foresee any major or minor problems? Is there something we should be doing about that? I guess I could start then with Chairman Koskinen. Mr. Koskinen. Well, as I noted in my testimony, I think things did go better abroad than anyone had expected. Partially, though, I think that is because we fell prey to what I thought people did here, which is we didn't believe other countries when they gave us their progress reports. In the last 2 months of the year, country after country issued reports that didn't say there wasn't a problem, but basically said they identified the places where they needed to apply resources; they had done that effectively and they were prepared. We all sort of said it was late in the day, are they really prepared? It turned out they were, for a number of reasons that I discussed. One is, a lot of them had much less reliance on information technology, certainly in their infrastructure, than we do here. In fact, I think there are a relatively small number of countries in the world that have complicated computerized control systems for their infrastructure that put them at risk. So a lot of countries discovered that the embedded-chips did not create a problem for their infrastructure. In fact, in the last quarter of last year, we noted, based on testimony and information from industry experts, that it was unlikely that the lights would go out anywhere or that a dial tone would stop anywhere, that the risk in infrastructure systems with embedded systems was gradual degradation of service over a period of time. So in the countries that we knew were in the middle--the truly developing countries have very little IT and were at risk primarily in financial systems, it was the Pakistans, Indonesias, Russias, Chinas of the world--that had a reasonable reliance on information technology, where people were concerned about how much they had done. I think it is a combination of the fact that they started late, but they spent a lot of time in the last 6 to 9 months working hard on it. They got the benefit of learning from everybody else. There was a tremendous amount of information exchanged as we moved through it, and third, a lot of their systems are still analog, they are not digital. They did not depend upon new digitalized equipment, and therefore, they were able to prioritize their resources in a much more focused way. But I would emphasize that the image of those countries, as if they didn't do anything, they were unconcerned and just waited around, was wrong. We met with 173 country delegates in June at the United Nations, and every one of those countries understood this was a problem that, in some degree, affected them. Every one of those countries was then focused on Y2K, every country met at least twice in every region of the world cooperating, or most of the countries did, cooperating, sharing information. So I think what happened was in that last 6 months far more work was done in a very focused, effective way than any of us were able to get a window on. With regard to February 29th, it has turned out in testing, certainly in the Federal systems and in the private sector, that there have been more mistakes than one would have thought. You would have thought people would have gotten the right result for the wrong reason, which is, they didn't understand the rule of centuries, they just divided by 4 and figured out the year 2000 was a leap year. It turned out there were a reasonable number of programmers that had just enough information to be dangerous, which is, they knew centuries generally aren't leap years, they just didn't know the rule of the exception divisible by 400. So this is primarily a software problem, although there were some potential embedded chip and system operations problems. Our judgment is we will see no more glitches than we saw on January 1, which were relatively minor and modest. We are going to monitor it for two reasons. One is we think it is important for those who are operating systems to understand it is a real problem and there is still time for them to test their systems. Most major companies have already done that. Second, it will be important to monitor the 3 days: the 28th, 29th and 1st of March, so the glitches that occur, and I think inevitably there will be some, are put in the appropriate context. If we had not been able to identify the limited nature of the glitches as they occurred over that first 2 or 3 days on the rollover, we would have had a very different media response. When reports came in of legitimate glitches, the fact, we were able to confirm their accuracy, but expand by saying that is the only country in which it happened, or the only area that happened. It allowed us to put the glitch in the right context. Absent that, you would have had a greater likelihood of unnecessary overreaction by either the media or the public. We don't expect there will be many glitches, but we think it is important for the public to know where they are and what their significance is. Mrs. Morella. I would like to give you opportunity to respond, Mr. Burbano. Incidentally, I love that acronym for the critical infrastructure, CIAO. It is easy to remember. Mr. Burbano. Thank you. Working at the State Department, I had a great opportunity to actually go overseas to many of the countries and meet the John Koskinens of those countries and their sector leaders. I found two things quite interesting, and that is why I personally wasn't too surprised. One is in talking to them, I found out they were not as automated as some of the people thought they were. But more importantly, the culture in a lot of these countries is not to report the status of government systems, whether it is good or bad, believe it or not. But they will reveal more orally, which obviously when you try to track status, is the only thing that are looked at is written, and if you don't have information to provide, you assume the worst, and that is why they don't get reported as well. Those were the two reasons I found. Mrs. Morella. Like people say about the President, underestimate so that the results will be attributed to you, however it comes out. Mr. Horn. I thank the gentlewoman. I now yield to the gentleman from Texas, Mr. Turner, the ranking member, 5 minutes for questioning. Mr. Turner. Thank you, Mr. Chairman. Mr. Koskinen, I don't know if you have this information or are set up to collect it, but earlier we had a lot of dire predictions about lawsuits being filed all over the place regarding Y2K problems, and I would be curious as to whether or not any of that has occurred and the degree to which that was a significance problem? Mr. Koskinen. Well, some of us maintained last year that you couldn't have massive lawsuits without having massive failures, and therefore, at least the President Council's position was there was not likely to be this flood of litigation, because there was not likely to be a flood of failures. That turns out to have been correct. There have been a relatively modest number, but significant lawsuits have been filed where people are arguing about who is going to pay for the fixes, and the question is whether insurance policies cover the failures that companies avoided, particularly in major companies in the United States. But as a general matter, in the absence of any very significant Y2K failures since the 1st of the year, obviously, you can't have a lawsuit if you don't have somebody damaged in some way. So at this juncture, the only lawsuits out there are primarily focused on arguments between those who fixed the systems and primarily their insurance companies about who ought to pay for it. Even that is not anything like a flood of litigation. Mr. Turner. As I recall, of those issues that you mentioned regarding who should pay for fixing, it was not the subject of the litigation nor the success of the legislation that attracted so much attention in the Congress, because all issues were separate and aside from the issues that were dealt with in the Y2K litigation. Mr. Koskinen. That is right. The legislation that the Congress passed primarily addressed the rights and responsibilities of potential plaintiffs and defendants if there were system failures, focused primarily on giving potential defendants the opportunity and the right to fix any of those failures within a defined period of time, and again, since there have been relatively few of those problems that amounted to much, there have been a lot of glitches along the way, there hasn't been much need for the legislation. But I am sure people would argue that since there were great risks, if we didn't get the work done, that there would be failures, there was some potential that the failures obviously would have generated litigation. The fact that we haven't had the failures has had the side effect that we are not going to much litigation. Mr. Turner. That is all I have, Mr. Chairman. Thank you. Mr. Horn. Thank you very much. We are in the question period. Does the gentlewoman from Illinois have some questions? The gentlewoman is recognized for 5 minutes. Mrs. Biggert. Thank you. As far as what is going to happen in the future, will there be a plan like continuation of your Council, or is there going to be an office that will remain after probably the leap year? Mr. Koskinen. Well, if there is, it won't have me in it. No, the Council will, as I noted, fold up its tent and fade away into the dusk, probably by the end of March. The issue going forward that Mr. Burbano noted that people are focused on is how will we deal with information technology security and threats to the critical infrastructure, and there is a Presidential decision directive, PDD 63, that sets out a structure and an organizational framework for dealing with those issues, coordinated by the National Security Council out of the White House. So that operation, while we have been coordinating very closely together over the last 2 years, will continue, but it is already set up in the Critical Infrastructure Assurance Organization [CIAO], as Chairwoman Morella noted, and that will be separate from the President's Council. Mrs. Biggert. So there will no longer be a CIO czar? Mr. Koskinen. That is right. I never saw myself as the CIO czar. The CIOs actually have been very capable of taking care of themselves. Mrs. Biggert. Again to Mr. Koskinen, what was the biggest surprise of the rollover? Mr. Koskinen. Well, if you look back at our quarterly assessments, we did four of those. In the last one we put out in the fall, basically in the United States the rollover went as we predicted. We said there were going to be no national infrastructure failures, there would be no regional failures, if there were any failures, there would be isolated problems at the local level. That is what we basically have seen. So in the United States we have been pleased that there haven't been more visible problems for small businesses. A number of them have had glitches, but they seem to have been able to deal with those, because that was an area we were concerned about. So, like others, I think the bigger area of uncertainty for us was what was going to happen abroad. Again, we did not think as we noted in our report and in a report by the Department of Commerce that any glitches abroad would have any significant or noticeable impact on the American economy. We looked at the range of possibilities, where the countries were that were at risk, and where our trade and business partners were, and it was clear to us, no matter what happened in the countries we thought were at risk, it was not going to have an economic impact on us. That also turned out to be true. But as we discussed earlier, I think all of us were, primarily for a lack of information, concerned about a number of countries that rely on some information technology who started late, where it was hard to know exactly how much work they had gotten done in the last 6 to 9 months of 1999. It turned out that in their basic infrastructure, I think primarily because it was not as much at risk as we might have suspected, there haven't been any infrastructure failures. The other thing to bear in mind is in the areas where I think they were at greatest risk, which is in financial transactions and communications, those systems were being tested and worked on for the last 2 years on an international basis. So even in a country that didn't have an organized process for infrastructure protection, its banking system had to be testing and working with other banking systems, because the central bankers around the world for the last 2 years focused on that. That was, in many ways I think, the biggest risk they had and the biggest success they had. Mrs. Biggert. I guess just one last question, that so many valuable lessons came out of the experience, and how are we going to ensure that these lessons aren't