[House Hearing, 106 Congress]
[From the U.S. Government Publishing Office]
YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE
LEARN?
=======================================================================
JOINT HEARING
before the
SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
INFORMATION, AND TECHNOLOGY
of the
COMMITTEE ON GOVERNMENT REFORM
and the
SUBCOMMITTEE ON TECHNOLOGY
of the
COMMITTEE ON SCIENCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTH CONGRESS
SECOND SESSION
__________
JANUARY 27, 2000
__________
Committee on Government Reform
Serial No. 106-149
Committee on Science
Serial No. 106-84
__________
Printed for the use of the Committee on Government Reform and the
Committee on Science
Available via the World Wide Web: http://www.gpo.gov/congress/house
http://www.house.gov/reform
__________
U.S. GOVERNMENT PRINTING OFFICE
66-711 WASHINGTON : 2000
______
COMMITTEE ON GOVERNMENT REFORM
DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California
CONSTANCE A. MORELLA, Maryland TOM LANTOS, California
CHRISTOPHER SHAYS, Connecticut ROBERT E. WISE, Jr., West Virginia
ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York
JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York
STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania
JOHN L. MICA, Florida PATSY T. MINK, Hawaii
THOMAS M. DAVIS, Virginia CAROLYN B. MALONEY, New York
DAVID M. McINTOSH, Indiana ELEANOR HOLMES NORTON, Washington,
MARK E. SOUDER, Indiana DC
JOE SCARBOROUGH, Florida CHAKA FATTAH, Pennsylvania
STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland
MARSHALL ``MARK'' SANFORD, South DENNIS J. KUCINICH, Ohio
Carolina ROD R. BLAGOJEVICH, Illinois
BOB BARR, Georgia DANNY K. DAVIS, Illinois
DAN MILLER, Florida JOHN F. TIERNEY, Massachusetts
ASA HUTCHINSON, Arkansas JIM TURNER, Texas
LEE TERRY, Nebraska THOMAS H. ALLEN, Maine
JUDY BIGGERT, Illinois HAROLD E. FORD, Jr., Tennessee
GREG WALDEN, Oregon JANICE D. SCHAKOWSKY, Illinois
DOUG OSE, California ------
PAUL RYAN, Wisconsin BERNARD SANDERS, Vermont
HELEN CHENOWETH-HAGE, Idaho (Independent)
DAVID VITTER, Louisiana
Kevin Binger, Staff Director
Daniel R. Moll, Deputy Staff Director
David A. Kass, Deputy Counsel and Parliamentarian
Lisa Smith Arafune, Chief Clerk
Phil Schiliro, Minority Staff Director
------
Subcommittee on Government Management, Information, and Technology
STEPHEN HORN, California, Chairman
JUDY BIGGERT, Illinois JIM TURNER, Texas
THOMAS M. DAVIS, Virginia PAUL E. KANJORSKI, Pennsylvania
GREG WALDEN, Oregon MAJOR R. OWENS, New York
DOUG OSE, California PATSY T. MINK, Hawaii
PAUL RYAN, Wisconsin CAROLYN B. MALONEY, New York
Ex Officio
DAN BURTON, Indiana HENRY A. WAXMAN, California
J. Russell George, Staff Director and Chief Counsel
Bonnie Heald, Director of Communications/Professional Staff Member
Chip Ahlswede, Clerk
Michelle Ash, Minority Counsel
Trey Henderson, Minority Counsel
COMMITTEE ON SCIENCE
F. JAMES SENSENBRENNER, Jr., (R-Wisconsin), Chairman
SHERWOOD L. BOEHLERT, New York RALPH M. HALL, Texas, RMM **
LAMAR SMITH, Texas BART GORDON, Tennessee
CONSTANCE A. MORELLA, Maryland JERRY F. COSTELLO, Illinois
CURT WELDON, Pennsylvania JAMES A. BARCIA, Michigan
DANA ROHRABACHER, California EDDIE BERNICE JOHNSON, Texas
JOE BARTON, Texas LYNN C. WOOLSEY, California
KEN CALVERT, California LYNN N. RIVERS, Michigan
NICK SMITH, Michigan ZOE LOFGREN, California
ROSCOE G. BARTLETT, Maryland MICHAEL F. DOYLE, Pennsylvania
VERNON J. EHLERS, Michigan * SHEILA JACKSON LEE, Texas
DAVE WELDON, Florida DEBBIE STABENOW, Michigan
GIL GUTKNECHT, Minnesota BOB ETHERIDGE, North Carolina
THOMAS W. EWING, Illinois NICK LAMPSON, Texas
CHRIS CANNON, Utah JOHN B. LARSON, Connecticut
KEVIN BRADY, Texas MARK UDALL, Colorado
MERRILL COOK, Utah DAVID WU, Oregon
GEORGE R. NETHERCUTT, Jr., ANTHONY D. WEINER, New York
Washington MICHAEL E. CAPUANO, Massachusetts
FRANK D. LUCAS, Oklahoma BRIAN BAIRD, Washington
MARK GREEN, Wisconsin JOSEPH M. HOEFFEL, Pennsylvania
STEVEN T. KUYKENDALL, California DENNIS MOORE, Kansas
GARY G. MILLER, California JOE BACA, California
JUDY BIGGERT, Illinois
MARSHALL ``MARK'' SANFORD, South
Carolina
JACK METCALF, Washington
C O N T E N T S
----------
Page
Hearing held on January 27, 2000................................. 1
Statement of:
Koskinen, John, Assistant to the President, chairman,
President's Council on Year 2000 Conversion; Joel C.
Willemssen, Director, Civil Agencies Information Systems,
U.S. General Accounting Office; Charles Rossotti,
Commissioner, Internal Revenue Service; and Fernando
Burbano, Chief Information Officer, Department of State.... 13
Miller, Harris, president, Information Technology Association
of America; Cathy Hotka, vice president for information
technology, National Retail Federation; and Gary Beach,
publisher, CIO Communications, Inc......................... 99
Letters, statements, et cetera, submitted for the record by:
Barcia, Hon. James A., a Representative in Congress from the
State of Michigan, prepared statement of................... 129
Beach, Gary, publisher, CIO Communications, Inc., prepared
statement of............................................... 113
Biggert, Hon. Judy, a Representative in Congress from the
State of Illinois, prepared statement of................... 11
Burbano, Fernando, Chief Information Officer, Department of
State, prepared statement of............................... 75
Horn, Hon. Stephen, a Representative in Congress from the
State of California, prepared statement of................. 4
Koskinen, John, Assistant to the President, chairman,
President's Council on Year 2000 Conversion, prepared
statement of............................................... 17
Miller, Harris, president, Information Technology Association
of America, prepared statement of.......................... 102
Rossotti, Charles, Commissioner, Internal Revenue Service,
prepared statement of...................................... 63
Willemssen, Joel C., Director, Civil Agencies Information
Systems, U.S. General Accounting Office, prepared statement
of......................................................... 26
YEAR 2000 COMPUTER PROBLEM: DID THE WORLD OVERREACT, AND WHAT DID WE
LEARN?
----------
THURSDAY, JANUARY 27, 2000
House of Representatives, Subcommittee on
Government Management, Information, and
Technology, Committee on Government Reform,
joint with the Subcommittee on Technology,
Committee on Science,
Washington, DC.
The subcommittees met, pursuant to notice, at 10 a.m., in
room 2154, Rayburn House Office Building, Hon. Stephen Horn
(chairman of the Subcommittee on Government Management,
Information, and Technology) presiding.
Present for the Subcommittee on Government Management,
Information, and Technology: Representatives Horn, Biggert,
Walden, and Turner.
Staff present for the Subcommittee on Government
Management, Information, and Technology: J. Russell George,
staff director and chief counsel; Mathew Ryan, senior policy
director; Bonnie Heald, director of communications and
professional staff member; Chip Ahlswede, clerk; Deborah
Oppenheim, intern; Michelle Ash and Trey Henderson, minority
counsels; and Jean Gosa, minority clerk.
Present for the Subcommittee on Technology: Representatives
Morella, Green, Barcia, Wu, and Baird.
Staff present for the Subcommittee on Technology: Jeff
Grove, staff director; Ben Wu, counsel; Michael Quear, minority
professional staff member; and Marty Ralston, minority staff
assistant.
Mr. Horn. This joint hearing of the House Subcommittee on
Government Management, Information, and Technology, and the
House Subcommittee on Technology will come to order.
It is now 27 days into the new millennium. The lights are
still on, telephones keep ringing, and the airplanes are still
flying. So far, the biggest challenge, at least here on the
east coast, is shoveling through the mountainous snowdrifts
dumped by the first major storm of the year 2000. Thanks to the
hard work of thousands of dedicated people at a cost in the
billions of dollars, we have the luxury of meeting today to
discuss the benefits that have been derived from the year 2000
computer challenge.
Over the past 4 years, these subcommittees have spent
countless hours examining the Federal Government's computer
preparations for the year 2000, or Y2K. When we began this
process in April 1996, two Cabinet Secretaries had never heard
of Y2K, much less begun preparing for it. That ultimately
changed, but not without congressional prodding through 43
hearings and 10 report cards, grading agencies on their
progress. In addition to fixing all of the government's 6,400
mission-critical computer systems, the subcommittees expected
agencies to develop viable contingency plans in case those
computer fixes did not work. We prodded, we questioned, and we
hoped for the best, and the best happened. The Federal
Government experienced a successful transition into the new
millennium.
Some glitches did occur, however, giving cause to wonder
what might have happened if the work had not been completed. I
am inserting in the hearing record a statement stressing that
without the work of many in the executive and legislative
branches, it would not have been as successful.
Without objection, that will be in the record at this
point.
The Defense Department had problems with its surveillance
satellites. Some retailers were unable to process customer
credit card purchases. A Chicago area bank was unable to
process Medicare payments. As far as we know, those isolated
problems were quickly repaired. Some still question whether
other incidents might have occurred, but were unexpected due to
a fix first, report later mentality.
Successfully meeting the year 2000 challenge has provided
many lessons that must not be ignored or forgotten. The
unextendable deadline forced government leaders to focus on
information technology issues. Program and technology personnel
worked intensely and closely to get the job done. In addition,
government agencies and private sector organizations were
forced to develop detailed inventories of their technology
resources and computer systems, in many cases for the first
time. Unnecessary and obsolete systems have hopefully been
discarded.
Finally, government agencies and their partners have tested
and retested data flows at unprecedented levels. Strong
teamwork and rugged determination solved the year 2000 problem.
Some critics now question whether the high cost of this
massive effort was necessary. The best estimates currently
indicate that the executive branch will spend more than $8
billion on year 2000 fixes. The Secretary of Commerce has
reported that the United States will have spent about $100
billion on the effort as a whole.
Was that money well spent? Of course it was.
The executive branch of the Federal Government has not
always been known as a careful steward of the citizens' money,
regardless of what party is in power. Large corporations have
waste also, and those that are publicly traded could not afford
to squander hundreds of millions of dollars on unnecessary
computer problems and contingency plans. Boards of directors
and stockholders would not permit it. Whether large or small,
successful businesses rarely fritter away money. This was a
massive problem that required a massive solution.
We are grateful to everyone who contributed the many ideas,
solutions, and hard work that led to the success of this
effort, from government personnel to grassroots organizations
and the private sector. Thank you all for a job well done.
Today we welcome some of those dedicated leaders. The
Honorable John Koskinen, Assistant to the President and Chair
of the President's Council on Year 2000 Conversion; Mr. Joel
Willemssen, Director of Civil Agencies Information Systems for
the General Accounting Office; the Honorable Charles Rossotti,
Commissioner of Internal Revenue; Mr. Fernando Burbano, Chief
Information Officer of the Department of State and cochairman
of the Security Privacy and Infrastructure Committee of the
Chief Information Officer Council; Mr. Harris Miller, president
of Information Technology Association of America; Ms. Kathy
Hotka, vice president for Information Technology of the
National Retail Federation; and, last, Mr. Gary Beach,
publisher of the CIO Communications, Inc. I might say that is a
very distinguished magazine, and I read it regularly. We
welcome each of you, and look forward to your testimony.
It is a pleasure to first introduce Mr. John Koskinen,
special assistant to the President, Chairman, President's
Council on Year 2000 Conversion.
[The prepared statement of Hon. Stephen Horn follows:]
[GRAPHIC] [TIFF OMITTED] T6711.001
[GRAPHIC] [TIFF OMITTED] T6711.002
Mr. Horn. I now yield for opening statement from the
cochairman of the task force, Mrs. Morella, the gentlewoman
from Maryland.
Mrs. Morella. Thank you very much, Mr. Chairman. We will
hear from Mr. Koskinen and the very prominent panel very
shortly.
I appreciate having this hearing. I think it is important
that we look back at what has happened, and in particular, look
ahead to the future. If I had told everyone in this room a
month ago that in January 2000 the Federal Government would
shut down for 2 days and virtually the entire southeast and
northeast would be crippled, most likely everyone would have
immediately blamed Y2K millennium bug and not mother nature.
Yet it took a blizzard of snow and ice to accomplish what many
doomsayers had predicted long ago for the millennium bug. So
how is it that a winter storm caused more damage and
inconveniences than the Y2K problem?
In the ensuing weeks since the passage of January 1, 2000,
similar questions have been posted. Was the Y2K problem real or
was it overhyped? Was the $100 billion spent in the United
States, roughly $365 for every American citizen overall? Did
all of our efforts stave off an impending disaster, or was Y2K
simply a nonevent waiting to happen?
In my mind, there is no doubt the problem was real. From
the very first hearing that my technology subcommittee
conducted in the spring of 1996, to right up to the final month
of December 1999, we witnessed systems failing Y2K tests and
crashing completely. Our concern for the Y2K issue was
initially so great and disturbing that we have held almost 100
hearings in both the House and the Senate on the issue, which I
understand makes Y2K the single most thoroughly investigated
issue ever in the history of congressional oversight.
Ultimately, I believe two factors tipped the balance from
the grave uncertainty many of us harbored in the beginning. The
first was that we all knew the Y2K problem would strike on a
certain date, January 1, 2000, thereby allowing us to
collectively plan, coordinate and collaborate toward that
deadline.
The other and more significant factor was that after over a
year and a half of persistent cajoling by Congress, after we
realized this, our Nation required executive action to
effectively combat the Y2K problem, the President finally
exercised his authority in the spring of 1998. Y2K was suddenly
catapulted to become a top administration management priority,
and John Koskinen was appointed to oversee our Federal
Government's efforts and to partner with our Nation's private
sector and with other countries internationally.
John certainly deserves a great deal of accolades for his
stewardship. The well-deserved cheers I wanted to point out to
for our victory in vanquishing the millennium bug should also
go to those who ably served in the front lines of this epic
battle, all the dedicated Federal employees, public servants
and professionals who were the technicians, and those who gave
countless hours on their holidays to provide assurance to the
American people that our Nation would be prepared for Y2K.
I think the fact that nothing of disastrous proportions
happened does not mean that nothing would have happened. For
example, the American Banking Association reported that, but
for the $10 billion in Y2K fixes, mortgage calculations would
have been incorrect, direct deposit of pay and government
benefits would have been problematic, and credit cards could
not be read due to problems with expiration dates.
Similarly, the telecommunications industry reported that
the $3.6 billion that they spent over the past 3 to 4 years
prevented the potential gradual deterioration of public switch
telephone network performance, including slow response times
for dial tone access as well as interruptions of service.
The result of our Y2K experience is a testament to the fact
that we prepared well and we invested properly.
I believe, however, the investments were not just about
Y2K, but also about improving our Nation's information
technology systems and gaining knowledge about those systems.
That is the focus of our hearing today. This hearing is not
designed to simply pat each other on the back or to allow our
panelists to take a figurative victory lap around the witness
table, but to ascertain the lessons that we learned from our
Y2K experience.
Will Y2K inspire a conscious effort for greater long-term
planning and more reliable and secure technology, or will it
just prolong the shortsighted thinking that made Y2K so costly?
While many systems have relays replaced, some programs were
fixed by applying a Y2K patch that will require another round
of fixes within the next two decades. I look forward to
addressing these and many other issues with our distinguished
panel of witnesses, most of whom have appeared before us on
many occasions. It is only appropriate that since this is the
absolutely positively final last and ultimate hearing of the
House Y2K Task Force, we close with those who have been
involved with this issue since the very beginning.
Perhaps this hearing can provide the foundation for
initiatives as we address the 5-digit computer date problem,
Y10K as it may come to be known. If so at that time, maybe
Steve Horn and I can chair that task force, along with Strom
Thurmond in the Senate.
