Ed Yourdon's Web Site
Jan 1, 2000 Assessment of the Y2K Situation
I got up this morning and found that my e-mail inbox was already filled with messages with questions and commentaries about Y2K. Some asked if I was prepared to admit that I was wrong, and that Y2K had been a scam all along; some thanked me for making them think about the issue more carefully than they would otherwise have done; and most asked what I thought about the current situation.
The fact that I was even able to receive e-mail this morning obviously says a lot. The Internet is up, the lights are on, I got dial-tone when I picked up the phone. Terrorists did not attack the New Year's celebrations in Jerusalem, Rome, Paris, London, New York, or Washington. As best I can tell, none of the 100,000 computer viruses we had been warned to expect have attacked my computer system. In short, the world has not ended as of 10:00 AM Mountain time, here in Taos, New Mexico.
What does all of this mean?
I don't think there is a single correct answer to this question. Keep this in mind during the coming days, for there is a tendency in many discussions, commentaries, arguments, and analyses for people to assume a "binary" either-or, yes-or-no, all-or-nothing, black-or-white attitude toward issues like Y2K, not to mention several other complex issues and problems facing society. I believe that the current Y2K situation reflects a combination of several factors:
Potential Y2K problems have been fixed.
Let's give credit where credit is due: hundreds of thousands of computer programmers around the world worked long, hard hours (usually without being paid for the overtime work they put in) to fix some, or most, or possibly all of the potential Y2K bugs that would otherwise have occurred. I've stated publicly on several occasions that if any industry managed to muddle through the Y2K situation, it would be the banking industry -- because they had their own built-in sense of urgency, they had the financial resources, they had the technological sophistication, and they had more regulatory oversight and pressure than any other industry. The same is likely to be true for the military weapons "industry" -- i.e., the fact that none of the advanced countries of the world launched nuclear missiles at one another last night implies, among other things, that they worked diligently to remove whatever bugs might have caused a problem. The most notable outcome of Y2K last night is that, in almost all parts of the world, the lights stayed on. Industry experts like Rick Cowles are better qualified than I to comment on this, but it's easy to see why people would conclude from last night's success that the electric power industry did a better job, and achieved a higher degree of completion, than the preliminary reports and data suggested would be the case.
Potential Y2K problems were exaggerated.
This has been a common theme on the part of many Y2K "optimists," and I am one of many people who has been accused of exaggerating the nature, degree, and potential severity of Y2K problems. As I'll suggest below, I think it's premature to make this conclusion about software-related Y2K problems -- but I must confess that I'm beginning to wonder whether terrorist problems, and cyber-terrorism problems, might have been exaggerated. I have absolutely zero expertise when it comes to terrorism, so I simply don't know whether the intense media focus on potential terrorist attacks on New Year's celebrations, which we heard repeatedly for the final two weeks of December, was over-done. Indeed, several media reporters and anchor-persons seemed concerned about this possibility, and asked government authorities whether the constant coverage was creating more of a problem than there really was. Given the nature of this problem, there's a good chance that we'll never know how many threats really existed, how many were nipped in the bud, or how many were foiled at the last moment. In a similar vein, I'm amazed to see that there have been almost no reports of viruses or other cyber-attacks; this was perceived to be such a major problem that many corporate and government web sites have been shut down for the weekend; I was so nervous about it that I used a backup machine to access the Internet and pick up my email on the morning of January 1st -- just in case there were such virulent viruses that everything on my computer would somehow be deleted.
It's also possible that the embedded-system threat was exaggerated, though I feel strongly that it's far too early to make such a statement. But one of the frustrating things about the Y2K problem has been that (a) no one is precisely sure how many chips and/or embedded systems actually exist in the world, or (b) how many of these actually have a real-time clock with date-awareness, or (c) what percentage of the date-aware chips and embedded systems might fail on Jan 1, 2000 even if the "official" use of that chip did not involve any date calculations, or (d) what percentage of the "official" date-sensitive applications were actually non-compliant, and thus subject to failure, or (e) what percentage had actually been fixed, or (f) what degree of testing would be sufficient for an organization to confidently predict that it had actually solved the problem. The estimates for all six of these categories varied widely from one industry to another, and from one expert to another. My personal belief had been that even if the optimistic estimates were ten times too pessimistic, there was still such an enormous quantity of embedded systems that we would surely encounter some serious problems ... but perhaps we will eventually conclude that a large number of well-meaning computer experts exaggerated the extent of the problem.