lost if we don't continue on after leap year day, February 29th, I guess it is? Mr. Koskinen. We created in my prior incarnation, with the help of this committee and others, the Clinger-Cohen Act and the Chief Information Officers Council and CIOs in all of the agencies, with the idea they would be as they have been the focus for information technology issues across the government. That council is chaired by my successor as the Deputy Director for Management at OMB, and independent of the information technology issues, the security issues that are under the critical infrastructure assurance organization, but focused on by the CIOs as well, there is an existing vehicle that I think, over the last 3 years of its existence, has turned out to be very effective for bringing together all of the Federal agencies and their senior information technology people to work together on isolating and identifying what are the critical challenges the Federal Government faces, how should we be organized to deal with those, and then implementing those situation suggestions. Mrs. Biggert. Thank you. Thank you, Mr. Chairman. Mr. Horn. Thank you very much. Let me ask you, Mr. Koskinen, you have had a lot of experience in the executive branch, first in OMB and other consultant operations, and, of course, this. You note in your formal statement here, and you mentioned it also, I believe, in your oral summary, this is the greatest management challenge the world has faced in the last 50 years. I think there is probably a lot of truth to that on the world. But when we look at major management challenges within the executive branch over 50 to 60 years, we see the atomic bomb and the hydrogen bomb, major challenges of how you put that together; going to the moon is certainly another one, setting a goal as President Kennedy there; Admiral Rickover and the nuclear Navy, where you cut through a lot of bureaucracy and got the job done. I guess I would ask you, as you look here, how do Presidents best get served in dealing with those management problems and the one you just presided over? So give us a little insight into that. Mr. Koskinen. Well, as I say, I think the difference between the Y2K problem and the other significant challenges you floated, which I think were important for the country is, this was a challenge that affected every system in the Federal Government, every agency. So it was not a question of having NASA or the Energy Department or someone else focusing on a very major challenge. This was a challenge of having every Federal agency, large and small, challenged at the same time, not only within each agency but across agency lines. The Treasury Department services and provides financial services to a wide range of Federal agencies, for example. I think in all of those cases, what is needed is for people to identify the problem and for it to have a high level of commitment and attention from the Congress as well as from the executive branch. Again, I think the structure set up of the CIO council for information technology challenges going forward is an effective structural vehicle for the government to be able to surface what the issues are and deal with them effectively. So as we move forward, I think information technology is not a series of episodic challenges for us. Information technology is an ongoing issue, not just for the Federal Government, but for the private sector and world as we become more reliant on information technology for everything from communication to financial transactions. Mr. Horn. What do you see based on usual experience as to the one or two management challenges after this is done? What do you see? You have had a real eye-opener, I think, throughout the last few years. Mr. Koskinen. Clearly information technology is a challenge. I think it has affected our ability to modernize systems across the government, to have them implemented and operate effectively, has been for some time and will continue to be a challenge. I think performance measurement. I was a great supporter of the Government Performance and Results Act. I think it is important, not only for effective management within the government, but for an improved dialog with the public about what our goals are and our objectives are and how we are doing and achieving those. So as we go forward, I think we have on our plate significant challenges, and we probably don't have to reach out and find new ones. If we could handle both of those effectively, deliver services more effectively under GPRA and provide improved updated modernized information technology delivery systems across the government, I think we are headed in the right direction in those areas, but I think they are major challenges. Mr. Horn. We are going to be holding hearings with the Government Management Subcommittee on Clinger-Cohen that was mentioned, which came out of this subcommittee and the full committee, and also on the computer security issue, which came up here, so we will be looking for you to testify on those things. Those certainly cut across different agencies within the executive branch. We have a whole other agenda also we can get into with whoever is in place there with the CIOs, because I think that is very important, what you did when you took the job and came out of retirement. You went around and sat down with the Deputy Secretaries who often operate the departments, and I think that was very important. Would you like anything else to have done that you didn't have time to do? Mr. Koskinen. No. Oddly enough, this was my feeling even before we had the successful transition, if I had to do it over again, I wouldn't do anything differently. We did all we needed to do, I think, and all we could do. I got tremendous cooperation from not only the leadership in all of the Federal agencies, but as I noted, I think a stunning achievement by career public servants in the Federal Government and State and local government, demonstrating an ability to meet a real challenge and meet it effectively. Mr. Horn. What are you going to do with that $50 million headquarters? Who moves in? Mr. Koskinen. That includes the operational cost for a year, so not all of it will be in place. But OMB is working with the agencies and I have said that when we do our last briefing on March 1st for the rollover, OMB at that time will announce exactly what its plans are for the operational capacity at the information coordination center. Mr. Horn. Most Presidents early in the morning get a national security briefing coming over from CIA. Do any Presidents ever get a management briefing in the morning as to what is going on in the executive branch and why not? Mr. Koskinen. That is not in my jurisdiction at this point, so I can't tell you whether that is done or not. Mr. Horn. It was in part when you were Deputy Director for management. The question is most Presidents don't know what is going on in the executive branch unless there is some crisis that hits the papers. Shouldn't Presidents also be looking at the domestic situation, just as they look in the morning at the foreign situation? Mr. Koskinen. There is no doubt that our ability to manage the vast organizations we have and the significant funds that we have is an important part of our responsibility to the public, and I think that not just in the executive branch and the Congress as well, it is oftentimes more exciting to talk about new policies or new programs or failures isolated. It is much harder, as you know, in the leadership you have had in your subcommittee, to get people to understand and focus on day-in and day-out management. But when push comes to shove, our ability to make changes and provide benefits to people depends on our ability to manage programs effectively. Good ideas poorly implemented are actually very ineffective. Mr. Horn. I am going to yield now to Mr. Wu from Oregon for 5 minutes of questioning. Mr. Wu. Thank you, Mr. Chairman. I am just going to use a little bit of my time and really focus on this a little bit more with the private sector panel coming up. I just want to ask one question: With the upgrades, the new equipment, the other preparation work which was done in the Federal agencies, do you see, or are you currently experiencing a dip in procurement as a result of the bulge, if you will, prior to December 31st? Mr. Koskinen. I think the agencies can probably answer that question better. Mr. Burbano. I would like to address that as the CIO for the State Department. I would say not really, for this reason. There was a lot of systems, and I know at the State Department we put a moratorium on systems development and implementation and so forth if it wasn't Y2K-related. So all of that was put on the shelf, and now it is getting off-the-shelf as soon as the leap year is over. So that is going to offset. Mr. Rossotti. With respect to the IRS what really happened is that over a 2 to 3-year period, we made an investment to bring up-to-date our hardware and operating system software. But, for example, with PCs, personal computers, we really need to be on about a 3-year replacement cycle there, so we are replacing each year about one-third of the computers representing what was installed 3 years ago. That is kind of the way that we are planning it. There will be some dropoff in a few areas where we had to make some special investments, but, on the whole, what we really want to do is get on a long-range planning basis where we invest a certain amount every year so that we don't get behind as badly as we were 3 years ago. Mr. Wu. And with respect to personnel, the people you brought aboard, whether on a long-term basis or on a contract basis to help you with the Y2K problem, are they being redeployed within your agencies, have they left? What is going on with the people? Mr. Rossotti. Speaking for myself and the IRS, what we have done is we simply made a determined effort 2 years ago to retain the people we had. Unfortunately, we were suffering attrition. So we made some very successful efforts to retain the people we had, the people who really know some of these old software systems, and simply had to put many, many other things on hold. We even had to go to the Congress when they passed the Restructuring Reform Act, and ask that some of the effective dates for the law be extended out to 2001, because there was no way to implement some of the things while still working on the 2000 fixes. So what we did was we simply took our staff, tried to retain it, and allocated it to fixing Y2K as the top priority, putting other things on hold. What we are now doing is trying to dig out from this huge backlog. Furthermore, we are in an unusual position in that we are now just embarking on an enormous technology modernization program. What IRS has right now is we have relatively new hardware in most cases, and relatively up-to-date operating systems, such as your Windows-type operating systems and your mainframe operating systems. What we don't have is up-to-date application software. We have, in fact, extremely obsolete applications software, and we have a lot of it. So our role now over the next several years is with the help of a prime contractor is to reengineer that technology, and as I mentioned in my opening statement, that involves business change as well as technology change. So you could almost think of Y2K as just laying the groundwork for what we really have to do over the next several years to reengineer our applications. Mr. Burbano. From my view at the State Department, with the new Y2K initiative, if you want to call it the critical infrastructure protection I have been talking about, there is going to be a huge demand for new people with possibly different skills for computer security, cyber terrorism and so forth. So there will be a replacement. Some of the skills used in Y2K can certainly be applied. Others, maybe not. So you have to look at it on a case-by-case basis. Regardless, there is going to be a huge demand for this new initiative that is facing us that is very serious. Mr. Wu. On net, do you think you are adding folks in the hardware-software information systems area, or are you shedding a few now in the State Department? Mr. Burbano. I think it is a combination. Not with employees, with contractors. It is a combination of shifting, replacement of skills, keeping some. But don't forget, we are still not out of the Y2K window until the rollover of the leap year. So that is a little bit too early to say right now. But we are starting to look at it in that view, that since we do have this new huge initiative that is very important and will go on for the unforeseeable future, there will be a replacement of skills, and some of those will be applicable and some not. Mr. Wu. I thank the witnesses. Thank you, Mr. Chairman. I yield back the balance of my time. Mr. Horn. The gentleman