Year 2000

The subcommittee also graded a number of agencies and departments separately. Social Security, which began fixing its systems in 1987, received an A+. Other agencies did not fare so well. The Department of Defense, with thousands of computer-controlled weapons systems, many of them quite old, got a D. The Department of Transportation managed no better than an F. More than 7,000 of the government's computer systems have been identified as "mission critical"; of those, 40 percent were considered Y2K compliant in May 1997. That sounds pretty good until you learn that 21 percent were already compliant a year earlier: The pace of remediation is obviously far too slow.

The Federal Aviation Administration learned from IBM a few months ago that 40 large 3083 computers used in air-traffic-control centers not only were not Y2K compliant, but could not be fixed. Big Blue offered to sell the FAA new computers, but neither the budget nor the time now exists to buy and install them. The General Accounting Office foresees "major delays and disruptions" in air transportation. Not to worry, however; the FAA has promised to keep the skies safe by first installing temporary patches and then replacing the computers.

Its British counterpart, the Civil Aviation Authority - Europe has special problems, being hit by currency conversion and Y2K at the same time - has already suggested that traffic levels may have to be lowered, in advance of the fatal moment, to as little as 30 percent of present levels to allow controllers to fall back on manual methods of flow control. This is bad news for those who hope to wing off to exotic locales for Millennium's Eve. Significantly, the humorous sign off to most Y2K discussions, regardless of the source, is, "I'm not going to be in an airplane at midnight!" It is, in fact, questionable whether any commercial airplane will be so rash as to be in the air at midnight, because of the strong presumption that something - who knows what? - could go wrong.

BURIED PERILS

Although Y2K is usually described as a "computer bug," computers as such are not its only prey. In fact, as severe as the effects on data-processing systems could conceivably be, the effects on another class of electronic device could be at least as bad, perhaps worse. These are computers without screens or keyboards, so-called "embedded systems": the special-purpose chips and circuit boards that control the operation of a host of devices, from digital wristwatches right up the scale to nuclear-power plants.

Unfortunately, it's difficult to find out what chips are used in many electronic control systems, and what their characteristics are, without dismantling and testing the systems. But the more critical the system the more difficult it is to interrupt its use in order to test it, and since embedded controllers are often local devices with their own timekeeping functions, it's not possible to fully test, say, a power-generating station by turning ahead some central clock. In principle, each controller with any risk of failure would have to be tested separately - a task something like having to open up each person's chest to find out whether or not he has heart trouble.

The number of embedded controllers, worldwide, is estimated to be somewhere between 25 billion and 40 billion. Published guesses at the number of them that are at risk from Y2K problems range from 50 million to 400 million. Even if all the electronic technicians on Earth started now and worked round the clock, there are not enough of them to test and replace all of the suspect chips between now and December 31, 1999.

Embedded controls present a special threat in part because of their ubiquity, and in part precisely because they are embedded, sometimes very deeply, in complex systems whose design and operation are often not well documented or understood. They are also, in some cases, physically embedded underground, under concrete or underwater.

Thousands of types of chips have been manufactured in the past few decades, embodying a huge variety of operations and decisions in various combinations. The sheer number and varieties of chips, while convenient for manufacturers who use them, have tended to prevent standardization. Two copies of the same product bearing the same model number may contain different internal components. Designers of devices who require a timing function, for example, can choose from among many kinds of chips to provide it. Some incorporate continuously running digital clock-calendars and compare the times, including the dates, of events to measure the elapsed time between them; some merely count cycles of an oscillator, re-initializing themselves with each new event. Depending on the job to be done, a manufacturer might, for reasons of cost or availability, select a chip incorporating a clock rather than a simple counter, even though he cares only about seconds, not days, years or millennia. That seemingly innocent choice, made a decade or two ago, could have left a computational cancer cell lurking in the heart of a power plant, a supertanker, a sewage-treatment plant, a life-support device, a weapon. And it may be multiplied millions of times throughout the world.

Some of the predicted breakdowns of embedded systems will be mere irritations. Many digital clocks and watches will not work correctly after the turn of the millennium; VCRs, microwave ovens and other appliances containing timers may fail in various ways. It has been predicted, denied and reasserted that some buses and trucks will not start because of noncompliant chips in their engine-control computers, or that their air bags will not work; that some elevators will refuse to budge from the first floor because they will think that they have not been inspected within the required period; that traffic lights will behave crazily, or stop behaving at all; that electronic locks on bank vaults and prisons will simultaneously, and serendipitously, fail to open; and that communications systems, refineries, pipelines and electrical-power grids will be subject to random, seemingly inexplicable breakdowns.