Congress praises, admonishes DOD in 1999 bills

Both Houses of Congress strongly endorsed the ability of information technology to enhance U.S. military capabilities in separate versions of the 1999 Defense authorization bills passed last month.

The House and Senate strongly backed efforts such as the Navy's Information Technology for the 21st Century project, a program worth more than $1 billion to equip the Atlantic and Pacific fleets with commercial off-the-shelf equipment, while sharply criticizing other programs such as the Global Command and Control System (GCCS) developed by the Defense Information Systems Agency.

The billions of dollars in IT spending are now paying off, according to the House National Security Committee. "Finally, the battlefield advantages conferred by the application of information technologies and similar innovations to military systems promise to transform warfare in the near future," the committee wrote in its report on the 1999 DOD authorization bill.

The committee backed this language by taking the unprecedented step of setting a funding floor under key IT infrastructure programs in the Army, the Navy, the Air Force and the Marine Corps for the next three years (see box).

Eben Townes, vice president of Acquisition Solutions Inc., a consulting firm, said he had never seen language "that set a minimum level of spending for IT. This is good news and an endorsement of IT."

The House bill also restricted the Pentagon from spending any more than 25 percent of the 1999 budget for mission-critical IT systems on anything but efforts to correct potential deficiencies in those systems resulting from bad Year 2000 computer code (see related Year 2000, Page 9).

In similar language, the Senate Armed Services Committee said in its report on the DOD bill that it "believes that effective development of advanced technologies will be a key factor in ensuring [that] U.S. armed forces dominate on any future battlefield— on the ground, on the sea, in the air, in space or in cyberspace."

The Senate committee boosted funding for selected IT programs in all the services, with the core Navy and Marine Corps IT infrastructure projects receiving sold backing (see box, Page 9).

While endorsing the power of IT, the House committee questioned the Pentagon's overall management of DOD IT and command, control, communications and computer (C4) programs. The report said the committee remains "unconvinced that the department has made the necessary improvements in managing its $26 billion C4 program. This is particularly disturbing, given the increasing role of information technology in the battlefield of today and tomorrow."

John Pike, an analyst with the Federation of American Scientists, said this criticism may reflect the fact that many of the newer IT systems that DOD kicked off in the past five years are now reaching critical development or fielding stages. ''Right now is the time that many problems will surface,'' Pike said, ''because DOD is midway into fielding many new systems.''

The House sharply criticized GCCS and its companion program, the Global Combat Support System (GCSS), both of which were developed by DISA. The House committee pegged the total cost of GCCS at $1.7 billion and estimated it would not be fully operational until 2003.

But, the committee report said, "Most of the technology under development for GCCS is available today in [COTS] packages at a fraction of the cost."

The House report said each of the services is developing its own version of GCSS, leading the House committee to conclude that "the department is labeling systems 'joint' and 'global' that are not single, standard or interoperable for use throughout the department."

DISA's financing also came under fire by the House, which said the agency uses "direct appropriations to offset the cost of working-capital fund services" and pegged the cost of these offsets as high as $285 million in fiscal 1998. As a result, DISA's charges to its customers "may not represent the true cost of the services provided.''

The House recommended that $221.6 million from DISA's 1999 budget be funneled back to the services to offset rate increases planned by the agency in 1999. DISA declined to comment on issues raised by the House. A DISA spokesman said it is agency policy not to comment on bills in progress.

Warren Suss, a telecommunications analyst who specializes in federal programs, said, "Cutting that much money out of the agency's budget will be a terrible blow. DISA is in the midst of managing the biggest transformation in DOD telecommunications history, and this will really hurt."

****

Tension mounts over Y2K problem

BY BOB BREWIN

The House and the Senate, in their respective fiscal 1999 Defense Department authorization bills, have begun to issue dire warnings about the effect the Year 2000 problem will have on Defense systems, including the possibility of an accidental nuclear attack from foreign countries.

The Senate Armed Services Committee (SASC), which passed its DOD authorization bill last month, reported that the Year 2000 problem poses a "far more serious danger to national security" than any of the highly publicized hacker attacks against DOD systems. A hacker group earlier this year claimed it had penetrated Defense systems, stolen classified software and data, and copied software that controls military satellites. The claim received widespread media attention after DOD officials acknowledged they were investigating the attack. DOD later said the group accessed no classified information.