I would like to extend my deep appreciation to all the
members of my technology subcommittee and Congressman Horn's
government management subcommittee and his leadership for the 4
years of vigilant and cooperative bipartisan initiatives, and I
especially want to acknowledge the hard work of my ranking
member, Jim Barcia, and certainly Chairman Horn, the
distinguished cochair of the task force, and Jim Turner of the
government management subcommittee, ranking member, and the
members of both subcommittees who have been very dedicated, and
I yield back. Thank you.
Mr. Horn. We thank you so much for your nice words for all
the Members, and all of our witnesses. We agree with you, and I
am delighted to now yield to the gentleman who has been here
right from the beginning of his duties as the ranking member on
the side of the subcommittee on government management, Mr.
Turner from Texas. We are delighted you could make it out of
the snow, if you have any down there, and into Washington for
this meeting. So thank you very much for all you have done to
help us in the field hearings and everywhere else.
Mr. Turner. Thank you, Mr. Chairman. When I left Texas the
other day, it was 80 degrees.
I want to commend you, Mr. Chairman, and Chairwoman
Morella, for the good work you have done. This task force and
these two committees were about a 3\1/2\-year project. As I
recall, my staff advised me we had 24 different hearings of
this subcommittee alone on this subject. Many observers say
that the Y2K problem was the greatest management challenge the
Federal Government has faced, and perhaps that is true. I think
most of us had a high degree of confidence after the many
hearings that we had that we would make it through January 1st
without great problems, but nobody really knew for sure. The
fact we did make it I am sure is due, in large part, to the
hard work you, Mr. Chairman, and Chairwoman Morella, have made
in an effort to make sure the Federal Government is ready.
I also want to commend the ranking member of the science
subcommittee, Mr. Barcia, and I want to thank Mr. Williamson.
He worked very diligently, met with this committee time and
time again, and I think, in large part, usual efforts helped us
get to where we needed to go.
Of course, Mr. Koskinen and the President's Y2K council, I
think, did an outstanding job. I really felt sorry for you when
I was watching you on television on New Year's Day and you kept
holding these press conferences with nothing to say. That is
the worst nightmare of any politician, that somehow we would
have a press conference and there is nothing to say. But you
seemed to have survived it well, and you and your council did
an outstanding job working not only with the public sector and
Federal agencies, but reaching out to the private sector to
ensure that we got to where we needed to go.
That is not to say there weren't significant potential
problems. As I recall from many of our hearings, we tried to
ask witnesses that came before us to tell us what they fixed,
what would happen if they had not been diligent about
remediation of their Y2K problems, and some of the stories we
heard clearly convinced me that all of the effort and all of
the work that took place was needed, did accomplish the desired
result, and the fact that we had no great crisis on January 1
was to the credit of all of those many thousands of people who
spent countless hours and millions of dollars to remediate the
problem.
We are here today not to congratulate ourselves, but to
look back and to review the results of our efforts, to see what
lessons we have learned. I feel confident we are better
prepared as a Nation to meet a future national emergency than
we have ever been in terms of keeping our computer systems
working, which, of course, every facet of our life now depends
upon our computers working well.
So I think we are going to have a good hearing today, and I
appreciate all the witnesses being here. Again, I would like to
thank Chairman Horn and Chairwoman Morella for the good work
that you did.
Mr. Horn. Well, thank you very much. You have sure been
with us since the ground floor, and we have another person who
has been with us ever since she has been elected to Congress,
and the gentlewoman from Illinois, Mrs. Biggert, we have held
hearings in her area, which is a wonderful suburb outside of
Chicago, and we appreciate your regular attendance at these
meetings and the contributions you have made in staff meetings
and Member meetings. So thank you very much for coming to this
hearing. The gentlewoman from Illinois, Mrs. Biggert.
Mrs. Biggert. Thank you, Chairman Horn and Chairwoman
Morella. Let me thank you for calling this hearing on the
impact of the Y2K date change. Contrary to what some people
felt might happen, the planes didn't fall from the sky when the
clock struck midnight, telephones retained their dial tones,
water still ran from the faucets and America's New Year's
celebrations were not left in the dark. So I think we had a
good new year.
But remarkably, and a little bit surprisingly, substantial
Y2K problems were not experienced out of this country either,
despite the lack of preparation on the part of some of the
nations' computers and other essential services across the
globe. We really saw no major disruptions.
But as this committee heard numerous times during its
hearings, Y2K-related glitches could have had a substantial and
extremely negative impact on the variety of services, the
smooth turnover from 1999 into 2000 is directly related, I
think, to the billions of dollars and hundreds of man-hours
directed toward preventing and correcting potential Y2K
problems. I think it goes without saying that from what we have
seen, or seen thus far relating to Y2K disruptions, that these
efforts paid off handsomely. Y2K preparations paid off in other
ways as well as a result of the Y2K concerns; there are now
thousands more American families that own the equipment, such
as generators needed to prepare for other types of emergencies,
namely snowstorms, floods and hurricanes.
All of my family, even my 7-month-old grandson, now have
new flashlights and fresh new batteries. Government leaders on
every level now have a better understanding of technology,
management issues and are aware of the importance of
cooperation between local, State and Federal officials. What is
more, the millennium bug provided a reason to upgrade
government technology systems and to inventory resources.
So just being able to say some 3 weeks after the year 2000
rollover, it turned out to be a positive experience, that is a
testament to the hard work of the House Y2K task force and to
the leadership of Chairman Horn and Chairman Morella, and it is
also a testament to the efforts of today's witnesses,
particularly Mr. Koskinen and Mr. Willemssen and the others at
the General Accounting Office. Your work over the last--at
least 3 years in raising awareness and highlighting the
potential problems related to the Y2K date change is to be
recognized and commended.
I don't want to leave you with the impression that Y2K
glitches didn't occur. In fact, at least one bank in my home
State of Illinois did experience some Y2K problems when it was
temporarily unable to make some Medicare transactions. The
Federal Government, I don't think, was immune either. Three of
the Federal Housing Administration mission-critical systems
experienced problems shortly after January 1st.
So we are here today really, I think, to see if there are
any outstanding Y2K issues and to sort out what went right and
what went wrong, and to help the American people understand
what transpired on January 1, 2000, and let them know about the
significant long-term benefits this situation provided to our
government and to private industry.
So, again, I commend the men for calling the hearing today
and for all the work you have both done on this important issue
and look forward to hearing from the witnesses. Thank you.
[The prepared statement of Hon. Judy Biggert follows:]
[GRAPHIC] [TIFF OMITTED] T6711.003
[GRAPHIC] [TIFF OMITTED] T6711.004
Mr. Horn. Well, thank you very much. I now yield to the
gentleman from Oregon, Mr. Walden, who has been with us in
field hearings and a faithful worker in the very active work of
these subcommittees. Mr. Walden, the gentleman from Oregon.
Mr. Walden. Thank you very much, Mr. Chairman. I want to
extend my appreciation to the work you have done and others on
this committee certainly for bird-dogging this issue throughout
the last year or more. I think in large measure, the report
cards that you issued were a very positive step in not only
notifying our own agencies, but the world, where we stood and
proved to be a very effective technique for spurring on the
changes that needed to be made to cope with the Y2K issue.
In my other life, I was a small business owner, and I can
tell you Y2K was not a cheap thing to go through. Our own
little company spent well over $40,000 in upgrading software. I
know that I am not alone in the small business community in
that respect. So there was an enormous amount of capital spent
to deal with this issue, and hopefully the programmers who will
deal with the 10K issue, I won't have to help pay for them down
the road.
But I think it was an excellent exercise. I think it forced
both of us in both the government and private industry to do an
incredible amount of improvement to our software and to our
hardware. That should help us down the road in a competitive
status as well.
So, Mr. Chairman, I again want to thank you for your
tireless efforts to make that the country was ready, and I look
forward to hearing from our panelists as well. Thank you.
Mr. Horn. I thank the gentleman for your kindness.
The next gentleman has also been very active since he has
come here in the last election, Mr. Green of Wisconsin, Mark
Green. He has been faithfully working on some of these problems
and has a whole series of other things he wants us to consider
too, and we will.
Mr. Green. Thank you, Mr. Chairman. I have no comments at
this time, but will look forward to the testimony.
Mr. Horn. Thank you very much.
Now it is a great pleasure to present the person that put
the executive branch together, where it was no question it
wasn't going anywhere until the President picked Mr. Koskinen
out of retirement, who delayed his trip to France to have time
for retirement after his position as Deputy Director for
Management of the Office of Management and Budget. You did a
great job, John, and we are delighted to have you here with
your thoughts as to what happened and what did we learn from
it, and what can we use from it.
STATEMENTS OF JOHN KOSKINEN, ASSISTANT TO THE PRESIDENT,
CHAIRMAN, PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION; JOEL C.
WILLEMSSEN, DIRECTOR, CIVIL AGENCIES INFORMATION SYSTEMS, U.S.
GENERAL ACCOUNTING OFFICE; CHARLES ROSSOTTI, COMMISSIONER,
INTERNAL REVENUE SERVICE; AND FERNANDO BURBANO, CHIEF
INFORMATION OFFICER, DEPARTMENT OF STATE
Mr. Koskinen. Thank you, Mr. Chairman. Good morning. I am
pleased to appear once again before this joint session of the
subcommittees to discuss the activities of the President's
Council on Year 2000 Conversion and the Nation's successful
transition to the year 2000. With your permission, I will
submit my full statement to the record and summarize it here. I
appreciate everyone's kind comments and would like to
acknowledge as well the work of your subcommittees in helping
to prepare the Federal Government and the country for the
century date change.
I appreciate your work and I think it deserves recognition
as we look back on what has been truly a remarkable effort.
I continued to believe that Y2K was the greatest management
challenge the world has faced in the last 50 years. Given the
size of the task, it is easy to understand why just 2 or 3
years ago many serious people who had looked at the situation
maintained there was no way the work could be finished in time.
When I returned to the government in March 1998 to work on Y2K,
things were fairly grim. The consensus was the government
wouldn't make it. In the private sector, information
bottlenecks were widespread and companies weren't saying much
about their own readiness for Y2K.
On top of all that, the World Bank released a study showing
that three-quarters of the world's countries had no Y2K plans
at all. In short, Y2K looked too mammoth, too complicated and
too interconnected to be solvable. Now, almost 2 years later,
the United States and much of the world have made the
transition into the year 2000 with few problems that have had a
noticeable impact on the general public.
How did it hatch? It wasn't by accident. There was a
tremendous mobilization of people and resources to make sure
that systems would operate effectively into the year 2000.
Domestically, participants in key infrastructure sectors, such
as electric power, telecommunications finance and
transportation devoted great attention and resources to the
problem, and as we moved to the ends of the year, operators of
systems in those areas stated they were basically done with
their Y2K work.
We reported this information in our last quarterly
assessment, and, as we expected, there were no major
infrastructure failures, nationally or regionally in the United
States. The Federal Government was also ready for the year
2000. Two weeks before the new year, 99.9 percent of the
government's more than 6,000 mission-critical systems were Y2K
ready.
The result was that while it has been noted there have been
some glitches, thus far Y2K issues have not affected the major
government services and benefits provided to the American
people.
Internationally, after a slow start, countries made a
concerted effort to ensure that critical issues would be ready
for the date change and, as a general matter, major
infrastructure systems abroad functioned smoothly during the
rollover.
There is general agreement that the Y2K transition went
more smoothly than any of us would have imagined. In fact, as
noted in the week since the rollover, some people have
suggested that Y2K was an insignificant problem, hyped by the
media, computer consultants and those with other reasons for
hoping the world as we know it was about to end.
The short answer is that I don't know of a single person
working on Y2K who thinks that they did not confront and avoid
a major risk of systemic failure. Indeed, some of the
noteworthy problems we have seen from difficulties at State
motor vehicle offices to credit card processing problems to its
Defense Department satellite system failure, proved that Y2K
was a very real threat indeed.
While I do not think that the significance of the Y2K
problems was exaggerated, there were those who disagreed with
our reports indicating that the problem was being successfully
addressed. This form of hype can be traced to the skepticism
and disbelief in some quarters that companies or governments
reporting on their own progress could be telling the truth. In
the United States, I kept reminding my doomsayer friends that
it made no sense to discount these reports, since everyone who
was in a position of responsibility would be easily found after
January 1. Many continued to assume the worst would
materialize, some now discounting the significance of the Y2K
threat point to the relative lack of major disruptions abroad.
How did countries that appeared to have spent so little and
were thought to be relatively unprepared emerge unscathed?
Here, I think, there were a number of factors at work. Chief
among them was the difficulty of getting accurate status
reports, especially internationally on a fast-moving issue such
as Y2K. Information 3 months old was out-of-date. But in the
absence of additional details, people often relied on that
older information, and then were surprised when it turned out
to have been overtaken by subsequent progress.
Additionally, once you get beyond the world's largest users
of information technology, countries like the United States,
Canada, Japan and the United Kingdom, the reliance upon
information technology drops off quickly. Furthermore, the
technology being used in other countries is more likely to be
off the shelf and not customized applications that are more
difficult to fix.
Finally, countries starting later had the benefits of the
lessons learned by those working on Y2K for several years. We
spent a lot of time in the last 12 months encouraging the
sharing of technical information about problems, products,
fixes and testing techniques, and I think it is obvious that
worked paid off.
So what lessons can we draw from the Y2K experience? First,
Y2K has taught us that top management needs to be more involved
in information technology on an ongoing basis, since
information technology cuts to the very heart of how
organizations conduct their business. In many companies, it was
only when the board of directors or the chief executive officer
took ownership of the problem that we could see the first signs
of any real progress.
Y2K has also shown us that we need to do a better job of
configuration management, in other words, keeping track of the
technology we use and the functions it performs. Y2K provided
many large firms a reason to conduct, for the first time ever,
a comprehensive inventory of their information technology
infrastructure and processes.
Not surprisingly, organizations found that some systems
could be discarded without any loss in productivity. Other
systems were replaced by newer, more efficient models. Third,
Y2K has demonstrated the value of forming partnerships across
traditional boundaries to achieve a common goal. In addition to
showing us the increasing interconnectedness of organizations
through technology, Y2K highlighted the fact that private
industry and government can work together to address major
national issues.
I think that spirit of partnership obviously extended to
the political arena as well. Most people realized early on
there was not a Democratic or Republican solution to this
problem, and we really have worked well together, particularly
in the partnership that led to the passage of the Year 2000
Information Readiness and Disclosure Act in 1998.
Finally, I think that Y2K has demonstrated that we need to
include the American public in the discussions about any future
large-scale challenges. Given the facts, whatever they are,
people generally responded appropriately. Even when industry
and government information provided to the public revealed that
there was still substantial work left to do, people were
reassured rather than alarmed. They seemed comforted to know
their organizations were treating the problem seriously, were
working together to solve it, and would keep them informed with
the status of the situation.
The President's Council will soon cease its operations.
Before we post the going-out-of-business sign, we will focus on
monitoring activities during the leap year rollover. We do not
expect any major national problems and we anticipate the
Council will shut down for good by the end of March.
In closing, I would like to echo the comments made that the
Federal Government and the country's successful resolution of
the Y2K problem attributes to the skill, dedication and hard
work of thousands of professionals that have focused on this
issue. It has been my pleasure to assist them as part of this
vital national effort, and I look forward to answering any
questions you may have at the conclusion of the other
statements.
Mr. Horn. Thank you very much.
[The prepared statement of Mr. Koskinen follows:]
[GRAPHIC] [TIFF OMITTED] T6711.005
[GRAPHIC] [TIFF OMITTED] T6711.006
[GRAPHIC] [TIFF OMITTED] T6711.007
[GRAPHIC] [TIFF OMITTED] T6711.008
[GRAPHIC] [TIFF OMITTED] T6711.009
[GRAPHIC] [TIFF OMITTED] T6711.010
[GRAPHIC] [TIFF OMITTED] T6711.011
Mr. Horn. We will go down, as you know, with this panel and
then open it up to questions, because I think some of the
information will jibe and some won't.
The gentleman from the General Accounting Office, Mr. Joel
Willemssen, the Director of Civil Agencies Information Systems,
Accounting and Information Management Division. Mr. Willemssen
has gone all over the United States with the subcommittee on
government management and has been an active participant in the
various panels we have had of government officials, private
sector and so on. So it is a pleasure to have you here.
I know you were working right up to midnight there, as I
saw you in John's command center. So we appreciate all you have
done and your team at the General Accounting Office.