from Washington, Mr. Baird, 5 minutes. Mr. Baird. No questions. Mr. Horn. Mrs. Biggert, the gentlewoman from Illinois. Mrs. Biggert. Thank you. In making the fixes on the computers, organizations really used a lot of different methods, and some, apparently, I think what we heard before were like short-term fixes as far as the date change of windowing, making the dates like 99 and 00 rather than 1999 or 2000. Will there be any oversight or will organizations, do you think, pursue a permanent change, or will these temporary changes or fixes really last for the long time, or will there have to be something done there? Is there any oversight, I guess, is the question or do they need to--do you know of organizations that will need to pursue the permanent fix? Maybe Mr. Willemssen. And one other thing, I think, like HCFA delayed putting in a new system until this was over. Do you see that the Y2K will have benefited how for them to pursue that, the new changes in their systems? Mr. Willemssen. First of all, you are correct, many organizations had to use techniques such as windowing, because in many instances they had no choice. There wasn't enough time to go through a full date expansion of the software and data bases. So many of them did use those kind of techniques. They will not last forever. Many of those same organizations plan to have new systems over the next few years, so that the risk, if those new systems come in, is relatively small. However, the caveat to that is when programmers put in 2 digits in the 1970's and 1980's, they thought their systems also would be replaced, and many of them were not. So there still has to be some oversight of that issue. I would say it is very difficult, though, to generalize among agencies because even within a specific agency business function, some may have windowed, some may have gotten a new system, while others may have fully expanded the date field. It is therefore, an issue where you have to go in and do a full examination and know what you are dealing with and be aware of where your risk points are as time continues with these kind of patched systems. Mr. Burbano. I would like to say that at the State Department, since the Y2K program office was run underneath the CIO, which is remaining, we do track where we used windowing. We used a combination of windowing repairs as well as replacements. We do have a list of those. We are tracking them, and most of those are 10 years or more out. But we do have a list of those and we will track them so long as the CIO office lasts. Mrs. Biggert. Thank you. Thank you, Mr. Chairman. Mr. Horn. Thank you. Now the cochairman of this task force, Mrs. Morella, the gentlewoman from Maryland. Mrs. Morella. Thank you, Mr. Chairman. A question for Mr. Willemssen. GAO recently reported that some of the Y2K remediation that was done at Federal agencies was contracted out to private corporations, and in your report, you noted that some of the private companies used non-U.S. citizens to work out the remediation. I just wondered if you would comment for the record on what you found and what you think implications are, if any? Mr. Willemssen. We did have a request from the full House Science Committee to look at the use of foreign nationals at the Federal Aviation Administration in both the remediation of software and in the post-remediation review of software that had been previously remediated, and we did find some oversights on the part of FAA. To the FAA administrator's credit, she aggressively took action on these oversights, and they are now in the process of going out and making sure that all of the individuals who worked on the code are indeed checked out. FAA did not know for sure, for all of the systems that were remediated and reviewed, that the individuals had an appropriate background investigation, and therefore whether the risk was manageable in terms of manipulating the code. So there were some issues that we did find. Again, to FAA's credit, they have been very aggressive in following up on these issues. One of the issues I think you pointed out at one of the prior hearings, was that there was a security risk involved to the extent that it wasn't managed with all of this push to get Y2K done. That it would be done quickly, losing sight of some of the necessary controls, and that is in fact, what happened here at FAA. All the controls were not in place to check out all of the individuals working on the code. Mrs. Morella. Do you feel comfortable that this has then become a symbol for what could happen if you don't have proper implementation of the regulations and that the agencies all know this? Did we learn from it, besides the FAA immediately saying we will correct the oversight? Mr. Willemssen. I hesitate to generalize because FAA is the only agency where we went into depth on this particular point, so I hesitate to say that other agencies may have similar issues, although I know the executive branch is looking into that. I know that, as I mentioned, FAA has been very aggressive and actually we are expecting a more detailed report from FAA within the next couple of days on all of their actions in response to a recommendation to do the background checks on individuals working on the code. Mrs. Morella. I think you would like to comment on that. Mr. Burbano. Yes. The State Department, we looked at this issue very carefully at the beginning. First of all, domestically, we did not use any foreigners, especially that is where mission critical systems are. We do require, regardless, we do require all of our contractors and employees to go through secret clearances. In addition to that, some minor systems overseas did have some FSNs, foreign service nationals, working on their systems, but they were closely supervised by the Americans at the Embassies, and we have had no problem at all. Everybody goes through a clearance check anyway. Mrs. Morella. Splendid. Thanks for that assurance. I yield back, Mr. Chairman. Mr. Horn. Thank you very much. Let me ask a few questions here in closing with this panel. I would like the commissioner and Mr. Koskinen to respond to this. The question would be the extent to which windowing was used to repair systems, and is that really a permanent situation, or how do you feel about the windowing aspect where you are trying to piece it altogether and fool it, shall we say, in terms of the computers? Mr. Koskinen. I don't think anybody has the capacity to tell you how much of the work was done by windowing and how much was date expansion. Windowing is a technique that is effective as long as you don't care about when people were born or transactions in those windows. In other words, if you really are only worried about relative dates, you can window. But in things like Social Security, you can't window very effectively, because you care very much about whether or not somebody has been born on one side of the window or another. Second, I think the point Mr. Willemssen made is important, and that is, when we talk about configuration management and better control of IT systems, obviously monitoring the way we fix systems for Y2K as we go forward is an important part of that management, and I think it is exactly right to note that 25 years ago, 15 years ago, people working on systems that knew they weren't going to be Y2K compliant were comfortable because they thought those systems wouldn't be operating. So you have to be a little worried about anybody saying today, well, my windowing works until 2015 or 2023, so I don't have a problem, because those dates will come before we know it. So I think the answer to that is not was it done, it clearly was done. It was a very effective technique, it was cost effective, and particularly if you are going to replace or upgrade those systems, it was probably the right way to go. It will turn out to be a mistake if you lose track of it, continue to run the systems through the window, and discover you have got a major challenge down the road. Mr. Rossotti. I am pleased to say in this case, one of the few occasions I can answer very easily, we did not use windowing at the IRS, we did everything with 4-date digit expansion and required a special exception from the CIO to have any exceptions, and, to my knowledge there were just maybe a very tiny handful, maybe one system given an exception. Interestingly, the reason for that decision was not primarily because of worries that would, you know, become obsolete in 10 or 20 years, but because we had so many heterogeneous systems that had to work together, we were not convinced that if we used some windowing here and some data expansion here, that we wouldn't run into incompatibilities among our own systems. So we made a decision to keep it simple, and so everything was made compliant by four-digit date expansion. Mr. Horn. OK. Now it has been mentioned on the foreign workers in some of the patching up of these systems, I would be curious how you all think how vulnerable our computer systems are as a result of the Y2K, and are you concerned that those remediating systems could have engaged in acts contrary to the best interests of the government? So I would just appreciate-- let's start with Mr. Burbano. Mr. Burbano. Yes. In terms of the concern, you should always be concerned, but because of the process I mentioned that we took at State with requiring security clearances, all domestic systems, where our mission critical/critical systems are at, only used Americans. We don't have as much concern there. Overseas, again, I mentioned we did use FSNs who have to be cleared and who only work the minor systems and who are closely monitored by Americans when working on the systems. So we are not as concerned. However, we did develop a project in concert with my sister bureau, Diplomatic Security, on doing some spot checks on some of the systems, just to make sure. But, just to let you know, you know, even with commercially off-the-shelf systems, you don't know where those systems are developed. They could have foreigners working on those systems also. So you do have to be vigilant about these systems. Mr. Horn. Commissioner, in terms of computer security, I am sure you have to deal with that every day in some way. Mr. Rossotti. Well, we have, of course, major security challenges in the IRS from a number of perspectives, including from the old applications software. But I think on this particular issue, that is to say, the contractor support we used for the Y2K, I think we were in pretty good shape on that. There was one particular component of one system that, for a particular reason, was developed with some offshore people, but that was then subsequently cross-checked by a different group that was cleared. So as far as I know, I think we can be pretty confident on this, we do not have much vulnerability for this particular problem. That is not the same thing as saying we don't have vulnerabilities for other reasons. Mr. Horn. Mr. Koskinen, why don't you give us your side of it? Mr. Koskinen. I think Mr. Burbano made the important point, which is, security is an issue beyond Y2K, you ought to be very careful about whoever works on your systems. As a general matter, we were concerned about this issue from the start and we worked with the intelligence agencies and the National Security Council and others, both to warn private sector companies as well as domestic companies to be alert to this issue. Most of them in a large sense are. Most of the off-shore work was done by the private sector and not the government. Most government work was done by normal contracting, or internal resources, so that there was much less of that done here than in the private sector. Monitoring what has gone on in the private sector, what has gone on, we have seen very little, in fact, almost no evidence that work done offshore included some kind of security threat. Obviously, the absence of glitches over the rollover means at least if somebody was targeting the time to create mischief, that was not one of those times. But I think the bottom line to that is, again, as we move forward, information security has to be high on everybody's list. I think, again, the point is well made. It is not just people who have access to your system. It is when you buy systems, whether it is off-the-shelf systems or otherwise, you have to be worried about who worked on those systems, what is in them and what potential impact could they have on your own system. So I think if anything requires eternal vigilance, it will be, in fact, information security and security about those working on your systems. Mr. Horn. I thank you. We will be holding a separate hearing on the computer security anyhow, so we will postpone the rest of those questions. Mr. Willemssen, before we round out this panel, I would like you to summarize the following under page 16 of