The subcommittee also graded a number of agencies and departments separately. Social Security, which began fixing its systems in 1987, received an A+. Other agencies did not fare so well. The Department of Defense, with thousands of computer-controlled weapons systems, many of them quite old, got a D. The Department of Transportation managed no better than an F. More than 7,000 of the government's computer systems have been identified as “mission critical”; of those, 40 percent were considered Y2K compliant in May 1997. That sounds pretty good until you learn that 21 percent were already compliant a year earlier: The pace of remediation is obviously far too slow.
The Federal Aviation Administration learned from IBM a few months ago that 40 large 3083 computers used in air-traffic-control centers not only were not Y2K compliant, but could not be fixed. Big Blue offered to sell the FAA new computers, but neither the budget nor the time now exists to buy and install them. The General Accounting Office foresees “major delays and disruptions” in air transportation. Not to worry, however; the FAA has promised to keep the skies safe by first installing temporary patches and then replacing the computers.
Its British counterpart, the Civil Aviation Authority – Europe has special problems, being hit by currency conversion and Y2K at the same time – has already suggested that traffic levels may have to be lowered, in advance of the fatal moment, to as little as 30 percent of present levels to allow controllers to fall back on manual methods of flow control. This is bad news for those who hope to wing off to exotic locales for Millennium's Eve. Significantly, the humorous sign off to most Y2K discussions, regardless of the source, is, “I'm not going to be in an airplane at midnight!” It is, in fact, questionable whether any commercial airplane will be so rash as to be in the air at midnight, because of the strong presumption that something – who knows what? – could go wrong.
Although Y2K is usually described as a “computer bug,” computers as such are not its only prey. In fact, as severe as the effects on data-processing systems could conceivably be, the effects on another class of electronic device could be at least as bad, perhaps worse. These are computers without screens or keyboards, so-called “embedded systems”: the special-purpose chips and circuit boards that control the operation of a host of devices, from digital wristwatches right up the scale to nuclear-power plants.
Unfortunately, it's difficult to find out what chips are used in many electronic control systems, and what their characteristics are, without dismantling and testing the systems. But the more critical the system the more difficult it is to interrupt its use in order to test it, and since embedded controllers are often local devices with their own timekeeping functions, it's not possible to fully test, say, a power-generating station by turning ahead some central clock. In principle, each controller with any risk of failure would have to be tested separately – a task something like having to open up each person's chest to find out whether or not he has heart trouble.
The number of embedded controllers, worldwide, is estimated to be somewhere between 25 billion and 40 billion. Published guesses at the number of them that are at risk from Y2K problems range from 50 million to 400 million. Even if all the electronic technicians on Earth started now and worked round the clock, there are not enough of them to test and replace all of the suspect chips between now and December 31, 1999.
Embedded controls present a special threat in part because of their ubiquity, and in part precisely because they are embedded, sometimes very deeply, in complex systems whose design and operation are often not well documented or understood. They are also, in some cases, physically embedded underground, under concrete or underwater.
Thousands of types of chips have been manufactured in the past few decades, embodying a huge variety of operations and decisions in various combinations. The sheer number and varieties of chips, while convenient for manufacturers who use them, have tended to prevent standardization. Two copies of the same product bearing the same model number may contain different internal components. Designers of devices who require a timing function, for example, can choose from among many kinds of chips to provide it. Some incorporate continuously running digital clock-calendars and compare the times, including the dates, of events to measure the elapsed time between them; some merely count cycles of an oscillator, re-initializing themselves with each new event. Depending on the job to be done, a manufacturer might, for reasons of cost or availability, select a chip incorporating a clock rather than a simple counter, even though he cares only about seconds, not days, years or millennia. That seemingly innocent choice, made a decade or two ago, could have left a computational cancer cell lurking in the heart of a power plant, a supertanker, a sewage-treatment plant, a life-support device, a weapon. And it may be multiplied millions of times throughout the world.
Some of the predicted breakdowns of embedded systems will be mere irritations. Many digital clocks and watches will not work correctly after the turn of the millennium; VCRs, microwave ovens and other appliances containing timers may fail in various ways. It has been predicted, denied and reasserted that some buses and trucks will not start because of noncompliant chips in their engine-control computers, or that their air bags will not work; that some elevators will refuse to budge from the first floor because they will think that they have not been inspected within the required period; that traffic lights will behave crazily, or stop behaving at all; that electronic locks on bank vaults and prisons will simultaneously, and serendipitously, fail to open; and that communications systems, refineries, pipelines and electrical-power grids will be subject to random, seemingly inexplicable breakdowns.
Electrical supply is a cause of particular concern because of the complex arrangements for automatically switching loads; as has happened at times in the past for other reasons, seemingly insignificant local failures may bring about cascades of blackouts over large areas. The recent nationwide loss of pager service because of a broken satellite-stabilizing system, while unrelated to Y2K, serves as a prototype of the potential of remote electronic devices to disrupt vast segments of everyday life.
The great problem with Y2K is to figure out in advance how messy it will really be, and when the mess will start. While some computer professionals insist that there is nothing to worry about, others consider a major shakeout of U.S. corporations inevitable. Thirty-eight percent of information-technology professionals responding to a Gartner Group survey said that they intended to convert their investments to cash before the millennium; how many will actually do so, and when, is a question that should fascinate stockbrokers. But in the apparent absence of any consensus, whom should one believe?
On the data processing side, the troubles have already begun, with instances of point-of-purchase terminals balking at 00-dated credit cards; consumers or employees receiving two bills or two checks, or having services cut off for incorrectly alleged non-payment; and taxpayers being dunned for already-paid amounts. Companies are in no hurry to admit to their Y2K-related blunders, but isolated reports of trouble do surface. A Kraft warehouse, for instance, destroyed several million dollars worth of food when a computer decided that since it was to be sold before 1900, it was evidently out of date. A similar event occurred in England several years earlier.
It's evident that if nothing whatever were done to squash the Millennium Bug, the consequences would be costly. If this were not true, companies and governments would not be spending huge sums on fixes. But although a great deal is now being done, many programmers doing Y2K work agree that remediation efforts are coming too late, and that at this point making contingency plans is as important as trying to fix the date problem.
On the embedded-systems side, prognostication is even harder. Scattered reports from industrial plants testing their control systems suggest that the problems are real, and that their consequences could be costly or even in some cases disastrous on the scale of the Bhopal chemical release. But whereas with data processing some effects of the century rollover have already been seen, more are going to be, and most can be anticipated, many embedded-system problems will not even be identified until after the date rolls over. Then they may come in battalions.
But what then? Will jittery and overextended stock markets panic? Will lights go out, production lines halt and phones click dead as a tidal wave of failures races around the world, starting at the International Date Line? Or will human ingenuity and stopgap measures tide us over while, in the ensuing months, the strong happily devour the weak?
No one seems to know. That's what will make the times so interesting.
Research assistance for this article was provided by Ben McKean.