Mr. Willemssen. Thank you, Mr. Chairman, Chairwoman
Morella, Ranking Member Turner, members of the subcommittees,
thank you for inviting us to testify today. As requested, I
will summarize our statement.
Overall, during the rollover period, our country had
relatively few Y2K-related errors that affected the delivery of
key services. While the Y2K challenge is not yet over, because
some key business processes have not yet been fully executed
and some risky dates remain, the Nation's success thus far is a
very positive indicator that these hurdles will also be
overcome. The leadership exhibited by the legislative and the
executive branches and the partnerships formed by numerous
organizations were pivotal factors behind the success.
The Y2K-related errors that were experienced during the
rollover generally did not affect the delivery of key services
because they were either corrected quickly or contingency plans
were implemented. A key reason that Y2K errors had little
effect on the delivery of services is that Federal agencies and
other organizations used the rollover weekend to identify and
correct errors before the problems resulted in operational
consequences.
In the Federal Government, the few Y2K disruptions that
were significant were mitigated by quick action. For example,
the Department of Defense, Health Care Financing Administration
and Federal Aviation Administration each experienced
significant Y2K events that they were able to address quickly.
For high impact State-administered problems such as
Medicaid, food stamps and unemployment insurance, actions by
States and the Federal Departments of Agriculture, Health and
Human Services and Labor have paid off. Errors reported were
often cosmetic printing or display problems with few failures
resulting in disruptions to service.
The threat posed by Y2K was a much needed wake-up call for
organizations to improve their management of information
technology. Y2K has laid a foundation for longer term
improvements in the way that Federal Government manages
information technology. I would like to quickly summarize some
of the key lessons that we have learned out of the Y2K
experience.
First, as mentioned, one of the most important factors
underpinning the success of Y2K was leadership at the highest
levels of government. In particular, congressional oversight
played a central role in pushing agencies forward on Y2K. Mr.
Koskinen and the President's Y2K Council provided strong
effective leadership.
Second, Y2K served as a notice to many on how much we rely
on information technology to deliver key services.
Third, there was standard guidance that was put together
that was universally accepted, adopted and implemented, which
facilitated Y2K efforts and oversight. Such guidance provided
consistency, imposed structure and discipline and enhanced the
rigor of testing and assessment efforts.
Fourth, as Mr. Koskinen mentioned, the establishment of
partnerships among various organizations was especially
important. In particular, the partnerships formed by Mr.
Koskinen, Federal agencies and private sector organizations
were instrumental to the Nation's Y2K efforts.
Fifth, we found that using standard techniques and metrics
to monitor performance was especially helpful in measuring
progress and remaining challenges.
Finally, Y2K saw many agencies take charge of their
information technology resources in much more active ways. In
many instances, it forced agencies to inventory their systems
and to link those systems to agencies' core business processes.
Also the development and testing of contingency plans should
have benefits way beyond Y2K.
Further, Y2K prompted agencies to establish needed policies
in areas such as configuration management, risk management and
software testing.
In summary, the Y2K rollover was clearly a success for our
Nation. A key challenge now for the Federal Government is
ensuring that the lessons learned in addressing Y2K can be
effectively used to improve overall information technology
management.
That concludes the summary of my statement. Thank you very
much.
Mr. Horn. I thank you very much. We have a lot to pursue in
your very fine document here as to what did go wrong.
[The prepared statement of Mr. Willemssen follows:]
[GRAPHIC] [TIFF OMITTED] T6711.012
[GRAPHIC] [TIFF OMITTED] T6711.013
[GRAPHIC] [TIFF OMITTED] T6711.014
[GRAPHIC] [TIFF OMITTED] T6711.015
[GRAPHIC] [TIFF OMITTED] T6711.016
[GRAPHIC] [TIFF OMITTED] T6711.017
[GRAPHIC] [TIFF OMITTED] T6711.018
[GRAPHIC] [TIFF OMITTED] T6711.019
[GRAPHIC] [TIFF OMITTED] T6711.020
[GRAPHIC] [TIFF OMITTED] T6711.021
[GRAPHIC] [TIFF OMITTED] T6711.022
[GRAPHIC] [TIFF OMITTED] T6711.023
[GRAPHIC] [TIFF OMITTED] T6711.024
[GRAPHIC] [TIFF OMITTED] T6711.025
[GRAPHIC] [TIFF OMITTED] T6711.026
[GRAPHIC] [TIFF OMITTED] T6711.027
[GRAPHIC] [TIFF OMITTED] T6711.028
[GRAPHIC] [TIFF OMITTED] T6711.029
[GRAPHIC] [TIFF OMITTED] T6711.030
[GRAPHIC] [TIFF OMITTED] T6711.031
[GRAPHIC] [TIFF OMITTED] T6711.032
[GRAPHIC] [TIFF OMITTED] T6711.033
[GRAPHIC] [TIFF OMITTED] T6711.034
[GRAPHIC] [TIFF OMITTED] T6711.035
[GRAPHIC] [TIFF OMITTED] T6711.036
[GRAPHIC] [TIFF OMITTED] T6711.037
[GRAPHIC] [TIFF OMITTED] T6711.038
[GRAPHIC] [TIFF OMITTED] T6711.039
[GRAPHIC] [TIFF OMITTED] T6711.040
[GRAPHIC] [TIFF OMITTED] T6711.041
[GRAPHIC] [TIFF OMITTED] T6711.042
[GRAPHIC] [TIFF OMITTED] T6711.043
[GRAPHIC] [TIFF OMITTED] T6711.044
[GRAPHIC] [TIFF OMITTED] T6711.045
Mr. Horn. It is always a pleasure to have the Commissioner
of Internal Revenue here. We will see you again on April 15th.
We would love to hear your statement, because you had a lot of
burdens counting on it, people that wanted refunds and all the
rest of it. So thank you, Commissioner, for being here.
Mr. Rossotti. Thank you, Mr. Chairman. It is good to be
here. Madam Chairman and distinguished Members, I am very
pleased to report that the IRS experienced a smooth Y2K
rollover starting on December 29th and continuing up to the
present with fewer problems this January than we normally
experience in a normal January. To date, we have had good
success. It was hard work and our success can be attributed to
the comprehensive planning and preparations we have conducted
over the last 3\1/2\ years. We also are very grateful for the
guidance and assistance you provided, your committee, as well
as Mr. Koskinen and GAO.
I do want to note we cannot yet declare total victory on
Y2K at the IRS. Some risks do remain, and in particular, we
have to be very vigilant about Y2K problems that could still
crop up during our high volume tax filing season, which really
starts in February and continues through April.
As I discussed in previous hearings, the scope of the Y2K
problem at the IRS was enormous and required a significant
investment, about $1.3 billion, to plan and prepare.
But fortunately, that investment was made. Had we not
adequately prepared for Y2K, I think it is fair to say the tax
system of the United States would simply have ground to a halt.
In my written testimony, I described several scenarios for
today, I picked out a few of the events that would have
occurred.
For example, our 14-year-old system for entering data from
paper tax returns would have stopped working if we had simply
allowed it to roll over without modification. This particular
combination of hardware, software and third-party products
could not be renovated, and therefore, was totally redesigned
and replaced during 1998 and 1999. Without this system, about
90 million individual income tax returns that come in on paper
would have just been piling up right now.
Second, interest and penalty calculations would have been
incorrect and would have generated wrong notices to taxpayers.
For example, if we had not replaced the system, we would have
sent about 67 million wrong notices to taxpayers telling them
that they owe money to the IRS. Those numbers would have been
wrong.
Third, our data transfers with important external
organizations such as the financial management service and the
Federal Reserve Bank would have failed because of incompatible
dates. This would have impaired or eliminated the ability to
issue about 80 million refunds.
Just a final example, I think this is particularly
interesting, and certainly not unexpected, but after years of
fixing and testing these systems, we did one final end-to-end
test that was completed about the middle of December. This
particular final end-to-end test identified 175 problems. Some
of those would have been very serious had we not fixed them at
the end. For example, a system that generates new balance
notices to taxpayers for certain tax periods was displaying the
date as 2099 instead of 1999 for some of those notices.
So if this problem had not been fixed, we would have been
sending out hundreds of thousands of notices to taxpayers with
incorrect tax periods and wrong payment dates that would have
generated mass confusion among those taxpayers, and this was
just only one example. There are many more scenarios in my
written testimony. Of course, none of these things actually did
happen, and that was simply because we acted in time to solve
the problems.
Now, the question is sometimes asked in the form of was Y2K
a blessing in disguise? I would have to say that I would not
consider it to have been a blessing, whether it was disguised
or not disguised, but there are some important residual
benefits in the IRS that we will realize from the investment. I
will mention the four most important.
The first is we did replace a lot of obsolete hardware and
system software products. As a result of the Y2K program, most
of our hardware in the IRS has been replaced, since most of it
was really obsolete, and software releases have been brought
up-to-date. This bringing up-to-date of this infrastructure is
essential for supporting what we are now embarked on, our
technology modernization program, and, of course, it is
imperative that we have adequate annual replacements of
hardware and regular routine upgrades of software releases in
order to keep this vast installed base up-to-date.
Second, we did implement some very important improvements
in our program management practices. Our Y2K program was
successful largely because effective program management
practices were implemented over the last 3 years. These
practices will be extremely valuable as we now move forward
with our technology modernization program.
I do want to note as challenging as Y2K was, our
modernization program imposes even more and different
challenges because it involves major business changes as well
as technology.
Third, we were able to standardize many products. The IRS-
installed base of hardware and software was not only obsolete,
it was heterogeneous in the extreme. The Y2K program has
allowed us to set up and largely implement standard products.
Because of our reorganization under the leadership of our CIO,
Paul Cosgrave, we now have the management structure and
delegated authority in place to make design and procurement
decisions to maintain standardization of technology.
Finally, we implemented improved inventory management. GAO
has justly criticized the IRS for years for the poor condition
of our IT inventory. Because of Y2K, we were forced to examine
our inventory and bring it up-to-date as never before. So the
condition of our inventory records is greatly improved,
although I have to note it is still not fully where it needs to
be, and there is much that needs to be done in the future on
that problem.
In conclusion, Mr. Chairman, we are gratified with our
results. I stress there are still some risks that remain.
Clearly, we gained some residual benefits which will be of
great value as we proceed to our even more challenging business
system modernization programs. These benefits will only be
realized if we actively continue the practices established
during Y2K, including regular replacement and upgrades of
hardware and software. We will keep the subcommittees apprised
of any remaining problems and our actions to correct them.
I thank you for the opportunity to discuss our efforts, and
certainly thank you for your interest and support over the last
3 years.
Mr. Horn. Well, we thank you very much.
[The prepared statement of Mr. Rossotti follows:]
[GRAPHIC] [TIFF OMITTED] T6711.046
[GRAPHIC] [TIFF OMITTED] T6711.047
[GRAPHIC] [TIFF OMITTED] T6711.048
[GRAPHIC] [TIFF OMITTED] T6711.049
[GRAPHIC] [TIFF OMITTED] T6711.050
[GRAPHIC] [TIFF OMITTED] T6711.051
[GRAPHIC] [TIFF OMITTED] T6711.052
[GRAPHIC] [TIFF OMITTED] T6711.053
[GRAPHIC] [TIFF OMITTED] T6711.054
Mr. Horn. As Mr. Koskinen leaves the scene, there is no
question in my mind the toughest job in the executive branch is
the Commissioner of Internal Revenue. If anybody is going to
turn that agency around, you are.
So, thank you.
The last witness on this panel is Mr. Fernando Burbano, the
Chief Information Officer of the Department of State. We are
glad to have you here.
Mr. Burbano. Thank you, Mr. Chairman, Madam Chairwoman and
distinguished members of both committees. Since my oral
testimony is limited to 5 minutes, my written testimony
includes more detail.
As chairman of the CIO Council Subcommittee on Critical
Infrastructure Protection, I am pleased to have this
opportunity to discuss how lessons learned, products and
processes developed in support of Y2K, can be leveraged into
our ongoing critical infrastructure security efforts and
challenges facing Federal agencies in implementing security
pleasures.
As well, in my role as CIO of the State Department, I would
like to thank you for providing me this opportunity to talk
about the results and continuing impacts of the Department's
successful Y2K preparation efforts. The Department of State,
along with rest of the Federal Government, showed just how
powerful and effective we can be when we are singularly focused
and committed to solving a problem and are provided the
necessary resources to get the job done.
First, let me quickly address the cost of preparing for
Y2K. The question is, did we spend too much? The answer is very
simple: Absolutely not. We should be careful not to confuse the
lack of catastrophic disruptions with unnecessary preparations
by the Federal Government.
Now, moving on to the actual results of the Y2K rollover
and its impacts to the global community. In general, there are
few and only minor Y2K failures reported internationally, and
none that impacted the safety of American citizens worldwide. I
believe this global success is a direct result of the U.S.
Government's international outreach and awareness campaign led
by the Department of State, the Department of Defense and the
President's Council on the Y2K Conversion, in coordination with
the United Nations and World Bank.
Embassies representing the U.S. presence in over 160
countries around the world played a key role in monitoring and
reporting events in their host countries and post facilities
through a Y2K task force convened in State's operations center.
Additionally, internal State Department systems fared
exceptionally well throughout the rollover, experiencing no
significant failures among our mission critical, critical and
routine systems.
As you are well aware, many of the products and processes
developed to address Y2K problems can be applied to future
challenges and serve as the foundation for managing issues with
cross-agency and public-private boundaries, including critical
infrastructure protection. In fact, much of the work already
done is a prerequisite for PDD 63, critical infrastructure
protection, Clinger-Cohen, and other government performance
results act initiatives.
Specifically, Y2K preparation forced government agencies to
take a close look at its IT applications and produce a complete
prioritized inventory. This is a critical first step to
identifying and refining the mission essential infrastructure
as required by PDD 63.
The Y2K effort produced program management methodologies
which were applied across all government agencies and included
executive and congressional oversight, Assistant Secretary
level management and repeatable standardized measures and
processes. This management structure can also be applied to
critical infrastructure protection.
All elements of the Federal Government reviewed and
developed contingency plans for critical business processes.
The development of these contingency plans resulted in a
greater understanding by senior policy managers of the
dependency of business processes on IT systems. Additionally,
these plans are durable beyond Y2K established a foundation for
all future contingency operations planning.
For the Y2K rollover period, the government developed a
robust global reporting structural which can be leveraged into
a mechanism for monitoring threats against critical
infrastructure elements. For example, within the Department of
State, we have developed a web-based geographic information
system to collect cyber-threat information from all overseas
posts. This tool can serve as a pilot system for other agencies
to collect and analyze cyber-threat data.
Finally, Y2K preparation efforts increased the level of
interagency cooperation and coordination between the public and
private sectors. The same working level teamwork will be
required to effectively implement critical infrastructure
protection plans.
There are two areas which I believe allow the Federal
Government to successfully overcome widespread Y2K problems in
the face of an unmovable tight deadline.
First, continued participation by key congressional
oversight organizations provided Federal Y2K programs the
authority needed to push agency resources to their limits.
Second, the ability of Federal Y2K programs to rapidly
obtain and more importantly retain adequate separate
supplemental funding, specifically designated for Y2K, allowed
each agency to acquire the resources necessary to achieve the
time sensitive objectives.
This ability of Federal agencies to have access to a
congressionally managed yet continuous separate supplemental
funding stream designated specifically for the Y2K effort
allowed Federal CIOs and Y2K program managers the ability to
acquire and retain qualified resources in the needed quantity.
Critical infrastructure protection requires the same
approach. Involvement by Congress and other oversight
organizations to raise the level of awareness and visibility
throughout the Federal community and overseas CIP
implementation in support of national security goals is vital,
and this activity is already underway.
But just as important to me and my colleagues through our
government is access to funding which allows each of us to
begin developing and implementing our plans in accordance with
PDD 63 and other critical infrastructure protection guidance
and statutes.
One of the key obstacles preventing agencies from
immediately pursuing CIP initiatives is the lack of current
funding for these projects. Due to the Federal Government's
budget cycle, forecasting the future work is done 2 years prior
to the budget year. Therefore, as new requirements are levied,
current agency budgets do not reflect changing priorities and
requirements, such as the need for critical infrastructure
protection implementation initiative. In light of this, there
are numerous events that have prevented agencies from
adequately addressing current CIP implementation requirements
in their fiscal year 2000 and fiscal year 2001 budgets.
First, the unprecedented and unpredictable growth of
Internet use and technologies over the last 2 years; second,
the corresponding collateral growth of the cyber underworld
during this same period; third, the extent to which our daily
business relies on Internet-based systems and the fundamental
shift of business tools to be used in a web-based environment;
finally, expanding CIP requirements on Federal agencies,
including the recent critical infrastructure plan released and
its 10 programs, some of which require immediate
implementation.