your formal statement, ``Reported Year 2000-related Errors in the Federal Government.'' If you could just sort of bullet them to me in one sentence, each one, just so we have it in the record, I would appreciate it. Mr. Willemssen. On page 16 is a summary of what we observed during the rollover from both the perspective of the information coordination center and specific agencies where we were onsite. We tried to summarize what we thought seemed to be significant issues that did come up, even though they were addressed very quickly. Briefly, those included the Department of Defense intelligence satellite system, the Federal Aviation Administration had some systems with some Y2K failures that again, they were able to remediate and fix very quickly, and the Health Care Financing Administration ran into some difficulties with partners. In one case HCFA had a problem with a bank on some electronic payments leading to some delays in payments, although it is still within the required targets. Also, HCFA will continue to work aggressively with their providers in making sure that they put forward accurate dates on their claims so that claims are not returned. Mr. Horn. You say here there are 26,000 claims from providers with these erroneous dates in the first week of the new year. Mr. Willemssen. That is why we thought it important to give a sense of the magnitude, because they are not just little things that we are talking about. They are little within the scope of the entire Medicare program, but they do have some impact. But, again, HCFA has done an outstanding job over the last couple of years on getting on top of Y2K. They as much as anyone faced a mission impossible on Y2K, and through the leadership of their administrator, again, they continue to be very aggressive in following up and making sure that the disruptions are kept to a minimum. Mr. Horn. And then the ones that concern most of us based on our air travel regularly is the low level wind shear alert system. Can you tell us anything about that? Mr. Willemssen. Again, those systems were out at about eight locations, but they were out for no more than 2 hours, I think 2 hours 12 minutes at the outside. Fortunately, when they were out, we saw no evidence of bad weather in those locations. So we could be sure, based on the evidence we saw that there were no safety implications from those systems being out. Again, it speaks toward the advantage of all the agencies being poised to respond during the rollover. FAA was ready to get right on top of those systems and fix them immediately, and that they did, to their credit. Mr. Horn. Yes. I was spending part of that December 31st in the L.A. Tower, and I got a good education from the technicians there. They have a terrific job to do when they are getting those radar sites into operation when something goes crazy with them. I was very impressed by that group. So are there any other major things that is a worry to the General Accounting Office? Mr. Willemssen. I again conclude by saying the rollover was a great success, thanks to the leadership of Mr. Koskinen and yours and Chairwoman Morella's leadership. However, I think it is important that we continue to monitor events over the next couple of months. I would strongly concur with Mr. Koskinen's plan to bring up the ICC again during the leap year, because I think there will be a few disruptions that again occur, and I think there will also be a few disruptions that we start hearing about as processing cycles complete themselves. So we haven't heard the last of Y2K. But I think it will be much, much less than what we had once feared. Mr. Horn. I want to end on a happy note here and help the Department of State a little, Mr. Burbano. In November 1999, the Department of State submitted its regular quarterly report for the year 2000 to the Office of Management and Budget, and of course, that does come to our subcommittee. After a lot of discussion with you and OMB, it became clear that the language in that quarterly report didn't really accurately reflect the actual level of effort for the Department's independent verification and validation work. Just so we can give you an A on this, please explain to me the independent verification process that you actually went through but wasn't in the report. Mr. Burbano. Thank you very much. At the State Department, one of the things that I did when I came on board in May 1998, as you all know, I came on board, we had straight F's for about a year, so I had to move quickly in order to especially meet the deadlines of Congress. But I wanted to make sure that we did it correctly and not get any surprises at the rollovers. So I set up a very rigorous process where not only did we have the separate bureaus test our systems, but underneath my office, the Y2K office separate from their individual bureau Y2K offices, I had independent contractors test the systems. That was the first level of independent tests. But in addition to that, I did a partnership with the Inspector General where they would do a second test with their own contractors to review the test and so forth, and certify the systems, along with myself as the CIO. So we went through two levels of independent verification tests, in addition to the testing that the Bureau did themselves. The misunderstanding that came in that, we were about 66 percent in November or somewhere around that nature, in terms of certification, but when, in fact, it really equalled to about 160 percent, because we had already finished our first level. That is where the misunderstanding came. I think we proved that right since we had really no significant--not only in the mission criticals, but in the criticals as well as the routines, this thoroughness that we did. Mr. Horn. Well, thank you very much. On that, are there any questions any Member has? If not, we appreciate what each of you has had to contribute to this and the fine work you have done that kept us going with very minor glitches. So thank you all for coming. We now go to panel two. Mr. Horn. I would ask you to stand and raise your right hands. [Witnesses sworn.] Mr. Horn. The reporter will note all three confirmed. Mrs. Morella will preside. Mrs. Morella [presiding]. Thank you. I want to thank the second panel for being so patient and waiting in going through the first panel testimony and the questions that were asked. So we will be concise. We know that you can offer a great deal to supplement what we learned about Y2K. Proceeding again with the 5-minute rule, you can give us a synopsis of your testimony. We will start with, first of all, Mr. Harris Miller. I want to comment on the fact that from the very beginning Mr. Miller has been very tuned into this issue, has appeared before this committee probably as many times as any other person who has testified. So we very much appreciate his coming back now at the end as we do our summation and look ahead to the future. He is president of the Information Technology Association of America. Ms. Kathy Hotka has not appeared before this committee before, so you are the alpha and the omega, the beginning and the end. Ms. Hotka is vice president for technology at the National Retail Federation here in Washington, DC. We welcome you. Thank you. Mr. Gary Beach has appeared before this joint committee, and he is the publisher of CIO Communications, Inc., from Framingham, MA. Again, thank you for appearing here. Thank you for waiting. Let's start off with Mr. Miller. STATEMENTS OF HARRIS MILLER, PRESIDENT, INFORMATION TECHNOLOGY ASSOCIATION OF AMERICA; CATHY HOTKA, VICE PRESIDENT FOR INFORMATION TECHNOLOGY, NATIONAL RETAIL FEDERATION; AND GARY BEACH, PUBLISHER, CIO COMMUNICATIONS, INC. Mr. Miller. Thank you, Madam Chairwoman. It is said that politics makes strange bedfellows, but I found out that Y2K makes strange bedfellows, for on the morning of January 1st, instead of being snuggled warm in my bed with my wife, I was instead with Chairman Horn at the C-SPAN studios doing a broadcast on Y2K. What is even more unusual is that at 8 a.m., constituents of his from California were calling in, which means at 5 o'clock in the morning they were paying attention to what was going on with Y2K. But I appreciated working with both of you chairmen and the members of your subcommittee. I am going to skip the victory lap you mentioned, Madam Chairwoman. It is my written statement and will be in record. I obviously want to commend the subcommittees, and particularly Mr. Koskinen, for his leadership. From the perspective of the private sector, we do believe this is a real crisis that we did face, it was not something that was hyped or made up. In fact, as I was walking down the hall this morning with our Y2K program manager, Heidi Hooper is with me, she noted there wasn't a line about the hallway waiting to get into the subcommittee hearing. I said that is good news, because if, in fact, the problems had occurred, I suggest you wouldn't have Harris Miller and Kathy Hotka and Gary Beach on this panel, you would have Alan Greenspan and Secretary Summers discussing the global recession that had been caused. So, in fact, the fact we didn't have a major crisis is good news, and the fact we don't have hordes of people standing around is, in fact, very good news. In terms of the magnitude of the effort, I would certainly agree with Mr. Koskinen's effort. In fact, I even go a little more hyperbolic, I think it is the biggest success since the building of the pyramids, because it was, in fact, a global effort, government, private sector, hundreds of thousands of individuals around the globe working together to achieve this success. To talk about the lessons learned, I would like to refer to what I believe is a Y2K renaissance. What do I mean by a Y2K renaissance? I think it really is two parts. First of all, the rationalization of the existing computer technology. You heard a lot about this from the first panel in the Federal sector, but the same thing was true very much in the private sector. The fact that time and again, because of the necessity of dealing with this huge challenge, companies were able to get rid of deadwood programs, they were able to bring into their companies more modern and more efficient computer systems. They also learned to do supply chain analysis and in a systematic way that they had never done before. They were able to collaborate in ways never experienced before, either within companies or across companies. They were able to develop contingency plans, many of which were not needed as it turned out, at least are now in place should there be future problems, and they learned to approach the entire IT system in a much more strategic way. That is going to mean that down the road these companies and ultimately their customers can take much more benefit from information technology. The productive gains which Mr. Greenspan and others have noted have helped to contribute to the continued growth of our economy and the high productivity should be even stronger because the IT systems in companies as well as within the government are now being treated much more rationally and in a much more systematic way. The second reason I call this a Y2K renaissance is the new directions that companies are now taking. Because as they came to understand through Y2K the strategic as opposed to tactical importance of IT, they are now moving ahead implementing future IT much more strategically. Obviously, the Internet changes everything, and we are seeing throughout the private sector and we hope the government sector will quickly catch up the use of the Internet for improved, dramatically improved in many cases, internal processes, whether you are talking about personnel systems, whether you are talking about human resources or financial services, whether you are talking about inventory control, all of these basic day-to-day business operations are being done much more effectively and efficiently on the Internet. This is one of the new exciting aspects of Internet technology. Also, of course, dealing with customers, and customers don't just mean business to consumer, the kind of stuff you read about on the front page, about Amazon.Com and others. It also means business to business, because businesses are also customers, and the ability of businesses to deal much more effectively. So this is the kind of Y2K renaissance I see coming, because as we come out of what Mr. Burbano and others described in the Federal sector, which also occurred in the private sector, namely, a temporary freeze in many cases on new programs and spending, and now all these projects which have been temporarily set aside are going to be brought out to the fore, and again, I think you are going to see massive increases in productivity, in major benefits to customers, and again, customers I define broadly as businesses