Could we also have exaggerated the extent of the software problem?
Again, it's too early to tell; but it's hard to argue with the statistics that have been reported by Y2K IV&V vendors who have examined code that had been remediated, tested, and put back into production. Typically, the IV&V vendors have found between 100 and 1,000 undiscovered Y2K errors per million lines of code, and typically 30-40% of these errors have been judged as "moderate" to "serious" in terms of their potential impact. The reports from the first 10-12 hours of the new millennium suggest that no "serious" software-related Y2K bugs have occurred. Did we exaggerate the problem? I don't think so, but time will tell.
Many potentially faulty systems were turned off for New Year's, or run manually. We know that the Russian electric system was switched to manual on New Year's Eve; and we know that a large number of banks, ATM machines, seaports, pipelines, chemical plants, refineries, and other environments were either turned off, or run manually during the critical rollover period. Obviously, if a system has been shut off, we won't notice whatever Y2K problems may still be lurking inside; and if automated processing has been bypassed in favor of manual operations, we won't see the Y2K bugs. To the extent that this explains our initial success, we should be careful before celebrating too loudly.
Some systems had a lower load, and many systems had a higher
degree of support, than normal.
One common explanation for the success with electric utilities is that the winter-season demand in the northern Hemisphere is about half the peak demand in mid-summer. This allowed the U.S. to scale back the output of many utility plants to approximately 80% of their normal output, so that standby and spare plants could be powered up to handle any extra load that would have been needed if there were failures. Aside from that, almost every company whose systems were expected to be operational during the rollover had a far higher degree of support and supervision than would normally be the case. Thus, whatever Y2K problems did occur during the rollover were probably spotted more quickly, and fixed more quickly, than would have been the case under normal conditions. This situation will continue throughout the Jan 1-2 weekend in many organizations, and possibly on into the first business week of the year. This is not intended as a criticism at all; it's simply a reminder that if there are "delayed" Y2K bugs that pop up later in January, when the support staff has been reduced to normal levels, they might not be found or fixed as quickly.
Some, and perhaps many, Y2K bugs have not become visible yet.
I've suggested this already in my earlier comments, and it's also a common theme in many of the other reports and commentaries on January 1st. Even if a Y2K bug has already occurred, it may not have become visible to the computer technicians observing the system, let along the customers and end-users who depend on the systems. In many of the testing efforts that took place prior to January 1st, it was observed that a period of hours, days, or even weeks transpired before the Y2K bug finally caused externally-visible consequences; this is no great surprise, for the same thing happens with "normal" software testing. In addition, there are a number of potentially serious Y2K bugs that won't occur until businesses resume operations on Monday, January 3rd; or when the payroll system is run for the first time on Friday, January 7th; or when the end-of-month accounting systems are run on January 31st; or when February 29th is encountered, and the computer systems have to decide whether 2000 is really a leap year; or when the end-of-quarter processing takes place on March 31st; etc.
Some problems have been covered up, de-emphasized, ignored,
or not reported.
I'm not suggesting a conspiracy theory here, though some observers have a more cynical and jaundiced view of the situation. But it has always been common practice for individuals, corporations, and government agencies to fix their problems "behind the scenes" whenever possible, and to maintain a facade of normal operations whenever possible. There's no reason to imagine that it will be any different than Y2K problems; the only obvious difference is that customers and end-users may be more vigilant in looking for such problems than they normally would. Indeed, if one scans the news reports and Internet postings for the first 10-12 hours of 2000, there have been some problems, though it's not always clear whether they're Y2K-related. Two U.S. nuclear plants shut down during the evening of December 31, and a third plant scaled back its output significantly; the initial reports indicate that these problems were not Y2K-related, but that may turn out to be a premature assessment. Y2K-related problems occurred in approximately 8 other U.S. utilities, but were quickly fixed; and power brownouts and brief outages were reported in Texas, Kentucky, California, and New Mexico. Meanwhile, two nuclear plants in Japan experienced alarm conditions shortly after midnight, though radiation levels apparently remained normal; while these problems were apparently Y2K-related, they were not judged serious enough to shut the plants down or to report them prominently in the worldwide media coverage.