These are just some of the reasons why Federal agencies are
poorly positioned to successfully implement critical
infrastructure to address the challenge posed by the ever-
growing cyber underworld, not to mention to be in compliance
with executive guidance. Although we of the CIO council fully
understand fiscal constraints, reallocation of such a fraction
of the current surplus would be a solid investment for the
protection of the Federal Government's critical infrastructure.
In closing, it is my belief and the belief of members of my
subcommittee and CIO's across the Federal Government that in
order for the national CIP initiatives to be fully successful,
continued congressional support as well as the ability to get
access to specific CIP and security-related funding is vital. I
cannot emphasize that without congressional-backed support,
including adequate funding, we on the subcommittee of the
critical infrastructure committee believe that the government
will significantly fall short of national critical
infrastructure protection goals. Thank you.
Mr. Horn. We thank you very much for that statement.
[The prepared statement of Mr. Burbano follows:]
[GRAPHIC] [TIFF OMITTED] T6711.055
[GRAPHIC] [TIFF OMITTED] T6711.056
[GRAPHIC] [TIFF OMITTED] T6711.057
[GRAPHIC] [TIFF OMITTED] T6711.058
[GRAPHIC] [TIFF OMITTED] T6711.059
[GRAPHIC] [TIFF OMITTED] T6711.060
[GRAPHIC] [TIFF OMITTED] T6711.061
[GRAPHIC] [TIFF OMITTED] T6711.062
[GRAPHIC] [TIFF OMITTED] T6711.063
Mr. Horn. We are sure there will be questions for every
witness. I am going to start with the cochairman of the task
force, the gentlewoman from Maryland, to begin the questioning.
It will be limited to 5 minutes by each Member, and it will
alternate between those who have not had a chance, starting
with Mr. Turner after the gentlewoman from Maryland.
Mrs. Morella. Thank you, Mr. Chairman.
You know, I hear from all of you some of the same results
assessments. First of all, you became more familiar in your
various agencies, departments, groups with whom you work, with
information technology and its role in the future. Second,
there was an assessment of the systems that you have, so you
are ready to move ahead with information technology.
Also, I think, rising to the forefront is the concept of
the partnerships, partnerships within the Federal Government,
the executive branch, legislative branch, but also partnerships
with the private sector, partnerships with local governments. I
think that is something that we could all learn from and hope
to continue to preserve.
We also--I think you all said you felt this was very
important and that it did prevent some big problems.
My two questions I am going to meld into one because of the
time constraints. First of all, I am surprised myself that
there weren't some problems with the Pakistans of this world,
Russia. They didn't seem to have any major problems. These are
places with older computer systems. I just wondered if you all
were surprised at the lack of the problems we have heard about
emanating from those countries and other countries that would
be in the same category?
Second part, as we look to leap year, February 29th, do you
foresee any major or minor problems? Is there something we
should be doing about that?
I guess I could start then with Chairman Koskinen.
Mr. Koskinen. Well, as I noted in my testimony, I think
things did go better abroad than anyone had expected.
Partially, though, I think that is because we fell prey to what
I thought people did here, which is we didn't believe other
countries when they gave us their progress reports.
In the last 2 months of the year, country after country
issued reports that didn't say there wasn't a problem, but
basically said they identified the places where they needed to
apply resources; they had done that effectively and they were
prepared. We all sort of said it was late in the day, are they
really prepared? It turned out they were, for a number of
reasons that I discussed.
One is, a lot of them had much less reliance on information
technology, certainly in their infrastructure, than we do here.
In fact, I think there are a relatively small number of
countries in the world that have complicated computerized
control systems for their infrastructure that put them at risk.
So a lot of countries discovered that the embedded-chips did
not create a problem for their infrastructure.
In fact, in the last quarter of last year, we noted, based
on testimony and information from industry experts, that it was
unlikely that the lights would go out anywhere or that a dial
tone would stop anywhere, that the risk in infrastructure
systems with embedded systems was gradual degradation of
service over a period of time.
So in the countries that we knew were in the middle--the
truly developing countries have very little IT and were at risk
primarily in financial systems, it was the Pakistans,
Indonesias, Russias, Chinas of the world--that had a reasonable
reliance on information technology, where people were concerned
about how much they had done.
I think it is a combination of the fact that they started
late, but they spent a lot of time in the last 6 to 9 months
working hard on it. They got the benefit of learning from
everybody else. There was a tremendous amount of information
exchanged as we moved through it, and third, a lot of their
systems are still analog, they are not digital. They did not
depend upon new digitalized equipment, and therefore, they were
able to prioritize their resources in a much more focused way.
But I would emphasize that the image of those countries, as
if they didn't do anything, they were unconcerned and just
waited around, was wrong. We met with 173 country delegates in
June at the United Nations, and every one of those countries
understood this was a problem that, in some degree, affected
them. Every one of those countries was then focused on Y2K,
every country met at least twice in every region of the world
cooperating, or most of the countries did, cooperating, sharing
information.
So I think what happened was in that last 6 months far more
work was done in a very focused, effective way than any of us
were able to get a window on.
With regard to February 29th, it has turned out in testing,
certainly in the Federal systems and in the private sector,
that there have been more mistakes than one would have thought.
You would have thought people would have gotten the right
result for the wrong reason, which is, they didn't understand
the rule of centuries, they just divided by 4 and figured out
the year 2000 was a leap year.
It turned out there were a reasonable number of programmers
that had just enough information to be dangerous, which is,
they knew centuries generally aren't leap years, they just
didn't know the rule of the exception divisible by 400.
So this is primarily a software problem, although there
were some potential embedded chip and system operations
problems. Our judgment is we will see no more glitches than we
saw on January 1, which were relatively minor and modest.
We are going to monitor it for two reasons. One is we think
it is important for those who are operating systems to
understand it is a real problem and there is still time for
them to test their systems. Most major companies have already
done that.
Second, it will be important to monitor the 3 days: the
28th, 29th and 1st of March, so the glitches that occur, and I
think inevitably there will be some, are put in the appropriate
context. If we had not been able to identify the limited nature
of the glitches as they occurred over that first 2 or 3 days on
the rollover, we would have had a very different media
response. When reports came in of legitimate glitches, the
fact, we were able to confirm their accuracy, but expand by
saying that is the only country in which it happened, or the
only area that happened. It allowed us to put the glitch in the
right context. Absent that, you would have had a greater
likelihood of unnecessary overreaction by either the media or
the public. We don't expect there will be many glitches, but we
think it is important for the public to know where they are and
what their significance is.
Mrs. Morella. I would like to give you opportunity to
respond, Mr. Burbano. Incidentally, I love that acronym for the
critical infrastructure, CIAO. It is easy to remember.
Mr. Burbano. Thank you. Working at the State Department, I
had a great opportunity to actually go overseas to many of the
countries and meet the John Koskinens of those countries and
their sector leaders. I found two things quite interesting, and
that is why I personally wasn't too surprised.
One is in talking to them, I found out they were not as
automated as some of the people thought they were. But more
importantly, the culture in a lot of these countries is not to
report the status of government systems, whether it is good or
bad, believe it or not. But they will reveal more orally, which
obviously when you try to track status, is the only thing that
are looked at is written, and if you don't have information to
provide, you assume the worst, and that is why they don't get
reported as well. Those were the two reasons I found.
Mrs. Morella. Like people say about the President,
underestimate so that the results will be attributed to you,
however it comes out.
Mr. Horn. I thank the gentlewoman.
I now yield to the gentleman from Texas, Mr. Turner, the
ranking member, 5 minutes for questioning.
Mr. Turner. Thank you, Mr. Chairman.
Mr. Koskinen, I don't know if you have this information or
are set up to collect it, but earlier we had a lot of dire
predictions about lawsuits being filed all over the place
regarding Y2K problems, and I would be curious as to whether or
not any of that has occurred and the degree to which that was a
significance problem?
Mr. Koskinen. Well, some of us maintained last year that
you couldn't have massive lawsuits without having massive
failures, and therefore, at least the President Council's
position was there was not likely to be this flood of
litigation, because there was not likely to be a flood of
failures.
That turns out to have been correct. There have been a
relatively modest number, but significant lawsuits have been
filed where people are arguing about who is going to pay for
the fixes, and the question is whether insurance policies cover
the failures that companies avoided, particularly in major
companies in the United States.
But as a general matter, in the absence of any very
significant Y2K failures since the 1st of the year, obviously,
you can't have a lawsuit if you don't have somebody damaged in
some way. So at this juncture, the only lawsuits out there are
primarily focused on arguments between those who fixed the
systems and primarily their insurance companies about who ought
to pay for it. Even that is not anything like a flood of
litigation.
Mr. Turner. As I recall, of those issues that you mentioned
regarding who should pay for fixing, it was not the subject of
the litigation nor the success of the legislation that
attracted so much attention in the Congress, because all issues
were separate and aside from the issues that were dealt with in
the Y2K litigation.
Mr. Koskinen. That is right. The legislation that the
Congress passed primarily addressed the rights and
responsibilities of potential plaintiffs and defendants if
there were system failures, focused primarily on giving
potential defendants the opportunity and the right to fix any
of those failures within a defined period of time, and again,
since there have been relatively few of those problems that
amounted to much, there have been a lot of glitches along the
way, there hasn't been much need for the legislation. But I am
sure people would argue that since there were great risks, if
we didn't get the work done, that there would be failures,
there was some potential that the failures obviously would have
generated litigation. The fact that we haven't had the failures
has had the side effect that we are not going to much
litigation.
Mr. Turner. That is all I have, Mr. Chairman. Thank you.
Mr. Horn. Thank you very much.
We are in the question period. Does the gentlewoman from
Illinois have some questions? The gentlewoman is recognized for
5 minutes.
Mrs. Biggert. Thank you.
As far as what is going to happen in the future, will there
be a plan like continuation of your Council, or is there going
to be an office that will remain after probably the leap year?
Mr. Koskinen. Well, if there is, it won't have me in it.
No, the Council will, as I noted, fold up its tent and fade
away into the dusk, probably by the end of March. The issue
going forward that Mr. Burbano noted that people are focused on
is how will we deal with information technology security and
threats to the critical infrastructure, and there is a
Presidential decision directive, PDD 63, that sets out a
structure and an organizational framework for dealing with
those issues, coordinated by the National Security Council out
of the White House. So that operation, while we have been
coordinating very closely together over the last 2 years, will
continue, but it is already set up in the Critical
Infrastructure Assurance Organization [CIAO], as Chairwoman
Morella noted, and that will be separate from the President's
Council.
Mrs. Biggert. So there will no longer be a CIO czar?
Mr. Koskinen. That is right. I never saw myself as the CIO
czar. The CIOs actually have been very capable of taking care
of themselves.
Mrs. Biggert. Again to Mr. Koskinen, what was the biggest
surprise of the rollover?
Mr. Koskinen. Well, if you look back at our quarterly
assessments, we did four of those. In the last one we put out
in the fall, basically in the United States the rollover went
as we predicted. We said there were going to be no national
infrastructure failures, there would be no regional failures,
if there were any failures, there would be isolated problems at
the local level. That is what we basically have seen. So in the
United States we have been pleased that there haven't been more
visible problems for small businesses. A number of them have
had glitches, but they seem to have been able to deal with
those, because that was an area we were concerned about.
So, like others, I think the bigger area of uncertainty for
us was what was going to happen abroad. Again, we did not think
as we noted in our report and in a report by the Department of
Commerce that any glitches abroad would have any significant or
noticeable impact on the American economy.
We looked at the range of possibilities, where the
countries were that were at risk, and where our trade and
business partners were, and it was clear to us, no matter what
happened in the countries we thought were at risk, it was not
going to have an economic impact on us. That also turned out to
be true.
But as we discussed earlier, I think all of us were,
primarily for a lack of information, concerned about a number
of countries that rely on some information technology who
started late, where it was hard to know exactly how much work
they had gotten done in the last 6 to 9 months of 1999. It
turned out that in their basic infrastructure, I think
primarily because it was not as much at risk as we might have
suspected, there haven't been any infrastructure failures.
The other thing to bear in mind is in the areas where I
think they were at greatest risk, which is in financial
transactions and communications, those systems were being
tested and worked on for the last 2 years on an international
basis. So even in a country that didn't have an organized
process for infrastructure protection, its banking system had
to be testing and working with other banking systems, because
the central bankers around the world for the last 2 years
focused on that. That was, in many ways I think, the biggest
risk they had and the biggest success they had.
Mrs. Biggert. I guess just one last question, that so many
valuable lessons came out of the experience, and how are we
going to ensure that these lessons aren't lost if we don't
continue on after leap year day, February 29th, I guess it is?
Mr. Koskinen. We created in my prior incarnation, with the
help of this committee and others, the Clinger-Cohen Act and
the Chief Information Officers Council and CIOs in all of the
agencies, with the idea they would be as they have been the
focus for information technology issues across the government.
That council is chaired by my successor as the Deputy
Director for Management at OMB, and independent of the
information technology issues, the security issues that are
under the critical infrastructure assurance organization, but
focused on by the CIOs as well, there is an existing vehicle
that I think, over the last 3 years of its existence, has
turned out to be very effective for bringing together all of
the Federal agencies and their senior information technology
people to work together on isolating and identifying what are
the critical challenges the Federal Government faces, how
should we be organized to deal with those, and then
implementing those situation suggestions.
Mrs. Biggert. Thank you. Thank you, Mr. Chairman.
Mr. Horn. Thank you very much. Let me ask you, Mr.
Koskinen, you have had a lot of experience in the executive
branch, first in OMB and other consultant operations, and, of
course, this. You note in your formal statement here, and you
mentioned it also, I believe, in your oral summary, this is the
greatest management challenge the world has faced in the last
50 years. I think there is probably a lot of truth to that on
the world.
But when we look at major management challenges within the
executive branch over 50 to 60 years, we see the atomic bomb
and the hydrogen bomb, major challenges of how you put that
together; going to the moon is certainly another one, setting a
goal as President Kennedy there; Admiral Rickover and the
nuclear Navy, where you cut through a lot of bureaucracy and
got the job done.
I guess I would ask you, as you look here, how do
Presidents best get served in dealing with those management
problems and the one you just presided over? So give us a
little insight into that.
Mr. Koskinen. Well, as I say, I think the difference
between the Y2K problem and the other significant challenges
you floated, which I think were important for the country is,
this was a challenge that affected every system in the Federal
Government, every agency. So it was not a question of having
NASA or the Energy Department or someone else focusing on a
very major challenge.
This was a challenge of having every Federal agency, large
and small, challenged at the same time, not only within each
agency but across agency lines. The Treasury Department
services and provides financial services to a wide range of
Federal agencies, for example.
I think in all of those cases, what is needed is for people
to identify the problem and for it to have a high level of
commitment and attention from the Congress as well as from the
executive branch. Again, I think the structure set up of the
CIO council for information technology challenges going forward
is an effective structural vehicle for the government to be
able to surface what the issues are and deal with them
effectively.
So as we move forward, I think information technology is
not a series of episodic challenges for us. Information
technology is an ongoing issue, not just for the Federal
Government, but for the private sector and world as we become
more reliant on information technology for everything from
communication to financial transactions.
Mr. Horn. What do you see based on usual experience as to
the one or two management challenges after this is done? What
do you see? You have had a real eye-opener, I think, throughout
the last few years.
Mr. Koskinen. Clearly information technology is a
challenge. I think it has affected our ability to modernize
systems across the government, to have them implemented and
operate effectively, has been for some time and will continue
to be a challenge.
I think performance measurement. I was a great supporter of
the Government Performance and Results Act. I think it is
important, not only for effective management within the
government, but for an improved dialog with the public about
what our goals are and our objectives are and how we are doing
and achieving those.
So as we go forward, I think we have on our plate
significant challenges, and we probably don't have to reach out
and find new ones. If we could handle both of those
effectively, deliver services more effectively under GPRA and
provide improved updated modernized information technology
delivery systems across the government, I think we are headed
in the right direction in those areas, but I think they are
major challenges.
Mr. Horn. We are going to be holding hearings with the
Government Management Subcommittee on Clinger-Cohen that was
mentioned, which came out of this subcommittee and the full
committee, and also on the computer security issue, which came
up here, so we will be looking for you to testify on those
things. Those certainly cut across different agencies within
the executive branch. We have a whole other agenda also we can
get into with whoever is in place there with the CIOs, because
I think that is very important, what you did when you took the
job and came out of retirement. You went around and sat down
with the Deputy Secretaries who often operate the departments,
and I think that was very important.