and individual consumers. Let me talk about some other lessons learned. One of the lessons learned that was that while the government sector did an excellent job, as the previous panel discussed, the private sector also did a remarkable job. Some names of individuals who you may not have come across, or maybe you have come across, like Bill Mont and Tim Shepherd Whalen from Global 2000, or Ron Balls from the ITU, people who are able to take entire sectors and coordinate them, you are going to hear from Ms. Hotka about the retail sector, contributed mightily to the success. I think ongoing we have learned lessons about the ability of these sectors to work both nationally and globally. I also use that as a point for future global cooperation. The International Y2K Coordination Center, which both of you were very involved with and which Mr. Bruce McConnell headed so ably, has demonstrated the opportunity for global cooperation. Coming out of that, I am hopeful we will see some continued opportunities. For example, the International Y2K Coordinating Center steering committee is considering the creation of what is called the Center for Digital Opportunity, which would be a cooperative program to promote Internet growth in developing countries to the same extent that it currently is in developed countries. In fact, tomorrow the steering committee will have a conference call and I am involved in that also, as is Mr. Koskinen, to see about the possibility of building on the linkages that have been established through Y2K in that area. Similarly, the issue that Mr. Burbano talked about so extensively and Chairman Horn said you will be having further hearings on, the whole issue of information security. While there are information security issues which are very specific to the U.S. Government, there are many issues which are global in nature. Again, the 170-plus countries that work together through the international Y2K cooperation center should be able to take those linkages which they established and build on them for information security. I think that is also another lesson learned. The last lesson learned which I would like to refer to, and I am a little bit over my time, is that the Y2K problem was solved without government dictating what the private sector needed to do, without legislation. As you remember, you two chair people, at a hearing early on, there was actually discussion about perhaps Congress having to mandate the private sector to take specific actions. You came to the correct conclusion that, in fact, there were better ways to do that, rather than mandating specific activity. We did get through this without mandating specific activity on the part of the Congress to order the private sector to do activities because the private sector was and to work collaboratively. I think the lesson learned there is as we move ahead to other challenges in information technology, whether it be the information security area or regulation of the Internet, that the claims that the private sector made to you then that we can handle this in a collaborative manner, not working against government, but cooperatively with government, did prove true in the Y2K area, and I think when Congress approaches other issues, such as information security or other issues of regulating the Internet, they should take that lesson learned, and perhaps it will also prove true that you do not need legislation, that there are other ways to get things done in this new economy and in this information revolution. Thank you very much for giving me the opportunity to appear before you, and I would be glad to answer any questions. Mrs. Morella. Thank you. I also want to comment on the fact that I did hear that early morning C-SPAN program, and it was very informative. Thanks for your leadership. [The prepared statement of Mr. Miller follows:] [GRAPHIC] [TIFF OMITTED] T6711.064 [GRAPHIC] [TIFF OMITTED] T6711.065 [GRAPHIC] [TIFF OMITTED] T6711.066 [GRAPHIC] [TIFF OMITTED] T6711.067 [GRAPHIC] [TIFF OMITTED] T6711.068 [GRAPHIC] [TIFF OMITTED] T6711.069 [GRAPHIC] [TIFF OMITTED] T6711.070 Mrs. Morella. I am now pleased to recognize Ms. Hotka. Ms. Hotka. Chairman Morella, Chairman Horn, members of the committee, retailers appreciate your leadership on this issue, and I appreciate the opportunity to appear here with you today. As you may know, the National Retail Federation's Survival 2000 project worked for 3 years to coordinate a joint retail- industry response to the year 2000 issue. We worked with department stores, restaurants, specialty stores, liquor stores, pharmacists, convenience stores and grocery stores to make sure that you could shop this year. People are really shopping as a result. How did retailers fare? Better than we expected. But the sector desk at the White House information coordination center that seemed to have the most to talk about was ours, retail and small business. As expected, bigger businesses experienced annoyance grade glitches and some smaller ones found out that that fix on failure policy they had was not such a great idea. Anecdotally, we know of retailers still processing credit cards manually because of the IC verify problem. One retailer's store credit cards failed. Cash registers at one chocolate store chain would not open. But the examples here are relatively minor. Now, it remains to be seen whether the global supply chain would be unaffected, larger retailers have some doubt about whether or not we have sailed through this internationally. Was it worth the work and expense? We already know the answer. While retailers spent multiple billions of dollars to find and fix and replace software and hardware and to conduct extensive testing, we also would not do it any differently. We had conducted a survey in 1997 that showed that if retailers didn't undertake this work, many key systems would simply be dead in the water. We found out that 100 percent, all, private label credit card systems would not have worked; 99 percent of warehouse management systems would have failed. Most retail processes are touched by technology, and our members were not willing to bet the business they would be fine without remediation. My members are astonished that some columnists have questioned the value of the investment. Mr. Burbano mentioned earlier that some countries found they were less dependent on technology than they thought. We discovered we were more dependent on technology than we had thought. So what lessons did we learn? We learned four: First, we learned that most organizations underestimated their reliance on IT despite healthy investments in technology, retailers found that some business critical processes were being run by business units on 15-year-old software. You cannot run a company on paradox 1.0 for DOS. It is not a good idea. Some companies maintained software they didn't need. Some key programs were being run by people with no IT background. Companies did not have contingency plans. In fact, we found only one company that had a contingency plan at all. In the end, though, savvy companies realized Y2K was not an IT issue but a business issue, and that IT needs the continuing attention of the CEO. Those companies that did best had the CEO in charge of this project. We who lead industries must bring a better appreciation of IT as knowledge management, not just PCs and printers. Second, we learned that reliable information was hard to come by on this, particularly in the early days. Should retailers have believed technology companies product updates? They seemed to change hourly. Should retailers have believed government agencies' self- reports? How about suppliers? How about the fear mongers? Ultimately, no self-reported information was reliable, and retailers simply conducted their own verification in the absence of reliable test data or organizational benchmarks, this was our only choice. It was expensive and time-consuming. We know of a number of companies, for instance, that put people on airplanes all during 1999 to check on international readiness. These people simply traveled from country to country. Third, we learned that government may have a useful role in helping companies use technology as a business tool. There is no doubt, but that the white hot spotlight of your committee's attention to this issue brought home to all of us the need to work diligently. Your contributions to private industry preparedness should not be underestimated. We paid a lot of attention to those report cards. Our friends at GAO published world-class, best-practices documents that gave private industry some models to work from. John Koskinen and his talented staff helped galvanize countries, governmental bodies, private industry and the media. All were key to helping retailers who rely on a global supply chain and public confidence. We thank you all. Like Harris, we believe that this should be a partnership and not a speaking from on high. But, fourth, we learned that joint action was key. No one retailer did it alone. Fierce competitors worked together to keep the industry ready. Generous companies allowed staff to speak at conferences to spread the word to others. So going forward, we would like to continue what we have been doing for the past several years, working to protect America's business data. Congress should continue to show interest in America's information infrastructure. The White House ICC where public-private partnerships were so useful might continue to be a valuable tool. Business still needs best practices that can help smaller companies use technologies responsibly, and reliable sources of information about threats to data from hackers, viruses and industrial espionage are needed. Let's continue to work together. Public private partnerships got us through Y2K, but we have compelling reasons to keep working in 2000 and beyond. Thank you. Mrs. Morella. Thank you very much for that testimony. Now we will hear from Mr. Beach. Mr. Beach. Madam Chairwoman, Mr. Chairman, I thank you for the opportunity to appear before the committee again. Madam Chairwoman, talking about the victory lap analogy, I live close to Hopkinton, MA, which is the start of the Boston Marathon, and I would say what we have learned with all the great work here is that we are in the first mile of a marathon, a marathon showing how pervasive technology is in all of our lives. The subject of my testimony here is in the written side, but I will orally summarize it, is lessons learned, opportunities created, and I would encourage the committee to look forward as to what are some of those exciting opportunities. Increasing the crescendo of hyperbole, we heard about John Koskinen talking about it in the last 50 years, and Mr. Miller talking about the work as is comparable to pyramids. I would say that the year 2000 computer problem and the work that was done on it by a myriad of groups is the most remarkable peacetime example of human cooperation in the history of the world, and I have an idea for you at the end of my oral testimony. We are entering, what I see, as the age of digital enlightenment where technology is going to help nations govern better, help businesses conduct better business, and make everyone's digital life all the more meaningful. The committee asked the panelists ``was Y2K hyped for profit?'' Those of us on the front lines, the ITAA and Kathy and her group and others, have no doubt that without proper remediation and all the great work that this committee has done, Y2K would have had a severe impact on computer systems around the world. It is interesting, isn't it, that those companies that may have benefited from an increase in sales of computer hardware or software over the last couple of years are now reporting in the Wall Street Journal over the last couple of days saying their earnings reports are down because of Y2K. So what goes around comes around, and it is all going to even out in the end. So, the long-term legacy of this challenge is going to be akin to the oil crisis that we saw in the mid-1970's, where we had relatively short-term pain, and long-term we had more fuel- efficient cars. The Y2K long-term legacy was simply mentioned here many times today that it caused the world to update its computing infrastructure in a relatively short period of time. I was personally surprised at how well the rest of the world made it through digitally unscathed on January 1st. I would say this experience was a resounding clarion call to our government and our industries that other nations, many of whom predominantly use U.S. technology, are running neck and neck with the United States. It seems to me that the digital playing field appears to be leveling off. And, in this new 21st century, where the economy is going to be very digital and electronic, these other countries are prepared to provide stronger