If all of the Y2K problems fall into this category, the optimists can reasonably argue that Y2K was not a problem after all -- for it did not injure or inconvenience a large number of people for a long period of time. Again, I think it's premature to make that overall judgment about Y2K; and for those who feel more pessimistic, these initial failures, bugs, and disruptions might be seen as a harbinger for more serious problems when the systems are subjected to heavier loads on January 3rd, and when they no longer have the augmented support staff to pounce on the problems. Time will tell...
Inevitably, there will be observers who dismiss all of these arguments, and who conclude that the whole thing was a deliberate, malicious scam perpetrated by greedy charlatans. If so, these charlatans have succeeded far beyond anything ever before accomplished: they convinced hard-nosed business executives, and cash-strapped government agencies around the world to part with roughly $100 billion in remediation costs. They convinced the U.S. government to build a $50 million command center to watch for problems; they persuaded business executives and government leaders to shut down thousands of systems around the world, in order to avoid the impact of the non-existent Y2K bugs. How they managed to coordinate all of this, and how they managed to fool so many people for so long a time, must remain a mystery. If you want to believe that this is the "real" explanation of the Y2K situation, you're welcome to do so. If you're asking me to admit that I was a part of such a grand conspiracy, the best I can do is politely respond, "No, I'm not that clever."
The good news about the first 10-12 hours of post-Y2K existence is that (a) the world has not come to an end, (b) no serious, life-threatening problems or crises have been reported, and (c) there was hardly any evidence of panic. Many stores in the U.S., Japan, and a few other parts of the world, reported hectic business during December 30-31, as people stocked up on toilet paper, bottled water, flashlights and batteries. Heavy cash withdrawals were reported in parts of Nigeria, Hong Kong, Turkey, and a few other isolated spots; but there were no full-scale bank runs, and initial reports in the U.S. and England indicate that ATM usage was not much greater than normal.
The bad news -- at least potentially -- is that people will assume that the Y2K problem is "over," and that they can relax their vigil. It's easy to become complacent when "victory" has already been declared in the media. Before I went to bed on New Year's Eve, I set the clock on my computer back to 1998, and then unplugged it from my household electrical outlet. My plan was to start up my backup machine this morning, observe the rollover, run through a series of tests to ensure that all of the applications were working properly, and then log in on the Internet to see if a horde of viruses would destroy the machine. But after hearing repeated reports on television that nothing had gone wrong, and after seeing that the electricity and phone service had not been disrupted overnight, I wondered if I was going overboard. Indeed, I did begin with my backup machine, and I did log in very carefully to see if there was any evidence of viruses. But I have to admit that I'm susceptible to rampant optimism, too: I didn't have the discipline to go through a laborious exercise of running all of my systems on the backup machine, before finally starting up my primary machine. And so far, everything seems to work ... except ... ackkk!!! .... urghhh!! ... gadzooks, how did all of those files get deleted? ... oh, no! ... my machine is being destroyed before my very eyes! ... eek!
Just kidding ... so far, everything does seem to be working fine. But in my opinion, Y2K isn't over yet. I'm less worried than I was 24 hours ago, and I'm delighted that things have worked out so well, so far. "No news," as Y2K czar John Koskinen said in an interview yesterday, "is good news," and I hope it continues. My family is delighted that they won't be subjected to a diet of tunafish and rice; but I'm going to hold onto that food for a while. Here in northern New Mexico, we actually do get three-day winter snowstorms from time to time, and the power occasionally goes out even without Y2K as the explanation. I have no regrets or apologies for the preparations I made, or the precautions I took -- no more so than I regret the money I spent last year on automobile insurance, health insurance, and fire insurance, none of which turned out to be necessary.
Let's hope the good news continues. In the meantime, my best wishes to everyone for a Happy and Y2K-uneventful New Year!