Would you like anything else to have done that you didn't
have time to do?
Mr. Koskinen. No. Oddly enough, this was my feeling even
before we had the successful transition, if I had to do it over
again, I wouldn't do anything differently. We did all we needed
to do, I think, and all we could do. I got tremendous
cooperation from not only the leadership in all of the Federal
agencies, but as I noted, I think a stunning achievement by
career public servants in the Federal Government and State and
local government, demonstrating an ability to meet a real
challenge and meet it effectively.
Mr. Horn. What are you going to do with that $50 million
headquarters? Who moves in?
Mr. Koskinen. That includes the operational cost for a
year, so not all of it will be in place. But OMB is working
with the agencies and I have said that when we do our last
briefing on March 1st for the rollover, OMB at that time will
announce exactly what its plans are for the operational
capacity at the information coordination center.
Mr. Horn. Most Presidents early in the morning get a
national security briefing coming over from CIA. Do any
Presidents ever get a management briefing in the morning as to
what is going on in the executive branch and why not?
Mr. Koskinen. That is not in my jurisdiction at this point,
so I can't tell you whether that is done or not.
Mr. Horn. It was in part when you were Deputy Director for
management. The question is most Presidents don't know what is
going on in the executive branch unless there is some crisis
that hits the papers. Shouldn't Presidents also be looking at
the domestic situation, just as they look in the morning at the
foreign situation?
Mr. Koskinen. There is no doubt that our ability to manage
the vast organizations we have and the significant funds that
we have is an important part of our responsibility to the
public, and I think that not just in the executive branch and
the Congress as well, it is oftentimes more exciting to talk
about new policies or new programs or failures isolated.
It is much harder, as you know, in the leadership you have
had in your subcommittee, to get people to understand and focus
on day-in and day-out management. But when push comes to shove,
our ability to make changes and provide benefits to people
depends on our ability to manage programs effectively. Good
ideas poorly implemented are actually very ineffective.
Mr. Horn. I am going to yield now to Mr. Wu from Oregon for
5 minutes of questioning.
Mr. Wu. Thank you, Mr. Chairman. I am just going to use a
little bit of my time and really focus on this a little bit
more with the private sector panel coming up. I just want to
ask one question:
With the upgrades, the new equipment, the other preparation
work which was done in the Federal agencies, do you see, or are
you currently experiencing a dip in procurement as a result of
the bulge, if you will, prior to December 31st?
Mr. Koskinen. I think the agencies can probably answer that
question better.
Mr. Burbano. I would like to address that as the CIO for
the State Department. I would say not really, for this reason.
There was a lot of systems, and I know at the State Department
we put a moratorium on systems development and implementation
and so forth if it wasn't Y2K-related.
So all of that was put on the shelf, and now it is getting
off-the-shelf as soon as the leap year is over. So that is
going to offset.
Mr. Rossotti. With respect to the IRS what really happened
is that over a 2 to 3-year period, we made an investment to
bring up-to-date our hardware and operating system software.
But, for example, with PCs, personal computers, we really need
to be on about a 3-year replacement cycle there, so we are
replacing each year about one-third of the computers
representing what was installed 3 years ago. That is kind of
the way that we are planning it.
There will be some dropoff in a few areas where we had to
make some special investments, but, on the whole, what we
really want to do is get on a long-range planning basis where
we invest a certain amount every year so that we don't get
behind as badly as we were 3 years ago.
Mr. Wu. And with respect to personnel, the people you
brought aboard, whether on a long-term basis or on a contract
basis to help you with the Y2K problem, are they being
redeployed within your agencies, have they left? What is going
on with the people?
Mr. Rossotti. Speaking for myself and the IRS, what we have
done is we simply made a determined effort 2 years ago to
retain the people we had. Unfortunately, we were suffering
attrition. So we made some very successful efforts to retain
the people we had, the people who really know some of these old
software systems, and simply had to put many, many other things
on hold. We even had to go to the Congress when they passed the
Restructuring Reform Act, and ask that some of the effective
dates for the law be extended out to 2001, because there was no
way to implement some of the things while still working on the
2000 fixes. So what we did was we simply took our staff, tried
to retain it, and allocated it to fixing Y2K as the top
priority, putting other things on hold. What we are now doing
is trying to dig out from this huge backlog.
Furthermore, we are in an unusual position in that we are
now just embarking on an enormous technology modernization
program. What IRS has right now is we have relatively new
hardware in most cases, and relatively up-to-date operating
systems, such as your Windows-type operating systems and your
mainframe operating systems.
What we don't have is up-to-date application software. We
have, in fact, extremely obsolete applications software, and we
have a lot of it. So our role now over the next several years
is with the help of a prime contractor is to reengineer that
technology, and as I mentioned in my opening statement, that
involves business change as well as technology change. So you
could almost think of Y2K as just laying the groundwork for
what we really have to do over the next several years to
reengineer our applications.
Mr. Burbano. From my view at the State Department, with the
new Y2K initiative, if you want to call it the critical
infrastructure protection I have been talking about, there is
going to be a huge demand for new people with possibly
different skills for computer security, cyber terrorism and so
forth. So there will be a replacement. Some of the skills used
in Y2K can certainly be applied. Others, maybe not. So you have
to look at it on a case-by-case basis. Regardless, there is
going to be a huge demand for this new initiative that is
facing us that is very serious.
Mr. Wu. On net, do you think you are adding folks in the
hardware-software information systems area, or are you shedding
a few now in the State Department?
Mr. Burbano. I think it is a combination. Not with
employees, with contractors. It is a combination of shifting,
replacement of skills, keeping some. But don't forget, we are
still not out of the Y2K window until the rollover of the leap
year. So that is a little bit too early to say right now. But
we are starting to look at it in that view, that since we do
have this new huge initiative that is very important and will
go on for the unforeseeable future, there will be a replacement
of skills, and some of those will be applicable and some not.
Mr. Wu. I thank the witnesses. Thank you, Mr. Chairman. I
yield back the balance of my time.
Mr. Horn. The gentleman from Washington, Mr. Baird, 5
minutes.
Mr. Baird. No questions.
Mr. Horn. Mrs. Biggert, the gentlewoman from Illinois.
Mrs. Biggert. Thank you. In making the fixes on the
computers, organizations really used a lot of different
methods, and some, apparently, I think what we heard before
were like short-term fixes as far as the date change of
windowing, making the dates like 99 and 00 rather than 1999 or
2000.
Will there be any oversight or will organizations, do you
think, pursue a permanent change, or will these temporary
changes or fixes really last for the long time, or will there
have to be something done there? Is there any oversight, I
guess, is the question or do they need to--do you know of
organizations that will need to pursue the permanent fix? Maybe
Mr. Willemssen.
And one other thing, I think, like HCFA delayed putting in
a new system until this was over. Do you see that the Y2K will
have benefited how for them to pursue that, the new changes in
their systems?
Mr. Willemssen. First of all, you are correct, many
organizations had to use techniques such as windowing, because
in many instances they had no choice. There wasn't enough time
to go through a full date expansion of the software and data
bases. So many of them did use those kind of techniques.
They will not last forever. Many of those same
organizations plan to have new systems over the next few years,
so that the risk, if those new systems come in, is relatively
small. However, the caveat to that is when programmers put in 2
digits in the 1970's and 1980's, they thought their systems
also would be replaced, and many of them were not.
So there still has to be some oversight of that issue. I
would say it is very difficult, though, to generalize among
agencies because even within a specific agency business
function, some may have windowed, some may have gotten a new
system, while others may have fully expanded the date field. It
is therefore, an issue where you have to go in and do a full
examination and know what you are dealing with and be aware of
where your risk points are as time continues with these kind of
patched systems.
Mr. Burbano. I would like to say that at the State
Department, since the Y2K program office was run underneath the
CIO, which is remaining, we do track where we used windowing.
We used a combination of windowing repairs as well as
replacements. We do have a list of those. We are tracking them,
and most of those are 10 years or more out. But we do have a
list of those and we will track them so long as the CIO office
lasts.
Mrs. Biggert. Thank you. Thank you, Mr. Chairman.
Mr. Horn. Thank you. Now the cochairman of this task force,
Mrs. Morella, the gentlewoman from Maryland.
Mrs. Morella. Thank you, Mr. Chairman. A question for Mr.
Willemssen. GAO recently reported that some of the Y2K
remediation that was done at Federal agencies was contracted
out to private corporations, and in your report, you noted that
some of the private companies used non-U.S. citizens to work
out the remediation. I just wondered if you would comment for
the record on what you found and what you think implications
are, if any?
Mr. Willemssen. We did have a request from the full House
Science Committee to look at the use of foreign nationals at
the Federal Aviation Administration in both the remediation of
software and in the post-remediation review of software that
had been previously remediated, and we did find some oversights
on the part of FAA. To the FAA administrator's credit, she
aggressively took action on these oversights, and they are now
in the process of going out and making sure that all of the
individuals who worked on the code are indeed checked out. FAA
did not know for sure, for all of the systems that were
remediated and reviewed, that the individuals had an
appropriate background investigation, and therefore whether the
risk was manageable in terms of manipulating the code.
So there were some issues that we did find. Again, to FAA's
credit, they have been very aggressive in following up on these
issues. One of the issues I think you pointed out at one of the
prior hearings, was that there was a security risk involved to
the extent that it wasn't managed with all of this push to get
Y2K done. That it would be done quickly, losing sight of some
of the necessary controls, and that is in fact, what happened
here at FAA. All the controls were not in place to check out
all of the individuals working on the code.
Mrs. Morella. Do you feel comfortable that this has then
become a symbol for what could happen if you don't have proper
implementation of the regulations and that the agencies all
know this? Did we learn from it, besides the FAA immediately
saying we will correct the oversight?
Mr. Willemssen. I hesitate to generalize because FAA is the
only agency where we went into depth on this particular point,
so I hesitate to say that other agencies may have similar
issues, although I know the executive branch is looking into
that.
I know that, as I mentioned, FAA has been very aggressive
and actually we are expecting a more detailed report from FAA
within the next couple of days on all of their actions in
response to a recommendation to do the background checks on
individuals working on the code.
Mrs. Morella. I think you would like to comment on that.
Mr. Burbano. Yes. The State Department, we looked at this
issue very carefully at the beginning. First of all,
domestically, we did not use any foreigners, especially that is
where mission critical systems are. We do require, regardless,
we do require all of our contractors and employees to go
through secret clearances. In addition to that, some minor
systems overseas did have some FSNs, foreign service nationals,
working on their systems, but they were closely supervised by
the Americans at the Embassies, and we have had no problem at
all. Everybody goes through a clearance check anyway.
Mrs. Morella. Splendid. Thanks for that assurance.
I yield back, Mr. Chairman.
Mr. Horn. Thank you very much. Let me ask a few questions
here in closing with this panel. I would like the commissioner
and Mr. Koskinen to respond to this.
The question would be the extent to which windowing was
used to repair systems, and is that really a permanent
situation, or how do you feel about the windowing aspect where
you are trying to piece it altogether and fool it, shall we
say, in terms of the computers?
Mr. Koskinen. I don't think anybody has the capacity to
tell you how much of the work was done by windowing and how
much was date expansion. Windowing is a technique that is
effective as long as you don't care about when people were born
or transactions in those windows. In other words, if you really
are only worried about relative dates, you can window. But in
things like Social Security, you can't window very effectively,
because you care very much about whether or not somebody has
been born on one side of the window or another.
Second, I think the point Mr. Willemssen made is important,
and that is, when we talk about configuration management and
better control of IT systems, obviously monitoring the way we
fix systems for Y2K as we go forward is an important part of
that management, and I think it is exactly right to note that
25 years ago, 15 years ago, people working on systems that knew
they weren't going to be Y2K compliant were comfortable because
they thought those systems wouldn't be operating. So you have
to be a little worried about anybody saying today, well, my
windowing works until 2015 or 2023, so I don't have a problem,
because those dates will come before we know it.
So I think the answer to that is not was it done, it
clearly was done. It was a very effective technique, it was
cost effective, and particularly if you are going to replace or
upgrade those systems, it was probably the right way to go. It
will turn out to be a mistake if you lose track of it, continue
to run the systems through the window, and discover you have
got a major challenge down the road.
Mr. Rossotti. I am pleased to say in this case, one of the
few occasions I can answer very easily, we did not use
windowing at the IRS, we did everything with 4-date digit
expansion and required a special exception from the CIO to have
any exceptions, and, to my knowledge there were just maybe a
very tiny handful, maybe one system given an exception.
Interestingly, the reason for that decision was not primarily
because of worries that would, you know, become obsolete in 10
or 20 years, but because we had so many heterogeneous systems
that had to work together, we were not convinced that if we
used some windowing here and some data expansion here, that we
wouldn't run into incompatibilities among our own systems. So
we made a decision to keep it simple, and so everything was
made compliant by four-digit date expansion.
Mr. Horn. OK. Now it has been mentioned on the foreign
workers in some of the patching up of these systems, I would be
curious how you all think how vulnerable our computer systems
are as a result of the Y2K, and are you concerned that those
remediating systems could have engaged in acts contrary to the
best interests of the government? So I would just appreciate--
let's start with Mr. Burbano.
Mr. Burbano. Yes. In terms of the concern, you should
always be concerned, but because of the process I mentioned
that we took at State with requiring security clearances, all
domestic systems, where our mission critical/critical systems
are at, only used Americans. We don't have as much concern
there.
Overseas, again, I mentioned we did use FSNs who have to be
cleared and who only work the minor systems and who are closely
monitored by Americans when working on the systems. So we are
not as concerned. However, we did develop a project in concert
with my sister bureau, Diplomatic Security, on doing some spot
checks on some of the systems, just to make sure.
But, just to let you know, you know, even with commercially
off-the-shelf systems, you don't know where those systems are
developed. They could have foreigners working on those systems
also. So you do have to be vigilant about these systems.
Mr. Horn. Commissioner, in terms of computer security, I am
sure you have to deal with that every day in some way.
Mr. Rossotti. Well, we have, of course, major security
challenges in the IRS from a number of perspectives, including
from the old applications software. But I think on this
particular issue, that is to say, the contractor support we
used for the Y2K, I think we were in pretty good shape on that.
There was one particular component of one system that, for a
particular reason, was developed with some offshore people, but
that was then subsequently cross-checked by a different group
that was cleared. So as far as I know, I think we can be pretty
confident on this, we do not have much vulnerability for this
particular problem.
That is not the same thing as saying we don't have
vulnerabilities for other reasons.
Mr. Horn. Mr. Koskinen, why don't you give us your side of
it?
Mr. Koskinen. I think Mr. Burbano made the important point,
which is, security is an issue beyond Y2K, you ought to be very
careful about whoever works on your systems. As a general
matter, we were concerned about this issue from the start and
we worked with the intelligence agencies and the National
Security Council and others, both to warn private sector
companies as well as domestic companies to be alert to this
issue. Most of them in a large sense are.
Most of the off-shore work was done by the private sector
and not the government. Most government work was done by normal
contracting, or internal resources, so that there was much less
of that done here than in the private sector.
Monitoring what has gone on in the private sector, what has
gone on, we have seen very little, in fact, almost no evidence
that work done offshore included some kind of security threat.
Obviously, the absence of glitches over the rollover means at
least if somebody was targeting the time to create mischief,
that was not one of those times.
But I think the bottom line to that is, again, as we move
forward, information security has to be high on everybody's
list. I think, again, the point is well made. It is not just
people who have access to your system. It is when you buy
systems, whether it is off-the-shelf systems or otherwise, you
have to be worried about who worked on those systems, what is
in them and what potential impact could they have on your own
system. So I think if anything requires eternal vigilance, it
will be, in fact, information security and security about those
working on your systems.
Mr. Horn. I thank you. We will be holding a separate
hearing on the computer security anyhow, so we will postpone
the rest of those questions.
Mr. Willemssen, before we round out this panel, I would
like you to summarize the following under page 16 of your
formal statement, ``Reported Year 2000-related Errors in the
Federal Government.'' If you could just sort of bullet them to
me in one sentence, each one, just so we have it in the record,
I would appreciate it.
Mr. Willemssen. On page 16 is a summary of what we observed
during the rollover from both the perspective of the
information coordination center and specific agencies where we
were onsite. We tried to summarize what we thought seemed to be
significant issues that did come up, even though they were
addressed very quickly.
Briefly, those included the Department of Defense
intelligence satellite system, the Federal Aviation
Administration had some systems with some Y2K failures that
again, they were able to remediate and fix very quickly, and
the Health Care Financing Administration ran into some
difficulties with partners. In one case HCFA had a problem with
a bank on some electronic payments leading to some delays in
payments, although it is still within the required targets.