global competition. On the earlier panel we talked about foreign nationals. I had an opportunity last year to travel to Bangalore, India, where I saw thousands of workers producing Y2K remediation projects, many for United States firms. These workers are now going to be looking to produce products and services in their own global environment. The next big technological breakthrough is going to be e- commerce. A CIO poll recently reported that 73 percent of American businesses now have e-commerce initiatives started. What is even more important to me is by 2001, these e-commerce initiatives are going to be the core business models of these businesses. Shifting to opportunities for government, the Y2K revolution has afforded the Federal Government and the State and local governments opportunities to modernize its computing infrastructure. We should leverage these revitalized systems to better do the business of governing. Opportunities before this House and this committee in light of legislation continue on Internet taxation, how Americans will govern using technology, closing the digital divide of the have's and have not's, and possibly the aspect of a not too long-term strategy of having the United States wean off its dependence on foreign workers. I did some work last year in Massachusetts reviewing the State's entire higher education system. While there are more and more men and women entering computer science courses in classes across the country, the challenge is that the faculties at many of these institutions are not prepared to teach the new technologies. As I mentioned in the beginning of my testimony, I had an idea. I would encourage Madam Chairman and Mr. Chairman to send on behalf of the world's IT workers, a letter to the Nobel Prize committee in Oslo recommending that a special award be given in October to the world's IT workers, where possibly a person from the informatics committee at the U.N. could go to accept it, and on a site, some place on a U.N. URL, any worker who worked on Y2K could download it and proudly frame it in his or her office. In closing, Y2K in context, was a massive tactical challenge, but what it underscored on a more strategic level is the importance of technology in governing and commerce, and with the seemingly stable technology infrastructure in place, now is the time to take advantage of these new opportunities. Thank you. Mrs. Morella. Thank you. [The prepared statement of Mr. Beach follows:] [GRAPHIC] [TIFF OMITTED] T6711.071 [GRAPHIC] [TIFF OMITTED] T6711.072 [GRAPHIC] [TIFF OMITTED] T6711.073 [GRAPHIC] [TIFF OMITTED] T6711.074 Mrs. Morella. I think that is a fitting way to end the testimony of the panelists with this concept of the Nobel Prize and the fact that it is a great example, as you said, a feat greater than or as great as the pyramids. Ms. Hotka had some very glowing things to say about what we learned also. Coming from the private sector, it is particularly important. We have a roll call vote right now, a quorum, but we will be back for some questioning, so I would imagine 10 minutes or so. So we will recess this hearing for about 10 minutes. [Recess.] Mrs. Morella. I am going to reconvene this hearing. I can ask a few questions, and then if other Members come in in the meantime, they can continue to ask questions. Of course, our policy has been that if it is acceptable to you, that we might also submit questions to you by Members who may not be here. Thank you. I appreciate that. You know, I think there have been many, many benefits to the Y2K work that has been done, whether or not it is the dimension of the pyramids or Nobel Peace Prize, but certainly there has been a lot of cooperation that has been so comprehendible. In going to the command station on December 31st, I saw many people from the private sector on their own time, unpaid, who were there for 24 hours and spent their New Years' Eve there, and then part of New Years' morning there also. I also saw a report that National Institutes of Standards and Technology did a lot of work with small businesses in remediation of the Y2K computer bug, and the small businesses have said they thought this was a concept that they hoped would continue, the idea of being able to get help and get assistance from somebody, an agency or whatever, that cared about them. So, again, it is another example of the private sector benefiting from what the public sector had done. Then just the other day at the District of Columbia hearing, both Chairman Horn and I are on that authorizing committee, I asked Mayor Williams about it, because, as you may remember, the District of Columbia was so far behind, and he was very excited about the results, the fact that they have now been able to update their computer system, they know what they have, and because technology will play such a big role, particularly as we try to revitalize the District of Columbia, that they feel they are going to benefit greatly by it. Also by working with neighboring communities too. So, again, the whole concept you all pointed out, and that is, building on the various linkages and the partnerships. Well, I am going to ask you a question that deals with people. The vast Y2K repair corps is now being scattered to the winds after apparently saving the world from the Y2K disaster. So now what are these people trained to correct Y2K, probably those people who knew could balance, what do they do now? Can these displaced Y2K workers help to alleviate the H1B situation? What do you see with regard to the whole personnel issue? I will start with any one of you. Ms. Hotka, why don't we start with you first. Ms. Hotka. Just briefly, one of the things that struck us about the people that worked on this was their ability to deal with business units. IT does not live in a vacuum, and this was never an IT problem. These people went out and spent time in warehouse facilities with people who run the trucks, with suppliers, with the accounting offices and all through the business. What we are seeing in our industry is that those people will continue to work in these companies and that they will continue to work with these business units to make sure that the IT tools that are created are actually used and are used effectively. That is a skill. These are generally older people, people over 30, and they have got---- Mr. Miller. Speak for yourself. Ms. Hotka. Well, I am saying that because there is a tremendous emphasis, I think, in some parts of the IT world on people who are very young, who have experience in new technologies. But some of us who are not that young have some experience that might be useful, and we are finding that it is being priced in these retail companies. They don't want to lose these people. Mr. Miller. I think, Madam Chairman, what Mr. Burbano discussed is, in the Federal Government, very similarly true in the private sector. If you take the first group of people, namely, people who are interimly the staff of an organization, in most cases when the Y2K issue became a priority for the organization internally, and the organization decided to use internal resources, they simply took other projects, put them off to the side and took those people and focused on Y2K; and now that they have gotten through most of the Y2K era, leaving aside having to get through the next 2 months to February 29th, those projects, which have been temporarily frozen, are now going to come back as high priorities, and those people are going to go back and do those projects. That is one group to think about. The second group of people are the contractors who came in from outside to do work for customers, whether those customers were in government or the private sector. A lot of those companies, which provided those outside services, were in a situation where they anticipated very well the end of the Y2K, they knew when their projects were going to end, and so they had to do two things: No. 1, they had to find new clients so they can continue to stay in business and continue to grow their businesses; and No. 2, they had to take into account the need to upgrade the skills of their employees to do more current projects, most of which are going to be e-commerce related or somehow on the Internet revolution as opposed to the mainframe projects. If you look at the major companies that do business and look at the revenue in 1999 versus 1998, you will see their revenue continue to go up even as the Y2K work began to drop off. The reason is that because they were able to find new customers and they were able to retrain the work force. So not only do I think this is not going to solve the H1B problem, if you use the logic that I use in my testimony that this is going to be a Y2K renaissance, and a lot of projects were temporarily frozen while companies were getting through the Y2K problem, I think there is going to be even a bigger explosion and even more demand for IT workers. The trick is going to be, as you suggested in your question and as Ms. Hotka commented in her comments, making sure the workers do have the retraining. The computer language skills they have are not the ones most current or most in demand, and that has to be factored into the process. Mrs. Morella. I do think many of them are older, but, on the other hand, I know the University of Maryland had a special course geared toward remediation of Y2K. Mr. Beach. Mr. Beach. Madam Chairman, I just would like to once again mention the aspect of what human beings like most is recognition, I am dead serious in challenging you and Chairman Horn to nominate these workers for noble awards. The international Y2K cooperation center that we heard about today, and you are familiar with, and that Bruce McConnell did an incredibly good job running, had a subset called YES Corps, which was the Y2K Experts Service Corps. I was fortunate to be on that steering committee. This group aimed to share information with 140 countries about Y2K, and currently it is migrating to another role. We all felt this network was created for tactically addressing Y2K, the network was more valuable than the actual focus on Y2K. So there is movement afoot to expound this effort. I would like to say there is a vested interest in large businesses in whatever they can do here in the States to help small businesses, because we are all living in this giant economic supply chain. Many large businesses are even more dependent now on smaller businesses. The H1B visa issue, I know there is a call now to bring the limit up to 200,000. Long-term what we have to do, and I addressed it briefly in my testimony, is more rather than fewer students in America are entering computer science courses, whether in California, Maryland or Massachusetts. I chaired last summer for the Commonwealth of Massachusetts a review of the entire higher education program, and the most damning finding we found was that we were talking about older people here, but the faculty, the faculty, No. 1, is older, is not skilled in the new technologies of JAVA, XML, you name it. There is a bottleneck there. If that bottleneck is not relieved or addressed, then our country is going to continue to have to rely on H1B visa issues. Mr. Miller. Could I make one more point on personnel to follow on the earlier discussion of information security? That is an enormous problem, because we do not have information security specialists trained. That is one area where you can't do H1Bs, you can't send the work offshore to Ireland or Israel or India. That work has to be done with U.S. citizens. I know President Clinton mentioned this in his national plan, and Attorney General Reno talked about it. So this is one area where the government, working with academia and business, is going to have to focus. You are going to have to convince people to go beyond their traditional education, to get additional education, plus get security clearances, because obviously, the type of people that a Federal agency or a State government wants to hire for security information, security purposes is going to need a clearance. Even you are going to find in the private sector many private-sector financial institutions and others want to get people with very high security clearances because they are being put in very sensitive security positions. Mrs. Morella. As a matter of fact, the Science Committee passed, in the first session, actually the last Congress, a computer security bill which does have the dimension of fellowships for computer security. Even that is not enough. Much more needs to be done. We have also been pushing teacher training in technology, not so much looking at the higher education, but more education from K through 12, to make sure that even those teachers know something about how to use technology because the youngsters do, so they can also inspire them. My legislation for women and minorities