In its report, SASC also noted that the Year 2000 problem could disrupt civilian infrastructures— for example, the electrical grid and telecom systems, both of which DOD relies on heavily.

A congressional staff member who did not wish to be identified said unless the Year 2000 problem is resolved, "we as a nation will see the effects of what amounts to an information warfare attack"— one that is caused by malfunctioning computers.

Industry and congressional sources said the top leadership at the Pentagon and in the Clinton administration has not paid enough attention to the Year 2000 problem and its effect on national security. "Until now, DOD has been treating this as a computer science problem, when in fact [it] should be treating it as what it really is: a national security issue," the staff member said.

The staff member said she was amazed that President Clinton did not mention the Year 2000 in his critical infrastructure speech last week [FCW, May 25]. "Y2K is an important part of the critical infrastructure," she said. "It better be made part of a critical infrastructure plan."

The House National Security Committee also sharpened its focus on the Year 2000 problem in its version of the fiscal 1999 DOD authorization bill. The House committee reprogrammed $1 billion from the Pentagon's total $13 billion information technology budget to pay for Year 2000 fixes. The Senate pumped an extra $92 million in new funds into the DOD budget for Year 2000 remediation and contingency planning efforts.

DOD had a lukewarm response to the reprogrammed $1 billion Year 2000 fund in the House bill.

"Experience tells us that such central funds can be too cumbersome to be administered effectively on time-sensitive problems such as Year 2000," said a Pentagon spokeswoman.

Olga Grkavac, senior vice president of the Information Technology Association of America's Systems Integration Division, said $1 billion is "not nearly enough." Congress should come up with substantial funding as well as strong language to help DOD beat the Year 2000 deadline, she said.

SASC also voiced concerns about Year 2000 deficiencies in other nations' systems that control nuclear arsenals, raising the specter of an accidental nuclear attack.

The Senate warned about "the problems that are posed to our national security as a result of Year 2000 noncompliance on the part of the systems of other nations. Although the leaders of other nations are aware of the problems, it is difficult to predict how they or their subordinates will react if their own information and support systems are crippled by [Year 2000] deficiencies."

The report added, "In an age where weapons of mass destruction are controlled through elaborate information networks, the threats posed to the viability of those networks is of critical importance, and steps must be taken to ensure that any confusion or misunderstandings are resolved before they develop into a crisis situation.''

John Pike, an analyst with the Federation of American Scientists, said this statement, in his view, means "the Senate is concerned about [another nation] going to a high-threat condition as a result of false alarms [caused by Year 2000 bugs] or an accidental nuclear strike as the result of a malfunction in a command and control system."

Analysts and congressional and industry sources said this is the first time they have seen such strong language focusing on what they consider to be the real national security implications of DOD's slow Year 2000 remediation efforts. The Senate report concluded that it is "unlikely" DOD will fix the Year 2000 problems in all of its 1,891 mission-critical systems by Dec. 31, 1999.

Nancy Peters, a vice president at CACI International Inc. and chairwoman of the Year 2000 Committee of the ITAA, said, "Y2K is a national security crisis, and this country should be mobilizing in the way it responds to war or national disasters."

In a statement, the Pentagon said it "is aware of the seriousness of needed Year 2000 corrections. The department is cautiously optimistic about meeting our Year 2000 goals." The newly formed Senate Year 2000 Committee plans to hold hearings June 12 and will focus on critical-infrastructure issues.

DOD and industry sources said they expect Congress to take an even greater interest in the Year 2000 before Congress adjourns for the summer, with Congress backing its strong language with more funding and legislative relief for contractors hesitant to undertake the Year 2000.

Industry and Congress also said the Pentagon needs to shift its focus from hunting down and fixing every line of affected software to developing plans to ensure what ITAA's Peters called "continuity of operations."

The Senate bill would require Defense Secretary William Cohen and George Tenet, director of the CIA, to provide a report that will "outline a comprehensive contingency plan for the entire national security communit, as well as individual contingency plans for the separate elements of the community, including the creation of crisis action teams to respond to emergencies from the [Year 2000] problem."