Also, HCFA will continue to work aggressively with their
providers in making sure that they put forward accurate dates
on their claims so that claims are not returned.
Mr. Horn. You say here there are 26,000 claims from
providers with these erroneous dates in the first week of the
new year.
Mr. Willemssen. That is why we thought it important to give
a sense of the magnitude, because they are not just little
things that we are talking about. They are little within the
scope of the entire Medicare program, but they do have some
impact. But, again, HCFA has done an outstanding job over the
last couple of years on getting on top of Y2K. They as much as
anyone faced a mission impossible on Y2K, and through the
leadership of their administrator, again, they continue to be
very aggressive in following up and making sure that the
disruptions are kept to a minimum.
Mr. Horn. And then the ones that concern most of us based
on our air travel regularly is the low level wind shear alert
system. Can you tell us anything about that?
Mr. Willemssen. Again, those systems were out at about
eight locations, but they were out for no more than 2 hours, I
think 2 hours 12 minutes at the outside. Fortunately, when they
were out, we saw no evidence of bad weather in those locations.
So we could be sure, based on the evidence we saw that there
were no safety implications from those systems being out.
Again, it speaks toward the advantage of all the agencies being
poised to respond during the rollover. FAA was ready to get
right on top of those systems and fix them immediately, and
that they did, to their credit.
Mr. Horn. Yes. I was spending part of that December 31st in
the L.A. Tower, and I got a good education from the technicians
there. They have a terrific job to do when they are getting
those radar sites into operation when something goes crazy with
them. I was very impressed by that group.
So are there any other major things that is a worry to the
General Accounting Office?
Mr. Willemssen. I again conclude by saying the rollover was
a great success, thanks to the leadership of Mr. Koskinen and
yours and Chairwoman Morella's leadership. However, I think it
is important that we continue to monitor events over the next
couple of months. I would strongly concur with Mr. Koskinen's
plan to bring up the ICC again during the leap year, because I
think there will be a few disruptions that again occur, and I
think there will also be a few disruptions that we start
hearing about as processing cycles complete themselves. So we
haven't heard the last of Y2K. But I think it will be much,
much less than what we had once feared.
Mr. Horn. I want to end on a happy note here and help the
Department of State a little, Mr. Burbano. In November 1999,
the Department of State submitted its regular quarterly report
for the year 2000 to the Office of Management and Budget, and
of course, that does come to our subcommittee. After a lot of
discussion with you and OMB, it became clear that the language
in that quarterly report didn't really accurately reflect the
actual level of effort for the Department's independent
verification and validation work. Just so we can give you an A
on this, please explain to me the independent verification
process that you actually went through but wasn't in the
report.
Mr. Burbano. Thank you very much. At the State Department,
one of the things that I did when I came on board in May 1998,
as you all know, I came on board, we had straight F's for about
a year, so I had to move quickly in order to especially meet
the deadlines of Congress. But I wanted to make sure that we
did it correctly and not get any surprises at the rollovers. So
I set up a very rigorous process where not only did we have the
separate bureaus test our systems, but underneath my office,
the Y2K office separate from their individual bureau Y2K
offices, I had independent contractors test the systems. That
was the first level of independent tests.
But in addition to that, I did a partnership with the
Inspector General where they would do a second test with their
own contractors to review the test and so forth, and certify
the systems, along with myself as the CIO. So we went through
two levels of independent verification tests, in addition to
the testing that the Bureau did themselves.
The misunderstanding that came in that, we were about 66
percent in November or somewhere around that nature, in terms
of certification, but when, in fact, it really equalled to
about 160 percent, because we had already finished our first
level. That is where the misunderstanding came. I think we
proved that right since we had really no significant--not only
in the mission criticals, but in the criticals as well as the
routines, this thoroughness that we did.
Mr. Horn. Well, thank you very much. On that, are there any
questions any Member has? If not, we appreciate what each of
you has had to contribute to this and the fine work you have
done that kept us going with very minor glitches. So thank you
all for coming.
We now go to panel two.
Mr. Horn. I would ask you to stand and raise your right
hands.
[Witnesses sworn.]
Mr. Horn. The reporter will note all three confirmed. Mrs.
Morella will preside.
Mrs. Morella [presiding]. Thank you. I want to thank the
second panel for being so patient and waiting in going through
the first panel testimony and the questions that were asked. So
we will be concise. We know that you can offer a great deal to
supplement what we learned about Y2K. Proceeding again with the
5-minute rule, you can give us a synopsis of your testimony.
We will start with, first of all, Mr. Harris Miller. I want
to comment on the fact that from the very beginning Mr. Miller
has been very tuned into this issue, has appeared before this
committee probably as many times as any other person who has
testified. So we very much appreciate his coming back now at
the end as we do our summation and look ahead to the future. He
is president of the Information Technology Association of
America.
Ms. Kathy Hotka has not appeared before this committee
before, so you are the alpha and the omega, the beginning and
the end. Ms. Hotka is vice president for technology at the
National Retail Federation here in Washington, DC. We welcome
you. Thank you.
Mr. Gary Beach has appeared before this joint committee,
and he is the publisher of CIO Communications, Inc., from
Framingham, MA. Again, thank you for appearing here. Thank you
for waiting.
Let's start off with Mr. Miller.
STATEMENTS OF HARRIS MILLER, PRESIDENT, INFORMATION TECHNOLOGY
ASSOCIATION OF AMERICA; CATHY HOTKA, VICE PRESIDENT FOR
INFORMATION TECHNOLOGY, NATIONAL RETAIL FEDERATION; AND GARY
BEACH, PUBLISHER, CIO COMMUNICATIONS, INC.
Mr. Miller. Thank you, Madam Chairwoman. It is said that
politics makes strange bedfellows, but I found out that Y2K
makes strange bedfellows, for on the morning of January 1st,
instead of being snuggled warm in my bed with my wife, I was
instead with Chairman Horn at the C-SPAN studios doing a
broadcast on Y2K.
What is even more unusual is that at 8 a.m., constituents
of his from California were calling in, which means at 5
o'clock in the morning they were paying attention to what was
going on with Y2K. But I appreciated working with both of you
chairmen and the members of your subcommittee. I am going to
skip the victory lap you mentioned, Madam Chairwoman. It is my
written statement and will be in record. I obviously want to
commend the subcommittees, and particularly Mr. Koskinen, for
his leadership.
From the perspective of the private sector, we do believe
this is a real crisis that we did face, it was not something
that was hyped or made up. In fact, as I was walking down the
hall this morning with our Y2K program manager, Heidi Hooper is
with me, she noted there wasn't a line about the hallway
waiting to get into the subcommittee hearing. I said that is
good news, because if, in fact, the problems had occurred, I
suggest you wouldn't have Harris Miller and Kathy Hotka and
Gary Beach on this panel, you would have Alan Greenspan and
Secretary Summers discussing the global recession that had been
caused. So, in fact, the fact we didn't have a major crisis is
good news, and the fact we don't have hordes of people standing
around is, in fact, very good news.
In terms of the magnitude of the effort, I would certainly
agree with Mr. Koskinen's effort. In fact, I even go a little
more hyperbolic, I think it is the biggest success since the
building of the pyramids, because it was, in fact, a global
effort, government, private sector, hundreds of thousands of
individuals around the globe working together to achieve this
success.
To talk about the lessons learned, I would like to refer to
what I believe is a Y2K renaissance. What do I mean by a Y2K
renaissance? I think it really is two parts. First of all, the
rationalization of the existing computer technology. You heard
a lot about this from the first panel in the Federal sector,
but the same thing was true very much in the private sector.
The fact that time and again, because of the necessity of
dealing with this huge challenge, companies were able to get
rid of deadwood programs, they were able to bring into their
companies more modern and more efficient computer systems.
They also learned to do supply chain analysis and in a
systematic way that they had never done before. They were able
to collaborate in ways never experienced before, either within
companies or across companies. They were able to develop
contingency plans, many of which were not needed as it turned
out, at least are now in place should there be future problems,
and they learned to approach the entire IT system in a much
more strategic way.
That is going to mean that down the road these companies
and ultimately their customers can take much more benefit from
information technology. The productive gains which Mr.
Greenspan and others have noted have helped to contribute to
the continued growth of our economy and the high productivity
should be even stronger because the IT systems in companies as
well as within the government are now being treated much more
rationally and in a much more systematic way.
The second reason I call this a Y2K renaissance is the new
directions that companies are now taking. Because as they came
to understand through Y2K the strategic as opposed to tactical
importance of IT, they are now moving ahead implementing future
IT much more strategically. Obviously, the Internet changes
everything, and we are seeing throughout the private sector and
we hope the government sector will quickly catch up the use of
the Internet for improved, dramatically improved in many cases,
internal processes, whether you are talking about personnel
systems, whether you are talking about human resources or
financial services, whether you are talking about inventory
control, all of these basic day-to-day business operations are
being done much more effectively and efficiently on the
Internet. This is one of the new exciting aspects of Internet
technology.
Also, of course, dealing with customers, and customers
don't just mean business to consumer, the kind of stuff you
read about on the front page, about Amazon.Com and others. It
also means business to business, because businesses are also
customers, and the ability of businesses to deal much more
effectively.
So this is the kind of Y2K renaissance I see coming,
because as we come out of what Mr. Burbano and others described
in the Federal sector, which also occurred in the private
sector, namely, a temporary freeze in many cases on new
programs and spending, and now all these projects which have
been temporarily set aside are going to be brought out to the
fore, and again, I think you are going to see massive increases
in productivity, in major benefits to customers, and again,
customers I define broadly as businesses and individual
consumers.
Let me talk about some other lessons learned. One of the
lessons learned that was that while the government sector did
an excellent job, as the previous panel discussed, the private
sector also did a remarkable job.
Some names of individuals who you may not have come across,
or maybe you have come across, like Bill Mont and Tim Shepherd
Whalen from Global 2000, or Ron Balls from the ITU, people who
are able to take entire sectors and coordinate them, you are
going to hear from Ms. Hotka about the retail sector,
contributed mightily to the success. I think ongoing we have
learned lessons about the ability of these sectors to work both
nationally and globally.
I also use that as a point for future global cooperation.
The International Y2K Coordination Center, which both of you
were very involved with and which Mr. Bruce McConnell headed so
ably, has demonstrated the opportunity for global cooperation.
Coming out of that, I am hopeful we will see some continued
opportunities.
For example, the International Y2K Coordinating Center
steering committee is considering the creation of what is
called the Center for Digital Opportunity, which would be a
cooperative program to promote Internet growth in developing
countries to the same extent that it currently is in developed
countries. In fact, tomorrow the steering committee will have a
conference call and I am involved in that also, as is Mr.
Koskinen, to see about the possibility of building on the
linkages that have been established through Y2K in that area.
Similarly, the issue that Mr. Burbano talked about so
extensively and Chairman Horn said you will be having further
hearings on, the whole issue of information security.
While there are information security issues which are very
specific to the U.S. Government, there are many issues which
are global in nature. Again, the 170-plus countries that work
together through the international Y2K cooperation center
should be able to take those linkages which they established
and build on them for information security. I think that is
also another lesson learned.
The last lesson learned which I would like to refer to, and
I am a little bit over my time, is that the Y2K problem was
solved without government dictating what the private sector
needed to do, without legislation. As you remember, you two
chair people, at a hearing early on, there was actually
discussion about perhaps Congress having to mandate the private
sector to take specific actions. You came to the correct
conclusion that, in fact, there were better ways to do that,
rather than mandating specific activity. We did get through
this without mandating specific activity on the part of the
Congress to order the private sector to do activities because
the private sector was and to work collaboratively.
I think the lesson learned there is as we move ahead to
other challenges in information technology, whether it be the
information security area or regulation of the Internet, that
the claims that the private sector made to you then that we can
handle this in a collaborative manner, not working against
government, but cooperatively with government, did prove true
in the Y2K area, and I think when Congress approaches other
issues, such as information security or other issues of
regulating the Internet, they should take that lesson learned,
and perhaps it will also prove true that you do not need
legislation, that there are other ways to get things done in
this new economy and in this information revolution.
Thank you very much for giving me the opportunity to appear
before you, and I would be glad to answer any questions.
Mrs. Morella. Thank you. I also want to comment on the fact
that I did hear that early morning C-SPAN program, and it was
very informative. Thanks for your leadership.
[The prepared statement of Mr. Miller follows:]
[GRAPHIC] [TIFF OMITTED] T6711.064
[GRAPHIC] [TIFF OMITTED] T6711.065
[GRAPHIC] [TIFF OMITTED] T6711.066
[GRAPHIC] [TIFF OMITTED] T6711.067
[GRAPHIC] [TIFF OMITTED] T6711.068
[GRAPHIC] [TIFF OMITTED] T6711.069
[GRAPHIC] [TIFF OMITTED] T6711.070
Mrs. Morella. I am now pleased to recognize Ms. Hotka.
Ms. Hotka. Chairman Morella, Chairman Horn, members of the
committee, retailers appreciate your leadership on this issue,
and I appreciate the opportunity to appear here with you today.
As you may know, the National Retail Federation's Survival
2000 project worked for 3 years to coordinate a joint retail-
industry response to the year 2000 issue. We worked with
department stores, restaurants, specialty stores, liquor
stores, pharmacists, convenience stores and grocery stores to
make sure that you could shop this year. People are really
shopping as a result.
How did retailers fare? Better than we expected. But the
sector desk at the White House information coordination center
that seemed to have the most to talk about was ours, retail and
small business. As expected, bigger businesses experienced
annoyance grade glitches and some smaller ones found out that
that fix on failure policy they had was not such a great idea.
Anecdotally, we know of retailers still processing credit
cards manually because of the IC verify problem. One retailer's
store credit cards failed. Cash registers at one chocolate
store chain would not open. But the examples here are
relatively minor.
Now, it remains to be seen whether the global supply chain
would be unaffected, larger retailers have some doubt about
whether or not we have sailed through this internationally.
Was it worth the work and expense? We already know the
answer. While retailers spent multiple billions of dollars to
find and fix and replace software and hardware and to conduct
extensive testing, we also would not do it any differently. We
had conducted a survey in 1997 that showed that if retailers
didn't undertake this work, many key systems would simply be
dead in the water. We found out that 100 percent, all, private
label credit card systems would not have worked; 99 percent of
warehouse management systems would have failed. Most retail
processes are touched by technology, and our members were not
willing to bet the business they would be fine without
remediation. My members are astonished that some columnists
have questioned the value of the investment. Mr. Burbano
mentioned earlier that some countries found they were less
dependent on technology than they thought. We discovered we
were more dependent on technology than we had thought.
So what lessons did we learn? We learned four:
First, we learned that most organizations underestimated
their reliance on IT despite healthy investments in technology,
retailers found that some business critical processes were
being run by business units on 15-year-old software. You cannot
run a company on paradox 1.0 for DOS. It is not a good idea.
Some companies maintained software they didn't need. Some
key programs were being run by people with no IT background.
Companies did not have contingency plans. In fact, we found
only one company that had a contingency plan at all.
In the end, though, savvy companies realized Y2K was not an
IT issue but a business issue, and that IT needs the continuing
attention of the CEO. Those companies that did best had the CEO
in charge of this project. We who lead industries must bring a
better appreciation of IT as knowledge management, not just PCs
and printers.
Second, we learned that reliable information was hard to
come by on this, particularly in the early days. Should
retailers have believed technology companies product updates?
They seemed to change hourly.
Should retailers have believed government agencies' self-
reports? How about suppliers? How about the fear mongers?
Ultimately, no self-reported information was reliable, and
retailers simply conducted their own verification in the
absence of reliable test data or organizational benchmarks,
this was our only choice. It was expensive and time-consuming.
We know of a number of companies, for instance, that put people
on airplanes all during 1999 to check on international
readiness. These people simply traveled from country to
country.
Third, we learned that government may have a useful role in
helping companies use technology as a business tool. There is
no doubt, but that the white hot spotlight of your committee's
attention to this issue brought home to all of us the need to
work diligently. Your contributions to private industry
preparedness should not be underestimated. We paid a lot of
attention to those report cards. Our friends at GAO published
world-class, best-practices documents that gave private
industry some models to work from. John Koskinen and his
talented staff helped galvanize countries, governmental bodies,
private industry and the media. All were key to helping
retailers who rely on a global supply chain and public
confidence. We thank you all. Like Harris, we believe that this
should be a partnership and not a speaking from on high.
