Personal tools

neumann.html

CPSR Newsletter - Vol. 17, No. 1, Neumann
CPSR Newsletter

Winter 1999
Vol. 17, No. 1

Contents:

Marsha Woodbury
Y2K: The Broad View

CPSR-Y2K Working Group Web Pages

Arthur C. Clarke
The Century Syndrome, from The Ghost from the Grand Banks

Anthony Ralston
Y2K and Social Responsibility

Peter Neumann
A Perspective on Y2K

Gary Chapman
Now For Another Daunting Y2K Task: Educating America's Masses

Lenny Siegel
OOPs 2000: The Y2K Bug and the Threat of Catastrophic Chemical Releases

Norman Kurland
How Y2K Will Impact the New York Times

Y2K and Nuclear Weapons

  • Letters Seeking Help on Nuclear Weapons Issues from
    Michael Kraig
    Alan Phillips

  • Four Prominent Scientists on Nuclear Weapons Concerns:
    Khursch Ahmed
    David Parnas
    Barbara Simons
    Terry Winograd

  • Gary Chapman
    A Moral Project for the 21st Century: Stop Creating Better Weapons

    Humor:

    Y2K Humor from the Internet and Beyond

    Cartoon (may crash older browsers)

    CPSR News:

    Aki Namioka
    A Letter from CPSR's President

    Netiva Caftori
    Chapter News

    Return to the Index.

  • A Perspective on Y2K
    by Peter Neumann

    The year-2000 problem is either massive overhype, a serious problem, or both. The most nagging aspect is that exactly what will happen is not clear, although it is clear that outages in electric power systems and telecommunications would have significant effects elsewhere--transportation, food delivery, water supplies, and indeed the abilities of governments to operate effectively. We have become enormously dependent on computer-communication technology in almost every respect. We should expect that some people and businesses could be seriously inconvenienced--especially in the northern hemisphere, where it will be winter. Thus, it would be prudent for everyone to understand the risks and act accordingly. Panic is not appropriate; however, due care is clearly socially responsible in light of the considerable uncertainty about what might really happen.

    All of the critical national infrastructures are increasingly dependent on information systems and the Internet. Public utilities are of concern, particularly with respect to smaller companies. Aviation is potentially at risk, with its archaic air-traffic control systems. Railway transportation is also at risk. Financial systems are reportedly in better shape--potential loss of money is clearly a motivating factor.

    For about a year and a half, Congressman Stephen Horn has been issuing a periodic report card on the Y2K preparedness of the departments and agencies of the U.S. Government. The Departments of Justice, State, Education, Energy, and Health and Human Services are all flunking. In recent months, Justice and Education have fallen further behind. Transportation and Defense have only slightly improved their earlier failing grades. Treasury (which issues the checks) gets a D+. (The report cards are on line at http://www.house.gov/reform/gmit.) Furthermore, local governments may be particularly vulnerable, because they lack the knowledge and resources needed to understand the risks.

    Calendar-clock problems have been around for a long time; it's just that this one has an immovable point of no return. (There are likely to be leap-year effects as well.) However, much deeper problems are being masked by the feeding frenzy over Y2K. One is a perpetual lack of foresight in building complex computer-based systems. Another is the poor practice of software development, particularly with respect to life-critical and mission-critical systems, with requirements such as very high availability and strong security. One nasty manifestation of development practice is that trying to fix systems, especially in a hurry, often introduces new flaws and vulnerabilities. The archives of the Risks Forum document many of these difficulties.The RISKS archives are available with a nice search facility at http://catless.ncl.ac.uk/Risks courtesy of Lindsay Marshall, or by ftp at ftp://unix.sri.com/risks. You can send automated Majordomo subscriptions to risks-request@csl.sri.com with the one-line text SUBSCRIBE.

    Unfortunately, there are no easy answers. Many different operating systems, application programs, programming languages, and databases are involved. Even if everything appears to work locally, interdependencies are likely to emerge when Y2K happens that could not be detected by testing. One of the largely unnoticed problems is that database management systems may have lurking two-digit data fields; heterogeneous combinations of database management systems may result in insidious incompatibilities if different fixes are used.

    Intriguing risks can also arise from letting supposedly trustworthy third-parties fix your software. These risks include further flaws, theft of proprietary code, Trojan horses, and liability issues when the third party goes out of business on January 1, 2000. Note that many Y2K repair efforts for domestic software are being performed in other countries. This risk, of course, applies to other nations as well, some of which are in much worse shape than the United States.

    One serious concern is that even if no Y2K technological problems occur when January 2000 rolls around (and I seriously doubt that we will escape unscathed), panic may set in as the end of the year approaches. The current Federal Reserve cash amounts would not be adequate if everyone decided to have more than (on average) $1,000 in hand for Y2K. Food hoarding is also likely. Moreover, there already appears to be a huge new market for electrical generators and emergency food rations.

    To stave off panic, we may hear from government and utility officials that everything is under control, don't worry about a thing, everyone will be taken care of. But that is also not credible, especially in light of Stephen Horn's report card and the fact that many organizations have yet to begin assessing their vulnerabilities. Such reassurance also runs counter to the grain of logic, based on the archives of the Risks Forum, not to mention Murphy's Law. Even worse, Y2K represents an extraordinary target for terrorists, who just might have read the report of the President's Commission on Critical Infrastructure Protection (http://www.pccip.gov). Therefore, realism is required, as well as much deeper study of what the real vulnerabilities and risks are, and what must be done to reduce those risks. But throughout, we must not lose sight of the longer-range issues: there are many risks to the public in the use of computers and communications (for example, see ftp://ftp.csl.sri.com/pub/users/neumann/illustrative.ps or .pdf), and Y2K is just the tip of a very large iceberg.

    Peter Neumann is Principal Scientist, Computer Science Lab; Chairman of the ACM Committee on Computers and Public Policy; Moderator of the Risks Forum; and member of the General Accounting Office Executive Council on Information Management and Technology (focusing largely on Y2K, particularly regarding the U.S. Government). He received CPSR's Norbert Wiener Award in 1997. His book Computer-Related Risks (Addison-Wesley 1995, more recent information on line) documents many of the risks involved in the use of information systems. You can reach him by email at Neumann@CSL.sri.com, or on the Web at http://www.csl.sri.com/~neumann/.


    CPSR Home Page
    CPSR Home Page

    You can send comments or questions to newsletter@cpsr.org.
    Last modified: Sunday, 14 March 1999.

    Archived CPSR Information
    Created before October 2004
    Announcements

    Sign up for CPSR announcements emails

    Chapters

    International Chapters -

    > Canada
    > Japan
    > Peru
    > Spain
              more...

    USA Chapters -

    > Chicago, IL
    > Pittsburgh, PA
    > San Francisco Bay Area
    > Seattle, WA
    more...
    Why did you join CPSR?

    It's obvious isn't it ? Now more than ever CPSR is needed in a world full of complex questions and agendas.