and disabled in science, engineering and technology, the commission is meeting, it will be coming up with its recommendations to get more of those groups that have traditionally not been involved, involved in those fields. Well, I thank you. I am going to now---- Mr. Horn. If you might yield on that point---- Mrs. Morella. I am going to recognize you for your questioning. Mr. Horn. Your associations could do a lot of good in bringing together the people from the Silicon Valleys of this Nation, and the community college teachers in particular. When you think that these programmers get about $60,000 when they are out of college or out of the community college, and what we need, speaking now as a Californian where we started the community college movement and we have about 107 campuses from San Diego to the Oregon border, and they should be talking to the Silicon Valley types and vice versa. Because the State will never have enough money to get the equipment that is needed to educate people on to meet the people's needs as they go into the industry. It just seems to me there ought to be a summit meeting that perhaps your group, Mr. Miller, or your group and friends in the publishing world, and getting all these people in the room. When you think of what Jamie Escalante, the great teacher in L.A., that took young people that everybody had given up on and they got right at the top of the college boards, and it can be done. We need to do that and we need to get the Mexican Americans, Hispanic Americans, African Americans, Americans, whatever they are, into seeing a point in their lives where they can make a substantial income. That is only going to happen if we start, as the chairman here said, concerning the K through 12. That is fine. But I think the K through 13 and 14 have to be considered, where their role, really, is to be either an academic program or a vocational program. In this case it is both. You need the academic background. You also need the vocational background. And you need the opportunity to work on equipment that makes sense. I know from what I had to go through with a very--probably the largest school of engineering west of Texas A&M, and we were just swamped with problems on equipment in the 1970's and the 1980's. Finally, our trustees stepped up to the plate and said OK, so we will pay engineers more, we will pay people in the business school more. Well, that doesn't solve all the problems, because the equipment is the problem, and the millions that takes. And that is where it is everybody's self interest to do something along that line. Now, I don't know if you want to add anything to that or if you are willing to do that conference, but we ought to get them in the same room with the American Electronics Association and so forth. Mr. Miller. We tried to do that the last couple of years, Mr. Chairman. We are making progress. I think that the IT community discovered the community college system very recently in a sense. They didn't previously think of it as a resource, except for some chip manufacturing companies, which didn't see the need for a 4-year degree. So you had a couple of instances in Arizona, particularly where Maracopa Community College was training people to work in the cleaning rooms for some of the major chip manufacturers. But I think the IT industry at large didn't see the community college as a good resource. We held our first national work force convocation at the University of California at Berkeley in January 1998, and I think that is the first time that the IT industry began to understand that the community colleges were willing to be flexible, and, frankly, they can change a lot more quickly than formal 4-year universities, I am sure you know as a former university president. Mr. Horn. You are absolutely correct. You won't get your supply from Berkeley. They are wonderful people. It is true. They have research designs. Ph.Ds, there is a use for some of those, face it, but you want the worker people, which does take skill, which does take imagination, and some day they might be running their own Silicon Valley firm. That is the way the whole evolution of that Santa Clara Valley has happened. Mrs. Morella. I used to teach, at a community college in Montgomery County. Mr. Horn. Absolutely. Mr. Miller. It is happening. Yesterday the National Commission on the 21st Century Workforce had its second field hearing, it was actually held at De Anza in Silicon Valley, and I know that that is a focus of attention. I spoke at a major event that the Houston Partnership held 3 months ago, and virtually every attendee was there from a community college. So I think the communication is starting. We are having our third convocation in Chicago in April of this year, and have invited many of the colleges to participate. The key to the community college is obviously getting support of the State legislatures to get the funding to be able to offer the courses. In most cases State legislatures do seem willing to do that. Mr. Horn. They see it helps their economy. Mr. Miller. It is an economic development issue, not an education issue. That is what employers want to know, if I move my business there, where am I going to get my IT workers. Mr. Horn. You might have covered this while I was going over to vote, but when you look at the issues that confronted the Nation that I mentioned to Mr. Koskinen on the domestic side, do you have any particular issues that relate to technology that you think we ought to have that kind of operation that we have had in the last few years where you have somebody on behalf of the President pulling these things together, if it affects the economy and efficiency of the executive branch, which is the jurisdiction of my particular subcommittee? So what would your themes be that somebody ought to be looking at? Mr. Miller. Well, I have a couple. One we discussed, I think, at a previous hearing, which is an information security czar. I think that the Koskinen model is also applicable to the information security area. Right now, Mr. Chairman, if someone from academia came up and put a chart up on the wall of how information security is handled inside the government, I don't think that wall is big enough to put all the boxes up there, because it is split over so many places. Everyone is well intentioned and has good purposes. Mr. Horn. With the Chief Information Officer role being pretty much throughout the 24 major agencies, hasn't that helped? Mr. Miller. That is very helpful. But, again, even there, that is just within the particular agency. We are also talking about interrelationship with the private sector, and depending on who you ask, 85 to 90 percent of critical infrastructure we have to protect is in the private sector. Yet we have to coordinate with the government. Who do we coordinate with? Do we coordinate with Mrs. Morella's favorite office, the CIAO office, or do we coordinate the NIPC, or do we coordinate with the National Security Council or the Commerce Department? It goes on and on and on. So we are looking for simplicity. The great thing about Mr. Koskinen's office was it was a little bitty office. He couldn't do a lot. What he could do was he could be an enabler, he could be a man who cracks the whip and try to get you to move quickly. But at the end of the day, you had to do it. He was never going to try to superimpose his own bureaucracy, either on the private sector or on a government agency. That is what I mean by a czar, not somebody that literally dictates what the private sector or the Federal agencies do. Mr. Burbano has to decide what the State Department does, Mr. Cosgrave has to understand what the IRS does. But someone who can coordinate and pull that all together, I think that would be very helpful. Mr. Horn. Well, they have a council, and I don't know how active that was before this assignment was given them, but they certainly ought to be working on the consensual part. Of course, what I am after is, and I will be putting it in shortly, is the office of management idea where the President has somebody there that knows something about management, not just the budget. Every President puts in a director that is either an accountant or politician or economist, but they don't put anybody in that knows a thing about management, that has the President's ear. So I want to split that off, and, fine, keep the director of the budget, but make a director of management. Roosevelt had that, Truman had it, Eisenhower had it. It went downhill starting with Kennedy and right through Reagan. They all politicized the Bureau of the Budget, which were professionals, and they served every President, whether they were Democrats or Republicans. It didn't matter. It didn't matter what their party was. They were professionals. And we have lost that contingent, until we got into this situation. When we wrote the President and said look, you have got to put somebody in charge, because it is going nowhere, and nothing but procrastination, and he did. He made a good choice. The same thing I wrote him with Rossotti. I said look, every President has put in tax attorneys and tax accountants, how about getting a chief executive for the job. And he did a great job in getting Mr. Rossotti. So you had two splendid appointments that turned agencies around. Mr. Miller. Absolutely. Mr. Cosgrave, who was the CIO of IRS, was previously a CEO of a company, was actually on my board of directors, and Mr. Rossotti recruited him to come and fix the Y2K problem and run that. I certainly agree with you, Mr. Chairman. I guess another thing I would say in terms of a theme is with all due respect to my friends in the Federal Government who bemoan the fact there are not enough Federal IT workers, I think they are trying to stop this tide, and they are not going to win this battle. We try to help them, we meet with CIO council, et cetera, to try to figure out how the Federal Government is going to recruit more IT workers. But I think in the long-term trend they are going to lose. If they are going to lose, I would rather see them focus attention on the transition to a world where there is much more IT functionality outsourced, rather than trying to constantly refight this battle of what are they going to rejigger in the OPM manual to somehow recruit a few more IT workers. And that does not slight the Federal IT work force. I think they are great people. But I think they are just fighting a losing trend, because the delta between the Federal sector pay and the private sector pay is getting bigger and bigger. The benefits for people going into the private sector are much higher. My members never liked to voluntarily attract someone out of the Federal marketplace, because they are making their customers mad at them, but the reality is you can't throw away a resume when someone sticks one in your hand and says I want to get paid 25 or 30 or 50 percent more, I want to come work for your company, than I can make working in the Federal marketplace. So I think one of the issues your subcommittee wants to look at is how do you do that transition. I think it is going to happen, and to do it smartly rather than constantly trying to smart stop the tide I think would be a much more productive use of resources. Mr. Horn. We would welcome any thoughts you have on this. I know we are already in touch with you at the staff level for the computer security hearing coming up soon. Mr. Beach. Mr. Chairman, I would like to comment briefly on your summit idea. I think that it is a very good idea and encourage you to consider submitting an op-ed piece we could run in CIO Magazine that would bring it to the attention of about 300,000 people. I like the idea of director of management for one reason. Again, I was referencing earlier the CIO Know Pulse Poll that we recently did that shows within 18 months, 6 in 10 in the private side of the business are going to have e-business, and it is going to be their core business model. And how you have kept the feet to the fire for the Federal agencies here leading up to Y2K, I think this director of management, whoever he or she is, should have as one of their tasks to make certain that all the agencies and the millions and billions of dollars that the U.S. Government has spent to upgrade its systems, how are these being used, what new services, what new applications are you providing for getting our bang for a buck. Getting back to the previous question, Mr. Rossotti mentioned I think that in the IRS, they upgrade each year one- third of their computers. So what happens to the third that are being thrown out? Where are these going? The other issue is there is a great opportunity in the junior colleges and the 4- year schools for the faculty could be adjunct faculty from the business community. These are the men and women who know most about