But, fourth, we learned that joint action was key. No one
retailer did it alone. Fierce competitors worked together to
keep the industry ready. Generous companies allowed staff to
speak at conferences to spread the word to others.
So going forward, we would like to continue what we have
been doing for the past several years, working to protect
America's business data. Congress should continue to show
interest in America's information infrastructure. The White
House ICC where public-private partnerships were so useful
might continue to be a valuable tool. Business still needs best
practices that can help smaller companies use technologies
responsibly, and reliable sources of information about threats
to data from hackers, viruses and industrial espionage are
needed. Let's continue to work together. Public private
partnerships got us through Y2K, but we have compelling reasons
to keep working in 2000 and beyond.
Thank you.
Mrs. Morella. Thank you very much for that testimony.
Now we will hear from Mr. Beach.
Mr. Beach. Madam Chairwoman, Mr. Chairman, I thank you for
the opportunity to appear before the committee again. Madam
Chairwoman, talking about the victory lap analogy, I live close
to Hopkinton, MA, which is the start of the Boston Marathon,
and I would say what we have learned with all the great work
here is that we are in the first mile of a marathon, a marathon
showing how pervasive technology is in all of our lives.
The subject of my testimony here is in the written side,
but I will orally summarize it, is lessons learned,
opportunities created, and I would encourage the committee to
look forward as to what are some of those exciting
opportunities.
Increasing the crescendo of hyperbole, we heard about John
Koskinen talking about it in the last 50 years, and Mr. Miller
talking about the work as is comparable to pyramids. I would
say that the year 2000 computer problem and the work that was
done on it by a myriad of groups is the most remarkable
peacetime example of human cooperation in the history of the
world, and I have an idea for you at the end of my oral
testimony.
We are entering, what I see, as the age of digital
enlightenment where technology is going to help nations govern
better, help businesses conduct better business, and make
everyone's digital life all the more meaningful.
The committee asked the panelists ``was Y2K hyped for
profit?'' Those of us on the front lines, the ITAA and Kathy
and her group and others, have no doubt that without proper
remediation and all the great work that this committee has
done, Y2K would have had a severe impact on computer systems
around the world.
It is interesting, isn't it, that those companies that may
have benefited from an increase in sales of computer hardware
or software over the last couple of years are now reporting in
the Wall Street Journal over the last couple of days saying
their earnings reports are down because of Y2K. So what goes
around comes around, and it is all going to even out in the
end.
So, the long-term legacy of this challenge is going to be
akin to the oil crisis that we saw in the mid-1970's, where we
had relatively short-term pain, and long-term we had more fuel-
efficient cars. The Y2K long-term legacy was simply mentioned
here many times today that it caused the world to update its
computing infrastructure in a relatively short period of time.
I was personally surprised at how well the rest of the
world made it through digitally unscathed on January 1st. I
would say this experience was a resounding clarion call to our
government and our industries that other nations, many of whom
predominantly use U.S. technology, are running neck and neck
with the United States. It seems to me that the digital playing
field appears to be leveling off. And, in this new 21st
century, where the economy is going to be very digital and
electronic, these other countries are prepared to provide
stronger global competition.
On the earlier panel we talked about foreign nationals. I
had an opportunity last year to travel to Bangalore, India,
where I saw thousands of workers producing Y2K remediation
projects, many for United States firms. These workers are now
going to be looking to produce products and services in their
own global environment.
The next big technological breakthrough is going to be e-
commerce. A CIO poll recently reported that 73 percent of
American businesses now have e-commerce initiatives started.
What is even more important to me is by 2001, these e-commerce
initiatives are going to be the core business models of these
businesses.
Shifting to opportunities for government, the Y2K
revolution has afforded the Federal Government and the State
and local governments opportunities to modernize its computing
infrastructure. We should leverage these revitalized systems to
better do the business of governing. Opportunities before this
House and this committee in light of legislation continue on
Internet taxation, how Americans will govern using technology,
closing the digital divide of the have's and have not's, and
possibly the aspect of a not too long-term strategy of having
the United States wean off its dependence on foreign workers.
I did some work last year in Massachusetts reviewing the
State's entire higher education system. While there are more
and more men and women entering computer science courses in
classes across the country, the challenge is that the faculties
at many of these institutions are not prepared to teach the new
technologies.
As I mentioned in the beginning of my testimony, I had an
idea. I would encourage Madam Chairman and Mr. Chairman to send
on behalf of the world's IT workers, a letter to the Nobel
Prize committee in Oslo recommending that a special award be
given in October to the world's IT workers, where possibly a
person from the informatics committee at the U.N. could go to
accept it, and on a site, some place on a U.N. URL, any worker
who worked on Y2K could download it and proudly frame it in his
or her office.
In closing, Y2K in context, was a massive tactical
challenge, but what it underscored on a more strategic level is
the importance of technology in governing and commerce, and
with the seemingly stable technology infrastructure in place,
now is the time to take advantage of these new opportunities.
Thank you.
Mrs. Morella. Thank you.
[The prepared statement of Mr. Beach follows:]
[GRAPHIC] [TIFF OMITTED] T6711.071
[GRAPHIC] [TIFF OMITTED] T6711.072
[GRAPHIC] [TIFF OMITTED] T6711.073
[GRAPHIC] [TIFF OMITTED] T6711.074
Mrs. Morella. I think that is a fitting way to end the
testimony of the panelists with this concept of the Nobel Prize
and the fact that it is a great example, as you said, a feat
greater than or as great as the pyramids. Ms. Hotka had some
very glowing things to say about what we learned also. Coming
from the private sector, it is particularly important.
We have a roll call vote right now, a quorum, but we will
be back for some questioning, so I would imagine 10 minutes or
so. So we will recess this hearing for about 10 minutes.
[Recess.]
Mrs. Morella. I am going to reconvene this hearing. I can
ask a few questions, and then if other Members come in in the
meantime, they can continue to ask questions.
Of course, our policy has been that if it is acceptable to
you, that we might also submit questions to you by Members who
may not be here. Thank you. I appreciate that.
You know, I think there have been many, many benefits to
the Y2K work that has been done, whether or not it is the
dimension of the pyramids or Nobel Peace Prize, but certainly
there has been a lot of cooperation that has been so
comprehendible. In going to the command station on December
31st, I saw many people from the private sector on their own
time, unpaid, who were there for 24 hours and spent their New
Years' Eve there, and then part of New Years' morning there
also.
I also saw a report that National Institutes of Standards
and Technology did a lot of work with small businesses in
remediation of the Y2K computer bug, and the small businesses
have said they thought this was a concept that they hoped would
continue, the idea of being able to get help and get assistance
from somebody, an agency or whatever, that cared about them.
So, again, it is another example of the private sector
benefiting from what the public sector had done.
Then just the other day at the District of Columbia
hearing, both Chairman Horn and I are on that authorizing
committee, I asked Mayor Williams about it, because, as you may
remember, the District of Columbia was so far behind, and he
was very excited about the results, the fact that they have now
been able to update their computer system, they know what they
have, and because technology will play such a big role,
particularly as we try to revitalize the District of Columbia,
that they feel they are going to benefit greatly by it. Also by
working with neighboring communities too.
So, again, the whole concept you all pointed out, and that
is, building on the various linkages and the partnerships.
Well, I am going to ask you a question that deals with
people. The vast Y2K repair corps is now being scattered to the
winds after apparently saving the world from the Y2K disaster.
So now what are these people trained to correct Y2K, probably
those people who knew could balance, what do they do now? Can
these displaced Y2K workers help to alleviate the H1B
situation? What do you see with regard to the whole personnel
issue? I will start with any one of you.
Ms. Hotka, why don't we start with you first.
Ms. Hotka. Just briefly, one of the things that struck us
about the people that worked on this was their ability to deal
with business units. IT does not live in a vacuum, and this was
never an IT problem.
These people went out and spent time in warehouse
facilities with people who run the trucks, with suppliers, with
the accounting offices and all through the business. What we
are seeing in our industry is that those people will continue
to work in these companies and that they will continue to work
with these business units to make sure that the IT tools that
are created are actually used and are used effectively. That is
a skill. These are generally older people, people over 30, and
they have got----
Mr. Miller. Speak for yourself.
Ms. Hotka. Well, I am saying that because there is a
tremendous emphasis, I think, in some parts of the IT world on
people who are very young, who have experience in new
technologies. But some of us who are not that young have some
experience that might be useful, and we are finding that it is
being priced in these retail companies. They don't want to lose
these people.
Mr. Miller. I think, Madam Chairman, what Mr. Burbano
discussed is, in the Federal Government, very similarly true in
the private sector. If you take the first group of people,
namely, people who are interimly the staff of an organization,
in most cases when the Y2K issue became a priority for the
organization internally, and the organization decided to use
internal resources, they simply took other projects, put them
off to the side and took those people and focused on Y2K; and
now that they have gotten through most of the Y2K era, leaving
aside having to get through the next 2 months to February 29th,
those projects, which have been temporarily frozen, are now
going to come back as high priorities, and those people are
going to go back and do those projects. That is one group to
think about.
The second group of people are the contractors who came in
from outside to do work for customers, whether those customers
were in government or the private sector. A lot of those
companies, which provided those outside services, were in a
situation where they anticipated very well the end of the Y2K,
they knew when their projects were going to end, and so they
had to do two things: No. 1, they had to find new clients so
they can continue to stay in business and continue to grow
their businesses; and No. 2, they had to take into account the
need to upgrade the skills of their employees to do more
current projects, most of which are going to be e-commerce
related or somehow on the Internet revolution as opposed to the
mainframe projects.
If you look at the major companies that do business and
look at the revenue in 1999 versus 1998, you will see their
revenue continue to go up even as the Y2K work began to drop
off. The reason is that because they were able to find new
customers and they were able to retrain the work force.
So not only do I think this is not going to solve the H1B
problem, if you use the logic that I use in my testimony that
this is going to be a Y2K renaissance, and a lot of projects
were temporarily frozen while companies were getting through
the Y2K problem, I think there is going to be even a bigger
explosion and even more demand for IT workers. The trick is
going to be, as you suggested in your question and as Ms. Hotka
commented in her comments, making sure the workers do have the
retraining. The computer language skills they have are not the
ones most current or most in demand, and that has to be
factored into the process.
Mrs. Morella. I do think many of them are older, but, on
the other hand, I know the University of Maryland had a special
course geared toward remediation of Y2K. Mr. Beach.
Mr. Beach. Madam Chairman, I just would like to once again
mention the aspect of what human beings like most is
recognition, I am dead serious in challenging you and Chairman
Horn to nominate these workers for noble awards.
The international Y2K cooperation center that we heard
about today, and you are familiar with, and that Bruce
McConnell did an incredibly good job running, had a subset
called YES Corps, which was the Y2K Experts Service Corps. I
was fortunate to be on that steering committee. This group
aimed to share information with 140 countries about Y2K, and
currently it is migrating to another role. We all felt this
network was created for tactically addressing Y2K, the network
was more valuable than the actual focus on Y2K. So there is
movement afoot to expound this effort.
I would like to say there is a vested interest in large
businesses in whatever they can do here in the States to help
small businesses, because we are all living in this giant
economic supply chain. Many large businesses are even more
dependent now on smaller businesses.
The H1B visa issue, I know there is a call now to bring the
limit up to 200,000. Long-term what we have to do, and I
addressed it briefly in my testimony, is more rather than fewer
students in America are entering computer science courses,
whether in California, Maryland or Massachusetts.
I chaired last summer for the Commonwealth of Massachusetts
a review of the entire higher education program, and the most
damning finding we found was that we were talking about older
people here, but the faculty, the faculty, No. 1, is older, is
not skilled in the new technologies of JAVA, XML, you name it.
There is a bottleneck there. If that bottleneck is not relieved
or addressed, then our country is going to continue to have to
rely on H1B visa issues.
Mr. Miller. Could I make one more point on personnel to
follow on the earlier discussion of information security? That
is an enormous problem, because we do not have information
security specialists trained. That is one area where you can't
do H1Bs, you can't send the work offshore to Ireland or Israel
or India. That work has to be done with U.S. citizens.
I know President Clinton mentioned this in his national
plan, and Attorney General Reno talked about it. So this is one
area where the government, working with academia and business,
is going to have to focus. You are going to have to convince
people to go beyond their traditional education, to get
additional education, plus get security clearances, because
obviously, the type of people that a Federal agency or a State
government wants to hire for security information, security
purposes is going to need a clearance. Even you are going to
find in the private sector many private-sector financial
institutions and others want to get people with very high
security clearances because they are being put in very
sensitive security positions.
Mrs. Morella. As a matter of fact, the Science Committee
passed, in the first session, actually the last Congress, a
computer security bill which does have the dimension of
fellowships for computer security. Even that is not enough.
Much more needs to be done. We have also been pushing teacher
training in technology, not so much looking at the higher
education, but more education from K through 12, to make sure
that even those teachers know something about how to use
technology because the youngsters do, so they can also inspire
them.
My legislation for women and minorities and disabled in
science, engineering and technology, the commission is meeting,
it will be coming up with its recommendations to get more of
those groups that have traditionally not been involved,
involved in those fields.
Well, I thank you. I am going to now----
Mr. Horn. If you might yield on that point----
Mrs. Morella. I am going to recognize you for your
questioning.
Mr. Horn. Your associations could do a lot of good in
bringing together the people from the Silicon Valleys of this
Nation, and the community college teachers in particular.
When you think that these programmers get about $60,000
when they are out of college or out of the community college,
and what we need, speaking now as a Californian where we
started the community college movement and we have about 107
campuses from San Diego to the Oregon border, and they should
be talking to the Silicon Valley types and vice versa. Because
the State will never have enough money to get the equipment
that is needed to educate people on to meet the people's needs
as they go into the industry. It just seems to me there ought
to be a summit meeting that perhaps your group, Mr. Miller, or
your group and friends in the publishing world, and getting all
these people in the room.
When you think of what Jamie Escalante, the great teacher
in L.A., that took young people that everybody had given up on
and they got right at the top of the college boards, and it can
be done. We need to do that and we need to get the Mexican
Americans, Hispanic Americans, African Americans, Americans,
whatever they are, into seeing a point in their lives where
they can make a substantial income. That is only going to
happen if we start, as the chairman here said, concerning the K
through 12. That is fine. But I think the K through 13 and 14
have to be considered, where their role, really, is to be
either an academic program or a vocational program. In this
case it is both. You need the academic background. You also
need the vocational background. And you need the opportunity to
work on equipment that makes sense.
I know from what I had to go through with a very--probably
the largest school of engineering west of Texas A&M, and we
were just swamped with problems on equipment in the 1970's and
the 1980's. Finally, our trustees stepped up to the plate and
said OK, so we will pay engineers more, we will pay people in
the business school more. Well, that doesn't solve all the
problems, because the equipment is the problem, and the
millions that takes. And that is where it is everybody's self
interest to do something along that line.
Now, I don't know if you want to add anything to that or if
you are willing to do that conference, but we ought to get them
in the same room with the American Electronics Association and
so forth.
Mr. Miller. We tried to do that the last couple of years,
Mr. Chairman. We are making progress. I think that the IT
community discovered the community college system very recently
in a sense. They didn't previously think of it as a resource,
except for some chip manufacturing companies, which didn't see
the need for a 4-year degree. So you had a couple of instances
in Arizona, particularly where Maracopa Community College was
training people to work in the cleaning rooms for some of the
major chip manufacturers. But I think the IT industry at large
didn't see the community college as a good resource.
We held our first national work force convocation at the
University of California at Berkeley in January 1998, and I
think that is the first time that the IT industry began to
understand that the community colleges were willing to be
flexible, and, frankly, they can change a lot more quickly than
formal 4-year universities, I am sure you know as a former
university president.
Mr. Horn. You are absolutely correct. You won't get your
supply from Berkeley. They are wonderful people. It is true.
They have research designs. Ph.Ds, there is a use for some of
those, face it, but you want the worker people, which does take
skill, which does take imagination, and some day they might be
running their own Silicon Valley firm. That is the way the
whole evolution of that Santa Clara Valley has happened.
Mrs. Morella. I used to teach, at a community college in
Montgomery County.
Mr. Horn. Absolutely.
Mr. Miller. It is happening. Yesterday the National
Commission on the 21st Century Workforce had its second field
hearing, it was actually held at De Anza in Silicon Valley, and
I know that that is a focus of attention.
I spoke at a major event that the Houston Partnership held
3 months ago, and virtually every attendee was there from a
community college. So I think the communication is starting. We
are having our third convocation in Chicago in April of this
year, and have invited many of the colleges to participate. The
key to the community college is obviously getting support of
the State legislatures to get the funding to be able to offer
the courses. In most cases State legislatures do seem willing
to do that.
