DOD reports more systems need Y2K fix

Amid numerous internal reports that are critical of its management of the Year 2000 problem, the Defense Department last week released a report indicating that it is further behind schedule in fixing computer systems for the millennium than previously reported.

In its quarterly Year 2000 progress report submitted to the Office of Management and Budget, the Pentagon reported that the number of mission-critical systems that will not be fixed by the March 1999 OMB deadline for Year 2000 compliance increased from 34, as reported in May, to 69. In addition, the number of mission-critical systems that have fallen at least two months behind schedule jumped from nine to 51, according to the report. DOD officials said the increase is partly a result of a new "candor and openness" in reporting on the progress of Year 2000 fixes throughout DOD.

However, DOD also reported that 42 percent of its 2,965 mission-critical systems are now Year 2000-compliant compared with only 29 percent in May.

The quarterly progress report was released amid a stream of DOD inspector general reports that were critical of the department's Year 2000 readiness.

Last month the DOD IG reported that DOD information systems managers certified some systems as Year 2000-compliant without testing or inspecting the systems, and some DOD units certified systems as compliant based on statements from other organizations without independently verifying the information. As a result, only 25 percent of the 430 systems that DOD said were compliant in November 1997— the universe from which the IG sampled— were actually Year 2000-compliant, according to the IG report.

In other reports, the IG found:

* The U.S. Central Command (Centcom), which directed last week's cruise-missile strikes against Afghanistan and the Sudan, "faces a high risk that Year 2000-related disruptions will impair its mission capabilities."

Marine Gen. A.C. Zinni, Centcom's commander, agreed with the report and told the IG in a letter that ''the failure of my information technology systems would severely degrade my ability to carry out the mission [of Centcom]. We remain dedicated to resolving Year 2000 problems with our mission-critical systems."

* The Defense Information Systems Agency "faces increased risks" that its information and technology systems will not operate properly in the Year 2000 and beyond. DISA, which operates worldwide networks for all the services and unified commands such as Centcom as well as the Global Command and Control System, also has not developed contingency plans for its systems.

* Centcom operates six mission-critical systems but relies on 235 systems that are operated by other commands and agencies. It has not developed a method to test if those systems are Year 2000-compliant or how those systems would impact Centcom if they fail.

Bill Curtis, the Pentagon special assistant for Year 2000, said the IG's mission-critical systems report is "old" but produced beneficial results, including the tightening of reporting requirements and a push for high-level control as outlined by Defense Secretary William Cohen in an Aug. 7 memo [FCW, Aug. 17].

"That [report] caused such a stink that it caused us to go back and require dual certifications," Curtis said. He added that many of the problems raised in the report already have been rectified by a new DOD Year 2000 management team, although Curtis acknowledged that the reports "are not pleasant."

Curtis said that what he called the "bum data" cited in the IG report resulted in part from an inclination of systems managers to avoid delivering bad news. "The pressure from the top was so strong that anyone who dared report anything besides [compliance by] December 1998 [the DOD target Year 2000 remediation date] was worried. That's because we 'shot' the messengers," he said.

The Pentagon now stresses accuracy, Curtis said, "because we want to know where to put the resources to fix problems.''

Robert Lieberman, an assistant inspector general for audit at DOD, said DOD officials did not know Year 2000-compliant meant that the system must be tested, thereby causing many managers to count systems as compliant even though they had not been tested to see if they could properly process dates containing 2000.

"The quality of reporting has been poor due to people not understanding the definition of what it means to be compliant,'' Lieberman said. "There was not enough attention paid to the quality of reporting. I think there are signs that the reporting has become more accurate. Some management is not going to tolerate continued inaccuracy in reporting because we're at the point where we have got to get it right.''

Lieberman said the government needs to have "a zero-tolerance policy on inaccurate reporting. It was obvious that this was a reporting drill, and [DOD] thought no one would care about what the numbers are.''

Olga Grkavac, senior vice president of the Systems Integration Division at the Information Technology Association of America, said inaccurate information has been the chief cause of DOD's Year 2000 mismanagement. "There's just no way to verify the numbers they are producing,'' said Grkavac, who also questioned the accuracy of the August report to OMB.

John Koskinen, chairman of the President's Council on Year 2000 Conversion, said he has confidence in DOD's report on the total number of mission-critical systems and the number of systems that are compliant.

"At this junction, I have confidence that the numbers are accurate,'' Koskinen said. "Certainly there are no attempts to provide misleading numbers. The numbers are increasingly becoming accurate."

The DOD IG plans to release 31 more Year 2000 reports in the near future.