its leading technologies. I would encourage a program of adjunct faculty to our Nation's community colleges are 4-year schools. Mr. Horn. You are absolutely correct, because the research universities are simply too involved in long-term research, which does have a payoff in many ways. A lot of our industry is based on that research. But in terms of getting a curriculum turned around, as you correctly viewed, that can happen much more easily in a community college. Rather than have the faculty say let's think about this for 3 years. So that is part of the problem. This is a national crisis in skills. On the Clinger-Cohen Act, we are focusing partly on the information technology human resources issues and the need for qualified individuals and managers when that comes up. And that's another one coming up in the next few weeks. So let me skip to something else that isn't as serious as what we've had here, but I guess I'd want to ask Ms. Hotka that I'm just curious with the wonderful technology we have to trace everything in the stores of America, do you know how many generators were turned in? Ms. Hotka. We were sure, Mr. Chairman, that we would see this mass return of generators which would then be refused at the store level by stores who said that they wanted to sell it to you instead of lend it to you. We were amazed instead that stores used this as a customer retention mechanism. They said please, come back and return it and while you're here, buy something else. Mr. Horn. I was educated yesterday by my staff when I raised this that there was such a thing as a stocking fee and tell me about that. Ms. Hotka. What some of our retailers did was to charge a restocking fee so that if you brought back the generator after January 1 in the box because you didn't need it, that they would charge 20 percent. Some of them did that, did in fact charge that fee but some of them I think surprised all of us and used this as a way to get those valued customers back into the store and while they were there, by the way, why don't you buy this Christmas tree which is on deep discount and it worked beautifully. We saw very little demand--that was one of the things that surprised us too. We thought that the public was going to flock into stores at the end of the year and buy all kinds of stuff. We didn't see it at all. Mr. Miller. If I could make one point about your CIO elevation on the last question, I want to bring to your attention a new institution which the Virginia secretary of technology Don Upson is creating called the CIO Academy. I don't know if he's publicly rolled this out yet, but I know he's already recruited several State CIOs to be on the board of directors. He's recruited Jim Flyzik who is the CIO of the Department of Treasury who was kind enough to ask me to do it. He's got some other people from the private sector. I think this relates to the whole issue that you, of course, implemented within Clinger Cohen which is elevating the whole position of the CIO within the organization. And obviously one of the major roles that Mr. Beach's publication does is it also creates a network through his publication, his polls, his meetings he sponsors. I think Secretary Upson tends to do this in a much more educational level. I think you're going to see more and more where this is going. Now, the challenge, and I think, Mr. Beach, you had an article in your publication recently about whether the CIO job will even exist in 5 years. You had some futurists discussing that. I think one of the conclusions was there would be no such position, maybe a chief knowledge officer or something else like that but there wouldn't be a CIO because technology will become so ubiquitous that the idea that you have a specialist would be like saying you have a telephone specialist. That won't exist anymore. Generally, I think business and government are paying a lot more attention to the whole role of the CIO and part of it is because of Y2K again. It all rolls back to the fact that Y2K suddenly brought to the attention of the CIO and the CFO and board of directors that this guy or gal who ran the technology wasn't some person who you could just put off on the side of the back room, that he or she was fundamental to your strategic business or strategic government delivery of services. Mr. Horn. In educating a CIO, what is your percentage of technology versus management skills? Mr. Miller. I'd say knowledge of technology is somewhere between 5 and 10 percent, management understanding business, understanding the core operation is probably about 90 percent. I think the same way as a CFO. I don't think you expect the CFO to be your bookkeeper. The CFO is your financial planner, business organizer. I think the same thing is true of your CIO you don't expect him or her to be necessarily the chief technical person, that he or she is the person who is looking at how the technology fits into the business organization. Mr. Beach probably has some surveys on that I'm sure. Mr. Beach. We've got lots of them. It's along with what Harris said. I mentioned it several times here today that what has happened is that technology and e-business and e-commerce and the overuse of the letter ``E'' but what has happened is that there has got to be an extension to a company's business model. So technology has gone from being an extension of how we govern to being the core--a core part of that infrastructure of how we govern. I would agree with the percentages of Harris that the more successful CIOs that I see are those men and women who have a keen understanding not of technology but of their customers because then they could always use technology to service that customer need rather than saying I know everything about fiber and all this other stuff, you say let's go find a customer to satisfy that. So they are more customer-focused, and smart businesses and smart governments are realizing that technology is going to be a core platform in terms of how they provide a good or service. Mr. Horn. Does your magazine take a look at how Y2K made us learn that we can now better manage the operation once we had to get in and say let's merge this system with that system or let's just get rid of it? To what degree do you see that movement in the executive branch? Mr. Beach. In the executive branch here in Washington? Mr. Horn. Right or the field. Mr. Beach. I think the lesson learned from the CIOs in the private sector, what Y2K taught them is that no one is an island, that all these businesses are connected in these global supply chains. And I can't comment particularly on the question of executive branch, but I would say that you--no one aspect of the government, whether it's legislative, the judicial, or the executive is--it's never been that way, but technology is giving each of those branches a better opportunity to communicate and share information and govern in ways that we haven't thought of. Ms. Hotka. If I can expand on that too. I think one of the things that we found was Y2K was such a flash point, that if I called up someone from a company who's not a member and said I need to talk to you about Y2K, I could get that person on the phone instantly. It cut across all kinds of company barriers. There was no competitiveness at all. We had an immovable deadline and an issue that everybody understood and so everyone was willing to talk to everyone. If we can come to some kind of goal like that, obviously we'll not have this again. And thank God for it, but if we could come up with some kind of goal for technology literacy and for good corporate use of IT, we could again get to that point where I could pick up the phone and get anybody on the phone and be able to cooperate. It was useful. If we can harness that again it would be terrific. Mr. Horn. I think you're right. I've got just one or two things to say here, and then I'm going to leave and Mrs. Morella, she reminds me we have a conference, all of us at 1 p.m. Let me say without objection, I want to file within the testimony when after Mr. Koskinen, an exchange of letters between the Secretary General of the United Nations and myself. Mrs. Morella. Without objection, so ordered. Mr. Horn. No. 2, I would like to thank the following people that have been involved and not just in this hearing but in most of our hearings. From the subcommittee on Government Management, Information, and Technology, J. Russell George, staff director and chief counsel; Matthew Ryan, senior policy director; Bonnie Heald, director of communications and professional staff member; Chip Ahlswede, chief clerk and unfortunately it's his last hearing with us; Deborah Oppenheim, intern; and minority staff, Trey Henderson, the counsel; and Jean Gosa, minority staff assistant; and for the Technology Subcommittee of the House Committee on Science, Jeff Grove, staff director; Ben Wu, counsel; Vicki Stackwick, staff assistant; the technical minority staff is Michael Quear, the professional staff member; and Marty Ralston, staff assistant; and our two court reporters today are Bob Cochran and Laurie Harris. And we thank you all for what you're doing. In closing on my behalf, I would say governments and industries worldwide have benefited from this experience. I think that testimony was very clear today. This problem has many silver linings as our witnesses have described. There are equally as many if not more people who have worked tirelessly in an effort to solve the year 2000 computer problem, and we saw some of them before us today. Obviously Mr. Koskinen is Assistant to the President and Chair of the Council on the Year 2000 Conversion. The General Accounting Office staff, particularly that staff headed by Mr. Willemssen, who was here today. Federal, State, and local government personnel, the private sector, individual grass roots organizations, and the two staffs I've mentioned and the technology subcommittee which has been our partner in overseeing this massive and unique experience and we thank them and this success demonstrates what can be accomplished with leadership, focus, and dedication, and it's a great legacy to begin this new millennium and we thank all of you for your hard work. I thank the chairwoman. Mrs. Morella. I thank you, Mr. Horn. You've expressed it very well for all of us. Hardly a time to ask another question. I guess my final one is now as we look into the near future, any comments about February 29 and this concept of windowing? Has that been taking place and is it anything that we should be looking into, comment on, enlighten the public on? Mr. Miller. Mr. Miller. The companies would take the same attitude that you heard expressed by Mr. Koskinen and the panel this morning. They don't expect very many problems with February 29, but they are maintaining diligent oversight of the problem. Every leap year there's a problem. I hate to tell you, whether it's supposed to be or not supposed to, there's problems so it's not unique. I think there will be diligence, but I wouldn't expect any major problems. As far as windowing again, in a way it's postponing the problem. I think the expectation is it's been postponed long enough. It will be OK, but we got fooled last time around. There's another windowing problem which you may know about, which is not necessarily this subcommittee's concern, which there is a gentleman who has a patent on windowing who wants a lot of companies to pay him a lot of money for that. But that right now is a matter before the patent office and perhaps a matter before the court so probably Congress doesn't want to touch that one right now. Ms. Hotka. When we did our testing, when retail companies went through and tested all the systems they thought were fine, the No. 1 thing that came up with was leap year. We don't expect the world to come to an end. We think you'll still be able to shop, but if I had to pick one thing that I thought was going to be funky that is it. We'll be in the ICC again. Mr. Beach. I would just make a comment on the windowing that I believe Eduardo and the previous panel mentioned it that keeping an inventory of those applications that have been windowed might be wise. I'd like to know where those are in 20 years. I don't think we should make the mistake that we made in the 1960's and 1970's that these applications are not going to---- Mrs. Morella. Exactly. Even when you think of the 1980's, the 20-year span whoever thought we would now be in the year 2000. Any final comments that you'd like to make? I want to thank you all very much for again being here, sharing your expertise, and also for all that you have done to make this Y2K millennium bug be squashed. I thank you very much. So we now adjourn the meeting. [Whereupon, at 1:07 p.m., the subcommittee was adjourned.] [The prepared statement of Hon. James A. Barcia follows:] [GRAPHIC] [TIFF OMITTED] T6711.075