Mr. Horn. They see it helps their economy.
Mr. Miller. It is an economic development issue, not an
education issue. That is what employers want to know, if I move
my business there, where am I going to get my IT workers.
Mr. Horn. You might have covered this while I was going
over to vote, but when you look at the issues that confronted
the Nation that I mentioned to Mr. Koskinen on the domestic
side, do you have any particular issues that relate to
technology that you think we ought to have that kind of
operation that we have had in the last few years where you have
somebody on behalf of the President pulling these things
together, if it affects the economy and efficiency of the
executive branch, which is the jurisdiction of my particular
subcommittee? So what would your themes be that somebody ought
to be looking at?
Mr. Miller. Well, I have a couple. One we discussed, I
think, at a previous hearing, which is an information security
czar. I think that the Koskinen model is also applicable to the
information security area.
Right now, Mr. Chairman, if someone from academia came up
and put a chart up on the wall of how information security is
handled inside the government, I don't think that wall is big
enough to put all the boxes up there, because it is split over
so many places. Everyone is well intentioned and has good
purposes.
Mr. Horn. With the Chief Information Officer role being
pretty much throughout the 24 major agencies, hasn't that
helped?
Mr. Miller. That is very helpful. But, again, even there,
that is just within the particular agency. We are also talking
about interrelationship with the private sector, and depending
on who you ask, 85 to 90 percent of critical infrastructure we
have to protect is in the private sector. Yet we have to
coordinate with the government. Who do we coordinate with? Do
we coordinate with Mrs. Morella's favorite office, the CIAO
office, or do we coordinate the NIPC, or do we coordinate with
the National Security Council or the Commerce Department? It
goes on and on and on.
So we are looking for simplicity. The great thing about Mr.
Koskinen's office was it was a little bitty office. He couldn't
do a lot. What he could do was he could be an enabler, he could
be a man who cracks the whip and try to get you to move
quickly. But at the end of the day, you had to do it. He was
never going to try to superimpose his own bureaucracy, either
on the private sector or on a government agency. That is what I
mean by a czar, not somebody that literally dictates what the
private sector or the Federal agencies do. Mr. Burbano has to
decide what the State Department does, Mr. Cosgrave has to
understand what the IRS does. But someone who can coordinate
and pull that all together, I think that would be very helpful.
Mr. Horn. Well, they have a council, and I don't know how
active that was before this assignment was given them, but they
certainly ought to be working on the consensual part. Of
course, what I am after is, and I will be putting it in
shortly, is the office of management idea where the President
has somebody there that knows something about management, not
just the budget. Every President puts in a director that is
either an accountant or politician or economist, but they don't
put anybody in that knows a thing about management, that has
the President's ear.
So I want to split that off, and, fine, keep the director
of the budget, but make a director of management. Roosevelt had
that, Truman had it, Eisenhower had it. It went downhill
starting with Kennedy and right through Reagan. They all
politicized the Bureau of the Budget, which were professionals,
and they served every President, whether they were Democrats or
Republicans. It didn't matter. It didn't matter what their
party was. They were professionals. And we have lost that
contingent, until we got into this situation. When we wrote the
President and said look, you have got to put somebody in
charge, because it is going nowhere, and nothing but
procrastination, and he did. He made a good choice.
The same thing I wrote him with Rossotti. I said look,
every President has put in tax attorneys and tax accountants,
how about getting a chief executive for the job. And he did a
great job in getting Mr. Rossotti. So you had two splendid
appointments that turned agencies around.
Mr. Miller. Absolutely. Mr. Cosgrave, who was the CIO of
IRS, was previously a CEO of a company, was actually on my
board of directors, and Mr. Rossotti recruited him to come and
fix the Y2K problem and run that. I certainly agree with you,
Mr. Chairman.
I guess another thing I would say in terms of a theme is
with all due respect to my friends in the Federal Government
who bemoan the fact there are not enough Federal IT workers, I
think they are trying to stop this tide, and they are not going
to win this battle. We try to help them, we meet with CIO
council, et cetera, to try to figure out how the Federal
Government is going to recruit more IT workers. But I think in
the long-term trend they are going to lose.
If they are going to lose, I would rather see them focus
attention on the transition to a world where there is much more
IT functionality outsourced, rather than trying to constantly
refight this battle of what are they going to rejigger in the
OPM manual to somehow recruit a few more IT workers. And that
does not slight the Federal IT work force. I think they are
great people. But I think they are just fighting a losing
trend, because the delta between the Federal sector pay and the
private sector pay is getting bigger and bigger. The benefits
for people going into the private sector are much higher.
My members never liked to voluntarily attract someone out
of the Federal marketplace, because they are making their
customers mad at them, but the reality is you can't throw away
a resume when someone sticks one in your hand and says I want
to get paid 25 or 30 or 50 percent more, I want to come work
for your company, than I can make working in the Federal
marketplace.
So I think one of the issues your subcommittee wants to
look at is how do you do that transition. I think it is going
to happen, and to do it smartly rather than constantly trying
to smart stop the tide I think would be a much more productive
use of resources.
Mr. Horn. We would welcome any thoughts you have on this. I
know we are already in touch with you at the staff level for
the computer security hearing coming up soon.
Mr. Beach. Mr. Chairman, I would like to comment briefly on
your summit idea. I think that it is a very good idea and
encourage you to consider submitting an op-ed piece we could
run in CIO Magazine that would bring it to the attention of
about 300,000 people.
I like the idea of director of management for one reason.
Again, I was referencing earlier the CIO Know Pulse Poll that
we recently did that shows within 18 months, 6 in 10 in the
private side of the business are going to have e-business, and
it is going to be their core business model. And how you have
kept the feet to the fire for the Federal agencies here leading
up to Y2K, I think this director of management, whoever he or
she is, should have as one of their tasks to make certain that
all the agencies and the millions and billions of dollars that
the U.S. Government has spent to upgrade its systems, how are
these being used, what new services, what new applications are
you providing for getting our bang for a buck.
Getting back to the previous question, Mr. Rossotti
mentioned I think that in the IRS, they upgrade each year one-
third of their computers. So what happens to the third that are
being thrown out? Where are these going? The other issue is
there is a great opportunity in the junior colleges and the 4-
year schools for the faculty could be adjunct faculty from the
business community. These are the men and women who know most
about its leading technologies. I would encourage a program of
adjunct faculty to our Nation's community colleges are 4-year
schools.
Mr. Horn. You are absolutely correct, because the research
universities are simply too involved in long-term research,
which does have a payoff in many ways. A lot of our industry is
based on that research. But in terms of getting a curriculum
turned around, as you correctly viewed, that can happen much
more easily in a community college. Rather than have the
faculty say let's think about this for 3 years.
So that is part of the problem. This is a national crisis
in skills. On the Clinger-Cohen Act, we are focusing partly on
the information technology human resources issues and the need
for qualified individuals and managers when that comes up.
And that's another one coming up in the next few weeks. So
let me skip to something else that isn't as serious as what
we've had here, but I guess I'd want to ask Ms. Hotka that I'm
just curious with the wonderful technology we have to trace
everything in the stores of America, do you know how many
generators were turned in?
Ms. Hotka. We were sure, Mr. Chairman, that we would see
this mass return of generators which would then be refused at
the store level by stores who said that they wanted to sell it
to you instead of lend it to you. We were amazed instead that
stores used this as a customer retention mechanism. They said
please, come back and return it and while you're here, buy
something else.
Mr. Horn. I was educated yesterday by my staff when I
raised this that there was such a thing as a stocking fee and
tell me about that.
Ms. Hotka. What some of our retailers did was to charge a
restocking fee so that if you brought back the generator after
January 1 in the box because you didn't need it, that they
would charge 20 percent. Some of them did that, did in fact
charge that fee but some of them I think surprised all of us
and used this as a way to get those valued customers back into
the store and while they were there, by the way, why don't you
buy this Christmas tree which is on deep discount and it worked
beautifully. We saw very little demand--that was one of the
things that surprised us too. We thought that the public was
going to flock into stores at the end of the year and buy all
kinds of stuff. We didn't see it at all.
Mr. Miller. If I could make one point about your CIO
elevation on the last question, I want to bring to your
attention a new institution which the Virginia secretary of
technology Don Upson is creating called the CIO Academy. I
don't know if he's publicly rolled this out yet, but I know
he's already recruited several State CIOs to be on the board of
directors.
He's recruited Jim Flyzik who is the CIO of the Department
of Treasury who was kind enough to ask me to do it. He's got
some other people from the private sector. I think this relates
to the whole issue that you, of course, implemented within
Clinger Cohen which is elevating the whole position of the CIO
within the organization.
And obviously one of the major roles that Mr. Beach's
publication does is it also creates a network through his
publication, his polls, his meetings he sponsors. I think
Secretary Upson tends to do this in a much more educational
level. I think you're going to see more and more where this is
going.
Now, the challenge, and I think, Mr. Beach, you had an
article in your publication recently about whether the CIO job
will even exist in 5 years. You had some futurists discussing
that. I think one of the conclusions was there would be no such
position, maybe a chief knowledge officer or something else
like that but there wouldn't be a CIO because technology will
become so ubiquitous that the idea that you have a specialist
would be like saying you have a telephone specialist. That
won't exist anymore.
Generally, I think business and government are paying a lot
more attention to the whole role of the CIO and part of it is
because of Y2K again. It all rolls back to the fact that Y2K
suddenly brought to the attention of the CIO and the CFO and
board of directors that this guy or gal who ran the technology
wasn't some person who you could just put off on the side of
the back room, that he or she was fundamental to your strategic
business or strategic government delivery of services.
Mr. Horn. In educating a CIO, what is your percentage of
technology versus management skills?
Mr. Miller. I'd say knowledge of technology is somewhere
between 5 and 10 percent, management understanding business,
understanding the core operation is probably about 90 percent.
I think the same way as a CFO. I don't think you expect the CFO
to be your bookkeeper. The CFO is your financial planner,
business organizer. I think the same thing is true of your CIO
you don't expect him or her to be necessarily the chief
technical person, that he or she is the person who is looking
at how the technology fits into the business organization. Mr.
Beach probably has some surveys on that I'm sure.
Mr. Beach. We've got lots of them. It's along with what
Harris said. I mentioned it several times here today that what
has happened is that technology and e-business and e-commerce
and the overuse of the letter ``E'' but what has happened is
that there has got to be an extension to a company's business
model. So technology has gone from being an extension of how we
govern to being the core--a core part of that infrastructure of
how we govern.
I would agree with the percentages of Harris that the more
successful CIOs that I see are those men and women who have a
keen understanding not of technology but of their customers
because then they could always use technology to service that
customer need rather than saying I know everything about fiber
and all this other stuff, you say let's go find a customer to
satisfy that. So they are more customer-focused, and smart
businesses and smart governments are realizing that technology
is going to be a core platform in terms of how they provide a
good or service.
Mr. Horn. Does your magazine take a look at how Y2K made us
learn that we can now better manage the operation once we had
to get in and say let's merge this system with that system or
let's just get rid of it? To what degree do you see that
movement in the executive branch?
Mr. Beach. In the executive branch here in Washington?
Mr. Horn. Right or the field.
Mr. Beach. I think the lesson learned from the CIOs in the
private sector, what Y2K taught them is that no one is an
island, that all these businesses are connected in these global
supply chains. And I can't comment particularly on the question
of executive branch, but I would say that you--no one aspect of
the government, whether it's legislative, the judicial, or the
executive is--it's never been that way, but technology is
giving each of those branches a better opportunity to
communicate and share information and govern in ways that we
haven't thought of.
Ms. Hotka. If I can expand on that too. I think one of the
things that we found was Y2K was such a flash point, that if I
called up someone from a company who's not a member and said I
need to talk to you about Y2K, I could get that person on the
phone instantly. It cut across all kinds of company barriers.
There was no competitiveness at all. We had an immovable
deadline and an issue that everybody understood and so everyone
was willing to talk to everyone. If we can come to some kind of
goal like that, obviously we'll not have this again. And thank
God for it, but if we could come up with some kind of goal for
technology literacy and for good corporate use of IT, we could
again get to that point where I could pick up the phone and get
anybody on the phone and be able to cooperate. It was useful.
If we can harness that again it would be terrific.
Mr. Horn. I think you're right. I've got just one or two
things to say here, and then I'm going to leave and Mrs.
Morella, she reminds me we have a conference, all of us at 1
p.m. Let me say without objection, I want to file within the
testimony when after Mr. Koskinen, an exchange of letters
between the Secretary General of the United Nations and myself.
Mrs. Morella. Without objection, so ordered.
Mr. Horn. No. 2, I would like to thank the following people
that have been involved and not just in this hearing but in
most of our hearings. From the subcommittee on Government
Management, Information, and Technology, J. Russell George,
staff director and chief counsel; Matthew Ryan, senior policy
director; Bonnie Heald, director of communications and
professional staff member; Chip Ahlswede, chief clerk and
unfortunately it's his last hearing with us; Deborah Oppenheim,
intern; and minority staff, Trey Henderson, the counsel; and
Jean Gosa, minority staff assistant; and for the Technology
Subcommittee of the House Committee on Science, Jeff Grove,
staff director; Ben Wu, counsel; Vicki Stackwick, staff
assistant; the technical minority staff is Michael Quear, the
professional staff member; and Marty Ralston, staff assistant;
and our two court reporters today are Bob Cochran and Laurie
Harris. And we thank you all for what you're doing.
In closing on my behalf, I would say governments and
industries worldwide have benefited from this experience. I
think that testimony was very clear today. This problem has
many silver linings as our witnesses have described. There are
equally as many if not more people who have worked tirelessly
in an effort to solve the year 2000 computer problem, and we
saw some of them before us today. Obviously Mr. Koskinen is
Assistant to the President and Chair of the Council on the Year
2000 Conversion. The General Accounting Office staff,
particularly that staff headed by Mr. Willemssen, who was here
today. Federal, State, and local government personnel, the
private sector, individual grass roots organizations, and the
two staffs I've mentioned and the technology subcommittee which
has been our partner in overseeing this massive and unique
experience and we thank them and this success demonstrates what
can be accomplished with leadership, focus, and dedication, and
it's a great legacy to begin this new millennium and we thank
all of you for your hard work. I thank the chairwoman.
Mrs. Morella. I thank you, Mr. Horn. You've expressed it
very well for all of us. Hardly a time to ask another question.
I guess my final one is now as we look into the near future,
any comments about February 29 and this concept of windowing?
Has that been taking place and is it anything that we should be
looking into, comment on, enlighten the public on? Mr. Miller.
Mr. Miller. The companies would take the same attitude that
you heard expressed by Mr. Koskinen and the panel this morning.
They don't expect very many problems with February 29, but they
are maintaining diligent oversight of the problem. Every leap
year there's a problem.
I hate to tell you, whether it's supposed to be or not
supposed to, there's problems so it's not unique. I think there
will be diligence, but I wouldn't expect any major problems. As
far as windowing again, in a way it's postponing the problem. I
think the expectation is it's been postponed long enough. It
will be OK, but we got fooled last time around. There's another
windowing problem which you may know about, which is not
necessarily this subcommittee's concern, which there is a
gentleman who has a patent on windowing who wants a lot of
companies to pay him a lot of money for that. But that right
now is a matter before the patent office and perhaps a matter
before the court so probably Congress doesn't want to touch
that one right now.
Ms. Hotka. When we did our testing, when retail companies
went through and tested all the systems they thought were fine,
the No. 1 thing that came up with was leap year. We don't
expect the world to come to an end. We think you'll still be
able to shop, but if I had to pick one thing that I thought was
going to be funky that is it. We'll be in the ICC again.
Mr. Beach. I would just make a comment on the windowing
that I believe Eduardo and the previous panel mentioned it that
keeping an inventory of those applications that have been
windowed might be wise. I'd like to know where those are in 20
years. I don't think we should make the mistake that we made in
the 1960's and 1970's that these applications are not going
to----
Mrs. Morella. Exactly. Even when you think of the 1980's,
the 20-year span whoever thought we would now be in the year
2000. Any final comments that you'd like to make? I want to
thank you all very much for again being here, sharing your
expertise, and also for all that you have done to make this Y2K
millennium bug be squashed. I thank you very much. So we now
adjourn the meeting.
[Whereupon, at 1:07 p.m., the subcommittee was adjourned.]
[The prepared statement of Hon. James A. Barcia follows:]
[GRAPHIC] [TIFF OMITTED] T6711.075
